Example 1 with ResourceAttributeContainer
use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class ProjectionValuesProcessor method checkSchemaAndPolicies.
/**
* Check that the primary deltas do not violate schema and policies
* TODO: implement schema check
*/
public <F extends ObjectType> void checkSchemaAndPolicies(LensContext<F> context, LensProjectionContext accountContext, String activityDescription, OperationResult result) throws SchemaException, PolicyViolationException {
ObjectDelta<ShadowType> primaryDelta = accountContext.getPrimaryDelta();
if (primaryDelta == null || primaryDelta.isDelete()) {
return;
}
RefinedObjectClassDefinition rAccountDef = accountContext.getCompositeObjectClassDefinition();
if (rAccountDef == null) {
throw new SchemaException("No definition for account type '" + accountContext.getResourceShadowDiscriminator() + "' in " + accountContext.getResource());
}
if (primaryDelta.isAdd()) {
PrismObject<ShadowType> accountToAdd = primaryDelta.getObjectToAdd();
ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(accountToAdd);
if (attributesContainer != null) {
for (ResourceAttribute<?> attribute : attributesContainer.getAttributes()) {
RefinedAttributeDefinition rAttrDef = rAccountDef.findAttributeDefinition(attribute.getElementName());
if (!rAttrDef.isTolerant()) {
throw new PolicyViolationException("Attempt to add object with non-tolerant attribute " + attribute.getElementName() + " in " + "account " + accountContext.getResourceShadowDiscriminator() + " during " + activityDescription);
}
}
}
} else if (primaryDelta.isModify()) {
for (ItemDelta<?, ?> modification : primaryDelta.getModifications()) {
if (modification.getParentPath().equivalent(SchemaConstants.PATH_ATTRIBUTES)) {
PropertyDelta<?> attrDelta = (PropertyDelta<?>) modification;
RefinedAttributeDefinition rAttrDef = rAccountDef.findAttributeDefinition(attrDelta.getElementName());
if (!rAttrDef.isTolerant()) {
throw new PolicyViolationException("Attempt to modify non-tolerant attribute " + attrDelta.getElementName() + " in " + "account " + accountContext.getResourceShadowDiscriminator() + " during " + activityDescription);
}
}
}
} else {
throw new IllegalStateException("Whoops!");
}
}
Also used :
RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
RefinedAttributeDefinition(com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition)
ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)
ItemDelta(com.evolveum.midpoint.prism.delta.ItemDelta)
PropertyDelta(com.evolveum.midpoint.prism.delta.PropertyDelta)
PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException)
Example 2 with ResourceAttributeContainer
use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class ReconciliationProcessor method getIdentifiersForAssociationTarget.
@NotNull
private ResourceAttributeContainer getIdentifiersForAssociationTarget(PrismContainerValue<ShadowAssociationType> isCValue, Task task, OperationResult result) throws CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException {
ResourceAttributeContainer identifiersContainer = ShadowUtil.getAttributesContainer(isCValue, ShadowAssociationType.F_IDENTIFIERS);
if (identifiersContainer != null) {
return identifiersContainer;
}
String oid = isCValue.asContainerable().getShadowRef() != null ? isCValue.asContainerable().getShadowRef().getOid() : null;
if (oid == null) {
// TODO maybe warn/error log would suffice?
throw new IllegalStateException("Couldn't evaluate tolerant/intolerant values for association " + isCValue + ", because there are no identifiers and no shadow reference present");
}
PrismObject<ShadowType> target;
try {
GetOperationOptions rootOpt = GetOperationOptions.createPointInTimeType(PointInTimeType.FUTURE);
rootOpt.setNoFetch(true);
target = provisioningService.getObject(ShadowType.class, oid, SelectorOptions.createCollection(rootOpt), task, result);
} catch (ObjectNotFoundException e) {
// TODO maybe warn/error log would suffice (also for other exceptions?)
throw new ObjectNotFoundException("Couldn't evaluate tolerant/intolerant values for association " + isCValue + ", because the association target object does not exist: " + e.getMessage(), e);
}
identifiersContainer = ShadowUtil.getAttributesContainer(target);
if (identifiersContainer == null) {
// TODO maybe warn/error log would suffice?
throw new IllegalStateException("Couldn't evaluate tolerant/intolerant values for association " + isCValue + ", because there are no identifiers present, even in the repository object for association target");
}
return identifiersContainer;
}
Also used :
GetOperationOptions(com.evolveum.midpoint.schema.GetOperationOptions)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)
NotNull(org.jetbrains.annotations.NotNull)
Example 3 with ResourceAttributeContainer
use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class LensProjectionContext method checkConsistence.
