MID-8979: Added kind/intent to audit delta and make it searchable.

Evolveum · Aug 22, 2023 · 2c033d1 · 2c033d1
1 parent 93c7329
commit 2c033d1
Show file tree

Hide file tree

Showing 9 changed files with 101 additions and 9 deletions.
diff --git a/config/sql/native-new/postgres-new-audit.sql b/config/sql/native-new/postgres-new-audit.sql
@@ -81,6 +81,16 @@ CREATE TYPE AuditEventStageType AS ENUM ('REQUEST', 'EXECUTION', 'RESOURCE');
 CREATE TYPE EffectivePrivilegesModificationType AS ENUM ('ELEVATION', 'FULL_ELEVATION', 'REDUCTION', 'OTHER');
 
 CREATE TYPE ChangeType AS ENUM ('ADD', 'MODIFY', 'DELETE');
+
+
+
+   -- We try to create ShadowKindType (necessary if audit is in separate database, if it is in same
+   -- database as repository, type already exists.
+DO $$ BEGIN
+       CREATE TYPE ShadowKindType AS ENUM ('ACCOUNT', 'ENTITLEMENT', 'GENERIC', 'UNKNOWN');
+   EXCEPTION
+       WHEN duplicate_object THEN null;
+END $$;
 -- endregion
 
 -- region management tables
@@ -161,6 +171,8 @@ CREATE TABLE ma_audit_delta (
     resourceOid UUID,
     resourceNameNorm TEXT,
     resourceNameOrig TEXT,
+    shadowKind ShadowKindType,
+    shadowIntent TEXT,
     status OperationResultStatusType,
 
     PRIMARY KEY (recordId, timestamp, checksum)
@@ -360,4 +372,4 @@ limit 50;
 -- This is important to avoid applying any change more than once.
 -- Also update SqaleUtils.CURRENT_SCHEMA_AUDIT_CHANGE_NUMBER
 -- repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleUtils.java
-call apply_audit_change(5, $$ SELECT 1 $$, true);
+call apply_audit_change(6, $$ SELECT 1 $$, true);
diff --git a/config/sql/native-new/postgres-new-upgrade-audit.sql b/config/sql/native-new/postgres-new-upgrade-audit.sql
@@ -125,6 +125,21 @@ call apply_audit_change(5, $aa$
      ADD COLUMN effectivePrivilegesModification EffectivePrivilegesModificationType;
 $aa$);
 
+
+call apply_audit_change(6, $aa$
+   -- We try to create ShadowKindType (necessary if audit is in separate database, if it is in same
+   -- database as repository, type already exists.
+   DO $$ BEGIN
+       CREATE TYPE ShadowKindType AS ENUM ('ACCOUNT', 'ENTITLEMENT', 'GENERIC', 'UNKNOWN');
+   EXCEPTION
+       WHEN duplicate_object THEN null;
+   END $$;
+
+   ALTER TABLE ma_audit_delta
+     ADD COLUMN shadowKind ShadowKindType,
+     ADD COLUMN shadowIntent TEXT;
+$aa$);
+
 -- WRITE CHANGES ABOVE ^^
 -- IMPORTANT: update apply_audit_change number at the end of postgres-new-audit.sql
 -- to match the number used in the last change here!

diff --git a/infra/schema/src/main/resources/xml/ns/public/common/audit-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/audit-3.xsd
@@ -307,6 +307,9 @@
                 <xsd:annotation>
                     <xsd:appinfo>
                         <a:displayName>AuditEventRecordType.delta</a:displayName>
+                        <!-- delta is property in complex value, so explicit mark as searchable is required by filter parser
+                             to allow parsing matches filter and treat it similar to container -->
+                        <a:searchable>true</a:searchable>
                     </xsd:appinfo>
                 </xsd:annotation>
             </xsd:element>

diff --git a/...ava/com/evolveum/midpoint/model/impl/schema/transform/PartiallyMutableItemDefinition.java b/...ava/com/evolveum/midpoint/model/impl/schema/transform/PartiallyMutableItemDefinition.java
@@ -202,7 +202,10 @@ default void setIndexOnly(boolean value) {
     @Override
     default void setInherited(boolean value) {
         throw new IllegalStateException("Item Definition is not modifiable");
+    }
 
