diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-policy-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-policy-3.xsd index 25810227239..e90e0ff0231 100644 --- a/infra/schema/src/main/resources/xml/ns/public/common/common-policy-3.xsd +++ b/infra/schema/src/main/resources/xml/ns/public/common/common-policy-3.xsd @@ -412,10 +412,10 @@ - + - If triggers are to be stored, what level of details should be preserved? + How much information about triggered policy rules should be stored? EXPERIMENTAL @@ -427,7 +427,7 @@ - Triggers will not be stored. + Triggered policy rules will not be stored. @@ -447,7 +447,8 @@ - The triggers for the rule will be stored (including subtriggers). Hidden and final presentation settings are respected. + The triggers and other information for the rule will be stored (including subtriggers). + Hidden and final presentation settings are respected. @@ -457,6 +458,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1389,18 +1425,22 @@ - + - How should be triggers stored? + How much information about triggered policy rules should be stored? EXPERIMENTAL - - 3.7 - true - + + + + + + + + diff --git a/model/certification-impl/src/test/resources/complex/system-configuration.xml b/model/certification-impl/src/test/resources/complex/system-configuration.xml index ac1cbdb3a3d..1292597db67 100644 --- a/model/certification-impl/src/test/resources/complex/system-configuration.xml +++ b/model/certification-impl/src/test/resources/complex/system-configuration.xml @@ -395,7 +395,7 @@ http://sample.org/situations#incomplete-role-c1-to-c4 - full + full @@ -413,7 +413,7 @@ http://sample.org/situations#active-role-with-no-identifier - none + none diff --git a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedExclusionTrigger.java b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedExclusionTrigger.java index 1b364bd9f94..80202a6d0c4 100644 --- a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedExclusionTrigger.java +++ b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedExclusionTrigger.java @@ -24,7 +24,7 @@ import java.util.Objects; -import static com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyTriggerStorageStrategyType.FULL; +import static com.evolveum.midpoint.xml.ns._public.common.common_3.TriggeredPolicyRulesStorageStrategyType.FULL; /** * @author mederly @@ -82,7 +82,7 @@ protected void debugDumpSpecific(StringBuilder sb, int indent) { public EvaluatedExclusionTriggerType toEvaluatedPolicyRuleTriggerType(PolicyRuleExternalizationOptions options) { EvaluatedExclusionTriggerType rv = new EvaluatedExclusionTriggerType(); fillCommonContent(rv); - if (options.getTriggerStorageStrategy() == FULL) { + if (options.getTriggeredRulesStorageStrategy() == FULL) { rv.setConflictingObjectRef(ObjectTypeUtil.createObjectRef(conflictingTarget)); rv.setConflictingObjectDisplayName(ObjectTypeUtil.getDisplayName(conflictingTarget)); if (conflictingPath != null) { diff --git a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRule.java b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRule.java index 8ef51b2759d..183fd74bead 100644 --- a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRule.java +++ b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRule.java @@ -66,7 +66,7 @@ default boolean isTriggered() { Collection getPolicyExceptions(); - EvaluatedPolicyRuleType toEvaluatedPolicyRuleType(PolicyRuleExternalizationOptions options); + void addToEvaluatedPolicyRuleTypes(Collection rules, PolicyRuleExternalizationOptions options); boolean isGlobal(); diff --git a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedSituationTrigger.java b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedSituationTrigger.java index 063c358ec05..f9f6d78190b 100644 --- a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedSituationTrigger.java +++ b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedSituationTrigger.java @@ -107,7 +107,7 @@ public EvaluatedSituationTriggerType toEvaluatedPolicyRuleTriggerType(PolicyRule EvaluatedSituationTriggerType rv = new EvaluatedSituationTriggerType(); fillCommonContent(rv); if (!options.isRespectFinalFlag() || !isFinal()) { - sourceRules.forEach(r -> rv.getSourceRule().add(r.toEvaluatedPolicyRuleType(options))); + sourceRules.forEach(r -> r.addToEvaluatedPolicyRuleTypes(rv.getSourceRule(), options)); } return rv; } diff --git a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/PolicyRuleExternalizationOptions.java b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/PolicyRuleExternalizationOptions.java index 2e8ac2a4f47..91b172afdfb 100644 --- a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/PolicyRuleExternalizationOptions.java +++ b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/PolicyRuleExternalizationOptions.java @@ -16,19 +16,19 @@ package com.evolveum.midpoint.model.api.context; -import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyTriggerStorageStrategyType; +import com.evolveum.midpoint.xml.ns._public.common.common_3.TriggeredPolicyRulesStorageStrategyType; import org.jetbrains.annotations.NotNull; import java.io.Serializable; -import static com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyTriggerStorageStrategyType.FULL; +import static com.evolveum.midpoint.xml.ns._public.common.common_3.TriggeredPolicyRulesStorageStrategyType.FULL; /** * @author mederly */ public class PolicyRuleExternalizationOptions implements Serializable { - @NotNull private PolicyTriggerStorageStrategyType triggerStorageStrategy; + @NotNull private TriggeredPolicyRulesStorageStrategyType triggeredRulesStorageStrategy; private boolean includeAssignmentsContent; private boolean respectFinalFlag; @@ -36,16 +36,16 @@ public PolicyRuleExternalizationOptions() { this(FULL, false, true); } - public PolicyRuleExternalizationOptions(PolicyTriggerStorageStrategyType triggerStorageStrategy, + public PolicyRuleExternalizationOptions(TriggeredPolicyRulesStorageStrategyType triggeredRulesStorageStrategy, boolean includeAssignmentsContent, boolean respectFinalFlag) { - this.triggerStorageStrategy = triggerStorageStrategy != null ? triggerStorageStrategy : FULL; + this.triggeredRulesStorageStrategy = triggeredRulesStorageStrategy != null ? triggeredRulesStorageStrategy : FULL; this.includeAssignmentsContent = includeAssignmentsContent; this.respectFinalFlag = respectFinalFlag; } @NotNull - public PolicyTriggerStorageStrategyType getTriggerStorageStrategy() { - return triggerStorageStrategy; + public TriggeredPolicyRulesStorageStrategyType getTriggeredRulesStorageStrategy() { + return triggeredRulesStorageStrategy; } public boolean isIncludeAssignmentsContent() { diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/hooks/PolicyRuleEnforcerHook.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/hooks/PolicyRuleEnforcerHook.java index e9f4e234f8f..9e364c29b89 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/hooks/PolicyRuleEnforcerHook.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/hooks/PolicyRuleEnforcerHook.java @@ -40,7 +40,7 @@ import java.util.Collections; import java.util.List; -import static com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyTriggerStorageStrategyType.FULL; +import static com.evolveum.midpoint.xml.ns._public.common.common_3.TriggeredPolicyRulesStorageStrategyType.FULL; /** * Hook used to enforce the policy rules that have the enforce action. @@ -138,7 +138,7 @@ private void enforceTriggeredRules(EvaluationContext evalC } // TODO really include assignments content? - evalCtx.rules.add(policyRule.toEvaluatedPolicyRuleType(new PolicyRuleExternalizationOptions(FULL, true, true))); + policyRule.addToEvaluatedPolicyRuleTypes(evalCtx.rules, new PolicyRuleExternalizationOptions(FULL, true, true)); for (EvaluatedPolicyRuleTrigger trigger: triggers) { if (trigger.getMessage() != null) { diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ChangeExecutor.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ChangeExecutor.java index 4f146c66c70..74c755af85e 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ChangeExecutor.