Leaf 4486 - user name disabled update #2644
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jampaul3
requested review from
mgaoVA,
Pelentan,
aerinkayne,
pete-nerantzinis,
shaneodd and
nk2136
as code owners
shaneodd
requested changes
Jan 14, 2025
|
@shaneodd I removed the exit. I did that so I could easily stop the cron jobs. This is now back to normal. |
Pelentan
previously approved these changes
Jan 17, 2025
Pelentan
previously approved these changes
Jan 21, 2025
shaneodd
previously approved these changes
Jan 21, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary: The old script, which resides on the Auth server processed all Active Directory updates to Leaf. Now the Auth Server will get the data from AD and save it to a table (cache) in the National Orgchart. Then a cron job on Leaf servers runs to update Employee data in the national orgchart. After this update is complete another script runs to disable Employees that have not been updated within the last 30 hours.
For the purposes of this PR an Employee is considered disabled if their record in the National Orgchart hasn't been updated within the last 30 hours. Every Employee has a lastUpdated field and this gets updated whenever the script runs to update Employees whether or not they had data to be updated, if it hasn't been updated they were not pulled from AD which means that userName is no longer being used and needs to be disabled.
There is also a fail safe when updating disabled Employees, the script looks to make sure that at least 200k Employee's have been updated within the last 2 hours before attempting to disable anyone.
graph TB subgraph Active_Directory_Namespace AD_agent(Active Directory Server) end subgraph Auth_Server auth_server(import script) end subgraph Leaf_Server national_update(update National<br />Orgchart) national_disable(disable National Orgchart<br />Employees) local_updates(refresh local<br />orgchart and portals) end subgraph leaf.va.gov disable_button(Disable) enable_button(Enable) end national_orgchart[(National Orgchart)] local_orgcharts_portals[(Local Orgcharts<br /> and Portals)] auth_server o-- Get data<br /> from AD --o AD_agent auth_server -- Save data to<br />cache table --> national_orgchart national_update <-- Update Employee table from AD data in cache table --> national_orgchart national_disable <-- Disable Employees who have not been updated within the last 30 hours --> national_orgchart local_updates o-- Refresh local orgcharts and portals --o local_orgcharts_portals disable_button o-- Disables selected Employee in orgchart and 4 tables in all portals --o local_orgcharts_portals enable_button o--Enables selected Employee in orgchart and 4 tables in all portals --o local_orgcharts_portals