Search in sources :

Example 1 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class ProjectionValuesProcessor method checkSchemaAndPolicies.

/**
	 * Check that the primary deltas do not violate schema and policies
	 * TODO: implement schema check 
	 */
public <F extends ObjectType> void checkSchemaAndPolicies(LensContext<F> context, LensProjectionContext accountContext, String activityDescription, OperationResult result) throws SchemaException, PolicyViolationException {
    ObjectDelta<ShadowType> primaryDelta = accountContext.getPrimaryDelta();
    if (primaryDelta == null || primaryDelta.isDelete()) {
        return;
    }
    RefinedObjectClassDefinition rAccountDef = accountContext.getCompositeObjectClassDefinition();
    if (rAccountDef == null) {
        throw new SchemaException("No definition for account type '" + accountContext.getResourceShadowDiscriminator() + "' in " + accountContext.getResource());
    }
    if (primaryDelta.isAdd()) {
        PrismObject<ShadowType> accountToAdd = primaryDelta.getObjectToAdd();
        ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(accountToAdd);
        if (attributesContainer != null) {
            for (ResourceAttribute<?> attribute : attributesContainer.getAttributes()) {
                RefinedAttributeDefinition rAttrDef = rAccountDef.findAttributeDefinition(attribute.getElementName());
                if (!rAttrDef.isTolerant()) {
                    throw new PolicyViolationException("Attempt to add object with non-tolerant attribute " + attribute.getElementName() + " in " + "account " + accountContext.getResourceShadowDiscriminator() + " during " + activityDescription);
                }
            }
        }
    } else if (primaryDelta.isModify()) {
        for (ItemDelta<?, ?> modification : primaryDelta.getModifications()) {
            if (modification.getParentPath().equivalent(SchemaConstants.PATH_ATTRIBUTES)) {
                PropertyDelta<?> attrDelta = (PropertyDelta<?>) modification;
                RefinedAttributeDefinition rAttrDef = rAccountDef.findAttributeDefinition(attrDelta.getElementName());
                if (!rAttrDef.isTolerant()) {
                    throw new PolicyViolationException("Attempt to modify non-tolerant attribute " + attrDelta.getElementName() + " in " + "account " + accountContext.getResourceShadowDiscriminator() + " during " + activityDescription);
                }
            }
        }
    } else {
        throw new IllegalStateException("Whoops!");
    }
}
Also used : RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) RefinedAttributeDefinition(com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition) ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer) ItemDelta(com.evolveum.midpoint.prism.delta.ItemDelta) PropertyDelta(com.evolveum.midpoint.prism.delta.PropertyDelta) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException)

Example 2 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class ReconciliationProcessor method getIdentifiersForAssociationTarget.

@NotNull
private ResourceAttributeContainer getIdentifiersForAssociationTarget(PrismContainerValue<ShadowAssociationType> isCValue, Task task, OperationResult result) throws CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException {
    ResourceAttributeContainer identifiersContainer = ShadowUtil.getAttributesContainer(isCValue, ShadowAssociationType.F_IDENTIFIERS);
    if (identifiersContainer != null) {
        return identifiersContainer;
    }
    String oid = isCValue.asContainerable().getShadowRef() != null ? isCValue.asContainerable().getShadowRef().getOid() : null;
    if (oid == null) {
        // TODO maybe warn/error log would suffice?
        throw new IllegalStateException("Couldn't evaluate tolerant/intolerant values for association " + isCValue + ", because there are no identifiers and no shadow reference present");
    }
    PrismObject<ShadowType> target;
    try {
        GetOperationOptions rootOpt = GetOperationOptions.createPointInTimeType(PointInTimeType.FUTURE);
        rootOpt.setNoFetch(true);
        target = provisioningService.getObject(ShadowType.class, oid, SelectorOptions.createCollection(rootOpt), task, result);
    } catch (ObjectNotFoundException e) {
        // TODO maybe warn/error log would suffice (also for other exceptions?)
        throw new ObjectNotFoundException("Couldn't evaluate tolerant/intolerant values for association " + isCValue + ", because the association target object does not exist: " + e.getMessage(), e);
    }
    identifiersContainer = ShadowUtil.getAttributesContainer(target);
    if (identifiersContainer == null) {
        // TODO maybe warn/error log would suffice?
        throw new IllegalStateException("Couldn't evaluate tolerant/intolerant values for association " + isCValue + ", because there are no identifiers present, even in the repository object for association target");
    }
    return identifiersContainer;
}
Also used : GetOperationOptions(com.evolveum.midpoint.schema.GetOperationOptions) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer) NotNull(org.jetbrains.annotations.NotNull)

Example 3 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class LensProjectionContext method checkConsistence.

