Examples with DeltaMapTriple com.evolveum.midpoint.prism.delta.DeltaMapTriple used on opensource projects

Example 1 with DeltaMapTriple

use of com.evolveum.midpoint.prism.delta.DeltaMapTriple in project midpoint by Evolveum.

the class PersonaProcessor method processPersonaChangesFocus.

public <F extends FocusType> HookOperationMode processPersonaChangesFocus(LensContext<F> context, Task task, OperationResult result) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, PolicyViolationException {
    DeltaSetTriple<EvaluatedAssignmentImpl<F>> evaluatedAssignmentTriple = (DeltaSetTriple) context.getEvaluatedAssignmentTriple();
    if (evaluatedAssignmentTriple == null || evaluatedAssignmentTriple.isEmpty()) {
        return HookOperationMode.FOREGROUND;
    }
    DeltaSetTriple<PersonaKey> activePersonaKeyTriple = new DeltaSetTriple<>();
    ComplexConstructionConsumer<PersonaKey, PersonaConstruction<F>> consumer = new ComplexConstructionConsumer<PersonaKey, PersonaConstruction<F>>() {

        @Override
        public boolean before(PersonaKey key) {
            return true;
        }

        @Override
        public void onAssigned(PersonaKey key, String desc) {
            activePersonaKeyTriple.addToPlusSet(key);
        }

        @Override
        public void onUnchangedValid(PersonaKey key, String desc) {
            activePersonaKeyTriple.addToZeroSet(key);
        }

        @Override
        public void onUnchangedInvalid(PersonaKey key, String desc) {
        }

        @Override
        public void onUnassigned(PersonaKey key, String desc) {
            activePersonaKeyTriple.addToMinusSet(key);
        }

        @Override
        public void after(PersonaKey key, String desc, DeltaMapTriple<PersonaKey, ConstructionPack<PersonaConstruction<F>>> constructionMapTriple) {
        }
    };
    DeltaMapTriple<PersonaKey, ConstructionPack<PersonaConstruction<F>>> constructionMapTriple = constructionProcessor.processConstructions(context, evaluatedAssignmentTriple, evaluatedAssignment -> evaluatedAssignment.getPersonaConstructionTriple(), construction -> new PersonaKey(construction.getConstructionType()), consumer, task, result);
    LOGGER.trace("activePersonaKeyTriple:\n{}", activePersonaKeyTriple.debugDumpLazily());
    List<FocusType> existingPersonas = readExistingPersonas(context, task, result);
    LOGGER.trace("existingPersonas:\n{}", existingPersonas);
    for (PersonaKey key : activePersonaKeyTriple.getNonNegativeValues()) {
        FocusType existingPersona = findPersona(existingPersonas, key);
        LOGGER.trace("existingPersona: {}", existingPersona);
        // TODO: add ability to merge several constructions
        ConstructionPack<PersonaConstruction<F>> pack = constructionMapTriple.getPlusMap().get(key);
        if (pack == null) {
            pack = constructionMapTriple.getZeroMap().get(key);
        }
        Collection<PrismPropertyValue<PersonaConstruction<F>>> constructions = pack.getConstructions();
        if (constructions.isEmpty()) {
            continue;
        }
        if (constructions.size() > 1) {
            throw new UnsupportedOperationException("Merging of multiple persona constructions is not supported yet");
        }
        PersonaConstruction<F> construction = constructions.iterator().next().getValue();
        LOGGER.trace("construction:\n{}", construction.debugDumpLazily());
        if (existingPersona == null) {
            personaAdd(context, key, construction, task, result);
        } else {
            personaModify(context, key, construction, existingPersona.asPrismObject(), task, result);
        }
    }
    for (PersonaKey key : activePersonaKeyTriple.getMinusSet()) {
        FocusType existingPersona = findPersona(existingPersonas, key);
        if (existingPersona != null) {
            personaDelete(context, key, existingPersona, task, result);
        }
    }
    return HookOperationMode.FOREGROUND;
}

Example 2 with DeltaMapTriple

use of com.evolveum.midpoint.prism.delta.DeltaMapTriple in project midpoint by Evolveum.

the class AssignmentProcessor method processAssignmentsProjectionsWithFocus.

