use of com.evolveum.midpoint.model.impl.lens.LensContext in project midpoint by Evolveum.
the class ConsolidationProcessor method consolidateValuesToModifyDelta.
private <F extends FocusType> ObjectDelta<ShadowType> consolidateValuesToModifyDelta(LensContext<F> context, LensProjectionContext projCtx, boolean addUnchangedValues, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException {
// "Squeeze" all the relevant mappings into a data structure that we can process conveniently. We want to have all the
// (meta)data about relevant for a specific attribute in one data structure, not spread over several account constructions.
Map<QName, DeltaSetTriple<ItemValueWithOrigin<PrismPropertyValue<?>, PrismPropertyDefinition<?>>>> squeezedAttributes = sqeeze(projCtx, construction -> (Collection) construction.getAttributeMappings());
projCtx.setSqueezedAttributes(squeezedAttributes);
Map<QName, DeltaSetTriple<ItemValueWithOrigin<PrismContainerValue<ShadowAssociationType>, PrismContainerDefinition<ShadowAssociationType>>>> squeezedAssociations = sqeeze(projCtx, construction -> construction.getAssociationMappings());
projCtx.setSqueezedAssociations(squeezedAssociations);
// So, we do it here - once and for all.
if (!squeezedAssociations.isEmpty()) {
fillInAssociationNames(squeezedAssociations);
}
MappingExtractor<PrismPropertyValue<QName>, PrismPropertyDefinition<QName>, F> auxiliaryObjectClassExtractor = construction -> {
PrismValueDeltaSetTripleProducer<PrismPropertyValue<QName>, PrismPropertyDefinition<QName>> prod = new PrismValueDeltaSetTripleProducer<PrismPropertyValue<QName>, PrismPropertyDefinition<QName>>() {
@Override
public QName getMappingQName() {
return ShadowType.F_AUXILIARY_OBJECT_CLASS;
}
@Override
public PrismValueDeltaSetTriple<PrismPropertyValue<QName>> getOutputTriple() {
PrismValueDeltaSetTriple<PrismPropertyValue<QName>> triple = new PrismValueDeltaSetTriple<>();
if (construction.getAuxiliaryObjectClassDefinitions() != null) {
for (RefinedObjectClassDefinition auxiliaryObjectClassDefinition : construction.getAuxiliaryObjectClassDefinitions()) {
triple.addToZeroSet(new PrismPropertyValue<QName>(auxiliaryObjectClassDefinition.getTypeName()));
}
}
return triple;
}
@Override
public MappingStrengthType getStrength() {
return MappingStrengthType.STRONG;
}
@Override
public PrismValueDeltaSetTripleProducer<PrismPropertyValue<QName>, PrismPropertyDefinition<QName>> clone() {
return this;
}
@Override
public boolean isExclusive() {
return false;
}
@Override
public boolean isAuthoritative() {
return true;
}
@Override
public boolean isSourceless() {
return false;
}
};
Collection<PrismValueDeltaSetTripleProducer<PrismPropertyValue<QName>, PrismPropertyDefinition<QName>>> col = new ArrayList<>(1);
col.add(prod);
return col;
};
Map<QName, DeltaSetTriple<ItemValueWithOrigin<PrismPropertyValue<QName>, PrismPropertyDefinition<QName>>>> squeezedAuxiliaryObjectClasses = sqeeze(projCtx, auxiliaryObjectClassExtractor);
projCtx.setSqueezedAuxiliaryObjectClasses(squeezedAuxiliaryObjectClasses);
ResourceShadowDiscriminator discr = projCtx.getResourceShadowDiscriminator();
ObjectDelta<ShadowType> objectDelta = new ObjectDelta<ShadowType>(ShadowType.class, ChangeType.MODIFY, prismContext);
objectDelta.setOid(projCtx.getOid());
// Let's be very very lazy about fetching the account from the resource.
if (!projCtx.hasFullShadow() && (hasActiveWeakMapping(squeezedAttributes, projCtx) || hasActiveWeakMapping(squeezedAssociations, projCtx) || (hasActiveStrongMapping(squeezedAttributes, projCtx) || hasActiveStrongMapping(squeezedAssociations, projCtx)))) {
// Full account was not yet loaded. This will cause problems as
// the weak mapping may be applied even though it should not be
// applied
// and also same changes may be discarded because of unavailability
// of all
// account's attributes.Therefore load the account now, but with
// doNotDiscovery options..
