Examples with PropertyDelta com.evolveum.midpoint.prism.delta.PropertyDelta used on opensource projects

Example 31 with PropertyDelta

use of com.evolveum.midpoint.prism.delta.PropertyDelta in project midpoint by Evolveum.

the class ConnectorInstanceConnIdImpl method createConnIdOptions.

private OperationOptions createConnIdOptions(ConnectorOperationOptions options, Collection<Operation> changes) throws SchemaException {
    OperationOptionsBuilder connIdOptionsBuilder = new OperationOptionsBuilder();
    if (options != null) {
        ResourceObjectIdentification runAsIdentification = options.getRunAsIdentification();
        if (runAsIdentification != null) {
            connIdOptionsBuilder.setRunAsUser(getNameValue(runAsIdentification));
            // This is quite a black magic. But we do not have a better way now.
            for (Operation change : changes) {
                if (change instanceof PropertyModificationOperation) {
                    PropertyDelta propertyDelta = ((PropertyModificationOperation) change).getPropertyDelta();
                    if (!propertyDelta.getPath().equivalent(SchemaConstants.PATH_PASSWORD_VALUE)) {
                        continue;
                    }
                    Collection<PrismPropertyValue<ProtectedStringType>> oldValues = propertyDelta.getEstimatedOldValues();
                    if (oldValues == null || oldValues.isEmpty()) {
                        continue;
                    }
                    ProtectedStringType oldPassword = oldValues.iterator().next().getValue();
                    if (oldPassword != null) {
                        GuardedString oldPasswordGs = ConnIdUtil.toGuardedString(oldPassword, "runAs password", protector);
                        connIdOptionsBuilder.setRunWithPassword(oldPasswordGs);
                    }
                }
            }
        }
    }
    return connIdOptionsBuilder.build();
}

Example 32 with PropertyDelta

use of com.evolveum.midpoint.prism.delta.PropertyDelta in project midpoint by Evolveum.

the class AddOverwriteTest method test091GetVersion.

@Test
public void test091GetVersion() throws Exception {
    OperationResult result = new OperationResult("get version");
    String version = repositoryService.getVersion(OrgType.class, ORG_OID, result);
    AssertJUnit.assertEquals("0", version);
    PrismObjectDefinition<OrgType> def = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(OrgType.class);
    Collection<PropertyDelta<String>> deltas = new ArrayList<>();
    deltas.add(prismContext.deltaFactory().property().createAddDelta(def, OrgType.F_SUBTYPE, "asdf"));
    repositoryService.modifyObject(OrgType.class, ORG_OID, deltas, result);
    version = repositoryService.getVersion(OrgType.class, ORG_OID, result);
    AssertJUnit.assertEquals("1", version);
    result.recomputeStatus();
    AssertJUnit.assertTrue(result.isSuccess());
}

Example 33 with PropertyDelta

use of com.evolveum.midpoint.prism.delta.PropertyDelta in project midpoint by Evolveum.

the class EntitlementConverter method collectEntitlementToAttrDelta.

/**
 *  Collects entitlement changes from the shadow to entitlement section into attribute operations.
 *  Collects a single value.
 *  NOTE: only collects  SUBJECT_TO_ENTITLEMENT entitlement direction.
 */
private <T> void collectEntitlementToAttrDelta(OperationMap operationMap, PrismContainerValue<ShadowAssociationType> associationValue, ModificationType modificationType, ProvisioningContext subjectCtx) throws SchemaException {
    ResourceObjectDefinition subjectDef = subjectCtx.getObjectDefinitionRequired();
    ShadowAssociationType associationBean = associationValue.asContainerable();
    QName associationName = associationBean.getName();
    schemaCheck(associationName != null, "No name in entitlement association %s", associationValue);
    ResourceAssociationDefinition associationDef = subjectDef.findAssociationDefinitionRequired(associationName, () -> " in " + subjectCtx);
    ResourceObjectAssociationDirectionType direction = associationDef.getDirection();
    if (direction != ResourceObjectAssociationDirectionType.SUBJECT_TO_OBJECT) {
        // therefore will be processed later.
        return;
    }
    QName assocAttrName = associationDef.getDefinitionBean().getAssociationAttribute();
    QName valueAttrName = associationDef.getDefinitionBean().getValueAttribute();
    schemaCheck(assocAttrName != null, "No association attribute defined in entitlement association '%s' in %s", associationName, subjectCtx);
    schemaCheck(valueAttrName != null, "No value attribute defined in entitlement association '%s' in %s", associationName, subjectCtx);
    ResourceAttributeDefinition<?> assocAttrDef = subjectDef.findAttributeDefinition(assocAttrName);
    if (assocAttrDef == null) {
        throw new SchemaException("Association attribute '" + assocAttrName + "'defined in entitlement association '" + associationName + "' was not found in schema for " + subjectCtx);
    }
    // noinspection unchecked
    PropertyModificationOperation<T> attributeOperation = (PropertyModificationOperation<T>) operationMap.get(assocAttrName);
    if (attributeOperation == null) {
        // noinspection unchecked
        PropertyDelta<T> emptyDelta = (PropertyDelta<T>) assocAttrDef.createEmptyDelta(ItemPath.create(ShadowType.F_ATTRIBUTES, assocAttrName));
        attributeOperation = new PropertyModificationOperation<>(emptyDelta);
        attributeOperation.setMatchingRuleQName(associationDef.getMatchingRule());
        operationMap.put(assocAttrName, attributeOperation);
    }
    // MID-7144: Identifier container may not be resource attribute container, if its origin is serialized pending delta
    PrismContainer<?> identifiersContainer = associationValue.findContainer(ShadowAssociationType.F_IDENTIFIERS);
    PrismProperty<T> valueAttr = identifiersContainer.findProperty(ItemName.fromQName(valueAttrName));
    if (valueAttr == null) {
        throw new SchemaException("No value attribute " + valueAttrName + " present in entitlement association '" + associationName + "' in shadow for " + subjectCtx);
    }
    if (modificationType == ModificationType.ADD) {
        attributeOperation.getPropertyDelta().addValuesToAdd(valueAttr.getClonedValues());
    } else if (modificationType == ModificationType.DELETE) {
        attributeOperation.getPropertyDelta().addValuesToDelete(valueAttr.getClonedValues());
    } else if (modificationType == ModificationType.REPLACE) {
        // TODO: check if already exists
        attributeOperation.getPropertyDelta().setValuesToReplace(valueAttr.getClonedValues());
    }
}

