Fixing lockout support +test

icf-connectors/dummy-connector/src/main/java/com/evolveum/icf/dummy/connector/DummyConnector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2013 Evolveum
+ * Copyright (c) 2010-2014 Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -282,13 +282,16 @@ public Uid update(ObjectClass objectClass, Uid uid, Set<Attribute> replaceAttrib
 		        		changePassword(account,attr);
 
 		        	} else if (attr.is(OperationalAttributes.ENABLE_NAME)) {
-		        		account.setEnabled(getEnable(attr));
+		        		account.setEnabled(getBoolean(attr));
 
 		        	} else if (attr.is(OperationalAttributes.ENABLE_DATE_NAME)) {
 		        		account.setValidFrom(getDate(attr));
 
 		        	} else if (attr.is(OperationalAttributes.DISABLE_DATE_NAME)) {
 		        		account.setValidTo(getDate(attr));
+
+		        	} else if (attr.is(OperationalAttributes.LOCK_OUT_NAME)) {
+		        		account.setLockout(getBoolean(attr));
 
 		        	} else {
 			        	String name = attr.getName();
@@ -333,7 +336,7 @@ public Uid update(ObjectClass objectClass, Uid uid, Set<Attribute> replaceAttrib
 		        		throw new IllegalArgumentException("Attempt to change password on group");
 
 		        	} else if (attr.is(OperationalAttributes.ENABLE_NAME)) {
-		        		group.setEnabled(getEnable(attr));
+		        		group.setEnabled(getBoolean(attr));
 
 		        	} else {
 			        	String name = attr.getName();
@@ -750,6 +753,8 @@ private ObjectClassInfoBuilder createCommonObjectClassBuilder(String typeName,
             	objClassBuilder.addAttributeInfo(OperationalAttributeInfos.ENABLE_DATE);
             	objClassBuilder.addAttributeInfo(OperationalAttributeInfos.DISABLE_DATE);
             }
+
+    		objClassBuilder.addAttributeInfo(OperationalAttributeInfos.LOCK_OUT);
     	}
 
     	// __NAME__ will be added by default
@@ -1091,6 +1096,10 @@ private ConnectorObject convertToConnectorObject(DummyAccount account, Collectio
 			GuardedString gs = new GuardedString(account.getPassword().toCharArray());
 			builder.addAttribute(OperationalAttributes.PASSWORD_NAME,gs);
 		}
+
+		if (account.isLockout() != null) {
+			builder.addAttribute(OperationalAttributes.LOCK_OUT_NAME, account.isLockout());
+		}
 
         return builder.build();
 	}
@@ -1126,7 +1135,7 @@ private DummyAccount convertToAccount(Set<Attribute> createAttributes) throws Co
 				changePassword(newAccount,attr);
 
 			} else if (attr.is(OperationalAttributeInfos.ENABLE.getName())) {
-				enabled = getEnable(attr);
+				enabled = getBoolean(attr);
 				newAccount.setEnabled(enabled);
 
 			} else if (attr.is(OperationalAttributeInfos.ENABLE_DATE.getName())) {
@@ -1141,7 +1150,11 @@ private DummyAccount convertToAccount(Set<Attribute> createAttributes) throws Co
 					newAccount.setValidTo(getDate(attr));
 				} else {
 					throw new IllegalArgumentException("DISABLE_DATE specified in the account attributes while not supporting it");
-				}	
+				}
+
+			} else if (attr.is(OperationalAttributeInfos.LOCK_OUT.getName())) {
+				Boolean lockout = getBoolean(attr);
+				newAccount.setLockout(lockout);
 
 			} else {
 				String name = attr.getName();
@@ -1179,7 +1192,7 @@ private DummyGroup convertToGroup(Set<Attribute> createAttributes) throws Connec
 				throw new IllegalArgumentException("Password specified for a group");
 
 			} else if (attr.is(OperationalAttributeInfos.ENABLE.getName())) {
-				enabled = getEnable(attr);
+				enabled = getBoolean(attr);
 				newGroup.setEnabled(enabled);
 
 			} else if (attr.is(OperationalAttributeInfos.ENABLE_DATE.getName())) {
@@ -1240,13 +1253,13 @@ private DummyPrivilege convertToPriv(Set<Attribute> createAttributes) throws Con
 		return newPriv;
 	}
 
