Interface ProvisioningService
-
public interface ProvisioningService
Provisioning Service Interface * Status: public * Stability: STABLE, only compatible changes are expected This service retrieves information about resource objects and resources and handles changes to resource objects. Implementations of this interface will apply the changes to accounts, groups and other similar objects to the target resources. It also provides information about connectors and similar configuration of access to the resources. Supported object types: * Resource * Shadow * Connector TODO: better documentation- Author:
- Radovan Semancik
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description <T extends ObjectType>
StringaddObject(@NotNull PrismObject<T> object, @Nullable OperationProvisioningScriptsType scripts, @Nullable ProvisioningOperationOptions options, @NotNull Task task, @NotNull OperationResult parentResult)
Add new object.<T extends ObjectType>
voidapplyDefinition(ObjectDelta<T> delta, Objectable object, Task task, OperationResult parentResult)
Applies appropriate definition to the shadow/resource delta.<T extends ObjectType>
voidapplyDefinition(ObjectDelta<T> delta, Task task, OperationResult parentResult)
Applies appropriate definition to the shadow/resource delta.<T extends ObjectType>
voidapplyDefinition(PrismObject<T> object, Task task, OperationResult parentResult)
Applies appropriate definition to the shadow.<T extends ObjectType>
voidapplyDefinition(Class<T> type, ObjectQuery query, Task task, OperationResult parentResult)
Applies appropriate definition to the query.ConstraintsCheckingResult
checkConstraints(ResourceObjectDefinition objectTypeDefinition, PrismObject<ShadowType> shadowObject, PrismObject<ShadowType> shadowObjectOld, ResourceType resource, String shadowOid, ConstraintViolationConfirmer constraintViolationConfirmer, ConstraintsCheckingStrategyType strategy, @NotNull Task task, @NotNull OperationResult parentResult)
TODO description@NotNull ResourceObjectClassification
classifyResourceObject(@NotNull ShadowType combinedObject, @NotNull ResourceType resource, @Nullable ObjectSynchronizationDiscriminatorType existingSorterResult, @NotNull Task task, @NotNull OperationResult result)
Classifies resource object, i.e.<O extends ObjectType,T>
ItemComparisonResultcompare(Class<O> type, String oid, ItemPath path, T expectedValue, Task task, OperationResult result)
Compare value on the resource with the provided value.<T extends ObjectType>
IntegercountObjects(@NotNull Class<T> type, @Nullable ObjectQuery query, @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull Task task, @NotNull OperationResult parentResult)
<T extends ObjectType>
PrismObject<T>deleteObject(Class<T> type, String oid, ProvisioningOperationOptions option, OperationProvisioningScriptsType scripts, Task task, OperationResult parentResult)
Deletes object with specified OID.void
determineShadowState(PrismObject<ShadowType> shadow, Task task, OperationResult parentResult)
Determines shadow lifecycle state (shadow state for short), updating the shadow object.@NotNull DiscoveredConfiguration
discoverConfiguration(@NotNull PrismObject<ResourceType> resource, @NotNull OperationResult parentResult)
Discovers additional configuration properties.Set<ConnectorType>
discoverConnectors(ConnectorHostType hostType, OperationResult parentResult)
Discovers local or remote connectors.void
enterConstraintsCheckerCache()
Object
executeScript(String resourceOid, ProvisioningScriptType script, Task task, OperationResult parentResult)
Executes a single provisioning script.void
exitConstraintsCheckerCache()
void
expandConfigurationObject(@NotNull PrismObject<? extends ObjectType> configurationObject, @NotNull Task task, @NotNull OperationResult result)
Expands (in-memory) configuration object by (e.g.) resolving references to super/template objects, and so on.@Nullable ResourceSchema
fetchSchema(@NotNull PrismObject<ResourceType> resource, @NotNull OperationResult parentResult)
