use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class IntegrationTestTools method assertProvisioningShadow.
public static void assertProvisioningShadow(PrismObject<ShadowType> account, ResourceType resourceType, Class<?> expetcedAttributeDefinitionClass, QName objectClass) {
// Check attribute definition
PrismContainer attributesContainer = account.findContainer(ShadowType.F_ATTRIBUTES);
assertEquals("Wrong attributes container class", ResourceAttributeContainer.class, attributesContainer.getClass());
ResourceAttributeContainer rAttributesContainer = (ResourceAttributeContainer) attributesContainer;
PrismContainerDefinition attrsDef = attributesContainer.getDefinition();
assertNotNull("No attributes container definition", attrsDef);
assertTrue("Wrong attributes definition class " + attrsDef.getClass().getName(), attrsDef instanceof ResourceAttributeContainerDefinition);
ResourceAttributeContainerDefinition rAttrsDef = (ResourceAttributeContainerDefinition) attrsDef;
ObjectClassComplexTypeDefinition objectClassDef = rAttrsDef.getComplexTypeDefinition();
assertNotNull("No object class definition in attributes definition", objectClassDef);
assertEquals("Wrong object class in attributes definition", objectClass, objectClassDef.getTypeName());
ResourceAttributeDefinition primaryIdDef = objectClassDef.getPrimaryIdentifiers().iterator().next();
ResourceAttribute<?> primaryIdAttr = rAttributesContainer.findAttribute(primaryIdDef.getName());
assertNotNull("No primary ID " + primaryIdDef.getName() + " in " + account, primaryIdAttr);
assertAttributeDefinition(primaryIdAttr, DOMUtil.XSD_STRING, 0, 1, true, false, false, expetcedAttributeDefinitionClass);
ResourceAttributeDefinition secondaryIdDef = objectClassDef.getSecondaryIdentifiers().iterator().next();
ResourceAttribute<Object> secondaryIdAttr = rAttributesContainer.findAttribute(secondaryIdDef.getName());
assertNotNull("No secondary ID " + secondaryIdDef.getName() + " in " + account, secondaryIdAttr);
assertAttributeDefinition(secondaryIdAttr, DOMUtil.XSD_STRING, 1, 1, true, true, true, expetcedAttributeDefinitionClass);
}
use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class EntitlementConverter method postProcessEntitlementEntitlementToSubject.
private <S extends ShadowType, T> void postProcessEntitlementEntitlementToSubject(ProvisioningContext subjectCtx, final PrismObject<S> resourceObject, RefinedAssociationDefinition assocDefType, final ProvisioningContext entitlementCtx, ResourceAttributeContainer attributesContainer, final PrismContainer<ShadowAssociationType> associationContainer, OperationResult parentResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
ResourceType resourceType = subjectCtx.getResource();
final QName associationName = assocDefType.getName();
final RefinedObjectClassDefinition entitlementDef = entitlementCtx.getObjectClassDefinition();
if (associationName == null) {
throw new SchemaException("No name in entitlement association " + assocDefType + " in " + resourceType);
}
QName associationAuxiliaryObjectClass = assocDefType.getAuxiliaryObjectClass();
if (associationAuxiliaryObjectClass != null && associationAuxiliaryObjectClass.getNamespaceURI() != null && !associationAuxiliaryObjectClass.getNamespaceURI().equals(ResourceTypeUtil.getResourceNamespace(resourceType))) {
LOGGER.warn("Auxiliary object class {} in association {} does not have namespace that matches {}", associationAuxiliaryObjectClass, assocDefType.getName(), resourceType);
}
if (associationAuxiliaryObjectClass != null && !subjectCtx.getObjectClassDefinition().hasAuxiliaryObjectClass(associationAuxiliaryObjectClass)) {
LOGGER.trace("Ignoring association {} because subject does not have auxiliary object class {}, it has {}", associationName, associationAuxiliaryObjectClass, subjectCtx.getObjectClassDefinition().getAuxiliaryObjectClassDefinitions());
return;
}
QName assocAttrName = assocDefType.getResourceObjectAssociationType().getAssociationAttribute();
if (assocAttrName == null) {
throw new SchemaException("No association attribute defined in entitlement association '" + associationName + "' in " + resourceType);
}
