Examples with ResourceAttributeDefinition com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition used on opensource projects

Example 6 with ResourceAttributeDefinition

use of com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition in project midpoint by Evolveum.

the class ConstraintsChecker method check.

public ConstraintsCheckingResult check(Task task, OperationResult result) throws SchemaException, ObjectAlreadyExistsException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    constraintsCheckingResult = new ConstraintsCheckingResult();
    constraintsCheckingResult.setSatisfiesConstraints(true);
    PrismContainer<?> attributesContainer = shadowObject.findContainer(ShadowType.F_ATTRIBUTES);
    if (attributesContainer == null) {
        // No attributes no constraint violations
        LOGGER.trace("Current shadow does not contain attributes, skipping checking uniqueness.");
        return constraintsCheckingResult;
    }
    Collection<? extends ResourceAttributeDefinition> uniqueAttributeDefs = MiscUtil.unionExtends(shadowDefinition.getPrimaryIdentifiers(), shadowDefinition.getSecondaryIdentifiers());
    LOGGER.trace("Secondary IDs {}", shadowDefinition.getSecondaryIdentifiers());
    for (ResourceAttributeDefinition attrDef : uniqueAttributeDefs) {
        PrismProperty<?> attr = attributesContainer.findProperty(attrDef.getName());
        LOGGER.trace("Attempt to check uniqueness of {} (def {})", attr, attrDef);
        if (attr == null) {
            continue;
        }
        constraintsCheckingResult.getCheckedAttributes().add(attr.getElementName());
        boolean unique = checkAttributeUniqueness(attr, shadowDefinition, resourceType, shadowOid, task, result);
        if (!unique) {
            LOGGER.debug("Attribute {} conflicts with existing object (in {})", attr, resourceShadowDiscriminator);
            constraintsCheckingResult.getConflictingAttributes().add(attr.getElementName());
            constraintsCheckingResult.setSatisfiesConstraints(false);
        }
    }
    constraintsCheckingResult.setMessages(messageBuilder.toString());
    return constraintsCheckingResult;
}

Example 7 with ResourceAttributeDefinition

use of com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition in project midpoint by Evolveum.

the class ConnIdConvertor method convertToResourceObject.

