Examples with ResourceAttributeContainer com.evolveum.midpoint.schema.processor.ResourceAttributeContainer used on opensource projects

Example 26 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class EntitlementConverter method collectEntitlementsAsObjectOperationDelete.

/////////
// DELETE
/////////
/**
	 * This is somehow different that all the other methods. We are not following the content of a shadow or delta. We are following
	 * the definitions. This is to avoid the need to read the object that is going to be deleted. In fact, the object should not be there
	 * any more, but we still want to clean up entitlement membership based on the information from the shadow.  
	 */
public <T> void collectEntitlementsAsObjectOperationDelete(ProvisioningContext subjectCtx, final Map<ResourceObjectDiscriminator, ResourceObjectOperations> roMap, PrismObject<ShadowType> subjectShadow, OperationResult parentResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    Collection<RefinedAssociationDefinition> entitlementAssociationDefs = subjectCtx.getObjectClassDefinition().getAssociationDefinitions();
    if (entitlementAssociationDefs == null || entitlementAssociationDefs.isEmpty()) {
        // Nothing to do
        LOGGER.trace("No associations in deleted shadow");
        return;
    }
    ResourceAttributeContainer subjectAttributesContainer = ShadowUtil.getAttributesContainer(subjectShadow);
    for (final RefinedAssociationDefinition assocDefType : subjectCtx.getObjectClassDefinition().getAssociationDefinitions()) {
        if (assocDefType.getResourceObjectAssociationType().getDirection() != ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
            // We can ignore these. They will die together with the object. No need to explicitly delete them.
            LOGGER.trace("Ignoring subject-to-object association in deleted shadow");
            continue;
        }
        if (!assocDefType.requiresExplicitReferentialIntegrity()) {
            // Referential integrity not required for this one
            LOGGER.trace("Ignoring association in deleted shadow because it does not require explicit referential integrity assurance");
            continue;
        }
        if (assocDefType.getAuxiliaryObjectClass() != null && !subjectCtx.getObjectClassDefinition().hasAuxiliaryObjectClass(assocDefType.getAuxiliaryObjectClass())) {
            LOGGER.trace("Ignoring association in deleted shadow because subject does not have {} auxiliary object class", assocDefType.getAuxiliaryObjectClass());
            continue;
        }
        QName associationName = assocDefType.getName();
        if (associationName == null) {
            throw new SchemaException("No name in entitlement association " + assocDefType + " in " + subjectCtx.getResource());
        }
        ShadowKindType entitlementKind = assocDefType.getKind();
        if (entitlementKind == null) {
            entitlementKind = ShadowKindType.ENTITLEMENT;
        }
        for (String entitlementIntent : assocDefType.getIntents()) {
            final ProvisioningContext entitlementCtx = subjectCtx.spawn(entitlementKind, entitlementIntent);
            final RefinedObjectClassDefinition entitlementOcDef = entitlementCtx.getObjectClassDefinition();
            if (entitlementOcDef == null) {
                throw new SchemaException("No definition for entitlement intent(s) '" + assocDefType.getIntents() + "' defined in entitlement association " + associationName + " in " + subjectCtx.getResource());
            }
            final QName assocAttrName = assocDefType.getResourceObjectAssociationType().getAssociationAttribute();
            if (assocAttrName == null) {
                throw new SchemaException("No association attribute defined in entitlement association '" + associationName + "' in " + subjectCtx.getResource());
            }
            final RefinedAttributeDefinition assocAttrDef = entitlementOcDef.findAttributeDefinition(assocAttrName);
            if (assocAttrDef == null) {
                throw new SchemaException("Association attribute '" + assocAttrName + "'defined in entitlement association '" + associationName + "' was not found in schema for " + subjectCtx.getResource());
            }
            QName valueAttrName = assocDefType.getResourceObjectAssociationType().getValueAttribute();
            if (valueAttrName == null) {
                throw new SchemaException("No value attribute defined in entitlement association '" + associationName + "' in " + subjectCtx.getResource());
            }
            final ResourceAttribute<T> valueAttr = subjectAttributesContainer.findAttribute(valueAttrName);
            if (valueAttr == null || valueAttr.isEmpty()) {
                // Although we cannot really remedy the situation now, we at least throw an error so the problem is detected.
                throw new SchemaException("Value attribute " + valueAttrName + " has no value; attribute defined in entitlement association '" + associationName + "' in " + subjectCtx.getResource());
            }
            if (valueAttr.size() > 1) {
                throw new SchemaException("Value attribute " + valueAttrName + " has no more than one value; attribute defined in entitlement association '" + associationName + "' in " + subjectCtx.getResource());
            }
            ObjectQuery query = createQuery(assocDefType, assocAttrDef, valueAttr);
            AttributesToReturn attributesToReturn = ProvisioningUtil.createAttributesToReturn(entitlementCtx);
            SearchHierarchyConstraints searchHierarchyConstraints = null;
            ResourceObjectReferenceType baseContextRef = entitlementOcDef.getBaseContext();
            if (baseContextRef != null) {
                PrismObject<ShadowType> baseContextShadow = resourceObjectReferenceResolver.resolve(subjectCtx, baseContextRef, null, "base context specification in " + entitlementOcDef, parentResult);
                RefinedObjectClassDefinition baseContextObjectClassDefinition = subjectCtx.getRefinedSchema().determineCompositeObjectClassDefinition(baseContextShadow);
                ResourceObjectIdentification baseContextIdentification = ShadowUtil.getResourceObjectIdentification(baseContextShadow, baseContextObjectClassDefinition);
                searchHierarchyConstraints = new SearchHierarchyConstraints(baseContextIdentification, null);
            }
            ResultHandler<ShadowType> handler = new ResultHandler<ShadowType>() {

