use of com.evolveum.midpoint.provisioning.ucf.api.Operation in project midpoint by Evolveum.
the class ConnectorInstanceConnIdImpl method checkAndExecuteAdditionalOperation.
/**
* check additional operation order, according to the order are script
* executed before or after operation..
*/
private void checkAndExecuteAdditionalOperation(StateReporter reporter, Collection<Operation> additionalOperations, BeforeAfterType order, OperationResult result) throws CommunicationException, GenericFrameworkException {
if (additionalOperations == null) {
// TODO: add warning to the result
return;
}
for (Operation op : additionalOperations) {
if (op instanceof ExecuteProvisioningScriptOperation) {
ExecuteProvisioningScriptOperation executeOp = (ExecuteProvisioningScriptOperation) op;
LOGGER.trace("Find execute script operation: {}", SchemaDebugUtil.prettyPrint(executeOp));
// execute operation in the right order..
if (order.equals(executeOp.getScriptOrder())) {
executeScriptIcf(reporter, executeOp, result);
}
}
}
}
use of com.evolveum.midpoint.provisioning.ucf.api.Operation in project midpoint by Evolveum.
the class ConnectorInstanceConnIdImpl method modifyObject.
// TODO [med] beware, this method does not obey its contract specified in the interface
// (1) currently it does not return all the changes, only the 'side effect' changes
// (2) it throws exceptions even if some of the changes were made
// (3) among identifiers, only the UID value is updated on object rename
// (other identifiers are ignored on input and output of this method)
@Override
public AsynchronousOperationReturnValue<Collection<PropertyModificationOperation>> modifyObject(ObjectClassComplexTypeDefinition objectClassDef, Collection<? extends ResourceAttribute<?>> identifiers, Collection<Operation> changes, StateReporter reporter, OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, GenericFrameworkException, SchemaException, SecurityViolationException, ObjectAlreadyExistsException {
OperationResult result = parentResult.createSubresult(ConnectorInstance.class.getName() + ".modifyObject");
result.addParam("objectClass", objectClassDef);
result.addCollectionOfSerializablesAsParam("identifiers", identifiers);
result.addArbitraryCollectionAsParam("changes", changes);
if (changes.isEmpty()) {
LOGGER.info("No modifications for connector object specified. Skipping processing.");
result.recordNotApplicableIfUnknown();
return AsynchronousOperationReturnValue.wrap(new ArrayList<PropertyModificationOperation>(0), result);
}
ObjectClass objClass = connIdNameMapper.objectClassToIcf(objectClassDef, getSchemaNamespace(), connectorType, legacySchema);
Uid uid;
try {
uid = getUid(objectClassDef, identifiers);
} catch (SchemaException e) {
result.recordFatalError(e);
throw e;
}
if (uid == null) {
result.recordFatalError("Cannot detemine UID from identifiers: " + identifiers);
throw new IllegalArgumentException("Cannot detemine UID from identifiers: " + identifiers);
}
String originalUid = uid.getUidValue();
Set<Attribute> attributesToAdd = new HashSet<>();
Set<Attribute> attributesToUpdate = new HashSet<>();
Set<Attribute> attributesToRemove = new HashSet<>();
Set<Operation> additionalOperations = new HashSet<Operation>();
PasswordChangeOperation passwordChangeOperation = null;
Collection<PropertyDelta<?>> activationDeltas = new HashSet<PropertyDelta<?>>();
PropertyDelta<ProtectedStringType> passwordDelta = null;
PropertyDelta<QName> auxiliaryObjectClassDelta = null;
for (Operation operation : changes) {
if (operation == null) {
IllegalArgumentException e = new IllegalArgumentException("Null operation in modifyObject");
result.recordFatalError(e);
throw e;
}
if (operation instanceof PropertyModificationOperation) {
PropertyDelta<?> delta = ((PropertyModificationOperation) operation).getPropertyDelta();
if (delta.getPath().equivalent(new ItemPath(ShadowType.F_AUXILIARY_OBJECT_CLASS))) {
auxiliaryObjectClassDelta = (PropertyDelta<QName>) delta;
}
}
}
try {
ObjectClassComplexTypeDefinition structuralObjectClassDefinition = resourceSchema.findObjectClassDefinition(objectClassDef.getTypeName());
if (structuralObjectClassDefinition == null) {
throw new SchemaException("No definition of structural object class " + objectClassDef.getTypeName() + " in " + description);
}
