[midPoint] midPoint 3.7 wrong attribute name stored in change in shadow

Oskar Butovič - AMI Praha a.s. oskar.butovic at ami.cz
Tue Sep 18 11:06:00 CEST 2018


Dear midPoint community,

I am solving strange behaviour of the stored changes in the shadow after
resource unavailability. I have following schema and schema handling:

<schema>
      <cachingMetadata>

 <retrievalTimestamp>2017-10-17T12:21:25.516+02:00</retrievalTimestamp>
         <serialNumber>590e3d39da93b17a-1039ae8e5b8bdc4e</serialNumber>
      </cachingMetadata>
      <definition>
         <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                     xmlns:a="
http://prism.evolveum.com/xml/ns/public/annotation-3"
                     xmlns:tns="
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
                     xmlns:ra="
http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3"
                     elementFormDefault="qualified"
                     targetNamespace="
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
            <xsd:import namespace="
http://prism.evolveum.com/xml/ns/public/annotation-3"/>
            <xsd:import namespace="
http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
"/>
            <xsd:import namespace="
http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3"/>
            <xsd:complexType name="UserAccess">
               <xsd:annotation>
                  <xsd:appinfo>
                     <ra:resourceObject/>
                     <ra:identifier>icfs:uid</ra:identifier>

 <ra:secondaryIdentifier>icfs:name</ra:secondaryIdentifier>

 <ra:displayNameAttribute>icfs:name</ra:displayNameAttribute>
                     <ra:namingAttribute>icfs:name</ra:namingAttribute>
                     <ra:nativeObjectClass>UserAccess</ra:nativeObjectClass>
                  </xsd:appinfo>
               </xsd:annotation>
               <xsd:sequence>
                  <xsd:element minOccurs="0" maxOccurs="unbounded"
name="data-subsidiary" type="xsd:string">
                     <xsd:annotation>
                        <xsd:appinfo>
                           <a:displayOrder>120</a:displayOrder>

 <ra:frameworkAttributeName>data-subsidiary</ra:frameworkAttributeName>
                        </xsd:appinfo>
                     </xsd:annotation>
                  </xsd:element>
                  <xsd:element maxOccurs="unbounded"
                               minOccurs="0"
                               name="data-role"
                               type="xsd:string">
                     <xsd:annotation>
                        <xsd:appinfo>
                           <a:displayOrder>130</a:displayOrder>

 <ra:frameworkAttributeName>data-role</ra:frameworkAttributeName>
                        </xsd:appinfo>
                     </xsd:annotation>
                  </xsd:element>
                  <xsd:element ref="icfs:name">
                     <xsd:annotation>
                        <xsd:appinfo>
                           <a:displayName>ConnId Name</a:displayName>
                           <a:displayOrder>110</a:displayOrder>

 <ra:frameworkAttributeName>__NAME__</ra:frameworkAttributeName>
                        </xsd:appinfo>
                     </xsd:annotation>
                  </xsd:element>
                  <xsd:element minOccurs="0" name="oid" type="xsd:string">
                     <xsd:annotation>
                        <xsd:appinfo>
                           <a:displayOrder>140</a:displayOrder>

 <ra:frameworkAttributeName>oid</ra:frameworkAttributeName>

 <ra:returnedByDefault>false</ra:returnedByDefault>
                        </xsd:appinfo>
                     </xsd:annotation>
                  </xsd:element>
                  <xsd:element minOccurs="0" name="data-email"
type="xsd:string">
                     <xsd:annotation>
                        <xsd:appinfo>
                           <a:displayOrder>150</a:displayOrder>

 <ra:frameworkAttributeName>data-email</ra:frameworkAttributeName>
                        </xsd:appinfo>
                     </xsd:annotation>
                  </xsd:element>
                  <xsd:element minOccurs="0" name="data-status"
type="xsd:string">
                     <xsd:annotation>
                        <xsd:appinfo>
                           <a:displayOrder>155</a:displayOrder>