/**
	 * Converts ICF ConnectorObject to the midPoint ResourceObject.
	 * <p/>
	 * All the attributes are mapped using the same way as they are mapped in
	 * the schema (which is actually no mapping at all now).
	 * <p/>
	 * If an optional ResourceObjectDefinition was provided, the resulting
	 * ResourceObject is schema-aware (getDefinition() method works). If no
	 * ResourceObjectDefinition was provided, the object is schema-less. TODO:
	 * this still needs to be implemented.
	 * 
	 * @param co
	 *            ICF ConnectorObject to convert
	 * @param def
	 *            ResourceObjectDefinition (from the schema) or null
	 * @param full
	 *            if true it describes if the returned resource object should
	 *            contain all of the attributes defined in the schema, if false
	 *            the returned resource object will contain only attributed with
	 *            the non-null values.
	 * @return new mapped ResourceObject instance.
	 * @throws SchemaException
	 */
<T extends ShadowType> PrismObject<T> convertToResourceObject(ConnectorObject co, PrismObjectDefinition<T> objectDefinition, boolean full, boolean caseIgnoreAttributeNames, boolean legacySchema) throws SchemaException {
    PrismObject<T> shadowPrism = null;
    if (objectDefinition != null) {
        shadowPrism = objectDefinition.instantiate();
    } else {
        throw new SchemaException("No definition");
    }
    // LOGGER.trace("Instantiated prism object {} from connector object.",
    // shadowPrism.debugDump());
    T shadow = shadowPrism.asObjectable();
    ResourceAttributeContainer attributesContainer = (ResourceAttributeContainer) shadowPrism.findOrCreateContainer(ShadowType.F_ATTRIBUTES);
    ResourceAttributeContainerDefinition attributesContainerDefinition = attributesContainer.getDefinition();
    shadow.setObjectClass(attributesContainerDefinition.getTypeName());
    List<ObjectClassComplexTypeDefinition> auxiliaryObjectClassDefinitions = new ArrayList<>();
    for (Attribute icfAttr : co.getAttributes()) {
        if (icfAttr.is(PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME)) {
            List<QName> auxiliaryObjectClasses = shadow.getAuxiliaryObjectClass();
            for (Object auxiliaryIcfObjectClass : icfAttr.getValue()) {
                QName auxiliaryObjectClassQname = icfNameMapper.objectClassToQname(new ObjectClass((String) auxiliaryIcfObjectClass), resourceSchemaNamespace, legacySchema);
                auxiliaryObjectClasses.add(auxiliaryObjectClassQname);
                ObjectClassComplexTypeDefinition auxiliaryObjectClassDefinition = icfNameMapper.getResourceSchema().findObjectClassDefinition(auxiliaryObjectClassQname);
                if (auxiliaryObjectClassDefinition == null) {
                    throw new SchemaException("Resource object " + co + " refers to auxiliary object class " + auxiliaryObjectClassQname + " which is not in the schema");
                }
                auxiliaryObjectClassDefinitions.add(auxiliaryObjectClassDefinition);
            }
            break;
        }
    }
    for (Attribute icfAttr : co.getAttributes()) {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Reading ICF attribute {}: {}", icfAttr.getName(), icfAttr.getValue());
        }
        if (icfAttr.getName().equals(Uid.NAME)) {
            // UID is handled specially (see above)
            continue;
        }
        if (icfAttr.is(PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME)) {
            // Already processed
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.PASSWORD_NAME)) {
            // password has to go to the credentials section
            ProtectedStringType password = getSingleValue(icfAttr, ProtectedStringType.class);
            if (password == null) {
                // equals() instead of == is needed. The AttributeValueCompleteness enum may be loaded by different classloader
                if (!AttributeValueCompleteness.INCOMPLETE.equals(icfAttr.getAttributeValueCompleteness())) {
                    continue;
                }
                // There is no password value in the ConnId attribute. But it was indicated that
                // that attribute is incomplete. Therefore we can assume that there in fact is a value.
                // We just do not know it.
                ShadowUtil.setPasswordIncomplete(shadow);
                LOGGER.trace("Converted password: (incomplete)");
            } else {
                ShadowUtil.setPassword(shadow, password);
                LOGGER.trace("Converted password: {}", password);
            }
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.ENABLE_NAME)) {
            Boolean enabled = getSingleValue(icfAttr, Boolean.class);
            if (enabled == null) {
                continue;
            }
            ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
            ActivationStatusType activationStatusType;
            if (enabled) {
                activationStatusType = ActivationStatusType.ENABLED;
            } else {
                activationStatusType = ActivationStatusType.DISABLED;
            }
            activationType.setAdministrativeStatus(activationStatusType);
            activationType.setEffectiveStatus(activationStatusType);
            LOGGER.trace("Converted activation administrativeStatus: {}", activationStatusType);
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.ENABLE_DATE_NAME)) {
            Long millis = getSingleValue(icfAttr, Long.class);
            if (millis == null) {
                continue;
            }
            ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
            activationType.setValidFrom(XmlTypeConverter.createXMLGregorianCalendar(millis));
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.DISABLE_DATE_NAME)) {
            Long millis = getSingleValue(icfAttr, Long.class);
            if (millis == null) {
                continue;
            }
            ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
            activationType.setValidTo(XmlTypeConverter.createXMLGregorianCalendar(millis));
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.LOCK_OUT_NAME)) {
            Boolean lockOut = getSingleValue(icfAttr, Boolean.class);
            if (lockOut == null) {
                continue;
            }
            ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
            LockoutStatusType lockoutStatusType;
            if (lockOut) {
                lockoutStatusType = LockoutStatusType.LOCKED;
            } else {
                lockoutStatusType = LockoutStatusType.NORMAL;
            }
            activationType.setLockoutStatus(lockoutStatusType);
            LOGGER.trace("Converted activation lockoutStatus: {}", lockoutStatusType);
            continue;
        }
        QName qname = icfNameMapper.convertAttributeNameToQName(icfAttr.getName(), attributesContainerDefinition);
        ResourceAttributeDefinition attributeDefinition = attributesContainerDefinition.findAttributeDefinition(qname, caseIgnoreAttributeNames);
        if (attributeDefinition == null) {
            // Try to locate definition in auxiliary object classes
            for (ObjectClassComplexTypeDefinition auxiliaryObjectClassDefinition : auxiliaryObjectClassDefinitions) {
                attributeDefinition = auxiliaryObjectClassDefinition.findAttributeDefinition(qname, caseIgnoreAttributeNames);
                if (attributeDefinition != null) {
                    break;
                }
            }
            if (attributeDefinition == null) {
                throw new SchemaException("Unknown attribute " + qname + " in definition of object class " + attributesContainerDefinition.getTypeName() + ". Original ICF name: " + icfAttr.getName(), qname);
            }
        }
        if (caseIgnoreAttributeNames) {
            // normalized version
            qname = attributeDefinition.getName();
        }
        ResourceAttribute<Object> resourceAttribute = attributeDefinition.instantiate(qname);
        // resource object also with the null-values attributes
        if (full) {
            if (icfAttr.getValue() != null) {
                // of them may need it (e.g. GuardedString)
                for (Object icfValue : icfAttr.getValue()) {
                    Object value = convertValueFromIcf(icfValue, qname);
                    resourceAttribute.add(new PrismPropertyValue<>(value));
                }
            }
            LOGGER.trace("Converted attribute {}", resourceAttribute);
            attributesContainer.getValue().add(resourceAttribute);
        // in this case when false, we need only the attributes with the
        // non-null values.
        } else {
            if (icfAttr.getValue() != null && !icfAttr.getValue().isEmpty()) {
                // Convert the values. While most values do not need
                // conversions, some of them may need it (e.g. GuardedString)
                boolean empty = true;
                for (Object icfValue : icfAttr.getValue()) {
                    if (icfValue != null) {
                        Object value = convertValueFromIcf(icfValue, qname);
                        empty = false;
                        resourceAttribute.add(new PrismPropertyValue<>(value));
                    }
                }
                if (!empty) {
                    LOGGER.trace("Converted attribute {}", resourceAttribute);
                    attributesContainer.getValue().add(resourceAttribute);
                }
            }
        }
    }
    // Add Uid if it is not there already. It can be already present, 
    // e.g. if Uid and Name represent the same attribute
    Uid uid = co.getUid();
    ObjectClassComplexTypeDefinition ocDef = attributesContainerDefinition.getComplexTypeDefinition();
    ResourceAttributeDefinition<String> uidDefinition = ConnIdUtil.getUidDefinition(ocDef);
    if (uidDefinition == null) {
        throw new SchemaException("No definition for ConnId UID attribute found in definition " + ocDef);
    }
    if (attributesContainer.getValue().findItem(uidDefinition.getName()) == null) {
        ResourceAttribute<String> uidRoa = uidDefinition.instantiate();
        uidRoa.setValue(new PrismPropertyValue<String>(uid.getUidValue()));
        attributesContainer.getValue().add(uidRoa);
    }
    return shadowPrism;
}