Map<QName, ObjectClassComplexTypeDefinition> auxiliaryObjectClassMap = new HashMap<>();
if (auxiliaryObjectClassDelta != null) {
// Activation change means modification of attributes
if (auxiliaryObjectClassDelta.isReplace()) {
if (auxiliaryObjectClassDelta.getValuesToReplace() == null || auxiliaryObjectClassDelta.getValuesToReplace().isEmpty()) {
attributesToUpdate.add(AttributeBuilder.build(PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME));
} else {
addConvertedValues(auxiliaryObjectClassDelta.getValuesToReplace(), attributesToUpdate, auxiliaryObjectClassMap);
}
} else {
addConvertedValues(auxiliaryObjectClassDelta.getValuesToAdd(), attributesToAdd, auxiliaryObjectClassMap);
addConvertedValues(auxiliaryObjectClassDelta.getValuesToDelete(), attributesToRemove, auxiliaryObjectClassMap);
}
}
for (Operation operation : changes) {
if (operation instanceof PropertyModificationOperation) {
PropertyModificationOperation change = (PropertyModificationOperation) operation;
PropertyDelta<?> delta = change.getPropertyDelta();
if (delta.getParentPath().equivalent(new ItemPath(ShadowType.F_ATTRIBUTES))) {
if (delta.getDefinition() == null || !(delta.getDefinition() instanceof ResourceAttributeDefinition)) {
ResourceAttributeDefinition def = objectClassDef.findAttributeDefinition(delta.getElementName());
if (def == null) {
String message = "No definition for attribute " + delta.getElementName() + " used in modification delta";
result.recordFatalError(message);
throw new SchemaException(message);
}
try {
delta.applyDefinition(def);
} catch (SchemaException e) {
result.recordFatalError(e.getMessage(), e);
throw e;
}
}
boolean isInRemovedAuxClass = false;
boolean isInAddedAuxClass = false;
ResourceAttributeDefinition<Object> structAttrDef = structuralObjectClassDefinition.findAttributeDefinition(delta.getElementName());
// aux object class, we cannot add/remove it with the object class unless it is normally requested
if (structAttrDef == null) {
if (auxiliaryObjectClassDelta != null && auxiliaryObjectClassDelta.isDelete()) {
// is removed, the attributes must be removed as well.
for (PrismPropertyValue<QName> auxPval : auxiliaryObjectClassDelta.getValuesToDelete()) {
ObjectClassComplexTypeDefinition auxDef = auxiliaryObjectClassMap.get(auxPval.getValue());
ResourceAttributeDefinition<Object> attrDef = auxDef.findAttributeDefinition(delta.getElementName());
if (attrDef != null) {
isInRemovedAuxClass = true;
break;
}
}
}
if (auxiliaryObjectClassDelta != null && auxiliaryObjectClassDelta.isAdd()) {
// is added, the attributes must be added as well.
for (PrismPropertyValue<QName> auxPval : auxiliaryObjectClassDelta.getValuesToAdd()) {
ObjectClassComplexTypeDefinition auxOcDef = auxiliaryObjectClassMap.get(auxPval.getValue());
ResourceAttributeDefinition<Object> auxAttrDef = auxOcDef.findAttributeDefinition(delta.getElementName());
if (auxAttrDef != null) {
isInAddedAuxClass = true;
break;
}
}
}
}
// Change in (ordinary) attributes. Transform to the ConnId attributes.
if (delta.isAdd()) {
ResourceAttribute<?> mpAttr = (ResourceAttribute<?>) delta.instantiateEmptyProperty();
mpAttr.addValues((Collection) PrismValue.cloneCollection(delta.getValuesToAdd()));
Attribute connIdAttr = connIdConvertor.convertToConnIdAttribute(mpAttr, objectClassDef);
if (mpAttr.getDefinition().isMultiValue()) {
attributesToAdd.add(connIdAttr);
} else {
// Force "update" for single-valued attributes instead of "add". This is saving one
// read in some cases. It should also make no substantial difference in such case.
// But it is working around some connector bugs.
attributesToUpdate.add(connIdAttr);
}
}
if (delta.isDelete()) {
ResourceAttribute<?> mpAttr = (ResourceAttribute<?>) delta.instantiateEmptyProperty();
if (mpAttr.getDefinition().isMultiValue() || isInRemovedAuxClass) {
mpAttr.addValues((Collection) PrismValue.cloneCollection(delta.getValuesToDelete()));
Attribute connIdAttr = connIdConvertor.convertToConnIdAttribute(mpAttr, objectClassDef);
attributesToRemove.add(connIdAttr);
} else {
// Force "update" for single-valued attributes instead of "add". This is saving one
// read in some cases.
// Update attribute to no values. This will efficiently clean up the attribute.
// It should also make no substantial difference in such case.
// But it is working around some connector bugs.
