Search in sources :

Example 11 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class IntegrationTestTools method assertProvisioningShadow.

public static void assertProvisioningShadow(PrismObject<ShadowType> account, ResourceType resourceType, Class<?> expetcedAttributeDefinitionClass, QName objectClass) {
    // Check attribute definition
    PrismContainer attributesContainer = account.findContainer(ShadowType.F_ATTRIBUTES);
    assertEquals("Wrong attributes container class", ResourceAttributeContainer.class, attributesContainer.getClass());
    ResourceAttributeContainer rAttributesContainer = (ResourceAttributeContainer) attributesContainer;
    PrismContainerDefinition attrsDef = attributesContainer.getDefinition();
    assertNotNull("No attributes container definition", attrsDef);
    assertTrue("Wrong attributes definition class " + attrsDef.getClass().getName(), attrsDef instanceof ResourceAttributeContainerDefinition);
    ResourceAttributeContainerDefinition rAttrsDef = (ResourceAttributeContainerDefinition) attrsDef;
    ObjectClassComplexTypeDefinition objectClassDef = rAttrsDef.getComplexTypeDefinition();
    assertNotNull("No object class definition in attributes definition", objectClassDef);
    assertEquals("Wrong object class in attributes definition", objectClass, objectClassDef.getTypeName());
    ResourceAttributeDefinition primaryIdDef = objectClassDef.getPrimaryIdentifiers().iterator().next();
    ResourceAttribute<?> primaryIdAttr = rAttributesContainer.findAttribute(primaryIdDef.getName());
    assertNotNull("No primary ID " + primaryIdDef.getName() + " in " + account, primaryIdAttr);
    assertAttributeDefinition(primaryIdAttr, DOMUtil.XSD_STRING, 0, 1, true, false, false, expetcedAttributeDefinitionClass);
    ResourceAttributeDefinition secondaryIdDef = objectClassDef.getSecondaryIdentifiers().iterator().next();
    ResourceAttribute<Object> secondaryIdAttr = rAttributesContainer.findAttribute(secondaryIdDef.getName());
    assertNotNull("No secondary ID " + secondaryIdDef.getName() + " in " + account, secondaryIdAttr);
    assertAttributeDefinition(secondaryIdAttr, DOMUtil.XSD_STRING, 1, 1, true, true, true, expetcedAttributeDefinitionClass);
}
Also used : ResourceAttributeContainerDefinition(com.evolveum.midpoint.schema.processor.ResourceAttributeContainerDefinition) ResourceAttributeDefinition(com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition) ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer) ObjectClassComplexTypeDefinition(com.evolveum.midpoint.schema.processor.ObjectClassComplexTypeDefinition)

Example 12 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class EntitlementConverter method postProcessEntitlementEntitlementToSubject.

