Search in sources :

Example 1 with CertificationHandler

use of com.evolveum.midpoint.certification.impl.handlers.CertificationHandler in project midpoint by Evolveum.

the class AccessCertificationRemediationTaskHandler method run.

@Override
public TaskRunResult run(Task task) {
    LOGGER.trace("Task run starting");
    long progress = task.getProgress();
    OperationResult opResult = new OperationResult(CLASS_DOT + "run");
    opResult.setSummarizeSuccesses(true);
    TaskRunResult runResult = new TaskRunResult();
    runResult.setOperationResult(opResult);
    if (task.getChannel() == null) {
        task.setChannel(SchemaConstants.CHANNEL_REMEDIATION_URI);
    }
    String campaignOid = task.getObjectOid();
    if (campaignOid == null) {
        LOGGER.error("No campaign OID specified in the task");
        opResult.recordFatalError("No campaign OID specified in the task");
        runResult.setRunResultStatus(TaskRunResultStatus.PERMANENT_ERROR);
        return runResult;
    }
    opResult.addContext("campaignOid", campaignOid);
    try {
        AccessCertificationCampaignType campaign = helper.getCampaign(campaignOid, null, task, opResult);
        if (!CertCampaignTypeUtil.isRemediationAutomatic(campaign)) {
            LOGGER.error("Automatic remediation is not configured.");
            opResult.recordFatalError("Automatic remediation is not configured.");
            runResult.setRunResultStatus(TaskRunResultStatus.PERMANENT_ERROR);
            return runResult;
        }
        CertificationHandler handler = certificationManager.findCertificationHandler(campaign);
        int revokedOk = 0;
        int revokedError = 0;
        List<AccessCertificationCaseType> caseList = queryHelper.searchCases(campaignOid, null, null, opResult);
        for (AccessCertificationCaseType _case : caseList) {
            if (helper.isRevoke(_case, campaign)) {
                OperationResult caseResult = opResult.createMinorSubresult(opResult.getOperation() + ".revoke");
                final Long caseId = _case.asPrismContainerValue().getId();
                caseResult.addContext("caseId", caseId);
                try {
                    handler.doRevoke(_case, campaign, task, caseResult);
                    caseHelper.markCaseAsRemedied(campaignOid, caseId, task, caseResult);
                    caseResult.computeStatus();
                    revokedOk++;
                    progress++;
                } catch (Exception e) {
                    // TODO
                    String message = "Couldn't revoke case " + caseId + ": " + e.getMessage();
                    LoggingUtils.logUnexpectedException(LOGGER, message, e);
                    caseResult.recordPartialError(message, e);
                    revokedError++;
                }
                opResult.summarize();
            }
        }
        opResult.createSubresult(CLASS_DOT + "run.statistics").recordStatus(OperationResultStatus.NOT_APPLICABLE, "Successfully revoked items: " + revokedOk + ", tried to revoke but failed: " + revokedError);
        opResult.computeStatus();
        certificationManager.closeCampaign(campaignOid, task, opResult);
        runResult.setRunResultStatus(TaskRunResultStatus.FINISHED);
        runResult.setProgress(progress);
        LOGGER.trace("Task run stopping (campaign {})", ObjectTypeUtil.toShortString(campaign));
        return runResult;
    } catch (Exception e) {
        // TODO better error handling
        LoggingUtils.logException(LOGGER, "Error while executing remediation task handler", e);
        opResult.recordFatalError("Error while executing remediation task handler: " + e.getMessage(), e);
        runResult.setRunResultStatus(TaskRunResultStatus.PERMANENT_ERROR);
        runResult.setProgress(progress);
        return runResult;
    }
}
Also used : AccessCertificationCaseType(com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCaseType) TaskRunResult(com.evolveum.midpoint.task.api.TaskRunResult) CertificationHandler(com.evolveum.midpoint.certification.impl.handlers.CertificationHandler) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) AccessCertificationCampaignType(com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType)

Example 2 with CertificationHandler

use of com.evolveum.midpoint.certification.impl.handlers.CertificationHandler in project midpoint by Evolveum.

the class CertificationManagerImpl method openNextStage.