Attribute connIdAttr = connIdConvertor.convertToConnIdAttribute(mpAttr, objectClassDef);
// update with EMTPY value. The mpAttr.addValues() is NOT in this branch
attributesToUpdate.add(connIdAttr);
}
}
if (delta.isReplace()) {
ResourceAttribute<?> mpAttr = (ResourceAttribute<?>) delta.instantiateEmptyProperty();
mpAttr.addValues((Collection) PrismValue.cloneCollection(delta.getValuesToReplace()));
Attribute connIdAttr = connIdConvertor.convertToConnIdAttribute(mpAttr, objectClassDef);
if (isInAddedAuxClass) {
attributesToAdd.add(connIdAttr);
} else {
attributesToUpdate.add(connIdAttr);
}
}
} else if (delta.getParentPath().equivalent(new ItemPath(ShadowType.F_ACTIVATION))) {
activationDeltas.add(delta);
} else if (delta.getParentPath().equivalent(new ItemPath(new ItemPath(ShadowType.F_CREDENTIALS), CredentialsType.F_PASSWORD))) {
passwordDelta = (PropertyDelta<ProtectedStringType>) delta;
} else if (delta.getPath().equivalent(new ItemPath(ShadowType.F_AUXILIARY_OBJECT_CLASS))) {
// already processed
} else {
throw new SchemaException("Change of unknown attribute " + delta.getPath());
}
} else if (operation instanceof PasswordChangeOperation) {
passwordChangeOperation = (PasswordChangeOperation) operation;
// TODO: check for multiple occurrences and fail
} else if (operation instanceof ExecuteProvisioningScriptOperation) {
ExecuteProvisioningScriptOperation scriptOperation = (ExecuteProvisioningScriptOperation) operation;
additionalOperations.add(scriptOperation);
} else {
throw new IllegalArgumentException("Unknown operation type " + operation.getClass().getName() + ": " + operation);
}
}
} catch (SchemaException | RuntimeException e) {
result.recordFatalError(e);
throw e;
}
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("attributes:\nADD: {}\nUPDATE: {}\nREMOVE: {}", attributesToAdd, attributesToUpdate, attributesToRemove);
}
// Needs three complete try-catch blocks because we need to create
// icfResult for each operation
// and handle the faults individually
checkAndExecuteAdditionalOperation(reporter, additionalOperations, BeforeAfterType.BEFORE, result);
OperationResult connIdResult = null;
try {
if (!attributesToAdd.isEmpty()) {
OperationOptions options = new OperationOptionsBuilder().build();
connIdResult = result.createSubresult(ConnectorFacade.class.getName() + ".addAttributeValues");
connIdResult.addParam("objectClass", objectClassDef);
connIdResult.addParam("uid", uid.getUidValue());
connIdResult.addArbitraryCollectionAsParam("attributes", attributesToAdd);
connIdResult.addArbitraryObjectAsParam("options", options);
connIdResult.addContext("connector", connIdConnectorFacade.getClass());
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Invoking ICF addAttributeValues(), objectclass={}, uid={}, attributes: {}", new Object[] { objClass, uid, dumpAttributes(attributesToAdd) });
}
InternalMonitor.recordConnectorOperation("addAttributeValues");
// Invoking ConnId
recordIcfOperationStart(reporter, ProvisioningOperation.ICF_UPDATE, objectClassDef, uid);
uid = connIdConnectorFacade.addAttributeValues(objClass, uid, attributesToAdd, options);
recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_UPDATE, objectClassDef, null, uid);
connIdResult.recordSuccess();
}
} catch (Throwable ex) {
recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_UPDATE, objectClassDef, ex, uid);
String desc = this.getHumanReadableName() + " while adding attribute values to object identified by ICF UID '" + uid.getUidValue() + "'";
Throwable midpointEx = processIcfException(ex, desc, connIdResult);
result.computeStatus("Adding attribute values failed");
// exception
if (midpointEx instanceof ObjectNotFoundException) {
throw (ObjectNotFoundException) midpointEx;
} else if (midpointEx instanceof CommunicationException) {
//in this situation this is not a critical error, becasue we know to handle it..so mute the error and sign it as expected
result.muteError();
connIdResult.muteError();
throw (CommunicationException) midpointEx;
} else if (midpointEx instanceof GenericFrameworkException) {
throw (GenericFrameworkException) midpointEx;
} else if (midpointEx instanceof SchemaException) {
throw (SchemaException) midpointEx;
} else if (midpointEx instanceof AlreadyExistsException) {
throw (AlreadyExistsException) midpointEx;
} else if (midpointEx instanceof RuntimeException) {
throw (RuntimeException) midpointEx;
} else if (midpointEx instanceof SecurityViolationException) {
throw (SecurityViolationException) midpointEx;
} else if (midpointEx instanceof Error) {
throw (Error) midpointEx;
} else {
throw new SystemException("Got unexpected exception: " + ex.getClass().getName() + ": " + ex.getMessage(), ex);
}
}
if (!attributesToUpdate.isEmpty() || activationDeltas != null || passwordDelta != null || auxiliaryObjectClassDelta != null) {
try {
if (activationDeltas != null) {
// Activation change means modification of attributes
convertFromActivation(attributesToUpdate, activationDeltas);
}
if (passwordDelta != null) {