                @Override
                public boolean handle(PrismObject<ShadowType> entitlementShadow) {
                    Collection<? extends ResourceAttribute<?>> primaryIdentifiers = ShadowUtil.getPrimaryIdentifiers(entitlementShadow);
                    ResourceObjectDiscriminator disc = new ResourceObjectDiscriminator(entitlementOcDef.getTypeName(), primaryIdentifiers);
                    ResourceObjectOperations operations = roMap.get(disc);
                    if (operations == null) {
                        operations = new ResourceObjectOperations();
                        roMap.put(disc, operations);
                        operations.setResourceObjectContext(entitlementCtx);
                        Collection<? extends ResourceAttribute<?>> allIdentifiers = ShadowUtil.getAllIdentifiers(entitlementShadow);
                        operations.setAllIdentifiers(allIdentifiers);
                    }
                    PropertyDelta<T> attributeDelta = null;
                    for (Operation operation : operations.getOperations()) {
                        if (operation instanceof PropertyModificationOperation) {
                            PropertyModificationOperation propOp = (PropertyModificationOperation) operation;
                            if (propOp.getPropertyDelta().getElementName().equals(assocAttrName)) {
                                attributeDelta = propOp.getPropertyDelta();
                            }
                        }
                    }
                    if (attributeDelta == null) {
                        attributeDelta = assocAttrDef.createEmptyDelta(new ItemPath(ShadowType.F_ATTRIBUTES, assocAttrName));
                        PropertyModificationOperation attributeModification = new PropertyModificationOperation(attributeDelta);
                        attributeModification.setMatchingRuleQName(assocDefType.getMatchingRule());
                        operations.add(attributeModification);
                    }
                    attributeDelta.addValuesToDelete(valueAttr.getClonedValues());
                    if (LOGGER.isTraceEnabled()) {
                        LOGGER.trace("Association in deleted shadow delta:\n{}", attributeDelta.debugDump());
                    }
                    return true;
                }
            };
            try {
                LOGGER.trace("Searching for associations in deleted shadow, query: {}", query);
                ConnectorInstance connector = subjectCtx.getConnector(ReadCapabilityType.class, parentResult);
                connector.search(entitlementOcDef, query, handler, attributesToReturn, null, searchHierarchyConstraints, subjectCtx, parentResult);
            } catch (TunnelException e) {
                throw (SchemaException) e.getCause();
            } catch (GenericFrameworkException e) {
                throw new GenericConnectorException(e.getMessage(), e);
            }
        }
    }
}

Example 27 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class AccessChecker method checkAdd.