@Override
public void openNextStage(String campaignOid, int requestedStageNumber, Task task, OperationResult parentResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ObjectAlreadyExistsException {
    Validate.notNull(campaignOid, "campaignOid");
    Validate.notNull(task, "task");
    Validate.notNull(parentResult, "parentResult");
    OperationResult result = parentResult.createSubresult(OPERATION_OPEN_NEXT_STAGE);
    result.addParam("campaignOid", campaignOid);
    result.addParam("requestedStageNumber", requestedStageNumber);
    try {
        AccessCertificationCampaignType campaign = generalHelper.getCampaign(campaignOid, null, task, result);
        result.addParam("campaign", ObjectTypeUtil.toShortString(campaign));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("openNextStage starting for {}", ObjectTypeUtil.toShortString(campaign));
        }
        securityEnforcer.authorize(ModelAuthorizationAction.OPEN_CERTIFICATION_CAMPAIGN_REVIEW_STAGE.getUrl(), null, campaign.asPrismObject(), null, null, null, result);
        final int currentStageNumber = campaign.getStageNumber();
        final int stages = CertCampaignTypeUtil.getNumberOfStages(campaign);
        final AccessCertificationCampaignStateType state = campaign.getState();
        LOGGER.trace("openNextStage: currentStageNumber={}, stages={}, requestedStageNumber={}, state={}", currentStageNumber, stages, requestedStageNumber, state);
        if (IN_REVIEW_STAGE.equals(state)) {
            result.recordFatalError("Couldn't advance to review stage " + requestedStageNumber + " as the stage " + currentStageNumber + " is currently open.");
        } else if (IN_REMEDIATION.equals(state)) {
            result.recordFatalError("Couldn't advance to review stage " + requestedStageNumber + " as the campaign is currently in the remediation phase.");
        } else if (CLOSED.equals(state)) {
            result.recordFatalError("Couldn't advance to review stage " + requestedStageNumber + " as the campaign is already closed.");
        } else if (!REVIEW_STAGE_DONE.equals(state) && !CREATED.equals(state)) {
            throw new IllegalStateException("Unexpected campaign state: " + state);
        } else if (REVIEW_STAGE_DONE.equals(state) && requestedStageNumber != currentStageNumber + 1) {
            result.recordFatalError("Couldn't advance to review stage " + requestedStageNumber + " as the campaign is currently in stage " + currentStageNumber);
        } else if (CREATED.equals(state) && requestedStageNumber != 1) {
            result.recordFatalError("Couldn't advance to review stage " + requestedStageNumber + " as the campaign was just created");
        } else if (requestedStageNumber > stages) {
            result.recordFatalError("Couldn't advance to review stage " + requestedStageNumber + " as the campaign has only " + stages + " stages");
        } else {
            final CertificationHandler handler = findCertificationHandler(campaign);
            final AccessCertificationStageType stage = updateHelper.createStage(campaign, currentStageNumber + 1);
            final List<ItemDelta<?, ?>> deltas = updateHelper.getDeltasForStageOpen(campaign, stage, handler, task, result);
            updateHelper.modifyObjectViaModel(AccessCertificationCampaignType.class, campaignOid, deltas, task, result);
            updateHelper.afterStageOpen(campaignOid, stage, task, result);
        }
    } catch (RuntimeException e) {
        result.recordFatalError("Couldn't move to certification campaign stage " + requestedStageNumber + ": unexpected exception: " + e.getMessage(), e);
        throw e;
    } finally {
        result.computeStatusIfUnknown();
    }
}
Also used : CertificationHandler(com.evolveum.midpoint.certification.impl.handlers.CertificationHandler) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) ItemDelta(com.evolveum.midpoint.prism.delta.ItemDelta) AccessCertificationCampaignStateType(com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignStateType)

Example 3 with CertificationHandler

use of com.evolveum.midpoint.certification.impl.handlers.CertificationHandler in project midpoint by Evolveum.

the class AccCertCaseOperationsHelper method getDeltasToCreateCases.

