Search in sources :

Example 56 with ReferenceDelta

use of com.evolveum.midpoint.prism.delta.ReferenceDelta in project midpoint by Evolveum.

the class TestRoleEntitlement method test119ModifyRoleDeleteEntitlement.

@Test
public void test119ModifyRoleDeleteEntitlement() throws Exception {
    final String TEST_NAME = "test119ModifyRoleDeleteEntitlement";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    Task task = taskManager.createTaskInstance(TestRoleEntitlement.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.POSITIVE);
    dummyAuditService.clear();
    PrismObject<ShadowType> group = PrismTestUtil.parseObject(GROUP_PIRATE_DUMMY_FILE);
    group.setOid(groupOid);
    ObjectDelta<RoleType> roleDelta = ObjectDelta.createEmptyModifyDelta(RoleType.class, ROLE_PIRATE_OID, prismContext);
    ReferenceDelta linkDelta = ReferenceDelta.createModificationDelete(RoleType.F_LINK_REF, getUserDefinition(), group);
    roleDelta.addModification(linkDelta);
    Collection<ObjectDelta<? extends ObjectType>> deltas = (Collection) MiscUtil.createCollection(roleDelta);
    prepareNotifications();
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    modelService.executeChanges(deltas, null, task, result);
    // THEN
    TestUtil.displayThen(TEST_NAME);
    result.computeStatus();
    TestUtil.assertSuccess("executeChanges result", result, 2);
    // Check accountRef
    PrismObject<RoleType> role = getRole(ROLE_PIRATE_OID);
    assertLinks(role, 0);
    // Check is shadow is gone
    try {
        PrismObject<ShadowType> shadow = repositoryService.getObject(ShadowType.class, groupOid, null, result);
        AssertJUnit.fail("Shadow " + groupOid + " still exists");
    } catch (ObjectNotFoundException e) {
    // This is OK
    }
    // Check if dummy resource account is gone
    assertNoDummyGroup(GROUP_PIRATE_DUMMY_NAME);
    // Check audit
    display("Audit", dummyAuditService);
    dummyAuditService.assertRecords(2);
    dummyAuditService.assertSimpleRecordSanity();
    dummyAuditService.assertAnyRequestDeltas();
    dummyAuditService.assertExecutionDeltas(2);
    dummyAuditService.assertHasDelta(ChangeType.MODIFY, RoleType.class);
    dummyAuditService.assertHasDelta(ChangeType.DELETE, ShadowType.class);
    dummyAuditService.assertTarget(ROLE_PIRATE_OID);
    dummyAuditService.assertExecutionSuccess();
}
Also used : Task(com.evolveum.midpoint.task.api.Task) ReferenceDelta(com.evolveum.midpoint.prism.delta.ReferenceDelta) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) Collection(java.util.Collection) ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta) Test(org.testng.annotations.Test)

Example 57 with ReferenceDelta

use of com.evolveum.midpoint.prism.delta.ReferenceDelta in project midpoint by Evolveum.

the class TestRoleEntitlement method test100ModifyRoleAddEntitlement.

