Examples with TunnelException com.evolveum.midpoint.util.exception.TunnelException used on opensource projects

Example 1 with TunnelException

use of com.evolveum.midpoint.util.exception.TunnelException in project midpoint by Evolveum.

the class LazyXPathVariableResolver method resolveVariable.

@Override
public Object resolveVariable(QName name) {
    if (variables == null) {
        return null;
    }
    if (name != null && (name.getNamespaceURI() == null || name.getNamespaceURI().isEmpty())) {
        LOGGER.warn("Using variable without a namespace (" + name + "), possible namespace problem (e.g. missing namespace prefix declaration) in " + contextDescription);
    }
    // Note: null is a legal variable name here. It corresponds to the root node
    Object variableValue = variables.get(name);
    if (variableValue == null) {
        // TODO: warning ???
        return null;
    }
    QName type = null;
    // Attempt to resolve object reference
    if (objectResolver != null && variableValue instanceof ObjectReferenceType) {
        ObjectReferenceType ref = (ObjectReferenceType) variableValue;
        if (ref.getOid() == null) {
            SchemaException newEx = new SchemaException("Null OID in reference in variable " + name + " in " + contextDescription, name);
            throw new TunnelException(newEx);
        } else {
            type = ref.getType();
            try {
                // TODO task
                variableValue = objectResolver.resolve(ref, ObjectType.class, null, contextDescription, null, result);
            } catch (ObjectNotFoundException e) {
                ObjectNotFoundException newEx = new ObjectNotFoundException("Object not found during variable " + name + " resolution in " + contextDescription + ": " + e.getMessage(), e, ref.getOid());
                // We have no other practical way how to handle the error
                throw new TunnelException(newEx);
            } catch (SchemaException e) {
                ExpressionSyntaxException newEx = new ExpressionSyntaxException("Schema error during variable " + name + " resolution in " + contextDescription + ": " + e.getMessage(), e, name);
                throw new TunnelException(newEx);
            }
        }
    }
    try {
        return convertToXml(variableValue, name, prismContext, contextDescription);
    } catch (SchemaException e) {
        throw new TunnelException(e);
    }
}

Example 2 with TunnelException

use of com.evolveum.midpoint.util.exception.TunnelException in project midpoint by Evolveum.

the class Mapping method parseSource.

private <IV extends PrismValue, ID extends ItemDefinition> Source<IV, ID> parseSource(VariableBindingDefinitionType sourceType, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException {
    ItemPathType itemPathType = sourceType.getPath();
    if (itemPathType == null) {
        throw new SchemaException("No path in source definition in " + getMappingContextDescription());
    }
    ItemPath path = itemPathType.getItemPath();
    if (path.isEmpty()) {
        throw new SchemaException("Empty source path in " + getMappingContextDescription());
    }
    QName name = sourceType.getName();
    if (name == null) {
        name = ItemPath.getName(path.last());
    }
    ItemPath resolvePath = path;
    Object sourceObject = ExpressionUtil.resolvePath(path, variables, sourceContext, objectResolver, "source definition in " + getMappingContextDescription(), task, result);
    Item<IV, ID> itemOld = null;
    ItemDelta<IV, ID> delta = null;
    Item<IV, ID> itemNew = null;
    ItemPath residualPath = null;
    Collection<? extends ItemDelta<?, ?>> subItemDeltas = null;
    if (sourceObject != null) {
        if (sourceObject instanceof ItemDeltaItem<?, ?>) {
            itemOld = ((ItemDeltaItem<IV, ID>) sourceObject).getItemOld();
            delta = ((ItemDeltaItem<IV, ID>) sourceObject).getDelta();
            itemNew = ((ItemDeltaItem<IV, ID>) sourceObject).getItemNew();
            residualPath = ((ItemDeltaItem<IV, ID>) sourceObject).getResidualPath();
            resolvePath = ((ItemDeltaItem<IV, ID>) sourceObject).getResolvePath();
            subItemDeltas = ((ItemDeltaItem<IV, ID>) sourceObject).getSubItemDeltas();
        } else if (sourceObject instanceof Item<?, ?>) {
            itemOld = (Item<IV, ID>) sourceObject;
            itemNew = (Item<IV, ID>) sourceObject;
        } else {
            throw new IllegalStateException("Unknown resolve result " + sourceObject);
        }
    }
    // apply domain
    ValueSetDefinitionType domainSetType = sourceType.getSet();
    if (domainSetType != null) {
        ValueSetDefinition setDef = new ValueSetDefinition(domainSetType, name, "domain of " + name.getLocalPart() + " in " + getMappingContextDescription(), task, result);
        setDef.init(expressionFactory);
        try {
            if (itemOld != null) {
                itemOld = itemOld.clone();
                itemOld.filterValues(val -> setDef.containsTunnel(val));
            }
            if (itemNew != null) {
                itemNew = itemNew.clone();
                itemNew.filterValues(val -> setDef.containsTunnel(val));
            }
            if (delta != null) {
                delta = delta.clone();
                delta.filterValues(val -> setDef.containsTunnel(val));
            }
        } catch (TunnelException te) {
            Throwable cause = te.getCause();
            if (cause instanceof SchemaException) {
                throw (SchemaException) cause;
            } else if (cause instanceof ExpressionEvaluationException) {
                throw (ExpressionEvaluationException) cause;
            } else if (cause instanceof ObjectNotFoundException) {
                throw (ObjectNotFoundException) cause;
            }
        }
    }
    Source<IV, ID> source = new Source<>(itemOld, delta, itemNew, name);
    source.setResidualPath(residualPath);
    source.setResolvePath(resolvePath);
    source.setSubItemDeltas(subItemDeltas);
    return source;
}

