Search in sources :

Example 1 with SynchronizationIntent

use of com.evolveum.midpoint.model.api.context.SynchronizationIntent in project midpoint by Evolveum.

the class LinkUpdater method setLinkedFromLegacyCriteria.

/**
 * TODO remove this code eventually
 */
private void setLinkedFromLegacyCriteria(OperationResult result) throws SchemaException, ObjectNotFoundException {
    SynchronizationPolicyDecision decision = projCtx.getSynchronizationPolicyDecision();
    SynchronizationIntent intent = projCtx.getSynchronizationIntent();
    if (decision == SynchronizationPolicyDecision.DELETE) {
        // 1. Shadow does exist in repo. So, by definition, we want to keep the link.
        // 2. But the link should be invisible, so org:related should be used.
        LOGGER.trace("Shadow is present but the decision is {}. Link should be 'related'.", decision);
        setLinkedAsRelated(result);
    } else if (decision == SynchronizationPolicyDecision.BROKEN) {
        // 3. Let us try to base our decision on synchronization intent.
        if (intent == SynchronizationIntent.UNLINK || intent == SynchronizationIntent.DELETE) {
            LOGGER.trace("Shadow is present, projection is broken, and intent was {}. Link should be 'related'.", intent);
            setLinkedAsRelated(result);
        } else {
            LOGGER.trace("Shadow is present, projection is broken, and intent was {}. Link should be 'default'.", intent);
            setLinkedNormally(result);
        }
    } else {
        LOGGER.trace("Projection seems to be alive (decision = {}). Link should be 'default'.", decision);
        setLinkedNormally(result);
    }
}
Also used : SynchronizationIntent(com.evolveum.midpoint.model.api.context.SynchronizationIntent) SynchronizationPolicyDecision(com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision)

Example 2 with SynchronizationIntent

use of com.evolveum.midpoint.model.api.context.SynchronizationIntent in project midpoint by Evolveum.

the class LinkUpdater method updateLinksInternal.

private void updateLinksInternal(OperationResult result) throws ObjectNotFoundException, SchemaException {
    SynchronizationPolicyDecision decision = projCtx.getSynchronizationPolicyDecision();
    SynchronizationIntent intent = projCtx.getSynchronizationIntent();
    LOGGER.trace("updateLinksInternal starting with sync decision: {}, sync intent: {}, gone: {}, shadow in repo: {}", decision, intent, projCtx.isGone(), projCtx.isShadowExistsInRepo());
    if (focusContext.isDelete()) {
        LOGGER.trace("Nothing to link from, because focus is being deleted. But we need to update the situation in shadow.");
        updateSituationInShadow(null, result);
    } else if (!projCtx.isShadowExistsInRepo()) {
        LOGGER.trace("Nothing to link to, because the shadow is not in repository. Removing linkRef from focus.");
        deleteLinkRefFromFocus(result);
    } else if (decision == SynchronizationPolicyDecision.UNLINK) {
        LOGGER.trace("Explicitly requested link to be removed. So removing it from the focus and the shadow.");
        deleteLinkCompletely(result);
    } else if (projCtx.isGone()) {
        if (strictMode && shadowLivenessState == null) {
            throw new IllegalStateException("Null liveness state? " + projCtx.toHumanReadableString());
        }
        if (shadowLivenessState == null || shadowLivenessState == ShadowLivenessState.DEAD) {
            LOGGER.trace("Projection is gone. Link should be 'related'.");
            setLinkedAsRelated(result);
        } else {
            if (strictMode) {
                throw new IllegalStateException("Goner with liveness state = " + shadowLivenessState + ": " + projCtx.toHumanReadableString());
            } else {
                LOGGER.warn("Projection is gone but shadow liveness state is {}. Context: {}. Setting the link " + "according to the state.", shadowLivenessState, projCtx.toHumanReadableString());
                setLinkedFromLivenessState(result);
            }
        }
    } else if (decision == SynchronizationPolicyDecision.IGNORE) {
        LOGGER.trace("Projection is ignored. Keeping link as is.");
    } else {
        if (strictMode && shadowLivenessState == null) {
            throw new IllegalStateException("Null liveness state? " + projCtx.toHumanReadableString());
        }
        setLinkedFromLivenessState(result);
    }
}
Also used : SynchronizationIntent(com.evolveum.midpoint.model.api.context.SynchronizationIntent) SynchronizationPolicyDecision(com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision)

