Examples with ObjectPolicyConfigurationType com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectPolicyConfigurationType used on opensource projects

Example 1 with ObjectPolicyConfigurationType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectPolicyConfigurationType in project midpoint by Evolveum.

the class FocusProcessor method processFocusFocus.

private <F extends FocusType> void processFocusFocus(LensContext<F> context, String activityDescription, XMLGregorianCalendar now, Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, PolicyViolationException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, SecurityViolationException {
    LensFocusContext<F> focusContext = context.getFocusContext();
    ObjectTemplateType objectTemplate = context.getFocusTemplate();
    PartialProcessingOptionsType partialProcessingOptions = context.getPartialProcessingOptions();
    // This is fixed now. TODO: make it configurable
    boolean resetOnRename = true;
    int maxIterations = 0;
    IterationSpecificationType iterationSpecificationType = null;
    if (objectTemplate != null) {
        iterationSpecificationType = objectTemplate.getIteration();
        maxIterations = LensUtil.determineMaxIterations(iterationSpecificationType);
    }
    int iteration = focusContext.getIteration();
    String iterationToken = focusContext.getIterationToken();
    boolean wasResetIterationCounter = false;
    PrismObject<F> focusCurrent = focusContext.getObjectCurrent();
    if (focusCurrent != null && iterationToken == null) {
        Integer focusIteration = focusCurrent.asObjectable().getIteration();
        if (focusIteration != null) {
            iteration = focusIteration;
        }
        iterationToken = focusCurrent.asObjectable().getIterationToken();
    }
    while (true) {
        ObjectPolicyConfigurationType objectPolicyConfigurationType = focusContext.getObjectPolicyConfigurationType();
        applyObjectPolicyConstraints(focusContext, objectPolicyConfigurationType);
        ExpressionVariables variablesPreIteration = Utils.getDefaultExpressionVariables(focusContext.getObjectNew(), null, null, null, context.getSystemConfiguration(), focusContext);
        if (iterationToken == null) {
            iterationToken = LensUtil.formatIterationToken(context, focusContext, iterationSpecificationType, iteration, expressionFactory, variablesPreIteration, task, result);
        }
        // We have to remember the token and iteration in the context.
        // The context can be recomputed several times. But we always want
        // to use the same iterationToken if possible. If there is a random
        // part in the iterationToken expression that we need to avoid recomputing
        // the token otherwise the value can change all the time (even for the same inputs).
        // Storing the token in the secondary delta is not enough because secondary deltas can be dropped
        // if the context is re-projected.
        focusContext.setIteration(iteration);
        focusContext.setIterationToken(iterationToken);
        LOGGER.trace("Focus {} processing, iteration {}, token '{}'", focusContext.getHumanReadableName(), iteration, iterationToken);
        String conflictMessage;
        if (!LensUtil.evaluateIterationCondition(context, focusContext, iterationSpecificationType, iteration, iterationToken, true, expressionFactory, variablesPreIteration, task, result)) {
            conflictMessage = "pre-iteration condition was false";
            LOGGER.debug("Skipping iteration {}, token '{}' for {} because the pre-iteration condition was false", iteration, iterationToken, focusContext.getHumanReadableName());
        } else {
            if (consistencyChecks)
                context.checkConsistence();
            LensUtil.partialExecute("inbound", () -> {
                // Loop through the account changes, apply inbound expressions
                inboundProcessor.processInbound(context, now, task, result);
                if (consistencyChecks)
                    context.checkConsistence();
                context.recomputeFocus();
                LensUtil.traceContext(LOGGER, activityDescription, "inbound", false, context, false);
                if (consistencyChecks)
                    context.checkConsistence();
            }, partialProcessingOptions::getInbound);
            // ACTIVATION
            LensUtil.partialExecute("focusActivation", () -> processActivation(context, now, result), partialProcessingOptions::getFocusActivation);
            // OBJECT TEMPLATE (before assignments)
            LensUtil.partialExecute("objectTemplateBeforeAssignments", () -> objectTemplateProcessor.processTemplate(context, ObjectTemplateMappingEvaluationPhaseType.BEFORE_ASSIGNMENTS, now, task, result), partialProcessingOptions::getObjectTemplateBeforeAssignments);
            // process activation again. Object template might have changed it.
            context.recomputeFocus();
            LensUtil.partialExecute("focusActivation", () -> processActivation(context, now, result), partialProcessingOptions::getFocusActivation);
            // ASSIGNMENTS
            LensUtil.partialExecute("assignments", () -> assignmentProcessor.processAssignmentsProjections(context, now, task, result), partialProcessingOptions::getAssignments);
            LensUtil.partialExecute("assignmentsOrg", () -> assignmentProcessor.processOrgAssignments(context, result), partialProcessingOptions::getAssignmentsOrg);
