Currently, if there is an invalid username in a batch of users that usersync tries to create in ranger admin, the entire batch of users will fail to create. Usersync will then perpetually retry creating these users. This leads to no alerts in Ranger, CM, or anywhere else besides usersync/admin logs, both of which lack necessary details like the offending username.
In the current state, usersync is unusable if there is a single bad username in the source database.
Usersync has to be more robust against malformed user names. IMO two ways forward could be:
- (preferred) Allow partial failures, ie. create users that have well-formed names even if a batch has a malformed user name, or
- Have a filter built into usersync that catches these before they reach admin
Regardless of the solution, the error message should include the offending username, and usersync should not keep trying to create users that are known to cause failures.