Example 8 with ResourceAttributeDefinition

use of com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition in project midpoint by Evolveum.

the class ProjectionValuesProcessor method checkSchemaAndPolicies.

/**
 * Check that the primary deltas do not violate schema and policies
 * TODO: implement schema check
 */
private void checkSchemaAndPolicies(LensProjectionContext accountContext, String activityDescription) throws SchemaException, PolicyViolationException {
    ObjectDelta<ShadowType> primaryDelta = accountContext.getPrimaryDelta();
    if (primaryDelta == null || primaryDelta.isDelete()) {
        return;
    }
    ResourceObjectDefinition rAccountDef = accountContext.getCompositeObjectDefinition();
    if (rAccountDef == null) {
        throw new SchemaException("No definition for account type '" + accountContext.getResourceShadowDiscriminator() + "' in " + accountContext.getResource());
    }
    if (primaryDelta.isAdd()) {
        PrismObject<ShadowType> accountToAdd = primaryDelta.getObjectToAdd();
        ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(accountToAdd);
        if (attributesContainer != null) {
            for (ResourceAttribute<?> attribute : attributesContainer.getAttributes()) {
                ResourceAttributeDefinition<?> rAttrDef = requireNonNull(rAccountDef.findAttributeDefinition(attribute.getElementName()));
                if (!rAttrDef.isTolerant()) {
                    throw new PolicyViolationException("Attempt to add object with non-tolerant attribute " + attribute.getElementName() + " in " + "account " + accountContext.getResourceShadowDiscriminator() + " during " + activityDescription);
                }
            }
        }
    } else if (primaryDelta.isModify()) {
        for (ItemDelta<?, ?> modification : primaryDelta.getModifications()) {
            if (modification.getParentPath().equivalent(SchemaConstants.PATH_ATTRIBUTES)) {
                PropertyDelta<?> attrDelta = (PropertyDelta<?>) modification;
                ResourceAttributeDefinition<?> rAttrDef = requireNonNull(rAccountDef.findAttributeDefinition(attrDelta.getElementName()));
                if (!rAttrDef.isTolerant()) {
                    throw new PolicyViolationException("Attempt to modify non-tolerant attribute " + attrDelta.getElementName() + " in " + "account " + accountContext.getResourceShadowDiscriminator() + " during " + activityDescription);
                }
            }
        }
    } else {
        throw new IllegalStateException("Whoops!");
    }
}