<F extends FocusType> List<ItemDelta<?, ?>> getDeltasToCreateCases(final AccessCertificationCampaignType campaign, AccessCertificationStageType stage, final CertificationHandler handler, final Task task, final OperationResult result) throws SchemaException, ObjectNotFoundException {
    final List<ItemDelta<?, ?>> rv = new ArrayList<>();
    final String campaignShortName = toShortString(campaign);
    final AccessCertificationScopeType scope = campaign.getScopeDefinition();
    LOGGER.trace("Creating cases for scope {} in campaign {}", scope, campaignShortName);
    if (scope != null && !(scope instanceof AccessCertificationObjectBasedScopeType)) {
        throw new IllegalStateException("Unsupported access certification scope type: " + scope.getClass() + " for campaign " + campaignShortName);
    }
    final AccessCertificationObjectBasedScopeType objectBasedScope = (AccessCertificationObjectBasedScopeType) scope;
    final List<AccessCertificationCaseType> existingCases = queryHelper.searchCases(campaign.getOid(), null, null, result);
    if (!existingCases.isEmpty()) {
        throw new IllegalStateException("Unexpected " + existingCases.size() + " certification case(s) in campaign object " + campaignShortName + ". At this time there should be none.");
    }
    // create a query to find target objects from which certification cases will be created
    final ObjectQuery query = new ObjectQuery();
    final QName scopeDeclaredObjectType;
    if (objectBasedScope != null) {
        scopeDeclaredObjectType = objectBasedScope.getObjectType();
    } else {
        scopeDeclaredObjectType = null;
    }
    final QName objectType;
    if (scopeDeclaredObjectType != null) {
        objectType = scopeDeclaredObjectType;
    } else {
        objectType = handler.getDefaultObjectType();
    }
    if (objectType == null) {
        throw new IllegalStateException("Unspecified object type (and no default one provided) for campaign " + campaignShortName);
    }
    @SuppressWarnings({ "unchecked", "raw" }) final Class<F> objectClass = (Class<F>) prismContext.getSchemaRegistry().getCompileTimeClassForObjectType(objectType);
    if (objectClass == null) {
        throw new IllegalStateException("Object class not found for object type " + objectType + " in campaign " + campaignShortName);
    }
    final SearchFilterType searchFilter = objectBasedScope != null ? objectBasedScope.getSearchFilter() : null;
    if (searchFilter != null) {
        ObjectFilter filter = QueryConvertor.parseFilter(searchFilter, objectClass, prismContext);
        query.setFilter(filter);
    }
    final List<AccessCertificationCaseType> caseList = new ArrayList<>();
    // create certification cases by executing the query and caseExpression on its results
    // here the subclasses of this class come into play
    ResultHandler<F> resultHandler = (object, parentResult) -> {
        try {
            caseList.addAll(handler.createCasesForObject(object, campaign, task, parentResult));
        } catch (ExpressionEvaluationException | ObjectNotFoundException | SchemaException e) {
            // TODO process the exception more intelligently
            throw new SystemException("Cannot create certification case for object " + toShortString(object.asObjectable()) + ": " + e.getMessage(), e);
        }
        return true;
    };
    repositoryService.searchObjectsIterative(objectClass, query, resultHandler, null, false, result);
    AccessCertificationReviewerSpecificationType reviewerSpec = reviewersHelper.findReviewersSpecification(campaign, 1, task, result);
    ContainerDelta<AccessCertificationCaseType> caseDelta = ContainerDelta.createDelta(F_CASE, AccessCertificationCampaignType.class, prismContext);
    for (AccessCertificationCaseType _case : caseList) {
        _case.setStageNumber(1);
        _case.setCurrentStageCreateTimestamp(stage.getStartTimestamp());
        _case.setCurrentStageDeadline(stage.getDeadline());
        List<ObjectReferenceType> reviewers = reviewersHelper.getReviewersForCase(_case, campaign, reviewerSpec, task, result);
        _case.getWorkItem().addAll(createWorkItems(reviewers, 1));
        String currentStageOutcome = OutcomeUtils.toUri(computationHelper.computeOutcomeForStage(_case, campaign, 1));
        _case.setCurrentStageOutcome(currentStageOutcome);
        _case.setOutcome(OutcomeUtils.toUri(computationHelper.computeOverallOutcome(_case, campaign, currentStageOutcome)));
        @SuppressWarnings({ "raw", "unchecked" }) PrismContainerValue<AccessCertificationCaseType> caseCVal = _case.asPrismContainerValue();
        caseDelta.addValueToAdd(caseCVal);
        LOGGER.trace("Adding certification case:\n{}", caseCVal.debugDumpLazily());
    }
    rv.add(caseDelta);
    LOGGER.trace("Created {} deltas to create {} cases for campaign {}", rv.size(), caseList.size(), campaignShortName);
    return rv;
}
Also used : java.util(java.util) com.evolveum.midpoint.xml.ns._public.common.common_3(com.evolveum.midpoint.xml.ns._public.common.common_3) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) SecurityEnforcer(com.evolveum.midpoint.security.api.SecurityEnforcer) Autowired(org.springframework.beans.factory.annotation.Autowired) Trace(com.evolveum.midpoint.util.logging.Trace) com.evolveum.midpoint.util.exception(com.evolveum.midpoint.util.exception) ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter) ItemDelta(com.evolveum.midpoint.prism.delta.ItemDelta) ObjectTypeUtil(com.evolveum.midpoint.schema.util.ObjectTypeUtil) PrismContext(com.evolveum.midpoint.prism.PrismContext) Qualifier(org.springframework.beans.factory.annotation.Qualifier) F_CASE(com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType.F_CASE) RepositoryService(com.evolveum.midpoint.repo.api.RepositoryService) ContainerDelta(com.evolveum.midpoint.prism.delta.ContainerDelta) CloneUtil(com.evolveum.midpoint.prism.util.CloneUtil) XmlTypeConverter(com.evolveum.midpoint.prism.xml.XmlTypeConverter) ResultHandler(com.evolveum.midpoint.schema.ResultHandler) DeltaBuilder(com.evolveum.midpoint.prism.delta.builder.DeltaBuilder) IdItemPathSegment(com.evolveum.midpoint.prism.path.IdItemPathSegment) Task(com.evolveum.midpoint.task.api.Task) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) CertCampaignTypeUtil(com.evolveum.midpoint.schema.util.CertCampaignTypeUtil) ObjectUtils(org.apache.commons.lang.ObjectUtils) ItemPath(com.evolveum.midpoint.prism.path.ItemPath) QueryConvertor(com.evolveum.midpoint.prism.marshaller.QueryConvertor) Objects(java.util.Objects) Component(org.springframework.stereotype.Component) PrismContainerValue(com.evolveum.midpoint.prism.PrismContainerValue) NameItemPathSegment(com.evolveum.midpoint.prism.path.NameItemPathSegment) SearchFilterType(com.evolveum.prism.xml.ns._public.query_3.SearchFilterType) CertificationHandler(com.evolveum.midpoint.certification.impl.handlers.CertificationHandler) PropertyDelta(com.evolveum.midpoint.prism.delta.PropertyDelta) ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery) QName(javax.xml.namespace.QName) NotNull(org.jetbrains.annotations.NotNull) Clock(com.evolveum.midpoint.common.Clock) AccessCertificationCaseType(com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCaseType) OutcomeUtils(com.evolveum.midpoint.certification.api.OutcomeUtils) TraceManager(com.evolveum.midpoint.util.logging.TraceManager) ObjectTypeUtil.toShortString(com.evolveum.midpoint.schema.util.ObjectTypeUtil.toShortString) AccessCertificationCaseType(com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCaseType) ItemDelta(com.evolveum.midpoint.prism.delta.ItemDelta) ObjectTypeUtil.toShortString(com.evolveum.midpoint.schema.util.ObjectTypeUtil.toShortString) SearchFilterType(com.evolveum.prism.xml.ns._public.query_3.SearchFilterType) QName(javax.xml.namespace.QName) ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter) ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery)