// Activation change means modification of attributes
convertFromPassword(attributesToUpdate, passwordDelta);
}
} catch (SchemaException ex) {
result.recordFatalError("Error while converting resource object attributes. Reason: " + ex.getMessage(), ex);
throw new SchemaException("Error while converting resource object attributes. Reason: " + ex.getMessage(), ex);
} catch (RuntimeException ex) {
result.recordFatalError("Error while converting resource object attributes. Reason: " + ex.getMessage(), ex);
throw ex;
}
if (!attributesToUpdate.isEmpty()) {
OperationOptions options = new OperationOptionsBuilder().build();
connIdResult = result.createSubresult(ConnectorFacade.class.getName() + ".update");
connIdResult.addParam("objectClass", objectClassDef);
connIdResult.addParam("uid", uid == null ? "null" : uid.getUidValue());
connIdResult.addArbitraryCollectionAsParam("attributes", attributesToUpdate);
connIdResult.addArbitraryObjectAsParam("options", options);
connIdResult.addContext("connector", connIdConnectorFacade.getClass());
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Invoking ICF update(), objectclass={}, uid={}, attributes: {}", new Object[] { objClass, uid, dumpAttributes(attributesToUpdate) });
}
try {
// Call ICF
InternalMonitor.recordConnectorOperation("update");
recordIcfOperationStart(reporter, ProvisioningOperation.ICF_UPDATE, objectClassDef, uid);
uid = connIdConnectorFacade.update(objClass, uid, attributesToUpdate, options);
recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_UPDATE, objectClassDef, null, uid);
connIdResult.recordSuccess();
} catch (Throwable ex) {
recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_UPDATE, objectClassDef, ex, uid);
String desc = this.getHumanReadableName() + " while updating object identified by ICF UID '" + uid.getUidValue() + "'";
Throwable midpointEx = processIcfException(ex, desc, connIdResult);
result.computeStatus("Update failed");
// exception
if (midpointEx instanceof ObjectNotFoundException) {
throw (ObjectNotFoundException) midpointEx;
} else if (midpointEx instanceof CommunicationException) {
//in this situation this is not a critical error, becasue we know to handle it..so mute the error and sign it as expected
result.muteError();
connIdResult.muteError();
throw (CommunicationException) midpointEx;
} else if (midpointEx instanceof GenericFrameworkException) {
throw (GenericFrameworkException) midpointEx;
} else if (midpointEx instanceof SchemaException) {
throw (SchemaException) midpointEx;
} else if (midpointEx instanceof ObjectAlreadyExistsException) {
throw (ObjectAlreadyExistsException) midpointEx;
} else if (midpointEx instanceof RuntimeException) {
throw (RuntimeException) midpointEx;
} else if (midpointEx instanceof SecurityViolationException) {
throw (SecurityViolationException) midpointEx;
} else if (midpointEx instanceof Error) {
throw (Error) midpointEx;
} else {
throw new SystemException("Got unexpected exception: " + ex.getClass().getName() + ": " + ex.getMessage(), ex);
}
}
}
}
try {
if (!attributesToRemove.isEmpty()) {
OperationOptions options = new OperationOptionsBuilder().build();
connIdResult = result.createSubresult(ConnectorFacade.class.getName() + ".removeAttributeValues");
connIdResult.addParam("objectClass", objectClassDef);
connIdResult.addParam("uid", uid.getUidValue());
connIdResult.addArbitraryCollectionAsParam("attributes", attributesToRemove);
connIdResult.addArbitraryObjectAsParam("options", options);
connIdResult.addContext("connector", connIdConnectorFacade.getClass());
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Invoking ICF removeAttributeValues(), objectclass={}, uid={}, attributes: {}", new Object[] { objClass, uid, dumpAttributes(attributesToRemove) });
}
InternalMonitor.recordConnectorOperation("removeAttributeValues");
recordIcfOperationStart(reporter, ProvisioningOperation.ICF_UPDATE, objectClassDef, uid);
uid = connIdConnectorFacade.removeAttributeValues(objClass, uid, attributesToRemove, options);
recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_UPDATE, objectClassDef, null, uid);
connIdResult.recordSuccess();
}
} catch (Throwable ex) {
recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_UPDATE, objectClassDef, ex, uid);
String desc = this.getHumanReadableName() + " while removing attribute values from object identified by ICF UID '" + uid.getUidValue() + "'";
Throwable midpointEx = processIcfException(ex, desc, connIdResult);
result.computeStatus("Removing attribute values failed");
// exception
if (midpointEx instanceof ObjectNotFoundException) {
throw (ObjectNotFoundException) midpointEx;
} else if (midpointEx instanceof CommunicationException) {
//in this situation this is not a critical error, becasue we know to handle it..so mute the error and sign it as expected
result.muteError();
connIdResult.muteError();
throw (CommunicationException) midpointEx;
} else if (midpointEx instanceof GenericFrameworkException) {
throw (GenericFrameworkException) midpointEx;
