use of com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType in project midpoint by Evolveum.
the class EntitlementConverter method postProcessEntitlementsRead.
//////////
// GET
/////////
public void postProcessEntitlementsRead(ProvisioningContext subjectCtx, PrismObject<ShadowType> resourceObject, OperationResult parentResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
ResourceType resourceType = subjectCtx.getResource();
LOGGER.trace("Starting postProcessEntitlementRead");
RefinedObjectClassDefinition objectClassDefinition = subjectCtx.getObjectClassDefinition();
Collection<RefinedAssociationDefinition> entitlementAssociationDefs = objectClassDefinition.getAssociationDefinitions();
if (entitlementAssociationDefs != null) {
ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(resourceObject);
PrismContainerDefinition<ShadowAssociationType> associationDef = resourceObject.getDefinition().findContainerDefinition(ShadowType.F_ASSOCIATION);
PrismContainer<ShadowAssociationType> associationContainer = associationDef.instantiate();
for (RefinedAssociationDefinition assocDefType : entitlementAssociationDefs) {
ShadowKindType entitlementKind = assocDefType.getKind();
if (entitlementKind == null) {
entitlementKind = ShadowKindType.ENTITLEMENT;
}
for (String entitlementIntent : assocDefType.getIntents()) {
LOGGER.trace("Resolving association {} for kind {} and intent {}", assocDefType.getName(), entitlementKind, entitlementIntent);
ProvisioningContext entitlementCtx = subjectCtx.spawn(entitlementKind, entitlementIntent);
RefinedObjectClassDefinition entitlementDef = entitlementCtx.getObjectClassDefinition();
if (entitlementDef == null) {
throw new SchemaException("No definition for entitlement intent(s) '" + assocDefType.getIntents() + "' in " + resourceType);
}
ResourceObjectAssociationDirectionType direction = assocDefType.getResourceObjectAssociationType().getDirection();
if (direction == ResourceObjectAssociationDirectionType.SUBJECT_TO_OBJECT) {
postProcessEntitlementSubjectToEntitlement(resourceType, resourceObject, objectClassDefinition, assocDefType, entitlementDef, attributesContainer, associationContainer, parentResult);
} else if (direction == ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
if (assocDefType.getResourceObjectAssociationType().getShortcutAssociationAttribute() != null) {
postProcessEntitlementSubjectToEntitlement(resourceType, resourceObject, objectClassDefinition, assocDefType, entitlementDef, attributesContainer, associationContainer, assocDefType.getResourceObjectAssociationType().getShortcutAssociationAttribute(), assocDefType.getResourceObjectAssociationType().getShortcutValueAttribute(), parentResult);
} else {
postProcessEntitlementEntitlementToSubject(subjectCtx, resourceObject, assocDefType, entitlementCtx, attributesContainer, associationContainer, parentResult);
}
} else {
throw new IllegalArgumentException("Unknown entitlement direction " + direction + " in association " + assocDefType + " in " + resourceType);
}
}
}
if (!associationContainer.isEmpty()) {
resourceObject.add(associationContainer);
}
}
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType in project midpoint by Evolveum.
the class EntitlementConverter method postProcessEntitlementSubjectToEntitlement.
private <S extends ShadowType, T> void postProcessEntitlementSubjectToEntitlement(ResourceType resourceType, PrismObject<S> resourceObject, RefinedObjectClassDefinition objectClassDefinition, RefinedAssociationDefinition assocDefType, RefinedObjectClassDefinition entitlementDef, ResourceAttributeContainer attributesContainer, PrismContainer<ShadowAssociationType> associationContainer, QName assocAttrName, QName valueAttrName, OperationResult parentResult) throws SchemaException {
QName associationName = assocDefType.getName();
if (associationName == null) {
throw new SchemaException("No name in entitlement association " + assocDefType + " in " + resourceType);
}
if (assocAttrName == null) {
throw new SchemaException("No association attribute defined in entitlement association '" + associationName + "' in " + resourceType);
}
RefinedAttributeDefinition assocAttrDef = objectClassDefinition.findAttributeDefinition(assocAttrName);
if (assocAttrDef == null) {
throw new SchemaException("Association attribute '" + assocAttrName + "'defined in entitlement association '" + associationName + "' was not found in schema for " + resourceType);
}
ResourceAttribute<T> assocAttr = attributesContainer.findAttribute(assocAttrName);
if (assocAttr == null || assocAttr.isEmpty()) {
// Nothing to do. No attribute to base the association on.
