Search in sources :

Example 76 with ItemName

use of com.evolveum.midpoint.prism.path.ItemName in project midpoint by Evolveum.

the class TestClockwork method assertJackAccountShadow.

private void assertJackAccountShadow(LensContext<UserType> context) throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
    Collection<LensProjectionContext> accountContexts = context.getProjectionContexts();
    assertEquals(1, accountContexts.size());
    LensProjectionContext accContext = accountContexts.iterator().next();
    String accountOid = accContext.getOid();
    assertNotNull("No OID in account context " + accContext, accountOid);
    PrismObject<ShadowType> newAccount = getShadowModel(accountOid);
    assertEquals(DEFAULT_INTENT, newAccount.findProperty(ShadowType.F_INTENT).getRealValue());
    getDummyResourceType();
    assertEquals(new QName(MidPointConstants.NS_RI, "AccountObjectClass"), newAccount.findProperty(ShadowType.F_OBJECT_CLASS).getRealValue());
    PrismReference resourceRef = newAccount.findReference(ShadowType.F_RESOURCE_REF);
    assertEquals(getDummyResourceType().getOid(), resourceRef.getOid());
    PrismContainer<?> attributes = newAccount.findContainer(ShadowType.F_ATTRIBUTES);
    assertEquals("jack", attributes.findProperty(SchemaTestConstants.ICFS_NAME).getRealValue());
    getDummyResourceType();
    assertEquals("Jack Sparrow", attributes.findProperty(new ItemName(MidPointConstants.NS_RI, "fullname")).getRealValue());
}
Also used : QName(javax.xml.namespace.QName) PrismReference(com.evolveum.midpoint.prism.PrismReference) ItemName(com.evolveum.midpoint.prism.path.ItemName)

Example 77 with ItemName

use of com.evolveum.midpoint.prism.path.ItemName in project midpoint by Evolveum.

the class TestSecurityBasic method test259AutzJackSelfAccountsPartialControl.

/**
 * Test getEditObjectDefinition for shadow.
 * It should also call and apply edited schema for attributes.
 */
@Test
public void test259AutzJackSelfAccountsPartialControl() throws Exception {
    given();
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_PASSWORD_OID);
    assignAccountToUser(USER_JACK_OID, RESOURCE_DUMMY_OID, null);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
    when();
    login(USER_JACK_USERNAME);
    then();
    assertGetAllow(UserType.class, USER_JACK_OID);
    assertGetDeny(UserType.class, USER_GUYBRUSH_OID);
    assertAddDeny();
    assertModifyAllow(UserType.class, USER_JACK_OID, UserType.F_NICK_NAME, PrismTestUtil.createPolyString("jackie"));
    assertModifyDeny(UserType.class, USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Captain"));
    assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Pirate"));
    assertDeleteDeny();
    assertDeleteDeny(UserType.class, USER_JACK_OID);
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    String accountOid = getSingleLinkOid(user);
    assertGetAllow(ShadowType.class, accountOid);
    PrismObject<ShadowType> shadow = getObject(ShadowType.class, accountOid);
    display("Jack's shadow", shadow);
    Task task = getTestTask();
    OperationResult result = task.getResult();
    PrismObjectDefinition<ShadowType> rOcDef = modelInteractionService.getEditObjectDefinition(shadow, null, task, result);
    shadow.applyDefinition(rOcDef, true);
    ResourceAttributeContainer resourceAttributeCOntainer = ShadowUtil.getAttributesContainer(shadow);
    ResourceObjectDefinition containerDef = resourceAttributeCOntainer.getDefinition().getComplexTypeDefinition();
    Item attr = resourceAttributeCOntainer.findItem(new ItemName("weapon"));
    ItemDefinition attrDf = attr.getDefinition();
    assertTrue("Expected that attribute can be read", attrDf.canRead());
    assertFalse("Expected that attribute cannot be added", attrDf.canAdd());
    assertFalse("Expected that attribute cannot be modified", attrDf.canModify());
    displayDumpable("Refined objectclass def", containerDef);
    assertAttributeFlags(containerDef, SchemaConstants.ICFS_UID, true, false, false);
    assertAttributeFlags(containerDef, SchemaConstants.ICFS_NAME, true, false, false);
    assertAttributeFlags(containerDef, new ItemName("location"), true, true, true);
    assertAttributeFlags(containerDef, new ItemName("weapon"), true, false, false);
    // Not linked to jack
    assertGetDeny(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
    // Not linked to jack
    assertAddDeny(ACCOUNT_JACK_DUMMY_RED_FILE);
    // Not even jack's account
    assertAddDeny(ACCOUNT_GUYBRUSH_DUMMY_FILE);
    assertPasswordChangeAllow(UserType.class, USER_JACK_OID, "nbusr123");
    assertPasswordChangeDeny(UserType.class, USER_GUYBRUSH_OID, "nbusr123");
    PrismObjectDefinition<UserType> rDef = modelInteractionService.getEditObjectDefinition(user, AuthorizationPhaseType.REQUEST, task, result);
    assertItemFlags(rDef, PASSWORD_PATH, true, false, false);
    assertGlobalStateUntouched();
}
Also used : Task(com.evolveum.midpoint.task.api.Task) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer) ResourceObjectDefinition(com.evolveum.midpoint.schema.processor.ResourceObjectDefinition) ItemName(com.evolveum.midpoint.prism.path.ItemName) Test(org.testng.annotations.Test)

