use of com.evolveum.midpoint.prism.delta.ReferenceDelta in project midpoint by Evolveum.
the class TestRoleEntitlement method test119ModifyRoleDeleteEntitlement.
@Test
public void test119ModifyRoleDeleteEntitlement() throws Exception {
final String TEST_NAME = "test119ModifyRoleDeleteEntitlement";
TestUtil.displayTestTile(this, TEST_NAME);
// GIVEN
Task task = taskManager.createTaskInstance(TestRoleEntitlement.class.getName() + "." + TEST_NAME);
OperationResult result = task.getResult();
assumeAssignmentPolicy(AssignmentPolicyEnforcementType.POSITIVE);
dummyAuditService.clear();
PrismObject<ShadowType> group = PrismTestUtil.parseObject(GROUP_PIRATE_DUMMY_FILE);
group.setOid(groupOid);
ObjectDelta<RoleType> roleDelta = ObjectDelta.createEmptyModifyDelta(RoleType.class, ROLE_PIRATE_OID, prismContext);
ReferenceDelta linkDelta = ReferenceDelta.createModificationDelete(RoleType.F_LINK_REF, getUserDefinition(), group);
roleDelta.addModification(linkDelta);
Collection<ObjectDelta<? extends ObjectType>> deltas = (Collection) MiscUtil.createCollection(roleDelta);
prepareNotifications();
// WHEN
TestUtil.displayWhen(TEST_NAME);
modelService.executeChanges(deltas, null, task, result);
// THEN
TestUtil.displayThen(TEST_NAME);
result.computeStatus();
TestUtil.assertSuccess("executeChanges result", result, 2);
// Check accountRef
PrismObject<RoleType> role = getRole(ROLE_PIRATE_OID);
assertLinks(role, 0);
// Check is shadow is gone
try {
PrismObject<ShadowType> shadow = repositoryService.getObject(ShadowType.class, groupOid, null, result);
AssertJUnit.fail("Shadow " + groupOid + " still exists");
} catch (ObjectNotFoundException e) {
// This is OK
}
// Check if dummy resource account is gone
assertNoDummyGroup(GROUP_PIRATE_DUMMY_NAME);
// Check audit
display("Audit", dummyAuditService);
dummyAuditService.assertRecords(2);
dummyAuditService.assertSimpleRecordSanity();
dummyAuditService.assertAnyRequestDeltas();
dummyAuditService.assertExecutionDeltas(2);
dummyAuditService.assertHasDelta(ChangeType.MODIFY, RoleType.class);
dummyAuditService.assertHasDelta(ChangeType.DELETE, ShadowType.class);
dummyAuditService.assertTarget(ROLE_PIRATE_OID);
dummyAuditService.assertExecutionSuccess();
}
use of com.evolveum.midpoint.prism.delta.ReferenceDelta in project midpoint by Evolveum.
the class TestRoleEntitlement method test100ModifyRoleAddEntitlement.