@Override
protected void checkConsistence(PrismObject<ShadowType> object, String elementDesc, String contextDesc) {
    super.checkConsistence(object, elementDesc, contextDesc);
    ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(object);
    if (attributesContainer != null) {
        ResourceType resource = getResource();
        if (resource != null) {
            String resourceNamespace = ResourceTypeUtil.getResourceNamespace(resource);
            for (ResourceAttribute<?> attribute : attributesContainer.getAttributes()) {
                QName attrName = attribute.getElementName();
                if (SchemaConstants.NS_ICF_SCHEMA.equals(attrName.getNamespaceURI())) {
                    continue;
                }
                if (resourceNamespace.equals(attrName.getNamespaceURI())) {
                    continue;
                }
                String desc = elementDesc + " in " + this + (contextDesc == null ? "" : " in " + contextDesc);
                throw new IllegalStateException("Invalid namespace for attribute " + attrName + " in " + desc);
            }
        }
    }
}
Also used : QName(javax.xml.namespace.QName) ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)

Example 4 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class ProvisioningUtil method normalizeShadow.

public static <T extends ShadowType> void normalizeShadow(T shadow, OperationResult result) throws SchemaException {
    if (shadow.getAttemptNumber() != null) {
        shadow.setAttemptNumber(null);
    }
    if (shadow.getFailedOperationType() != null) {
        shadow.setFailedOperationType(null);
    }
    if (shadow.getObjectChange() != null) {
        shadow.setObjectChange(null);
    }
    if (shadow.getResult() != null) {
        shadow.setResult(null);
    }
    if (shadow.getCredentials() != null) {
        shadow.setCredentials(null);
    }
    ResourceAttributeContainer normalizedContainer = ShadowUtil.getAttributesContainer(shadow);
    ResourceAttributeContainer oldContainer = normalizedContainer.clone();
    normalizedContainer.clear();
    Collection<ResourceAttribute<?>> identifiers = oldContainer.getPrimaryIdentifiers();
    for (PrismProperty<?> p : identifiers) {
        normalizedContainer.getValue().add(p.clone());
    }
    Collection<ResourceAttribute<?>> secondaryIdentifiers = oldContainer.getSecondaryIdentifiers();
    for (PrismProperty<?> p : secondaryIdentifiers) {
        normalizedContainer.getValue().add(p.clone());
    }
    cleanupShadowActivation(shadow);
}
Also used : ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer) ResourceAttribute(com.evolveum.midpoint.schema.processor.ResourceAttribute)

Example 5 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class ShadowManager method createRepositoryShadow.