            LensUtil.partialExecute("assignmentsMembershipAndDelegate", () -> assignmentProcessor.processMembershipAndDelegatedRefs(context, result), partialProcessingOptions::getAssignmentsMembershipAndDelegate);
            context.recompute();
            LensUtil.partialExecute("assignmentsConflicts", () -> assignmentProcessor.checkForAssignmentConflicts(context, result), partialProcessingOptions::getAssignmentsConflicts);
            // OBJECT TEMPLATE (after assignments)
            LensUtil.partialExecute("objectTemplateAfterAssignments", () -> objectTemplateProcessor.processTemplate(context, ObjectTemplateMappingEvaluationPhaseType.AFTER_ASSIGNMENTS, now, task, result), partialProcessingOptions::getObjectTemplateBeforeAssignments);
            context.recompute();
            // process activation again. Second pass through object template might have changed it.
            context.recomputeFocus();
            LensUtil.partialExecute("focusActivation", () -> processActivation(context, now, result), partialProcessingOptions::getFocusActivation);
            // CREDENTIALS (including PASSWORD POLICY)
            LensUtil.partialExecute("focusCredentials", () -> credentialsProcessor.processFocusCredentials(context, now, task, result), partialProcessingOptions::getFocusCredentials);
            // We need to evaluate this as a last step. We need to make sure we have all the
            // focus deltas so we can properly trigger the rules.
            LensUtil.partialExecute("focusPolicyRules", () -> evaluateFocusPolicyRules(context, activityDescription, now, task, result), partialProcessingOptions::getFocusPolicyRules);
            if (resetOnRename && !wasResetIterationCounter && willResetIterationCounter(focusContext)) {
                // Make sure this happens only the very first time during the first recompute.
                // Otherwise it will always change the token (especially if the token expression has a random part)
                // hence the focusContext.getIterationToken() == null
                wasResetIterationCounter = true;
                if (iteration != 0) {
                    iteration = 0;
                    iterationToken = null;
                    LOGGER.trace("Resetting iteration counter and token because rename was detected");
                    cleanupContext(focusContext);
                    continue;
                }
            }
            PrismObject<F> previewObjectNew = focusContext.getObjectNew();
            if (previewObjectNew == null) {
            // this must be delete
            } else {
                // Explicitly check for name. The checker would check for this also. But checking it here
                // will produce better error message
                PolyStringType objectName = previewObjectNew.asObjectable().getName();
                if (objectName == null || objectName.getOrig().isEmpty()) {
                    throw new NoFocusNameSchemaException("No name in new object " + objectName + " as produced by template " + objectTemplate + " in iteration " + iteration + ", we cannot process an object without a name");
                }
            }
            // Check if iteration constraints are OK
            FocusConstraintsChecker<F> checker = new FocusConstraintsChecker<>();
            checker.setPrismContext(prismContext);
            checker.setContext(context);
            checker.setRepositoryService(cacheRepositoryService);
            checker.check(previewObjectNew, result);
            if (checker.isSatisfiesConstraints()) {
                LOGGER.trace("Current focus satisfies uniqueness constraints. Iteration {}, token '{}'", iteration, iterationToken);
                ExpressionVariables variablesPostIteration = Utils.getDefaultExpressionVariables(focusContext.getObjectNew(), null, null, null, context.getSystemConfiguration(), focusContext);
                if (LensUtil.evaluateIterationCondition(context, focusContext, iterationSpecificationType, iteration, iterationToken, false, expressionFactory, variablesPostIteration, task, result)) {
                    // stop the iterations
                    break;
                } else {
                    conflictMessage = "post-iteration condition was false";
                    LOGGER.debug("Skipping iteration {}, token '{}' for {} because the post-iteration condition was false", iteration, iterationToken, focusContext.getHumanReadableName());
                }
            } else {
                LOGGER.trace("Current focus does not satisfy constraints. Conflicting object: {}; iteration={}, maxIterations={}", checker.getConflictingObject(), iteration, maxIterations);
                conflictMessage = checker.getMessages();
            }
            if (!wasResetIterationCounter) {
                wasResetIterationCounter = true;
                if (iteration != 0) {
                    iterationToken = null;
                    iteration = 0;
                    LOGGER.trace("Resetting iteration counter and token after conflict");
                    cleanupContext(focusContext);
                    continue;
                }
            }
        }
        // Next iteration
        iteration++;
        iterationToken = null;
        LensUtil.checkMaxIterations(iteration, maxIterations, conflictMessage, focusContext.getHumanReadableName());
        cleanupContext(focusContext);
    }
    addIterationTokenDeltas(focusContext, iteration, iterationToken);
    if (consistencyChecks)
        context.checkConsistence();
}