@Test
public void test100ModifyRoleAddEntitlement() throws Exception {
final String TEST_NAME = "test100ModifyRoleAddEntitlement";
TestUtil.displayTestTile(this, TEST_NAME);
// GIVEN
Task task = taskManager.createTaskInstance(TestRoleEntitlement.class.getName() + "." + TEST_NAME);
OperationResult result = task.getResult();
assumeAssignmentPolicy(AssignmentPolicyEnforcementType.POSITIVE);
PrismObject<ShadowType> group = PrismTestUtil.parseObject(GROUP_PIRATE_DUMMY_FILE);
ObjectDelta<RoleType> roleDelta = ObjectDelta.createEmptyModifyDelta(RoleType.class, ROLE_PIRATE_OID, prismContext);
PrismReferenceValue linkRefVal = new PrismReferenceValue();
linkRefVal.setObject(group);
ReferenceDelta groupDelta = ReferenceDelta.createModificationAdd(RoleType.F_LINK_REF, getRoleDefinition(), linkRefVal);
roleDelta.addModification(groupDelta);
Collection<ObjectDelta<? extends ObjectType>> deltas = (Collection) MiscUtil.createCollection(roleDelta);
dummyAuditService.clear();
prepareNotifications();
dummyTransport.clearMessages();
notificationManager.setDisabled(false);
XMLGregorianCalendar startTime = clock.currentTimeXMLGregorianCalendar();
// WHEN
modelService.executeChanges(deltas, null, task, result);
// THEN
result.computeStatus();
TestUtil.assertSuccess(result);
XMLGregorianCalendar endTime = clock.currentTimeXMLGregorianCalendar();
// Check accountRef
PrismObject<RoleType> rolePirate = modelService.getObject(RoleType.class, ROLE_PIRATE_OID, null, task, result);
display("Role pirate after", rolePirate);
assertRolePirate(rolePirate);
assertLinks(rolePirate, 1);
groupOid = getSingleLinkOid(rolePirate);
assertFalse("No linkRef oid", StringUtils.isBlank(groupOid));
// Check shadow
PrismObject<ShadowType> accountShadow = repositoryService.getObject(ShadowType.class, groupOid, null, result);
assertDummyGroupShadowRepo(accountShadow, groupOid, GROUP_PIRATE_DUMMY_NAME);
// Check account
PrismObject<ShadowType> accountModel = modelService.getObject(ShadowType.class, groupOid, null, task, result);
assertDummyGroupShadowModel(accountModel, groupOid, GROUP_PIRATE_DUMMY_NAME);
// Check account in dummy resource
assertDummyGroup(GROUP_PIRATE_DUMMY_NAME, GROUP_PIRATE_DUMMY_DESCRIPTION);
// Check audit
display("Audit", dummyAuditService);
dummyAuditService.assertRecords(2);
dummyAuditService.assertSimpleRecordSanity();
dummyAuditService.assertAnyRequestDeltas();
dummyAuditService.assertExecutionDeltas(3);
dummyAuditService.assertHasDelta(ChangeType.MODIFY, RoleType.class);
dummyAuditService.assertHasDelta(ChangeType.ADD, ShadowType.class);
dummyAuditService.assertTarget(ROLE_PIRATE_OID);
dummyAuditService.assertExecutionSuccess();
notificationManager.setDisabled(true);
}
use of com.evolveum.midpoint.prism.delta.ReferenceDelta in project midpoint by Evolveum.
the class AbstractModelIntegrationTest method createModifyUserDeleteAccount.
protected ObjectDelta<UserType> createModifyUserDeleteAccount(String userOid, PrismObject<ResourceType> resource) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
String accountOid = getLinkRefOid(userOid, resource.getOid());
PrismObject<ShadowType> account = getShadowModel(accountOid);
ObjectDelta<UserType> userDelta = ObjectDelta.createEmptyModifyDelta(UserType.class, userOid, prismContext);
PrismReferenceValue accountRefVal = new PrismReferenceValue();
accountRefVal.setObject(account);
ReferenceDelta accountDelta = ReferenceDelta.createModificationDelete(UserType.F_LINK_REF, getUserDefinition(), accountRefVal);
userDelta.addModification(accountDelta);
return userDelta;
}
use of com.evolveum.midpoint.prism.delta.ReferenceDelta in project midpoint by Evolveum.
the class AbstractModelIntegrationTest method setGlobalSecurityPolicy.
protected void setGlobalSecurityPolicy(String securityPolicyOid, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ObjectAlreadyExistsException {
Collection modifications = new ArrayList<>();
ReferenceDelta refDelta = ReferenceDelta.createModificationReplace(SystemConfigurationType.F_GLOBAL_SECURITY_POLICY_REF, SystemConfigurationType.class, prismContext, securityPolicyOid);
modifications.add(refDelta);
modifySystemObjectInRepo(SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value(), modifications, parentResult);
}
use of com.evolveum.midpoint.prism.delta.ReferenceDelta in project midpoint by Evolveum.