-	private boolean getEnable(Attribute attr) {
+	private boolean getBoolean(Attribute attr) {
 		if (attr.getValue() == null || attr.getValue().isEmpty()) {
-			throw new IllegalArgumentException("Empty enable attribute was provided");
+			throw new IllegalArgumentException("Empty "+attr.getName()+" attribute was provided");
 		}
 		Object object = attr.getValue().get(0);
 		if (!(object instanceof Boolean)) {
-			throw new IllegalArgumentException("Enable attribute was provided as "+object.getClass().getName()+" while expecting boolean");
+			throw new IllegalArgumentException("Attribute "+attr.getName()+" was provided as "+object.getClass().getName()+" while expecting boolean");
 		}
 		return ((Boolean)object).booleanValue();
 	}

icf-connectors/dummy-resource/src/main/java/com/evolveum/icf/dummy/resource/DummyAccount.java

@@ -40,6 +40,7 @@ public class DummyAccount extends DummyObject {
 	public static final String ATTR_PRIVILEGES_NAME = "privileges";
 
 	private String password = null;
+	private Boolean lockout = null;
 
 	public DummyAccount() {
 		super();
@@ -57,6 +58,14 @@ public void setPassword(String password) {
 		this.password = password;
 	}
 
+	public Boolean isLockout() {
+		return lockout;
+	}
+
+	public void setLockout(boolean lockout) {
+		this.lockout = lockout;
+	}
+
 	@Override
 	protected DummyObjectClass getObjectClass() throws ConnectException, FileNotFoundException {
 		return resource.getAccountObjectClass();
@@ -80,6 +89,7 @@ public String debugDump() {
 	@Override
 	protected void extendDebugDump(StringBuilder sb, int indent) {
 		DebugUtil.debugDumpWithLabelToStringLn(sb, "Password", password, indent + 1);
+		DebugUtil.debugDumpWithLabelToStringLn(sb, "Lockout", lockout, indent + 1);
 	}
 
 }

infra/schema/src/main/java/com/evolveum/midpoint/schema/CapabilityUtil.java

@@ -28,6 +28,7 @@
 import com.evolveum.midpoint.util.JAXBUtil;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType;
+import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CredentialsCapabilityType;
@@ -157,4 +158,18 @@ public static boolean isActivationStatusReturnedByDefault(ActivationCapabilityTy
 		}
 		return statusCap.isReturnedByDefault();
 	}
+
+	public static boolean isActivationLockoutStatusReturnedByDefault(ActivationCapabilityType capability) {
+		if (capability == null) {
+			return false;
+		}
+		ActivationLockoutStatusCapabilityType statusCap = capability.getLockoutStatus();
+		if (statusCap == null) {
+			return false;
+		}
+		if (statusCap.isReturnedByDefault() == null) {
+			return true;
+		}
+		return statusCap.isReturnedByDefault();
+	}
 }

infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java

@@ -133,6 +133,7 @@ public abstract class SchemaConstants {
 	public static final ItemPath PATH_ACTIVATION_VALID_FROM = new ItemPath(C_ACTIVATION, ActivationType.F_VALID_FROM);
 	public static final ItemPath PATH_ACTIVATION_VALID_TO = new ItemPath(C_ACTIVATION, ActivationType.F_VALID_TO);
 	public static final ItemPath PATH_ACTIVATION_DISABLE_REASON = new ItemPath(ShadowType.F_ACTIVATION, ActivationType.F_DISABLE_REASON);
+	public static final ItemPath PATH_ACTIVATION_LOCKOUT_STATUS = new ItemPath(C_ACTIVATION, ActivationType.F_LOCKOUT_STATUS);
 	public static final ItemPath PATH_ATTRIBUTES = new ItemPath(C_ATTRIBUTES);
     public static final ItemPath PATH_ASSOCIATION = new ItemPath(C_ASSOCIATION);
 	public static final ItemPath PATH_TRIGGER = new ItemPath(ObjectType.F_TRIGGER);

infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ResourceTypeUtil.java

@@ -26,6 +26,7 @@
 
 
 
+
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
@@ -57,6 +58,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.XmlSchemaType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType;
+import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CreateCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CredentialsCapabilityType;
@@ -331,6 +333,26 @@ public static boolean hasResourceNativeActivationCapability(ResourceType resourc
 		return true;
 	}
 