Example 2 with ObjectPolicyConfigurationType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectPolicyConfigurationType in project midpoint by Evolveum.

the class SystemConfigurationDto method init.

private void init(SystemConfigurationType config) {
    if (config == null) {
        return;
    }
    if (config.getGlobalAccountSynchronizationSettings() != null) {
        AssignmentPolicyEnforcementType globalAEP = config.getGlobalAccountSynchronizationSettings().getAssignmentPolicyEnforcement();
        aepLevel = AEPlevel.fromAEPLevelType(globalAEP);
    }
    CleanupPolicyType auditCleanup = config.getCleanupPolicy().getAuditRecords();
    CleanupPolicyType taskCleanup = config.getCleanupPolicy().getClosedTasks();
    auditCleanupValue = auditCleanup.getMaxAge().toString();
    taskCleanupValue = taskCleanup.getMaxAge().toString();
    passPolicyDto = loadPasswordPolicy(config);
    securityPolicyDto = loadSecurityPolicy(config);
    objectPolicyList = new ArrayList<>();
    List<ObjectPolicyConfigurationType> objectPolicies = config.getDefaultObjectPolicyConfiguration();
    if (objectPolicies != null && !objectPolicies.isEmpty()) {
        for (ObjectPolicyConfigurationType policy : objectPolicies) {
            objectPolicyList.add(new ObjectPolicyConfigurationTypeDto(policy));
        }
    } else {
        objectPolicyList.add(new ObjectPolicyConfigurationTypeDto());
    }
    // NOTIFICATIONS
    if (config.getNotificationConfiguration() != null) {
        notificationConfig = new NotificationConfigurationDto(config.getNotificationConfiguration());
    } else {
        notificationConfig = new NotificationConfigurationDto();
    }
    // LOGGING
    LoggingConfigurationType logging = config.getLogging();
    if (logging != null) {
        for (AppenderConfigurationType appender : logging.getAppender()) {
            if (appender instanceof FileAppenderConfigurationType) {
                appenders.add(new FileAppenderConfig((FileAppenderConfigurationType) appender));
            } else {
                appenders.add(new AppenderConfiguration(appender));
            }
        }
        Collections.sort(appenders);
        loggingConfig = new LoggingDto(config.getLogging());
    } else {
        loggingConfig = new LoggingDto();
    }
    loggingConfig.setAppenders(appenders);
    // PROFILING
    if (config.getProfilingConfiguration() != null) {
        List<ClassLoggerConfigurationType> classLoggerConfig = config.getLogging() != null ? config.getLogging().getClassLogger() : null;
        profilingDto = new ProfilingDto(config.getProfilingConfiguration(), classLoggerConfig);
    } else {
        profilingDto = new ProfilingDto();
    }
    profilingDto.setAppenders(appenders);
    enableExperimentalCode = SystemConfigurationTypeUtil.isExperimentalCodeEnabled(config);
    userDashboardLink = loadUserDashboardLink(config);
    additionalMenuLink = loadAdditionalMenuItem(config);
}

