use of com.evolveum.midpoint.certification.impl.handlers.CertificationHandler in project midpoint by Evolveum.
the class AccessCertificationRemediationTaskHandler method run.
@Override
public TaskRunResult run(Task task) {
LOGGER.trace("Task run starting");
long progress = task.getProgress();
OperationResult opResult = new OperationResult(CLASS_DOT + "run");
opResult.setSummarizeSuccesses(true);
TaskRunResult runResult = new TaskRunResult();
runResult.setOperationResult(opResult);
if (task.getChannel() == null) {
task.setChannel(SchemaConstants.CHANNEL_REMEDIATION_URI);
}
String campaignOid = task.getObjectOid();
if (campaignOid == null) {
LOGGER.error("No campaign OID specified in the task");
opResult.recordFatalError("No campaign OID specified in the task");
runResult.setRunResultStatus(TaskRunResultStatus.PERMANENT_ERROR);
return runResult;
}
opResult.addContext("campaignOid", campaignOid);
try {
AccessCertificationCampaignType campaign = helper.getCampaign(campaignOid, null, task, opResult);
if (!CertCampaignTypeUtil.isRemediationAutomatic(campaign)) {
LOGGER.error("Automatic remediation is not configured.");
opResult.recordFatalError("Automatic remediation is not configured.");
runResult.setRunResultStatus(TaskRunResultStatus.PERMANENT_ERROR);
return runResult;
}
CertificationHandler handler = certificationManager.findCertificationHandler(campaign);
int revokedOk = 0;
int revokedError = 0;
List<AccessCertificationCaseType> caseList = queryHelper.searchCases(campaignOid, null, null, opResult);
for (AccessCertificationCaseType _case : caseList) {
if (helper.isRevoke(_case, campaign)) {
OperationResult caseResult = opResult.createMinorSubresult(opResult.getOperation() + ".revoke");
final Long caseId = _case.asPrismContainerValue().getId();
caseResult.addContext("caseId", caseId);
try {
handler.doRevoke(_case, campaign, task, caseResult);
caseHelper.markCaseAsRemedied(campaignOid, caseId, task, caseResult);
caseResult.computeStatus();
revokedOk++;
progress++;
} catch (Exception e) {
// TODO
String message = "Couldn't revoke case " + caseId + ": " + e.getMessage();
LoggingUtils.logUnexpectedException(LOGGER, message, e);
caseResult.recordPartialError(message, e);
revokedError++;
}
opResult.summarize();
}
}
opResult.createSubresult(CLASS_DOT + "run.statistics").recordStatus(OperationResultStatus.NOT_APPLICABLE, "Successfully revoked items: " + revokedOk + ", tried to revoke but failed: " + revokedError);
opResult.computeStatus();
certificationManager.closeCampaign(campaignOid, task, opResult);
runResult.setRunResultStatus(TaskRunResultStatus.FINISHED);
runResult.setProgress(progress);
LOGGER.trace("Task run stopping (campaign {})", ObjectTypeUtil.toShortString(campaign));
return runResult;
} catch (Exception e) {
// TODO better error handling
LoggingUtils.logException(LOGGER, "Error while executing remediation task handler", e);
opResult.recordFatalError("Error while executing remediation task handler: " + e.getMessage(), e);
runResult.setRunResultStatus(TaskRunResultStatus.PERMANENT_ERROR);
runResult.setProgress(progress);
return runResult;
}
}
use of com.evolveum.midpoint.certification.impl.handlers.CertificationHandler in project midpoint by Evolveum.
the class CertificationManagerImpl method openNextStage.
