Example 41 with UpgradeException
use of org.forgerock.openam.upgrade.UpgradeException in project OpenAM by OpenRock.
the class RemoveNetscapeLDAPStep method perform.
@Override
public void perform() throws UpgradeException {
try {
ServiceConfigManager scm = new ServiceConfigManager(IdConstants.REPO_SERVICE, getAdminToken());
for (Map.Entry<String, Set<String>> realmConfig : subSchemaIds.entrySet()) {
ServiceConfig sc = scm.getOrganizationConfig(realmConfig.getKey(), null);
UpgradeProgress.reportStart(REALM_PROGRESS, realmConfig.getKey());
for (String configName : realmConfig.getValue()) {
Map<String, Set<String>> oldConfig = sc.getSubConfig(configName).getAttributesWithoutDefaultsForRead();
Map<String, Set<String>> newConfig = new HashMap<>();
// A configured NetscapeLDAPv3 schema will have only one of the following
// attributes, which will indicate the type of the ldap connection.
copyAttribute(oldConfig, newConfig, "sun-idrepo-ldapv3-ldapv3Generic");
copyAttribute(oldConfig, newConfig, "sun-idrepo-ldapv3-ldapv3AMDS");
copyAttribute(oldConfig, newConfig, "sun-idrepo-ldapv3-ldapv3OpenDS");
copyAttribute(oldConfig, newConfig, "sun-idrepo-ldapv3-ldapv3Tivoli");
copyAttribute(oldConfig, newConfig, "sun-idrepo-ldapv3-ldapv3AD");
copyAttribute(oldConfig, newConfig, "sun-idrepo-ldapv3-ldapv3ADAM");
if (newConfig.size() != 1) {
DEBUG.error("ID Repo {} in realm {} has types: ", configName, realmConfig.getKey(), newConfig);
throw new UpgradeException("Cannot deduce type of id repo config: " + configName);
}
String typeString = newConfig.keySet().iterator().next();
LdapType type = LdapType.valueOf(typeString.substring("sun-idrepo-ldapv3-ldapv3".length()));
for (String attributeName : ATTRIBUTES_TO_COPY) {
copyAttribute(oldConfig, newConfig, attributeName);
}
if (CollectionHelper.getBooleanMapAttr(oldConfig, "sun-idrepo-ldapv3-config-ssl-enabled", false)) {
newConfig.put("sun-idrepo-ldapv3-config-connection-mode", asSet("LDAPS"));
}
sc.removeSubConfig(configName);
sc.addSubConfig(configName, type.schemaType, 0, newConfig);
}
UpgradeProgress.reportEnd("upgrade.success");
}
if (removeSubSchema) {
UpgradeProgress.reportStart(SCHEMA_PROGRESS);
ServiceSchemaManager ssm = new ServiceSchemaManager(IdConstants.REPO_SERVICE, getAdminToken());
ssm.getOrganizationSchema().removeSubSchema(NETSCAPE_LDAP_V3);
UpgradeProgress.reportEnd("upgrade.success");
}
} catch (Exception ex) {
DEBUG.error("Unable to upgrade old datastore configurations", ex);
throw new UpgradeException("An error occured while trying to upgrade old datastore configurations");
}
}
Also used :
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
TreeSet(java.util.TreeSet)
Set(java.util.Set)
CollectionUtils.asSet(org.forgerock.openam.utils.CollectionUtils.asSet)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
HashMap(java.util.HashMap)
HashMap(java.util.HashMap)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
ServiceConfigManager(com.sun.identity.sm.ServiceConfigManager)
ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager)
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
Example 42 with UpgradeException
use of org.forgerock.openam.upgrade.UpgradeException in project OpenAM by OpenRock.
the class RemoveReferralsStep method extractReferralInformation.