+    default void setSearchable(boolean value) {
+        throw new IllegalStateException("Item Definition is not modifiable");
     }
 
     public interface Container<C extends Containerable> extends PartiallyMutableItemDefinition<PrismContainer<C>>, MutablePrismContainerDefinition<C> {

diff --git a/repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleUtils.java b/repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleUtils.java
@@ -40,7 +40,7 @@ public class SqaleUtils {
 
     public static final int CURRENT_SCHEMA_CHANGE_NUMBER = 19;
 
-    public static final int CURRENT_SCHEMA_AUDIT_CHANGE_NUMBER = 5;
+    public static final int CURRENT_SCHEMA_AUDIT_CHANGE_NUMBER = 6;
 
     /**
      * Returns version from midPoint object as a number.

diff --git a/repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/QAuditDelta.java b/repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/QAuditDelta.java
@@ -9,6 +9,8 @@
 import java.sql.Types;
 import java.time.Instant;
 
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
+
 import com.querydsl.core.types.dsl.*;
 import com.querydsl.sql.ColumnMetadata;
 
@@ -54,6 +56,12 @@ public class QAuditDelta extends FlexibleRelationalPathBase<MAuditDelta> {
     public static final ColumnMetadata STATUS =
             ColumnMetadata.named("status").ofType(Types.OTHER);
 
+    public static final ColumnMetadata SHADOW_INTENT =
+            ColumnMetadata.named("shadowIntent").ofType(Types.VARCHAR);
+    public static final ColumnMetadata SHADOW_KIND =
+            ColumnMetadata.named("shadowKind").ofType(Types.OTHER);
+
+
     public final NumberPath<Long> recordId = createLong("recordId", RECORD_ID);
     public final DateTimePath<Instant> timestamp = createInstant("timestamp", TIMESTAMP);
     public final StringPath checksum = createString("checksum", CHECKSUM);
@@ -70,6 +78,10 @@ public class QAuditDelta extends FlexibleRelationalPathBase<MAuditDelta> {
     public final EnumPath<OperationResultStatusType> status =
             createEnum("status", OperationResultStatusType.class, STATUS);
 
+    public final StringPath shadowIntent = createString("shadowIntent", SHADOW_INTENT);
+    public final EnumPath<ShadowKindType> shadowKind = createEnum("shadowKind", ShadowKindType.class, SHADOW_KIND);
+
+
     public QAuditDelta(String variable) {
         this(variable, DEFAULT_SCHEMA_NAME, TABLE_NAME);
     }

diff --git a/...sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/QAuditDeltaMapping.java b/...sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/QAuditDeltaMapping.java
@@ -50,11 +50,12 @@ public static QAuditDeltaMapping get() {
     private QAuditDeltaMapping(@NotNull SqaleRepoContext repositoryContext) {
         super(TABLE_NAME, DEFAULT_ALIAS_NAME,
                 ObjectDeltaOperationType.class, QAuditDelta.class, repositoryContext);
-        // FIXME: Add mappers
-        addItemMapping(F_RESOURCE_OID);
-        addItemMapping(F_SHADOW_INTENT);
-        addItemMapping(F_SHADOW_KIND);
 
+        addItemMapping(F_OBJECT_NAME, polyStringMapper(r -> r.objectNameOrig, r-> r.objectNameNorm));
+        addItemMapping(F_RESOURCE_NAME, polyStringMapper(r -> r.resourceNameOrig, r -> r.resourceNameNorm));
+        addItemMapping(F_RESOURCE_OID, uuidMapper(r -> r.resourceOid));
+        addItemMapping(F_SHADOW_KIND, enumMapper(r -> r.shadowKind));
+        addItemMapping(F_SHADOW_INTENT, stringMapper(r -> r.shadowIntent));
     }
 
     @Override

diff --git a/...src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/QAuditEventRecordMapping.java b/...src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/QAuditEventRecordMapping.java
@@ -11,12 +11,16 @@
 
 import java.time.Instant;
 import java.util.*;
+import java.util.function.BiFunction;
 import java.util.function.Function;
 
 import com.evolveum.midpoint.repo.sqlbase.mapping.TableRelationResolver;
 
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectDeltaOperationType;
+
 import com.google.common.collect.Table;
 import com.querydsl.core.Tuple;
+import com.querydsl.core.types.Predicate;
 import com.querydsl.core.types.dsl.ArrayPath;
 import org.jetbrains.annotations.NotNull;
 
