[midPoint] upgrade to MP 3.5 role cycle error on user resource import

Pavol Mederly mederly at evolveum.com
Wed Jan 11 13:53:25 CET 2017


Hello Shawn,

looked at your objects, but found no cycle there. There are some other 
objects referenced from them (roles 
/4340faa4-c635-47ce-96a6-03eb25bb3edf/ and 
/9c6d1dbe-1a87-11e5-b107-001e8c717e5b/, org 
/d10c1e42-7cda-44e0-9df9-45210194647b/) that might contain the cycle.

Nevertheless: easier than to hunt a cycle in your data is probably 
including a diagnostic statement into midPoint. I did that, in this 
commit 
<https://github.com/Evolveum/midpoint/commit/dada8f0b0210cd77a2ccd6fc2fcf1050c99921f2>. 
So, I suggest you the following:

 1. build midPoint 3.5 with that commit applied to it
 2. set logging for
    com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator to DEBUG
 3. manually import your file (850-user-aM1Admin.xml)
 4. have a look at your log file

You should see something like

2017-01-11 13:46:08,330 [MODEL] [Thread-22] DEBUG 
(com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator): Role cycle 
detected for target role: rc2 (OID:0d3cc94b-df06-42b3-80f1-ecf1f1d65e97) 
in 
AssignmentPath([AssignmentPathSegment(EvaluationOrder(null:1=1)(match): 
user:7f672f5f-6b62-4b6c-ae0b-4a019b6b080c(a2a) -[]-> 
role:d8d9d435-afd8-419c-8440-80b814136245(rc1)), 
AssignmentPathSegment(EvaluationOrder(null:2=2): 
role:d8d9d435-afd8-419c-8440-80b814136245(rc1) -[]-> 
role:0d3cc94b-df06-42b3-80f1-ecf1f1d65e97(rc2)), 
AssignmentPathSegment(EvaluationOrder(null:3=3): 
role:0d3cc94b-df06-42b3-80f1-ecf1f1d65e97(rc2) -[]-> 
role:a94239b9-7a96-4926-a481-c7f7105e5b29(rc3)), 
AssignmentPathSegment(EvaluationOrder(null:4=4): 
role:a94239b9-7a96-4926-a481-c7f7105e5b29(rc3) -[]-> 
role:e342f9ae-a300-4ca2-9fe8-5c2b6fbe6bbd(rc4))])

in it.

Not much readable at first sight, but it should give you an indication 
which roles cause the conflict. In this case, the cycle is caused by rc2 
-> rc3 -> rc4 -> rc2 cycle, while assigning rc1 (to user a2a), because 
rc1 points to rc2.

BTW, while replicating your problem I found out that we have a bug in 
cycle detection: some cycles are not detected, resulting in 
StackOverflowException being thrown (MID-3652 
<https://jira.evolveum.com/browse/MID-3652>). But this does not affect 
your case; you are lucky and your cycle is (presumably) correctly caught 
by the checking code. Or maybe this bug does really cause your problem? 
We might know better after obtaining the diagnostic message mentioned above.