} else if (midpointEx instanceof SchemaException) {
throw (SchemaException) midpointEx;
} else if (midpointEx instanceof ObjectAlreadyExistsException) {
throw (ObjectAlreadyExistsException) midpointEx;
} else if (midpointEx instanceof RuntimeException) {
throw (RuntimeException) midpointEx;
} else if (midpointEx instanceof SecurityViolationException) {
throw (SecurityViolationException) midpointEx;
} else if (midpointEx instanceof Error) {
throw (Error) midpointEx;
} else {
throw new SystemException("Got unexpected exception: " + ex.getClass().getName() + ": " + ex.getMessage(), ex);
}
}
checkAndExecuteAdditionalOperation(reporter, additionalOperations, BeforeAfterType.AFTER, result);
result.computeStatus();
Collection<PropertyModificationOperation> sideEffectChanges = new ArrayList<>();
if (!originalUid.equals(uid.getUidValue())) {
// UID was changed during the operation, this is most likely a
// rename
PropertyDelta<String> uidDelta = createUidDelta(uid, getUidDefinition(objectClassDef, identifiers));
PropertyModificationOperation uidMod = new PropertyModificationOperation(uidDelta);
// TODO what about matchingRuleQName ?
sideEffectChanges.add(uidMod);
replaceUidValue(objectClassDef, identifiers, uid);
}
return AsynchronousOperationReturnValue.wrap(sideEffectChanges, result);
}
use of com.evolveum.midpoint.provisioning.ucf.api.Operation in project midpoint by Evolveum.
the class EntitlementConverter method collectEntitlementAsObjectOperation.
private <TV, TA> PrismObject<ShadowType> collectEntitlementAsObjectOperation(ProvisioningContext subjectCtx, Map<ResourceObjectDiscriminator, ResourceObjectOperations> roMap, PrismContainerValue<ShadowAssociationType> associationCVal, PrismObject<ShadowType> subjectShadowBefore, PrismObject<ShadowType> subjectShadowAfter, ModificationType modificationType, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
ResourceType resource = subjectCtx.getResource();
ShadowAssociationType associationType = associationCVal.asContainerable();
QName associationName = associationType.getName();
if (associationName == null) {
throw new SchemaException("No name in entitlement association " + associationCVal);
}
RefinedAssociationDefinition assocDefType = subjectCtx.getObjectClassDefinition().findAssociationDefinition(associationName);
if (assocDefType == null) {
throw new SchemaException("No entitlement association with name " + assocDefType + " in schema of " + resource);
}
ResourceObjectAssociationDirectionType direction = assocDefType.getResourceObjectAssociationType().getDirection();
if (direction != ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
// Process just this one direction. The other direction was processed before
return subjectShadowAfter;
}
Collection<String> entitlementIntents = assocDefType.getIntents();
if (entitlementIntents == null || entitlementIntents.isEmpty()) {
throw new SchemaException("No entitlement intent specified in association " + associationCVal + " in " + resource);
}
ShadowKindType entitlementKind = assocDefType.getKind();
if (entitlementKind == null) {
entitlementKind = ShadowKindType.ENTITLEMENT;
}
for (String entitlementIntent : entitlementIntents) {
ProvisioningContext entitlementCtx = subjectCtx.spawn(entitlementKind, entitlementIntent);
RefinedObjectClassDefinition entitlementOcDef = entitlementCtx.getObjectClassDefinition();
if (entitlementOcDef == null) {
throw new SchemaException("No definition of entitlement intent(s) '" + entitlementIntents + "' specified in association " + associationCVal + " in " + resource);
}
QName assocAttrName = assocDefType.getResourceObjectAssociationType().getAssociationAttribute();
if (assocAttrName == null) {
throw new SchemaException("No association attribute defined in entitlement association in " + resource);
}
RefinedAttributeDefinition assocAttrDef = entitlementOcDef.findAttributeDefinition(assocAttrName);
if (assocAttrDef == null) {
throw new SchemaException("Association attribute '" + assocAttrName + "'defined in entitlement association was not found in entitlement intent(s) '" + entitlementIntents + "' in schema for " + resource);
}
ResourceAttributeContainer identifiersContainer = ShadowUtil.getAttributesContainer(associationCVal, ShadowAssociationType.F_IDENTIFIERS);
Collection<ResourceAttribute<?>> entitlementIdentifiersFromAssociation = identifiersContainer.getAttributes();
ResourceObjectDiscriminator disc = new ResourceObjectDiscriminator(entitlementOcDef.getTypeName(), entitlementIdentifiersFromAssociation);
ResourceObjectOperations operations = roMap.get(disc);
if (operations == null) {
operations = new ResourceObjectOperations();
operations.setResourceObjectContext(entitlementCtx);
roMap.put(disc, operations);
}
QName valueAttrName = assocDefType.getResourceObjectAssociationType().getValueAttribute();
if (valueAttrName == null) {
throw new SchemaException("No value attribute defined in entitlement association in " + resource);
}
// Which shadow would we use - shadowBefore or shadowAfter?