RefinedAttributeDefinition assocAttrDef = entitlementDef.findAttributeDefinition(assocAttrName);
if (assocAttrDef == null) {
throw new SchemaException("Association attribute '" + assocAttrName + "'defined in entitlement association '" + associationName + "' was not found in schema for " + resourceType);
}
QName valueAttrName = assocDefType.getResourceObjectAssociationType().getValueAttribute();
if (valueAttrName == null) {
throw new SchemaException("No value attribute defined in entitlement association '" + associationName + "' in " + resourceType);
}
ResourceAttribute<T> valueAttr = attributesContainer.findAttribute(valueAttrName);
if (valueAttr == null || valueAttr.isEmpty()) {
LOGGER.trace("Ignoring association {} because subject does not have any value in attribute {}", associationName, valueAttrName);
return;
}
if (valueAttr.size() > 1) {
throw new SchemaException("Value attribute " + valueAttrName + " has no more than one value; attribute defined in entitlement association '" + associationName + "' in " + resourceType);
}
ObjectQuery query = createQuery(assocDefType, assocAttrDef, valueAttr);
AttributesToReturn attributesToReturn = ProvisioningUtil.createAttributesToReturn(entitlementCtx);
SearchHierarchyConstraints searchHierarchyConstraints = null;
ResourceObjectReferenceType baseContextRef = entitlementDef.getBaseContext();
if (baseContextRef != null) {
// TODO: this should be done once per search. Not in every run of postProcessEntitlementEntitlementToSubject
// this has to go outside of this method
PrismObject<ShadowType> baseContextShadow = resourceObjectReferenceResolver.resolve(subjectCtx, baseContextRef, null, "base context specification in " + entitlementDef, parentResult);
RefinedObjectClassDefinition baseContextObjectClassDefinition = subjectCtx.getRefinedSchema().determineCompositeObjectClassDefinition(baseContextShadow);
ResourceObjectIdentification baseContextIdentification = ShadowUtil.getResourceObjectIdentification(baseContextShadow, baseContextObjectClassDefinition);
searchHierarchyConstraints = new SearchHierarchyConstraints(baseContextIdentification, null);
}
ResultHandler<ShadowType> handler = new ResultHandler<ShadowType>() {
@Override
public boolean handle(PrismObject<ShadowType> entitlementShadow) {
PrismContainerValue<ShadowAssociationType> associationCVal = associationContainer.createNewValue();
associationCVal.asContainerable().setName(associationName);
Collection<ResourceAttribute<?>> entitlementIdentifiers = ShadowUtil.getAllIdentifiers(entitlementShadow);
try {
ResourceAttributeContainer identifiersContainer = new ResourceAttributeContainer(ShadowAssociationType.F_IDENTIFIERS, entitlementDef.toResourceAttributeContainerDefinition(), prismContext);
associationCVal.add(identifiersContainer);
identifiersContainer.getValue().addAll(ResourceAttribute.cloneCollection(entitlementIdentifiers));
// Remember the full shadow in user data. This is used later as an optimization to create the shadow in repo
identifiersContainer.setUserData(ResourceObjectConverter.FULL_SHADOW_KEY, entitlementShadow);
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Processed entitlement-to-subject association for account {} and entitlement {}", ShadowUtil.getHumanReadableName(resourceObject), ShadowUtil.getHumanReadableName(entitlementShadow));
}
} catch (SchemaException e) {
throw new TunnelException(e);
}
return true;
}
};
ConnectorInstance connector = subjectCtx.getConnector(ReadCapabilityType.class, parentResult);
try {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Processed entitlement-to-subject association for account {}: query {}", ShadowUtil.getHumanReadableName(resourceObject), query);
}
try {
connector.search(entitlementDef, query, handler, attributesToReturn, null, searchHierarchyConstraints, subjectCtx, parentResult);
} catch (GenericFrameworkException e) {
throw new GenericConnectorException("Generic error in the connector " + connector + ". Reason: " + e.getMessage(), e);
}
} catch (TunnelException e) {
throw (SchemaException) e.getCause();
}
}
use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class EntitlementConverter method postProcessEntitlementsRead.