@Override
protected void checkConsistence(PrismObject<ShadowType> object, String elementDesc, String contextDesc) {
super.checkConsistence(object, elementDesc, contextDesc);
ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(object);
if (attributesContainer != null) {
ResourceType resource = getResource();
if (resource != null) {
String resourceNamespace = ResourceTypeUtil.getResourceNamespace(resource);
for (ResourceAttribute<?> attribute : attributesContainer.getAttributes()) {
QName attrName = attribute.getElementName();
if (SchemaConstants.NS_ICF_SCHEMA.equals(attrName.getNamespaceURI())) {
continue;
}
if (resourceNamespace.equals(attrName.getNamespaceURI())) {
continue;
}
String desc = elementDesc + " in " + this + (contextDesc == null ? "" : " in " + contextDesc);
throw new IllegalStateException("Invalid namespace for attribute " + attrName + " in " + desc);
}
}
}
}
Also used :
QName(javax.xml.namespace.QName)
ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)
Example 4 with ResourceAttributeContainer
use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class ProvisioningUtil method normalizeShadow.
public static <T extends ShadowType> void normalizeShadow(T shadow, OperationResult result) throws SchemaException {
if (shadow.getAttemptNumber() != null) {
shadow.setAttemptNumber(null);
}
if (shadow.getFailedOperationType() != null) {
shadow.setFailedOperationType(null);
}
if (shadow.getObjectChange() != null) {
shadow.setObjectChange(null);
}
if (shadow.getResult() != null) {
shadow.setResult(null);
}
if (shadow.getCredentials() != null) {
shadow.setCredentials(null);
}
ResourceAttributeContainer normalizedContainer = ShadowUtil.getAttributesContainer(shadow);
ResourceAttributeContainer oldContainer = normalizedContainer.clone();
normalizedContainer.clear();
Collection<ResourceAttribute<?>> identifiers = oldContainer.getPrimaryIdentifiers();
for (PrismProperty<?> p : identifiers) {
normalizedContainer.getValue().add(p.clone());
}
Collection<ResourceAttribute<?>> secondaryIdentifiers = oldContainer.getSecondaryIdentifiers();
for (PrismProperty<?> p : secondaryIdentifiers) {
normalizedContainer.getValue().add(p.clone());
}
cleanupShadowActivation(shadow);
}
Also used :
ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)
ResourceAttribute(com.evolveum.midpoint.schema.processor.ResourceAttribute)
Example 5 with ResourceAttributeContainer
use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class ShadowManager method createRepositoryShadow.
/**
* Create a copy of a shadow that is suitable for repository storage.
*/
private PrismObject<ShadowType> createRepositoryShadow(ProvisioningContext ctx, PrismObject<ShadowType> shadow) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException {
ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(shadow);
PrismObject<ShadowType> repoShadow = shadow.clone();
ShadowType repoShadowType = repoShadow.asObjectable();
ResourceAttributeContainer repoAttributesContainer = ShadowUtil.getAttributesContainer(repoShadow);
CachingStategyType cachingStrategy = ProvisioningUtil.getCachingStrategy(ctx);
if (cachingStrategy == CachingStategyType.NONE) {
// Clean all repoShadow attributes and add only those that should be
// there
repoAttributesContainer.clear();
Collection<ResourceAttribute<?>> primaryIdentifiers = attributesContainer.getPrimaryIdentifiers();
for (PrismProperty<?> p : primaryIdentifiers) {
repoAttributesContainer.add(p.clone());
}
Collection<ResourceAttribute<?>> secondaryIdentifiers = attributesContainer.getSecondaryIdentifiers();
for (PrismProperty<?> p : secondaryIdentifiers) {
repoAttributesContainer.add(p.clone());
}
// Also add all the attributes that act as association identifiers.
// We will need them when the shadow is deleted (to remove the shadow from entitlements).
