Search in sources :

Example 1 with ResourceBidirectionalMappingType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType in project midpoint by Evolveum.

the class ActivationProcessor method processActivationUserCurrent.

public <F extends FocusType> void processActivationUserCurrent(LensContext<F> context, LensProjectionContext projCtx, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
    String projCtxDesc = projCtx.toHumanReadableString();
    SynchronizationPolicyDecision decision = projCtx.getSynchronizationPolicyDecision();
    SynchronizationIntent synchronizationIntent = projCtx.getSynchronizationIntent();
    if (decision == SynchronizationPolicyDecision.BROKEN) {
        LOGGER.trace("Broken projection {}, skipping further activation processing", projCtxDesc);
        return;
    }
    if (decision != null) {
        throw new IllegalStateException("Decision " + decision + " already present for projection " + projCtxDesc);
    }
    if (synchronizationIntent == SynchronizationIntent.UNLINK) {
        projCtx.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.UNLINK);
        LOGGER.trace("Evaluated decision for {} to {} because of unlink synchronization intent, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.UNLINK);
        return;
    }
    if (projCtx.isThombstone()) {
        if (shouldKeepThombstone(projCtx)) {
            // Let's keep thombstones linked until they expire. So we do not have shadows without owners.
            // This is also needed for async delete operations.
            projCtx.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.KEEP);
            LOGGER.trace("Evaluated decision for {} to {} because it is thombstone, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.KEEP);
        } else {
            projCtx.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.UNLINK);
            LOGGER.trace("Evaluated decision for {} to {} because it is thombstone, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.UNLINK);
        }
        return;
    }
    if (synchronizationIntent == SynchronizationIntent.DELETE || projCtx.isDelete()) {
        // TODO: is this OK?
        projCtx.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.DELETE);
        LOGGER.trace("Evaluated decision for {} to {}, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.DELETE);
        return;
    }
    boolean shadowShouldExist = evaluateExistenceMapping(context, projCtx, now, true, task, result);
    LOGGER.trace("Evaluated intended existence of projection {} to {}", projCtxDesc, shadowShouldExist);
    // Let's reconcile the existence intent (shadowShouldExist) and the synchronization intent in the context
    LensProjectionContext lowerOrderContext = LensUtil.findLowerOrderContext(context, projCtx);
    if (synchronizationIntent == null || synchronizationIntent == SynchronizationIntent.SYNCHRONIZE) {
        if (shadowShouldExist) {
            projCtx.setActive(true);
            if (projCtx.isExists()) {
                if (lowerOrderContext != null && lowerOrderContext.isDelete()) {
                    // HACK HACK HACK
                    decision = SynchronizationPolicyDecision.DELETE;
                } else {
                    decision = SynchronizationPolicyDecision.KEEP;
                }
            } else {
                if (lowerOrderContext != null) {
                    if (lowerOrderContext.isDelete()) {
                        // HACK HACK HACK
                        decision = SynchronizationPolicyDecision.DELETE;
                    } else {
                        // If there is a lower-order context then that one will be ADD
                        // and this one is KEEP. When the execution comes to this context
                        // then the projection already exists
                        decision = SynchronizationPolicyDecision.KEEP;
                    }
                } else {
                    decision = SynchronizationPolicyDecision.ADD;
                }
            }
        } else {
            // Delete
            if (projCtx.isExists()) {
                decision = SynchronizationPolicyDecision.DELETE;
            } else {
                // we should delete the entire context, but then we will lost track of what
                // happened. So just ignore it.
                decision = SynchronizationPolicyDecision.IGNORE;
                // if there are any triggers then move them to focus. We may still need them.
                LensUtil.moveTriggers(projCtx, context.getFocusContext());
            }
        }
    } else if (synchronizationIntent == SynchronizationIntent.ADD) {
        if (shadowShouldExist) {
            projCtx.setActive(true);
            if (projCtx.isExists()) {
                // Attempt to add something that is already there, but should be OK
                decision = SynchronizationPolicyDecision.KEEP;
            } else {
                decision = SynchronizationPolicyDecision.ADD;
            }
        } else {
            throw new PolicyViolationException("Request to add projection " + projCtxDesc + " but the activation policy decided that it should not exist");
        }
    } else if (synchronizationIntent == SynchronizationIntent.KEEP) {
        if (shadowShouldExist) {
            projCtx.setActive(true);
            if (projCtx.isExists()) {
                decision = SynchronizationPolicyDecision.KEEP;
            } else {
                decision = SynchronizationPolicyDecision.ADD;
            }
        } else {
            throw new PolicyViolationException("Request to keep projection " + projCtxDesc + " but the activation policy decided that it should not exist");
        }
    } else {
        throw new IllegalStateException("Unknown sync intent " + synchronizationIntent);
