Interface ProvisioningService
-
public interface ProvisioningService
Provisioning Service Interface.
Status: public Stability: STABLE, only compatible changes are expected
- Version:
- 3.7.1
- Author:
- Radovan Semancik
This service retrieves information about resource objects and resources and handles changes to resource objects. Implementations of this interface will apply the changes to accounts, groups and other similar objects to the target resources. It also provides information about connectors and similar configuration of access to the resources.
Supported object types:
- Resource
- Shadow
- Connector
TODO: better documentation
-
-
Method Summary
All Methods Instance Methods Abstract Methods Deprecated Methods Modifier and Type Method Description <T extends ObjectType>
StringaddObject(PrismObject<T> object, OperationProvisioningScriptsType scripts, ProvisioningOperationOptions options, Task task, OperationResult parentResult)
Add new object.<T extends ObjectType>
voidapplyDefinition(ObjectDelta<T> delta, Objectable object, Task task, OperationResult parentResult)
Applies appropriate definition to the shadow/resource delta (uses provided object to get necessary information)<T extends ObjectType>
voidapplyDefinition(ObjectDelta<T> delta, Task task, OperationResult parentResult)
Applies appropriate definition to the shadow/resource delta.<T extends ObjectType>
voidapplyDefinition(PrismObject<T> object, Task task, OperationResult parentResult)
Applies appropriate definition to the shadow.<T extends ObjectType>
voidapplyDefinition(Class<T> type, ObjectQuery query, Task task, OperationResult parentResult)
Applies appropriate definition to the query.ConstraintsCheckingResult
checkConstraints(RefinedObjectClassDefinition shadowDefinition, PrismObject<ShadowType> shadowObject, PrismObject<ShadowType> shadowObjectOld, ResourceType resourceType, String shadowOid, ResourceShadowDiscriminator resourceShadowDiscriminator, ConstraintViolationConfirmer constraintViolationConfirmer, ConstraintsCheckingStrategyType strategy, Task task, OperationResult parentResult)
<O extends ObjectType,T>
ItemComparisonResultcompare(Class<O> type, String oid, ItemPath path, T expectedValue, Task task, OperationResult result)
Compare value on the resource with the provided value.<T extends ObjectType>
IntegercountObjects(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult)
Options: if noFetch or raw, we count only shadows from the repository.<T extends ObjectType>
PrismObject<T>deleteObject(Class<T> type, String oid, ProvisioningOperationOptions option, OperationProvisioningScriptsType scripts, Task task, OperationResult parentResult)
Deletes object with specified OID.Set<ConnectorType>
discoverConnectors(ConnectorHostType hostType, OperationResult parentResult)
Discovers local or remote connectors.void
enterConstraintsCheckerCache()
<T extends ObjectType>
ObjectexecuteScript(String resourceOid, ProvisioningScriptType script, Task task, OperationResult parentResult)
Executes a single provisioning script.void
exitConstraintsCheckerCache()
AsyncUpdateListeningActivityInformationType
getAsyncUpdatesListeningActivityInformation(String listeningActivityHandle, Task task, OperationResult parentResult)
List<ConnectorOperationalStatus>
getConnectorOperationalStatus(String resourceOid, Task task, OperationResult parentResult)
<T extends ObjectType>
PrismObject<T>getObject(Class<T> type, String oid, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult)
Returns object for provided OID.ProvisioningDiag
getProvisioningDiag()
Returns a diagnostic information.SystemConfigurationType
getSystemConfiguration()
Temporary and quick hack.List<PrismObject<? extends ShadowType>>
listResourceObjects(String resourceOid, QName objectClass, ObjectPaging paging, Task task, OperationResult parentResult)
Deprecated.<T extends ObjectType>
StringmodifyObject(Class<T> type, String oid, Collection<? extends ItemDelta> modifications, OperationProvisioningScriptsType scripts, ProvisioningOperationOptions options, Task task, OperationResult parentResult)
Modifies object using relative change description.void
postInit(OperationResult parentResult)
Finish initialization of provisioning system.void
provisioningSelfTest(OperationResult parentTestResult, Task task)
Runs a short, non-destructive internal provisioning test.void
refreshShadow(PrismObject<ShadowType> shadow, ProvisioningOperationOptions options, Task task, OperationResult parentResult)
Makes sure that the shadow is in accord with the reality.<T extends ObjectType>
SearchResultList<PrismObject<T>>searchObjects(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult)
Search for objects.<T extends ObjectType>
SearchResultMetadatasearchObjectsIterative(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, ResultHandler<T> handler, Task task, OperationResult parentResult)
Search for objects iteratively.void
shutdown()
String
startListeningForAsyncUpdates(ResourceShadowDiscriminator shadowCoordinates, Task task, OperationResult parentResult)
Starts listening for asynchronous updates for a given resource.void
stopListeningForAsyncUpdates(String listeningActivityHandle, Task task, OperationResult parentResult)
Stops the given listening activity.int
synchronize(ResourceShadowDiscriminator shadowCoordinates, Task task, TaskPartitionDefinitionType taskPartition, OperationResult parentResult)
Collect external changes on a resource and call the business logic with the accumulated change data.OperationResult
testResource(String resourceOid, Task task)
Test the resource connection and basic resource connector functionality.