Best regards,

Pavol Mederly
Software developer
evolveum.com

On 10.01.2017 0:43, Shawn McKinney wrote:
> Hey Pavol, thanks for responding.
>
> Pasting first the service, m1001, next the org, m1set, finally the admin role.
>
> m1001:
> <service xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:gen780="http://prism.evolveum.com/xml/ns/public/debug" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="6aa02b86-6619-4be0-9268-1e875f9ef403" version="12" xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
>        <name>m1001</name>
>        <description>Members will be user dn's who have access to this machine.</description>
>        <parentOrgRef oid="af5ea4a1-bd88-40de-978d-50a7c263d38e" type="c:OrgType"/>
>        <extension xmlns:gen885="http://example.com/xml/ns/mySchema">
>           <gen885:gidNumber>5</gen885:gidNumber>
>        </extension>
>        <assignment id="2" xsi:type="c:AssignmentType">
>           <targetRef oid="af5ea4a1-bd88-40de-978d-50a7c263d38e" type="c:OrgType"/>
>        </assignment>
>        <assignment id="3" xsi:type="c:AssignmentType">
>           <targetRef oid="4340faa4-c635-47ce-96a6-03eb25bb3edf" type="c:RoleType"/>
>        </assignment>
>        <displayName>Set 1 Machine 001</displayName>
>        <identifier>m1</identifier>
>     </service>
>
>
> m1set:
> <org xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:gen635="http://prism.evolveum.com/xml/ns/public/debug" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="af5ea4a1-bd88-40de-978d-50a7c263d38e" version="34" xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
>        <name>m1set</name>
>        <description>Members are dn's of all ldap machine groups in set 1.</description>
>        <extension xmlns:gen897="http://example.com/xml/ns/mySchema">
>           <gen897:gidNumber>13</gen897:gidNumber>
>        </extension>
>        <assignment id="1">
>           <targetRef oid="9c6d1dbe-1a87-11e5-b107-001e8c717e5b" type="c:RoleType"/>
>        </assignment>
>        <assignment id="2">
>           <targetRef oid="d10c1e42-7cda-44e0-9df9-45210194647b" type="c:OrgType"/>
>        </assignment>
>         <displayName>Machine Set 1</displayName>
>        <identifier>m1</identifier>
>        <orgType>machines</orgType>
>     </org>
>
> role-admin:
> <role xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:gen635="http://prism.evolveum.com/xml/ns/public/debug" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="6aaaa771-3267-454f-b399-4a84ddfc78f8" version="44" xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
>        <name>admin</name>
>        <description>Gives users root for all machines in selected set</description>
>        <assignment id="1">
>           <targetRef oid="15cdcbba-74ab-46d6-90e7-54e701a176be" type="c:RoleType"/>
>        </assignment>
>        <displayName>Machine Admin</displayName>
>        <authorization id="5">
>           <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#guiAll</action>
>        </authorization>
>        <authorization id="4">
>           <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#all</action>
>           <object>
>              <orgRelation>
>                 <subjectRelation xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3">org:manager</subjectRelation>
>                 <includeReferenceOrg>true</includeReferenceOrg>
>              </orgRelation>
>           </object>
>        </authorization>
>        <authorization id="6">
>           <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
>           <object>
>              <type>OrgType</type>
>              <filter>
>                 <q:or>
>                    <q:equal>
>                       <q:path>name</q:path>
>                       <q:value>Machines-new</q:value>
>                    </q:equal>
>                 </q:or>
>              </filter>
>           </object>
>        </authorization>
>        <authorization id="7">
>           <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
>           <object>
>              <type>ShadowType</type>
>           </object>
>           <object>
>              <type>ResourceType</type>
>           </object>
>           <object>
>              <type>TaskType</type>
>           </object>
>           <object>
>              <type>RoleType</type>
>           </object>
>           <object>
>              <type>ServiceType</type>
>           </object>
>        </authorization>
>        <authorization id="8">
>           <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#add</action>
>           <object>
>              <type>UserType</type>
>           </object>
>        </authorization>
>        <approverExpression>
>           <description>Get user's managers (except the user itself)</description>
>           <script>
>              <code>
>                  
>                  import com.evolveum.midpoint.prism.*
>                  import com.evolveum.midpoint.prism.delta.*
>                  import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>                  
>                  ContainerDelta roleDelta = objectDelta.findContainerDelta(UserType.F_ASSIGNMENT);
>                  Collection assignmnetsToModify = new ArrayList();
>                  if (roleDelta != null){
>                    if (roleDelta.getValuesToAdd() != null) {
>                        assignmnetsToModify.addAll(roleDelta.getValuesToAdd());
>                    }
>                    if (roleDelta.getValuesToReplace() != null) {
>                        assignmnetsToModify.addAll(roleDelta.getValuesToAdd());
>                    }
>                    if (roleDelta.getValuesToDelete() != null) {
>                        assignmnetsToModify.addAll(roleDelta.getValuesToAdd());
>                    }
>                  }
>                  
>                  managers = []