// We also need to get account if there are strong mappings. Strong mappings
// should always be applied. So reading the account now will indirectly
// trigger reconciliation which makes sure that the strong mappings are
// applied.
// By getting accounts from provisioning, there might be a problem with
// resource availability. We need to know, if the account was read full
// or we have only the shadow from the repository. If we have only
// shadow, the weak mappings may applied even if they should not be.
contextLoader.loadFullShadow(context, projCtx, "weak or strong mapping", task, result);
if (projCtx.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.BROKEN) {
return null;
}
}
boolean completeAccount = projCtx.hasFullShadow();
ObjectDelta<ShadowType> existingDelta = projCtx.getDelta();
// AUXILIARY OBJECT CLASSES
ItemPath auxiliaryObjectClassItemPath = new ItemPath(ShadowType.F_AUXILIARY_OBJECT_CLASS);
PrismPropertyDefinition<QName> auxiliaryObjectClassPropertyDef = projCtx.getObjectDefinition().findPropertyDefinition(auxiliaryObjectClassItemPath);
PropertyDelta<QName> auxiliaryObjectClassAPrioriDelta = null;
RefinedResourceSchema refinedSchema = projCtx.getRefinedResourceSchema();
List<QName> auxOcNames = new ArrayList<>();
List<RefinedObjectClassDefinition> auxOcDefs = new ArrayList<>();
ObjectDelta<ShadowType> projDelta = projCtx.getDelta();
if (projDelta != null) {
auxiliaryObjectClassAPrioriDelta = projDelta.findPropertyDelta(auxiliaryObjectClassItemPath);
}
for (Entry<QName, DeltaSetTriple<ItemValueWithOrigin<PrismPropertyValue<QName>, PrismPropertyDefinition<QName>>>> entry : squeezedAuxiliaryObjectClasses.entrySet()) {
DeltaSetTriple<ItemValueWithOrigin<PrismPropertyValue<QName>, PrismPropertyDefinition<QName>>> ivwoTriple = entry.getValue();
LOGGER.trace("CONSOLIDATE auxiliary object classes ({})", new Object[] { discr });
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Auxiliary object class triple:\n{}", ivwoTriple.debugDump());
}
for (ItemValueWithOrigin<PrismPropertyValue<QName>, PrismPropertyDefinition<QName>> ivwo : ivwoTriple.getAllValues()) {
QName auxObjectClassName = ivwo.getItemValue().getValue();
if (auxOcNames.contains(auxObjectClassName)) {
continue;
}
auxOcNames.add(auxObjectClassName);
RefinedObjectClassDefinition auxOcDef = refinedSchema.getRefinedDefinition(auxObjectClassName);
if (auxOcDef == null) {
LOGGER.error("Auxiliary object class definition {} for {} not found in the schema, but it should be there, dumping context:\n{}", auxObjectClassName, discr, context.debugDump());
throw new IllegalStateException("Auxiliary object class definition " + auxObjectClassName + " for " + discr + " not found in the context, but it should be there");
}
auxOcDefs.add(auxOcDef);
}
ItemDelta<PrismPropertyValue<QName>, PrismPropertyDefinition<QName>> itemDelta = LensUtil.consolidateTripleToDelta(auxiliaryObjectClassItemPath, ivwoTriple, auxiliaryObjectClassPropertyDef, auxiliaryObjectClassAPrioriDelta, projCtx.getObjectNew(), null, null, addUnchangedValues, completeAccount, false, discr.toHumanReadableDescription(), false);
PropertyDelta<QName> propDelta = (PropertyDelta) itemDelta;
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Auxiliary object class delta:\n{}", propDelta.debugDump());
}
if (!propDelta.isEmpty()) {
objectDelta.addModification(propDelta);
}
}
RefinedObjectClassDefinition structuralObjectClassDefinition = projCtx.getStructuralObjectClassDefinition();
if (structuralObjectClassDefinition == null) {
LOGGER.error("Structural object class definition for {} not found in the context, but it should be there, dumping context:\n{}", discr, context.debugDump());
throw new IllegalStateException("Structural object class definition for " + discr + " not found in the context, but it should be there");
}
RefinedObjectClassDefinition rOcDef = new CompositeRefinedObjectClassDefinitionImpl(structuralObjectClassDefinition, auxOcDefs);
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Object class definition for {} consolidation:\n{}", discr, rOcDef.debugDump());
}
// with the data in ItemValueWithOrigin triples.