The operation try fetch schema by connector configuration from resource object.@Nullable String
generateShadowTag(@NotNull ShadowType combinedObject, @NotNull ResourceType resource, @NotNull ResourceObjectDefinition definition, @NotNull Task task, @NotNull OperationResult result)
Generates shadow tag (for multi-account scenarios).List<ConnectorOperationalStatus>
getConnectorOperationalStatus(String resourceOid, Task task, OperationResult parentResult)
CapabilityCollectionType
getNativeCapabilities(@NotNull String connOid, OperationResult result)
Method create collection of capabilities which connector support.<T extends ObjectType>
@NotNull PrismObject<T>getObject(@NotNull Class<T> type, @NotNull String oid, @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull Task task, @NotNull OperationResult parentResult)
Returns object for provided OID.ProvisioningDiag
getProvisioningDiag()
Returns a diagnostic information.SystemConfigurationType
getSystemConfiguration()
Temporary and quick hack.<T extends ObjectType>
StringmodifyObject(Class<T> type, String oid, Collection<? extends ItemDelta<?,?>> modifications, OperationProvisioningScriptsType scripts, ProvisioningOperationOptions options, Task task, OperationResult parentResult)
Modifies object using relative change description.void
postInit(OperationResult parentResult)
Finish initialization of provisioning system.void
processAsynchronousUpdates(@NotNull ResourceOperationCoordinates coordinates, @NotNull AsyncUpdateEventHandler handler, @NotNull Task task, @NotNull OperationResult parentResult)
Processes asynchronous updates for a given resource.void
provisioningSelfTest(OperationResult parentTestResult, Task task)
Runs a short, non-destructive internal provisioning test.void
refreshShadow(PrismObject<ShadowType> shadow, ProvisioningOperationOptions options, Task task, OperationResult parentResult)
Makes sure that the shadow is in accord with the reality.<T extends ObjectType>
@NotNull SearchResultList<PrismObject<T>>searchObjects(@NotNull Class<T> type, @Nullable ObjectQuery query, @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull Task task, @NotNull OperationResult parentResult)
Searches for objects.<T extends ObjectType>
SearchResultMetadatasearchObjectsIterative(@NotNull Class<T> type, @Nullable ObjectQuery query, @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull ResultHandler<T> handler, @NotNull Task task, @NotNull OperationResult parentResult)
Search for objects iteratively.void
setSynchronizationSorterEvaluator(SynchronizationSorterEvaluator evaluator)
Provides a sorter evaluator to the provisioning service.void
shutdown()
@NotNull SynchronizationResult
synchronize(@NotNull ResourceOperationCoordinates coordinates, @Nullable LiveSyncOptions options, @NotNull LiveSyncTokenStorage tokenStorage, @NotNull LiveSyncEventHandler handler, @NotNull Task task, @NotNull OperationResult parentResult)
Fetches synchronization change events (LiveSyncEvent
) from a resource and passes them into specifiedLiveSyncEventHandler
.default @NotNull OperationResult
testPartialConfiguration(@NotNull PrismObject<ResourceType> resource, @NotNull Task task, @NotNull OperationResult parentResult)
Test partial resource connection.default @NotNull OperationResult
testResource(@NotNull PrismObject<ResourceType> resource, @NotNull Task task, OperationResult parentResult)
@NotNull OperationResult
testResource(@NotNull PrismObject<ResourceType> resource, @Nullable ResourceTestOptions options, @NotNull Task task, OperationResult parentResult)
Test the resource connection and basic resource connector functionality.default @NotNull OperationResult
testResource(@NotNull String resourceOid, @NotNull Task task, @NotNull OperationResult parentResult)
@NotNull OperationResult
testResource(@NotNull String resourceOid, @Nullable ResourceTestOptions options, @NotNull Task task, @NotNull OperationResult parentResult)
Tests the resource connection and basic resource connector functionality.