private void extractReferralInformation(SearchResultEntry entry) throws UpgradeException {
referralsToBeRemoved.add(entry.getName());
Set<String> values = entry.parseAttribute("sunKeyValue").asSetOfString();
JsonValue referralJson = null;
for (String value : values) {
if (value.startsWith("serializable=")) {
String jsonString = value.substring("serializable=".length());
try {
referralJson = JsonValue.json(mapper.readValue(jsonString, Map.class));
break;
} catch (IOException e) {
throw new UpgradeException(format("Failed to parse json for referral %s", entry.getName()), e);
}
}
}
if (referralJson == null) {
throw new UpgradeException(format("Expected referral %s to have serializable attribute", entry.getName()));
}
Set<String> listedApplications = referralJson.get("mapApplNameToResources").required().keys();
Set<String> listedRealms = referralJson.get("realms").required().asSet(String.class);
for (String application : listedApplications) {
Set<String> destinationRealms = applicationsToClone.get(application);
if (destinationRealms == null) {
destinationRealms = new HashSet<>();
applicationsToClone.put(application, destinationRealms);
}
destinationRealms.addAll(listedRealms);
}
}
Also used :
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
JsonValue(org.forgerock.json.JsonValue)
IOException(java.io.IOException)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
Example 43 with UpgradeException
use of org.forgerock.openam.upgrade.UpgradeException in project OpenAM by OpenRock.
the class RemoveReferralsStep method enactRequiredPolicyModelChanges.
private void enactRequiredPolicyModelChanges(Application application, String sourceRealm, String destinationRealm) throws EntitlementException, UpgradeException {
PrivilegeManager policyManager = policyServiceFactory.get(destinationRealm, getAdminSubject());
List<Privilege> policies = policyManager.findAllPoliciesByApplication(application.getName());
if (policies.isEmpty()) {
// Only necessary to reinstate application if policies exist in the realm.
return;
}
try {
UpgradeProgress.reportStart(AUDIT_CLONING_APPLICATION_START, application.getName(), destinationRealm);
String resourceTypeId = application.getResourceTypeUuids().iterator().next();
String clonedResourceTypeId = instateAssociatedResourceType(resourceTypeId, sourceRealm, destinationRealm);
Application clonedApplication = cloneApplication(application, clonedResourceTypeId);
applicationService.saveApplication(getAdminSubject(), destinationRealm, clonedApplication);
for (Privilege policy : policies) {
policy.setResourceTypeUuid(clonedResourceTypeId);
policyManager.modify(policy);
}
UpgradeProgress.reportEnd(AUDIT_UPGRADE_SUCCESS);
} catch (EntitlementException | UpgradeException e) {
UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL);
throw e;
}
}
Also used :
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager)
Privilege(com.sun.identity.entitlement.Privilege)
Application(com.sun.identity.entitlement.Application)
Example 44 with UpgradeException
use of org.forgerock.openam.upgrade.UpgradeException in project OpenAM by OpenRock.
the class UpgradeEntitlementsStep method initialize.
@Override
public void initialize() throws UpgradeException {
try {
DEBUG.message("Initializing UpgradeEntitlementsStep");
ServiceConfig appType = getDefaultApplicationType();
Map<String, Set<String>> attrs = appType.getAttributes();
String searchImpl = CollectionHelper.getMapAttr(attrs, SEARCH_INDEX_IMPL);
String saveImpl = CollectionHelper.getMapAttr(attrs, SAVE_INDEX_IMPL);
if (NEW_SEARCH_IMPL.equals(searchImpl) && NEW_SAVE_IMPL.equals(saveImpl)) {
DEBUG.message("The entitlements framework is already using the new TreeSearchIndex/TreeSaveIndex" + " implementations");
} else {
// There might not be any policies to upgrade but always update the search and save index
// implementation values if they are not already updated.