/**
	 * Create a copy of a shadow that is suitable for repository storage. 
	 */
private PrismObject<ShadowType> createRepositoryShadow(ProvisioningContext ctx, PrismObject<ShadowType> shadow) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException {
    ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(shadow);
    PrismObject<ShadowType> repoShadow = shadow.clone();
    ShadowType repoShadowType = repoShadow.asObjectable();
    ResourceAttributeContainer repoAttributesContainer = ShadowUtil.getAttributesContainer(repoShadow);
    CachingStategyType cachingStrategy = ProvisioningUtil.getCachingStrategy(ctx);
    if (cachingStrategy == CachingStategyType.NONE) {
        // Clean all repoShadow attributes and add only those that should be
        // there
        repoAttributesContainer.clear();
        Collection<ResourceAttribute<?>> primaryIdentifiers = attributesContainer.getPrimaryIdentifiers();
        for (PrismProperty<?> p : primaryIdentifiers) {
            repoAttributesContainer.add(p.clone());
        }
        Collection<ResourceAttribute<?>> secondaryIdentifiers = attributesContainer.getSecondaryIdentifiers();
        for (PrismProperty<?> p : secondaryIdentifiers) {
            repoAttributesContainer.add(p.clone());
        }
        // Also add all the attributes that act as association identifiers.
        // We will need them when the shadow is deleted (to remove the shadow from entitlements).
        RefinedObjectClassDefinition objectClassDefinition = ctx.getObjectClassDefinition();
        for (RefinedAssociationDefinition associationDef : objectClassDefinition.getAssociationDefinitions()) {
            if (associationDef.getResourceObjectAssociationType().getDirection() == ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
                QName valueAttributeName = associationDef.getResourceObjectAssociationType().getValueAttribute();
                if (repoAttributesContainer.findAttribute(valueAttributeName) == null) {
                    ResourceAttribute<Object> valueAttribute = attributesContainer.findAttribute(valueAttributeName);
                    if (valueAttribute != null) {
                        repoAttributesContainer.add(valueAttribute.clone());
                    }
                }
            }
        }
        repoShadowType.setCachingMetadata(null);
        ProvisioningUtil.cleanupShadowActivation(repoShadowType);
    } else if (cachingStrategy == CachingStategyType.PASSIVE) {
        // Do not need to clear anything. Just store all attributes and add metadata.
        CachingMetadataType cachingMetadata = new CachingMetadataType();
        cachingMetadata.setRetrievalTimestamp(clock.currentTimeXMLGregorianCalendar());
        repoShadowType.setCachingMetadata(cachingMetadata);
    } else {
        throw new ConfigurationException("Unknown caching strategy " + cachingStrategy);
    }
    setKindIfNecessary(repoShadowType, ctx.getObjectClassDefinition());
    //        setIntentIfNecessary(repoShadowType, objectClassDefinition);
    // Store only password meta-data in repo
    CredentialsType creds = repoShadowType.getCredentials();
    if (creds != null) {
        PasswordType passwordType = creds.getPassword();
        if (passwordType != null) {
            ProvisioningUtil.cleanupShadowPassword(passwordType);
            PrismObject<UserType> owner = null;
            if (ctx.getTask() != null) {
                owner = ctx.getTask().getOwner();
            }
            ProvisioningUtil.addPasswordMetadata(passwordType, clock.currentTimeXMLGregorianCalendar(), owner);
        }
    // TODO: other credential types - later
    }
    // convert to the resource reference.
    if (repoShadowType.getResource() != null) {
        repoShadowType.setResource(null);
        repoShadowType.setResourceRef(ObjectTypeUtil.createObjectRef(ctx.getResource()));
    }
    // now
    if (repoShadowType.getResourceRef() == null) {
        repoShadowType.setResourceRef(ObjectTypeUtil.createObjectRef(ctx.getResource()));
    }
    if (repoShadowType.getName() == null) {
        repoShadowType.setName(new PolyStringType(ShadowUtil.determineShadowName(shadow)));
    }
    if (repoShadowType.getObjectClass() == null) {
        repoShadowType.setObjectClass(attributesContainer.getDefinition().getTypeName());
    }
    if (repoShadowType.isProtectedObject() != null) {
        repoShadowType.setProtectedObject(null);
    }
    normalizeAttributes(repoShadow, ctx.getObjectClassDefinition());
    return repoShadow;
}
Also used : PolyStringType(com.evolveum.prism.xml.ns._public.types_3.PolyStringType) QName(javax.xml.namespace.QName) ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer) RefinedAssociationDefinition(com.evolveum.midpoint.common.refinery.RefinedAssociationDefinition) RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) PrismObject(com.evolveum.midpoint.prism.PrismObject) ResourceAttribute(com.evolveum.midpoint.schema.processor.ResourceAttribute)

Aggregations

ResourceAttributeContainer (com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)33 ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)20 ResourceAttribute (com.evolveum.midpoint.schema.processor.ResourceAttribute)16 QName (javax.xml.namespace.QName)16 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)13 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)11 Test (org.testng.annotations.Test)8 DummyAccount (com.evolveum.icf.dummy.resource.DummyAccount)6 ResourceObjectShadowChangeDescription (com.evolveum.midpoint.provisioning.api.ResourceObjectShadowChangeDescription)6 ResourceShadowDiscriminator (com.evolveum.midpoint.schema.ResourceShadowDiscriminator)6 PrismObject (com.evolveum.midpoint.prism.PrismObject)5 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)5 Task (com.evolveum.midpoint.task.api.Task)5 ShadowAssociationType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType)5 RefinedAttributeDefinition (com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition)4 RefinedObjectClassDefinition (com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition)4 AbstractModelIntegrationTest (com.evolveum.midpoint.model.test.AbstractModelIntegrationTest)4 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)3 PropertyModificationOperation (com.evolveum.midpoint.provisioning.ucf.api.PropertyModificationOperation)3 ObjectClassComplexTypeDefinition (com.evolveum.midpoint.schema.processor.ObjectClassComplexTypeDefinition)3