RefinedObjectClassDefinition objectClassDefinition = ctx.getObjectClassDefinition();
for (RefinedAssociationDefinition associationDef : objectClassDefinition.getAssociationDefinitions()) {
if (associationDef.getResourceObjectAssociationType().getDirection() == ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
QName valueAttributeName = associationDef.getResourceObjectAssociationType().getValueAttribute();
if (repoAttributesContainer.findAttribute(valueAttributeName) == null) {
ResourceAttribute<Object> valueAttribute = attributesContainer.findAttribute(valueAttributeName);
if (valueAttribute != null) {
repoAttributesContainer.add(valueAttribute.clone());
}
}
}
}
repoShadowType.setCachingMetadata(null);
ProvisioningUtil.cleanupShadowActivation(repoShadowType);
} else if (cachingStrategy == CachingStategyType.PASSIVE) {
// Do not need to clear anything. Just store all attributes and add metadata.
CachingMetadataType cachingMetadata = new CachingMetadataType();
cachingMetadata.setRetrievalTimestamp(clock.currentTimeXMLGregorianCalendar());
repoShadowType.setCachingMetadata(cachingMetadata);
} else {
throw new ConfigurationException("Unknown caching strategy " + cachingStrategy);
}
setKindIfNecessary(repoShadowType, ctx.getObjectClassDefinition());
// setIntentIfNecessary(repoShadowType, objectClassDefinition);
// Store only password meta-data in repo
CredentialsType creds = repoShadowType.getCredentials();
if (creds != null) {
PasswordType passwordType = creds.getPassword();
if (passwordType != null) {
ProvisioningUtil.cleanupShadowPassword(passwordType);
PrismObject<UserType> owner = null;
if (ctx.getTask() != null) {
owner = ctx.getTask().getOwner();
}
ProvisioningUtil.addPasswordMetadata(passwordType, clock.currentTimeXMLGregorianCalendar(), owner);
}
// TODO: other credential types - later
}
// convert to the resource reference.
if (repoShadowType.getResource() != null) {
repoShadowType.setResource(null);
repoShadowType.setResourceRef(ObjectTypeUtil.createObjectRef(ctx.getResource()));
}
// now
if (repoShadowType.getResourceRef() == null) {
repoShadowType.setResourceRef(ObjectTypeUtil.createObjectRef(ctx.getResource()));
}
if (repoShadowType.getName() == null) {
repoShadowType.setName(new PolyStringType(ShadowUtil.determineShadowName(shadow)));
}
if (repoShadowType.getObjectClass() == null) {
repoShadowType.setObjectClass(attributesContainer.getDefinition().getTypeName());
}
if (repoShadowType.isProtectedObject() != null) {
repoShadowType.setProtectedObject(null);
}
normalizeAttributes(repoShadow, ctx.getObjectClassDefinition());
return repoShadow;
}
Also used :
PolyStringType(com.evolveum.prism.xml.ns._public.types_3.PolyStringType)
QName(javax.xml.namespace.QName)
ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)
RefinedAssociationDefinition(com.evolveum.midpoint.common.refinery.RefinedAssociationDefinition)
RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition)
ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
ResourceAttribute(com.evolveum.midpoint.schema.processor.ResourceAttribute)
Aggregations
ResourceAttributeContainer (com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)33
ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)20
ResourceAttribute (com.evolveum.midpoint.schema.processor.ResourceAttribute)16
QName (javax.xml.namespace.QName)16
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)13
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)11
Test (org.testng.annotations.Test)8
DummyAccount (com.evolveum.icf.dummy.resource.DummyAccount)6
ResourceObjectShadowChangeDescription (com.evolveum.midpoint.provisioning.api.ResourceObjectShadowChangeDescription)6
ResourceShadowDiscriminator (com.evolveum.midpoint.schema.ResourceShadowDiscriminator)6
PrismObject (com.evolveum.midpoint.prism.PrismObject)5
PolyString (com.evolveum.midpoint.prism.polystring.PolyString)5
Task (com.evolveum.midpoint.task.api.Task)5
ShadowAssociationType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType)5
RefinedAttributeDefinition (com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition)4
RefinedObjectClassDefinition (com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition)4
AbstractModelIntegrationTest (com.evolveum.midpoint.model.test.AbstractModelIntegrationTest)4
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)3
PropertyModificationOperation (com.evolveum.midpoint.provisioning.ucf.api.PropertyModificationOperation)3
ObjectClassComplexTypeDefinition (com.evolveum.midpoint.schema.processor.ObjectClassComplexTypeDefinition)3