//
// If the operation is ADD or REPLACE, we use current version of the shadow (shadowAfter), because we want
// to ensure that we add most-recent data to the subject.
//
// If the operation is DELETE, we have two possibilities:
// - if the resource provides referential integrity, the subject has already
// new data (because the object operation was already carried out), so we use shadowAfter
// - if the resource does not provide referential integrity, the subject has OLD data
// so we use shadowBefore
PrismObject<ShadowType> subjectShadow;
if (modificationType != ModificationType.DELETE) {
subjectShadow = subjectShadowAfter;
} else {
if (assocDefType.requiresExplicitReferentialIntegrity()) {
// we must ensure the referential integrity
subjectShadow = subjectShadowBefore;
} else {
// i.e. resource has ref integrity assured by itself
subjectShadow = subjectShadowAfter;
}
}
ResourceAttribute<TV> valueAttr = ShadowUtil.getAttribute(subjectShadow, valueAttrName);
if (valueAttr == null) {
if (!ShadowUtil.isFullShadow(subjectShadow)) {
Collection<ResourceAttribute<?>> subjectIdentifiers = ShadowUtil.getAllIdentifiers(subjectShadow);
LOGGER.trace("Fetching {} ({})", subjectShadow, subjectIdentifiers);
subjectShadow = resourceObjectReferenceResolver.fetchResourceObject(subjectCtx, subjectIdentifiers, null, result);
subjectShadowAfter = subjectShadow;
valueAttr = ShadowUtil.getAttribute(subjectShadow, valueAttrName);
}
if (valueAttr == null) {
LOGGER.error("No value attribute {} in shadow\n{}", valueAttrName, subjectShadow.debugDump());
// TODO: check schema and try to fetch full shadow if necessary
throw new SchemaException("No value attribute " + valueAttrName + " in " + subjectShadow);
}
}
PropertyDelta<TA> attributeDelta = null;
for (Operation operation : operations.getOperations()) {
if (operation instanceof PropertyModificationOperation) {
PropertyModificationOperation propOp = (PropertyModificationOperation) operation;
if (propOp.getPropertyDelta().getElementName().equals(assocAttrName)) {
attributeDelta = propOp.getPropertyDelta();
}
}
}
if (attributeDelta == null) {
attributeDelta = assocAttrDef.createEmptyDelta(new ItemPath(ShadowType.F_ATTRIBUTES, assocAttrName));
}
PrismProperty<TA> changedAssocAttr = PrismUtil.convertProperty(valueAttr, assocAttrDef);
if (modificationType == ModificationType.ADD) {
attributeDelta.addValuesToAdd(changedAssocAttr.getClonedValues());
} else if (modificationType == ModificationType.DELETE) {
attributeDelta.addValuesToDelete(changedAssocAttr.getClonedValues());
} else if (modificationType == ModificationType.REPLACE) {
// TODO: check if already exists
attributeDelta.setValuesToReplace(changedAssocAttr.getClonedValues());
}
if (ResourceTypeUtil.isAvoidDuplicateValues(resource)) {
PrismObject<ShadowType> currentObjectShadow = operations.getCurrentShadow();
if (currentObjectShadow == null) {
LOGGER.trace("Fetching entitlement shadow {} to avoid value duplication (intent={})", entitlementIdentifiersFromAssociation, entitlementIntent);
currentObjectShadow = resourceObjectReferenceResolver.fetchResourceObject(entitlementCtx, entitlementIdentifiersFromAssociation, null, result);
operations.setCurrentShadow(currentObjectShadow);
}
// TODO it seems that duplicate values are checked twice: once here and the second time in ResourceObjectConverter.executeModify
// TODO check that and fix if necessary
PropertyDelta<TA> attributeDeltaAfterNarrow = ProvisioningUtil.narrowPropertyDelta(attributeDelta, currentObjectShadow, assocDefType.getMatchingRule(), matchingRuleRegistry);
if (LOGGER.isTraceEnabled() && (attributeDeltaAfterNarrow == null || attributeDeltaAfterNarrow.isEmpty())) {
LOGGER.trace("Not collecting entitlement object operations ({}) association {}: attribute delta is empty after narrow, orig delta: {}", modificationType, associationName.getLocalPart(), attributeDelta);
}
attributeDelta = attributeDeltaAfterNarrow;
}
if (attributeDelta != null && !attributeDelta.isEmpty()) {
PropertyModificationOperation attributeModification = new PropertyModificationOperation(attributeDelta);
attributeModification.setMatchingRuleQName(assocDefType.getMatchingRule());
LOGGER.trace("Collecting entitlement object operations ({}) association {}: {}", modificationType, associationName.getLocalPart(), attributeModification);
operations.add(attributeModification);
}
}
return subjectShadowAfter;
}
use of com.evolveum.midpoint.provisioning.ucf.api.Operation in project midpoint by Evolveum.