-
-
-
Method Detail
-
getObject
@NotNull <T extends ObjectType> @NotNull PrismObject<T> getObject(@NotNull @NotNull Class<T> type, @NotNull @NotNull String oid, @Nullable @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Returns object for provided OID. Must fail if object with the OID does not exist. Resource Object Shadows: The resource object shadow attributes may be retrieved from the local database, directly form the resource or a combination of both. The retrieval may fail due to resource failure, network failure or similar external cases. The retrieval may also take relatively long time (e.g. until it times out). Retrieving `ResourceType` objects: 1. In `raw` mode, they are just fetched from the repository and the definitions are applied (ignoring most of the exceptions in the definition application process). No super-resource resolution is attempted! 2. in `noFetch` mode: TODO Retrieving `ShadowType` objects: ... TODO ... These objects are classified, if they were not (and if they were fetched from the resource). Notes: 1. The operation result is cleaned up before returning. 2. The fetch result (ObjectType.getFetchResult()
) is stored into object. It reflects the result of the "fetch from resource" operation, but also e.g. application of definitions to an object retrieved in raw mode. The exception is if the `raw` mode was used and the result is successful (because of performance). (TODO What for non-shadow/non-resource objects that are always taken from repository only?)- Parameters:
type
- the type (class) of object to getoid
- OID of the object to getparentResult
- parent OperationResult (in/out)- Returns:
- Object fetched from repository and/or resource
- Throws:
ObjectNotFoundException
- requested object does not existCommunicationException
- error communicating with the resourceSchemaException
- error dealing with resource schemaConfigurationException
- Wrong resource or connector configurationSecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesIllegalArgumentException
- wrong OID format, etc.GenericConnectorException
- unknown connector framework errorExpressionEvaluationException
-
addObject
<T extends ObjectType> String addObject(@NotNull @NotNull PrismObject<T> object, @Nullable @Nullable OperationProvisioningScriptsType scripts, @Nullable @Nullable ProvisioningOperationOptions options, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult parentResult) throws ObjectAlreadyExistsException, SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException
Add new object. The OID provided in the input message may be empty. In that case the OID will be assigned by the implementation of this method and it will be provided as return value. This operation should fail if such object already exists (if object with the provided OID already exists). The operation may fail if provided OID is in an unusable format for the storage. Generating own OIDs and providing them to this method is not recommended for normal operation. Should be atomic. Should not allow creation of two objects with the same OID (even if created in parallel). The operation may fail if the object to be created does not conform to the underlying schema of the storage system or the schema enforced by the implementation.- Parameters:
object
- object to createscripts
- scripts to execute before/after the operationparentResult
- parent OperationResult (in/out)- Returns:
- OID assigned to the created object
- Throws:
ObjectAlreadyExistsException
- object with specified identifiers already exists, cannot addSchemaException
- error dealing with resource schema, e.g. schema violationCommunicationException
- error communicating with the resourceObjectNotFoundException
- appropriate connector object was not foundIllegalArgumentException
- wrong OID format, etc.GenericConnectorException
- unknown connector framework errorSecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesConfigurationException
PolicyViolationException
ExpressionEvaluationException
-
synchronize
@NotNull @NotNull SynchronizationResult synchronize(@NotNull @NotNull ResourceOperationCoordinates coordinates, @Nullable @Nullable LiveSyncOptions options, @NotNull @NotNull LiveSyncTokenStorage tokenStorage, @NotNull @NotNull LiveSyncEventHandler handler, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, PolicyViolationException
Fetches synchronization change events (LiveSyncEvent
) from a resource and passes them into specifiedLiveSyncEventHandler
. Uses providedLiveSyncTokenStorage
to get and update the token that indicates the current position in the stream of live sync change events. It is typically invoked from a live sync activity (task). Notes regarding the `shadowCoordinates` parameter: * Resource OID is obligatory. * If neither object class nor kind are specified, all object classes on the resource are synchronized (if supported by the connector/resource). * If object class name is specified (but kind and intent are not), the object class to synchronize is determined using object class name. * If both kind and intent are specified, object type is determined based on them. It is then checked against object class name - the object class for given object type must match the specified object class name, if it's provided. * If only kind is specified (without intent), the default object type is found; and checked against object class name just like above. SeeResourceSchemaUtil.findDefinitionForBulkOperation(ResourceType, ShadowKindType, String, QName)
