use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class EntitlementConverter method collectEntitlementsAsObjectOperationDelete.
/////////
// DELETE
/////////
/**
* This is somehow different that all the other methods. We are not following the content of a shadow or delta. We are following
* the definitions. This is to avoid the need to read the object that is going to be deleted. In fact, the object should not be there
* any more, but we still want to clean up entitlement membership based on the information from the shadow.
*/
public <T> void collectEntitlementsAsObjectOperationDelete(ProvisioningContext subjectCtx, final Map<ResourceObjectDiscriminator, ResourceObjectOperations> roMap, PrismObject<ShadowType> subjectShadow, OperationResult parentResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
Collection<RefinedAssociationDefinition> entitlementAssociationDefs = subjectCtx.getObjectClassDefinition().getAssociationDefinitions();
if (entitlementAssociationDefs == null || entitlementAssociationDefs.isEmpty()) {
// Nothing to do
LOGGER.trace("No associations in deleted shadow");
return;
}
ResourceAttributeContainer subjectAttributesContainer = ShadowUtil.getAttributesContainer(subjectShadow);
for (final RefinedAssociationDefinition assocDefType : subjectCtx.getObjectClassDefinition().getAssociationDefinitions()) {
if (assocDefType.getResourceObjectAssociationType().getDirection() != ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
// We can ignore these. They will die together with the object. No need to explicitly delete them.
LOGGER.trace("Ignoring subject-to-object association in deleted shadow");
continue;
}
if (!assocDefType.requiresExplicitReferentialIntegrity()) {
// Referential integrity not required for this one
LOGGER.trace("Ignoring association in deleted shadow because it does not require explicit referential integrity assurance");
continue;
}
if (assocDefType.getAuxiliaryObjectClass() != null && !subjectCtx.getObjectClassDefinition().hasAuxiliaryObjectClass(assocDefType.getAuxiliaryObjectClass())) {
LOGGER.trace("Ignoring association in deleted shadow because subject does not have {} auxiliary object class", assocDefType.getAuxiliaryObjectClass());
continue;
}
QName associationName = assocDefType.getName();
if (associationName == null) {
throw new SchemaException("No name in entitlement association " + assocDefType + " in " + subjectCtx.getResource());
}
ShadowKindType entitlementKind = assocDefType.getKind();
if (entitlementKind == null) {
entitlementKind = ShadowKindType.ENTITLEMENT;
}
for (String entitlementIntent : assocDefType.getIntents()) {
final ProvisioningContext entitlementCtx = subjectCtx.spawn(entitlementKind, entitlementIntent);
final RefinedObjectClassDefinition entitlementOcDef = entitlementCtx.getObjectClassDefinition();
if (entitlementOcDef == null) {
throw new SchemaException("No definition for entitlement intent(s) '" + assocDefType.getIntents() + "' defined in entitlement association " + associationName + " in " + subjectCtx.getResource());
}
final QName assocAttrName = assocDefType.getResourceObjectAssociationType().getAssociationAttribute();
if (assocAttrName == null) {
throw new SchemaException("No association attribute defined in entitlement association '" + associationName + "' in " + subjectCtx.getResource());
}
final RefinedAttributeDefinition assocAttrDef = entitlementOcDef.findAttributeDefinition(assocAttrName);
if (assocAttrDef == null) {
throw new SchemaException("Association attribute '" + assocAttrName + "'defined in entitlement association '" + associationName + "' was not found in schema for " + subjectCtx.getResource());
}
QName valueAttrName = assocDefType.getResourceObjectAssociationType().getValueAttribute();
if (valueAttrName == null) {
throw new SchemaException("No value attribute defined in entitlement association '" + associationName + "' in " + subjectCtx.getResource());
}
final ResourceAttribute<T> valueAttr = subjectAttributesContainer.findAttribute(valueAttrName);
if (valueAttr == null || valueAttr.isEmpty()) {
// Although we cannot really remedy the situation now, we at least throw an error so the problem is detected.