//////////
// GET
/////////
public void postProcessEntitlementsRead(ProvisioningContext subjectCtx, PrismObject<ShadowType> resourceObject, OperationResult parentResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
ResourceType resourceType = subjectCtx.getResource();
LOGGER.trace("Starting postProcessEntitlementRead");
RefinedObjectClassDefinition objectClassDefinition = subjectCtx.getObjectClassDefinition();
Collection<RefinedAssociationDefinition> entitlementAssociationDefs = objectClassDefinition.getAssociationDefinitions();
if (entitlementAssociationDefs != null) {
ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(resourceObject);
PrismContainerDefinition<ShadowAssociationType> associationDef = resourceObject.getDefinition().findContainerDefinition(ShadowType.F_ASSOCIATION);
PrismContainer<ShadowAssociationType> associationContainer = associationDef.instantiate();
for (RefinedAssociationDefinition assocDefType : entitlementAssociationDefs) {
ShadowKindType entitlementKind = assocDefType.getKind();
if (entitlementKind == null) {
entitlementKind = ShadowKindType.ENTITLEMENT;
}
for (String entitlementIntent : assocDefType.getIntents()) {
LOGGER.trace("Resolving association {} for kind {} and intent {}", assocDefType.getName(), entitlementKind, entitlementIntent);
ProvisioningContext entitlementCtx = subjectCtx.spawn(entitlementKind, entitlementIntent);
RefinedObjectClassDefinition entitlementDef = entitlementCtx.getObjectClassDefinition();
if (entitlementDef == null) {
throw new SchemaException("No definition for entitlement intent(s) '" + assocDefType.getIntents() + "' in " + resourceType);
}
ResourceObjectAssociationDirectionType direction = assocDefType.getResourceObjectAssociationType().getDirection();
if (direction == ResourceObjectAssociationDirectionType.SUBJECT_TO_OBJECT) {
postProcessEntitlementSubjectToEntitlement(resourceType, resourceObject, objectClassDefinition, assocDefType, entitlementDef, attributesContainer, associationContainer, parentResult);
} else if (direction == ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
if (assocDefType.getResourceObjectAssociationType().getShortcutAssociationAttribute() != null) {
postProcessEntitlementSubjectToEntitlement(resourceType, resourceObject, objectClassDefinition, assocDefType, entitlementDef, attributesContainer, associationContainer, assocDefType.getResourceObjectAssociationType().getShortcutAssociationAttribute(), assocDefType.getResourceObjectAssociationType().getShortcutValueAttribute(), parentResult);
} else {
postProcessEntitlementEntitlementToSubject(subjectCtx, resourceObject, assocDefType, entitlementCtx, attributesContainer, associationContainer, parentResult);
}
} else {
throw new IllegalArgumentException("Unknown entitlement direction " + direction + " in association " + assocDefType + " in " + resourceType);
}
}
}
if (!associationContainer.isEmpty()) {
resourceObject.add(associationContainer);
}
}
}
use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class EntitlementConverter method postProcessEntitlementSubjectToEntitlement.
private <S extends ShadowType, T> void postProcessEntitlementSubjectToEntitlement(ResourceType resourceType, PrismObject<S> resourceObject, RefinedObjectClassDefinition objectClassDefinition, RefinedAssociationDefinition assocDefType, RefinedObjectClassDefinition entitlementDef, ResourceAttributeContainer attributesContainer, PrismContainer<ShadowAssociationType> associationContainer, QName assocAttrName, QName valueAttrName, OperationResult parentResult) throws SchemaException {
QName associationName = assocDefType.getName();
if (associationName == null) {
throw new SchemaException("No name in entitlement association " + assocDefType + " in " + resourceType);
}
if (assocAttrName == null) {
throw new SchemaException("No association attribute defined in entitlement association '" + associationName + "' in " + resourceType);
}
RefinedAttributeDefinition assocAttrDef = objectClassDefinition.findAttributeDefinition(assocAttrName);
if (assocAttrDef == null) {
throw new SchemaException("Association attribute '" + assocAttrName + "'defined in entitlement association '" + associationName + "' was not found in schema for " + resourceType);
}
ResourceAttribute<T> assocAttr = attributesContainer.findAttribute(assocAttrName);
if (assocAttr == null || assocAttr.isEmpty()) {
// Nothing to do. No attribute to base the association on.
