Example 1 with ResourceBidirectionalMappingType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType in project midpoint by Evolveum.
the class ActivationProcessor method processActivationUserCurrent.
public <F extends FocusType> void processActivationUserCurrent(LensContext<F> context, LensProjectionContext projCtx, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
String projCtxDesc = projCtx.toHumanReadableString();
SynchronizationPolicyDecision decision = projCtx.getSynchronizationPolicyDecision();
SynchronizationIntent synchronizationIntent = projCtx.getSynchronizationIntent();
if (decision == SynchronizationPolicyDecision.BROKEN) {
LOGGER.trace("Broken projection {}, skipping further activation processing", projCtxDesc);
return;
}
if (decision != null) {
throw new IllegalStateException("Decision " + decision + " already present for projection " + projCtxDesc);
}
if (synchronizationIntent == SynchronizationIntent.UNLINK) {
projCtx.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.UNLINK);
LOGGER.trace("Evaluated decision for {} to {} because of unlink synchronization intent, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.UNLINK);
return;
}
if (projCtx.isThombstone()) {
if (shouldKeepThombstone(projCtx)) {
// Let's keep thombstones linked until they expire. So we do not have shadows without owners.
// This is also needed for async delete operations.
projCtx.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.KEEP);
LOGGER.trace("Evaluated decision for {} to {} because it is thombstone, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.KEEP);
} else {
projCtx.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.UNLINK);
LOGGER.trace("Evaluated decision for {} to {} because it is thombstone, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.UNLINK);
}
return;
}
if (synchronizationIntent == SynchronizationIntent.DELETE || projCtx.isDelete()) {
// TODO: is this OK?
projCtx.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.DELETE);
LOGGER.trace("Evaluated decision for {} to {}, skipping further activation processing", projCtxDesc, SynchronizationPolicyDecision.DELETE);
return;
}
boolean shadowShouldExist = evaluateExistenceMapping(context, projCtx, now, true, task, result);
LOGGER.trace("Evaluated intended existence of projection {} to {}", projCtxDesc, shadowShouldExist);
// Let's reconcile the existence intent (shadowShouldExist) and the synchronization intent in the context
LensProjectionContext lowerOrderContext = LensUtil.findLowerOrderContext(context, projCtx);
if (synchronizationIntent == null || synchronizationIntent == SynchronizationIntent.SYNCHRONIZE) {
if (shadowShouldExist) {
projCtx.setActive(true);
if (projCtx.isExists()) {
if (lowerOrderContext != null && lowerOrderContext.isDelete()) {
// HACK HACK HACK
decision = SynchronizationPolicyDecision.DELETE;
} else {
decision = SynchronizationPolicyDecision.KEEP;
}
} else {
if (lowerOrderContext != null) {
if (lowerOrderContext.isDelete()) {
// HACK HACK HACK
decision = SynchronizationPolicyDecision.DELETE;
} else {
// If there is a lower-order context then that one will be ADD
// and this one is KEEP. When the execution comes to this context
// then the projection already exists
decision = SynchronizationPolicyDecision.KEEP;
}
} else {
decision = SynchronizationPolicyDecision.ADD;
}
}
} else {
// Delete
if (projCtx.isExists()) {
decision = SynchronizationPolicyDecision.DELETE;
} else {
// we should delete the entire context, but then we will lost track of what
// happened. So just ignore it.
decision = SynchronizationPolicyDecision.IGNORE;
// if there are any triggers then move them to focus. We may still need them.