    }
    LOGGER.trace("Evaluated decision for projection {} to {}", projCtxDesc, decision);
    projCtx.setSynchronizationPolicyDecision(decision);
    PrismObject<F> focusNew = context.getFocusContext().getObjectNew();
    if (focusNew == null) {
        // This must be a user delete or something similar. No point in proceeding
        LOGGER.trace("focusNew is null, skipping activation processing of {}", projCtxDesc);
        return;
    }
    if (decision == SynchronizationPolicyDecision.UNLINK || decision == SynchronizationPolicyDecision.DELETE) {
        LOGGER.trace("Decision is {}, skipping activation properties processing for {}", decision, projCtxDesc);
        return;
    }
    ResourceObjectTypeDefinitionType resourceAccountDefType = projCtx.getResourceObjectTypeDefinitionType();
    if (resourceAccountDefType == null) {
        LOGGER.trace("No refined object definition, therefore also no activation outbound definition, skipping activation processing for account " + projCtxDesc);
        return;
    }
    ResourceActivationDefinitionType activationType = resourceAccountDefType.getActivation();
    if (activationType == null) {
        LOGGER.trace("No activation definition in projection {}, skipping activation properties processing", projCtxDesc);
        return;
    }
    ActivationCapabilityType capActivation = ResourceTypeUtil.getEffectiveCapability(projCtx.getResource(), ActivationCapabilityType.class);
    if (capActivation == null) {
        LOGGER.trace("Skipping activation status and validity processing because {} has no activation capability", projCtx.getResource());
        return;
    }
    ActivationStatusCapabilityType capStatus = CapabilityUtil.getEffectiveActivationStatus(capActivation);
    ActivationValidityCapabilityType capValidFrom = CapabilityUtil.getEffectiveActivationValidFrom(capActivation);
    ActivationValidityCapabilityType capValidTo = CapabilityUtil.getEffectiveActivationValidTo(capActivation);
    ActivationLockoutStatusCapabilityType capLockoutStatus = CapabilityUtil.getEffectiveActivationLockoutStatus(capActivation);
    if (capStatus != null) {
        evaluateActivationMapping(context, projCtx, activationType.getAdministrativeStatus(), SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS, SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS, capActivation, now, true, ActivationType.F_ADMINISTRATIVE_STATUS.getLocalPart(), task, result);
    } else {
        LOGGER.trace("Skipping activation administrative status processing because {} does not have activation administrative status capability", projCtx.getResource());
    }
    ResourceBidirectionalMappingType validFromMappingType = activationType.getValidFrom();
    if (validFromMappingType == null || validFromMappingType.getOutbound() == null) {
        LOGGER.trace("Skipping activation validFrom processing because {} does not have appropriate outbound mapping", projCtx.getResource());
    } else if (capValidFrom == null && !ExpressionUtil.hasExplicitTarget(validFromMappingType.getOutbound())) {
        LOGGER.trace("Skipping activation validFrom processing because {} does not have activation validFrom capability nor outbound mapping with explicit target", projCtx.getResource());
    } else {
        evaluateActivationMapping(context, projCtx, activationType.getValidFrom(), SchemaConstants.PATH_ACTIVATION_VALID_FROM, SchemaConstants.PATH_ACTIVATION_VALID_FROM, null, now, true, ActivationType.F_VALID_FROM.getLocalPart(), task, result);
    }
    ResourceBidirectionalMappingType validToMappingType = activationType.getValidTo();
    if (validToMappingType == null || validToMappingType.getOutbound() == null) {
        LOGGER.trace("Skipping activation validTo processing because {} does not have appropriate outbound mapping", projCtx.getResource());
    } else if (capValidTo == null && !ExpressionUtil.hasExplicitTarget(validToMappingType.getOutbound())) {
        LOGGER.trace("Skipping activation validTo processing because {} does not have activation validTo capability nor outbound mapping with explicit target", projCtx.getResource());
    } else {
        evaluateActivationMapping(context, projCtx, activationType.getValidTo(), SchemaConstants.PATH_ACTIVATION_VALID_TO, SchemaConstants.PATH_ACTIVATION_VALID_TO, null, now, true, ActivationType.F_VALID_TO.getLocalPart(), task, result);
    }
    if (capLockoutStatus != null) {
        evaluateActivationMapping(context, projCtx, activationType.getLockoutStatus(), SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS, SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS, capActivation, now, true, ActivationType.F_LOCKOUT_STATUS.getLocalPart(), task, result);
    } else {
        LOGGER.trace("Skipping activation lockout status processing because {} does not have activation lockout status capability", projCtx.getResource());
    }
}
Also used : ActivationLockoutStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType) ActivationCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType) LensProjectionContext(com.evolveum.midpoint.model.impl.lens.LensProjectionContext) SynchronizationPolicyDecision(com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision) ResourceActivationDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceActivationDefinitionType) ResourceObjectTypeDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectTypeDefinitionType) ActivationValidityCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationValidityCapabilityType) SynchronizationIntent(com.evolveum.midpoint.model.impl.lens.SynchronizationIntent) ResourceBidirectionalMappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException) ActivationStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType)