@@ -117,9 +121,10 @@ private QAuditEventRecordMapping(@NotNull SqaleRepoContext repositoryContext) {
                 ctx -> new AuditPropertiesItemFilterProcessor(ctx, q -> q.properties)));
 
         addItemMapping(F_CUSTOM_COLUMN_PROPERTY, AuditCustomColumnItemFilterProcessor.mapper());
-
         addRelationResolver(F_DELTA,
-                TableRelationResolver.usingJoin(QAuditDeltaMapping::get, (r,d) -> r.id.eq(d.recordId)));
+                TableRelationResolver.usingSubquery(
+                        QAuditDeltaMapping.init(repositoryContext),
+                        (e, d) -> e.id.eq(d.recordId)));
     }
 
     @Override

diff --git a/repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/AuditSearchTest.java b/repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/AuditSearchTest.java
@@ -17,6 +17,8 @@
 import java.util.UUID;
 import java.util.stream.Collectors;
 
+import com.evolveum.midpoint.schema.query.PreparedQuery;
+
 import org.jetbrains.annotations.NotNull;
 import org.testng.annotations.BeforeClass;
 import org.testng.annotations.Test;
@@ -100,7 +102,12 @@ public void initAuditEvents() throws Exception {
         record1.setSessionIdentifier("session-1");
         record1.setTarget(target);
         record1.setTargetOwner(targetOwner);
-        record1.addDelta(createDelta(UserType.F_FULL_NAME)); // values are not even necessary
+
+        var kindDelta = createDelta(UserType.F_FULL_NAME);
+        kindDelta.setResourceOid(resourceOid);
+        kindDelta.setShadowKind(ShadowKindType.ACCOUNT);
+        kindDelta.setShadowIntent("default");
+        record1.addDelta(kindDelta); // values are not even necessary
         record1.addDelta(createDelta(UserType.F_FAMILY_NAME, PolyString.fromOrig("familyNameVal")));
         ObjectDeltaOperation<UserType> delta3 = createDelta(ItemPath.create(
                         ObjectType.F_METADATA, MetadataType.F_REQUEST_TIMESTAMP),
@@ -1416,6 +1423,40 @@ public void test600SearchById() throws SchemaException {
         assertThat(result.get(0).getEventIdentifier()).isEqualTo(record1EventIdentifier);
     }
 
+    // FIXME: Does not work, can not enter PrismPropertyDefinition (delta)
+    @Test(enabled = false)
+    public void test700SearchByQueryBuilder() throws SchemaException {
+        when("searching audit using delta/shadowKind and delta/shadowIntent");
+        SearchResultList<AuditEventRecordType> result = searchObjects(
+                prismContext.queryFor(AuditEventRecordType.class)
+                        .exists(AuditEventRecordType.F_DELTA)
+                        .block()
+                        .item(ObjectDeltaOperationType.F_RESOURCE_OID).eq(resourceOid)
+                        .and()
+                        .item(ObjectDeltaOperationType.F_SHADOW_KIND).eq(ShadowKindType.ACCOUNT)
+                        .and()
+                        .item(ObjectDeltaOperationType.F_SHADOW_INTENT).eq("default")
+                        .endBlock()
+                        .build());
+
+        assertThat(result).hasSize(1);
+        assertThat(result.get(0).getEventIdentifier()).isEqualTo(record1EventIdentifier);
+    }
+
+    // FIXME: Does not work, can not enter PrismPropertyDefinition (delta)
+    @Test()
+    public void test700SearchByExistsInAxiom() throws SchemaException {
+        when("searching audit using delta/shadowKind and delta/shadowIntent");
+        SearchResultList<AuditEventRecordType> result = searchObjects(
+                PreparedQuery.parse(AuditEventRecordType.class,
+                                "delta matches (resourceOid = ? and shadowKind = ? and shadowIntent = ?")
+                        .bind(resourceOid, ShadowKindType.ACCOUNT, "default")
+                        .toObjectQuery()
+        );
+        assertThat(result).hasSize(1);
+        assertThat(result.get(0).getEventIdentifier()).isEqualTo(record1EventIdentifier);
+    }
+
     @Test
     public void test800SearchWithAllFilter() throws SchemaException {
         when("searching audit using ALL filter");