Create PoC for associated objects inbounds

Very experimental code for inbound mappings for associated objects.
Now it can do a basic import. Very fragile! Other tests are probably
broken as well.

infra/schema/src/main/java/com/evolveum/midpoint/schema/config/AssociatedResourceObjectTypeDefinitionConfigItem.java

@@ -22,8 +22,6 @@ public AssociatedResourceObjectTypeDefinitionConfigItem(
 
     @Override
     public @NotNull String localDescription() {
-        var displayName = value().getDisplayName();
-        return "associated object type '%s' %sdefinition".formatted(
-                value().getIntent(), displayName != null ? "(" + displayName + ") " : "");
+        return "associated " + super.localDescription();
     }
 }

infra/schema/src/main/java/com/evolveum/midpoint/schema/config/ResourceObjectTypeDefinitionConfigItem.java

@@ -19,11 +19,4 @@ public ResourceObjectTypeDefinitionConfigItem(
             @NotNull ConfigurationItem<ResourceObjectTypeDefinitionType> original) {
         super(original);
     }
-
-    @Override
-    public @NotNull String localDescription() {
-        var displayName = value().getDisplayName();
-        return "associated object type '%s' %sdefinition".formatted(
-                value().getIntent(), displayName != null ? "(" + displayName + ") " : "");
-    }
 }

infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ResourceObjectDefinition.java

@@ -563,6 +563,7 @@ default void assertAttached() {
     }
     //endregion
 
+    /** Call {@link #getPrismObjectDefinition()} for the cached version. */
     default @NotNull PrismObjectDefinition<ShadowType> toPrismObjectDefinition() {
         return ObjectFactory.constructObjectDefinition(
                 toResourceAttributeContainerDefinition(),
@@ -598,4 +599,9 @@ default void assertAttached() {
 
     /** Returns both attribute and association definitions. */
     @NotNull Collection<? extends ShadowItemDefinition<?, ?>> getShadowItemDefinitions();
+
+    default boolean hasInboundMappings() {
+        return getShadowItemDefinitions().stream()
+                .anyMatch(ShadowItemDefinition::hasInboundMapping);
+    }
 }

infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ResourceObjectTypeDefinition.java

@@ -7,6 +7,7 @@
 
 package com.evolveum.midpoint.schema.processor;
 
+import com.evolveum.midpoint.prism.path.ItemPath;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CapabilityType;
@@ -129,6 +130,18 @@ default boolean matchesKind(@Nullable ShadowKindType kind) {
         throw new UnsupportedOperationException("Dynamic references are not supported for archetypeRef; in " + this);
     }
 
+    // TEMPORARY
+    default @Nullable ItemPath getFocusItemPath() {
+        var focusSpec = getDefinitionBean().getFocus();
+        return focusSpec != null && focusSpec.getItemPath() != null ? focusSpec.getItemPath().getItemPath() : null;
+    }
+
+    // TEMPORARY
+    default @Nullable String getAssignmentSubtype() {
+        var focusSpec = getDefinitionBean().getFocus();
+        return focusSpec != null ? focusSpec.getAssignmentSubtype() : null;
+    }
+
     /** Returns true if there is "synchronization reactions" definition section here (even if it's empty). */
     boolean hasSynchronizationReactionsDefinition();
 

infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ResourceSchemaParser.java

@@ -661,7 +661,7 @@ private void parseProtected() throws SchemaException, ConfigurationException {
             if (protectedPatternBeans.isEmpty()) {
                 return;
             }
-            var prismObjectDef = definition.toPrismObjectDefinition();
+            var prismObjectDef = definition.getPrismObjectDefinition();
             for (ResourceObjectPatternType protectedPatternBean : protectedPatternBeans) {
                 definition.addProtectedObjectPattern(
                         convertToPattern(protectedPatternBean, prismObjectDef));

infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ShadowAssociationDefinitionImpl.java

@@ -181,7 +181,7 @@ private static SystemException alreadyChecked(ConfigurationException e) {
         // We apply the prism shadow definition for (representative) target object to the shadowRef definition.
         var shadowRefDef = Objects.requireNonNull(def.findReferenceDefinition(ShadowAssociationValueType.F_SHADOW_REF)).clone();
         shadowRefDef.mutator().setTargetObjectDefinition(
-                getTargetObjectDefinition().toPrismObjectDefinition());
+                getTargetObjectDefinition().getPrismObjectDefinition());
         def.mutator().replaceDefinition(
                 ShadowAssociationValueType.F_SHADOW_REF,
                 shadowRefDef);

infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ShadowAssociationValue.java

@@ -11,6 +11,7 @@
 import javax.xml.namespace.QName;
 
 import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
+import com.evolveum.midpoint.util.DebugUtil;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
 
 import org.jetbrains.annotations.NotNull;
@@ -146,11 +147,15 @@ public ShadowAssociationValue cloneComplex(CloneStrategy strategy) {
     }
 