+	public static boolean hasResourceNativeActivationLockoutCapability(ResourceType resource) {
+		ActivationCapabilityType activationCapability = null;
+		// check resource native capabilities. if resource cannot do
+		// activation, it sholud be null..
+		if (resource.getCapabilities() != null && resource.getCapabilities().getNative() != null) {
+			activationCapability = CapabilityUtil.getCapability(resource.getCapabilities().getNative().getAny(),
+					ActivationCapabilityType.class);
+		}
+		if (activationCapability == null) {
+			return false;
+		}
+
+		ActivationLockoutStatusCapabilityType lockoutStatus = activationCapability.getLockoutStatus();
+		if (lockoutStatus == null) {
+			return false;
+		}
+
+		return true;
+	}
+
 	public static boolean hasResourceConfiguredActivationCapability(ResourceType resource) {
 		if (resource.getCapabilities() == null) {
 			return false;

provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ResourceObjectConverter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2013 Evolveum
+ * Copyright (c) 2010-2014 Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -87,6 +87,7 @@
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationProvisioningScriptType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationProvisioningScriptsType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ProvisioningOperationTypeType;
@@ -821,6 +822,30 @@ private Collection<Operation> determineActivationChange(ShadowType shadow, Colle
 			}
 		}
 
+		PropertyDelta<LockoutStatusType> lockoutPropertyDelta = PropertyDelta.findPropertyDelta(objectChange,
+				SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS);
+		if (lockoutPropertyDelta != null) {
+			if (activationCapabilityType == null) {
+				throw new SchemaException("Attempt to change activation lockoutStatus on "+resource+" which does not have the capability");
+			}
+			LockoutStatusType status = lockoutPropertyDelta.getPropertyNew().getRealValue();
+			LOGGER.trace("Found activation lockoutStatus change to: {}", status);
+
+			// TODO: simulated
+			if (ResourceTypeUtil.hasResourceNativeActivationLockoutCapability(resource)) {
+				// Native lockout, need to check if there is not also change to simulated activation which may be in conflict
+//				checkSimulatedActivation(objectChange, status, shadow, resource, objectClassDefinition);
+				operations.add(new PropertyModificationOperation(lockoutPropertyDelta));
+			} else {
+				// Try to simulate activation capability
+
+				// TODO
+//				PropertyModificationOperation activationAttribute = convertToSimulatedActivationAttribute(lockoutPropertyDelta, shadow, resource,
+//						status, objectClassDefinition);
+//				operations.add(activationAttribute);
+			}	
+		}
+
 		return operations;
 	}
 

provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/ucf/api/AttributesToReturn.java

@@ -30,6 +30,7 @@ public class AttributesToReturn implements Serializable {
 	private boolean returnDefaultAttributes = true;
 	private boolean returnPasswordExplicit = false;
 	private boolean returnAdministrativeStatusExplicit = false;
+	private boolean returnLockoutStatusExplicit = false;
 	Collection<? extends ResourceAttributeDefinition> attributesToReturn = null;
 
 	public boolean isReturnDefaultAttributes() {
@@ -64,6 +65,14 @@ public void setReturnAdministrativeStatusExplicit(boolean returnAdministrativeSt
 		this.returnAdministrativeStatusExplicit = returnAdministrativeStatusExplicit;
 	}
 
+	public boolean isReturnLockoutStatusExplicit() {
+		return returnLockoutStatusExplicit;
+	}
+
+	public void setReturnLockoutStatusExplicit(boolean returnLockoutStatusExplicit) {
+		this.returnLockoutStatusExplicit = returnLockoutStatusExplicit;
+	}
+
 	@Override
 	public String toString() {
 		return "AttributesToReturn(returnDefaultAttributes=" + returnDefaultAttributes + ", returnPasswordExplicit="

provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/ConnectorInstanceIcfImpl.java

@@ -148,6 +148,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType;
+import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationValidityCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CreateCapabilityType;
@@ -505,7 +506,7 @@ public Collection<Object> fetchCapabilities(OperationResult parentResult) throws
 