Example 2 with ResourceBidirectionalMappingType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType in project midpoint by Evolveum.

the class ActivationProcessor method processLifecycleFocus.

private <F extends FocusType> void processLifecycleFocus(LensContext<F> context, LensProjectionContext projCtx, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
    LensFocusContext<F> focusContext = context.getFocusContext();
    if (focusContext == null) {
        LOGGER.trace("Skipping lifecycle evaluation because there is no focus");
        return;
    }
    ResourceObjectLifecycleDefinitionType lifecycleDef = null;
    ResourceObjectTypeDefinitionType resourceAccountDefType = projCtx.getResourceObjectTypeDefinitionType();
    if (resourceAccountDefType != null) {
        lifecycleDef = resourceAccountDefType.getLifecycle();
    }
    ResourceBidirectionalMappingType lifecycleStateMappingType = null;
    if (lifecycleDef != null) {
        lifecycleStateMappingType = lifecycleDef.getLifecycleState();
    }
    if (lifecycleStateMappingType == null || lifecycleStateMappingType.getOutbound() == null) {
        if (!projCtx.isAdd()) {
            LOGGER.trace("Skipping lifecycle evaluation because this is not add operation (default expression)");
            return;
        }
        PrismObject<F> focusNew = focusContext.getObjectNew();
        if (focusNew == null) {
            LOGGER.trace("Skipping lifecycle evaluation because there is no new focus (default expression)");
            return;
        }
        PrismObject<ShadowType> projectionNew = projCtx.getObjectNew();
        if (projectionNew == null) {
            LOGGER.trace("Skipping lifecycle evaluation because there is no new projection (default expression)");
            return;
        }
        String lifecycle = midpointFunctions.computeProjectionLifecycle(focusNew.asObjectable(), projectionNew.asObjectable(), projCtx.getResource());
        LOGGER.trace("Computed projection lifecycle (default expression): {}", lifecycle);
        if (lifecycle != null) {
            PrismPropertyDefinition<String> propDef = projCtx.getObjectDefinition().findPropertyDefinition(SchemaConstants.PATH_LIFECYCLE_STATE);
            PropertyDelta<String> lifeCycleDelta = propDef.createEmptyDelta(SchemaConstants.PATH_LIFECYCLE_STATE);
            PrismPropertyValue<String> pval = new PrismPropertyValue<String>(lifecycle);
            pval.setOriginType(OriginType.OUTBOUND);
            lifeCycleDelta.setValuesToReplace(pval);
            projCtx.swallowToSecondaryDelta(lifeCycleDelta);
        }
    } else {
        LOGGER.trace("Computing projection lifecycle (mapping): {}", lifecycleStateMappingType);
        evaluateActivationMapping(context, projCtx, lifecycleStateMappingType, SchemaConstants.PATH_LIFECYCLE_STATE, SchemaConstants.PATH_LIFECYCLE_STATE, null, now, true, ObjectType.F_LIFECYCLE_STATE.getLocalPart(), task, result);
    }
}
Also used : ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) ResourceObjectTypeDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectTypeDefinitionType) ResourceBidirectionalMappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType) ResourceObjectLifecycleDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectLifecycleDefinitionType)

Example 3 with ResourceBidirectionalMappingType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType in project midpoint by Evolveum.

the class ActivationProcessor method evaluateExistenceMapping.