/**
     * Processing focus-projection assignments (including roles).
     */
@SuppressWarnings({ "rawtypes", "unchecked" })
private <F extends FocusType> void processAssignmentsProjectionsWithFocus(LensContext<F> context, XMLGregorianCalendar now, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
    // PREPARE ASSIGNMENT DELTA
    LensFocusContext<F> focusContext = context.getFocusContext();
    ObjectDelta<F> focusDelta = focusContext.getDelta();
    if (focusDelta != null && focusDelta.isDelete()) {
        processFocusDelete(context, result);
        return;
    }
    checkAssignmentDeltaSanity(context);
    // ASSIGNMENT EVALUATION
    // Initializing assignment evaluator. This will be used later to process all the assignments including the nested
    // assignments (roles).
    AssignmentEvaluator<F> assignmentEvaluator = createAssignmentEvaluator(context, now);
    ObjectType source = determineSource(focusContext);
    AssignmentTripleEvaluator<F> assignmentTripleEvaluator = new AssignmentTripleEvaluator<>();
    assignmentTripleEvaluator.setActivationComputer(activationComputer);
    assignmentTripleEvaluator.setAssignmentEvaluator(assignmentEvaluator);
    assignmentTripleEvaluator.setContext(context);
    assignmentTripleEvaluator.setNow(now);
    assignmentTripleEvaluator.setPrismContext(prismContext);
    assignmentTripleEvaluator.setResult(result);
    assignmentTripleEvaluator.setSource(source);
    assignmentTripleEvaluator.setTask(task);
    // Normal processing. The enforcement policy requires that assigned accounts should be added, so we need to figure out
    // which assignments were added. Do a complete recompute for all the enforcement modes. We can do that because this does
    // not create deltas, it just creates the triples. So we can decide what to do later when we convert triples to deltas.
    // Evaluates all assignments and sorts them to triple: added, removed and untouched assignments.
    // This is where most of the assignment-level action happens.
    DeltaSetTriple<EvaluatedAssignmentImpl<F>> evaluatedAssignmentTriple = assignmentTripleEvaluator.processAllAssignments();
    policyRuleProcessor.addGlobalPoliciesToAssignments(context, evaluatedAssignmentTriple, task, result);
    context.setEvaluatedAssignmentTriple((DeltaSetTriple) evaluatedAssignmentTriple);
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("evaluatedAssignmentTriple:\n{}", evaluatedAssignmentTriple.debugDump());
    }
    // PROCESSING POLICIES
    policyRuleProcessor.processPolicies(context, evaluatedAssignmentTriple, result);
    boolean needToReevaluateAssignments = policyRuleProcessor.processPruning(context, evaluatedAssignmentTriple, result);
    if (needToReevaluateAssignments) {
        LOGGER.debug("Re-evaluating assignments because exclusion pruning rule was triggered");
        evaluatedAssignmentTriple = assignmentTripleEvaluator.processAllAssignments();
        context.setEvaluatedAssignmentTriple((DeltaSetTriple) evaluatedAssignmentTriple);
        policyRuleProcessor.addGlobalPoliciesToAssignments(context, evaluatedAssignmentTriple, task, result);
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("re-evaluatedAssignmentTriple:\n{}", evaluatedAssignmentTriple.debugDump());
        }
        policyRuleProcessor.processPolicies(context, evaluatedAssignmentTriple, result);
    }
    //policyRuleProcessor.storeAssignmentPolicySituation(context, evaluatedAssignmentTriple, result);
    // PROCESSING FOCUS
    Map<ItemPath, DeltaSetTriple<? extends ItemValueWithOrigin<?, ?>>> focusOutputTripleMap = new HashMap<>();
    collectFocusTripleFromMappings(evaluatedAssignmentTriple.getPlusSet(), focusOutputTripleMap, PlusMinusZero.PLUS);
    collectFocusTripleFromMappings(evaluatedAssignmentTriple.getMinusSet(), focusOutputTripleMap, PlusMinusZero.MINUS);
    collectFocusTripleFromMappings(evaluatedAssignmentTriple.getZeroSet(), focusOutputTripleMap, PlusMinusZero.ZERO);
    ObjectDeltaObject<F> focusOdo = focusContext.getObjectDeltaObject();
    Collection<ItemDelta<?, ?>> focusDeltas = objectTemplateProcessor.computeItemDeltas(focusOutputTripleMap, null, focusOdo.getObjectDelta(), focusOdo.getNewObject(), focusContext.getObjectDefinition(), "focus mappings in assignments of " + focusContext.getHumanReadableName());
    LOGGER.trace("Computed focus deltas: {}", focusDeltas);
    focusContext.applyProjectionWaveSecondaryDeltas(focusDeltas);
    focusContext.recompute();
    // PROCESSING PROJECTIONS
    // Evaluate the constructions in assignements now. These were not evaluated in the first pass of AssignmentEvaluator
    // because there may be interaction from focusMappings of some roles to outbound mappings of other roles.
    // Now we have complete focus with all the focusMappings so we can evaluate the constructions
    evaluateConstructions(context, evaluatedAssignmentTriple, task, result);
    ComplexConstructionConsumer<ResourceShadowDiscriminator, Construction<F>> consumer = new ComplexConstructionConsumer<ResourceShadowDiscriminator, Construction<F>>() {