the class EntitlementConverter method collectEntitlementsAsObjectOperationDelete.
/////////
// DELETE
/////////
/**
* This is somehow different that all the other methods. We are not following the content of a shadow or delta. We are following
* the definitions. This is to avoid the need to read the object that is going to be deleted. In fact, the object should not be there
* any more, but we still want to clean up entitlement membership based on the information from the shadow.
*/
public <T> void collectEntitlementsAsObjectOperationDelete(ProvisioningContext subjectCtx, final Map<ResourceObjectDiscriminator, ResourceObjectOperations> roMap, PrismObject<ShadowType> subjectShadow, OperationResult parentResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
Collection<RefinedAssociationDefinition> entitlementAssociationDefs = subjectCtx.getObjectClassDefinition().getAssociationDefinitions();
if (entitlementAssociationDefs == null || entitlementAssociationDefs.isEmpty()) {
// Nothing to do
LOGGER.trace("No associations in deleted shadow");
return;
}
ResourceAttributeContainer subjectAttributesContainer = ShadowUtil.getAttributesContainer(subjectShadow);
for (final RefinedAssociationDefinition assocDefType : subjectCtx.getObjectClassDefinition().getAssociationDefinitions()) {
if (assocDefType.getResourceObjectAssociationType().getDirection() != ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
// We can ignore these. They will die together with the object. No need to explicitly delete them.
LOGGER.trace("Ignoring subject-to-object association in deleted shadow");
continue;
}
if (!assocDefType.requiresExplicitReferentialIntegrity()) {
// Referential integrity not required for this one
LOGGER.trace("Ignoring association in deleted shadow because it does not require explicit referential integrity assurance");
continue;
}
if (assocDefType.getAuxiliaryObjectClass() != null && !subjectCtx.getObjectClassDefinition().hasAuxiliaryObjectClass(assocDefType.getAuxiliaryObjectClass())) {
LOGGER.trace("Ignoring association in deleted shadow because subject does not have {} auxiliary object class", assocDefType.getAuxiliaryObjectClass());
continue;
}
QName associationName = assocDefType.getName();
if (associationName == null) {
throw new SchemaException("No name in entitlement association " + assocDefType + " in " + subjectCtx.getResource());
}
ShadowKindType entitlementKind = assocDefType.getKind();
if (entitlementKind == null) {
entitlementKind = ShadowKindType.ENTITLEMENT;
}
for (String entitlementIntent : assocDefType.getIntents()) {
final ProvisioningContext entitlementCtx = subjectCtx.spawn(entitlementKind, entitlementIntent);
final RefinedObjectClassDefinition entitlementOcDef = entitlementCtx.getObjectClassDefinition();
if (entitlementOcDef == null) {
throw new SchemaException("No definition for entitlement intent(s) '" + assocDefType.getIntents() + "' defined in entitlement association " + associationName + " in " + subjectCtx.getResource());
}
final QName assocAttrName = assocDefType.getResourceObjectAssociationType().getAssociationAttribute();
if (assocAttrName == null) {
throw new SchemaException("No association attribute defined in entitlement association '" + associationName + "' in " + subjectCtx.getResource());
}
final RefinedAttributeDefinition assocAttrDef = entitlementOcDef.findAttributeDefinition(assocAttrName);
if (assocAttrDef == null) {
throw new SchemaException("Association attribute '" + assocAttrName + "'defined in entitlement association '" + associationName + "' was not found in schema for " + subjectCtx.getResource());
}
QName valueAttrName = assocDefType.getResourceObjectAssociationType().getValueAttribute();
if (valueAttrName == null) {
throw new SchemaException("No value attribute defined in entitlement association '" + associationName + "' in " + subjectCtx.getResource());
}
final ResourceAttribute<T> valueAttr = subjectAttributesContainer.findAttribute(valueAttrName);
if (valueAttr == null || valueAttr.isEmpty()) {
// Although we cannot really remedy the situation now, we at least throw an error so the problem is detected.