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ChangeExecutor.java @@ -24,7 +24,7 @@ import com.evolveum.midpoint.common.Clock; import com.evolveum.midpoint.common.SynchronizationUtils; -import com.evolveum.midpoint.model.impl.lens.projector.policy.PolicyStateUpdater; +import com.evolveum.midpoint.model.impl.lens.projector.policy.PolicyStateRecorder; import com.evolveum.midpoint.prism.delta.*; import com.evolveum.midpoint.repo.api.ConflictWatcher; import com.evolveum.midpoint.repo.common.expression.Expression; @@ -116,7 +116,6 @@ public class ChangeExecutor { @Autowired private Clock clock; @Autowired private ModelObjectResolver objectResolver; @Autowired private OperationalDataManager metadataManager; - @Autowired private PolicyStateUpdater policyStateUpdater; @Autowired private CredentialsProcessor credentialsProcessor; private PrismObjectDefinition userDefinition = null; diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/EvaluatedPolicyRuleImpl.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/EvaluatedPolicyRuleImpl.java index 40308f52e06..5b0f14a1e0d 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/EvaluatedPolicyRuleImpl.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/EvaluatedPolicyRuleImpl.java @@ -15,10 +15,6 @@ */ package com.evolveum.midpoint.model.impl.lens; -import java.util.*; -import java.util.Objects; -import java.util.stream.Collectors; - import com.evolveum.midpoint.model.api.context.*; import com.evolveum.midpoint.prism.PrismContext; import com.evolveum.midpoint.prism.util.PrismPrettyPrinter; @@ -31,7 +27,13 @@ import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; -import static com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyTriggerStorageStrategyType.FULL; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.Objects; +import java.util.stream.Collectors; + +import static com.evolveum.midpoint.xml.ns._public.common.common_3.TriggeredPolicyRulesStorageStrategyType.FULL; /** * @author semancik @@ -315,10 +317,10 @@ private void createMessageTreeNode(TreeNode root, EvaluatedP */ @Override - public EvaluatedPolicyRuleType toEvaluatedPolicyRuleType(PolicyRuleExternalizationOptions options) { + public void addToEvaluatedPolicyRuleTypes(Collection rules, PolicyRuleExternalizationOptions options) { EvaluatedPolicyRuleType rv = new EvaluatedPolicyRuleType(); rv.setRuleName(getName()); - boolean isFull = options.getTriggerStorageStrategy() == FULL; + boolean isFull = options.getTriggeredRulesStorageStrategy() == FULL; if (isFull && assignmentPath != null) { rv.setAssignmentPath(assignmentPath.toAssignmentPathType(options.isIncludeAssignmentsContent())); } @@ -326,8 +328,19 @@ public EvaluatedPolicyRuleType toEvaluatedPolicyRuleType(PolicyRuleExternalizati rv.setDirectOwnerRef(ObjectTypeUtil.createObjectRef(directOwner)); rv.setDirectOwnerDisplayName(ObjectTypeUtil.getDisplayName(directOwner)); } - triggers.forEach(t -> rv.getTrigger().add(t.toEvaluatedPolicyRuleTriggerType(options))); - return rv; + for (EvaluatedPolicyRuleTrigger trigger : triggers) { + if (trigger instanceof EvaluatedSituationTrigger && trigger.isHidden()) { + for (EvaluatedPolicyRule sourceRule : ((EvaluatedSituationTrigger) trigger).getSourceRules()) { + sourceRule.addToEvaluatedPolicyRuleTypes(rules, options); + } + } else { + rv.getTrigger().add(trigger.toEvaluatedPolicyRuleTriggerType(options)); + } + } + if (rv.getTrigger().isEmpty()) { + // skip empty situation rule + } else { + rules.add(rv); + } } - } diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleProcessor.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleProcessor.java index 5fb0be2dc03..040d7475c0f 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleProcessor.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleProcessor.java @@ -69,7 +69,7 @@ public class PolicyRuleProcessor { @Autowired @Qualifier("cacheRepositoryService") private RepositoryService repositoryService; @Autowired private MappingFactory mappingFactory; @Autowired private MappingEvaluator mappingEvaluator; - @Autowired private PolicyStateUpdater policyStateUpdater; + @Autowired private PolicyStateRecorder policyStateRecorder; @Autowired private AssignmentConstraintEvaluator assignmentConstraintEvaluator; @Autowired private HasAssignmentConstraintEvaluator hasAssignmentConstraintEvaluator; @@ -149,7 +149,7 @@ public void evaluateAssignmentPolicyRules(LensContext c } } } - policyStateUpdater.applyAssignmentState(context, evaluatedAssignment, globalCtx.rulesToRecord); + policyStateRecorder.applyAssignmentState(context, evaluatedAssignment, globalCtx.rulesToRecord); } exclusionConstraintEvaluator.checkExclusionsLegacy(context, evaluatedAssignmentTriple.getPlusSet(), @@ -214,7 +214,7 @@ public void evaluateObjectPolicyRules(LensContext conte for (EvaluatedPolicyRule rule : situationRules) { evaluateFocusRule(rule, context, globalCtx, task, result); } - policyStateUpdater.applyObjectState(context, globalCtx.rulesToRecord); + policyStateRecorder.applyObjectState(context, globalCtx.rulesToRecord); } private Collection getAllGlobalRules(LensContext context) { diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyStateUpdater.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyStateRecorder.java similarity index 93% rename from model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyStateUpdater.java rename to model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyStateRecorder.java index 91490dc2f5b..cb6e7ced2f1 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyStateUpdater.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyStateRecorder.java @@ -43,9 +43,9 @@ * @author mederly */ @Component -public class PolicyStateUpdater { +public class PolicyStateRecorder { - private static final Trace LOGGER = TraceManager.getTrace(PolicyStateUpdater.class); + private static final Trace LOGGER = TraceManager.getTrace(PolicyStateRecorder.class); @Autowired private PrismContext prismContext; @@ -110,14 +110,16 @@ private ComputationResult compute(@NotNull List rulesToReco for (EvaluatedPolicyRule rule : rulesToRecord) { cr.newPolicySituations.add(rule.getPolicySituation()); RecordPolicyActionType recordAction = rule.getActions().getRecord(); - if (recordAction.getTriggerStorageStrategy() != PolicyTriggerStorageStrategyType.NONE) { - cr.newTriggeredRules.add(rule.toEvaluatedPolicyRuleType(new PolicyRuleExternalizationOptions(recordAction.getTriggerStorageStrategy(), false, true))); + if (recordAction.getPolicyRules() != TriggeredPolicyRulesStorageStrategyType.NONE) { + PolicyRuleExternalizationOptions externalizationOptions = new PolicyRuleExternalizationOptions( + recordAction.getPolicyRules(), false, true); + rule.addToEvaluatedPolicyRuleTypes(cr.newTriggeredRules, externalizationOptions); } } cr.oldPolicySituations.addAll(existingPolicySituation); cr.oldTriggeredRules.addAll(existingTriggeredPolicyRule); cr.situationsNeedUpdate = !Objects.equals(cr.oldPolicySituations, cr.newPolicySituations); - // we do not use this, because it uses hashCode, that is (for some reason) wrongly computed + // we do not use Objects.equal, because it uses hashCode, that is (for some reason) wrongly computed //cr.rulesNeedUpdate = !Objects.equals(cr.oldTriggeredRules, cr.newTriggeredRules); cr.rulesNeedUpdate = !MiscUtil.unorderedCollectionEquals(cr.oldTriggeredRules, cr.newTriggeredRules); return cr; diff --git a/model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/TestPolicyStateRecording.java b/model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/TestPolicyStateRecording.java index 0a126381e4d..90bdfd958c5 100644 --- a/model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/TestPolicyStateRecording.java +++ b/model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/TestPolicyStateRecording.java @@ -36,6 +36,8 @@ import java.io.File; import java.util.Collections; +import static com.evolveum.midpoint.model.api.ModelExecuteOptions.createReconcile; +import static com.evolveum.midpoint.prism.delta.ObjectDelta.createEmptyModifyDelta; import static com.evolveum.midpoint.schema.util.ObjectTypeUtil.createAssignmentTo; import static org.testng.AssertJUnit.assertEquals; @@ -98,82 +100,79 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti DebugUtil.setPrettyPrintBeansAs(PrismContext.LANG_YAML); } + @Test