-
-
-
Method Detail
-
getObject
<T extends ObjectType> PrismObject<T> getObject(Class<T> type, String oid, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Returns object for provided OID. Must fail if object with the OID does not exists. Resource Object Shadows: The resource object shadow attributes may be retrieved from the local database, directly form the resource or a combination of both. The retrieval may fail due to resource failure, network failure or similar external cases. The retrieval may also take relatively long time (e.g. until it times out).- Parameters:
type
- the type (class) of object to getoid
- OID of the object to getparentResult
- parent OperationResult (in/out)- Returns:
- Object fetched from repository and/or resource
- Throws:
ObjectNotFoundException
- requested object does not existCommunicationException
- error communicating with the resourceSchemaException
- error dealing with resource schemaConfigurationException
- Wrong resource or connector configurationSecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesIllegalArgumentException
- wrong OID format, etc.GenericConnectorException
- unknown connector framework errorExpressionEvaluationException
-
addObject
<T extends ObjectType> String addObject(PrismObject<T> object, OperationProvisioningScriptsType scripts, ProvisioningOperationOptions options, Task task, OperationResult parentResult) throws ObjectAlreadyExistsException, SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException
Add new object. The OID provided in the input message may be empty. In that case the OID will be assigned by the implementation of this method and it will be provided as return value. This operation should fail if such object already exists (if object with the provided OID already exists). The operation may fail if provided OID is in an unusable format for the storage. Generating own OIDs and providing them to this method is not recommended for normal operation. Should be atomic. Should not allow creation of two objects with the same OID (even if created in parallel). The operation may fail if the object to be created does not conform to the underlying schema of the storage system or the schema enforced by the implementation.- Parameters:
object
- object to createscripts
- scripts to execute before/after the operationparentResult
- parent OperationResult (in/out)- Returns:
- OID assigned to the created object
- Throws:
ObjectAlreadyExistsException
- object with specified identifiers already exists, cannot addSchemaException
- error dealing with resource schema, e.g. schema violationCommunicationException
- error communicating with the resourceObjectNotFoundException
- appropriate connector object was not foundConfigurationException
IllegalArgumentException
- wrong OID format, etc.GenericConnectorException
- unknown connector framework errorSecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesPolicyViolationException
ExpressionEvaluationException
-
synchronize
int synchronize(ResourceShadowDiscriminator shadowCoordinates, Task task, TaskPartitionDefinitionType taskPartition, OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, PolicyViolationException, PreconditionViolationException
Collect external changes on a resource and call the business logic with the accumulated change data. This method will be invoked by scheduler/sync thread. TODO: Better description- Parameters:
resourceOid
- OID of the resource for which to attempt synchronizationparentResult
- parent OperationResult (in/out)- Returns:
- the number of processed changes
- Throws:
ObjectNotFoundException
- some of key objects (resource, task, ...) do not existCommunicationException
- error communicating with the resourceSchemaException
- error dealing with resource schemaConfigurationException
SecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesGenericConnectorException
- unknown connector framework errorExpressionEvaluationException
PolicyViolationException
PreconditionViolationException
-
startListeningForAsyncUpdates
String startListeningForAsyncUpdates(ResourceShadowDiscriminator shadowCoordinates, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException
Starts listening for asynchronous updates for a given resource. Returns "listening activity handle" that will be used to stop the listening activity. Note that although it is possible to specify other parameters in addition to resource OID (e.g. objectClass), these settings are not supported now.
-
stopListeningForAsyncUpdates
void stopListeningForAsyncUpdates(String listeningActivityHandle, Task task, OperationResult parentResult)
Stops the given listening activity.
-
getAsyncUpdatesListeningActivityInformation
AsyncUpdateListeningActivityInformationType getAsyncUpdatesListeningActivityInformation(String listeningActivityHandle, Task task, OperationResult parentResult)
-
searchObjects
@NotNull <T extends ObjectType> SearchResultList<PrismObject<T>> searchObjects(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Search for objects. Searches through all object types. Returns a list of objects that match search criteria. Returns empty list if object type is correct but there are no objects of that type. Should fail if object type is wrong. Should fail if unknown property is specified in the query.- Parameters:
paging
- paging specification to limit operation result (optional)query
- search querytask
-parentResult
- parent OperationResult (in/out) @return all objects of specified type that match search criteria (subject to paging)- Throws:
IllegalArgumentException
- wrong object typeGenericConnectorException
- unknown connector framework errorSchemaException
- unknown property used in search queryConfigurationException
SecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesObjectNotFoundException
CommunicationException
ExpressionEvaluationException
-
countObjects
<T extends ObjectType> Integer countObjects(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Options: if noFetch or raw, we count only shadows from the repository.