for the details. Note that it's not possible to specify intent without kind. Also, `unknown` values for kind or intent are not supported.- Parameters:
coordinates
- Where to attempt synchronization. See description above.options
- Options driving the synchronization process (execution mode, batch size, ...)tokenStorage
- Interface for getting and setting the token for the activityhandler
- Handler that processes live sync eventsparentResult
- Parent OperationResult to where we write our own subresults.- Throws:
ObjectNotFoundException
- Some of key objects (resource, task, ...) do not existCommunicationException
- Error communicating with the resourceSchemaException
- Error dealing with resource schemaSecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesGenericConnectorException
- Unknown connector framework errorConfigurationException
ExpressionEvaluationException
PolicyViolationException
-
processAsynchronousUpdates
void processAsynchronousUpdates(@NotNull @NotNull ResourceOperationCoordinates coordinates, @NotNull @NotNull AsyncUpdateEventHandler handler, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException
Processes asynchronous updates for a given resource. The control is not returned to the caller until processing is finished. The end of processing is usually triggered from the outside: by stopping the owning task. (So the implementor of this method should keep an eye on task.canRun() state.) Processing can be also finished when the resource encounters a fatal error. This behaviour should be configurable in the future. If the task is not of RunningTask type, the only way how to stop processing is to interrupt the thread or to close the asynchronous updates data source. Execution of updates is done in the context of the task worker threads (i.e. lightweight asynchronous subtask), if there are any. If there are none, execution is done in the thread that receives the message.- Parameters:
coordinates
- What objects to synchronize. Note that although it is possible to specify other parameters in addition to resource OID (e.g. objectClass), these settings are not supported now.- Throws:
ObjectNotFoundException
SchemaException
CommunicationException
ConfigurationException
ExpressionEvaluationException
-
searchObjects
@NotNull <T extends ObjectType> @NotNull SearchResultList<PrismObject<T>> searchObjects(@NotNull @NotNull Class<T> type, @Nullable @Nullable ObjectQuery query, @Nullable @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Searches for objects. Returns a list of objects that match search criteria. The list is never null. It is empty if there are no matching objects. The method call should fail if object type is wrong. Should fail if the query is wrong, e.g. if it contains a reference to an unknown attribute. == Specifying the "coordinates" When dealing with shadow queries in non-raw mode, there are the following requirements on the query: . there must be exactly one `resourceRef` obtainable from the query (i.e. present in the conjunction at the root level), . and .. either `kind` is specified (optionally with `intent` and/or `objectClass`), .. or `objectClass` is specified (and both `kind` and `intent` are not specified). See alsoObjectQueryUtil.getOperationCoordinates(ObjectFilter)
. (For the raw mode the requirements are currently the same; however, we may relax them in the future.) == Interpreting the query for on-resource search === If `kind` is specified In this case, a specific _object type_ definition is looked up: either by `kind` and `intent` (if the latter is present), or - if `intent` is not specified - by looking for a type marked as "default for its kind". The search is then executed against this object type, taking its delineation (object class, base context, additional filters) into account. If `objectClass` is specified as well, it is just checked against the value in given object type definition. (Hence it is not necessary nor advisable to specify object class when kind is specified.) === If only `objectClass` is specified Here the implementation searches for all objects of given `objectClass`. However, there are few things that must be done during the search, for example determining "attributes to get" i.e. what attributes should be explicitly requested. These things depend on object class or object type definition. Therefore, the implementation has to look up appropriate definition first. It does so by looking up raw or refined object class definition. If there is a type definition marked as "default for object class", it is used. However, if such a type definition is found, the delineation (base context, filters, and so on) are ignored: as stated above, all objects of given object class are searched for. SeeResourceSchemaUtil.findDefinitionForBulkOperation(ResourceType, ShadowKindType, String, QName)
andResourceSchemaUtil.findObjectDefinitionPrecisely(ResourceType, ShadowKindType, String, QName)
for the details. == Extra resource objects Note that when using kind and/or intent, the method may return objects that do not match these conditions. It depends on how precisely is the respective type definition, namely if its delineation: base context, hierarchy scope, and/or object filter(s) precisely describe objects that belong to this type. If these features do not describe the type adequately (e.g. if the classification has to be done using conditions written in Groovy), then the returned set of objects may contain ones that are not of requested type. It is then the responsibility of the caller to sort these extra objects out. == Processing ofResourceType