upgradeIndexImpls = true;
for (String realm : getRealmNames()) {
Map<PolicyType, Set<String>> map = new EnumMap<PolicyType, Set<String>>(PolicyType.class);
PolicyManager pm = new PolicyManager(getAdminToken(), realm);
Set<String> policyNames = pm.getPolicyNames();
for (String policyName : policyNames) {
Policy policy = pm.getPolicy(policyName);
PolicyType type;
if (policy.isReferralPolicy()) {
type = PolicyType.REFERRAL;
} else {
//There is a small edgecase here in case a rule contains multiple resourcenames, but that
//isn't quite a supported case anyways
policyRuleCount += policy.getRuleNames().size();
type = PolicyType.POLICY;
}
Set<String> values = map.get(type);
if (values == null) {
values = new HashSet<String>();
}
values.add(policyName);
map.put(type, values);
upgradableConfigs.put(realm, map);
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("Discovered following policies/referrals:\n" + upgradableConfigs);
}
}
} catch (Exception ex) {
DEBUG.error("Error while trying to detect changes in entitlements", ex);
throw new UpgradeException(ex);
}
}
Also used :
Policy(com.sun.identity.policy.Policy)
PolicyManager(com.sun.identity.policy.PolicyManager)
HashSet(java.util.HashSet)
Set(java.util.Set)
CollectionUtils.asSet(org.forgerock.openam.utils.CollectionUtils.asSet)
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
SMSException(com.sun.identity.sm.SMSException)
SSOException(com.iplanet.sso.SSOException)
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
EnumMap(java.util.EnumMap)
Example 45 with UpgradeException
use of org.forgerock.openam.upgrade.UpgradeException in project OpenAM by OpenRock.
the class UpgradeEntitlementsStep method upgradeEntitlementIndexes.
private void upgradeEntitlementIndexes() throws UpgradeException {
Connection conn = null;
Connection modConn = null;
try {
conn = getConnection();
//obtaining a second connection to perform the modifications.
modConn = getConnection();
SearchRequest sr = LDAPRequests.newSearchRequest(SMSEntry.getRootSuffix(), SearchScope.WHOLE_SUBTREE, ENTITLEMENT_INDEX_FILTER, SUN_KEY_VALUE, SUN_XML_KEY_VALUE);
ConnectionEntryReader reader = conn.search(sr);
int counter = 0;
long lastReport = System.currentTimeMillis();
while (reader.hasNext()) {
if (reader.isEntry()) {
if (System.currentTimeMillis() - lastReport > 3000) {
UpgradeProgress.reportEnd("upgrade.entitlement.privilege", counter, policyRuleCount);
lastReport = System.currentTimeMillis();
}
SearchResultEntry entry = reader.readEntry();
Set<String> newValues = processEntry(entry);
ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(entry.getName());
modifyRequest.addModification(ModificationType.REPLACE, SUN_XML_KEY_VALUE, newValues.toArray());
if (DEBUG.messageEnabled()) {
DEBUG.message("Upgrading entitlements index for: " + entry.getName());
}
modConn.modify(modifyRequest);
counter++;
} else {
reader.readReference();
}
}
UpgradeProgress.reportEnd("upgrade.entitlement.privilege", policyRuleCount, policyRuleCount);
} catch (Exception ex) {
DEBUG.error("An error occurred while upgrading the entitlement indexes", ex);
throw new UpgradeException(ex);
} finally {
IOUtils.closeIfNotNull(conn);
IOUtils.closeIfNotNull(modConn);
}
}
Also used :
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
Connection(org.forgerock.opendj.ldap.Connection)
ModifyRequest(org.forgerock.opendj.ldap.requests.ModifyRequest)
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
SMSException(com.sun.identity.sm.SMSException)
SSOException(com.iplanet.sso.SSOException)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Aggregations
UpgradeException (org.forgerock.openam.upgrade.UpgradeException)81
SSOException (com.iplanet.sso.SSOException)29
HashMap (java.util.HashMap)27
SMSException (com.sun.identity.sm.SMSException)25
Set (java.util.Set)25
HashSet (java.util.HashSet)22
Map (java.util.Map)22
ServiceConfig (com.sun.identity.sm.ServiceConfig)21
EntitlementException (com.sun.identity.entitlement.EntitlementException)16
ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)14
Application (com.sun.identity.entitlement.Application)10
IOException (java.io.IOException)10
PolicyManager (com.sun.identity.policy.PolicyManager)8
PolicyException (com.sun.identity.policy.PolicyException)6
ServiceNotFoundException (com.sun.identity.sm.ServiceNotFoundException)6
EntitlementUtils.resourceTypeFromMap (org.forgerock.openam.entitlement.utils.EntitlementUtils.resourceTypeFromMap)6
Node (org.w3c.dom.Node)5
ServiceSchema (com.sun.identity.sm.ServiceSchema)4
ServiceSchemaManager (com.sun.identity.sm.ServiceSchemaManager)4
Properties (java.util.Properties)4