private <S extends ShadowType, T> void postProcessEntitlementEntitlementToSubject(ProvisioningContext subjectCtx, final PrismObject<S> resourceObject, RefinedAssociationDefinition assocDefType, final ProvisioningContext entitlementCtx, ResourceAttributeContainer attributesContainer, final PrismContainer<ShadowAssociationType> associationContainer, OperationResult parentResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    ResourceType resourceType = subjectCtx.getResource();
    final QName associationName = assocDefType.getName();
    final RefinedObjectClassDefinition entitlementDef = entitlementCtx.getObjectClassDefinition();
    if (associationName == null) {
        throw new SchemaException("No name in entitlement association " + assocDefType + " in " + resourceType);
    }
    QName associationAuxiliaryObjectClass = assocDefType.getAuxiliaryObjectClass();
    if (associationAuxiliaryObjectClass != null && associationAuxiliaryObjectClass.getNamespaceURI() != null && !associationAuxiliaryObjectClass.getNamespaceURI().equals(ResourceTypeUtil.getResourceNamespace(resourceType))) {
        LOGGER.warn("Auxiliary object class {} in association {} does not have namespace that matches {}", associationAuxiliaryObjectClass, assocDefType.getName(), resourceType);
    }
    if (associationAuxiliaryObjectClass != null && !subjectCtx.getObjectClassDefinition().hasAuxiliaryObjectClass(associationAuxiliaryObjectClass)) {
        LOGGER.trace("Ignoring association {} because subject does not have auxiliary object class {}, it has {}", associationName, associationAuxiliaryObjectClass, subjectCtx.getObjectClassDefinition().getAuxiliaryObjectClassDefinitions());
        return;
    }
    QName assocAttrName = assocDefType.getResourceObjectAssociationType().getAssociationAttribute();
    if (assocAttrName == null) {
        throw new SchemaException("No association attribute defined in entitlement association '" + associationName + "' in " + resourceType);
    }
    RefinedAttributeDefinition assocAttrDef = entitlementDef.findAttributeDefinition(assocAttrName);
    if (assocAttrDef == null) {
        throw new SchemaException("Association attribute '" + assocAttrName + "'defined in entitlement association '" + associationName + "' was not found in schema for " + resourceType);
    }
    QName valueAttrName = assocDefType.getResourceObjectAssociationType().getValueAttribute();
    if (valueAttrName == null) {
        throw new SchemaException("No value attribute defined in entitlement association '" + associationName + "' in " + resourceType);
    }
    ResourceAttribute<T> valueAttr = attributesContainer.findAttribute(valueAttrName);
    if (valueAttr == null || valueAttr.isEmpty()) {
        LOGGER.trace("Ignoring association {} because subject does not have any value in attribute {}", associationName, valueAttrName);
        return;
    }
    if (valueAttr.size() > 1) {
        throw new SchemaException("Value attribute " + valueAttrName + " has no more than one value; attribute defined in entitlement association '" + associationName + "' in " + resourceType);
    }
    ObjectQuery query = createQuery(assocDefType, assocAttrDef, valueAttr);
    AttributesToReturn attributesToReturn = ProvisioningUtil.createAttributesToReturn(entitlementCtx);
    SearchHierarchyConstraints searchHierarchyConstraints = null;
    ResourceObjectReferenceType baseContextRef = entitlementDef.getBaseContext();
    if (baseContextRef != null) {
        // TODO: this should be done once per search. Not in every run of postProcessEntitlementEntitlementToSubject
        // this has to go outside of this method
        PrismObject<ShadowType> baseContextShadow = resourceObjectReferenceResolver.resolve(subjectCtx, baseContextRef, null, "base context specification in " + entitlementDef, parentResult);
        RefinedObjectClassDefinition baseContextObjectClassDefinition = subjectCtx.getRefinedSchema().determineCompositeObjectClassDefinition(baseContextShadow);
        ResourceObjectIdentification baseContextIdentification = ShadowUtil.getResourceObjectIdentification(baseContextShadow, baseContextObjectClassDefinition);
        searchHierarchyConstraints = new SearchHierarchyConstraints(baseContextIdentification, null);
    }
    ResultHandler<ShadowType> handler = new ResultHandler<ShadowType>() {