Example 3 with TunnelException

use of com.evolveum.midpoint.util.exception.TunnelException in project midpoint by Evolveum.

the class Expression method evaluate.

public PrismValueDeltaSetTriple<V> evaluate(ExpressionEvaluationContext context) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException {
    ExpressionVariables processedVariables = null;
    try {
        processedVariables = processInnerVariables(context.getVariables(), context.getContextDescription(), context.getTask(), context.getResult());
        ExpressionEvaluationContext contextWithProcessedVariables = context.shallowClone();
        contextWithProcessedVariables.setVariables(processedVariables);
        PrismValueDeltaSetTriple<V> outputTriple;
        ObjectReferenceType runAsRef = null;
        if (expressionType != null) {
            runAsRef = expressionType.getRunAsRef();
        }
        if (runAsRef == null) {
            outputTriple = evaluateExpressionEvaluators(contextWithProcessedVariables);
        } else {
            UserType userType = objectResolver.resolve(runAsRef, UserType.class, null, "runAs in " + context.getContextDescription(), context.getTask(), context.getResult());
            LOGGER.trace("Running {} as {} ({})", context.getContextDescription(), userType, runAsRef);
            try {
                outputTriple = securityEnforcer.runAs(() -> {
                    try {
                        return evaluateExpressionEvaluators(contextWithProcessedVariables);
                    } catch (SchemaException | ExpressionEvaluationException | ObjectNotFoundException e) {
                        throw new TunnelException(e);
                    }
                }, userType.asPrismObject());
            } catch (TunnelException te) {
                Throwable e = te.getCause();
                if (e instanceof RuntimeException) {
                    throw (RuntimeException) e;
                }
                if (e instanceof Error) {
                    throw (Error) e;
                }
                if (e instanceof SchemaException) {
                    throw (SchemaException) e;
                }
                if (e instanceof ExpressionEvaluationException) {
                    throw (ExpressionEvaluationException) e;
                }
                if (e instanceof ObjectNotFoundException) {
                    throw (ObjectNotFoundException) e;
                }
                throw te;
            }
        }
        traceSuccess(context, processedVariables, outputTriple);
        return outputTriple;
    } catch (SchemaException | ExpressionEvaluationException | ObjectNotFoundException | RuntimeException | Error e) {
        traceFailure(context, processedVariables, e);
        throw e;
    }
}

Example 4 with TunnelException

use of com.evolveum.midpoint.util.exception.TunnelException in project midpoint by Evolveum.

the class ResourceManager method applyConnectorSchemaToResource.