Example 78 with ItemName

use of com.evolveum.midpoint.prism.path.ItemName in project midpoint by Evolveum.

the class ConnectorInstanceConnIdImpl method configure.

@Override
public synchronized void configure(@NotNull PrismContainerValue<?> configurationOriginal, List<QName> generateObjectClasses, OperationResult parentResult) throws CommunicationException, GenericFrameworkException, SchemaException, ConfigurationException {
    OperationResult result = parentResult.createSubresult(ConnectorInstance.OPERATION_CONFIGURE);
    LOGGER.trace("Configuring connector {}, provided configuration:\n{}", connectorType, configurationOriginal.debugDumpLazily(1));
    try {
        this.generateObjectClasses = generateObjectClasses;
        // Get default configuration for the connector. This is important,
        // as it contains types of connector configuration properties.
        // Make sure that the proper configuration schema is applied. This
        // will cause that all the "raw" elements are parsed
        PrismContainerValue<?> configurationCloned = configurationOriginal.clone();
        configurationCloned.applyDefinition(getConfigurationContainerDefinition());
        ConnIdConfigurationTransformer configTransformer = new ConnIdConfigurationTransformer(connectorType, connectorInfo, protector);
        // Transform XML configuration from the resource to the ConnId connector configuration
        try {
            apiConfig = configTransformer.transformConnectorConfiguration(configurationCloned);
        } catch (SchemaException e) {
            result.recordFatalError(e.getMessage(), e);
            throw e;
        }
        logTransformedConfiguration();
        apiConfig.setInstanceName(getInstanceName());
        ConnectorFacade oldConnIdConnectorFacade = connIdConnectorFacade;
        // Create new connector instance using the transformed configuration
        connIdConnectorFacade = ConnectorFacadeFactory.getInstance().newInstance(apiConfig);
        if (oldConnIdConnectorFacade != null) {
            // Make sure old connector instance is disposed. We do not want to waste resources.
            // In case that old and new facade are the same, this will cause all existing
            // ConnId connector instances to dispose (i.e. connector pool is emptied).
            // But this is exactly what we want on reconfigure. We want the connections to
            // be closed and re-opened.
            LOGGER.debug("Disposing old ConnId ConnectorFacade for instance: {} (connector reconfiguration)", instanceName);
            oldConnIdConnectorFacade.dispose();
        }
        result.recordSuccess();
        PrismProperty<Boolean> legacySchemaConfigProperty = configurationCloned.findProperty(new ItemName(SchemaConstants.NS_ICF_CONFIGURATION, ConnectorFactoryConnIdImpl.CONNECTOR_SCHEMA_LEGACY_SCHEMA_XML_ELEMENT_NAME));
        if (legacySchemaConfigProperty != null) {
            legacySchema = legacySchemaConfigProperty.getRealValue();
        }
        LOGGER.trace("Legacy schema (config): {}", legacySchema);
    } catch (Throwable ex) {
        Throwable midpointEx = processConnIdException(ex, this, result);
        result.computeStatus("Removing attribute values failed");
        // exception
        if (midpointEx instanceof CommunicationException) {
            throw (CommunicationException) midpointEx;
        } else if (midpointEx instanceof GenericFrameworkException) {
            throw (GenericFrameworkException) midpointEx;
        } else if (midpointEx instanceof SchemaException) {
            throw (SchemaException) midpointEx;
        } else if (midpointEx instanceof ConfigurationException) {
            throw (ConfigurationException) midpointEx;
        } else if (midpointEx instanceof RuntimeException) {
            throw (RuntimeException) midpointEx;
        } else if (midpointEx instanceof Error) {
            throw (Error) midpointEx;
        } else {
            throw new SystemException("Got unexpected exception: " + ex.getClass().getName() + ": " + ex.getMessage(), ex);
        }
    }
}
Also used : OperationResult(com.evolveum.midpoint.schema.result.OperationResult) AsynchronousOperationResult(com.evolveum.midpoint.schema.result.AsynchronousOperationResult) ConnectorFacade(org.identityconnectors.framework.api.ConnectorFacade) ItemName(com.evolveum.midpoint.prism.path.ItemName) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)