public void checkAdd(ProvisioningContext ctx, PrismObject<ShadowType> shadow, OperationResult parentResult) throws SchemaException, SecurityViolationException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException {
    OperationResult result = parentResult.createMinorSubresult(OPERATION_NAME);
    ResourceAttributeContainer attributeCont = ShadowUtil.getAttributesContainer(shadow);
    for (ResourceAttribute<?> attribute : attributeCont.getAttributes()) {
        RefinedAttributeDefinition attrDef = ctx.getObjectClassDefinition().findAttributeDefinition(attribute.getElementName());
        // schema layer is the original one.
        if (attrDef == null) {
            String msg = "No definition for attribute " + attribute.getElementName() + " in " + ctx.getObjectClassDefinition();
            result.recordFatalError(msg);
            throw new SchemaException(msg);
        }
        PropertyLimitations limitations = attrDef.getLimitations(LayerType.MODEL);
        if (limitations == null) {
            continue;
        }
        // We cannot throw error here. At least not now. Provisioning will internally use ignored attributes
        // e.g. for simulated capabilities. This is not a problem for normal operations, but it is a problem
        // for delayed operations (e.g. consistency) that are passing through this code again.
        // TODO: we need to figure a way how to avoid this loop
        //			if (limitations.isIgnore()) {
        //				String message = "Attempt to create shadow with ignored attribute "+attribute.getName();
        //				LOGGER.error(message);
        //				throw new SchemaException(message);
        //			}
        PropertyAccessType access = limitations.getAccess();
        if (access == null) {
            continue;
        }
        if (access.isAdd() == null || !access.isAdd()) {
            String message = "Attempt to add shadow with non-createable attribute " + attribute.getElementName();
            LOGGER.error(message);
            result.recordFatalError(message);
            throw new SecurityViolationException(message);
        }
    }
    result.recordSuccess();
}

Example 28 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class TestDummy method test802LiveSyncModifyBlackbeard.

@Test
public void test802LiveSyncModifyBlackbeard() throws Exception {
    final String TEST_NAME = "test802LiveSyncModifyBlackbeard";
    TestUtil.displayTestTile(TEST_NAME);
    // GIVEN
    OperationResult result = new OperationResult(TestDummy.class.getName() + "." + TEST_NAME);
    syncServiceMock.reset();
    DummyAccount dummyAccount = getDummyAccountAssert(BLACKBEARD_USERNAME, blackbeardIcfUid);
    dummyAccount.replaceAttributeValue("fullname", "Captain Blackbeard");
    display("Resource before sync", dummyResource.debugDump());
    ResourceShadowDiscriminator coords = new ResourceShadowDiscriminator(RESOURCE_DUMMY_OID, ProvisioningTestUtil.getDefaultAccountObjectClass(resourceType));
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    provisioningService.synchronize(coords, syncTokenTask, result);
    // THEN
    result.computeStatus();
    display("Synchronization result", result);
    TestUtil.assertSuccess("Synchronization result is not OK", result);
    syncServiceMock.assertNotifyChange();
    ResourceObjectShadowChangeDescription lastChange = syncServiceMock.getLastChange();
    display("The change", lastChange);
    PrismObject<? extends ShadowType> oldShadow = lastChange.getOldShadow();
    assertSyncOldShadow(oldShadow, getBlackbeardRepoIcfName());
    assertNull("Delta present when not expecting it", lastChange.getObjectDelta());
    PrismObject<ShadowType> currentShadow = lastChange.getCurrentShadow();
    assertNotNull("Current shadow missing", lastChange.getCurrentShadow());
    assertTrue("Wrong type of current shadow: " + currentShadow.getClass().getName(), currentShadow.canRepresent(ShadowType.class));
    ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(currentShadow);
    assertNotNull("No attributes container in current shadow", attributesContainer);
    Collection<ResourceAttribute<?>> attributes = attributesContainer.getAttributes();
    assertFalse("Attributes container is empty", attributes.isEmpty());
    assertAttribute(currentShadow, DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_FULLNAME_NAME, "Captain Blackbeard");
    assertAttribute(currentShadow, DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_LOOT_NAME, 66666L);
    assertEquals("Unexpected number of attributes", 4, attributes.size());
    PrismObject<ShadowType> accountRepo = findAccountShadowByUsername(getBlackbeardRepoIcfName(), resource, result);
    assertNotNull("Shadow was not created in the repository", accountRepo);
    display("Repository shadow", accountRepo);
    checkRepoAccountShadow(accountRepo);
    checkAllShadows();
    assertSteadyResource();
}

Example 29 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class TestDummy method testLiveSyncAddDrake.