        @Override
        public boolean handle(PrismObject<ShadowType> entitlementShadow) {
            PrismContainerValue<ShadowAssociationType> associationCVal = associationContainer.createNewValue();
            associationCVal.asContainerable().setName(associationName);
            Collection<ResourceAttribute<?>> entitlementIdentifiers = ShadowUtil.getAllIdentifiers(entitlementShadow);
            try {
                ResourceAttributeContainer identifiersContainer = new ResourceAttributeContainer(ShadowAssociationType.F_IDENTIFIERS, entitlementDef.toResourceAttributeContainerDefinition(), prismContext);
                associationCVal.add(identifiersContainer);
                identifiersContainer.getValue().addAll(ResourceAttribute.cloneCollection(entitlementIdentifiers));
                // Remember the full shadow in user data. This is used later as an optimization to create the shadow in repo 
                identifiersContainer.setUserData(ResourceObjectConverter.FULL_SHADOW_KEY, entitlementShadow);
                if (LOGGER.isTraceEnabled()) {
                    LOGGER.trace("Processed entitlement-to-subject association for account {} and entitlement {}", ShadowUtil.getHumanReadableName(resourceObject), ShadowUtil.getHumanReadableName(entitlementShadow));
                }
            } catch (SchemaException e) {
                throw new TunnelException(e);
            }
            return true;
        }
    };
    ConnectorInstance connector = subjectCtx.getConnector(ReadCapabilityType.class, parentResult);
    try {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Processed entitlement-to-subject association for account {}: query {}", ShadowUtil.getHumanReadableName(resourceObject), query);
        }
        try {
            connector.search(entitlementDef, query, handler, attributesToReturn, null, searchHierarchyConstraints, subjectCtx, parentResult);
        } catch (GenericFrameworkException e) {
            throw new GenericConnectorException("Generic error in the connector " + connector + ". Reason: " + e.getMessage(), e);
        }
    } catch (TunnelException e) {
        throw (SchemaException) e.getCause();
    }
}
Also used : AttributesToReturn(com.evolveum.midpoint.provisioning.ucf.api.AttributesToReturn) ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer) ResultHandler(com.evolveum.midpoint.provisioning.ucf.api.ResultHandler) PrismObject(com.evolveum.midpoint.prism.PrismObject) TunnelException(com.evolveum.midpoint.util.exception.TunnelException) SearchHierarchyConstraints(com.evolveum.midpoint.schema.processor.SearchHierarchyConstraints) ResourceObjectIdentification(com.evolveum.midpoint.schema.processor.ResourceObjectIdentification) GenericConnectorException(com.evolveum.midpoint.provisioning.api.GenericConnectorException) ResourceObjectReferenceType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectReferenceType) ResourceAttribute(com.evolveum.midpoint.schema.processor.ResourceAttribute) ShadowAssociationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) GenericFrameworkException(com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException) QName(javax.xml.namespace.QName) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) ResourceType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType) ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery) ConnectorInstance(com.evolveum.midpoint.provisioning.ucf.api.ConnectorInstance)

Example 13 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class EntitlementConverter method postProcessEntitlementsRead.

//////////
// GET
/////////
public void postProcessEntitlementsRead(ProvisioningContext subjectCtx, PrismObject<ShadowType> resourceObject, OperationResult parentResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    ResourceType resourceType = subjectCtx.getResource();
    LOGGER.trace("Starting postProcessEntitlementRead");
    RefinedObjectClassDefinition objectClassDefinition = subjectCtx.getObjectClassDefinition();
    Collection<RefinedAssociationDefinition> entitlementAssociationDefs = objectClassDefinition.getAssociationDefinitions();
    if (entitlementAssociationDefs != null) {
        ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(resourceObject);
        PrismContainerDefinition<ShadowAssociationType> associationDef = resourceObject.getDefinition().findContainerDefinition(ShadowType.F_ASSOCIATION);
        PrismContainer<ShadowAssociationType> associationContainer = associationDef.instantiate();
        for (RefinedAssociationDefinition assocDefType : entitlementAssociationDefs) {
            ShadowKindType entitlementKind = assocDefType.getKind();
            if (entitlementKind == null) {
                entitlementKind = ShadowKindType.ENTITLEMENT;
            }
            for (String entitlementIntent : assocDefType.getIntents()) {
                LOGGER.trace("Resolving association {} for kind {} and intent {}", assocDefType.getName(), entitlementKind, entitlementIntent);
                ProvisioningContext entitlementCtx = subjectCtx.spawn(entitlementKind, entitlementIntent);
                RefinedObjectClassDefinition entitlementDef = entitlementCtx.getObjectClassDefinition();
                if (entitlementDef == null) {
                    throw new SchemaException("No definition for entitlement intent(s) '" + assocDefType.getIntents() + "' in " + resourceType);
                }
                ResourceObjectAssociationDirectionType direction = assocDefType.getResourceObjectAssociationType().getDirection();
                if (direction == ResourceObjectAssociationDirectionType.SUBJECT_TO_OBJECT) {
                    postProcessEntitlementSubjectToEntitlement(resourceType, resourceObject, objectClassDefinition, assocDefType, entitlementDef, attributesContainer, associationContainer, parentResult);
                } else if (direction == ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
                    if (assocDefType.getResourceObjectAssociationType().getShortcutAssociationAttribute() != null) {
                        postProcessEntitlementSubjectToEntitlement(resourceType, resourceObject, objectClassDefinition, assocDefType, entitlementDef, attributesContainer, associationContainer, assocDefType.getResourceObjectAssociationType().getShortcutAssociationAttribute(), assocDefType.getResourceObjectAssociationType().getShortcutValueAttribute(), parentResult);
                    } else {
                        postProcessEntitlementEntitlementToSubject(subjectCtx, resourceObject, assocDefType, entitlementCtx, attributesContainer, associationContainer, parentResult);
                    }
                } else {
                    throw new IllegalArgumentException("Unknown entitlement direction " + direction + " in association " + assocDefType + " in " + resourceType);
                }
            }
        }
        if (!associationContainer.isEmpty()) {
            resourceObject.add(associationContainer);
        }
    }
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ResourceType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType) ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer) ResourceObjectAssociationDirectionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectAssociationDirectionType) ShadowKindType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType) ShadowAssociationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType)

