[midPoint] Fw: URGENT ... Role inducements lost on role updates
Dharmendra Parakh
dharmendra at confluxsys.com
Thu Feb 12 11:22:00 CET 2015
Hi Pavol
I think here you are deleting the inducement itself but my goal was not to
delete the resource inducement but modify some attributes of induced
resource.
Let me know if i am getting it incorrect.
Thanks!
On Thu, Feb 12, 2015 at 3:23 PM, Pavol Mederly <mederly at evolveum.com> wrote:
> Yes, of course.
>
> I've just pushed a modified model-client-sample showing how to swap an
> inducement (with a known ID) in the role definition.
>
> See this (red = removal code, green = addition code):
>
> // removes inducement with a given ID and replaces it with a new one
>
> private static void modifyRoleReplaceInducement(ModelPortType
> modelPort, String roleOid, int oldId, String newInducementOid) throws
> FaultMessage, IOException, SAXException {
>
>
>
> ItemDeltaType inducementDeleteDelta = new ItemDeltaType();
>
>
> inducementDeleteDelta.setModificationType(ModificationTypeType.DELETE);
>
>
> inducementDeleteDelta.setPath(ModelClientUtil.createItemPathType("inducement"));
>
>
> inducementDeleteDelta.getValue().add(ModelClientUtil.parseElement("<value><id>"+oldId+"</id></value>"));
>
>
>
> ItemDeltaType inducementAddDelta = new ItemDeltaType();
>
> inducementAddDelta.setModificationType(ModificationTypeType.ADD);
>
>
> inducementAddDelta.setPath(ModelClientUtil.createItemPathType("inducement"));
>
>
> inducementAddDelta.getValue().add(createRoleAssignment(newInducementOid));
>
>
>
> ObjectDeltaType deltaType = new ObjectDeltaType();
>
>
> deltaType.setObjectType(ModelClientUtil.getTypeQName(RoleType.class));
>
> deltaType.setChangeType(ChangeTypeType.MODIFY);
>
> deltaType.setOid(roleOid);
>
> deltaType.getItemDelta().add(inducementDeleteDelta);
>
> deltaType.getItemDelta().add(inducementAddDelta);
>
>
>
> ObjectDeltaListType deltaListType = new ObjectDeltaListType();
>
> deltaListType.getDelta().add(deltaType);
>
> ObjectDeltaOperationListType objectDeltaOperationList =
> modelPort.executeChanges(deltaListType, null);
> }
>
> The corresponding XML is like this (again, red = removal code, green =
> addition code):
>
> <soap:Body>
> <ns8:executeChanges xmlns:ns10=
> "http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
> <http://midpoint.evolveum.com/xml/ns/public/model/scripting-3> xmlns:ns11=
> "http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>
> xmlns:ns12="http://www.w3.org/2000/09/xmldsig#"
> <http://www.w3.org/2000/09/xmldsig#> xmlns:ns13=
> "http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3>
> xmlns:ns14="http://www.w3.org/2001/04/xmlenc#"
> <http://www.w3.org/2001/04/xmlenc#> xmlns:ns15=
> "http://prism.evolveum.com/xml/ns/public/annotation-3"
> <http://prism.evolveum.com/xml/ns/public/annotation-3> xmlns:ns16=
> "http://midpoint.evolveum.com/xml/ns/public/common/fault-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/fault-3> xmlns:ns2=
> "http://prism.evolveum.com/xml/ns/public/types-3"
> <http://prism.evolveum.com/xml/ns/public/types-3> xmlns:ns3=
> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3> xmlns:ns4=
> "http://prism.evolveum.com/xml/ns/public/query-3"
> <http://prism.evolveum.com/xml/ns/public/query-3> xmlns:ns5=
> "http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
> xmlns:ns6=
> "http://midpoint.evolveum.com/xml/ns/model/workflow/common-forms-3"
> <http://midpoint.evolveum.com/xml/ns/model/workflow/common-forms-3>