Aggregations

CertificationHandler (com.evolveum.midpoint.certification.impl.handlers.CertificationHandler)3 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3 ItemDelta (com.evolveum.midpoint.prism.delta.ItemDelta)2 AccessCertificationCaseType (com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCaseType)2 OutcomeUtils (com.evolveum.midpoint.certification.api.OutcomeUtils)1 Clock (com.evolveum.midpoint.common.Clock)1 PrismContainerValue (com.evolveum.midpoint.prism.PrismContainerValue)1 PrismContext (com.evolveum.midpoint.prism.PrismContext)1 ContainerDelta (com.evolveum.midpoint.prism.delta.ContainerDelta)1 PropertyDelta (com.evolveum.midpoint.prism.delta.PropertyDelta)1 DeltaBuilder (com.evolveum.midpoint.prism.delta.builder.DeltaBuilder)1 QueryConvertor (com.evolveum.midpoint.prism.marshaller.QueryConvertor)1 IdItemPathSegment (com.evolveum.midpoint.prism.path.IdItemPathSegment)1 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)1 NameItemPathSegment (com.evolveum.midpoint.prism.path.NameItemPathSegment)1 ObjectFilter (com.evolveum.midpoint.prism.query.ObjectFilter)1 ObjectQuery (com.evolveum.midpoint.prism.query.ObjectQuery)1 CloneUtil (com.evolveum.midpoint.prism.util.CloneUtil)1 XmlTypeConverter (com.evolveum.midpoint.prism.xml.XmlTypeConverter)1 RepositoryService (com.evolveum.midpoint.repo.api.RepositoryService)1