Example 79 with ItemName

use of com.evolveum.midpoint.prism.path.ItemName in project midpoint by Evolveum.

the class TransformationalAsyncUpdateMessageListener method getIdentifiers.

@NotNull
private Collection<ResourceAttribute<?>> getIdentifiers(UcfChangeType changeBean, ResourceObjectDefinition ocDef, Holder<Object> primaryIdentifierRealValueHolder) throws SchemaException {
    Collection<ResourceAttribute<?>> rv = new ArrayList<>();
    PrismContainerValue<ShadowAttributesType> attributesPcv;
    boolean mayContainNonIdentifiers;
    if (changeBean.getIdentifiers() != null) {
        // noinspection unchecked
        attributesPcv = changeBean.getIdentifiers().asPrismContainerValue();
        mayContainNonIdentifiers = false;
    } else if (changeBean.getObject() != null) {
        // noinspection unchecked
        attributesPcv = changeBean.getObject().getAttributes().asPrismContainerValue();
        mayContainNonIdentifiers = true;
    } else if (changeBean.getObjectDelta() != null && changeBean.getObjectDelta().getChangeType() == ChangeTypeType.ADD && changeBean.getObjectDelta().getObjectToAdd() instanceof ShadowType) {
        // noinspection unchecked
        attributesPcv = ((ShadowType) changeBean.getObjectDelta().getObjectToAdd()).getAttributes().asPrismContainerValue();
        mayContainNonIdentifiers = true;
    } else {
        throw new SchemaException("Change does not contain identifiers");
    }
    Set<ItemName> identifiers = ocDef.getAllIdentifiers().stream().map(ItemDefinition::getItemName).collect(Collectors.toSet());
    Set<ItemName> primaryIdentifiers = ocDef.getPrimaryIdentifiers().stream().map(ItemDefinition::getItemName).collect(Collectors.toSet());
    Set<Object> primaryIdentifierRealValues = new HashSet<>();
    for (Item<?, ?> attribute : attributesPcv.getItems()) {
        if (QNameUtil.matchAny(attribute.getElementName(), identifiers)) {
            ResourceAttribute<Object> resourceAttribute;
            if (attribute instanceof ResourceAttribute) {
                // noinspection unchecked
                resourceAttribute = ((ResourceAttribute) attribute).clone();
            } else {
                // noinspection unchecked
                ResourceAttributeDefinition<Object> definition = (ResourceAttributeDefinition<Object>) ocDef.findAttributeDefinition(attribute.getElementName());
                if (definition == null) {
                    throw new SchemaException("No definition of " + attribute.getElementName() + " in " + ocDef);
                }
                resourceAttribute = definition.instantiate();
                for (Object realValue : attribute.getRealValues()) {
                    resourceAttribute.addRealValue(realValue);
                }
            }
            rv.add(resourceAttribute);
            if (QNameUtil.matchAny(attribute.getElementName(), primaryIdentifiers)) {
                primaryIdentifierRealValues.addAll(resourceAttribute.getRealValues());
            }
        } else {
            if (!mayContainNonIdentifiers) {
                LOGGER.warn("Attribute {} is not an identifier in {} -- ignoring it", attribute, ocDef);
            }
        }
    }
    if (primaryIdentifierRealValues.isEmpty()) {
        throw new SchemaException("No primary identifier real value in " + changeBean);
    }
    primaryIdentifierRealValueHolder.setValue(primaryIdentifierRealValues.iterator().next());
    if (primaryIdentifierRealValues.size() > 1) {
        LOGGER.warn("More than one primary identifier real value in {}: {}. Using the first one: {}", changeBean, primaryIdentifierRealValues, primaryIdentifierRealValueHolder.getValue());
    }
    return rv;
}
Also used : ItemName(com.evolveum.midpoint.prism.path.ItemName) ObjectTypeUtil.asPrismObject(com.evolveum.midpoint.schema.util.ObjectTypeUtil.asPrismObject) NotNull(org.jetbrains.annotations.NotNull)