        private boolean processOnlyExistingProjCxts;

        @Override
        public boolean before(ResourceShadowDiscriminator rat) {
            if (rat.getResourceOid() == null) {
                throw new IllegalStateException("Resource OID null in ResourceAccountType during assignment processing");
            }
            if (rat.getIntent() == null) {
                throw new IllegalStateException("Account type is null in ResourceAccountType during assignment processing");
            }
            processOnlyExistingProjCxts = false;
            if (ModelExecuteOptions.isLimitPropagation(context.getOptions())) {
                if (context.getTriggeredResourceOid() != null && !rat.getResourceOid().equals(context.getTriggeredResourceOid())) {
                    LOGGER.trace("Skipping processing construction for shadow identified by {} because of limitation to propagate changes only for resource {}", rat, context.getTriggeredResourceOid());
                    return false;
                }
                if (SchemaConstants.CHANGE_CHANNEL_DISCOVERY.equals(QNameUtil.uriToQName(context.getChannel()))) {
                    // TODO is this message OK? [med]
                    LOGGER.trace("Processing of shadow identified by {} will be skipped because of limitation for discovery channel.");
                    processOnlyExistingProjCxts = true;
                }
            }
            return true;
        }

        @Override
        public void onAssigned(ResourceShadowDiscriminator rat, String desc) {
            LensProjectionContext projectionContext = LensUtil.getOrCreateProjectionContext(context, rat);
            projectionContext.setAssigned(true);
            projectionContext.setAssignedOld(false);
            projectionContext.setLegalOld(false);
            AssignmentPolicyEnforcementType assignmentPolicyEnforcement = projectionContext.getAssignmentPolicyEnforcementType();
            if (assignmentPolicyEnforcement != AssignmentPolicyEnforcementType.NONE) {
                LOGGER.trace("Projection {} legal: assigned (valid)", desc);
                projectionContext.setLegal(true);
            }
        }

        @Override
        public void onUnchangedValid(ResourceShadowDiscriminator key, String desc) {
            LensProjectionContext projectionContext = context.findProjectionContext(key);
            if (projectionContext == null) {
                if (processOnlyExistingProjCxts) {
                    return;
                }
                // The projection should exist before the change but it does not
                // This happens during reconciliation if there is an inconsistency. 
                // Pretend that the assignment was just added. That should do.
                projectionContext = LensUtil.getOrCreateProjectionContext(context, key);
            }
            LOGGER.trace("Projection {} legal: unchanged (valid)", desc);
            projectionContext.setLegal(true);
            projectionContext.setLegalOld(true);
            projectionContext.setAssigned(true);
            projectionContext.setAssignedOld(true);
        }