throw new SchemaException("Value attribute " + valueAttrName + " has no value; attribute defined in entitlement association '" + associationName + "' in " + subjectCtx.getResource());
}
if (valueAttr.size() > 1) {
throw new SchemaException("Value attribute " + valueAttrName + " has no more than one value; attribute defined in entitlement association '" + associationName + "' in " + subjectCtx.getResource());
}
ObjectQuery query = createQuery(assocDefType, assocAttrDef, valueAttr);
AttributesToReturn attributesToReturn = ProvisioningUtil.createAttributesToReturn(entitlementCtx);
SearchHierarchyConstraints searchHierarchyConstraints = null;
ResourceObjectReferenceType baseContextRef = entitlementOcDef.getBaseContext();
if (baseContextRef != null) {
PrismObject<ShadowType> baseContextShadow = resourceObjectReferenceResolver.resolve(subjectCtx, baseContextRef, null, "base context specification in " + entitlementOcDef, parentResult);
RefinedObjectClassDefinition baseContextObjectClassDefinition = subjectCtx.getRefinedSchema().determineCompositeObjectClassDefinition(baseContextShadow);
ResourceObjectIdentification baseContextIdentification = ShadowUtil.getResourceObjectIdentification(baseContextShadow, baseContextObjectClassDefinition);
searchHierarchyConstraints = new SearchHierarchyConstraints(baseContextIdentification, null);
}
ResultHandler<ShadowType> handler = new ResultHandler<ShadowType>() {
@Override
public boolean handle(PrismObject<ShadowType> entitlementShadow) {
Collection<? extends ResourceAttribute<?>> primaryIdentifiers = ShadowUtil.getPrimaryIdentifiers(entitlementShadow);
ResourceObjectDiscriminator disc = new ResourceObjectDiscriminator(entitlementOcDef.getTypeName(), primaryIdentifiers);
ResourceObjectOperations operations = roMap.get(disc);
if (operations == null) {
operations = new ResourceObjectOperations();
roMap.put(disc, operations);
operations.setResourceObjectContext(entitlementCtx);
Collection<? extends ResourceAttribute<?>> allIdentifiers = ShadowUtil.getAllIdentifiers(entitlementShadow);
operations.setAllIdentifiers(allIdentifiers);
}
PropertyDelta<T> attributeDelta = null;
for (Operation operation : operations.getOperations()) {
if (operation instanceof PropertyModificationOperation) {
PropertyModificationOperation propOp = (PropertyModificationOperation) operation;
if (propOp.getPropertyDelta().getElementName().equals(assocAttrName)) {
attributeDelta = propOp.getPropertyDelta();
}
}
}
if (attributeDelta == null) {
attributeDelta = assocAttrDef.createEmptyDelta(new ItemPath(ShadowType.F_ATTRIBUTES, assocAttrName));
PropertyModificationOperation attributeModification = new PropertyModificationOperation(attributeDelta);
attributeModification.setMatchingRuleQName(assocDefType.getMatchingRule());
operations.add(attributeModification);
}
attributeDelta.addValuesToDelete(valueAttr.getClonedValues());
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Association in deleted shadow delta:\n{}", attributeDelta.debugDump());
}
return true;
}
};
try {
LOGGER.trace("Searching for associations in deleted shadow, query: {}", query);
ConnectorInstance connector = subjectCtx.getConnector(ReadCapabilityType.class, parentResult);
connector.search(entitlementOcDef, query, handler, attributesToReturn, null, searchHierarchyConstraints, subjectCtx, parentResult);
} catch (TunnelException e) {
throw (SchemaException) e.getCause();
} catch (GenericFrameworkException e) {
throw new GenericConnectorException(e.getMessage(), e);
}
}
}
}
use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class AccessChecker method checkAdd.
public void checkAdd(ProvisioningContext ctx, PrismObject<ShadowType> shadow, OperationResult parentResult) throws SchemaException, SecurityViolationException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException {
OperationResult result = parentResult.createMinorSubresult(OPERATION_NAME);
ResourceAttributeContainer attributeCont = ShadowUtil.getAttributesContainer(shadow);
for (ResourceAttribute<?> attribute : attributeCont.getAttributes()) {
RefinedAttributeDefinition attrDef = ctx.getObjectClassDefinition().findAttributeDefinition(attribute.getElementName());
// schema layer is the original one.
if (attrDef == null) {
String msg = "No definition for attribute " + attribute.getElementName() + " in " + ctx.getObjectClassDefinition();
result.recordFatalError(msg);
throw new SchemaException(msg);
}
PropertyLimitations limitations = attrDef.getLimitations(LayerType.MODEL);
if (limitations == null) {
continue;
}
// We cannot throw error here. At least not now. Provisioning will internally use ignored attributes
// e.g. for simulated capabilities. This is not a problem for normal operations, but it is a problem
// for delayed operations (e.g. consistency) that are passing through this code again.