Example 80 with ItemName

use of com.evolveum.midpoint.prism.path.ItemName in project midpoint by Evolveum.

the class DelegatingItemDeltaProcessor method resolvePath.

private QName resolvePath(ItemDelta<?, ?> modification) throws RepositoryException {
    ItemPath path = modification.getPath();
    while (!path.isSingleName()) {
        ItemName firstName = path.firstName();
        path = path.rest();
        QueryModelMapping<?, ?, ?> mapping = context.mapping();
        ItemRelationResolver<?, ?, ?, ?> relationResolver = mapping.getRelationResolver(firstName);
        if (relationResolver == null) {
            // unmapped, not persisted, nothing to do
            return null;
        }
        if (!(relationResolver instanceof SqaleItemRelationResolver)) {
            // Again, programmers fault.
            throw new IllegalArgumentException("Relation resolver for " + firstName + " in mapping " + mapping + " does not support delta modifications. " + "Used modification: " + modification);
        }
        ItemPath subcontextPath = firstName;
        if (relationResolver instanceof ContainerTableRelationResolver) {
            Object cid = path.first();
            path = path.rest();
            subcontextPath = ItemPath.create(firstName, cid);
        }
        // We want to use the same subcontext for the same item path to use one UPDATE.
        SqaleUpdateContext<?, ?, ?> subcontext = context.getSubcontext(subcontextPath);
        if (subcontext == null) {
            // we know nothing about context and resolver types, so we have to ignore it
            // noinspection unchecked,rawtypes
            subcontext = ((SqaleItemRelationResolver) relationResolver).resolve(this.context, subcontextPath);
            if (subcontext == null) {
                // this means "ignore"
                return null;
            }
            context.addSubcontext(subcontextPath, subcontext);
        }
        context = subcontext;
    }
    return path.asSingleName();
}
Also used : ContainerTableRelationResolver(com.evolveum.midpoint.repo.sqale.mapping.ContainerTableRelationResolver) SqaleItemRelationResolver(com.evolveum.midpoint.repo.sqale.mapping.SqaleItemRelationResolver) ItemName(com.evolveum.midpoint.prism.path.ItemName) ItemPath(com.evolveum.midpoint.prism.path.ItemPath)

Aggregations

ItemName (com.evolveum.midpoint.prism.path.ItemName)89 Test (org.testng.annotations.Test)24 QName (javax.xml.namespace.QName)19 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)15 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)13 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)13 NotNull (org.jetbrains.annotations.NotNull)10 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)8 PrismObject (com.evolveum.midpoint.prism.PrismObject)6 Task (com.evolveum.midpoint.task.api.Task)6 SqaleRepoBaseTest (com.evolveum.midpoint.repo.sqale.SqaleRepoBaseTest)5 MUser (com.evolveum.midpoint.repo.sqale.qmodel.focus.MUser)5 com.evolveum.midpoint.xml.ns._public.common.common_3 (com.evolveum.midpoint.xml.ns._public.common.common_3)5 Element (org.w3c.dom.Element)5 JdbcSession (com.evolveum.midpoint.repo.sqlbase.JdbcSession)4 ObjectReferenceType (com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType)4 ItemPathType (com.evolveum.prism.xml.ns._public.types_3.ItemPathType)4 PolyStringType (com.evolveum.prism.xml.ns._public.types_3.PolyStringType)4 ArrayList (java.util.ArrayList)4 ItemDefinition (com.evolveum.midpoint.prism.ItemDefinition)3