-
searchObjectsIterative
<T extends ObjectType> SearchResultMetadata searchObjectsIterative(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, ResultHandler<T> handler, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Search for objects iteratively. Searches through all object types. Calls a specified handler for each object found. If nothing is found the handler is not called and the operation returns. Should fail if object type is wrong. Should fail if unknown property is specified in the query.- Parameters:
query
- search queryhandler
- result handlertask
-parentResult
- parent OperationResult (in/out)- Throws:
IllegalArgumentException
- wrong object typeGenericConnectorException
- unknown connector framework errorSchemaException
- unknown property used in search queryObjectNotFoundException
- appropriate connector object was not foundConfigurationException
SecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesCommunicationException
ExpressionEvaluationException
-
modifyObject
<T extends ObjectType> String modifyObject(Class<T> type, String oid, Collection<? extends ItemDelta> modifications, OperationProvisioningScriptsType scripts, ProvisioningOperationOptions options, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException
Modifies object using relative change description. Must fail if user with provided OID does not exists. Must fail if any of the described changes cannot be applied. Should be atomic. If two or more modify operations are executed in parallel, the operations should be merged. In case that the operations are in conflict (e.g. one operation adding a value and the other removing the same value), the result is not deterministic. The operation may fail if the modified object does not conform to the underlying schema of the storage system or the schema enforced by the implementation. TODO: optimistic locking- Parameters:
scripts
- scripts that should be executed before of after operationparentResult
- parent OperationResult (in/out)- Throws:
ObjectNotFoundException
- specified object does not existSchemaException
- resulting object would violate the schemaIllegalArgumentException
- wrong OID format, described change is not applicableGenericConnectorException
- unknown connector framework errorSecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesObjectAlreadyExistsException
- if resulting object would have name which already exists in another object of the same typeCommunicationException
ConfigurationException
PolicyViolationException
ExpressionEvaluationException
-
deleteObject
<T extends ObjectType> PrismObject<T> deleteObject(Class<T> type, String oid, ProvisioningOperationOptions option, OperationProvisioningScriptsType scripts, Task task, OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException
Deletes object with specified OID.
Delete operation always deletes the resource object - or at least tries to. But this operation may or may not delete the repository shadow. The shadow may remain in a dead (thombstone) state. In that case the delete operation returns such shadow to indicate that repository shadow was not deleted.
Must fail if object with specified OID does not exists. Should be atomic.
- Parameters:
oid
- OID of object to deletescripts
- scripts that should be executed before of after operationparentResult
- parent OperationResult (in/out)- Returns:
- Dead repository shadow - if it exists after delete. Otherwise returns null.
- Throws:
ObjectNotFoundException
- specified object does not existConfigurationException
SecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesIllegalArgumentException
- wrong OID format, described change is not applicableGenericConnectorException
- unknown connector framework errorCommunicationException
SchemaException
PolicyViolationException
ExpressionEvaluationException
-
executeScript
<T extends ObjectType> Object executeScript(String resourceOid, ProvisioningScriptType script, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException
Executes a single provisioning script.- Parameters:
script
- script to executeparentResult
- parent OperationResult (in/out)- Returns:
- Throws:
ObjectNotFoundException
- specified object does not existSchemaException
- resulting object would violate the schemaIllegalArgumentException
- wrong OID format, described change is not applicableGenericConnectorException
- unknown connector framework errorSecurityViolationException
- Security violation while communicating with the connector or processing provisioning policiesObjectAlreadyExistsException
- if resulting object would have name which already exists in another object of the same typeCommunicationException
ConfigurationException
ExpressionEvaluationException
-
testResource
OperationResult testResource(String resourceOid, Task task) throws ObjectNotFoundException
Test the resource connection and basic resource connector functionality. This operation will NOT throw exception in case the resource connection fails. It such case it will indicate the failure in the return message, but the operation itself succeeds. The operations fails only if the provided arguments are wrong, in case of system error, system misconfiguration, etc. The operation codes in the return value are defined by ConnectorTestOperation enumeration class.- Parameters:
resourceOid
- OID of resource to test- Returns:
- results of executed tests
- Throws:
ObjectNotFoundException
- specified object does not existIllegalArgumentException
- wrong OID formatGenericConnectorException
- unknown connector framework error- See Also:
ConnectorTestOperation
-
discoverConnectors
Set<ConnectorType> discoverConnectors(ConnectorHostType hostType, OperationResult parentResult) throws CommunicationException