the class ContextLoader method loadLinkRefsFromDelta.
private <F extends FocusType> void loadLinkRefsFromDelta(LensContext<F> context, PrismObject<F> focus, ObjectDelta<F> focusPrimaryDelta, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException {
if (focusPrimaryDelta == null) {
return;
}
ReferenceDelta linkRefDelta;
if (focusPrimaryDelta.getChangeType() == ChangeType.ADD) {
PrismReference linkRef = focusPrimaryDelta.getObjectToAdd().findReference(FocusType.F_LINK_REF);
if (linkRef == null) {
// Adding new focus with no linkRef -> nothing to do
return;
}
linkRefDelta = linkRef.createDelta(new ItemPath(FocusType.F_LINK_REF));
linkRefDelta.addValuesToAdd(PrismValue.cloneValues(linkRef.getValues()));
} else if (focusPrimaryDelta.getChangeType() == ChangeType.MODIFY) {
linkRefDelta = focusPrimaryDelta.findReferenceModification(FocusType.F_LINK_REF);
if (linkRefDelta == null) {
return;
}
} else {
// delete, all existing account are already marked for delete
return;
}
if (linkRefDelta.isReplace()) {
// process "replace" by distributing values to delete and add
linkRefDelta = (ReferenceDelta) linkRefDelta.clone();
PrismReference linkRef = focus.findReference(FocusType.F_LINK_REF);
linkRefDelta.distributeReplace(linkRef == null ? null : linkRef.getValues());
}
if (linkRefDelta.getValuesToAdd() != null) {
for (PrismReferenceValue refVal : linkRefDelta.getValuesToAdd()) {
String oid = refVal.getOid();
LensProjectionContext accountContext = null;
PrismObject<ShadowType> shadow = null;
boolean isCombinedAdd = false;
if (oid == null) {
// Adding new account
shadow = refVal.getObject();
if (shadow == null) {
throw new SchemaException("Null or empty OID in account reference " + refVal + " in " + focus);
}
provisioningService.applyDefinition(shadow, task, result);
if (consistencyChecks)
ShadowUtil.checkConsistence(shadow, "account from " + linkRefDelta);
// Check for conflicting change
accountContext = LensUtil.getProjectionContext(context, shadow, provisioningService, prismContext, task, result);
if (accountContext != null) {
// There is already existing context for the same discriminator. Tolerate this only if
// the deltas match. It is an error otherwise.
ObjectDelta<ShadowType> primaryDelta = accountContext.getPrimaryDelta();
if (primaryDelta == null) {
throw new SchemaException("Attempt to add " + shadow + " to a user that already contains " + accountContext.getHumanReadableKind() + " of type '" + accountContext.getResourceShadowDiscriminator().getIntent() + "' on " + accountContext.getResource());
}
if (!primaryDelta.isAdd()) {
throw new SchemaException("Conflicting changes in the context. " + "Add of accountRef in the user delta with embedded object conflicts with explicit delta " + primaryDelta);
}
if (!shadow.equals(primaryDelta.getObjectToAdd())) {
throw new SchemaException("Conflicting changes in the context. " + "Add of accountRef in the user delta with embedded object is not adding the same object as explicit delta " + primaryDelta);
}
} else {
// Create account context from embedded object
accountContext = createProjectionContext(context, shadow, task, result);
}
// This is a new account that is to be added. So it should
// go to account primary delta
ObjectDelta<ShadowType> accountPrimaryDelta = shadow.createAddDelta();
accountContext.setPrimaryDelta(accountPrimaryDelta);
accountContext.setFullShadow(true);
accountContext.setExists(false);
isCombinedAdd = true;
} else {
// therefore check for account existence to decide
try {
// Using NO_FETCH so we avoid reading in a full account. This is more efficient as we don't need full account here.