@Test
public void test100ModifyRoleAddEntitlement() throws Exception {
    final String TEST_NAME = "test100ModifyRoleAddEntitlement";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    Task task = taskManager.createTaskInstance(TestRoleEntitlement.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.POSITIVE);
    PrismObject<ShadowType> group = PrismTestUtil.parseObject(GROUP_PIRATE_DUMMY_FILE);
    ObjectDelta<RoleType> roleDelta = ObjectDelta.createEmptyModifyDelta(RoleType.class, ROLE_PIRATE_OID, prismContext);
    PrismReferenceValue linkRefVal = new PrismReferenceValue();
    linkRefVal.setObject(group);
    ReferenceDelta groupDelta = ReferenceDelta.createModificationAdd(RoleType.F_LINK_REF, getRoleDefinition(), linkRefVal);
    roleDelta.addModification(groupDelta);
    Collection<ObjectDelta<? extends ObjectType>> deltas = (Collection) MiscUtil.createCollection(roleDelta);
    dummyAuditService.clear();
    prepareNotifications();
    dummyTransport.clearMessages();
    notificationManager.setDisabled(false);
    XMLGregorianCalendar startTime = clock.currentTimeXMLGregorianCalendar();
    // WHEN
    modelService.executeChanges(deltas, null, task, result);
    // THEN
    result.computeStatus();
    TestUtil.assertSuccess(result);
    XMLGregorianCalendar endTime = clock.currentTimeXMLGregorianCalendar();
    // Check accountRef
    PrismObject<RoleType> rolePirate = modelService.getObject(RoleType.class, ROLE_PIRATE_OID, null, task, result);
    display("Role pirate after", rolePirate);
    assertRolePirate(rolePirate);
    assertLinks(rolePirate, 1);
    groupOid = getSingleLinkOid(rolePirate);
    assertFalse("No linkRef oid", StringUtils.isBlank(groupOid));
    // Check shadow
    PrismObject<ShadowType> accountShadow = repositoryService.getObject(ShadowType.class, groupOid, null, result);
    assertDummyGroupShadowRepo(accountShadow, groupOid, GROUP_PIRATE_DUMMY_NAME);
    // Check account
    PrismObject<ShadowType> accountModel = modelService.getObject(ShadowType.class, groupOid, null, task, result);
    assertDummyGroupShadowModel(accountModel, groupOid, GROUP_PIRATE_DUMMY_NAME);
    // Check account in dummy resource
    assertDummyGroup(GROUP_PIRATE_DUMMY_NAME, GROUP_PIRATE_DUMMY_DESCRIPTION);
    // Check audit
    display("Audit", dummyAuditService);
    dummyAuditService.assertRecords(2);
    dummyAuditService.assertSimpleRecordSanity();
    dummyAuditService.assertAnyRequestDeltas();
    dummyAuditService.assertExecutionDeltas(3);
    dummyAuditService.assertHasDelta(ChangeType.MODIFY, RoleType.class);
    dummyAuditService.assertHasDelta(ChangeType.ADD, ShadowType.class);
    dummyAuditService.assertTarget(ROLE_PIRATE_OID);
    dummyAuditService.assertExecutionSuccess();
    notificationManager.setDisabled(true);
}
Also used : Task(com.evolveum.midpoint.task.api.Task) ReferenceDelta(com.evolveum.midpoint.prism.delta.ReferenceDelta) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) PrismReferenceValue(com.evolveum.midpoint.prism.PrismReferenceValue) Collection(java.util.Collection) ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta) Test(org.testng.annotations.Test)

Example 58 with ReferenceDelta

use of com.evolveum.midpoint.prism.delta.ReferenceDelta in project midpoint by Evolveum.

the class AbstractModelIntegrationTest method createModifyUserDeleteAccount.

protected ObjectDelta<UserType> createModifyUserDeleteAccount(String userOid, PrismObject<ResourceType> resource) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
    String accountOid = getLinkRefOid(userOid, resource.getOid());
    PrismObject<ShadowType> account = getShadowModel(accountOid);
    ObjectDelta<UserType> userDelta = ObjectDelta.createEmptyModifyDelta(UserType.class, userOid, prismContext);
    PrismReferenceValue accountRefVal = new PrismReferenceValue();
    accountRefVal.setObject(account);
    ReferenceDelta accountDelta = ReferenceDelta.createModificationDelete(UserType.F_LINK_REF, getUserDefinition(), accountRefVal);
    userDelta.addModification(accountDelta);
    return userDelta;
}
Also used : PrismReferenceValue(com.evolveum.midpoint.prism.PrismReferenceValue) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) ReferenceDelta(com.evolveum.midpoint.prism.delta.ReferenceDelta) PolyString(com.evolveum.midpoint.prism.polystring.PolyString) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)

Example 59 with ReferenceDelta

use of com.evolveum.midpoint.prism.delta.ReferenceDelta in project midpoint by Evolveum.

the class AbstractModelIntegrationTest method setGlobalSecurityPolicy.

protected void setGlobalSecurityPolicy(String securityPolicyOid, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ObjectAlreadyExistsException {
    Collection modifications = new ArrayList<>();
    ReferenceDelta refDelta = ReferenceDelta.createModificationReplace(SystemConfigurationType.F_GLOBAL_SECURITY_POLICY_REF, SystemConfigurationType.class, prismContext, securityPolicyOid);
    modifications.add(refDelta);
    modifySystemObjectInRepo(SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value(), modifications, parentResult);
}
Also used : ArrayList(java.util.ArrayList) Collection(java.util.Collection) ReferenceDelta(com.evolveum.midpoint.prism.delta.ReferenceDelta)

Example 60 with ReferenceDelta

use of com.evolveum.midpoint.prism.delta.ReferenceDelta in project midpoint by Evolveum.

the class ContextLoader method loadLinkRefsFromDelta.