> xmlns:ns7=
> "http://midpoint.evolveum.com/xml/ns/model/workflow/process-instance-state-3"
> <http://midpoint.evolveum.com/xml/ns/model/workflow/process-instance-state-3>
> xmlns:ns8="http://midpoint.evolveum.com/xml/ns/public/model/model-3"
> <http://midpoint.evolveum.com/xml/ns/public/model/model-3> xmlns:ns9=
> "http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/api-types-3>>
> <ns8:deltaList>
> <ns9:delta>
> <ns2:changeType>modify</ns2:changeType>
> <ns2:objectType>ns3:RoleType</ns2:objectType>
> <ns2:oid>290acb64-f64c-4f01-8b5b-c5b745092f27</ns2:oid>
> <ns2:itemDelta>
> <ns2:modificationType>delete</ns2:modificationType>
> <ns2:path>declare default namespace '
> http://midpoint.evolveum.com/xml/ns/public/common/common-3';
> inducement</ns2:path>
> <ns2:value>
> <id>2</id>
> </ns2:value>
> </ns2:itemDelta>
> <ns2:itemDelta>
> <ns2:modificationType>add</ns2:modificationType>
> <ns2:path>declare default namespace '
> http://midpoint.evolveum.com/xml/ns/public/common/common-3';
> inducement</ns2:path>
> <ns2:value xmlns:xsi=
> "http://www.w3.org/2001/XMLSchema-instance"
> <http://www.w3.org/2001/XMLSchema-instance> xsi:type="ns3:AssignmentType">
> <ns3:targetRef
> oid="12345678-d34d-b33f-f00d-987987cccccc" type="ns3:RoleType"/>
> </ns2:value>
> </ns2:itemDelta>
> </ns9:delta>
> </ns8:deltaList>
> </ns8:executeChanges>
> </soap:Body>
>
> Best regards,
> Pavol
>
> Hi
>
> I got this point that i can add and delete individual attribute/value
> but i want to know how can i achieve with java code or can you give me a
> sample xml doing this.
>
> Regards
> Dharmendra
>
> On Thu, Feb 12, 2015 at 1:53 PM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> Hello Dharmendra,
>>
>> If the replace does not work how can i individually add/delete
>> attributes/values ?
>>
>>
>> REPLACE replaces the whole inducement, i.e. all of its values.
>>
>> If you want to replace just one value (e.g. you have a values of A, B, C
>> and you want to make it A, B, D), you have to do the following:
>> - delete C
>> - add D
>>
>> You can (and perhaps, should) do this in one operation.
>>
>> Hope this helps.
>> Pavol
>>
>>
>>
>> On 12. 2. 2015 9:01, Dharmendra Parakh wrote:
>>
>> HI Pavol
>>
>> Quick Background:
>> My role had two inducements:
>> id=1: Role
>> id=2 Resource
>> I wanted to replace the resource inducement.
>>
>> As per my understanding i was trying to replace the inducement with
>> id=2. and that does not means to delete the other inducement (like id=1).
>>
>> If the replace does not work how can i individually add/delete
>> attributes/values ?
>>
>> Thanks
>> Dharmendra
>>
>>
>> On Thu, Feb 12, 2015 at 1:22 PM, Pavol Mederly <mederly at evolveum.com>
>> wrote:
>>
>>> Hello Dharmendra,
>>>
>>> looking at your WS request: it is of REPLACE type, see:
>>>
>>> <objectDelta ... >
>>> ...
>>> <t:itemDelta>
>>> <t:modificationType>*replace*</t:modificationType>
>>> <t:path>c:*inducement*</t:path>
>>> <t:value id="2">
>>> ...
>>> </t:value>
>>> </t:itemDelta>
>>> ...
>>>
>>> So, basically you tell midPoint that you want to REPLACE the values of
>>> *inducement* item with the ones you have provided.
>>> And you've provided one value with id=2 and content of account
>>> construction on resource d0811790-1d80-11e4-86b2-3c970e467874.
>>> So after the operation, the original inducement with id=1 should be gone.
>>>
>>> Is this what you wanted to do? Perhaps no.