// TODO: we need to figure a way how to avoid this loop
// if (limitations.isIgnore()) {
// String message = "Attempt to create shadow with ignored attribute "+attribute.getName();
// LOGGER.error(message);
// throw new SchemaException(message);
// }
PropertyAccessType access = limitations.getAccess();
if (access == null) {
continue;
}
if (access.isAdd() == null || !access.isAdd()) {
String message = "Attempt to add shadow with non-createable attribute " + attribute.getElementName();
LOGGER.error(message);
result.recordFatalError(message);
throw new SecurityViolationException(message);
}
}
result.recordSuccess();
}
use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class TestDummy method test802LiveSyncModifyBlackbeard.
@Test
public void test802LiveSyncModifyBlackbeard() throws Exception {
final String TEST_NAME = "test802LiveSyncModifyBlackbeard";
TestUtil.displayTestTile(TEST_NAME);
// GIVEN
OperationResult result = new OperationResult(TestDummy.class.getName() + "." + TEST_NAME);
syncServiceMock.reset();
DummyAccount dummyAccount = getDummyAccountAssert(BLACKBEARD_USERNAME, blackbeardIcfUid);
dummyAccount.replaceAttributeValue("fullname", "Captain Blackbeard");
display("Resource before sync", dummyResource.debugDump());
ResourceShadowDiscriminator coords = new ResourceShadowDiscriminator(RESOURCE_DUMMY_OID, ProvisioningTestUtil.getDefaultAccountObjectClass(resourceType));
// WHEN
TestUtil.displayWhen(TEST_NAME);
provisioningService.synchronize(coords, syncTokenTask, result);
// THEN
result.computeStatus();
display("Synchronization result", result);
TestUtil.assertSuccess("Synchronization result is not OK", result);
syncServiceMock.assertNotifyChange();
ResourceObjectShadowChangeDescription lastChange = syncServiceMock.getLastChange();
display("The change", lastChange);
PrismObject<? extends ShadowType> oldShadow = lastChange.getOldShadow();
assertSyncOldShadow(oldShadow, getBlackbeardRepoIcfName());
assertNull("Delta present when not expecting it", lastChange.getObjectDelta());
PrismObject<ShadowType> currentShadow = lastChange.getCurrentShadow();
assertNotNull("Current shadow missing", lastChange.getCurrentShadow());
assertTrue("Wrong type of current shadow: " + currentShadow.getClass().getName(), currentShadow.canRepresent(ShadowType.class));
ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(currentShadow);
assertNotNull("No attributes container in current shadow", attributesContainer);
Collection<ResourceAttribute<?>> attributes = attributesContainer.getAttributes();
assertFalse("Attributes container is empty", attributes.isEmpty());
assertAttribute(currentShadow, DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_FULLNAME_NAME, "Captain Blackbeard");
assertAttribute(currentShadow, DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_LOOT_NAME, 66666L);
assertEquals("Unexpected number of attributes", 4, attributes.size());
PrismObject<ShadowType> accountRepo = findAccountShadowByUsername(getBlackbeardRepoIcfName(), resource, result);
assertNotNull("Shadow was not created in the repository", accountRepo);
display("Repository shadow", accountRepo);
checkRepoAccountShadow(accountRepo);
checkAllShadows();
assertSteadyResource();
}
use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class TestDummy method testLiveSyncAddDrake.