/**
	 * Apply proper definition (connector schema) to the resource.
	 */
private void applyConnectorSchemaToResource(ConnectorSpec connectorSpec, PrismObjectDefinition<ResourceType> resourceDefinition, PrismObject<ResourceType> resource, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException {
    ConnectorType connectorType = connectorManager.getConnectorTypeReadOnly(connectorSpec, result);
    PrismSchema connectorSchema = connectorManager.getConnectorSchema(connectorType);
    if (connectorSchema == null) {
        throw new SchemaException("No connector schema in " + connectorType);
    }
    PrismContainerDefinition<ConnectorConfigurationType> configurationContainerDefinition = ConnectorTypeUtil.findConfigurationContainerDefinition(connectorType, connectorSchema);
    if (configurationContainerDefinition == null) {
        throw new SchemaException("No configuration container definition in schema of " + connectorType);
    }
    configurationContainerDefinition = configurationContainerDefinition.clone();
    PrismContainer<ConnectorConfigurationType> configurationContainer = connectorSpec.getConnectorConfiguration();
    // the element is global in the connector schema. therefore it does not have correct maxOccurs
    if (configurationContainer != null) {
        configurationContainerDefinition.adoptElementDefinitionFrom(configurationContainer.getDefinition());
        configurationContainer.applyDefinition(configurationContainerDefinition, true);
        try {
            configurationContainer.accept(visitable -> {
                if ((visitable instanceof PrismProperty<?>)) {
                    try {
                        evaluateExpression((PrismProperty<?>) visitable, resource, task, result);
                    } catch (SchemaException | ObjectNotFoundException | ExpressionEvaluationException e) {
                        throw new TunnelException(e);
                    }
                }
            });
        } catch (TunnelException te) {
            Throwable e = te.getCause();
            if (e instanceof SchemaException) {
                throw (SchemaException) e;
            } else if (e instanceof ObjectNotFoundException) {
                throw (ObjectNotFoundException) e;
            } else if (e instanceof ExpressionEvaluationException) {
                throw (ExpressionEvaluationException) e;
            } else if (e instanceof RuntimeException) {
                throw (RuntimeException) e;
            } else if (e instanceof Error) {
                throw (Error) e;
            } else {
                throw new SystemException(e);
            }
        }
    } else {
        configurationContainerDefinition.adoptElementDefinitionFrom(resourceDefinition.findContainerDefinition(ResourceType.F_CONNECTOR_CONFIGURATION));
    }
    if (connectorSpec.getConnectorName() == null) {
        // Default connector, for compatibility
        // It does not make sense to update this for any other connectors.
        // We cannot have one definition for addiitionalConnector[1]/connectorConfiguraiton and
        // different definition for addiitionalConnector[2]/connectorConfiguraiton in the object definition.
        // The way to go is to set up definitions on the container level.
        resourceDefinition.replaceDefinition(ResourceType.F_CONNECTOR_CONFIGURATION, configurationContainerDefinition);
    }
}

Example 5 with TunnelException

use of com.evolveum.midpoint.util.exception.TunnelException in project midpoint by Evolveum.

the class EntitlementConverter method postProcessEntitlementEntitlementToSubject.