     /** Target object or its reference. TODO better name. */
-    public ShadowType getShadowBean() {
+    public @NotNull ShadowType getShadowBean() {
         var shadowRef = stateNonNull(asContainerable().getShadowRef(), "No shadowRef in %s", this);
         return (ShadowType) stateNonNull(shadowRef.getObjectable(), "No shadow in %s", this);
     }
 
+    public @NotNull AbstractShadow getShadow() {
+        return AbstractShadow.of(getShadowBean());
+    }
+
     public QName getTargetObjectClassName() {
         return getAttributesContainerRequired().getDefinitionRequired().getTypeName();
     }
@@ -190,7 +195,7 @@ public QName getTargetObjectClassName() {
         return stateNonNull(getShadowIfPresent(), "No shadow in %s", this);
     }
 
-    private @NotNull ResourceObjectDefinition getAssociatedObjectDefinition() {
+    public @NotNull ResourceObjectDefinition getAssociatedObjectDefinition() {
         return getShadowRequired().getObjectDefinition();
     }
 
@@ -205,4 +210,17 @@ public void setShadow(@NotNull AbstractShadow shadow) {
                 .identifiersOnly(false);
         // TODO check consistence
     }
+
+    @Override
+    protected boolean appendExtraHeaderDump(StringBuilder sb, int indent, boolean wasIndent) {
+        wasIndent = super.appendExtraHeaderDump(sb, indent, wasIndent);
+        if (!wasIndent) {
+            DebugUtil.indentDebugDump(sb, indent);
+        } else {
+            sb.append("; ");
+        }
+        // TODO this should be a part of ShadowType dumping; but that code is automatically generated for now
+        sb.append(getAssociatedObjectDefinition());
+        return true;
+    }
 }

infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ShadowItemDefinition.java

@@ -178,6 +178,10 @@ default boolean hasOutboundMapping() {
      */
     @NotNull List<InboundMappingType> getInboundMappingBeans();
 
+    default boolean hasInboundMapping() {
+        return !getInboundMappingBeans().isEmpty();
+    }
+
     /**
      * Drives behavior of strong and normal mappings for this attribute.
      *

infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ShadowItemDefinitionImpl.java

@@ -13,6 +13,8 @@
 import java.util.*;
 import javax.xml.namespace.QName;
 
+import com.evolveum.midpoint.prism.util.CloneUtil;
+
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
@@ -113,11 +115,10 @@ public abstract class ShadowItemDefinitionImpl<
     ShadowItemDefinitionImpl(@NotNull ND nativeDefinition, @NotNull CB customizationBean, boolean forcedIgnored)
             throws SchemaException {
         assert nativeDefinition.isImmutable();
-        assert customizationBean.isImmutable();
 
         this.currentLayer = DEFAULT_LAYER;
         this.nativeDefinition = nativeDefinition;
-        this.customizationBean = customizationBean;
+        this.customizationBean = CloneUtil.toImmutable(customizationBean);
         this.limitationsMap = computeLimitationsMap(forcedIgnored);
         this.accessOverride = new PropertyAccessType();
     }

infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/SynchronizationActionDefinition.java

@@ -15,6 +15,8 @@
 
 import java.util.Comparator;
 
+import static com.evolveum.midpoint.util.MiscUtil.stateNonNull;
+
 /**
  * Wraps both {@link SynchronizationActionType} and {@link AbstractSynchronizationActionType}.
  */
@@ -64,6 +66,11 @@ public ObjectReferenceType getObjectTemplateRef() {
 
     public abstract @Nullable Class<? extends AbstractSynchronizationActionType> getNewDefinitionBeanClass();
 
+    public @NotNull Class<? extends AbstractSynchronizationActionType> getNewDefinitionBeanClassRequired() {
+        return stateNonNull(getNewDefinitionBeanClass(),
+                "Action definition bean class not present in %s", this);
+    }
+
     @VisibleForTesting
     public abstract @Nullable AbstractSynchronizationActionType getNewDefinitionBean();
 

infra/schema/src/main/java/com/evolveum/midpoint/schema/util/AbstractShadow.java

@@ -253,6 +253,8 @@ default void checkAttributeDefinitions() {
     AbstractShadow clone();
 
     default void applyDefinition(@NotNull ResourceObjectDefinition newDefinition) throws SchemaException {
+        // This causes problems with embedded associations
+        //getPrismObject().applyDefinition(newDefinition.getPrismObjectDefinition(), false);
         getAttributesContainer().applyDefinition(
                 newDefinition.toResourceAttributeContainerDefinition());
         checkConsistence();
@@ -310,6 +312,10 @@ default PolyStringType getName() {
                 "No object class in %s", this);
     }
 
+    default boolean isClassified() {
+        return ShadowUtil.isClassified(getBean());
+    }
+
     default boolean isProtectedObject() {
         return BooleanUtils.isTrue(getBean().isProtectedObject());
     }

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/authentication/CorrelationModuleAuthenticationImpl.java