>>>
>>> If you want to replace only one value in multi-valued item, you have to
>>> 1) delete old value
>>> 2) add new value
>>>
>>> And, I'm not quite sure about your first mail (Manish Baid, received
>>> 01:14). Aren't the contents of files "original.xml" and
>>> "after_addRoleInducement.xml" swapped? Because original.xml corresponds to
>>> the state with only one inducement, while the file
>>> "after_addRoleInducement.xml" contains two inducements. Just opposite as I
>>> would expect, given the messages you wrote.
>>>
>>> Best regards,
>>> Pavol
>>>
>>>
>>>
>>> On 12. 2. 2015 8:39, Dharmendra Parakh wrote:
>>>
>>> Hi Ivan
>>>
>>> Thanks for your reply. jira you have pointed is might be related to UI
>>> only and what i observed is if i use model web service to modify one
>>> inducement it is deleting other inducements.
>>>
>>> We are using the master branch so latest midpoint version.
>>>
>>> Regards
>>> Dharmendra
>>>
>>> On Thu, Feb 12, 2015 at 1:01 PM, Ivan Noris <ivan.noris at evolveum.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> I believe this is the issue: https://jira.evolveum.com/browse/MID-2113
>>>> and it should be fixed, but please see the comment in JIRA.
>>>>
>>>> Also, what version of midPoint are you using?
>>>>
>>>> Thanks,
>>>> regards
>>>> Ivan
>>>>
>>>>
>>>> On 02/12/2015 08:08 AM, Dharmendra Parakh wrote:
>>>>
>>>> Hi Radovan
>>>>
>>>> Additional Information:
>>>>
>>>> We have a requirement to update the role inducement from web service
>>>> client, where we have to add/delete some resource attributes.
>>>>
>>>> In our scenario we have a role with multiple inducements (let say one
>>>> role and one resource inducement). Now i want to add some additional
>>>> attribute-values in resource inducement. To do this we calculate the
>>>> correct inducement (AssignmentType) object with all current attributes and
>>>> try to replace this inducement.
>>>> Earlier this was working for us but now when we do this other
>>>> inducement information is lost (induced role is no longer available in
>>>> role).
>>>>
>>>> I am attaching the request xml with the mail...
>>>>
>>>>
>>>>
>>>>
>>>> Regards
>>>> Dharmendra
>>>>
>>>>
>>>> On Thu, Feb 12, 2015 at 12:03 PM, Manish Baid <baid_manish at yahoo.com>
>>>> wrote:
>>>>
>>>>> Hi Radovan,
>>>>> We are showing a demo to our clients, looks like with recent 3.1
>>>>> release, inducement update is behaving differently.
>>>>>
>>>>> If you can work with Dharmendra to work through this (he is in India
>>>>> timezone, will be available in your mornings), it would be of great help.
>>>>>
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>> ----- Forwarded Message -----
>>>>> *From:* Manish Baid <baid_manish at yahoo.com>
>>>>> *To:* midPoint General Discussion <midpoint at lists.evolveum.com>
>>>>> *Cc:* Dharmendra Parakh <dharmendra at confluxsys.com>; Indrajit Chauhan
>>>>> <indrajit at confluxsys.com>
>>>>> *Sent:* Wednesday, February 11, 2015 4:14 PM
>>>>> *Subject:* URGENT ... Role inducements lost on role updates
>>>>>
>>>>> Hi,
>>>>> With 3.1 release code (and also after MID-2194), when inducement/s
>>>>> is/are updated in a role, other related indcuments are removed.
>>>>>
>>>>> Here is an example:
>>>>>
>>>>> * Role had an indcument: "LDAP Account" with 3 group memberships
>>>>> * Role is modified to add a role inducement (role hierarchy)
>>>>>
>>>>> Observation: 3 group memberships that were part of "Ldap Account"
>>>>> inducments are removed.
>>>>>
>>>>> Please see object XMLs of before and after.
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>> --
>>>> Ing. Ivan Noris
>>>> Senior Identity Management Engineer
>>>> evolveum.com evolveum.com/blog/
>>>> _____________________________________________
>>>> "Semper Id(e)M Vix."
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150212/f44c95b2/attachment.htm>
More information about the midPoint
mailing list