Example 1 with SynchronizationIntent
use of com.evolveum.midpoint.model.api.context.SynchronizationIntent in project midpoint by Evolveum.
the class LinkUpdater method setLinkedFromLegacyCriteria.
/**
* TODO remove this code eventually
*/
private void setLinkedFromLegacyCriteria(OperationResult result) throws SchemaException, ObjectNotFoundException {
SynchronizationPolicyDecision decision = projCtx.getSynchronizationPolicyDecision();
SynchronizationIntent intent = projCtx.getSynchronizationIntent();
if (decision == SynchronizationPolicyDecision.DELETE) {
// 1. Shadow does exist in repo. So, by definition, we want to keep the link.
// 2. But the link should be invisible, so org:related should be used.
LOGGER.trace("Shadow is present but the decision is {}. Link should be 'related'.", decision);
setLinkedAsRelated(result);
} else if (decision == SynchronizationPolicyDecision.BROKEN) {
// 3. Let us try to base our decision on synchronization intent.
if (intent == SynchronizationIntent.UNLINK || intent == SynchronizationIntent.DELETE) {
LOGGER.trace("Shadow is present, projection is broken, and intent was {}. Link should be 'related'.", intent);
setLinkedAsRelated(result);
} else {
LOGGER.trace("Shadow is present, projection is broken, and intent was {}. Link should be 'default'.", intent);
setLinkedNormally(result);
}
} else {
LOGGER.trace("Projection seems to be alive (decision = {}). Link should be 'default'.", decision);
setLinkedNormally(result);
}
}
Also used :
SynchronizationIntent(com.evolveum.midpoint.model.api.context.SynchronizationIntent)
SynchronizationPolicyDecision(com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision)
Example 2 with SynchronizationIntent
use of com.evolveum.midpoint.model.api.context.SynchronizationIntent in project midpoint by Evolveum.
the class LinkUpdater method updateLinksInternal.
private void updateLinksInternal(OperationResult result) throws ObjectNotFoundException, SchemaException {
SynchronizationPolicyDecision decision = projCtx.getSynchronizationPolicyDecision();
SynchronizationIntent intent = projCtx.getSynchronizationIntent();
LOGGER.trace("updateLinksInternal starting with sync decision: {}, sync intent: {}, gone: {}, shadow in repo: {}", decision, intent, projCtx.isGone(), projCtx.isShadowExistsInRepo());
if (focusContext.isDelete()) {
LOGGER.trace("Nothing to link from, because focus is being deleted. But we need to update the situation in shadow.");
updateSituationInShadow(null, result);
} else if (!projCtx.isShadowExistsInRepo()) {
LOGGER.trace("Nothing to link to, because the shadow is not in repository. Removing linkRef from focus.");
deleteLinkRefFromFocus(result);
} else if (decision == SynchronizationPolicyDecision.UNLINK) {
LOGGER.trace("Explicitly requested link to be removed. So removing it from the focus and the shadow.");
deleteLinkCompletely(result);
} else if (projCtx.isGone()) {
if (strictMode && shadowLivenessState == null) {
throw new IllegalStateException("Null liveness state? " + projCtx.toHumanReadableString());
}
if (shadowLivenessState == null || shadowLivenessState == ShadowLivenessState.DEAD) {
LOGGER.trace("Projection is gone. Link should be 'related'.");
setLinkedAsRelated(result);
} else {
if (strictMode) {
throw new IllegalStateException("Goner with liveness state = " + shadowLivenessState + ": " + projCtx.toHumanReadableString());
} else {
LOGGER.warn("Projection is gone but shadow liveness state is {}. Context: {}. Setting the link " + "according to the state.", shadowLivenessState, projCtx.toHumanReadableString());
setLinkedFromLivenessState(result);
}
}
} else if (decision == SynchronizationPolicyDecision.IGNORE) {
LOGGER.trace("Projection is ignored. Keeping link as is.");
} else {
if (strictMode && shadowLivenessState == null) {
throw new IllegalStateException("Null liveness state? " + projCtx.toHumanReadableString());
}
setLinkedFromLivenessState(result);
}
}
Also used :
SynchronizationIntent(com.evolveum.midpoint.model.api.context.SynchronizationIntent)
SynchronizationPolicyDecision(com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision)
Example 3 with SynchronizationIntent
use of com.evolveum.midpoint.model.api.context.SynchronizationIntent in project midpoint by Evolveum.
the class ActivationProcessor method processActivationMappingsCurrent.