throw new SchemaException("Value attribute " + valueAttrName + " has no value; attribute defined in entitlement association '" + associationName + "' in " + subjectCtx.getResource());
}
if (valueAttr.size() > 1) {
throw new SchemaException("Value attribute " + valueAttrName + " has no more than one value; attribute defined in entitlement association '" + associationName + "' in " + subjectCtx.getResource());
}
ObjectQuery query = createQuery(assocDefType, assocAttrDef, valueAttr);
AttributesToReturn attributesToReturn = ProvisioningUtil.createAttributesToReturn(entitlementCtx);
SearchHierarchyConstraints searchHierarchyConstraints = null;
ResourceObjectReferenceType baseContextRef = entitlementOcDef.getBaseContext();
if (baseContextRef != null) {
PrismObject<ShadowType> baseContextShadow = resourceObjectReferenceResolver.resolve(subjectCtx, baseContextRef, null, "base context specification in " + entitlementOcDef, parentResult);
RefinedObjectClassDefinition baseContextObjectClassDefinition = subjectCtx.getRefinedSchema().determineCompositeObjectClassDefinition(baseContextShadow);
ResourceObjectIdentification baseContextIdentification = ShadowUtil.getResourceObjectIdentification(baseContextShadow, baseContextObjectClassDefinition);
searchHierarchyConstraints = new SearchHierarchyConstraints(baseContextIdentification, null);
}
ResultHandler<ShadowType> handler = new ResultHandler<ShadowType>() {
@Override
public boolean handle(PrismObject<ShadowType> entitlementShadow) {
Collection<? extends ResourceAttribute<?>> primaryIdentifiers = ShadowUtil.getPrimaryIdentifiers(entitlementShadow);
ResourceObjectDiscriminator disc = new ResourceObjectDiscriminator(entitlementOcDef.getTypeName(), primaryIdentifiers);
ResourceObjectOperations operations = roMap.get(disc);
if (operations == null) {
operations = new ResourceObjectOperations();
roMap.put(disc, operations);
operations.setResourceObjectContext(entitlementCtx);
Collection<? extends ResourceAttribute<?>> allIdentifiers = ShadowUtil.getAllIdentifiers(entitlementShadow);
operations.setAllIdentifiers(allIdentifiers);
}
PropertyDelta<T> attributeDelta = null;
for (Operation operation : operations.getOperations()) {
if (operation instanceof PropertyModificationOperation) {
PropertyModificationOperation propOp = (PropertyModificationOperation) operation;
if (propOp.getPropertyDelta().getElementName().equals(assocAttrName)) {
attributeDelta = propOp.getPropertyDelta();
}
}
}
if (attributeDelta == null) {
attributeDelta = assocAttrDef.createEmptyDelta(new ItemPath(ShadowType.F_ATTRIBUTES, assocAttrName));
PropertyModificationOperation attributeModification = new PropertyModificationOperation(attributeDelta);
attributeModification.setMatchingRuleQName(assocDefType.getMatchingRule());
operations.add(attributeModification);
}
attributeDelta.addValuesToDelete(valueAttr.getClonedValues());
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Association in deleted shadow delta:\n{}", attributeDelta.debugDump());
}
return true;
}
};
try {
LOGGER.trace("Searching for associations in deleted shadow, query: {}", query);
ConnectorInstance connector = subjectCtx.getConnector(ReadCapabilityType.class, parentResult);
connector.search(entitlementOcDef, query, handler, attributesToReturn, null, searchHierarchyConstraints, subjectCtx, parentResult);
} catch (TunnelException e) {
throw (SchemaException) e.getCause();
} catch (GenericFrameworkException e) {
throw new GenericConnectorException(e.getMessage(), e);
}
}
}
}
use of com.evolveum.midpoint.provisioning.ucf.api.Operation in project midpoint by Evolveum.
the class ActivationConverter method createActivationChangeOperations.
// endregion
// region midPoint -> resource object (activation -> simulating/native) on object MODIFY
/**
* Creates activation change operations, based on existing collection of changes.
*/
@NotNull
Collection<Operation> createActivationChangeOperations(ShadowType shadow, Collection<? extends ItemDelta<?, ?>> objectChange, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
Collection<Operation> operations = new ArrayList<>();
ResourceType resource = ctx.getResource();
ActivationCapabilityType activationCapability = ctx.getEffectiveCapability(ActivationCapabilityType.class);
LOGGER.trace("Found activation capability: {}", PrettyPrinter.prettyPrint(activationCapability));
// using simulating attributes, if defined
createActivationStatusChange(objectChange, shadow, activationCapability, resource, operations, result);
createLockoutStatusChange(objectChange, shadow, activationCapability, resource, operations, result);
// these are converted "as is" (no simulation)
createValidFromChange(objectChange, activationCapability, resource, operations, result);
createValidToChange(objectChange, activationCapability, resource, operations, result);
return operations;
}
Aggregations