LensUtil.moveTriggers(projCtx, context.getFocusContext());
}
}
} else if (synchronizationIntent == SynchronizationIntent.ADD) {
if (shadowShouldExist) {
projCtx.setActive(true);
if (projCtx.isExists()) {
// Attempt to add something that is already there, but should be OK
decision = SynchronizationPolicyDecision.KEEP;
} else {
decision = SynchronizationPolicyDecision.ADD;
}
} else {
throw new PolicyViolationException("Request to add projection " + projCtxDesc + " but the activation policy decided that it should not exist");
}
} else if (synchronizationIntent == SynchronizationIntent.KEEP) {
if (shadowShouldExist) {
projCtx.setActive(true);
if (projCtx.isExists()) {
decision = SynchronizationPolicyDecision.KEEP;
} else {
decision = SynchronizationPolicyDecision.ADD;
}
} else {
throw new PolicyViolationException("Request to keep projection " + projCtxDesc + " but the activation policy decided that it should not exist");
}
} else {
throw new IllegalStateException("Unknown sync intent " + synchronizationIntent);
}
LOGGER.trace("Evaluated decision for projection {} to {}", projCtxDesc, decision);
projCtx.setSynchronizationPolicyDecision(decision);
PrismObject<F> focusNew = context.getFocusContext().getObjectNew();
if (focusNew == null) {
// This must be a user delete or something similar. No point in proceeding
LOGGER.trace("focusNew is null, skipping activation processing of {}", projCtxDesc);
return;
}
if (decision == SynchronizationPolicyDecision.UNLINK || decision == SynchronizationPolicyDecision.DELETE) {
LOGGER.trace("Decision is {}, skipping activation properties processing for {}", decision, projCtxDesc);
return;
}
ResourceObjectTypeDefinitionType resourceAccountDefType = projCtx.getResourceObjectTypeDefinitionType();
if (resourceAccountDefType == null) {
LOGGER.trace("No refined object definition, therefore also no activation outbound definition, skipping activation processing for account " + projCtxDesc);
return;
}
ResourceActivationDefinitionType activationType = resourceAccountDefType.getActivation();
if (activationType == null) {
LOGGER.trace("No activation definition in projection {}, skipping activation properties processing", projCtxDesc);
return;
}
ActivationCapabilityType capActivation = ResourceTypeUtil.getEffectiveCapability(projCtx.getResource(), ActivationCapabilityType.class);
if (capActivation == null) {
LOGGER.trace("Skipping activation status and validity processing because {} has no activation capability", projCtx.getResource());
return;
}
ActivationStatusCapabilityType capStatus = CapabilityUtil.getEffectiveActivationStatus(capActivation);
ActivationValidityCapabilityType capValidFrom = CapabilityUtil.getEffectiveActivationValidFrom(capActivation);
ActivationValidityCapabilityType capValidTo = CapabilityUtil.getEffectiveActivationValidTo(capActivation);
ActivationLockoutStatusCapabilityType capLockoutStatus = CapabilityUtil.getEffectiveActivationLockoutStatus(capActivation);
if (capStatus != null) {
evaluateActivationMapping(context, projCtx, activationType.getAdministrativeStatus(), SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS, SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS, capActivation, now, true, ActivationType.F_ADMINISTRATIVE_STATUS.getLocalPart(), task, result);
} else {
LOGGER.trace("Skipping activation administrative status processing because {} does not have activation administrative status capability", projCtx.getResource());
}
ResourceBidirectionalMappingType validFromMappingType = activationType.getValidFrom();
if (validFromMappingType == null || validFromMappingType.getOutbound() == null) {
LOGGER.trace("Skipping activation validFrom processing because {} does not have appropriate outbound mapping", projCtx.getResource());
} else if (capValidFrom == null && !ExpressionUtil.hasExplicitTarget(validFromMappingType.getOutbound())) {
LOGGER.trace("Skipping activation validFrom processing because {} does not have activation validFrom capability nor outbound mapping with explicit target", projCtx.getResource());
} else {
evaluateActivationMapping(context, projCtx, activationType.getValidFrom(), SchemaConstants.PATH_ACTIVATION_VALID_FROM, SchemaConstants.PATH_ACTIVATION_VALID_FROM, null, now, true, ActivationType.F_VALID_FROM.getLocalPart(), task, result);
}
ResourceBidirectionalMappingType validToMappingType = activationType.getValidTo();
if (validToMappingType == null || validToMappingType.getOutbound() == null) {
LOGGER.trace("Skipping activation validTo processing because {} does not have appropriate outbound mapping", projCtx.getResource());
} else if (capValidTo == null && !ExpressionUtil.hasExplicitTarget(validToMappingType.getOutbound())) {
LOGGER.trace("Skipping activation validTo processing because {} does not have activation validTo capability nor outbound mapping with explicit target", projCtx.getResource());
} else {
evaluateActivationMapping(context, projCtx, activationType.getValidTo(), SchemaConstants.PATH_ACTIVATION_VALID_TO, SchemaConstants.PATH_ACTIVATION_VALID_TO, null, now, true, ActivationType.F_VALID_TO.getLocalPart(), task, result);
}
if (capLockoutStatus != null) {
evaluateActivationMapping(context, projCtx, activationType.getLockoutStatus(), SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS, SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS, capActivation, now, true, ActivationType.F_LOCKOUT_STATUS.getLocalPart(), task, result);
} else {
LOGGER.trace("Skipping activation lockout status processing because {} does not have activation lockout status capability", projCtx.getResource());
}
}
Also used :
ActivationLockoutStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType)
ActivationCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType)
LensProjectionContext(com.evolveum.midpoint.model.impl.lens.LensProjectionContext)
SynchronizationPolicyDecision(com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision)
ResourceActivationDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceActivationDefinitionType)
ResourceObjectTypeDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectTypeDefinitionType)
ActivationValidityCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationValidityCapabilityType)
SynchronizationIntent(com.evolveum.midpoint.model.impl.lens.SynchronizationIntent)
ResourceBidirectionalMappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType)
PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException)
ActivationStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType)
Example 2 with ResourceBidirectionalMappingType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType in project midpoint by Evolveum.
