Currently, there are situations, when metadata for shadows are not set. Mainly, when the shadow is created by provisioning and not by model. Also, auditing is missing.
Shadow Metadata and Auditing
There are some gaps in auditing some shadow operations, mostly in provisioning component. Also, loosely related, we need to clarify the role of shadow metadata and possibly add more, if current set of metadata does not work well for some needs (e.g. incremental Ninja export).
The following Jira issues are related to these topics:
There seems to be three kinds of shadow metadata:
real metadata from the resource object
metadata about our Shadow object
midPoint metadata about the resource object, when it was discovered (creation or change)
metadata container for ShadowType stores more or less the third kind.
Missing metadata about the shadow object itself cause problems like Timestamp missing in objects, ninja export not really possible.
Should there be some additional "repository create/modified" metadata that would leave
metadata container (or at least existing set of them) for the model component
and the new create/modified would clearly be repository’s responsibility?
What kind of auditing for shadows is missing?
We know of Audit records are missing for operations enforced deep in provisioning; that is, if delta processing is complex with multiple provisioning operations, we need additional audits about it.
During reconciliation, creation of shadows is not audited; metadata should be reviewed in this scenario as well.
Errors in early synchronization activities are not sufficiently audited. (Any details or Jiras?)
On the other hand, provisioning should not just repeatedly audit what is audited on the model level.