private <F extends FocusType> void processActivationMappingsCurrent(LensContext<F> context, LensProjectionContext projCtx, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
String projCtxDesc = projCtx.toHumanReadableString();
SynchronizationPolicyDecision existingDecision = projCtx.getSynchronizationPolicyDecision();
SynchronizationIntent synchronizationIntent = projCtx.getSynchronizationIntent();
result.addContext("existingDecision", String.valueOf(existingDecision));
result.addContext("synchronizationIntent", String.valueOf(synchronizationIntent));
LOGGER.trace("processActivationUserCurrent starting for {}. Existing decision = {}, synchronization intent = {}", projCtxDesc, existingDecision, synchronizationIntent);
if (existingDecision == SynchronizationPolicyDecision.BROKEN) {
LOGGER.trace("Broken projection {}, skipping further activation processing", projCtxDesc);
return;
}
if (synchronizationIntent == SynchronizationIntent.UNLINK) {
setSynchronizationPolicyDecision(projCtx, SynchronizationPolicyDecision.UNLINK, result);
LOGGER.trace("Evaluated decision for {} to {} because of unlink synchronization intent, " + "skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.UNLINK);
return;
}
if (projCtx.isGone()) {
if (projCtx.isDelete() && ModelExecuteOptions.isForce(context.getOptions())) {
setSynchronizationPolicyDecision(projCtx, SynchronizationPolicyDecision.DELETE, result);
LOGGER.trace("Evaluated decision for 'gone' {} to {} (force), skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.DELETE);
} else {
// Let's keep 'goners' linked until they expire. So we do not have shadows without owners.
// This is also needed for async delete operations.
setSynchronizationPolicyDecision(projCtx, SynchronizationPolicyDecision.KEEP, result);
LOGGER.trace("Evaluated decision for {} to {} because it is gone, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.KEEP);
}
return;
}
if (projCtx.isReaping()) {
// Projections being reaped (i.e. having pending DELETE actions) should be kept intact.
// This is based on assumption that it is not possible to cancel the pending DELETE operation.
// If it was, we could try to do that.
setSynchronizationPolicyDecision(projCtx, SynchronizationPolicyDecision.KEEP, result);
LOGGER.trace("Evaluated decision for {} to {} because it is reaping, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.KEEP);
return;
}
if (synchronizationIntent == SynchronizationIntent.DELETE || projCtx.isDelete()) {
// TODO: is this OK?
setSynchronizationPolicyDecision(projCtx, SynchronizationPolicyDecision.DELETE, result);
LOGGER.trace("Evaluated decision for {} to {}, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.DELETE);
return;
}
LOGGER.trace("Evaluating intended existence of projection {} (legal={})", projCtxDesc, projCtx.isLegal());
boolean shadowShouldExist = evaluateExistenceMapping(context, projCtx, now, MappingTimeEval.CURRENT, task, result);
LOGGER.trace("Evaluated intended existence of projection {} to {} (legal={})", projCtxDesc, shadowShouldExist, projCtx.isLegal());
// Let's reconcile the existence intent (shadowShouldExist) and the synchronization intent in the context
LensProjectionContext lowerOrderContext = LensUtil.findLowerOrderContext(context, projCtx);
SynchronizationPolicyDecision decision;
if (synchronizationIntent == null || synchronizationIntent == SynchronizationIntent.SYNCHRONIZE) {
if (shadowShouldExist) {
projCtx.setActive(true);
if (projCtx.isExists()) {
if (lowerOrderContext != null && lowerOrderContext.isDelete()) {
// HACK HACK HACK
decision = SynchronizationPolicyDecision.DELETE;
} else {
decision = SynchronizationPolicyDecision.KEEP;
}
} else {
if (lowerOrderContext != null) {
if (lowerOrderContext.isDelete()) {
// HACK HACK HACK
decision = SynchronizationPolicyDecision.DELETE;
} else {
// If there is a lower-order context then that one will be ADD
// and this one is KEEP. When the execution comes to this context
// then the projection already exists
decision = SynchronizationPolicyDecision.KEEP;
}
} else {
decision = SynchronizationPolicyDecision.ADD;
}
}
} else {
// Delete
if (projCtx.isExists()) {
decision = SynchronizationPolicyDecision.DELETE;
} else {
// we should delete the entire context, but then we will lose track of what
// happened. So just ignore it.
decision = SynchronizationPolicyDecision.IGNORE;
// if there are any triggers then move them to focus. We may still need them.