 <ra:frameworkAttributeName>data-status</ra:frameworkAttributeName>
                        </xsd:appinfo>
                     </xsd:annotation>
                  </xsd:element>
                  <xsd:element minOccurs="0" name="data-firstName"
type="xsd:string">
                     <xsd:annotation>
                        <xsd:appinfo>
                           <a:displayOrder>156</a:displayOrder>

 <ra:frameworkAttributeName>data-firstName</ra:frameworkAttributeName>
                        </xsd:appinfo>
                     </xsd:annotation>
                  </xsd:element>
                  <xsd:element minOccurs="0" name="data-lastName"
type="xsd:string">
                     <xsd:annotation>
                        <xsd:appinfo>
                           <a:displayOrder>157</a:displayOrder>

 <ra:frameworkAttributeName>data-lastName</ra:frameworkAttributeName>
                        </xsd:appinfo>
                     </xsd:annotation>
                  </xsd:element>
                  <xsd:element minOccurs="0" name="data-empID"
type="xsd:string">
                     <xsd:annotation>
                        <xsd:appinfo>
                           <a:displayOrder>159</a:displayOrder>

 <ra:frameworkAttributeName>data-empID</ra:frameworkAttributeName>

 <ra:returnedByDefault>false</ra:returnedByDefault>
                        </xsd:appinfo>
                     </xsd:annotation>
                  </xsd:element>
                  <xsd:element minOccurs="0" ref="icfs:uid">
                     <xsd:annotation>
                        <xsd:appinfo>
                           <a:displayName>ConnId UID</a:displayName>
                           <a:displayOrder>100</a:displayOrder>
                           <a:access>read</a:access>
                        </xsd:appinfo>
                     </xsd:annotation>
                  </xsd:element>
               </xsd:sequence>
            </xsd:complexType>
...
         </xsd:schema>
      </definition>
   </schema>
   <schemaHandling>
<objectType>
<kind>account</kind>
<displayName>NetSuite Account</displayName>
<default>true</default>
<objectClass>ri:UserAccess</objectClass>
<attribute>
<c:ref>icfs:name</c:ref>
<displayName>name</displayName>
<outbound>
<strength>strong</strength>
<authoritative>true</authoritative>
<source>
<c:path>$user/givenName</c:path>
</source>
<source>
<c:path>$user/familyName</c:path>
</source>
<expression>
<script>
<code>
return givenName + " " + familyName;
</code>
</script>
</expression>
</outbound>
</attribute>
<attribute>
<c:ref>ri:data-firstName</c:ref>
<displayName>firstName</displayName>
<outbound>
<strength>strong</strength>
<authoritative>true</authoritative>
<source>
<c:path>$user/givenName</c:path>
</source>
</outbound>
</attribute>
<attribute>
<c:ref>ri:oid</c:ref>
<displayName>oid</displayName>
<outbound>
<strength>strong</strength>
<expression>
<script>
<code>
log.info("sending NetSuite oid: " + focus.getOid());
return focus.getOid();
</code>
</script>
</expression>
</outbound>
</attribute>
<attribute>
<c:ref>ri:data-lastName</c:ref>
<displayName>lastName</displayName>
<outbound>
<strength>strong</strength>
<authoritative>true</authoritative>
<source>
<c:path>$user/familyName</c:path>
</source>
</outbound>
</attribute>
...
</objectType>
...

stored result in shadow looks like this:
...
<result>

<operation>com.evolveum.midpoint.provisioning.api.ProvisioningService.modifyObject</operation>
      <status>fatal_error</status>
      <params>
         <entry key="options">

<paramValue>ProvisioningOperationOptions(force=false)</paramValue>
         </entry>
         <entry key="oid">
            <paramValue>d422cd22-661c-427c-8f97-8ceb4bc251c3</paramValue>
         </entry>
          ...