for (Map.Entry<QName, DeltaSetTriple<ItemValueWithOrigin<PrismPropertyValue<?>, PrismPropertyDefinition<?>>>> entry : squeezedAttributes.entrySet()) {
QName attributeName = entry.getKey();
DeltaSetTriple<ItemValueWithOrigin<PrismPropertyValue<?>, PrismPropertyDefinition<?>>> triple = entry.getValue();
PropertyDelta<?> propDelta = consolidateAttribute(rOcDef, discr, existingDelta, projCtx, addUnchangedValues, completeAccount, attributeName, (DeltaSetTriple) triple);
if (propDelta != null) {
objectDelta.addModification(propDelta);
}
}
// ASSOCIATIONS
for (Entry<QName, DeltaSetTriple<ItemValueWithOrigin<PrismContainerValue<ShadowAssociationType>, PrismContainerDefinition<ShadowAssociationType>>>> entry : squeezedAssociations.entrySet()) {
QName associationName = entry.getKey();
DeltaSetTriple<ItemValueWithOrigin<PrismContainerValue<ShadowAssociationType>, PrismContainerDefinition<ShadowAssociationType>>> triple = entry.getValue();
ContainerDelta<ShadowAssociationType> containerDelta = consolidateAssociation(rOcDef, discr, existingDelta, projCtx, addUnchangedValues, completeAccount, associationName, triple);
if (containerDelta != null) {
objectDelta.addModification(containerDelta);
}
}
return objectDelta;
}
use of com.evolveum.midpoint.model.impl.lens.LensContext in project midpoint by Evolveum.
the class ModelOperationTaskHandler method run.
@Override
public TaskRunResult run(Task task) {
OperationResult result = task.getResult().createSubresult(DOT_CLASS + "run");
TaskRunResult runResult = new TaskRunResult();
LensContextType contextType = task.getModelOperationContext();
if (contextType == null) {
LOGGER.trace("No model context found, skipping the model operation execution.");
if (result.isUnknown()) {
result.computeStatus();
}
runResult.setRunResultStatus(TaskRunResult.TaskRunResultStatus.FINISHED);
} else {
LensContext context;
try {
context = LensContext.fromLensContextType(contextType, prismContext, provisioningService, task, result);
} catch (SchemaException e) {
throw new SystemException("Cannot recover model context from task " + task + " due to schema exception", e);
} catch (ObjectNotFoundException | ConfigurationException | ExpressionEvaluationException e) {
throw new SystemException("Cannot recover model context from task " + task, e);
} catch (CommunicationException e) {
// todo wait and retry
throw new SystemException("Cannot recover model context from task " + task, e);
}
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Context to be executed = {}", context.debugDump());
}
try {
// here we brutally remove all the projection contexts -- because if we are continuing after rejection of a role/resource assignment
// that resulted in such projection contexts, we DO NOT want them to appear in the context any more
context.rot();
Iterator<LensProjectionContext> projectionIterator = context.getProjectionContextsIterator();
while (projectionIterator.hasNext()) {
LensProjectionContext projectionContext = projectionIterator.next();
if (projectionContext.getPrimaryDelta() != null && !projectionContext.getPrimaryDelta().isEmpty()) {
// don't remove client requested actions!