// We need to fetch from provisioning and not repository so the correct definition will be set.
GetOperationOptions rootOpts = GetOperationOptions.createNoFetch();
rootOpts.setPointInTimeType(PointInTimeType.FUTURE);
Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(rootOpts);
shadow = provisioningService.getObject(ShadowType.class, oid, options, task, result);
// Create account context from retrieved object
accountContext = getOrCreateAccountContext(context, shadow, task, result);
accountContext.setLoadedObject(shadow);
accountContext.setExists(true);
} catch (ObjectNotFoundException e) {
if (refVal.getObject() == null) {
// ref -> this is really an error
throw e;
} else {
// New account (with OID)
result.muteLastSubresultError();
shadow = refVal.getObject();
if (!shadow.hasCompleteDefinition()) {
provisioningService.applyDefinition(shadow, task, result);
}
// Create account context from embedded object
accountContext = createProjectionContext(context, shadow, task, result);
ObjectDelta<ShadowType> accountPrimaryDelta = shadow.createAddDelta();
accountContext.setPrimaryDelta(accountPrimaryDelta);
accountContext.setFullShadow(true);
accountContext.setExists(false);
isCombinedAdd = true;
}
}
}
if (context.isDoReconciliationForAllProjections() && !isCombinedAdd) {
accountContext.setDoReconciliation(true);
}
accountContext.setFresh(true);
}
}
if (linkRefDelta.getValuesToDelete() != null) {
for (PrismReferenceValue refVal : linkRefDelta.getValuesToDelete()) {
String oid = refVal.getOid();
LensProjectionContext accountContext = null;
PrismObject<ShadowType> account = null;
if (oid == null) {
throw new SchemaException("Cannot delete account ref without an oid in " + focus);
} else {
try {
// Using NO_FETCH so we avoid reading in a full account. This is more efficient as we don't need full account here.
// We need to fetch from provisioning and not repository so the correct definition will be set.
Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(GetOperationOptions.createNoFetch());
account = provisioningService.getObject(ShadowType.class, oid, options, task, result);
// Create account context from retrieved object
accountContext = getOrCreateAccountContext(context, account, task, result);
accountContext.setLoadedObject(account);
accountContext.setExists(true);
} catch (ObjectNotFoundException e) {
try {
// Broken accountRef. We need to try again with raw options, because the error should be thrown because of non-existent resource
Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(GetOperationOptions.createRaw());
account = provisioningService.getObject(ShadowType.class, oid, options, task, result);
accountContext = getOrCreateEmptyThombstoneProjectionContext(context, oid);
accountContext.setFresh(true);
accountContext.setExists(false);
OperationResult getObjectSubresult = result.getLastSubresult();
getObjectSubresult.setErrorsHandled();
} catch (ObjectNotFoundException ex) {
// This is still OK. It means deleting an accountRef
// that points to non-existing object
// just log a warning
LOGGER.warn("Deleting accountRef of " + focus + " that points to non-existing OID " + oid);
}
}
}
if (accountContext != null) {
if (refVal.getObject() == null) {
accountContext.setSynchronizationIntent(SynchronizationIntent.UNLINK);
} else {
accountContext.setSynchronizationIntent(SynchronizationIntent.DELETE);
ObjectDelta<ShadowType> accountPrimaryDelta = account.createDeleteDelta();
accountContext.setPrimaryDelta(accountPrimaryDelta);
}
accountContext.setFresh(true);
}
}
}
if (focusPrimaryDelta.getChangeType() == ChangeType.ADD) {
focusPrimaryDelta.getObjectToAdd().removeReference(FocusType.F_LINK_REF);
} else if (focusPrimaryDelta.getChangeType() == ChangeType.MODIFY) {
focusPrimaryDelta.removeReferenceModification(FocusType.F_LINK_REF);
}
}
Aggregations