MID-7534 shadows auditing, added few assertions

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ShadowConstraintsChecker.java

@@ -139,6 +139,7 @@ public void check(Task task, OperationResult result)
                 projectionContext.getOid(),
                 confirmer,
                 context.getProjectionConstraintsCheckingStrategy(),
+                context.createProvisioningOperationContext(task, result),
                 task, result);
 
         if (constraintsCheckingResult.isSatisfiesConstraints()) {

model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/util/mock/MockFactory.java

@@ -245,6 +245,7 @@ public ConstraintsCheckingResult checkConstraints(
                     String shadowOid,
                     ConstraintViolationConfirmer constraintViolationConfirmer,
                     ConstraintsCheckingStrategyType strategy,
+                    ProvisioningOperationContext context,
                     @NotNull Task task,
                     @NotNull OperationResult parentResult) {
                 return null;

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractEmptyModelIntegrationTest.java

@@ -17,16 +17,14 @@
 import com.evolveum.midpoint.model.test.AbstractModelIntegrationTest;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.crypto.EncryptionException;
+import com.evolveum.midpoint.prism.path.ItemPath;
 import com.evolveum.midpoint.provisioning.ucf.impl.builtin.ManualConnectorInstance;
 import com.evolveum.midpoint.schema.internals.InternalsConfig;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.task.api.Task;
 import com.evolveum.midpoint.util.annotation.Experimental;
-import com.evolveum.midpoint.util.exception.CommonException;
-import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
-import com.evolveum.midpoint.util.exception.SchemaException;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
+import com.evolveum.midpoint.util.exception.*;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
 /**
  * Creates empty but functional environment for model integration tests - but without all the configured objects
@@ -117,4 +115,17 @@ protected Task runTriggerScannerOnDemand(OperationResult result) throws CommonEx
     protected Task runTriggerScannerOnDemandErrorsOk(OperationResult result) throws CommonException {
         return rerunTaskErrorsOk(TASK_TRIGGER_SCANNER_ON_DEMAND.oid, result);
     }
+
+    protected void setRecordEnhancedShadowChanges(boolean enable, Task task, OperationResult result)
+            throws SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException,
+            ConfigurationException, ObjectNotFoundException, PolicyViolationException, ObjectAlreadyExistsException {
+
+        ItemPath path = ItemPath.create(
+                SystemConfigurationType.F_AUDIT,
+                SystemConfigurationAuditType.F_EVENT_RECORDING,
+                SystemConfigurationAuditEventRecordingType.F_RECORD_ENHANCED_SHADOW_CHANGES);
+
+        modifyObjectReplaceProperty(SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value(),
+                path, task, result, enable);
+    }
 }

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/multi/TestMultiResource.java

@@ -11,6 +11,7 @@
 import java.util.Collection;
 import java.util.List;
 
+import com.evolveum.midpoint.audit.api.AuditEventStage;
 import com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest;
 import com.evolveum.midpoint.model.test.CommonInitialObjects;
 import com.evolveum.midpoint.prism.*;
@@ -131,6 +132,8 @@ public class TestMultiResource extends AbstractInitializedModelIntegrationTest {
     public void initSystem(Task initTask, OperationResult initResult) throws Exception {
         super.initSystem(initTask, initResult);
 
+        setRecordEnhancedShadowChanges(true, initTask, initResult);
+
         CommonInitialObjects.addMarks(this, initTask, initResult);
 
         initDummyResourcePirate(RESOURCE_DUMMY_LAVENDER_NAME,
@@ -1951,22 +1954,32 @@ public void test400DavidAndGoliathAssignRole() throws Exception {
 