@@ -11,7 +11,7 @@
 import com.evolveum.midpoint.authentication.api.util.AuthenticationModuleNameConstants;
 import com.evolveum.midpoint.authentication.impl.util.ModuleType;
 import com.evolveum.midpoint.model.api.correlator.CandidateOwner;
-import com.evolveum.midpoint.model.api.correlator.CandidateOwnersMap;
+import com.evolveum.midpoint.model.api.correlator.CandidateOwners;
 import com.evolveum.midpoint.prism.path.ItemPath;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
@@ -25,7 +25,7 @@ public class CorrelationModuleAuthenticationImpl extends ModuleAuthenticationImp
     private List<CorrelationModuleConfigurationType> correlators;
     private int currentProcessingCorrelator;
 
-    private CandidateOwnersMap candidateOwners = new CandidateOwnersMap();
+    private CandidateOwners candidateOwners = new CandidateOwners();
     private final List<ObjectType> owners = new ArrayList<>();
 
     private FocusType preFocus;
@@ -77,16 +77,12 @@ public boolean isEmptyCorrelatorsList() {
         return CollectionUtils.isEmpty(correlators);
     }
 
-    public void rewriteCandidateOwners(CandidateOwnersMap map) {
-        candidateOwners.clear();
-        candidateOwners.mergeWith(map);
+    public void rewriteCandidateOwners(CandidateOwners newOwners) {
+        candidateOwners.replaceWith(newOwners);
     }
 
     public Set<String> getCandidateOids() {
-        return candidateOwners.values()
-                .stream()
-                .map(CandidateOwner::getOid)
-                .collect(Collectors.toSet());
+        return candidateOwners.getCandidateOids();
     }
 
     public void rewriteOwner(ObjectType owner) {

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/CorrelationProvider.java

@@ -15,7 +15,7 @@
 import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipalManager;
 import com.evolveum.midpoint.model.api.correlation.CompleteCorrelationResult;
 import com.evolveum.midpoint.model.api.correlation.CorrelationService;
-import com.evolveum.midpoint.model.api.correlator.CandidateOwnersMap;
+import com.evolveum.midpoint.model.api.correlator.CandidateOwners;
 import com.evolveum.midpoint.schema.CorrelatorDiscriminator;
 import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.security.api.*;
@@ -96,8 +96,8 @@ public Authentication doAuthenticate(
                 return authentication;
             }
 
-            CandidateOwnersMap ownersMap = correlationResult.getCandidateOwnersMap();
-            correlationModuleAuthentication.rewriteCandidateOwners(ownersMap);
+            CandidateOwners owners = correlationResult.getCandidateOwnersMap();
+            correlationModuleAuthentication.rewriteCandidateOwners(owners);
 
             return authentication;
         } catch (Exception e) {
@@ -125,11 +125,11 @@ private boolean candidateOwnerExist(CompleteCorrelationResult correlationResult)
         return correlationResult.getCandidateOwnersMap() != null && !correlationResult.getCandidateOwnersMap().isEmpty();
     }
 
-    private void rewriteCandidatesToOwners(@NotNull CandidateOwnersMap candidateOwnersMap,
+    private void rewriteCandidatesToOwners(@NotNull CandidateOwners candidateOwners,
             CorrelationModuleAuthenticationImpl correlationModuleAuthentication) {
         correlationModuleAuthentication.clearOwners();
-        candidateOwnersMap.values()
-                .forEach(c -> correlationModuleAuthentication.addOwnerIfNotExist(c.getObject()));
+        candidateOwners.objectBasedValues()
+                .forEach(c -> correlationModuleAuthentication.addOwnerIfNotExist(c.getValue()));
     }
 
     private void isOwnersNumberUnderRestriction(CorrelationModuleAuthenticationImpl correlationModuleAuthentication) {

model/model-api/src/main/java/com/evolveum/midpoint/model/api/correlation/AbstractCorrelationResult.java

@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2010-2024 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+
+package com.evolveum.midpoint.model.api.correlation;
+
+import java.io.Serializable;
+
+import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
+
+import com.evolveum.midpoint.prism.Containerable;
+import com.evolveum.midpoint.util.DebugDumpable;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.CorrelationSituationType;
+
+public abstract class AbstractCorrelationResult<C extends Containerable> implements Serializable, DebugDumpable {
+
+    /** What is the result of the correlation? */
+    @NotNull final CorrelationSituationType situation;
+
+    /** The correlated owner. Non-null if and only if {@link #situation} is {@link CorrelationSituationType#EXISTING_OWNER}. */
+    @Nullable final C owner;
+
+    AbstractCorrelationResult(@NotNull CorrelationSituationType situation, @Nullable C owner) {
+        this.situation = situation;
+        this.owner = owner;
+    }
+
+    public @NotNull CorrelationSituationType getSituation() {
+        return situation;
+    }
+
+    public @Nullable C getOwner() {
+        return owner;
+    }
+}