objects Just like thegetObject(Class, String, Collection, Task, OperationResult)
method, the resources returned from this one are processed according to the inheritance rules, unless the `raw` mode is applied. Beware that - obviously - the search query is applied to find the original resource objects, not the "processed" ones. == Fetch result The fetch result (ObjectType.getFetchResult()
) should be present in objects returned (namely, if the processing was not entirely successful). Beware that the details of storing it may differ between this method andgetObject(Class, String, Collection, Task, OperationResult)
.- Returns:
- all objects of specified type that match search criteria (subject to paging)
- Throws:
IllegalArgumentException
- wrong object typeGenericConnectorException
- unknown connector framework errorSchemaException
- unknown property used in search querySecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesObjectNotFoundException
CommunicationException
ConfigurationException
ExpressionEvaluationException
-
countObjects
<T extends ObjectType> Integer countObjects(@NotNull @NotNull Class<T> type, @Nullable @Nullable ObjectQuery query, @Nullable @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
- Parameters:
query
- SeesearchObjects(Class, ObjectQuery, Collection, Task, OperationResult)
description.options
- If noFetch or raw, we count only shadows from the repository.- Throws:
SchemaException
ObjectNotFoundException
CommunicationException
ConfigurationException
SecurityViolationException
ExpressionEvaluationException
-
searchObjectsIterative
<T extends ObjectType> SearchResultMetadata searchObjectsIterative(@NotNull @NotNull Class<T> type, @Nullable @Nullable ObjectQuery query, @Nullable @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull @NotNull ResultHandler<T> handler, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Search for objects iteratively. Searches through all object types. Calls a specified handler for each object found. If nothing is found the handler is not called and the operation returns. Should fail if object type is wrong. Should fail if unknown property is specified in the query. SeesearchObjects(Class, ObjectQuery, Collection, Task, OperationResult)
description for more information.- Parameters:
query
- search queryhandler
- result handlerparentResult
- parent OperationResult (in/out)- Throws:
IllegalArgumentException
- wrong object typeGenericConnectorException
- unknown connector framework errorSchemaException
- unknown property used in search queryObjectNotFoundException
- appropriate connector object was not foundSecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesCommunicationException
ConfigurationException
ExpressionEvaluationException
- See Also:
searchObjects(Class, ObjectQuery, Collection, Task, OperationResult)
-
modifyObject
<T extends ObjectType> String modifyObject(Class<T> type, String oid, Collection<? extends ItemDelta<?,?>> modifications, OperationProvisioningScriptsType scripts, ProvisioningOperationOptions options, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException
Modifies object using relative change description. Must fail if user with provided OID does not exist. Must fail if any of the described changes cannot be applied. Should be atomic. If two or more modify operations are executed in parallel, the operations should be merged. In case that the operations are in conflict (e.g. one operation adding a value and the other removing the same value), the result is not deterministic. The operation may fail if the modified object does not conform to the underlying schema of the storage system or the schema enforced by the implementation. TODO: optimistic locking- Parameters:
scripts
- scripts that should be executed before of after operationparentResult
- parent OperationResult (in/out)- Throws:
ObjectNotFoundException
- specified object does not existSchemaException
- resulting object would violate the schemaIllegalArgumentException
- wrong OID format, described change is not applicableGenericConnectorException
- unknown connector framework errorSecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesObjectAlreadyExistsException
- if resulting object would have name which already exists in another object of the same typeCommunicationException
ConfigurationException
PolicyViolationException
ExpressionEvaluationException
-
deleteObject
<T extends ObjectType> PrismObject<T> deleteObject(Class<T> type, String oid, ProvisioningOperationOptions option, OperationProvisioningScriptsType scripts, Task task, OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException
Deletes object with specified OID. Delete operation always deletes the resource object - or at least tries to. But this operation may or may not delete the repository shadow. The shadow may remain in a dead (tombstone) state. In that case the delete operation returns such shadow to indicate that repository shadow was not deleted. Must fail if object with specified OID does not exist. Should be atomic.- Parameters:
oid
- OID of object to deletescripts
- scripts that should be executed before of after operationparentResult
- parent OperationResult (in/out)- Returns:
- Current (usually dead) repository shadow - if it exists after delete. Otherwise returns null. For objects different from shadows (and when using raw deletion) returns null.