>                  for (PrismContainerValue assignment in assignmnetsToModify) {
>                  	AssignmentType ass = assignment.asContainerable();
>                  	if (ass.getTargetRef() != null && ass.getTargetRef().getOid().equals("6aaaa771-3267-454f-b399-4a84ddfc78f8")) {
>                  		if (ass.getOrgRef() != null) {
>                  			users = midpoint.getManagersOfOrg(ass.getOrgRef().getOid());
>                              for (user in users){
>                                  managers.add(user.getOid())
>                              }
>                  		}
>                  	}
>                  	
>                  }
>                  
>                  return managers
>                  
>              </code>
>           </script>
>        </approverExpression>
>        <automaticallyApproved>
>           <description>If the user works in F0006 (Scumm Bar), the assignment of this role is automatically approved for him.</description>
>           <script>
>              <code>
>              
>                   import com.evolveum.midpoint.prism.*
>                  import com.evolveum.midpoint.prism.delta.*
>                  import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>                  
>                  if (requester.getName().getOrig().equals("administrator")) {
>                  	return true
>                  }
>                  
>                  ContainerDelta roleDelta = objectDelta.findContainerDelta(UserType.F_ASSIGNMENT);
>                  Collection assignmnetsToModify = new ArrayList();
>                  if (roleDelta != null){
>                    if (roleDelta.getValuesToAdd() != null) {
>                        assignmnetsToModify.addAll(roleDelta.getValuesToAdd());
>                    }
>                    if (roleDelta.getValuesToReplace() != null) {
>                        assignmnetsToModify.addAll(roleDelta.getValuesToReplace());
>                    }
>                    if (roleDelta.getValuesToDelete() != null) {
>                        assignmnetsToModify.addAll(roleDelta.getValuesToDelete());
>                    }
>                  }
>                  
>                  isManager = false
>                  for (PrismContainerValue assignment in assignmnetsToModify) {
>                      AssignmentType ass = assignment.asContainerable();
>                  	if (ass.getTargetRef() != null && ass.getTargetRef().getOid() != null) {
>                  		role = midpoint.getObject(RoleType.class, ass.getTargetRef().getOid())
>                  		if (role?.getName()?.getOrig()?.equals("admin")) {
> 	                		if (ass.getOrgRef() != null) {
> 	                			isManager = midpoint.isManagerOf(requester, midpoint.getOrgByOid(ass.getOrgRef().getOid()).getOid())
> 	                            log.info('######is Manager : ' + isManager)
> 	                		}
>                  		}
>                  	}
>                  	
>                  }
>                  
>                  return isManager
>                  
>              </code>
>           </script>
>        </automaticallyApproved>
>        <roleType>access</roleType>
>     </role>
>
>
>> On Jan 9, 2017, at 8:01 AM, Pavol Mederly <mederly at evolveum.com> wrote:
>>
>> Hello Shawn,
>>
>> I would recommend looking at the possible role cycle that midPoint is complaining about.
>>
>> Could you, please, paste here the definition of your "admin" role, including any roles/orgs/services it refers to (probably including m1001)?
>>
>> Best regards,
>>
>> Pavol Mederly
>> Software developer
>> evolveum.com
>>
>> On 02.01.2017 21:45, Shawn McKinney wrote:
>>> Hello,
>>>
>>> we are attempting to upgrade our MP (test) instance from 3.4-SNAPSHOT to 3.5.  Here is what I have done:
>>>
>>> 1. pulled (&built) midpoint.war using latest midpoint overlay, set its pom.xml dependencies as follows:
>>>
>>>       <dependencies>
>>>                  <dependency>
>>>                          <groupId>com.evolveum.midpoint.gui</groupId>
>>>                          <artifactId>admin-gui</artifactId>
>>>                          <version>3.5</version>
>>>                          <type>war</type>
>>>                          <scope>runtime</scope>
>>>                  </dependency>
>>>                  <dependency>
>>>                          <groupId>com.evolveum.midpoint.gui</groupId>
>>>                          <artifactId>admin-gui</artifactId>
>>>                          <version>3.5</version>
>>>                          <type>jar</type>
>>>                          <classifier>classes</classifier>
>>>                          <scope>compile</scope>
>>>                  </dependency>
>>>
>>>
>>> 2. change env to use java 8
>>>
>>> 3. run the  postgresql-upgrade-3.4-3.5.sql
>>>
>>> 4. change ldapconnector resource import to 1.4.3
>>>
>>>     <name>ICF com.evolveum.polygon.connector.ldap.LdapConnector v1.4.3</name>
>>>     <framework>http://midpoint.evolveum.com/xml/ns/public/connector/icf-1</framework>
>>>     <connectorType>com.evolveum.polygon.connector.ldap.LdapConnector</connectorType>
>>>     <connectorVersion>1.4.3</connectorVersion>
>>>
>>> 5. clear out old identities, objects, connectors, resources, etc.
>>>
>>> 6. redeploy using latest midpoint generated on step #1
>>>
>>> 7. restart tomcat
>>>
>>> 8. everything seems fine until it processes resource file: 850-user-aM1Admin.xml where we get the following error in logs.  Resource file contents follow stck trace.
>>>
>>> Any ideas what is going wrong here?
>>>
>>> Begin log trace:
>>> 2017-01-02 19:29:38,544 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.InitialDataImport): Starting initial object import (if necessary).
>>> 2017-01-02 19:29:40,737 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.InitialDataImport): Starting initial import of file 850-user-aM1Admin.xml.