Example 3 with SynchronizationIntent

use of com.evolveum.midpoint.model.api.context.SynchronizationIntent in project midpoint by Evolveum.

the class ActivationProcessor method processActivationMappingsCurrent.

private <F extends FocusType> void processActivationMappingsCurrent(LensContext<F> context, LensProjectionContext projCtx, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
    String projCtxDesc = projCtx.toHumanReadableString();
    SynchronizationPolicyDecision existingDecision = projCtx.getSynchronizationPolicyDecision();
    SynchronizationIntent synchronizationIntent = projCtx.getSynchronizationIntent();
    result.addContext("existingDecision", String.valueOf(existingDecision));
    result.addContext("synchronizationIntent", String.valueOf(synchronizationIntent));
    LOGGER.trace("processActivationUserCurrent starting for {}. Existing decision = {}, synchronization intent = {}", projCtxDesc, existingDecision, synchronizationIntent);
    if (existingDecision == SynchronizationPolicyDecision.BROKEN) {
        LOGGER.trace("Broken projection {}, skipping further activation processing", projCtxDesc);
        return;
    }
    if (synchronizationIntent == SynchronizationIntent.UNLINK) {
        setSynchronizationPolicyDecision(projCtx, SynchronizationPolicyDecision.UNLINK, result);
        LOGGER.trace("Evaluated decision for {} to {} because of unlink synchronization intent, " + "skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.UNLINK);
        return;
    }
    if (projCtx.isGone()) {
        if (projCtx.isDelete() && ModelExecuteOptions.isForce(context.getOptions())) {
            setSynchronizationPolicyDecision(projCtx, SynchronizationPolicyDecision.DELETE, result);
            LOGGER.trace("Evaluated decision for 'gone' {} to {} (force), skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.DELETE);
        } else {
            // Let's keep 'goners' linked until they expire. So we do not have shadows without owners.
            // This is also needed for async delete operations.
            setSynchronizationPolicyDecision(projCtx, SynchronizationPolicyDecision.KEEP, result);
            LOGGER.trace("Evaluated decision for {} to {} because it is gone, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.KEEP);
        }
        return;
    }
    if (projCtx.isReaping()) {
        // Projections being reaped (i.e. having pending DELETE actions) should be kept intact.
        // This is based on assumption that it is not possible to cancel the pending DELETE operation.
        // If it was, we could try to do that.
        setSynchronizationPolicyDecision(projCtx, SynchronizationPolicyDecision.KEEP, result);
        LOGGER.trace("Evaluated decision for {} to {} because it is reaping, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.KEEP);
        return;
    }
    if (synchronizationIntent == SynchronizationIntent.DELETE || projCtx.isDelete()) {
        // TODO: is this OK?
        setSynchronizationPolicyDecision(projCtx, SynchronizationPolicyDecision.DELETE, result);
        LOGGER.trace("Evaluated decision for {} to {}, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.DELETE);
        return;
    }
    LOGGER.trace("Evaluating intended existence of projection {} (legal={})", projCtxDesc, projCtx.isLegal());
    boolean shadowShouldExist = evaluateExistenceMapping(context, projCtx, now, MappingTimeEval.CURRENT, task, result);
    LOGGER.trace("Evaluated intended existence of projection {} to {} (legal={})", projCtxDesc, shadowShouldExist, projCtx.isLegal());
    // Let's reconcile the existence intent (shadowShouldExist) and the synchronization intent in the context
    LensProjectionContext lowerOrderContext = LensUtil.findLowerOrderContext(context, projCtx);
    SynchronizationPolicyDecision decision;
    if (synchronizationIntent == null || synchronizationIntent == SynchronizationIntent.SYNCHRONIZE) {
        if (shadowShouldExist) {
            projCtx.setActive(true);
            if (projCtx.isExists()) {
                if (lowerOrderContext != null && lowerOrderContext.isDelete()) {
                    // HACK HACK HACK
                    decision = SynchronizationPolicyDecision.DELETE;
                } else {
                    decision = SynchronizationPolicyDecision.KEEP;