Example 3 with ObjectPolicyConfigurationType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectPolicyConfigurationType in project midpoint by Evolveum.

the class AbstractModelIntegrationTest method setDefaultObjectTemplate.

protected void setDefaultObjectTemplate(QName objectType, String subType, String objectTemplateOid, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ObjectAlreadyExistsException {
    PrismObject<SystemConfigurationType> systemConfig = repositoryService.getObject(SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value(), null, parentResult);
    PrismContainerValue<ObjectPolicyConfigurationType> oldValue = null;
    for (ObjectPolicyConfigurationType focusPolicyType : systemConfig.asObjectable().getDefaultObjectPolicyConfiguration()) {
        if (QNameUtil.match(objectType, focusPolicyType.getType()) && MiscUtil.equals(subType, focusPolicyType.getSubtype())) {
            oldValue = focusPolicyType.asPrismContainerValue();
        }
    }
    Collection<? extends ItemDelta> modifications = new ArrayList<>();
    if (oldValue != null) {
        ContainerDelta<ObjectPolicyConfigurationType> deleteDelta = ContainerDelta.createModificationDelete(SystemConfigurationType.F_DEFAULT_OBJECT_POLICY_CONFIGURATION, SystemConfigurationType.class, prismContext, oldValue.clone());
        ((Collection) modifications).add(deleteDelta);
    }
    if (objectTemplateOid != null) {
        ObjectPolicyConfigurationType newFocusPolicyType;
        ContainerDelta<ObjectPolicyConfigurationType> addDelta;
        if (oldValue == null) {
            newFocusPolicyType = new ObjectPolicyConfigurationType();
            newFocusPolicyType.setType(objectType);
            newFocusPolicyType.setSubtype(subType);
            addDelta = ContainerDelta.createModificationAdd(SystemConfigurationType.F_DEFAULT_OBJECT_POLICY_CONFIGURATION, SystemConfigurationType.class, prismContext, newFocusPolicyType);
        } else {
            PrismContainerValue<ObjectPolicyConfigurationType> newValue = oldValue.clone();
            addDelta = ContainerDelta.createModificationAdd(SystemConfigurationType.F_DEFAULT_OBJECT_POLICY_CONFIGURATION, SystemConfigurationType.class, prismContext, newValue);
            newFocusPolicyType = newValue.asContainerable();
        }
        ObjectReferenceType templateRef = new ObjectReferenceType();
        templateRef.setOid(objectTemplateOid);
        newFocusPolicyType.setObjectTemplateRef(templateRef);
        ((Collection) modifications).add(addDelta);
    }
    modifySystemObjectInRepo(SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value(), modifications, parentResult);
}

Example 4 with ObjectPolicyConfigurationType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectPolicyConfigurationType in project midpoint by Evolveum.

the class FocusProcessor method applyObjectPolicyConstraints.