- Throws:
ObjectNotFoundException
- specified object does not existSecurityViolationException
- security violation while communicating with the connector or processing provisioning policiesIllegalArgumentException
- wrong OID format, described change is not applicableGenericConnectorException
- unknown connector framework errorCommunicationException
SchemaException
ConfigurationException
PolicyViolationException
ExpressionEvaluationException
-
executeScript
Object executeScript(String resourceOid, ProvisioningScriptType script, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException
Executes a single provisioning script.- Parameters:
script
- script to executeparentResult
- parent OperationResult (in/out)- Throws:
ObjectNotFoundException
- specified object does not existSchemaException
- resulting object would violate the schemaIllegalArgumentException
- wrong OID format, described change is not applicableGenericConnectorException
- unknown connector framework errorSecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesObjectAlreadyExistsException
- if resulting object would have name which already exists in another object of the same typeCommunicationException
ConfigurationException
ExpressionEvaluationException
-
testResource
@NotNull @NotNull OperationResult testResource(@NotNull @NotNull String resourceOid, @Nullable @Nullable ResourceTestOptions options, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ConfigurationException
Tests the resource connection and basic resource connector functionality. This operation will NOT throw exception in case the resource connection fails. It such case it will indicate the failure in the return message, but the operation itself succeeds. The operations fails only if the provided arguments are wrong, in case of system error, system misconfiguration, etc. Operation result handling: The method records its operation into the provided `parentResult` in a usual way. However, as the client is usually interested in details of the processing, the method returns the reference to the relevant part of the operation result tree, representing the actual "test connection" operation. Care is taken to ensure that part is nicely displayable to the user. The operation codes in the returnedOperationResult
are defined byTestResourceOpNames
enumeration class. SeeResourceTestOptions
for an explanation of the options and their default values.- Parameters:
resourceOid
- OID of resource to test- Returns:
- results of executed tests
- Throws:
ObjectNotFoundException
- resource or other required object (e.g. parent resource) does not existIllegalArgumentException
- wrong OID formatGenericConnectorException
- unknown connector framework errorSchemaException
ConfigurationException
- See Also:
TestResourceOpNames
-
testResource
@NotNull default @NotNull OperationResult testResource(@NotNull @NotNull String resourceOid, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ConfigurationException
-
testResource
@NotNull @NotNull OperationResult testResource(@NotNull @NotNull PrismObject<ResourceType> resource, @Nullable @Nullable ResourceTestOptions options, @NotNull @NotNull Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ConfigurationException
Test the resource connection and basic resource connector functionality. This operation will *not* throw exception in case the resource connection fails. For more information about operation result handling please seetestResource(String, Task, OperationResult)
method description. TODO describe the difference totestResource(String, Task, OperationResult)
and expected use of this method Notes: 1. The resource object must be mutable. 2. Normally it is expected that it will not have OID. But it may have one. The resource is _not_ updated in the repository, though, unlessResourceTestOptions.updateInRepository(Boolean)
is explicitly set toBoolean.TRUE
.- Parameters:
resource
- resource to test- Returns:
- results of executed tests
- Throws:
GenericConnectorException
- unknown connector framework errorObjectNotFoundException
- some of required objects (like the parent resource) does not existSchemaException
ConfigurationException
- See Also:
TestResourceOpNames
-
testResource
@NotNull default @NotNull OperationResult testResource(@NotNull @NotNull PrismObject<ResourceType> resource, @NotNull @NotNull Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ConfigurationException
-
testPartialConfiguration
@NotNull default @NotNull OperationResult testPartialConfiguration(@NotNull @NotNull PrismObject<ResourceType> resource, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult parentResult) throws SchemaException, ConfigurationException, ObjectNotFoundException
Test partial resource connection. Actually, this is a convenience method for callingtestResource(PrismObject, Task, OperationResult)
with theResourceTestOptions.testMode(ResourceTestOptions.TestMode)
set toResourceTestOptions.TestMode.PARTIAL
(more detailed explanation is in the `PARTIAL` value documentation).- Parameters:
resource
- resource to test- Returns:
- results of executed tests
- Throws:
GenericConnectorException
- unknown connector framework errorSchemaException
ConfigurationException
ObjectNotFoundException
- See Also:
TestResourceOpNames
-
discoverConfiguration
@NotNull @NotNull DiscoveredConfiguration discoverConfiguration(@NotNull @NotNull PrismObject<ResourceType> resource, @NotNull @NotNull OperationResult parentResult)
Discovers additional configuration properties. The resource object should contain minimal connector configuration properties to connect to the resource, then use the connection to discover additional configuration properties. Discovered configuration properties are returned from this method as Prism properties wrapped in DiscoveredConfiguration. DiscoveredConfiguration will be empty if it does not exist.- Parameters:
resource
- resource with minimal connector configuration- Returns:
- Suggested configuration properties wrapped in DiscoveredConfiguration.