LOGGER.trace("Association attribute {} is empty, skipping association {}", assocAttrName, associationName);
return;
}
if (valueAttrName == null) {
throw new SchemaException("No value attribute defined in entitlement association '" + associationName + "' in " + resourceType);
}
RefinedAttributeDefinition valueAttrDef = entitlementDef.findAttributeDefinition(valueAttrName);
for (PrismPropertyValue<T> assocAttrPVal : assocAttr.getValues()) {
ResourceAttribute<T> valueAttribute = valueAttrDef.instantiate();
valueAttribute.add(assocAttrPVal.clone());
PrismContainerValue<ShadowAssociationType> associationCVal = associationContainer.createNewValue();
associationCVal.asContainerable().setName(associationName);
ResourceAttributeContainer identifiersContainer = new ResourceAttributeContainer(ShadowAssociationType.F_IDENTIFIERS, entitlementDef.toResourceAttributeContainerDefinition(), prismContext);
associationCVal.add(identifiersContainer);
identifiersContainer.add(valueAttribute);
LOGGER.trace("Assocciation attribute value resolved to valueAtrribute {} and identifiers container {}", valueAttribute, identifiersContainer);
}
}
use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class ConsistencyTest method test122AddAccountAlreadyExistUnlinked.
@Test
public void test122AddAccountAlreadyExistUnlinked() throws Exception {
final String TEST_NAME = "test122AddAccountAlreadyExistUnlinked";
TestUtil.displayTestTile(TEST_NAME);
// GIVEN
OperationResult parentResult = new OperationResult("Add account already exist unlinked.");
Entry entry = openDJController.addEntryFromLdifFile(LDIF_WILL_FILENAME);
Entry searchResult = openDJController.searchByUid("wturner");
OpenDJController.assertAttribute(searchResult, "l", "Caribbean");
OpenDJController.assertAttribute(searchResult, "givenName", "Will");
OpenDJController.assertAttribute(searchResult, "sn", "Turner");
OpenDJController.assertAttribute(searchResult, "cn", "Will Turner");
OpenDJController.assertAttribute(searchResult, "mail", "will.turner@blackpearl.com");
OpenDJController.assertAttribute(searchResult, "telephonenumber", "+1 408 555 1234");
OpenDJController.assertAttribute(searchResult, "facsimiletelephonenumber", "+1 408 555 4321");
String dn = searchResult.getDN().toString();
assertEquals("DN attribute " + dn + " not equals", dn, "uid=wturner,ou=People,dc=example,dc=com");
testAddUserToRepo("add user - test015 account already exist unlinked", USER_WILL_FILENAME, USER_WILL_OID);
assertUserNoAccountRef(USER_WILL_OID, parentResult);
Task task = taskManager.createTaskInstance();
//WHEN
TestUtil.displayWhen(TEST_NAME);
requestToExecuteChanges(REQUEST_USER_MODIFY_ASSIGN_ACCOUNT, USER_WILL_OID, UserType.class, task, null, parentResult);
// THEN
TestUtil.displayThen(TEST_NAME);
String accountOid = checkUser(USER_WILL_OID, task, parentResult);
// MidPointAsserts.assertAssignments(user, 1);
PrismObject<ShadowType> account = provisioningService.getObject(ShadowType.class, accountOid, null, task, parentResult);
ResourceAttributeContainer attributes = ShadowUtil.getAttributesContainer(account);
assertEquals("shadow secondary identifier not equal with the account dn. ", dn, attributes.findAttribute(getOpenDjSecondaryIdentifierQName()).getRealValue(String.class));
String identifier = attributes.getPrimaryIdentifier().getRealValue(String.class);
openDJController.searchAndAssertByEntryUuid(identifier);
}
Aggregations