private <S extends ShadowType, T> void postProcessEntitlementEntitlementToSubject(ProvisioningContext subjectCtx, final PrismObject<S> resourceObject, RefinedAssociationDefinition assocDefType, final ProvisioningContext entitlementCtx, ResourceAttributeContainer attributesContainer, final PrismContainer<ShadowAssociationType> associationContainer, OperationResult parentResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    ResourceType resourceType = subjectCtx.getResource();
    final QName associationName = assocDefType.getName();
    final RefinedObjectClassDefinition entitlementDef = entitlementCtx.getObjectClassDefinition();
    if (associationName == null) {
        throw new SchemaException("No name in entitlement association " + assocDefType + " in " + resourceType);
    }
    QName associationAuxiliaryObjectClass = assocDefType.getAuxiliaryObjectClass();
    if (associationAuxiliaryObjectClass != null && associationAuxiliaryObjectClass.getNamespaceURI() != null && !associationAuxiliaryObjectClass.getNamespaceURI().equals(ResourceTypeUtil.getResourceNamespace(resourceType))) {
        LOGGER.warn("Auxiliary object class {} in association {} does not have namespace that matches {}", associationAuxiliaryObjectClass, assocDefType.getName(), resourceType);
    }
    if (associationAuxiliaryObjectClass != null && !subjectCtx.getObjectClassDefinition().hasAuxiliaryObjectClass(associationAuxiliaryObjectClass)) {
        LOGGER.trace("Ignoring association {} because subject does not have auxiliary object class {}, it has {}", associationName, associationAuxiliaryObjectClass, subjectCtx.getObjectClassDefinition().getAuxiliaryObjectClassDefinitions());
        return;
    }
    QName assocAttrName = assocDefType.getResourceObjectAssociationType().getAssociationAttribute();
    if (assocAttrName == null) {
        throw new SchemaException("No association attribute defined in entitlement association '" + associationName + "' in " + resourceType);
    }
    RefinedAttributeDefinition assocAttrDef = entitlementDef.findAttributeDefinition(assocAttrName);
    if (assocAttrDef == null) {
        throw new SchemaException("Association attribute '" + assocAttrName + "'defined in entitlement association '" + associationName + "' was not found in schema for " + resourceType);
    }
    QName valueAttrName = assocDefType.getResourceObjectAssociationType().getValueAttribute();
    if (valueAttrName == null) {
        throw new SchemaException("No value attribute defined in entitlement association '" + associationName + "' in " + resourceType);
    }
    ResourceAttribute<T> valueAttr = attributesContainer.findAttribute(valueAttrName);
    if (valueAttr == null || valueAttr.isEmpty()) {
        LOGGER.trace("Ignoring association {} because subject does not have any value in attribute {}", associationName, valueAttrName);
        return;
    }
    if (valueAttr.size() > 1) {
        throw new SchemaException("Value attribute " + valueAttrName + " has no more than one value; attribute defined in entitlement association '" + associationName + "' in " + resourceType);
    }
    ObjectQuery query = createQuery(assocDefType, assocAttrDef, valueAttr);
    AttributesToReturn attributesToReturn = ProvisioningUtil.createAttributesToReturn(entitlementCtx);
    SearchHierarchyConstraints searchHierarchyConstraints = null;
    ResourceObjectReferenceType baseContextRef = entitlementDef.getBaseContext();
    if (baseContextRef != null) {
        // TODO: this should be done once per search. Not in every run of postProcessEntitlementEntitlementToSubject
        // this has to go outside of this method
        PrismObject<ShadowType> baseContextShadow = resourceObjectReferenceResolver.resolve(subjectCtx, baseContextRef, null, "base context specification in " + entitlementDef, parentResult);
        RefinedObjectClassDefinition baseContextObjectClassDefinition = subjectCtx.getRefinedSchema().determineCompositeObjectClassDefinition(baseContextShadow);
        ResourceObjectIdentification baseContextIdentification = ShadowUtil.getResourceObjectIdentification(baseContextShadow, baseContextObjectClassDefinition);
        searchHierarchyConstraints = new SearchHierarchyConstraints(baseContextIdentification, null);
    }
    ResultHandler<ShadowType> handler = new ResultHandler<ShadowType>() {

        @Override
        public boolean handle(PrismObject<ShadowType> entitlementShadow) {
            PrismContainerValue<ShadowAssociationType> associationCVal = associationContainer.createNewValue();
            associationCVal.asContainerable().setName(associationName);
            Collection<ResourceAttribute<?>> entitlementIdentifiers = ShadowUtil.getAllIdentifiers(entitlementShadow);
            try {
                ResourceAttributeContainer identifiersContainer = new ResourceAttributeContainer(ShadowAssociationType.F_IDENTIFIERS, entitlementDef.toResourceAttributeContainerDefinition(), prismContext);
                associationCVal.add(identifiersContainer);
                identifiersContainer.getValue().addAll(ResourceAttribute.cloneCollection(entitlementIdentifiers));
                // Remember the full shadow in user data. This is used later as an optimization to create the shadow in repo 
                identifiersContainer.setUserData(ResourceObjectConverter.FULL_SHADOW_KEY, entitlementShadow);
                if (LOGGER.isTraceEnabled()) {
                    LOGGER.trace("Processed entitlement-to-subject association for account {} and entitlement {}", ShadowUtil.getHumanReadableName(resourceObject), ShadowUtil.getHumanReadableName(entitlementShadow));
                }
            } catch (SchemaException e) {
                throw new TunnelException(e);
            }
            return true;
        }
    };
    ConnectorInstance connector = subjectCtx.getConnector(ReadCapabilityType.class, parentResult);
    try {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Processed entitlement-to-subject association for account {}: query {}", ShadowUtil.getHumanReadableName(resourceObject), query);
        }
        try {
            connector.search(entitlementDef, query, handler, attributesToReturn, null, searchHierarchyConstraints, subjectCtx, parentResult);
        } catch (GenericFrameworkException e) {
            throw new GenericConnectorException("Generic error in the connector " + connector + ". Reason: " + e.getMessage(), e);
        }
    } catch (TunnelException e) {
        throw (SchemaException) e.getCause();
    }
}