-
fetchSchema
@Nullable @Nullable ResourceSchema fetchSchema(@NotNull @NotNull PrismObject<ResourceType> resource, @NotNull @NotNull OperationResult parentResult)
The operation try fetch schema by connector configuration from resource object.- Parameters:
resource
- resource with connector configuration- Returns:
- Resource schema fetched by connector
-
discoverConnectors
Set<ConnectorType> discoverConnectors(ConnectorHostType hostType, OperationResult parentResult) throws CommunicationException
Discovers local or remote connectors. The operation will try to search for new connectors. It works either on local host (hostType is null) or on a remote host (hostType is not null). All discovered connectors are stored in the repository. It returns connectors that were discovered: those that were not in the repository before invocation of this operation.- Parameters:
hostType
- definition of a connector host or nullparentResult
- parentResult parent OperationResult (in/out)- Returns:
- discovered connectors
- Throws:
CommunicationException
- error connecting to a remote host
-
getConnectorOperationalStatus
List<ConnectorOperationalStatus> getConnectorOperationalStatus(String resourceOid, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException
-
refreshShadow
void refreshShadow(PrismObject<ShadowType> shadow, ProvisioningOperationOptions options, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException, SecurityViolationException, ExpressionEvaluationException
Makes sure that the shadow is in accord with the reality. If there are any unfinished operations associated with the shadow then this method will try to finish them. If there are pending (async) operations then this method will update their status. And so on. However, this is NOT reconciliation function that will make sure that the resource object attributes are OK with all the policies. This is just a provisioning-level operation.
-
applyDefinition
<T extends ObjectType> void applyDefinition(ObjectDelta<T> delta, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException
Applies appropriate definition to the shadow/resource delta.
-
applyDefinition
<T extends ObjectType> void applyDefinition(ObjectDelta<T> delta, Objectable object, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException
Applies appropriate definition to the shadow/resource delta. The provided object is used to get necessary information, and it's (sometimes) updated as well. TODO this should be specified better
-
applyDefinition
<T extends ObjectType> void applyDefinition(PrismObject<T> object, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException
Applies appropriate definition to the shadow.
-
determineShadowState
void determineShadowState(PrismObject<ShadowType> shadow, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException
Determines shadow lifecycle state (shadow state for short), updating the shadow object.
-
applyDefinition
<T extends ObjectType> void applyDefinition(Class<T> type, ObjectQuery query, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException
Applies appropriate definition to the query. The query (for shadows) must comply with requirements similar to ones ofsearchObjects(Class, ObjectQuery, Collection, Task, OperationResult)
method. See alsoResourceSchemaUtil.findObjectDefinitionPrecisely(ResourceType, ShadowKindType, String, QName)
.
-
provisioningSelfTest
void provisioningSelfTest(OperationResult parentTestResult, Task task)
Runs a short, non-destructive internal provisioning test. It tests provisioning framework and general setup. Use ModelService.testResource for testing individual resource configurations.