public void test100JackAssignRoleJudge() throws Exception { - final String TEST_NAME = "test100JackAssignRoleJudge"; - TestUtil.displayTestTitle(this, TEST_NAME); + TestCtx t = createContext(this, "test100JackAssignRoleJudge"); // GIVEN - Task task = taskManager.createTaskInstance(TestPolicyStateRecording.class.getName() + "." + TEST_NAME); - OperationResult result = task.getResult(); // WHEN - TestUtil.displayWhen(TEST_NAME); - assignRole(USER_JACK_OID, ROLE_JUDGE_OID, task, result); + t.displayWhen(); + assignRole(USER_JACK_OID, ROLE_JUDGE_OID, t.task, t.result); // THEN - TestUtil.displayThen(TEST_NAME); + t.displayThen(); UserType jack = getUser(USER_JACK_OID).asObjectable(); display("jack", jack); - result.computeStatus(); - TestUtil.assertSuccess(result); + t.result.computeStatus(); + TestUtil.assertSuccess(t.result); - assertAssignedRole(USER_JACK_OID, ROLE_JUDGE_OID, task, result); + assertAssignedRole(USER_JACK_OID, ROLE_JUDGE_OID, t.task, t.result); assertEquals("Wrong # of assignments", 1, jack.getAssignment().size()); assertEquals("Wrong policy situations", Collections.emptyList(), jack.getAssignment().get(0).getPolicySituation()); + + display("Audit", dummyAuditService); + dummyAuditService.assertExecutionRecords(1); } @Test public void test110JackAssignRolePirate() throws Exception { - final String TEST_NAME = "test110JackAssignRolePirate"; - TestUtil.displayTestTitle(this, TEST_NAME); - - // GIVEN - Task task = taskManager.createTaskInstance(TestPolicyStateRecording.class.getName() + "." + TEST_NAME); - OperationResult result = task.getResult(); + TestCtx t = createContext(this, "test110JackAssignRolePirate"); // WHEN - TestUtil.displayWhen(TEST_NAME); - assignRole(USER_JACK_OID, ROLE_PIRATE_OID, task, result); + t.displayWhen(); + assignRole(USER_JACK_OID, ROLE_PIRATE_OID, t.task, t.result); // THEN - TestUtil.displayThen(TEST_NAME); + t.displayThen(); UserType jack = getUser(USER_JACK_OID).asObjectable(); display("jack", jack); - result.computeStatus(); - TestUtil.assertSuccess(result); + t.result.computeStatus(); + TestUtil.assertSuccess(t.result); - assertAssignedRole(USER_JACK_OID, ROLE_PIRATE_OID, task, result); + assertAssignedRole(USER_JACK_OID, ROLE_PIRATE_OID, t.task, t.result); assertEquals("Wrong # of assignments", 2, jack.getAssignment().size()); for (AssignmentType assignment : jack.getAssignment()) { assertEquals("Wrong policy situations", Collections.singletonList(SchemaConstants.MODEL_POLICY_SITUATION_EXCLUSION_VIOLATION), assignment.getPolicySituation()); } + + display("Audit", dummyAuditService); + dummyAuditService.assertExecutionRecords(2); // rules without IDs, with IDs } // should keep the situation for both assignments @Test public void test120RecomputeJack() throws Exception { - final String TEST_NAME = "test120RecomputeJack"; - TestUtil.displayTestTitle(this, TEST_NAME); + TestCtx t = createContext(this, "test120RecomputeJack"); // GIVEN - Task task = taskManager.createTaskInstance(TestPolicyStateRecording.class.getName() + "." + TEST_NAME); - OperationResult result = task.getResult(); // WHEN - TestUtil.displayWhen(TEST_NAME); - recomputeUser(USER_JACK_OID, task, result); + t.displayWhen(); + executeChanges(createEmptyModifyDelta(UserType.class, USER_JACK_OID, prismContext), createReconcile(), t.task, t.result); + //recomputeUser(USER_JACK_OID, t.task, t.result); // THEN - TestUtil.displayThen(TEST_NAME); + t.displayThen(); UserType jack = getUser(USER_JACK_OID).asObjectable(); display("jack", jack); - result.computeStatus(); - TestUtil.assertSuccess(result); + t.result.computeStatus(); + TestUtil.assertSuccess(t.result); // TODO test that assignment IDs are filled in correctly (currently they are not) assertEquals("Wrong # of assignments", 2, jack.getAssignment().size()); @@ -182,35 +181,36 @@ public void test120RecomputeJack() throws Exception { Collections.singletonList(SchemaConstants.MODEL_POLICY_SITUATION_EXCLUSION_VIOLATION), assignment.getPolicySituation()); } + + display("Audit", dummyAuditService); + dummyAuditService.assertExecutionRecords(1); + dummyAuditService.assertExecutionDeltas(0); } @Test