Discovers local or remote connectors. The operation will try to search for new connectors. It works either on local host (hostType is null) or on a remote host (hostType is not null). All discovered connectors are stored in the repository. It returns connectors that were discovered: those that were not in the repository before invocation of this operation.- Parameters:
hostType
- definition of a connector host or nullparentResult
- parentResult parent OperationResult (in/out)- Returns:
- discovered connectors
- Throws:
CommunicationException
- error connecting to a remote host
-
getConnectorOperationalStatus
List<ConnectorOperationalStatus> getConnectorOperationalStatus(String resourceOid, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException
-
listResourceObjects
@Deprecated List<PrismObject<? extends ShadowType>> listResourceObjects(String resourceOid, QName objectClass, ObjectPaging paging, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Deprecated.Lists resource objects. This method differs from other method in this interface as it works with resource objects directly. It returns resource objects in a form of "detached shadow", that means fully-populated shadow objects with no OID. The results of this method may not be stored in the repository. The purpose of this method is to work directly with the resource without the potential problems of provisioning implementation. E.g. it may be used to test resource connectivity or correctness of resource setup. It may also be used to reach object types that are not directly supported as "shadows" by the provisioning implementation.- Parameters:
resourceOid
- OID of the resource to fetch objects fromobjectClass
- Object class of the objects to fetchpaging
- paging specification to limit operation result (optional)task
-parentResult
- parent OperationResult (in/out) @return resource objects in a form of "detached shadows"- Throws:
ObjectNotFoundException
- specified resource object does not existSchemaException
- error handling resource schemaCommunicationException
- error communicating with the resourceConfigurationException
SecurityViolationException
ExpressionEvaluationException
-
refreshShadow
void refreshShadow(PrismObject<ShadowType> shadow, ProvisioningOperationOptions options, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException, SecurityViolationException, ExpressionEvaluationException
Makes sure that the shadow is in accord with the reality. If there are any unfinished operations associated with the shadow then this method will try to finish them. If there are pending (async) operations then this method will update their status. And so on. However, this is NOT reconciliation function that will make sure that the resource object attributes are OK with all the policies. This is just a provisioning-level operation.
-
applyDefinition
<T extends ObjectType> void applyDefinition(ObjectDelta<T> delta, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException
Applies appropriate definition to the shadow/resource delta.
-
applyDefinition
<T extends ObjectType> void applyDefinition(ObjectDelta<T> delta, Objectable object, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException
Applies appropriate definition to the shadow/resource delta (uses provided object to get necessary information)
-
applyDefinition
<T extends ObjectType> void applyDefinition(PrismObject<T> object, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException
Applies appropriate definition to the shadow.
-
applyDefinition
<T extends ObjectType> void applyDefinition(Class<T> type, ObjectQuery query, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException
Applies appropriate definition to the query.
-
provisioningSelfTest
void provisioningSelfTest(OperationResult parentTestResult, Task task)
Runs a short, non-destructive internal provisioning test. It tests provisioning framework and general setup. Use ModelService.testResource for testing individual resource configurations.
-
getProvisioningDiag
ProvisioningDiag getProvisioningDiag()
Returns a diagnostic information.- Returns:
- See Also:
ProvisioningDiag
-
postInit
void postInit(OperationResult parentResult)
Finish initialization of provisioning system. The implementation may execute resource-intensive tasks in this method. All the dependencies should be already constructed, properly wired and initialized. Also logging and other infrastructure should be already set up.
-
checkConstraints
ConstraintsCheckingResult checkConstraints(RefinedObjectClassDefinition shadowDefinition, PrismObject<ShadowType> shadowObject, PrismObject<ShadowType> shadowObjectOld, ResourceType resourceType, String shadowOid, ResourceShadowDiscriminator resourceShadowDiscriminator, ConstraintViolationConfirmer constraintViolationConfirmer, ConstraintsCheckingStrategyType strategy, Task task, OperationResult parentResult) throws CommunicationException, ObjectAlreadyExistsException, SchemaException, SecurityViolationException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException
-
enterConstraintsCheckerCache
void enterConstraintsCheckerCache()
-
exitConstraintsCheckerCache
void exitConstraintsCheckerCache()
-
compare
<O extends ObjectType,T> ItemComparisonResult compare(Class<O> type, String oid, ItemPath path, T expectedValue, Task task, OperationResult result) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, EncryptionException
Compare value on the resource with the provided value. This method is used to compare resource attributes or passwords, e.g. for the purposes of password policy. Note: comparison may be quite an expensive and heavy weight operation, e.g. it may try authenticating the user on the resource.
-
shutdown
void shutdown()
-
getSystemConfiguration
SystemConfigurationType getSystemConfiguration()
Temporary and quick hack. TODO fix this
-
-