LOGGER.trace("Association attribute {} is empty, skipping association {}", assocAttrName, associationName);
return;
}
if (valueAttrName == null) {
throw new SchemaException("No value attribute defined in entitlement association '" + associationName + "' in " + resourceType);
}
RefinedAttributeDefinition valueAttrDef = entitlementDef.findAttributeDefinition(valueAttrName);
for (PrismPropertyValue<T> assocAttrPVal : assocAttr.getValues()) {
ResourceAttribute<T> valueAttribute = valueAttrDef.instantiate();
valueAttribute.add(assocAttrPVal.clone());
PrismContainerValue<ShadowAssociationType> associationCVal = associationContainer.createNewValue();
associationCVal.asContainerable().setName(associationName);
ResourceAttributeContainer identifiersContainer = new ResourceAttributeContainer(ShadowAssociationType.F_IDENTIFIERS, entitlementDef.toResourceAttributeContainerDefinition(), prismContext);
associationCVal.add(identifiersContainer);
identifiersContainer.add(valueAttribute);
LOGGER.trace("Assocciation attribute value resolved to valueAtrribute {} and identifiers container {}", valueAttribute, identifiersContainer);
}
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType in project midpoint by Evolveum.
the class TextFormatter method formatAccountAttributes.
// todo - should each hiddenAttribute be prefixed with something like F_ATTRIBUTE? Currently it should not be.
public String formatAccountAttributes(ShadowType shadowType, List<ItemPath> hiddenAttributes, boolean showOperationalAttributes) {
Validate.notNull(shadowType, "shadowType is null");
StringBuilder retval = new StringBuilder();
if (shadowType.getAttributes() != null) {
formatContainerValue(retval, "", shadowType.getAttributes().asPrismContainerValue(), false, hiddenAttributes, showOperationalAttributes);
}
if (shadowType.getCredentials() != null) {
formatContainerValue(retval, "", shadowType.getCredentials().asPrismContainerValue(), false, hiddenAttributes, showOperationalAttributes);
}
if (shadowType.getActivation() != null) {
formatContainerValue(retval, "", shadowType.getActivation().asPrismContainerValue(), false, hiddenAttributes, showOperationalAttributes);
}
if (shadowType.getAssociation() != null) {
boolean first = true;
for (ShadowAssociationType shadowAssociationType : shadowType.getAssociation()) {
if (first) {
first = false;
retval.append("\n");
}
retval.append("Association:\n");
formatContainerValue(retval, " ", shadowAssociationType.asPrismContainerValue(), false, hiddenAttributes, showOperationalAttributes);
retval.append("\n");
}
}
return retval.toString();
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType in project midpoint by Evolveum.
the class TestOpenDj method test402AddAccountMorganWithAssociation.
@Test
public void test402AddAccountMorganWithAssociation() throws Exception {
final String TEST_NAME = "test402AddAccountMorganWithAssociation";
TestUtil.displayTestTile(TEST_NAME);
Task task = createTask(TEST_NAME);
OperationResult result = task.getResult();
ShadowType object = parseObjectType(ACCOUNT_MORGAN_FILE, ShadowType.class);
IntegrationTestTools.display("Adding object", object);
// WHEN
String addedObjectOid = provisioningService.addObject(object.asPrismObject(), null, null, task, result);
// THEN
assertEquals(ACCOUNT_MORGAN_OID, addedObjectOid);
ShadowType shadowType = repositoryService.getObject(ShadowType.class, ACCOUNT_MORGAN_OID, null, result).asObjectable();
PrismAsserts.assertEqualsPolyString("Wrong ICF name (repo)", ACCOUNT_MORGAN_DN, shadowType.getName());
ShadowType provisioningShadowType = provisioningService.getObject(ShadowType.class, ACCOUNT_MORGAN_OID, null, taskManager.createTaskInstance(), result).asObjectable();
PrismAsserts.assertEqualsPolyString("Wrong ICF name (provisioning)", ACCOUNT_MORGAN_DN, provisioningShadowType.getName());
String uid = ShadowUtil.getSingleStringAttributeValue(shadowType, getPrimaryIdentifierQName());
assertNotNull(uid);
List<ShadowAssociationType> associations = provisioningShadowType.getAssociation();
assertEquals("Unexpected number of associations", 1, associations.size());
ShadowAssociationType association = associations.get(0);
assertEquals("Wrong group OID in association", GROUP_SWASHBUCKLERS_OID, association.getShadowRef().getOid());
Entry accountEntry = openDJController.searchAndAssertByEntryUuid(uid);
display("LDAP account", accountEntry);
assertNotNull("No LDAP account entry");
String accountDn = accountEntry.getDN().toString();
assertEquals("Wrong account DN", ACCOUNT_MORGAN_DN, accountDn);
Entry groupEntry = openDJController.fetchEntry(GROUP_SWASHBUCKLERS_DN);
display("LDAP group", groupEntry);
assertNotNull("No LDAP group entry");
openDJController.assertUniqueMember(groupEntry, accountDn);
assertShadows(19);
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType in project midpoint by Evolveum.
the class TestOpenDj method assertEntitlementGroup.
protected void assertEntitlementGroup(PrismObject<ShadowType> account, String entitlementOid) {
ShadowAssociationType associationType = IntegrationTestTools.assertAssociation(account, ASSOCIATION_GROUP_NAME, entitlementOid);
PrismContainerValue identifiersCVal = associationType.getIdentifiers().asPrismContainerValue();
PrismProperty<String> dnProp = identifiersCVal.findProperty(getSecondaryIdentifierQName());
assertNotNull("No DN identifier in group association in " + account + ", got " + identifiersCVal, dnProp);
}
Aggregations