>>> 2017-01-02 19:29:40,849 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.audit.log): 2017-01-02T19:29:40.841+0000 eid=1483385380841-0-1, et=ADD_OBJECT, es=REQUEST, sid=null, tid=1483385378544-0-1, toid=null, hid=null, I=null, T=FocusType:d4839bfa-6078-43c9-a5a8-61fe2a157faa({http://midpoint.evolveum.com/xml/ns/public/common/common-3}user), TO=null, D=[d4839bfa-6078-43c9-a5a8-61fe2a157faa:ADD], ch=http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#init, o=null, p=null, m=
>>> 2017-01-02 19:29:41,686 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.audit.log): 2017-01-02T19:29:41.686+0000 eid=1483385381686-0-1, et=ADD_OBJECT, es=EXECUTION, sid=null, tid=1483385378544-0-1, toid=null, hid=null, I=null, T=FocusType:d4839bfa-6078-43c9-a5a8-61fe2a157faa({http://midpoint.evolveum.com/xml/ns/public/common/common-3}user), TO=null, D=[], ch=http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#init, o=FATAL_ERROR, p=null, m=Attempt to assign service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001) creates a role cycle
>>> 2017-01-02 19:29:41,712 [] [localhost-startStop-1] ERROR (com.evolveum.midpoint.init.InitialDataImport): Couldn't import user:d4839bfa-6078-43c9-a5a8-61fe2a157faa(aM1Admin) from file 850-user-aM1Admin.xml: .
>>> com.evolveum.midpoint.util.exception.PolicyViolationException: Attempt to assign service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001) creates a role cycle
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:306) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:717) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:717) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:717) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluate(AssignmentEvaluator.java:222) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.projector.AssignmentProcessor.evaluateAssignment(AssignmentProcessor.java:1057) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.projector.AssignmentProcessor.processAssignmentsProjectionsWithFocus(AssignmentProcessor.java:443) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.projector.AssignmentProcessor.processAssignmentsProjections(AssignmentProcessor.java:191) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.projector.FocusProcessor.processFocusFocus(FocusProcessor.java:249) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.projector.FocusProcessor.processFocus(FocusProcessor.java:163) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.projector.Projector.projectInternal(Projector.java:214) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.projector.Projector.project(Projector.java:112) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:311) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:221) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:575) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:371) ~[model-impl-3.5.jar:na]
>>> 	at com.evolveum.midpoint.init.InitialDataImport.importObject(InitialDataImport.java:189) [classes/:na]
>>> 	at com.evolveum.midpoint.init.InitialDataImport.init(InitialDataImport.java:132) [classes/:na]
>>> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_111]
>>> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_111]
>>> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_111]
>>> 	at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_111]
>>> 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1706) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1645) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839) [spring-context-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538) [spring-context-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:444) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:326) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
>>> 	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4793) [catalina.jar:8.0.29]
>>> 	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5236) [catalina.jar:8.0.29]
>>> 	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [catalina.jar:8.0.29]
>>> 	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725) [catalina.jar:8.0.29]
>>> 	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701) [catalina.jar:8.0.29]
>>> 	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) [catalina.jar:8.0.29]
>>> 	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:945) [catalina.jar:8.0.29]
>>> 	at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1795) [catalina.jar:8.0.29]
>>> 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_111]
>>> 	at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_111]
>>> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_111]
>>> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_111]
>>> 	at java.lang.Thread.run(Thread.java:745) [na:1.8.0_111]
>>> 2017-01-02 19:29:41,716 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.InitialDataImport):
>>> *op* com.evolveum.midpoint.init.InitialDataImport.importObject, st: FATAL_ERROR, msg: Attempt to assign service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001) creates a role cycle
>>>          [cause]PolicyViolationException:Attempt to assign service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001) creates a role cycle
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:306)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:717)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:717)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:717)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
>>>                  com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluate(AssignmentEvaluator.java:222)
>>>                  com.evolveum.midpoint.model.impl.lens.projector.AssignmentProcessor.evaluateAssignment(AssignmentProcessor.java:1057)
>>>                  com.evolveum.midpoint.model.impl.lens.projector.AssignmentProcessor.processAssignmentsProjectionsWithFocus(AssignmentProcessor.java:443)