private <F extends FocusType> void loadLinkRefsFromDelta(LensContext<F> context, PrismObject<F> focus, ObjectDelta<F> focusPrimaryDelta, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException {
    if (focusPrimaryDelta == null) {
        return;
    }
    ReferenceDelta linkRefDelta;
    if (focusPrimaryDelta.getChangeType() == ChangeType.ADD) {
        PrismReference linkRef = focusPrimaryDelta.getObjectToAdd().findReference(FocusType.F_LINK_REF);
        if (linkRef == null) {
            // Adding new focus with no linkRef -> nothing to do
            return;
        }
        linkRefDelta = linkRef.createDelta(new ItemPath(FocusType.F_LINK_REF));
        linkRefDelta.addValuesToAdd(PrismValue.cloneValues(linkRef.getValues()));
    } else if (focusPrimaryDelta.getChangeType() == ChangeType.MODIFY) {
        linkRefDelta = focusPrimaryDelta.findReferenceModification(FocusType.F_LINK_REF);
        if (linkRefDelta == null) {
            return;
        }
    } else {
        // delete, all existing account are already marked for delete
        return;
    }
    if (linkRefDelta.isReplace()) {
        // process "replace" by distributing values to delete and add
        linkRefDelta = (ReferenceDelta) linkRefDelta.clone();
        PrismReference linkRef = focus.findReference(FocusType.F_LINK_REF);
        linkRefDelta.distributeReplace(linkRef == null ? null : linkRef.getValues());
    }
    if (linkRefDelta.getValuesToAdd() != null) {
        for (PrismReferenceValue refVal : linkRefDelta.getValuesToAdd()) {
            String oid = refVal.getOid();
            LensProjectionContext accountContext = null;
            PrismObject<ShadowType> shadow = null;
            boolean isCombinedAdd = false;
            if (oid == null) {
                // Adding new account
                shadow = refVal.getObject();
                if (shadow == null) {
                    throw new SchemaException("Null or empty OID in account reference " + refVal + " in " + focus);
                }
                provisioningService.applyDefinition(shadow, task, result);
                if (consistencyChecks)
                    ShadowUtil.checkConsistence(shadow, "account from " + linkRefDelta);
                // Check for conflicting change
                accountContext = LensUtil.getProjectionContext(context, shadow, provisioningService, prismContext, task, result);
                if (accountContext != null) {
                    // There is already existing context for the same discriminator. Tolerate this only if
                    // the deltas match. It is an error otherwise.
                    ObjectDelta<ShadowType> primaryDelta = accountContext.getPrimaryDelta();
                    if (primaryDelta == null) {
                        throw new SchemaException("Attempt to add " + shadow + " to a user that already contains " + accountContext.getHumanReadableKind() + " of type '" + accountContext.getResourceShadowDiscriminator().getIntent() + "' on " + accountContext.getResource());
                    }
                    if (!primaryDelta.isAdd()) {
                        throw new SchemaException("Conflicting changes in the context. " + "Add of accountRef in the user delta with embedded object conflicts with explicit delta " + primaryDelta);
                    }
                    if (!shadow.equals(primaryDelta.getObjectToAdd())) {
                        throw new SchemaException("Conflicting changes in the context. " + "Add of accountRef in the user delta with embedded object is not adding the same object as explicit delta " + primaryDelta);
                    }
                } else {
                    // Create account context from embedded object
                    accountContext = createProjectionContext(context, shadow, task, result);
                }
                // This is a new account that is to be added. So it should
                // go to account primary delta
                ObjectDelta<ShadowType> accountPrimaryDelta = shadow.createAddDelta();
                accountContext.setPrimaryDelta(accountPrimaryDelta);
                accountContext.setFullShadow(true);
                accountContext.setExists(false);
                isCombinedAdd = true;
            } else {
                // therefore check for account existence to decide
                try {
                    // Using NO_FETCH so we avoid reading in a full account. This is more efficient as we don't need full account here.
                    // We need to fetch from provisioning and not repository so the correct definition will be set.
                    GetOperationOptions rootOpts = GetOperationOptions.createNoFetch();
                    rootOpts.setPointInTimeType(PointInTimeType.FUTURE);
                    Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(rootOpts);
                    shadow = provisioningService.getObject(ShadowType.class, oid, options, task, result);
                    // Create account context from retrieved object
                    accountContext = getOrCreateAccountContext(context, shadow, task, result);
                    accountContext.setLoadedObject(shadow);
                    accountContext.setExists(true);
                } catch (ObjectNotFoundException e) {
                    if (refVal.getObject() == null) {
                        // ref -> this is really an error
                        throw e;
                    } else {
                        // New account (with OID)
                        result.muteLastSubresultError();
                        shadow = refVal.getObject();
                        if (!shadow.hasCompleteDefinition()) {
                            provisioningService.applyDefinition(shadow, task, result);
                        }
                        // Create account context from embedded object