Example 9 with ResourceAttributeDefinition

use of com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition in project midpoint by Evolveum.

the class AbstractModelImplementationIntegrationTest method createAccountDelta.

protected <T> ObjectDelta<ShadowType> createAccountDelta(LensProjectionContext accCtx, String accountOid, String attributeLocalName, T... propertyValues) throws SchemaException {
    ResourceType resourceType = accCtx.getResource();
    QName attrQName = new QName(MidPointConstants.NS_RI, attributeLocalName);
    ItemPath attrPath = ItemPath.create(ShadowType.F_ATTRIBUTES, attrQName);
    ResourceObjectDefinition refinedAccountDefinition = accCtx.getCompositeObjectDefinition();
    // noinspection unchecked
    ResourceAttributeDefinition<T> attrDef = (ResourceAttributeDefinition<T>) refinedAccountDefinition.findAttributeDefinition(attrQName);
    assertNotNull("No definition of attribute " + attrQName + " in account def " + refinedAccountDefinition, attrDef);
    ObjectDelta<ShadowType> accountDelta = prismContext.deltaFactory().object().createEmptyModifyDelta(ShadowType.class, accountOid);
    PropertyDelta<T> attrDelta = prismContext.deltaFactory().property().create(attrPath, attrDef);
    attrDelta.setValuesToReplace(PrismValueCollectionsUtil.createCollection(prismContext, propertyValues));
    accountDelta.addModification(attrDelta);
    return accountDelta;
}

Example 10 with ResourceAttributeDefinition

use of com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition in project midpoint by Evolveum.

the class MappedItems method createAttributeMappingCreationRequest.

/**
 * Creates a mapping creation request for mapping(s) for given attribute.
 *
 * @param <T> type of the attribute
 * @see #createAssociationMappingCreationRequest(QName)
 * @see #createAuxObjClassesMappingCreationRequest()
 */
private <T> void createAttributeMappingCreationRequest(QName attributeName) {
    // 1. Definitions and mapping beans
    // noinspection unchecked
    ResourceAttributeDefinition<T> attributeDefinition = (ResourceAttributeDefinition<T>) Objects.requireNonNull(source.resourceObjectDefinition.findAttributeDefinition(attributeName), () -> "No definition for attribute " + attributeName);
    List<InboundMappingType> mappingBeans = source.filterApplicableMappingBeans(attributeDefinition.getInboundMappingBeans());
    if (mappingBeans.isEmpty()) {
        LOGGER.trace("No applicable beans for this phase");
        return;
    }
    ItemPath attributePath = ItemPath.create(ShadowType.F_ATTRIBUTES, attributeName);
    String itemDescription = "attribute " + attributeName;
    // 2. Values
    ItemDelta<PrismPropertyValue<T>, PrismPropertyDefinition<T>> attributeAPrioriDelta = getItemAPrioriDelta(attributePath);
    MappedItem.ItemProvider<PrismPropertyValue<T>, PrismPropertyDefinition<T>> attributeProvider = () -> getCurrentAttribute(attributeName);
    // 3. Processing source
    ProcessingMode processingMode = source.getItemProcessingMode(itemDescription, attributeAPrioriDelta, mappingBeans, attributeDefinition.isIgnored(LayerType.MODEL), attributeDefinition.getLimitations(LayerType.MODEL));
    if (processingMode == ProcessingMode.NONE) {
        return;
    }
    // 4. Mapping creation request
    mappedItems.add(new MappedItem<>(source, target, context, mappingBeans, attributePath, itemDescription, attributeAPrioriDelta, attributeDefinition, attributeProvider, // postprocessor
    null, // variable producer
    null, processingMode));
}