-
getProvisioningDiag
ProvisioningDiag getProvisioningDiag()
Returns a diagnostic information.- See Also:
ProvisioningDiag
-
postInit
void postInit(OperationResult parentResult)
Finish initialization of provisioning system. The implementation may execute resource-intensive tasks in this method. All the dependencies should be already constructed, properly wired and initialized. Also logging and other infrastructure should be already set up.
-
checkConstraints
ConstraintsCheckingResult checkConstraints(ResourceObjectDefinition objectTypeDefinition, PrismObject<ShadowType> shadowObject, PrismObject<ShadowType> shadowObjectOld, ResourceType resource, String shadowOid, ConstraintViolationConfirmer constraintViolationConfirmer, ConstraintsCheckingStrategyType strategy, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult parentResult) throws CommunicationException, ObjectAlreadyExistsException, SchemaException, SecurityViolationException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException
TODO description
-
enterConstraintsCheckerCache
void enterConstraintsCheckerCache()
-
exitConstraintsCheckerCache
void exitConstraintsCheckerCache()
-
compare
<O extends ObjectType,T> ItemComparisonResult compare(Class<O> type, String oid, ItemPath path, T expectedValue, Task task, OperationResult result) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, EncryptionException
Compare value on the resource with the provided value. This method is used to compare resource attributes or passwords, e.g. for the purposes of password policy. Note: comparison may be quite an expensive and heavy weight operation, e.g. it may try authenticating the user on the resource.
-
shutdown
void shutdown()
-
getSystemConfiguration
SystemConfigurationType getSystemConfiguration()
Temporary and quick hack. TODO fix this
-
setSynchronizationSorterEvaluator
void setSynchronizationSorterEvaluator(SynchronizationSorterEvaluator evaluator)
Provides a sorter evaluator to the provisioning service.
-
classifyResourceObject
@NotNull @NotNull ResourceObjectClassification classifyResourceObject(@NotNull @NotNull ShadowType combinedObject, @NotNull @NotNull ResourceType resource, @Nullable @Nullable ObjectSynchronizationDiscriminatorType existingSorterResult, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ConfigurationException, ObjectNotFoundException
Classifies resource object, i.e. determines its kind and intent (not the tag!). . Ignores existing shadow classification. . Invokes synchronization sorter, if it's defined for the resource. . Even if new classification is determined, does _not_ update shadow in the repository. If you need to classify an unclassified (and not fetched yet) shadow, it may be generally better to callgetObject(Class, String, Collection, Task, OperationResult)
method. It attempts to classify any unclassified objects retrieved.- Parameters:
combinedObject
- Resource object combined with its shadow. Full "shadowization" is not required.- Throws:
SchemaException
ExpressionEvaluationException
CommunicationException
SecurityViolationException
ConfigurationException
ObjectNotFoundException
-
generateShadowTag
@Nullable @Nullable String generateShadowTag(@NotNull @NotNull ShadowType combinedObject, @NotNull @NotNull ResourceType resource, @NotNull @NotNull ResourceObjectDefinition definition, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ConfigurationException, ObjectNotFoundException
Generates shadow tag (for multi-account scenarios). . Ignores existing shadow tag. . Does _not_ update shadow in the repository.
-
expandConfigurationObject
@Experimental void expandConfigurationObject(@NotNull @NotNull PrismObject<? extends ObjectType> configurationObject, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException
Expands (in-memory) configuration object by (e.g.) resolving references to super/template objects, and so on. The expansion is done in-place i.e. the object is directly modified by the operation. Provenance metadata are filled-in, see the description inOriginMarker
. Assumes that there are no value metadata on entry! Currently implemented for resources.
-
getNativeCapabilities
@Experimental CapabilityCollectionType getNativeCapabilities(@NotNull @NotNull String connOid, OperationResult result) throws SchemaException, CommunicationException, ConfigurationException, ObjectNotFoundException
Method create collection of capabilities which connector support. EXPERIMENTAL feature.- Returns:
- Return supported operations for connector.
- Throws:
SchemaException
CommunicationException
ConfigurationException
ObjectNotFoundException
-
-