Example 14 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class EntitlementConverter method postProcessEntitlementSubjectToEntitlement.

private <S extends ShadowType, T> void postProcessEntitlementSubjectToEntitlement(ResourceType resourceType, PrismObject<S> resourceObject, RefinedObjectClassDefinition objectClassDefinition, RefinedAssociationDefinition assocDefType, RefinedObjectClassDefinition entitlementDef, ResourceAttributeContainer attributesContainer, PrismContainer<ShadowAssociationType> associationContainer, QName assocAttrName, QName valueAttrName, OperationResult parentResult) throws SchemaException {
    QName associationName = assocDefType.getName();
    if (associationName == null) {
        throw new SchemaException("No name in entitlement association " + assocDefType + " in " + resourceType);
    }
    if (assocAttrName == null) {
        throw new SchemaException("No association attribute defined in entitlement association '" + associationName + "' in " + resourceType);
    }
    RefinedAttributeDefinition assocAttrDef = objectClassDefinition.findAttributeDefinition(assocAttrName);
    if (assocAttrDef == null) {
        throw new SchemaException("Association attribute '" + assocAttrName + "'defined in entitlement association '" + associationName + "' was not found in schema for " + resourceType);
    }
    ResourceAttribute<T> assocAttr = attributesContainer.findAttribute(assocAttrName);
    if (assocAttr == null || assocAttr.isEmpty()) {
        // Nothing to do. No attribute to base the association on.
        LOGGER.trace("Association attribute {} is empty, skipping association {}", assocAttrName, associationName);
        return;
    }
    if (valueAttrName == null) {
        throw new SchemaException("No value attribute defined in entitlement association '" + associationName + "' in " + resourceType);
    }
    RefinedAttributeDefinition valueAttrDef = entitlementDef.findAttributeDefinition(valueAttrName);
    for (PrismPropertyValue<T> assocAttrPVal : assocAttr.getValues()) {
        ResourceAttribute<T> valueAttribute = valueAttrDef.instantiate();
        valueAttribute.add(assocAttrPVal.clone());
        PrismContainerValue<ShadowAssociationType> associationCVal = associationContainer.createNewValue();
        associationCVal.asContainerable().setName(associationName);
        ResourceAttributeContainer identifiersContainer = new ResourceAttributeContainer(ShadowAssociationType.F_IDENTIFIERS, entitlementDef.toResourceAttributeContainerDefinition(), prismContext);
        associationCVal.add(identifiersContainer);
        identifiersContainer.add(valueAttribute);
        LOGGER.trace("Assocciation attribute value resolved to valueAtrribute {}  and identifiers container {}", valueAttribute, identifiersContainer);
    }
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) QName(javax.xml.namespace.QName) ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer) ShadowAssociationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType)

Example 15 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class ConsistencyTest method test122AddAccountAlreadyExistUnlinked.