the class ActivationProcessor method processLifecycleFocus.
private <F extends FocusType> void processLifecycleFocus(LensContext<F> context, LensProjectionContext projCtx, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
LensFocusContext<F> focusContext = context.getFocusContext();
if (focusContext == null) {
LOGGER.trace("Skipping lifecycle evaluation because there is no focus");
return;
}
ResourceObjectLifecycleDefinitionType lifecycleDef = null;
ResourceObjectTypeDefinitionType resourceAccountDefType = projCtx.getResourceObjectTypeDefinitionType();
if (resourceAccountDefType != null) {
lifecycleDef = resourceAccountDefType.getLifecycle();
}
ResourceBidirectionalMappingType lifecycleStateMappingType = null;
if (lifecycleDef != null) {
lifecycleStateMappingType = lifecycleDef.getLifecycleState();
}
if (lifecycleStateMappingType == null || lifecycleStateMappingType.getOutbound() == null) {
if (!projCtx.isAdd()) {
LOGGER.trace("Skipping lifecycle evaluation because this is not add operation (default expression)");
return;
}
PrismObject<F> focusNew = focusContext.getObjectNew();
if (focusNew == null) {
LOGGER.trace("Skipping lifecycle evaluation because there is no new focus (default expression)");
return;
}
PrismObject<ShadowType> projectionNew = projCtx.getObjectNew();
if (projectionNew == null) {
LOGGER.trace("Skipping lifecycle evaluation because there is no new projection (default expression)");
return;
}
String lifecycle = midpointFunctions.computeProjectionLifecycle(focusNew.asObjectable(), projectionNew.asObjectable(), projCtx.getResource());
LOGGER.trace("Computed projection lifecycle (default expression): {}", lifecycle);
if (lifecycle != null) {
PrismPropertyDefinition<String> propDef = projCtx.getObjectDefinition().findPropertyDefinition(SchemaConstants.PATH_LIFECYCLE_STATE);
PropertyDelta<String> lifeCycleDelta = propDef.createEmptyDelta(SchemaConstants.PATH_LIFECYCLE_STATE);
PrismPropertyValue<String> pval = new PrismPropertyValue<String>(lifecycle);
pval.setOriginType(OriginType.OUTBOUND);
lifeCycleDelta.setValuesToReplace(pval);
projCtx.swallowToSecondaryDelta(lifeCycleDelta);
}
} else {
LOGGER.trace("Computing projection lifecycle (mapping): {}", lifecycleStateMappingType);
evaluateActivationMapping(context, projCtx, lifecycleStateMappingType, SchemaConstants.PATH_LIFECYCLE_STATE, SchemaConstants.PATH_LIFECYCLE_STATE, null, now, true, ObjectType.F_LIFECYCLE_STATE.getLocalPart(), task, result);
}
}
Also used :
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
ResourceObjectTypeDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectTypeDefinitionType)
ResourceBidirectionalMappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType)
ResourceObjectLifecycleDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectLifecycleDefinitionType)
Example 3 with ResourceBidirectionalMappingType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType in project midpoint by Evolveum.
the class ActivationProcessor method evaluateExistenceMapping.