public void test200BobAssign2a3a() throws Exception { - final String TEST_NAME = "test200BobAssign2a3a"; - TestUtil.displayTestTitle(this, TEST_NAME); + TestCtx t = createContext(this, "test200BobAssign2a3a"); // GIVEN - Task task = taskManager.createTaskInstance(TestPolicyStateRecording.class.getName() + "." + TEST_NAME); - OperationResult result = task.getResult(); // WHEN - TestUtil.displayWhen(TEST_NAME); + t.displayWhen(); ObjectDelta delta = DeltaBuilder.deltaFor(UserType.class, prismContext) .item(UserType.F_ASSIGNMENT) .add(createAssignmentTo(roleATest2aOid, ObjectTypes.ROLE, prismContext), createAssignmentTo(roleATest3aOid, ObjectTypes.ROLE, prismContext)) .asObjectDeltaCast(userBobOid); - executeChangesAssertSuccess(delta, null, task, result); + executeChangesAssertSuccess(delta, null, t.task, t.result); // THEN - TestUtil.displayThen(TEST_NAME); + t.displayThen(); UserType bob = getUser(userBobOid).asObjectable(); display("bob", bob); - result.computeStatus(); - TestUtil.assertSuccess(result); + t.result.computeStatus(); + TestUtil.assertSuccess(t.result); - assertAssignedRole(userBobOid, roleATest2aOid, task, result); - assertAssignedRole(userBobOid, roleATest3aOid, task, result); + assertAssignedRole(userBobOid, roleATest2aOid, t.task, t.result); + assertAssignedRole(userBobOid, roleATest3aOid, t.task, t.result); assertEquals("Wrong # of assignments", 2, bob.getAssignment().size()); assertEquals("Wrong policy situations for assignment 1", Collections.emptyList(), @@ -218,39 +218,41 @@ public void test200BobAssign2a3a() throws Exception { assertEquals("Wrong policy situations for assignment 2", Collections.emptyList(), bob.getAssignment().get(1).getPolicySituation()); + + display("Audit", dummyAuditService); + dummyAuditService.assertExecutionRecords(1); // no policy state update } @Test public void test200BobAssign2b3b() throws Exception { - final String TEST_NAME = "test200BobAssign2b3b"; - TestUtil.displayTestTitle(this, TEST_NAME); + TestCtx t = createContext(this, "test200BobAssign2b3b"); // GIVEN - Task task = taskManager.createTaskInstance(TestPolicyStateRecording.class.getName() + "." + TEST_NAME); - OperationResult result = task.getResult(); // WHEN - TestUtil.displayWhen(TEST_NAME); + t.displayWhen(); ObjectDelta delta = DeltaBuilder.deltaFor(UserType.class, prismContext) .item(UserType.F_ASSIGNMENT) .add(createAssignmentTo(roleATest2bOid, ObjectTypes.ROLE, prismContext), createAssignmentTo(roleATest3bOid, ObjectTypes.ROLE, prismContext)) .asObjectDeltaCast(userBobOid); - executeChangesAssertSuccess(delta, null, task, result); + executeChangesAssertSuccess(delta, null, t.task, t.result); // THEN - TestUtil.displayThen(TEST_NAME); + t.displayThen(); UserType bob = getUser(userBobOid).asObjectable(); display("bob", bob); - result.computeStatus(); - TestUtil.assertSuccess(result); + t.result.computeStatus(); + TestUtil.assertSuccess(t.result); - assertAssignedRole(userBobOid, roleATest2aOid, task, result); - assertAssignedRole(userBobOid, roleATest2bOid, task, result); - assertAssignedRole(userBobOid, roleATest3aOid, task, result); - assertAssignedRole(userBobOid, roleATest3bOid, task, result); + assertAssignedRole(userBobOid, roleATest2aOid, t.task, t.result); + assertAssignedRole(userBobOid, roleATest2bOid, t.task, t.result); + assertAssignedRole(userBobOid, roleATest3aOid, t.task, t.result); + assertAssignedRole(userBobOid, roleATest3bOid, t.task, t.result); assertEquals("Wrong # of assignments", 4, bob.getAssignment().size()); + display("Audit", dummyAuditService); + dummyAuditService.assertExecutionRecords(2); // rules without IDs, with IDs // TODO policy state } diff --git a/model/model-impl/src/test/resources/lens/policy/state/metarole-common-rules.xml b/model/model-impl/src/test/resources/lens/policy/state/metarole-common-rules.xml index 1bf5c1f09b2..415c3aaa9c8 100644 --- a/model/model-impl/src/test/resources/lens/policy/state/metarole-common-rules.xml +++ b/model/model-impl/src/test/resources/lens/policy/state/metarole-common-rules.xml @@ -23,6 +23,9 @@ + + true + http://midpoint.evolveum.com/xml/ns/public/model/policy/situation#exclusionViolation diff --git a/model/model-impl/src/test/resources/lens/role-pirate-record-only.xml b/model/model-impl/src/test/resources/lens/role-pirate-record-only.xml index b936eeab0e2..46dd5419bf4 100644 --- a/model/model-impl/src/test/resources/lens/role-pirate-record-only.xml +++ b/model/model-impl/src/test/resources/lens/role-pirate-record-only.xml @@ -32,7 +32,7 @@ - messageOnly + messageOnly diff --git a/model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java b/model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java index b1d88eeb8ee..772e3fdbc65 100644 --- a/model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java +++ b/model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java @@ -4551,4 +4551,33 @@ protected TaskType getRootTask(List> tasks) { return rv.get(0); } } + + // highly experimental + public class TestCtx { + public final String name; + + public final Task task; + public final OperationResult result; + + TestCtx(Object testCase, String name) { + this.name = name; + TestUtil.displayTestTitle(testCase, name); + task = taskManager.createTaskInstance(testCase.getClass().getName() + "." + name); + result = task.getResult(); + dummyAuditService.clear(); + } + + public void displayWhen() { + TestUtil.displayWhen(name); + } + + public void displayThen() { + TestUtil.displayThen(name); + } + } + + protected TestCtx createContext(Object testCase, String testName) { + return new TestCtx(testCase, testName); + } + } diff --git a/model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/policy/ApprovalSchemaBuilder.java b/model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/policy/ApprovalSchemaBuilder.java index 14a86b8f7a6..828fa662bf5 100644 --- a/model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/policy/ApprovalSchemaBuilder.java +++ b/model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/policy/ApprovalSchemaBuilder.java @@ -34,7 +34,7 @@ import javax.xml.namespace.QName; import java.util.*; -import static com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyTriggerStorageStrategyType.FULL; +import static com.evolveum.midpoint.xml.ns._public.common.common_3.TriggeredPolicyRulesStorageStrategyType.FULL; import static java.util.Comparator.naturalOrder; /** @@ -207,11 +207,16 @@ private void processFragmentGroup(List fragments, ApprovalSchemaType r resultingSchemaType.getStage().add(stageDef); } if (firstFragment.policyRule != null) { - SchemaAttachedPolicyRuleType attachedRule = new SchemaAttachedPolicyRuleType(); - attachedRule.setStageMin(from); - attachedRule.setStageMax(i - 1); - attachedRule.setRule(firstFragment.policyRule.toEvaluatedPolicyRuleType(new PolicyRuleExternalizationOptions(FULL, false, true))); - attachedRules.getEntry().add(attachedRule); + List rules = new ArrayList<>(); + firstFragment.policyRule.addToEvaluatedPolicyRuleTypes(rules, new PolicyRuleExternalizationOptions(FULL, + false, true)); + for (EvaluatedPolicyRuleType rule : rules) { + SchemaAttachedPolicyRuleType attachedRule = new SchemaAttachedPolicyRuleType(); + attachedRule.setStageMin(from); + attachedRule.setStageMax(i - 1); + attachedRule.setRule(rule); + attachedRules.getEntry().add(attachedRule); + } } } diff --git a/repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/DummyAuditService.java b/repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/DummyAuditService.java index 9c6cb6326f3..9b4554eedf1 100644 --- a/repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/DummyAuditService.java +++ b/repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/DummyAuditService.java @@ -148,6 +148,11 @@ public void assertRecords(int expectedNumber) { " but was "+records.size(); } + public void assertExecutionRecords(int expectedNumber) { + List executionRecords = getExecutionRecords(); + assertEquals("Wrong # of execution records", expectedNumber, executionRecords.size()); + } + public List getRecordsOfType(AuditEventType type) { List retval = new ArrayList(); for (AuditEventRecord record : records) {