public void testLiveSyncAddDrake(final String TEST_NAME, DummySyncStyle syncStyle, QName objectClass) throws Exception {
    TestUtil.displayTestTile(TEST_NAME);
    // GIVEN
    OperationResult result = new OperationResult(TestDummy.class.getName() + "." + TEST_NAME);
    syncServiceMock.reset();
    dummyResource.setSyncStyle(syncStyle);
    DummyAccount newAccount = new DummyAccount(DRAKE_USERNAME);
    newAccount.addAttributeValues("fullname", "Sir Francis Drake");
    newAccount.setEnabled(true);
    newAccount.setPassword("avast!");
    dummyResource.addAccount(newAccount);
    drakeIcfUid = newAccount.getId();
    display("Resource before sync", dummyResource.debugDump());
    ResourceShadowDiscriminator coords = new ResourceShadowDiscriminator(RESOURCE_DUMMY_OID, objectClass);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    provisioningService.synchronize(coords, syncTokenTask, result);
    // THEN
    TestUtil.displayThen(TEST_NAME);
    result.computeStatus();
    display("Synchronization result", result);
    TestUtil.assertSuccess("Synchronization result is not OK", result);
    syncServiceMock.assertNotifyChange();
    ResourceObjectShadowChangeDescription lastChange = syncServiceMock.getLastChange();
    display("The change", lastChange);
    PrismObject<? extends ShadowType> oldShadow = lastChange.getOldShadow();
    assertNotNull("Old shadow missing", oldShadow);
    assertNotNull("Old shadow does not have an OID", oldShadow.getOid());
    if (syncStyle == DummySyncStyle.DUMB) {
        assertNull("Delta present when not expecting it", lastChange.getObjectDelta());
    } else {
        ObjectDelta<? extends ShadowType> objectDelta = lastChange.getObjectDelta();
        assertNotNull("Delta present when not expecting it", objectDelta);
        assertTrue("Delta is not add: " + objectDelta, objectDelta.isAdd());
    }
    ShadowType currentShadowType = lastChange.getCurrentShadow().asObjectable();
    assertNotNull("Current shadow missing", lastChange.getCurrentShadow());
    PrismAsserts.assertClass("current shadow", ShadowType.class, currentShadowType);
    ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(currentShadowType);
    assertNotNull("No attributes container in current shadow", attributesContainer);
    Collection<ResourceAttribute<?>> attributes = attributesContainer.getAttributes();
    assertFalse("Attributes container is empty", attributes.isEmpty());
    assertEquals("Unexpected number of attributes", 3, attributes.size());
    ResourceAttribute<?> fullnameAttribute = attributesContainer.findAttribute(new QName(ResourceTypeUtil.getResourceNamespace(resourceType), "fullname"));
    assertNotNull("No fullname attribute in current shadow", fullnameAttribute);
    assertEquals("Wrong value of fullname attribute in current shadow", "Sir Francis Drake", fullnameAttribute.getRealValue());
    drakeAccountOid = currentShadowType.getOid();
    PrismObject<ShadowType> repoShadow = repositoryService.getObject(ShadowType.class, drakeAccountOid, null, result);
    display("Drake repo shadow", repoShadow);
    PrismObject<ShadowType> accountRepo = findAccountShadowByUsername(getDrakeRepoIcfName(), resource, result);
    assertNotNull("Shadow was not created in the repository", accountRepo);
    display("Repository shadow", accountRepo);
    checkRepoAccountShadow(accountRepo);
    checkAllShadows();
    assertSteadyResource();
}

Example 30 with ResourceAttributeContainer

use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.

the class TestDummy method test128NullAttributeValue.

/**
	 * Set a null value to the (native) dummy attribute. The UCF layer should filter that out.
	 */
@Test
public void test128NullAttributeValue() throws Exception {
    final String TEST_NAME = "test128NullAttributeValue";
    TestUtil.displayTestTile(TEST_NAME);
    Task task = taskManager.createTaskInstance(TestDummy.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    syncServiceMock.reset();
    DummyAccount willDummyAccount = getDummyAccountAssert(transformNameFromResource(ACCOUNT_WILL_USERNAME), willIcfUid);
    willDummyAccount.replaceAttributeValue(DUMMY_ACCOUNT_ATTRIBUTE_TITLE_NAME, null);
    // WHEN
    PrismObject<ShadowType> accountWill = provisioningService.getObject(ShadowType.class, ACCOUNT_WILL_OID, null, task, result);
    // THEN
    result.computeStatus();
    display("getObject result", result);
    TestUtil.assertSuccess(result);
    ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(accountWill);
    ResourceAttribute<Object> titleAttribute = attributesContainer.findAttribute(new QName(ResourceTypeUtil.getResourceNamespace(resourceType), DUMMY_ACCOUNT_ATTRIBUTE_TITLE_NAME));
    assertNull("Title attribute sneaked in", titleAttribute);
    accountWill.checkConsistence();
    assertSteadyResource();
}