@Override
public void openNextStage(String campaignOid, int requestedStageNumber, Task task, OperationResult parentResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ObjectAlreadyExistsException {
Validate.notNull(campaignOid, "campaignOid");
Validate.notNull(task, "task");
Validate.notNull(parentResult, "parentResult");
OperationResult result = parentResult.createSubresult(OPERATION_OPEN_NEXT_STAGE);
result.addParam("campaignOid", campaignOid);
result.addParam("requestedStageNumber", requestedStageNumber);
try {
AccessCertificationCampaignType campaign = generalHelper.getCampaign(campaignOid, null, task, result);
result.addParam("campaign", ObjectTypeUtil.toShortString(campaign));
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("openNextStage starting for {}", ObjectTypeUtil.toShortString(campaign));
}
securityEnforcer.authorize(ModelAuthorizationAction.OPEN_CERTIFICATION_CAMPAIGN_REVIEW_STAGE.getUrl(), null, campaign.asPrismObject(), null, null, null, result);
final int currentStageNumber = campaign.getStageNumber();
final int stages = CertCampaignTypeUtil.getNumberOfStages(campaign);
final AccessCertificationCampaignStateType state = campaign.getState();
LOGGER.trace("openNextStage: currentStageNumber={}, stages={}, requestedStageNumber={}, state={}", currentStageNumber, stages, requestedStageNumber, state);
if (IN_REVIEW_STAGE.equals(state)) {
result.recordFatalError("Couldn't advance to review stage " + requestedStageNumber + " as the stage " + currentStageNumber + " is currently open.");
} else if (IN_REMEDIATION.equals(state)) {
result.recordFatalError("Couldn't advance to review stage " + requestedStageNumber + " as the campaign is currently in the remediation phase.");
} else if (CLOSED.equals(state)) {
result.recordFatalError("Couldn't advance to review stage " + requestedStageNumber + " as the campaign is already closed.");
} else if (!REVIEW_STAGE_DONE.equals(state) && !CREATED.equals(state)) {
throw new IllegalStateException("Unexpected campaign state: " + state);
} else if (REVIEW_STAGE_DONE.equals(state) && requestedStageNumber != currentStageNumber + 1) {
result.recordFatalError("Couldn't advance to review stage " + requestedStageNumber + " as the campaign is currently in stage " + currentStageNumber);
} else if (CREATED.equals(state) && requestedStageNumber != 1) {
result.recordFatalError("Couldn't advance to review stage " + requestedStageNumber + " as the campaign was just created");
} else if (requestedStageNumber > stages) {
result.recordFatalError("Couldn't advance to review stage " + requestedStageNumber + " as the campaign has only " + stages + " stages");
} else {
final CertificationHandler handler = findCertificationHandler(campaign);
final AccessCertificationStageType stage = updateHelper.createStage(campaign, currentStageNumber + 1);
final List<ItemDelta<?, ?>> deltas = updateHelper.getDeltasForStageOpen(campaign, stage, handler, task, result);
updateHelper.modifyObjectViaModel(AccessCertificationCampaignType.class, campaignOid, deltas, task, result);
updateHelper.afterStageOpen(campaignOid, stage, task, result);
}
} catch (RuntimeException e) {
result.recordFatalError("Couldn't move to certification campaign stage " + requestedStageNumber + ": unexpected exception: " + e.getMessage(), e);
throw e;
} finally {
result.computeStatusIfUnknown();
}
}
use of com.evolveum.midpoint.certification.impl.handlers.CertificationHandler in project midpoint by Evolveum.
the class AccCertCaseOperationsHelper method getDeltasToCreateCases.