                }
            } else {
                if (lowerOrderContext != null) {
                    if (lowerOrderContext.isDelete()) {
                        // HACK HACK HACK
                        decision = SynchronizationPolicyDecision.DELETE;
                    } else {
                        // If there is a lower-order context then that one will be ADD
                        // and this one is KEEP. When the execution comes to this context
                        // then the projection already exists
                        decision = SynchronizationPolicyDecision.KEEP;
                    }
                } else {
                    decision = SynchronizationPolicyDecision.ADD;
                }
            }
        } else {
            // Delete
            if (projCtx.isExists()) {
                decision = SynchronizationPolicyDecision.DELETE;
            } else {
                // we should delete the entire context, but then we will lose track of what
                // happened. So just ignore it.
                decision = SynchronizationPolicyDecision.IGNORE;
                // if there are any triggers then move them to focus. We may still need them.
                LensUtil.moveTriggers(projCtx, context.getFocusContext());
            }
        }
    } else if (synchronizationIntent == SynchronizationIntent.ADD) {
        if (shadowShouldExist) {
            projCtx.setActive(true);
            if (projCtx.isExists()) {
                // Attempt to add something that is already there, but should be OK
                decision = SynchronizationPolicyDecision.KEEP;
            } else {
                decision = SynchronizationPolicyDecision.ADD;
            }
        } else {
            throw new PolicyViolationException("Request to add projection " + projCtxDesc + " but the activation policy decided that it should not exist");
        }
    } else if (synchronizationIntent == SynchronizationIntent.KEEP) {
        if (shadowShouldExist) {
            projCtx.setActive(true);
            if (projCtx.isExists()) {
                decision = SynchronizationPolicyDecision.KEEP;
            } else {
                decision = SynchronizationPolicyDecision.ADD;
            }
        } else {
            throw new PolicyViolationException("Request to keep projection " + projCtxDesc + " but the activation policy decided that it should not exist");
        }
    } else {
        throw new IllegalStateException("Unknown sync intent " + synchronizationIntent);
    }
    LOGGER.trace("Evaluated decision for projection {} to {}", projCtxDesc, decision);
    setSynchronizationPolicyDecision(projCtx, decision, result);
    PrismObject<F> focusNew = context.getFocusContext().getObjectNew();
    if (focusNew == null) {
        // This must be a user delete or something similar. No point in proceeding
        LOGGER.trace("focusNew is null, skipping activation processing of {}", projCtxDesc);
        return;
    }
    if (decision == SynchronizationPolicyDecision.DELETE) {
        LOGGER.trace("Decision is {}, skipping activation properties processing for {}", decision, projCtxDesc);
        return;
    }
    ResourceObjectTypeDefinitionType resourceObjectTypeDefinition = projCtx.getResourceObjectTypeDefinitionType();
    if (resourceObjectTypeDefinition == null) {
        LOGGER.trace("No refined object definition, therefore also no activation outbound definition, skipping activation processing for account {}", projCtxDesc);
        return;
    }
    ResourceActivationDefinitionType activationDefinition = resourceObjectTypeDefinition.getActivation();
    if (activationDefinition == null) {
        LOGGER.trace("No activation definition in projection {}, skipping activation properties processing", projCtxDesc);
        return;
    }
    ActivationCapabilityType capActivation = ResourceTypeUtil.getEffectiveCapability(projCtx.getResource(), ActivationCapabilityType.class);
    if (capActivation == null) {
        LOGGER.trace("Skipping activation status and validity processing because {} has no activation capability", projCtx.getResource());
        return;
    }
    ActivationStatusCapabilityType capStatus = CapabilityUtil.getEnabledActivationStatus(capActivation);