private <F extends FocusType> void applyObjectPolicyConstraints(LensFocusContext<F> focusContext, ObjectPolicyConfigurationType objectPolicyConfigurationType) throws SchemaException {
    if (objectPolicyConfigurationType == null) {
        return;
    }
    final PrismObject<F> focusNew = focusContext.getObjectNew();
    if (focusNew == null) {
        // This is delete. Nothing to do.
        return;
    }
    for (PropertyConstraintType propertyConstraintType : objectPolicyConfigurationType.getPropertyConstraint()) {
        ItemPath itemPath = propertyConstraintType.getPath().getItemPath();
        if (BooleanUtils.isTrue(propertyConstraintType.isOidBound())) {
            PrismProperty<Object> prop = focusNew.findProperty(itemPath);
            if (prop == null || prop.isEmpty()) {
                String newValue = focusNew.getOid();
                if (newValue == null) {
                    newValue = OidUtil.generateOid();
                }
                LOGGER.trace("Generating new OID-bound value for {}: {}", itemPath, newValue);
                PrismObjectDefinition<F> focusDefinition = focusContext.getObjectDefinition();
                PrismPropertyDefinition<Object> propDef = focusDefinition.findPropertyDefinition(itemPath);
                if (propDef == null) {
                    throw new SchemaException("No definition for property " + itemPath + " in " + focusDefinition + " as specified in object policy");
                }
                PropertyDelta<Object> propDelta = propDef.createEmptyDelta(itemPath);
                if (String.class.isAssignableFrom(propDef.getTypeClass())) {
                    propDelta.setValueToReplace(new PrismPropertyValue<Object>(newValue, OriginType.USER_POLICY, null));
                } else if (PolyString.class.isAssignableFrom(propDef.getTypeClass())) {
                    propDelta.setValueToReplace(new PrismPropertyValue<Object>(new PolyString(newValue), OriginType.USER_POLICY, null));
                } else {
                    throw new SchemaException("Unsupported type " + propDef.getTypeName() + " for property " + itemPath + " in " + focusDefinition + " as specified in object policy, only string and polystring properties are supported for OID-bound mode");
                }
                focusContext.swallowToSecondaryDelta(propDelta);
                focusContext.recompute();
            }
        }
    }
    // Deprecated
    if (BooleanUtils.isTrue(objectPolicyConfigurationType.isOidNameBoundMode())) {
        // Generate the name now - unless it is already present
        PolyStringType focusNewName = focusNew.asObjectable().getName();
        if (focusNewName == null) {
            String newValue = focusNew.getOid();
            if (newValue == null) {
                newValue = OidUtil.generateOid();
            }
            LOGGER.trace("Generating new name (bound to OID): {}", newValue);
            PrismObjectDefinition<F> focusDefinition = focusContext.getObjectDefinition();
            PrismPropertyDefinition<PolyString> focusNameDef = focusDefinition.findPropertyDefinition(FocusType.F_NAME);
            PropertyDelta<PolyString> nameDelta = focusNameDef.createEmptyDelta(new ItemPath(FocusType.F_NAME));
            nameDelta.setValueToReplace(new PrismPropertyValue<PolyString>(new PolyString(newValue), OriginType.USER_POLICY, null));
            focusContext.swallowToSecondaryDelta(nameDelta);
            focusContext.recompute();
        }
    }
}

Example 5 with ObjectPolicyConfigurationType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectPolicyConfigurationType in project midpoint by Evolveum.

the class TestUserTemplate method test000Sanity.

@Test
public void test000Sanity() throws Exception {
    final String TEST_NAME = "test000Sanity";
    TestUtil.displayTestTile(this, TEST_NAME);
    Task task = taskManager.createTaskInstance(TestUserTemplate.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    PrismObject<SystemConfigurationType> systemConfiguration = modelService.getObject(SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value(), null, task, result);
    // THEN
    result.computeStatus();
    TestUtil.assertSuccess(result);
    display("System config", systemConfiguration);
    assertNotNull("no system config", systemConfiguration);
    List<ObjectPolicyConfigurationType> defaultObjectPolicyConfiguration = systemConfiguration.asObjectable().getDefaultObjectPolicyConfiguration();
    assertNotNull("No object policy", defaultObjectPolicyConfiguration);
    assertEquals("Wrong object policy size", 2, defaultObjectPolicyConfiguration.size());
    assertObjectTemplate(defaultObjectPolicyConfiguration, UserType.COMPLEX_TYPE, null, USER_TEMPLATE_COMPLEX_OID);
    assertObjectTemplate(defaultObjectPolicyConfiguration, UserType.COMPLEX_TYPE, EMPLOYEE_TYPE_MAROONED, USER_TEMPLATE_MAROONED_OID);
    assertRoles(NUMBER_OF_ROLES);
}