@Test
public void test122AddAccountAlreadyExistUnlinked() throws Exception {
    final String TEST_NAME = "test122AddAccountAlreadyExistUnlinked";
    TestUtil.displayTestTile(TEST_NAME);
    // GIVEN
    OperationResult parentResult = new OperationResult("Add account already exist unlinked.");
    Entry entry = openDJController.addEntryFromLdifFile(LDIF_WILL_FILENAME);
    Entry searchResult = openDJController.searchByUid("wturner");
    OpenDJController.assertAttribute(searchResult, "l", "Caribbean");
    OpenDJController.assertAttribute(searchResult, "givenName", "Will");
    OpenDJController.assertAttribute(searchResult, "sn", "Turner");
    OpenDJController.assertAttribute(searchResult, "cn", "Will Turner");
    OpenDJController.assertAttribute(searchResult, "mail", "will.turner@blackpearl.com");
    OpenDJController.assertAttribute(searchResult, "telephonenumber", "+1 408 555 1234");
    OpenDJController.assertAttribute(searchResult, "facsimiletelephonenumber", "+1 408 555 4321");
    String dn = searchResult.getDN().toString();
    assertEquals("DN attribute " + dn + " not equals", dn, "uid=wturner,ou=People,dc=example,dc=com");
    testAddUserToRepo("add user - test015 account already exist unlinked", USER_WILL_FILENAME, USER_WILL_OID);
    assertUserNoAccountRef(USER_WILL_OID, parentResult);
    Task task = taskManager.createTaskInstance();
    //WHEN
    TestUtil.displayWhen(TEST_NAME);
    requestToExecuteChanges(REQUEST_USER_MODIFY_ASSIGN_ACCOUNT, USER_WILL_OID, UserType.class, task, null, parentResult);
    // THEN
    TestUtil.displayThen(TEST_NAME);
    String accountOid = checkUser(USER_WILL_OID, task, parentResult);
    //		MidPointAsserts.assertAssignments(user, 1);
    PrismObject<ShadowType> account = provisioningService.getObject(ShadowType.class, accountOid, null, task, parentResult);
    ResourceAttributeContainer attributes = ShadowUtil.getAttributesContainer(account);
    assertEquals("shadow secondary identifier not equal with the account dn. ", dn, attributes.findAttribute(getOpenDjSecondaryIdentifierQName()).getRealValue(String.class));
    String identifier = attributes.getPrimaryIdentifier().getRealValue(String.class);
    openDJController.searchAndAssertByEntryUuid(identifier);
}
Also used : Entry(org.opends.server.types.Entry) Task(com.evolveum.midpoint.task.api.Task) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer) PolyString(com.evolveum.midpoint.prism.polystring.PolyString) Test(org.testng.annotations.Test) AbstractModelIntegrationTest(com.evolveum.midpoint.model.test.AbstractModelIntegrationTest)

Aggregations

ResourceAttributeContainer (com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)33 ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)20 ResourceAttribute (com.evolveum.midpoint.schema.processor.ResourceAttribute)16 QName (javax.xml.namespace.QName)16 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)13 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)11 Test (org.testng.annotations.Test)8 DummyAccount (com.evolveum.icf.dummy.resource.DummyAccount)6 ResourceObjectShadowChangeDescription (com.evolveum.midpoint.provisioning.api.ResourceObjectShadowChangeDescription)6 ResourceShadowDiscriminator (com.evolveum.midpoint.schema.ResourceShadowDiscriminator)6 PrismObject (com.evolveum.midpoint.prism.PrismObject)5 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)5 Task (com.evolveum.midpoint.task.api.Task)5 ShadowAssociationType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType)5 RefinedAttributeDefinition (com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition)4 RefinedObjectClassDefinition (com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition)4 AbstractModelIntegrationTest (com.evolveum.midpoint.model.test.AbstractModelIntegrationTest)4 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)3 PropertyModificationOperation (com.evolveum.midpoint.provisioning.ucf.api.PropertyModificationOperation)3 ObjectClassComplexTypeDefinition (com.evolveum.midpoint.schema.processor.ObjectClassComplexTypeDefinition)3