         // Check audit
         displayDumpable("Audit", dummyAuditService);
-        dummyAuditService.assertRecords(4);
+        dummyAuditService.assertRecords(7);
         dummyAuditService.assertSimpleRecordSanity();
         dummyAuditService.assertAnyRequestDeltas();
-        dummyAuditService.assertExecutionDeltas(0,3);
-        dummyAuditService.assertHasDelta(0,ChangeType.MODIFY, UserType.class);
-        dummyAuditService.assertHasDelta(0,ChangeType.ADD, ShadowType.class);
-        dummyAuditService.assertExecutionDeltas(1,3);
-        dummyAuditService.assertHasDelta(1,ChangeType.MODIFY, UserType.class);
-        dummyAuditService.assertHasDelta(1,ChangeType.ADD, ShadowType.class);
-        dummyAuditService.assertExecutionDeltas(2,2);
-        dummyAuditService.assertHasDelta(2,ChangeType.MODIFY, UserType.class);
-        dummyAuditService.assertHasDelta(2,ChangeType.MODIFY, ShadowType.class);
+
+        dummyAuditService.assertHasDelta(0, AuditEventStage.RESOURCE, ChangeType.ADD, ShadowType.class);
+
+        dummyAuditService.assertExecutionDeltas(1, 3);
+        dummyAuditService.assertHasDelta(1, ChangeType.ADD, ShadowType.class);
+        dummyAuditService.assertHasDelta(1, ChangeType.MODIFY, UserType.class);
+        dummyAuditService.assertHasDelta(1, ChangeType.ADD, ShadowType.class);
+
+        dummyAuditService.assertHasDelta(2, AuditEventStage.RESOURCE, ChangeType.ADD, ShadowType.class);
+
+        dummyAuditService.assertExecutionDeltas(3, 3);
+        dummyAuditService.assertHasDelta(3, ChangeType.MODIFY, UserType.class);
+        dummyAuditService.assertHasDelta(3, ChangeType.ADD, ShadowType.class);
+
+        dummyAuditService.assertHasDelta(4, AuditEventStage.RESOURCE, ChangeType.MODIFY, ShadowType.class);
+
+        dummyAuditService.assertExecutionDeltas(5, 2);
+        dummyAuditService.assertHasDelta(5, ChangeType.MODIFY, UserType.class);
+        dummyAuditService.assertHasDelta(5, ChangeType.MODIFY, ShadowType.class);
         dummyAuditService.assertExecutionSuccess();
 
         // Have a closer look at the last shadow modify delta. Make sure there are no phantom changes.
-        ObjectDeltaOperation<?> executionDeltaOp = dummyAuditService.getExecutionDelta(2, ChangeType.MODIFY, ShadowType.class);
+        ObjectDeltaOperation<?> executionDeltaOp = dummyAuditService.getExecutionDelta(5, ChangeType.MODIFY, ShadowType.class);
         ObjectDelta<?> executionDelta = executionDeltaOp.getObjectDelta();
         displayDumpable("Last execution delta", executionDelta);
         PrismAsserts.assertModifications("Phantom changes in last delta:", executionDelta, 7);
@@ -2032,22 +2045,25 @@ public void test401DavidAndGoliathModifyOu() throws Exception {
 
         // Check audit
         displayDumpable("Audit", dummyAuditService);
-        dummyAuditService.assertRecords(4);
+        dummyAuditService.assertRecords(7);
         dummyAuditService.assertSimpleRecordSanity();
         dummyAuditService.assertAnyRequestDeltas();
-        dummyAuditService.assertExecutionDeltas(0,2);
-        dummyAuditService.assertHasDelta(0,ChangeType.MODIFY, UserType.class);
-        dummyAuditService.assertHasDelta(0,ChangeType.MODIFY, ShadowType.class);
+        dummyAuditService.assertHasDelta(0, AuditEventStage.RESOURCE, ChangeType.MODIFY, ShadowType.class);
         dummyAuditService.assertExecutionDeltas(1,2);
         dummyAuditService.assertHasDelta(1,ChangeType.MODIFY, UserType.class);
         dummyAuditService.assertHasDelta(1,ChangeType.MODIFY, ShadowType.class);
-        dummyAuditService.assertExecutionDeltas(2,2);
-        dummyAuditService.assertHasDelta(2,ChangeType.MODIFY, UserType.class);
-        dummyAuditService.assertHasDelta(2,ChangeType.MODIFY, ShadowType.class);
+        dummyAuditService.assertHasDelta(2, AuditEventStage.RESOURCE, ChangeType.MODIFY, ShadowType.class);
+        dummyAuditService.assertExecutionDeltas(3,2);
+        dummyAuditService.assertHasDelta(3,ChangeType.MODIFY, UserType.class);
+        dummyAuditService.assertHasDelta(3,ChangeType.MODIFY, ShadowType.class);
+        dummyAuditService.assertHasDelta(4, AuditEventStage.RESOURCE, ChangeType.MODIFY, ShadowType.class);
+        dummyAuditService.assertExecutionDeltas(5,2);
+        dummyAuditService.assertHasDelta(5,ChangeType.MODIFY, UserType.class);
+        dummyAuditService.assertHasDelta(5,ChangeType.MODIFY, ShadowType.class);
         dummyAuditService.assertExecutionSuccess();
 