 		// Result type for this operation
 		OperationResult result = parentResult.createMinorSubresult(ConnectorInstance.class.getName()
-				+ ".getCapabilities");
+				+ ".fetchCapabilities");
 		result.addContext("connector", connectorType);
 
 		try {
@@ -584,6 +585,7 @@ private void parseResourceSchema(org.identityconnectors.framework.common.objects
 		AttributeInfo enableAttributeInfo = null;
 		AttributeInfo enableDateAttributeInfo = null;
 		AttributeInfo disableDateAttributeInfo = null;
+		AttributeInfo lockoutAttributeInfo = null;
 
 		// New instance of midPoint schema object
 		resourceSchema = new ResourceSchema(getSchemaNamespace(), prismContext);
@@ -655,6 +657,12 @@ private void parseResourceSchema(org.identityconnectors.framework.common.objects
 					// Skip this attribute, capability is sufficient
 					continue;
 				}
+
+				if (OperationalAttributes.LOCK_OUT_NAME.equals(attributeInfo.getName())) {
+					lockoutAttributeInfo = attributeInfo;
+					// Skip this attribute, capability is sufficient
+					continue;
+				}
 
 				QName attrXsdName = icfNameMapper.convertAttributeNameToQName(attributeInfo.getName(), getSchemaNamespace());
 				QName attrXsdType = icfTypeToXsdType(attributeInfo.getType(), false);
@@ -760,6 +768,17 @@ private void parseResourceSchema(org.identityconnectors.framework.common.objects
 				capValidTo.setReturnedByDefault(false);
 			}
 		}
+
+		if (lockoutAttributeInfo != null) {
+			if (capAct == null) {
+				capAct = new ActivationCapabilityType();
+			}
+			ActivationLockoutStatusCapabilityType capActStatus = new ActivationLockoutStatusCapabilityType();
+			capAct.setLockoutStatus(capActStatus);
+			if (!lockoutAttributeInfo.isReturnedByDefault()) {
+				capActStatus.setReturnedByDefault(false);
+			}
+		}
 
 		if (capAct != null) {
 			capabilities.add(capabilityObjectFactory.createActivation(capAct));
@@ -1035,6 +1054,10 @@ private String[] convertToIcfAttrsToGet(ObjectClassComplexTypeDefinition objectC
 				|| (attributesToReturn.isReturnDefaultAttributes() && enabledReturnedByDefault())) {
 			icfAttrsToGet.add(OperationalAttributes.ENABLE_NAME);
 		}
+		if (attributesToReturn.isReturnLockoutStatusExplicit()
+				|| (attributesToReturn.isReturnDefaultAttributes() && lockoutReturnedByDefault())) {
+			icfAttrsToGet.add(OperationalAttributes.LOCK_OUT_NAME);
+		}
 		if (attrs != null) {
 			for (ResourceAttributeDefinition attrDef: attrs) {
 				String attrName = icfNameMapper.convertAttributeNameToIcf(attrDef.getName(), getSchemaNamespace());
@@ -1056,6 +1079,10 @@ private boolean enabledReturnedByDefault() {
 		return CapabilityUtil.isActivationStatusReturnedByDefault(capability);
 	}
 
+	private boolean lockoutReturnedByDefault() {
+		ActivationCapabilityType capability = CapabilityUtil.getCapability(capabilities, ActivationCapabilityType.class);
+		return CapabilityUtil.isActivationLockoutStatusReturnedByDefault(capability);
+	}
 
 	@Override
 	public Collection<ResourceAttribute<?>> addObject(PrismObject<? extends ShadowType> object,

provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/util/ProvisioningUtil.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2013 Evolveum
+ * Copyright (c) 2010-2014 Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -281,6 +281,15 @@ public static AttributesToReturn createAttributesToReturn(RefinedObjectClassDefi
 			}
 		}
 
+		if (CapabilityUtil.isActivationLockoutStatusReturnedByDefault(activationCapabilityType)) {
+			// There resource is capable of returning lockout flag but it does not do it by default
+			AttributeFetchStrategyType statusFetchStrategy = objectClassDefinition.getActivationFetchStrategy(ActivationType.F_LOCKOUT_STATUS);
+			if (statusFetchStrategy == AttributeFetchStrategyType.EXPLICIT) {
+				attributesToReturn.setReturnLockoutStatusExplicit(true);
+				apply = true;
+			}
+		}
+
 		if (apply) {
 			return attributesToReturn;
 		} else {