<F extends FocusType> List<ItemDelta<?, ?>> getDeltasToCreateCases(final AccessCertificationCampaignType campaign, AccessCertificationStageType stage, final CertificationHandler handler, final Task task, final OperationResult result) throws SchemaException, ObjectNotFoundException {
final List<ItemDelta<?, ?>> rv = new ArrayList<>();
final String campaignShortName = toShortString(campaign);
final AccessCertificationScopeType scope = campaign.getScopeDefinition();
LOGGER.trace("Creating cases for scope {} in campaign {}", scope, campaignShortName);
if (scope != null && !(scope instanceof AccessCertificationObjectBasedScopeType)) {
throw new IllegalStateException("Unsupported access certification scope type: " + scope.getClass() + " for campaign " + campaignShortName);
}
final AccessCertificationObjectBasedScopeType objectBasedScope = (AccessCertificationObjectBasedScopeType) scope;
final List<AccessCertificationCaseType> existingCases = queryHelper.searchCases(campaign.getOid(), null, null, result);
if (!existingCases.isEmpty()) {
throw new IllegalStateException("Unexpected " + existingCases.size() + " certification case(s) in campaign object " + campaignShortName + ". At this time there should be none.");
}
// create a query to find target objects from which certification cases will be created
final ObjectQuery query = new ObjectQuery();
final QName scopeDeclaredObjectType;
if (objectBasedScope != null) {
scopeDeclaredObjectType = objectBasedScope.getObjectType();
} else {
scopeDeclaredObjectType = null;
}
final QName objectType;
if (scopeDeclaredObjectType != null) {
objectType = scopeDeclaredObjectType;
} else {
objectType = handler.getDefaultObjectType();
}
if (objectType == null) {
throw new IllegalStateException("Unspecified object type (and no default one provided) for campaign " + campaignShortName);
}
@SuppressWarnings({ "unchecked", "raw" }) final Class<F> objectClass = (Class<F>) prismContext.getSchemaRegistry().getCompileTimeClassForObjectType(objectType);
if (objectClass == null) {
throw new IllegalStateException("Object class not found for object type " + objectType + " in campaign " + campaignShortName);
}
final SearchFilterType searchFilter = objectBasedScope != null ? objectBasedScope.getSearchFilter() : null;
if (searchFilter != null) {
ObjectFilter filter = QueryConvertor.parseFilter(searchFilter, objectClass, prismContext);
query.setFilter(filter);
}
final List<AccessCertificationCaseType> caseList = new ArrayList<>();
// create certification cases by executing the query and caseExpression on its results
// here the subclasses of this class come into play
ResultHandler<F> resultHandler = (object, parentResult) -> {
try {
caseList.addAll(handler.createCasesForObject(object, campaign, task, parentResult));
} catch (ExpressionEvaluationException | ObjectNotFoundException | SchemaException e) {
// TODO process the exception more intelligently
throw new SystemException("Cannot create certification case for object " + toShortString(object.asObjectable()) + ": " + e.getMessage(), e);
}
return true;
};
repositoryService.searchObjectsIterative(objectClass, query, resultHandler, null, false, result);
AccessCertificationReviewerSpecificationType reviewerSpec = reviewersHelper.findReviewersSpecification(campaign, 1, task, result);
ContainerDelta<AccessCertificationCaseType> caseDelta = ContainerDelta.createDelta(F_CASE, AccessCertificationCampaignType.class, prismContext);
for (AccessCertificationCaseType _case : caseList) {
_case.setStageNumber(1);
_case.setCurrentStageCreateTimestamp(stage.getStartTimestamp());
_case.setCurrentStageDeadline(stage.getDeadline());
List<ObjectReferenceType> reviewers = reviewersHelper.getReviewersForCase(_case, campaign, reviewerSpec, task, result);
_case.getWorkItem().addAll(createWorkItems(reviewers, 1));
String currentStageOutcome = OutcomeUtils.toUri(computationHelper.computeOutcomeForStage(_case, campaign, 1));
_case.setCurrentStageOutcome(currentStageOutcome);
_case.setOutcome(OutcomeUtils.toUri(computationHelper.computeOverallOutcome(_case, campaign, currentStageOutcome)));
@SuppressWarnings({ "raw", "unchecked" }) PrismContainerValue<AccessCertificationCaseType> caseCVal = _case.asPrismContainerValue();
caseDelta.addValueToAdd(caseCVal);
LOGGER.trace("Adding certification case:\n{}", caseCVal.debugDumpLazily());
}
rv.add(caseDelta);
LOGGER.trace("Created {} deltas to create {} cases for campaign {}", rv.size(), caseList.size(), campaignShortName);
return rv;
}
Aggregations