continue;
}
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Removing projection context {}", projectionContext.getHumanReadableName());
}
projectionIterator.remove();
}
if (task.getChannel() == null) {
task.setChannel(context.getChannel());
}
clockwork.run(context, task, result);
task.setModelOperationContext(context.toLensContextType());
task.savePendingModifications(result);
if (result.isUnknown()) {
result.computeStatus();
}
runResult.setRunResultStatus(TaskRunResult.TaskRunResultStatus.FINISHED);
} catch (RuntimeException | CommonException e) {
String message = "An exception occurred within model operation, in task " + task;
LoggingUtils.logUnexpectedException(LOGGER, message, e);
result.recordPartialError(message, e);
// TODO: here we do not know whether the error is temporary or permanent (in the future we could discriminate on the basis of particular exception caught)
runResult.setRunResultStatus(TaskRunResult.TaskRunResultStatus.TEMPORARY_ERROR);
}
}
task.getResult().recomputeStatus();
runResult.setOperationResult(task.getResult());
return runResult;
}
use of com.evolveum.midpoint.model.impl.lens.LensContext in project midpoint by Evolveum.
the class PrimaryChangeProcessor method contextCopyWithNoDelta.
public LensContext contextCopyWithNoDelta(ModelContext context) {
LensContext contextCopy = ((LensContext) context).clone();
contextCopy.replacePrimaryFocusDelta(null);
Collection<LensProjectionContext> projectionContexts = contextCopy.getProjectionContexts();
for (ModelProjectionContext projectionContext : projectionContexts) {
projectionContext.setPrimaryDelta(null);
}
return contextCopy;
}
use of com.evolveum.midpoint.model.impl.lens.LensContext in project midpoint by Evolveum.
the class TestPolicyDrivenRoleLifecycle method test030AttemptToActivateCorrectRoleC34.
/**
* Trying to activate `role-correct` that meets C1-C3 but has no owner (C4).
*/
@Test
public void test030AttemptToActivateCorrectRoleC34() throws Exception {
given();
Task task = getTestTask();
task.setOwner(userAdministrator.asPrismObject());
OperationResult result = task.getResult();
Holder<LensContext<?>> contextHolder = new Holder<>();
when();
then();
activateRoleAssertFailure(ROLE_CORRECT.oid, contextHolder, result, task);
dumpRules(contextHolder);
assertRoleAfter(ROLE_CORRECT.oid).assertPolicySituations(// see rule RE1
SITUATION_INCOMPLETE_ROLE);
}
use of com.evolveum.midpoint.model.impl.lens.LensContext in project midpoint by Evolveum.
the class TestPolicyDrivenRoleLifecycle method test020AttemptToActivateIncompleteRoleC234.
/**
* Trying to activate `role-high-risk-empty` that does not meet e.g. C2 (missing description) but others as well.
*/
@Test
public void test020AttemptToActivateIncompleteRoleC234() throws Exception {
given();
Task task = getTestTask();
task.setOwner(userAdministrator.asPrismObject());
OperationResult result = task.getResult();
Holder<LensContext<?>> contextHolder = new Holder<>();
when();
then();
activateRoleAssertFailure(ROLE_HIGH_RISK_EMPTY.oid, contextHolder, result, task);
dumpRules(contextHolder);
assertRoleAfter(ROLE_HIGH_RISK_EMPTY.oid).assertPolicySituations(// see rule RE1
SITUATION_INCOMPLETE_ROLE);
}
Aggregations