private <F extends FocusType> boolean evaluateExistenceMapping(final LensContext<F> context, final LensProjectionContext accCtx, final XMLGregorianCalendar now, final boolean current, Task task, final OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
    final String accCtxDesc = accCtx.toHumanReadableString();
    final Boolean legal = accCtx.isLegal();
    if (legal == null) {
        throw new IllegalStateException("Null 'legal' for " + accCtxDesc);
    }
    ResourceObjectTypeDefinitionType resourceAccountDefType = accCtx.getResourceObjectTypeDefinitionType();
    if (resourceAccountDefType == null) {
        return legal;
    }
    ResourceActivationDefinitionType activationType = resourceAccountDefType.getActivation();
    if (activationType == null) {
        return legal;
    }
    ResourceBidirectionalMappingType existenceType = activationType.getExistence();
    if (existenceType == null) {
        return legal;
    }
    List<MappingType> outbound = existenceType.getOutbound();
    if (outbound == null || outbound.isEmpty()) {
        // "default mapping"
        return legal;
    }
    MappingEvaluatorParams<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>, ShadowType, F> params = new MappingEvaluatorParams<>();
    params.setMappingTypes(outbound);
    params.setMappingDesc("outbound existence mapping in projection " + accCtxDesc);
    params.setNow(now);
    params.setAPrioriTargetObject(accCtx.getObjectOld());
    params.setEvaluateCurrent(current);
    params.setTargetContext(accCtx);
    params.setFixTarget(true);
    params.setContext(context);
    params.setInitializer(builder -> {
        ItemDeltaItem<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>> legalSourceIdi = getLegalIdi(accCtx);
        Source<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>> legalSource = new Source<>(legalSourceIdi, ExpressionConstants.VAR_LEGAL);
        builder.defaultSource(legalSource);
        ItemDeltaItem<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>> assignedIdi = getAssignedIdi(accCtx);
        Source<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>> assignedSource = new Source<>(assignedIdi, ExpressionConstants.VAR_ASSIGNED);
        builder.addSource(assignedSource);
        ItemDeltaItem<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>> focusExistsSourceIdi = getFocusExistsIdi(context.getFocusContext());
        Source<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>> focusExistsSource = new Source<>(focusExistsSourceIdi, ExpressionConstants.VAR_FOCUS_EXISTS);
        builder.addSource(focusExistsSource);
        builder.addVariableDefinition(ExpressionConstants.VAR_FOCUS, context.getFocusContext().getObjectDeltaObject());
        builder.addVariableDefinition(ExpressionConstants.VAR_USER, context.getFocusContext().getObjectDeltaObject());
        builder.addVariableDefinition(ExpressionConstants.VAR_SHADOW, accCtx.getObjectDeltaObject());
        builder.addVariableDefinition(ExpressionConstants.VAR_RESOURCE, accCtx.getResource());
        builder.originType(OriginType.OUTBOUND);
        builder.originObject(accCtx.getResource());
        return builder;
    });
    final MutableBoolean output = new MutableBoolean(false);
    params.setProcessor((mappingOutputPath, outputStruct) -> {
        PrismValueDeltaSetTriple<PrismPropertyValue<Boolean>> outputTriple = outputStruct.getOutputTriple();
        if (outputTriple == null) {
            // The "default existence mapping"
            output.setValue(legal);
            return false;
        }
        Collection<PrismPropertyValue<Boolean>> nonNegativeValues = outputTriple.getNonNegativeValues();
        // (e.g. because the condition is false). This should be fixed.
        if (nonNegativeValues == null || nonNegativeValues.isEmpty()) {
            throw new ExpressionEvaluationException("Activation existence expression resulted in null or empty value for projection " + accCtxDesc);
        }
        if (nonNegativeValues.size() > 1) {
            throw new ExpressionEvaluationException("Activation existence expression resulted in too many values (" + nonNegativeValues.size() + ") for projection " + accCtxDesc);
        }
        output.setValue(nonNegativeValues.iterator().next().getValue());
        return false;
    });
    PrismPropertyDefinitionImpl<Boolean> shadowExistsDef = new PrismPropertyDefinitionImpl<>(SHADOW_EXISTS_PROPERTY_NAME, DOMUtil.XSD_BOOLEAN, prismContext);
    shadowExistsDef.setMinOccurs(1);
    shadowExistsDef.setMaxOccurs(1);
    params.setTargetItemDefinition(shadowExistsDef);
    mappingEvaluator.evaluateMappingSetProjection(params, task, result);
    return (boolean) output.getValue();
}
Also used : ResourceBidirectionalMappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType) MappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) MutableBoolean(org.apache.commons.lang.mutable.MutableBoolean) Source(com.evolveum.midpoint.repo.common.expression.Source) ResourceActivationDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceActivationDefinitionType) ResourceObjectTypeDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectTypeDefinitionType) ResourceBidirectionalMappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType) MutableBoolean(org.apache.commons.lang.mutable.MutableBoolean)

Aggregations

ResourceBidirectionalMappingType (com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType)3 ResourceObjectTypeDefinitionType (com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectTypeDefinitionType)3 ResourceActivationDefinitionType (com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceActivationDefinitionType)2 ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)2 SynchronizationPolicyDecision (com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision)1 LensProjectionContext (com.evolveum.midpoint.model.impl.lens.LensProjectionContext)1 SynchronizationIntent (com.evolveum.midpoint.model.impl.lens.SynchronizationIntent)1 Source (com.evolveum.midpoint.repo.common.expression.Source)1 ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)1 PolicyViolationException (com.evolveum.midpoint.util.exception.PolicyViolationException)1 MappingType (com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType)1 ResourceObjectLifecycleDefinitionType (com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectLifecycleDefinitionType)1 ActivationCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType)1 ActivationLockoutStatusCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType)1 ActivationStatusCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType)1 ActivationValidityCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationValidityCapabilityType)1 MutableBoolean (org.apache.commons.lang.mutable.MutableBoolean)1