>>>                  com.evolveum.midpoint.model.impl.lens.projector.AssignmentProcessor.processAssignmentsProjections(AssignmentProcessor.java:191)
>>>                  com.evolveum.midpoint.model.impl.lens.projector.FocusProcessor.processFocusFocus(FocusProcessor.java:249)
>>>                  com.evolveum.midpoint.model.impl.lens.projector.FocusProcessor.processFocus(FocusProcessor.java:163)
>>>                  com.evolveum.midpoint.model.impl.lens.projector.Projector.projectInternal(Projector.java:214)
>>>                  com.evolveum.midpoint.model.impl.lens.projector.Projector.project(Projector.java:112)
>>>                  com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:311)
>>>                  com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:221)
>>>                  com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:575)
>>>                  com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:371)
>>>                  com.evolveum.midpoint.init.InitialDataImport.importObject(InitialDataImport.java:189)
>>>                  com.evolveum.midpoint.init.InitialDataImport.init(InitialDataImport.java:132)
>>>                  sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>                  sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>                  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>                  java.lang.reflect.Method.invoke(Method.java:498)
>>>                  org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1706)
>>>                  org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1645)
>>>                  org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574)
>>>                  org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545)
>>>                  org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
>>>                  org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
>>>                  org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
>>>                  org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
>>>                  org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
>>>                  org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
>>>                  org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839)
>>>                  org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538)
>>>                  org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:444)
>>>                  org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:326)
>>>                  org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
>>>                  org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4793)
>>>                  org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5236)
>>>                  org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
>>>                  org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)
>>>                  org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)
>>>                  org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
>>>                  org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:945)
>>>                  org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1795)
>>>                  java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>>>                  java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>>                  java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>                  java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>                  java.lang.Thread.run(Thread.java:745)
>>>      *op* com.evolveum.midpoint.model.api.ModelService.getObject, st: FATAL_ERROR, MINOR, msg: Object of type 'UserType' with oid 'd4839bfa-6078-43c9-a5a8-61fe2a157faa' was not found.
>>>              [p]options=[ObjectOperationOptions(null: GetOperationOptions(allowNotFound))]
>>>              [p]oid=d4839bfa-6078-43c9-a5a8-61fe2a157faa
>>>              [p]class=com.evolveum.midpoint.xml.ns._public.common.common_3.UserType
>>>              [cause]ObjectNotFoundException:Object of type 'UserType' with oid 'd4839bfa-6078-43c9-a5a8-61fe2a157faa' was not found.
>>>
>>>
>>>
>>> The entire resource file is as follows:
>>>
>>> 850-user-aM1Admin.xml
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> 	<user xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>>        xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>>>        xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>>>        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>>        xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>>>        xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>>>        oid="d4839bfa-6078-43c9-a5a8-61fe2a157faa"
>>>        version="1">
>>>     <name>aM1Admin</name>
>>>     <description>Admin access to machines in set 1</description>
>>>     <fullName>M1 Admin</fullName>
>>>     <givenName>M1</givenName>
>>>     <familyName>Admin</familyName>
>>>     <assignment>
>>>     	<targetRef type="RoleType" >
>>>     		<filter>
>>>     			<q:equal>
>>>     				<q:path>name</q:path>
>>>     				<q:value>admin</q:value>
>>>     			</q:equal>
>>>     		</filter>
>>>     	</targetRef>
>>>     	<orgRef type="OrgType">
>>>     	<filter>
>>>     			<q:equal>
>>>     				<q:path>name</q:path>
>>>     				<q:value>m1set</q:value>
>>>     			</q:equal>
>>>     		</filter>
>>>     	</orgRef>
>>>     </assignment>
>>>     <credentials>
>>>        <password>
>>>           <value>
>>>   			<t:clearValue>secret</t:clearValue>
>>>           </value>
>>>        </password>
>>>     </credentials>
>>> </user>
>>>
>>> Thanks,
>>> Shawn
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170111/4cbf7bfd/attachment.htm>


More information about the midPoint mailing list