LensUtil.moveTriggers(projCtx, context.getFocusContext());
}
}
} else if (synchronizationIntent == SynchronizationIntent.ADD) {
if (shadowShouldExist) {
projCtx.setActive(true);
if (projCtx.isExists()) {
// Attempt to add something that is already there, but should be OK
decision = SynchronizationPolicyDecision.KEEP;
} else {
decision = SynchronizationPolicyDecision.ADD;
}
} else {
throw new PolicyViolationException("Request to add projection " + projCtxDesc + " but the activation policy decided that it should not exist");
}
} else if (synchronizationIntent == SynchronizationIntent.KEEP) {
if (shadowShouldExist) {
projCtx.setActive(true);
if (projCtx.isExists()) {
decision = SynchronizationPolicyDecision.KEEP;
} else {
decision = SynchronizationPolicyDecision.ADD;
}
} else {
throw new PolicyViolationException("Request to keep projection " + projCtxDesc + " but the activation policy decided that it should not exist");
}
} else {
throw new IllegalStateException("Unknown sync intent " + synchronizationIntent);
}
LOGGER.trace("Evaluated decision for projection {} to {}", projCtxDesc, decision);
setSynchronizationPolicyDecision(projCtx, decision, result);
PrismObject<F> focusNew = context.getFocusContext().getObjectNew();
if (focusNew == null) {
// This must be a user delete or something similar. No point in proceeding
LOGGER.trace("focusNew is null, skipping activation processing of {}", projCtxDesc);
return;
}
if (decision == SynchronizationPolicyDecision.DELETE) {
LOGGER.trace("Decision is {}, skipping activation properties processing for {}", decision, projCtxDesc);
return;
}
ResourceObjectTypeDefinitionType resourceObjectTypeDefinition = projCtx.getResourceObjectTypeDefinitionType();
if (resourceObjectTypeDefinition == null) {
LOGGER.trace("No refined object definition, therefore also no activation outbound definition, skipping activation processing for account {}", projCtxDesc);
return;
}
ResourceActivationDefinitionType activationDefinition = resourceObjectTypeDefinition.getActivation();
if (activationDefinition == null) {
LOGGER.trace("No activation definition in projection {}, skipping activation properties processing", projCtxDesc);
return;
}
ActivationCapabilityType capActivation = ResourceTypeUtil.getEffectiveCapability(projCtx.getResource(), ActivationCapabilityType.class);
if (capActivation == null) {
LOGGER.trace("Skipping activation status and validity processing because {} has no activation capability", projCtx.getResource());
return;
}
ActivationStatusCapabilityType capStatus = CapabilityUtil.getEnabledActivationStatus(capActivation);
ActivationValidityCapabilityType capValidFrom = CapabilityUtil.getEnabledActivationValidFrom(capActivation);
ActivationValidityCapabilityType capValidTo = CapabilityUtil.getEnabledActivationValidTo(capActivation);
ActivationLockoutStatusCapabilityType capLockoutStatus = CapabilityUtil.getEnabledActivationLockoutStatus(capActivation);
if (capStatus != null) {
evaluateActivationMapping(context, projCtx, activationDefinition.getAdministrativeStatus(), SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS, SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS, capActivation, now, MappingTimeEval.CURRENT, ActivationType.F_ADMINISTRATIVE_STATUS.getLocalPart(), task, result);
} else {
LOGGER.trace("Skipping activation administrative status processing because {} does not have activation administrative status capability", projCtx.getResource());
}
ResourceBidirectionalMappingType validFromMappingType = activationDefinition.getValidFrom();
if (validFromMappingType == null || validFromMappingType.getOutbound() == null) {
LOGGER.trace("Skipping activation validFrom processing because {} does not have appropriate outbound mapping", projCtx.getResource());
} else if (capValidFrom == null && !ExpressionUtil.hasExplicitTarget(validFromMappingType.getOutbound())) {
LOGGER.trace("Skipping activation validFrom processing because {} does not have activation validFrom capability nor outbound mapping with explicit target", projCtx.getResource());
} else {
evaluateActivationMapping(context, projCtx, activationDefinition.getValidFrom(), SchemaConstants.PATH_ACTIVATION_VALID_FROM, SchemaConstants.PATH_ACTIVATION_VALID_FROM, null, now, MappingTimeEval.CURRENT, ActivationType.F_VALID_FROM.getLocalPart(), task, result);
}
ResourceBidirectionalMappingType validToMappingType = activationDefinition.getValidTo();
if (validToMappingType == null || validToMappingType.getOutbound() == null) {
LOGGER.trace("Skipping activation validTo processing because {} does not have appropriate outbound mapping", projCtx.getResource());
} else if (capValidTo == null && !ExpressionUtil.hasExplicitTarget(validToMappingType.getOutbound())) {
LOGGER.trace("Skipping activation validTo processing because {} does not have activation validTo capability nor outbound mapping with explicit target", projCtx.getResource());
} else {
evaluateActivationMapping(context, projCtx, activationDefinition.getValidTo(), SchemaConstants.PATH_ACTIVATION_VALID_TO, SchemaConstants.PATH_ACTIVATION_VALID_TO, null, now, MappingTimeEval.CURRENT, ActivationType.F_VALID_TO.getLocalPart(), task, result);
}
if (capLockoutStatus != null) {
evaluateActivationMapping(context, projCtx, activationDefinition.getLockoutStatus(), SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS, SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS, capActivation, now, MappingTimeEval.CURRENT, ActivationType.F_LOCKOUT_STATUS.getLocalPart(), task, result);
} else {
LOGGER.trace("Skipping activation lockout status processing because {} does not have activation lockout status capability", projCtx.getResource());
}
}
Also used :
ActivationLockoutStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType)
ActivationCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType)
SynchronizationPolicyDecision(com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision)
ActivationValidityCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationValidityCapabilityType)
SynchronizationIntent(com.evolveum.midpoint.model.api.context.SynchronizationIntent)
ActivationStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType)
Aggregations
SynchronizationIntent (com.evolveum.midpoint.model.api.context.SynchronizationIntent)3
SynchronizationPolicyDecision (com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision)3
ActivationCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType)1
ActivationLockoutStatusCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType)1
ActivationStatusCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType)1
ActivationValidityCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationValidityCapabilityType)1