         // Have a closer look at the last shadow modify delta. Make sure there are no phantom changes.
-        ObjectDeltaOperation<?> executionDeltaOp = dummyAuditService.getExecutionDelta(2, ChangeType.MODIFY, ShadowType.class);
+        ObjectDeltaOperation<?> executionDeltaOp = dummyAuditService.getExecutionDelta(5, ChangeType.MODIFY, ShadowType.class);
         ObjectDelta<?> executionDelta = executionDeltaOp.getObjectDelta();
         displayDumpable("Last execution delta", executionDelta);
         PrismAsserts.assertModifications("Phantom changes in last delta:", executionDelta, 7);
@@ -2077,15 +2093,17 @@ public void test403DavidAndGoliathDisableUser() throws Exception {
 
         // Check audit
         displayDumpable("Audit", dummyAuditService);
-        dummyAuditService.assertRecords(3);            // last one is duplicate
+        dummyAuditService.assertRecords(5);            // last one is duplicate
         dummyAuditService.assertSimpleRecordSanity();
         dummyAuditService.assertAnyRequestDeltas();
-        dummyAuditService.assertExecutionDeltas(0,2);
-        dummyAuditService.assertHasDelta(0,ChangeType.MODIFY, UserType.class);
-        dummyAuditService.assertHasDelta(0,ChangeType.MODIFY, ShadowType.class);
-        dummyAuditService.assertExecutionDeltas(1,2);            // user is again disabled here
-        dummyAuditService.assertHasDelta(1,ChangeType.MODIFY, UserType.class); // lastProvisioningTimestamp
+        dummyAuditService.assertHasDelta(0, AuditEventStage.RESOURCE, ChangeType.MODIFY, ShadowType.class);
+        dummyAuditService.assertExecutionDeltas(1,2);
+        dummyAuditService.assertHasDelta(1,ChangeType.MODIFY, UserType.class);
         dummyAuditService.assertHasDelta(1,ChangeType.MODIFY, ShadowType.class);
+        dummyAuditService.assertHasDelta(2, AuditEventStage.RESOURCE, ChangeType.MODIFY, ShadowType.class);
+        dummyAuditService.assertExecutionDeltas(3,2);            // user is again disabled here
+        dummyAuditService.assertHasDelta(3,ChangeType.MODIFY, UserType.class); // lastProvisioningTimestamp
+        dummyAuditService.assertHasDelta(3,ChangeType.MODIFY, ShadowType.class);
         dummyAuditService.assertExecutionSuccess();
     }
 
@@ -2112,16 +2130,20 @@ public void test404DavidAndGoliathEnableUser() throws Exception {
 