    ActivationValidityCapabilityType capValidFrom = CapabilityUtil.getEnabledActivationValidFrom(capActivation);
    ActivationValidityCapabilityType capValidTo = CapabilityUtil.getEnabledActivationValidTo(capActivation);
    ActivationLockoutStatusCapabilityType capLockoutStatus = CapabilityUtil.getEnabledActivationLockoutStatus(capActivation);
    if (capStatus != null) {
        evaluateActivationMapping(context, projCtx, activationDefinition.getAdministrativeStatus(), SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS, SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS, capActivation, now, MappingTimeEval.CURRENT, ActivationType.F_ADMINISTRATIVE_STATUS.getLocalPart(), task, result);
    } else {
        LOGGER.trace("Skipping activation administrative status processing because {} does not have activation administrative status capability", projCtx.getResource());
    }
    ResourceBidirectionalMappingType validFromMappingType = activationDefinition.getValidFrom();
    if (validFromMappingType == null || validFromMappingType.getOutbound() == null) {
        LOGGER.trace("Skipping activation validFrom processing because {} does not have appropriate outbound mapping", projCtx.getResource());
    } else if (capValidFrom == null && !ExpressionUtil.hasExplicitTarget(validFromMappingType.getOutbound())) {
        LOGGER.trace("Skipping activation validFrom processing because {} does not have activation validFrom capability nor outbound mapping with explicit target", projCtx.getResource());
    } else {
        evaluateActivationMapping(context, projCtx, activationDefinition.getValidFrom(), SchemaConstants.PATH_ACTIVATION_VALID_FROM, SchemaConstants.PATH_ACTIVATION_VALID_FROM, null, now, MappingTimeEval.CURRENT, ActivationType.F_VALID_FROM.getLocalPart(), task, result);
    }
    ResourceBidirectionalMappingType validToMappingType = activationDefinition.getValidTo();
    if (validToMappingType == null || validToMappingType.getOutbound() == null) {
        LOGGER.trace("Skipping activation validTo processing because {} does not have appropriate outbound mapping", projCtx.getResource());
    } else if (capValidTo == null && !ExpressionUtil.hasExplicitTarget(validToMappingType.getOutbound())) {
        LOGGER.trace("Skipping activation validTo processing because {} does not have activation validTo capability nor outbound mapping with explicit target", projCtx.getResource());
    } else {
        evaluateActivationMapping(context, projCtx, activationDefinition.getValidTo(), SchemaConstants.PATH_ACTIVATION_VALID_TO, SchemaConstants.PATH_ACTIVATION_VALID_TO, null, now, MappingTimeEval.CURRENT, ActivationType.F_VALID_TO.getLocalPart(), task, result);
    }
    if (capLockoutStatus != null) {
        evaluateActivationMapping(context, projCtx, activationDefinition.getLockoutStatus(), SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS, SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS, capActivation, now, MappingTimeEval.CURRENT, ActivationType.F_LOCKOUT_STATUS.getLocalPart(), task, result);
    } else {
        LOGGER.trace("Skipping activation lockout status processing because {} does not have activation lockout status capability", projCtx.getResource());
    }
}
Also used : ActivationLockoutStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType) ActivationCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType) SynchronizationPolicyDecision(com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision) ActivationValidityCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationValidityCapabilityType) SynchronizationIntent(com.evolveum.midpoint.model.api.context.SynchronizationIntent) ActivationStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType)

Aggregations

SynchronizationIntent (com.evolveum.midpoint.model.api.context.SynchronizationIntent)3 SynchronizationPolicyDecision (com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision)3 ActivationCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType)1 ActivationLockoutStatusCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType)1 ActivationStatusCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType)1 ActivationValidityCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationValidityCapabilityType)1