        @Override
        public void onUnchangedInvalid(ResourceShadowDiscriminator rat, String desc) {
            LensProjectionContext projectionContext = context.findProjectionContext(rat);
            if (projectionContext == null) {
                if (processOnlyExistingProjCxts) {
                    return;
                }
                // The projection should exist before the change but it does not
                // This happens during reconciliation if there is an inconsistency. 
                // Pretend that the assignment was just added. That should do.
                projectionContext = LensUtil.getOrCreateProjectionContext(context, rat);
            }
            LOGGER.trace("Projection {} illegal: unchanged (invalid)", desc);
            projectionContext.setLegal(false);
            projectionContext.setLegalOld(false);
            projectionContext.setAssigned(false);
            projectionContext.setAssignedOld(false);
        }

        @Override
        public void onUnassigned(ResourceShadowDiscriminator rat, String desc) {
            if (accountExists(context, rat)) {
                LensProjectionContext projectionContext = context.findProjectionContext(rat);
                if (projectionContext == null) {
                    if (processOnlyExistingProjCxts) {
                        return;
                    }
                    projectionContext = LensUtil.getOrCreateProjectionContext(context, rat);
                }
                projectionContext.setAssigned(false);
                projectionContext.setAssignedOld(true);
                projectionContext.setLegalOld(true);
                AssignmentPolicyEnforcementType assignmentPolicyEnforcement = projectionContext.getAssignmentPolicyEnforcementType();
                // TODO: check for MARK and LEGALIZE enforcement policies ....add delete laso for relative enforcemenet
                if (assignmentPolicyEnforcement == AssignmentPolicyEnforcementType.FULL || assignmentPolicyEnforcement == AssignmentPolicyEnforcementType.RELATIVE) {
                    LOGGER.trace("Projection {} illegal: unassigned", desc);
                    projectionContext.setLegal(false);
                } else {
                    LOGGER.trace("Projection {} legal: unassigned, but allowed by policy ({})", desc, assignmentPolicyEnforcement);
                    projectionContext.setLegal(true);
                }
            } else {
                LOGGER.trace("Projection {} nothing: unassigned (valid->invalid) but not there", desc);
            // We have to delete something that is not there. Nothing to do.
            }
        }

        @Override
        public void after(ResourceShadowDiscriminator rat, String desc, DeltaMapTriple<ResourceShadowDiscriminator, ConstructionPack<Construction<F>>> constructionMapTriple) {
            PrismValueDeltaSetTriple<PrismPropertyValue<Construction>> projectionConstructionDeltaSetTriple = new PrismValueDeltaSetTriple<>(getConstructions(constructionMapTriple.getZeroMap().get(rat), true), getConstructions(constructionMapTriple.getPlusMap().get(rat), true), getConstructions(constructionMapTriple.getMinusMap().get(rat), false));
            LensProjectionContext projectionContext = context.findProjectionContext(rat);
            if (projectionContext != null) {
                // This can be null in a exotic case if we delete already deleted account
                if (LOGGER.isTraceEnabled()) {
                    LOGGER.trace("Construction delta set triple for {}:\n{}", rat, projectionConstructionDeltaSetTriple.debugDump(1));
                }
                projectionContext.setConstructionDeltaSetTriple(projectionConstructionDeltaSetTriple);
                if (isForceRecon(constructionMapTriple.getZeroMap().get(rat)) || isForceRecon(constructionMapTriple.getPlusMap().get(rat)) || isForceRecon(constructionMapTriple.getMinusMap().get(rat))) {
                    projectionContext.setDoReconciliation(true);
                }
            }
        }
    };
    constructionProcessor.processConstructions(context, evaluatedAssignmentTriple, evaluatedAssignment -> evaluatedAssignment.getConstructionTriple(), construction -> getConstructionMapKey(context, construction, task, result), consumer, task, result);
    removeIgnoredContexts(context);
    finishLegalDecisions(context);
}