private <F extends FocusType> boolean evaluateExistenceMapping(final LensContext<F> context, final LensProjectionContext accCtx, final XMLGregorianCalendar now, final boolean current, Task task, final OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
final String accCtxDesc = accCtx.toHumanReadableString();
final Boolean legal = accCtx.isLegal();
if (legal == null) {
throw new IllegalStateException("Null 'legal' for " + accCtxDesc);
}
ResourceObjectTypeDefinitionType resourceAccountDefType = accCtx.getResourceObjectTypeDefinitionType();
if (resourceAccountDefType == null) {
return legal;
}
ResourceActivationDefinitionType activationType = resourceAccountDefType.getActivation();
if (activationType == null) {
return legal;
}
ResourceBidirectionalMappingType existenceType = activationType.getExistence();
if (existenceType == null) {
return legal;
}
List<MappingType> outbound = existenceType.getOutbound();
if (outbound == null || outbound.isEmpty()) {
// "default mapping"
return legal;
}
MappingEvaluatorParams<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>, ShadowType, F> params = new MappingEvaluatorParams<>();
params.setMappingTypes(outbound);
params.setMappingDesc("outbound existence mapping in projection " + accCtxDesc);
params.setNow(now);
params.setAPrioriTargetObject(accCtx.getObjectOld());
params.setEvaluateCurrent(current);
params.setTargetContext(accCtx);
params.setFixTarget(true);
params.setContext(context);
params.setInitializer(builder -> {
ItemDeltaItem<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>> legalSourceIdi = getLegalIdi(accCtx);
Source<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>> legalSource = new Source<>(legalSourceIdi, ExpressionConstants.VAR_LEGAL);
builder.defaultSource(legalSource);
ItemDeltaItem<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>> assignedIdi = getAssignedIdi(accCtx);
Source<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>> assignedSource = new Source<>(assignedIdi, ExpressionConstants.VAR_ASSIGNED);
builder.addSource(assignedSource);
ItemDeltaItem<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>> focusExistsSourceIdi = getFocusExistsIdi(context.getFocusContext());
Source<PrismPropertyValue<Boolean>, PrismPropertyDefinition<Boolean>> focusExistsSource = new Source<>(focusExistsSourceIdi, ExpressionConstants.VAR_FOCUS_EXISTS);
builder.addSource(focusExistsSource);
builder.addVariableDefinition(ExpressionConstants.VAR_FOCUS, context.getFocusContext().getObjectDeltaObject());
builder.addVariableDefinition(ExpressionConstants.VAR_USER, context.getFocusContext().getObjectDeltaObject());
builder.addVariableDefinition(ExpressionConstants.VAR_SHADOW, accCtx.getObjectDeltaObject());
builder.addVariableDefinition(ExpressionConstants.VAR_RESOURCE, accCtx.getResource());
builder.originType(OriginType.OUTBOUND);
builder.originObject(accCtx.getResource());
return builder;
});
final MutableBoolean output = new MutableBoolean(false);
params.setProcessor((mappingOutputPath, outputStruct) -> {
PrismValueDeltaSetTriple<PrismPropertyValue<Boolean>> outputTriple = outputStruct.getOutputTriple();
if (outputTriple == null) {
// The "default existence mapping"
output.setValue(legal);
return false;
}
Collection<PrismPropertyValue<Boolean>> nonNegativeValues = outputTriple.getNonNegativeValues();
// (e.g. because the condition is false). This should be fixed.
if (nonNegativeValues == null || nonNegativeValues.isEmpty()) {
throw new ExpressionEvaluationException("Activation existence expression resulted in null or empty value for projection " + accCtxDesc);
}
if (nonNegativeValues.size() > 1) {
throw new ExpressionEvaluationException("Activation existence expression resulted in too many values (" + nonNegativeValues.size() + ") for projection " + accCtxDesc);
}
output.setValue(nonNegativeValues.iterator().next().getValue());
return false;
});
PrismPropertyDefinitionImpl<Boolean> shadowExistsDef = new PrismPropertyDefinitionImpl<>(SHADOW_EXISTS_PROPERTY_NAME, DOMUtil.XSD_BOOLEAN, prismContext);
shadowExistsDef.setMinOccurs(1);
shadowExistsDef.setMaxOccurs(1);
params.setTargetItemDefinition(shadowExistsDef);
mappingEvaluator.evaluateMappingSetProjection(params, task, result);
return (boolean) output.getValue();
}
Also used :
ResourceBidirectionalMappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType)
MappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType)
ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
MutableBoolean(org.apache.commons.lang.mutable.MutableBoolean)
Source(com.evolveum.midpoint.repo.common.expression.Source)
ResourceActivationDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceActivationDefinitionType)
ResourceObjectTypeDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectTypeDefinitionType)
ResourceBidirectionalMappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType)
MutableBoolean(org.apache.commons.lang.mutable.MutableBoolean)
Aggregations
ResourceBidirectionalMappingType (com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceBidirectionalMappingType)3
ResourceObjectTypeDefinitionType (com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectTypeDefinitionType)3
ResourceActivationDefinitionType (com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceActivationDefinitionType)2
ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)2
SynchronizationPolicyDecision (com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision)1
LensProjectionContext (com.evolveum.midpoint.model.impl.lens.LensProjectionContext)1
SynchronizationIntent (com.evolveum.midpoint.model.impl.lens.SynchronizationIntent)1
Source (com.evolveum.midpoint.repo.common.expression.Source)1
ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)1
PolicyViolationException (com.evolveum.midpoint.util.exception.PolicyViolationException)1
MappingType (com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType)1
ResourceObjectLifecycleDefinitionType (com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectLifecycleDefinitionType)1
ActivationCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType)1
ActivationLockoutStatusCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType)1
ActivationStatusCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType)1
ActivationValidityCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationValidityCapabilityType)1
MutableBoolean (org.apache.commons.lang.mutable.MutableBoolean)1