         // Check audit
         displayDumpable("Audit", dummyAuditService);
-        dummyAuditService.assertRecords(3);                        // last one is duplicate
+        dummyAuditService.assertRecords(5);                        // last one is duplicate
         dummyAuditService.assertSimpleRecordSanity();
         dummyAuditService.assertAnyRequestDeltas();
-        dummyAuditService.assertExecutionDeltas(0,2);
-        dummyAuditService.assertHasDelta(0,ChangeType.MODIFY, UserType.class);
-        dummyAuditService.assertHasDelta(0,ChangeType.MODIFY, ShadowType.class);
-        dummyAuditService.assertExecutionDeltas(1,2);            // user is again disabled here
-        dummyAuditService.assertHasDelta(1,ChangeType.MODIFY, UserType.class); // lastProvisioningTimestamp
+        dummyAuditService.assertHasDelta(0, AuditEventStage.RESOURCE, ChangeType.MODIFY, ShadowType.class);
+        dummyAuditService.assertExecutionDeltas(1,2);
+        dummyAuditService.assertHasDelta(1,ChangeType.MODIFY, UserType.class);
         dummyAuditService.assertHasDelta(1,ChangeType.MODIFY, ShadowType.class);
+        dummyAuditService.assertHasDelta(2, AuditEventStage.RESOURCE, ChangeType.MODIFY, ShadowType.class);
+        dummyAuditService.assertExecutionDeltas(3,2);            // user is again disabled here
+        dummyAuditService.assertHasDelta(3, ChangeType.MODIFY, UserType.class); // lastProvisioningTimestamp
+        dummyAuditService.assertHasDelta(3,ChangeType.MODIFY, ShadowType.class);
         dummyAuditService.assertExecutionSuccess();
+
+        setRecordEnhancedShadowChanges(false, task, result);
     }
 
     @Test

provisioning/provisioning-api/src/main/java/com/evolveum/midpoint/provisioning/api/ProvisioningService.java

@@ -1050,11 +1050,28 @@ ConstraintsCheckingResult checkConstraints(
             String shadowOid,
             ConstraintViolationConfirmer constraintViolationConfirmer,
             ConstraintsCheckingStrategyType strategy,
+            ProvisioningOperationContext context,
             @NotNull Task task,
             @NotNull OperationResult parentResult)
             throws CommunicationException, ObjectAlreadyExistsException, SchemaException, SecurityViolationException,
             ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException;
 
+    default ConstraintsCheckingResult checkConstraints(
+            ResourceObjectDefinition objectTypeDefinition,
+            PrismObject<ShadowType> shadowObject,
+            PrismObject<ShadowType> shadowObjectOld,
+            ResourceType resource,
+            String shadowOid,
+            ConstraintViolationConfirmer constraintViolationConfirmer,
+            ConstraintsCheckingStrategyType strategy,
+            @NotNull Task task,
+            @NotNull OperationResult parentResult)
+            throws CommunicationException, ObjectAlreadyExistsException, SchemaException, SecurityViolationException,
+            ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException {
+        return checkConstraints(objectTypeDefinition, shadowObject, shadowObjectOld, resource, shadowOid, constraintViolationConfirmer,
+                strategy, null, task, parentResult);
+    }
+
     void enterConstraintsCheckerCache();
 
     void exitConstraintsCheckerCache();

provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ProvisioningServiceImpl.java

@@ -998,6 +998,7 @@ public ConstraintsCheckingResult checkConstraints(
             ResourceType resource, String shadowOid,
             ConstraintViolationConfirmer constraintViolationConfirmer,
             ConstraintsCheckingStrategyType strategy,
+            ProvisioningOperationContext context,
             @NotNull Task task,
             @NotNull OperationResult parentResult)
             throws CommunicationException, SchemaException, SecurityViolationException, ConfigurationException,
@@ -1009,6 +1010,8 @@ public ConstraintsCheckingResult checkConstraints(
             checker.setShadowObjectOld(shadowObjectOld);
             // "Whole class": we should not need it here. We do not invoke the search on resource here.
             ProvisioningContext ctx = ctxFactory.createForDefinition(resource, objectDefinition, null, task);
+            ctx.setOperationContext(context);
+
             checker.setProvisioningContext(ctx);
             checker.setShadowObject(shadowObject);
             checker.setShadowOid(shadowOid);