                        accountContext = createProjectionContext(context, shadow, task, result);
                        ObjectDelta<ShadowType> accountPrimaryDelta = shadow.createAddDelta();
                        accountContext.setPrimaryDelta(accountPrimaryDelta);
                        accountContext.setFullShadow(true);
                        accountContext.setExists(false);
                        isCombinedAdd = true;
                    }
                }
            }
            if (context.isDoReconciliationForAllProjections() && !isCombinedAdd) {
                accountContext.setDoReconciliation(true);
            }
            accountContext.setFresh(true);
        }
    }
    if (linkRefDelta.getValuesToDelete() != null) {
        for (PrismReferenceValue refVal : linkRefDelta.getValuesToDelete()) {
            String oid = refVal.getOid();
            LensProjectionContext accountContext = null;
            PrismObject<ShadowType> account = null;
            if (oid == null) {
                throw new SchemaException("Cannot delete account ref without an oid in " + focus);
            } else {
                try {
                    // Using NO_FETCH so we avoid reading in a full account. This is more efficient as we don't need full account here.
                    // We need to fetch from provisioning and not repository so the correct definition will be set.
                    Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(GetOperationOptions.createNoFetch());
                    account = provisioningService.getObject(ShadowType.class, oid, options, task, result);
                    // Create account context from retrieved object
                    accountContext = getOrCreateAccountContext(context, account, task, result);
                    accountContext.setLoadedObject(account);
                    accountContext.setExists(true);
                } catch (ObjectNotFoundException e) {
                    try {
                        // Broken accountRef. We need to try again with raw options, because the error should be thrown because of non-existent resource
                        Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(GetOperationOptions.createRaw());
                        account = provisioningService.getObject(ShadowType.class, oid, options, task, result);
                        accountContext = getOrCreateEmptyThombstoneProjectionContext(context, oid);
                        accountContext.setFresh(true);
                        accountContext.setExists(false);
                        OperationResult getObjectSubresult = result.getLastSubresult();
                        getObjectSubresult.setErrorsHandled();
                    } catch (ObjectNotFoundException ex) {
                        // This is still OK. It means deleting an accountRef
                        // that points to non-existing object
                        // just log a warning
                        LOGGER.warn("Deleting accountRef of " + focus + " that points to non-existing OID " + oid);
                    }
                }
            }
            if (accountContext != null) {
                if (refVal.getObject() == null) {
                    accountContext.setSynchronizationIntent(SynchronizationIntent.UNLINK);
                } else {
                    accountContext.setSynchronizationIntent(SynchronizationIntent.DELETE);
                    ObjectDelta<ShadowType> accountPrimaryDelta = account.createDeleteDelta();
                    accountContext.setPrimaryDelta(accountPrimaryDelta);
                }
                accountContext.setFresh(true);
            }
        }
    }
    if (focusPrimaryDelta.getChangeType() == ChangeType.ADD) {
        focusPrimaryDelta.getObjectToAdd().removeReference(FocusType.F_LINK_REF);
    } else if (focusPrimaryDelta.getChangeType() == ChangeType.MODIFY) {
        focusPrimaryDelta.removeReferenceModification(FocusType.F_LINK_REF);
    }
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) LensProjectionContext(com.evolveum.midpoint.model.impl.lens.LensProjectionContext) ReferenceDelta(com.evolveum.midpoint.prism.delta.ReferenceDelta) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) GetOperationOptions(com.evolveum.midpoint.schema.GetOperationOptions) PrismReferenceValue(com.evolveum.midpoint.prism.PrismReferenceValue) SelectorOptions(com.evolveum.midpoint.schema.SelectorOptions) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) PrismReference(com.evolveum.midpoint.prism.PrismReference) Collection(java.util.Collection) ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta) ItemPath(com.evolveum.midpoint.prism.path.ItemPath)

Aggregations

ReferenceDelta (com.evolveum.midpoint.prism.delta.ReferenceDelta)71 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)49 Task (com.evolveum.midpoint.task.api.Task)44 ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)42 Test (org.testng.annotations.Test)41 ObjectType (com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)33 ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)29 UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)29 PrismReferenceValue (com.evolveum.midpoint.prism.PrismReferenceValue)27 Collection (java.util.Collection)21 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)14 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)12 ArrayList (java.util.ArrayList)12 ShadowDiscriminatorObjectDelta (com.evolveum.midpoint.common.refinery.ShadowDiscriminatorObjectDelta)11 ResourceType (com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType)11 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)10 ItemDelta (com.evolveum.midpoint.prism.delta.ItemDelta)9 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)8 ModelExecuteOptions (com.evolveum.midpoint.model.api.ModelExecuteOptions)7 XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)6