Example 34 with PropertyDelta

use of com.evolveum.midpoint.prism.delta.PropertyDelta in project midpoint by Evolveum.

the class SqaleRepositoryService method logTraceModifications.

private void logTraceModifications(@NotNull Collection<? extends ItemDelta<?, ?>> modifications) {
    if (logger.isTraceEnabled()) {
        for (ItemDelta<?, ?> modification : modifications) {
            if (modification instanceof PropertyDelta<?>) {
                PropertyDelta<?> propDelta = (PropertyDelta<?>) modification;
                if (propDelta.getPath().equivalent(ObjectType.F_NAME)) {
                    Collection<PrismPropertyValue<PolyString>> values = propDelta.getValues(PolyString.class);
                    for (PrismPropertyValue<PolyString> pval : values) {
                        PolyString value = pval.getValue();
                        logger.trace("NAME delta: {} - {}", value.getOrig(), value.getNorm());
                    }
                }
            }
        }
    }
}

Example 35 with PropertyDelta

use of com.evolveum.midpoint.prism.delta.PropertyDelta in project midpoint by Evolveum.

the class AccessChecker method checkModify.

void checkModify(ProvisioningContext ctx, Collection<? extends ItemDelta<?, ?>> modifications, OperationResult parentResult) throws SecurityViolationException, SchemaException {
    ResourceObjectDefinition resourceObjectDefinition = ctx.getObjectDefinitionRequired();
    OperationResult result = parentResult.createMinorSubresult(OP_ACCESS_CHECK);
    try {
        for (ItemDelta<?, ?> modification : modifications) {
            if (!(modification instanceof PropertyDelta<?>)) {
                continue;
            }
            PropertyDelta<?> attrDelta = (PropertyDelta<?>) modification;
            if (!SchemaConstants.PATH_ATTRIBUTES.equivalent(attrDelta.getParentPath())) {
                // Not an attribute
                continue;
            }
            QName attrName = attrDelta.getElementName();
            LOGGER.trace("Checking attribute {} definition present in {}", attrName, resourceObjectDefinition);
            ResourceAttributeDefinition<?> attrDef = resourceObjectDefinition.findAttributeDefinitionRequired(attrName);
            PropertyLimitations limitations = attrDef.getLimitations(LayerType.MODEL);
            if (limitations == null) {
                continue;
            }
            // We cannot throw error here. At least not now. Provisioning will internally use ignored attributes
            // e.g. for simulated capabilities. This is not a problem for normal operations, but it is a problem
            // for delayed operations (e.g. consistency) that are passing through this code again.
            // TODO: we need to figure a way how to avoid this loop
            // if (limitations.isIgnore()) {
            // String message = "Attempt to create shadow with ignored attribute "+attribute.getName();
            // LOGGER.error(message);
            // throw new SchemaException(message);
            // }
            PropertyAccessType access = limitations.getAccess();
            if (access == null) {
                continue;
            }
            if (access.isModify() == null || !access.isModify()) {
                String message = "Attempt to modify non-updateable attribute " + attrName;
                LOGGER.error(message);
                result.recordFatalError(message);
                throw new SecurityViolationException(message);
            }
        }
    } catch (Throwable t) {
        result.recordFatalError(t);
        throw t;
    } finally {
        result.close();
    }
}