<objectChange> tag doesnt even contain ri:oid change

after recompute and next try to resend shadow changes to the connector
midpoint throws the following exception:

com.evolveum.midpoint.util.exception.SchemaException: Unknown attribute {
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}data-oid in
definition of object class {
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}UserAccess.
Original ConnId name: data-oid in resource object identified by Attribute:
{Name=__NAME__, Value=[XXX]} at
com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdConvertor.convertToResourceObject(ConnIdConvertor.java:249)
at
com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.fetchObject(ConnectorInstanceConnIdImpl.java:1115)
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectReferenceResolver.fetchResourceObject(ResourceObjectReferenceResolver.java:244)
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.fetchResourceObject(ResourceObjectConverter.java:1346)
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.preReadShadow(ResourceObjectConverter.java:852)
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:550)
at
com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:906)
at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.refreshShadowLegacy(ProvisioningServiceImpl.java:909)
at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.refreshShadow(ProvisioningServiceImpl.java:876)
at
com.evolveum.midpoint.provisioning.consistency.impl.GenericErrorHandler.handleError(GenericErrorHandler.java:115)
at
com.evolveum.midpoint.provisioning.impl.ShadowCache.handleError(ShadowCache.java:1502)
at
com.evolveum.midpoint.provisioning.impl.ShadowCache.getShadow(ShadowCache.java:316)
at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.getObject(ProvisioningServiceImpl.java:240)
at
com.evolveum.midpoint.model.impl.lens.projector.ContextLoader.finishLoadOfProjectionContext(ContextLoader.java:1037)
at
com.evolveum.midpoint.model.impl.lens.projector.ContextLoader.load(ContextLoader.java:178)
at
com.evolveum.midpoint.model.impl.lens.projector.Projector.lambda$projectInternal$0(Projector.java:194)
at
com.evolveum.midpoint.model.impl.lens.LensUtil.partialExecute(LensUtil.java:950)
at
com.evolveum.midpoint.model.impl.lens.projector.Projector.projectInternal(Projector.java:192)
at
com.evolveum.midpoint.model.impl.lens.projector.Projector.projectAllWaves(Projector.java:146)
at
com.evolveum.midpoint.model.impl.controller.ModelInteractionServiceImpl.previewChanges(ModelInteractionServiceImpl.java:299)
at
com.evolveum.midpoint.web.component.progress.ProgressPanel$14.callWithContextPrepared(ProgressPanel.java:602)
at
com.evolveum.midpoint.web.component.progress.ProgressPanel$14.callWithContextPrepared(ProgressPanel.java:591)
at
com.evolveum.midpoint.web.component.SecurityContextAwareCallable.call(SecurityContextAwareCallable.java:59)
at java.util.concurrent.FutureTask.run(FutureTask.java:266) at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)

It seems to like the attribute ri:oid from original update was stored as
ri:data-oid (which doesn't exist) in the changes in the shadow.

Why is that? How does midPoint determine the attribute names in stored
changes in shadows? Can the storing of the changes be disabled? I can deal
with that through strong attribute mappings.


Thanks
Best Regards
Oskar Butovič
-- 


*Oskar Butovič*
solution architect

gsm: [+420] 774 480 101
e‑mail: oskar.butovic at ami.cz

*AMI Praha a.s.*
Pláničkova 11, 162 00 Praha 6

tel.: [+420] 274 783 239 | web: www.ami.cz <http://dtp.ami.cz/www.ami.cz>

[image: AMI Praha a.s.]

Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
za společnost AMI Praha a.s. jakoukoliv smlouvu. Každá smlouva, pokud bude
uzavřena, musí mít výhradně písemnou formu.

Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat
důvěrné nebo osobní informace. Nejste‑li zamýšleným příjemcem, je zakázáno
jakékoliv zveřejňování, zprostředkování nebo jiné použití těchto informací.
Pokud jste obdrželi e‑mail neoprávněně, informujte o tom prosím odesílatele
a vymažte neprodleně všechny kopie tohoto e‑mailu včetně všech jeho příloh.
Nakládáním s neoprávněně získanými informacemi se vystavujete riziku
právního postihu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180918/d5905d25/attachment.htm>


More information about the midPoint mailing list