public void testLiveSyncAddDrake(final String TEST_NAME, DummySyncStyle syncStyle, QName objectClass) throws Exception {
TestUtil.displayTestTile(TEST_NAME);
// GIVEN
OperationResult result = new OperationResult(TestDummy.class.getName() + "." + TEST_NAME);
syncServiceMock.reset();
dummyResource.setSyncStyle(syncStyle);
DummyAccount newAccount = new DummyAccount(DRAKE_USERNAME);
newAccount.addAttributeValues("fullname", "Sir Francis Drake");
newAccount.setEnabled(true);
newAccount.setPassword("avast!");
dummyResource.addAccount(newAccount);
drakeIcfUid = newAccount.getId();
display("Resource before sync", dummyResource.debugDump());
ResourceShadowDiscriminator coords = new ResourceShadowDiscriminator(RESOURCE_DUMMY_OID, objectClass);
// WHEN
TestUtil.displayWhen(TEST_NAME);
provisioningService.synchronize(coords, syncTokenTask, result);
// THEN
TestUtil.displayThen(TEST_NAME);
result.computeStatus();
display("Synchronization result", result);
TestUtil.assertSuccess("Synchronization result is not OK", result);
syncServiceMock.assertNotifyChange();
ResourceObjectShadowChangeDescription lastChange = syncServiceMock.getLastChange();
display("The change", lastChange);
PrismObject<? extends ShadowType> oldShadow = lastChange.getOldShadow();
assertNotNull("Old shadow missing", oldShadow);
assertNotNull("Old shadow does not have an OID", oldShadow.getOid());
if (syncStyle == DummySyncStyle.DUMB) {
assertNull("Delta present when not expecting it", lastChange.getObjectDelta());
} else {
ObjectDelta<? extends ShadowType> objectDelta = lastChange.getObjectDelta();
assertNotNull("Delta present when not expecting it", objectDelta);
assertTrue("Delta is not add: " + objectDelta, objectDelta.isAdd());
}
ShadowType currentShadowType = lastChange.getCurrentShadow().asObjectable();
assertNotNull("Current shadow missing", lastChange.getCurrentShadow());
PrismAsserts.assertClass("current shadow", ShadowType.class, currentShadowType);
ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(currentShadowType);
assertNotNull("No attributes container in current shadow", attributesContainer);
Collection<ResourceAttribute<?>> attributes = attributesContainer.getAttributes();
assertFalse("Attributes container is empty", attributes.isEmpty());
assertEquals("Unexpected number of attributes", 3, attributes.size());
ResourceAttribute<?> fullnameAttribute = attributesContainer.findAttribute(new QName(ResourceTypeUtil.getResourceNamespace(resourceType), "fullname"));
assertNotNull("No fullname attribute in current shadow", fullnameAttribute);
assertEquals("Wrong value of fullname attribute in current shadow", "Sir Francis Drake", fullnameAttribute.getRealValue());
drakeAccountOid = currentShadowType.getOid();
PrismObject<ShadowType> repoShadow = repositoryService.getObject(ShadowType.class, drakeAccountOid, null, result);
display("Drake repo shadow", repoShadow);
PrismObject<ShadowType> accountRepo = findAccountShadowByUsername(getDrakeRepoIcfName(), resource, result);
assertNotNull("Shadow was not created in the repository", accountRepo);
display("Repository shadow", accountRepo);
checkRepoAccountShadow(accountRepo);
checkAllShadows();
assertSteadyResource();
}
use of com.evolveum.midpoint.schema.processor.ResourceAttributeContainer in project midpoint by Evolveum.
the class TestDummy method test128NullAttributeValue.
/**
* Set a null value to the (native) dummy attribute. The UCF layer should filter that out.
*/
@Test
public void test128NullAttributeValue() throws Exception {
final String TEST_NAME = "test128NullAttributeValue";
TestUtil.displayTestTile(TEST_NAME);
Task task = taskManager.createTaskInstance(TestDummy.class.getName() + "." + TEST_NAME);
OperationResult result = task.getResult();
syncServiceMock.reset();
DummyAccount willDummyAccount = getDummyAccountAssert(transformNameFromResource(ACCOUNT_WILL_USERNAME), willIcfUid);
willDummyAccount.replaceAttributeValue(DUMMY_ACCOUNT_ATTRIBUTE_TITLE_NAME, null);
// WHEN
PrismObject<ShadowType> accountWill = provisioningService.getObject(ShadowType.class, ACCOUNT_WILL_OID, null, task, result);
// THEN
result.computeStatus();
display("getObject result", result);
TestUtil.assertSuccess(result);
ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(accountWill);
ResourceAttribute<Object> titleAttribute = attributesContainer.findAttribute(new QName(ResourceTypeUtil.getResourceNamespace(resourceType), DUMMY_ACCOUNT_ATTRIBUTE_TITLE_NAME));
assertNull("Title attribute sneaked in", titleAttribute);
accountWill.checkConsistence();
assertSteadyResource();
}
Aggregations