[midPoint] Problem updating from 3.8 to 3.9, user object parse errors.
Alcides Carlos de Moraes Neto
alcides.neto at gmail.com
Tue Apr 2 19:35:56 CEST 2019
We figured out the origin of the issue.
Our template mapping was missing the *type* field.
<targetRef oid="xxxxxxxx"* type="RoleType"*/>
The mapping worked, but it would add "ObjectType" to the assignment field
targetType before 3.9. In 3.9, the value is FocusType.
Maybe there should be code in the 3.9 update process to fix this?
Em sex, 15 de mar de 2019 às 15:05, Alcides Carlos de Moraes Neto <
alcides.neto at gmail.com> escreveu:
> I was able to fix it by deleting the assignment and adding a new corrected
> clone. Is this the best way to do this?
> Deleting and adding on the same delta would not work, I guess it tried to
> add before the delete and would not do it, since the target was still there?
>
> <scext:executeScript
> xmlns:scext="
> http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3"
> xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <s:search xmlns:s="
> http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
> <s:type>c:UserType</s:type>
> <query xmlns="http://prism.evolveum.com/xml/ns/public/query-3">
> <filter>
> <equal>
> <matching>polyStringNorm</matching>
> <path>name</path>
> <value>testUser</value>
> </equal>
> </filter>
> </query>
> <s:action>
> <s:type>execute-script</s:type>
> <s:parameter>
> <s:name>script</s:name>
> <c:value xsi:type="c:ScriptExpressionEvaluatorType">
> <c:code>
> import
> com.evolveum.midpoint.xml.ns._public.common.common_3.*
> import com.evolveum.midpoint.prism.delta.builder.*
> import com.evolveum.midpoint.model.api.*
> import javax.xml.namespace.QName
>
> def assignmentsToDelete = []
> def assignmentsToAdd = []
>
> for (a in input.assignment) {
> if (a.targetRef != null) {
> def ot =
> midpoint.resolveReferenceIfExists(a.targetRef)
> if (ot == null) {
> def removeAssignment = new
> AssignmentType()
> removeAssignment.id = a.id
> assignmentsToDelete.add
> removeAssignment.asPrismContainerValue()
> } else if (a.targetRef?.type.localPart ==
> 'ObjectType') {
> def removeAssignment = new
> AssignmentType()
> removeAssignment.id = a.id
> assignmentsToDelete.add
> removeAssignment.asPrismContainerValue()
>
> def addAssignment = a.clone()
> addAssignment.id = null
> addAssignment.metadata = null
> addAssignment.targetRef.type = new
> QName('http://midpoint.evolveum.com/xml/ns/public/common/common-3',
> ot.class.name.split("\\.")[-1])
> assignmentsToAdd.add
> addAssignment.asPrismContainerValue()
> }
> }
> }
> if (!assignmentsToDelete.empty) {
> log.debug "Assignments to delete: " +
> assignmentsToDelete
> log.debug "Assignments to add: " +
> assignmentsToAdd
>
> def delta =
> DeltaBuilder.deltaFor(FocusType.class,
> prismContext).item(FocusType.F_ASSIGNMENT).delete(assignmentsToDelete).asObjectDelta(input.oid)
> log.debug "Deleting"
> midpoint.modifyObject(delta,
> ModelExecuteOptions.createRaw())
>
> delta = DeltaBuilder.deltaFor(FocusType.class,
> prismContext).item(FocusType.F_ASSIGNMENT).add(assignmentsToAdd).asObjectDelta(input.oid)
> log.debug "Adding"
> midpoint.modifyObject(delta,
> ModelExecuteOptions.createRaw())
> }
> </c:code>
> </c:value>
> </s:parameter>
> </s:action>
> </s:search>
> <options>
> <continueOnAnyError>true</continueOnAnyError>
> </options>
> </scext:executeScript>
>
> Em ter, 12 de mar de 2019 às 15:39, Alcides Carlos de Moraes Neto <
> alcides.neto at gmail.com> escreveu:
>
>> Hello list,
>>
>> We tried updating our test server from 3.8 to 3.9. The update seemed OK,
>> but we were unable to login using AD/LDAP authentication. The logs would
>> alert that our user objects were invalid, because they have an assignment
>> with targetRef.type with value "ObjectType", which resulted in a parse
>> object exception.
>>
>> 2019-03-11 09:02:24,273 [REPOSITORY] [main] ERROR (com.evolveum.midpoint.repo.sql.helpers.ObjectRetriever): Couldn't parse object UserType e934a8e4-fea1-4518-9d93-503bf4ee950a: com.evolveum.midpoint.util.exception.SchemaException: Target type specified in reference {http://midpoint.evolveum.com/xml/ns/public/common/common-3}targetRef ({http://midpoint.evolveum.com/xml/ns/public/common/common-3}ObjectType) does not match target type in schema ({http://midpoint.evolveum.com/xml/ns/public/common/common-3}FocusType)
>>
>>
>> So we disabled ldap authentication and logged in with the administrator
>> account. Looking at the users xml object, we see the faulty assignment:
>>
>> <assignment id="2">
>> <metadata>
>> <requestTimestamp>2018-06-19T16:54:51.349-03:00</requestTimestamp>
>> <requestorRef oid="00000000-0000-0000-0000-000000000002"
>> relation="org:default"
>> type="c:UserType"/>
>> <createTimestamp>2018-06-19T16:54:56.253-03:00</createTimestamp>
>> <creatorRef oid="00000000-0000-0000-0000-000000000002"
>> relation="org:default"
>> type="c:UserType"/>
>> <createChannel>http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#import</createChannel>
>> <createTaskRef oid="5251c97d-8be4-46b1-bbb7-f5fc9f4d0213"
>> relation="org:default"
>> type="c:TaskType"/>
>> <originMappingName>User template mapping</originMappingName>
>> </metadata>
>> <targetRef oid="24a5f2be-aed1-49e2-b3f6-9a13ed397342"
>> relation="org:default"
>> *type="c:ObjectType"*/>
>> <activation>
>> <effectiveStatus>enabled</effectiveStatus>
>> </activation>
>> </assignment>
>>
>> These assignments were created by a user template mapping, using version 3.7.
>> Maybe it was a bug, I don't know, but they are everywhere.
>>
>> So we reverted to 3.8 and tried a bulk task with some script in order to rewrite this value.
>> It didn't work, it actually erased all assignments and rewrote only the corrected one.
>> I guess I need some helping with these delta scripts, can anyone assist me, please?
>>
>> The task definition is below:
>>
>> <scext:executeScript
>> xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3"
>> xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
>> <s:type>c:UserType</s:type>
>> <s:action>
>> <s:type>execute-script</s:type>
>> <s:parameter>
>> <s:name>script</s:name>
>> <c:value xsi:type="c:ScriptExpressionEvaluatorType">
>> <c:code>
>> import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
>> import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
>> import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
>> import com.evolveum.midpoint.prism.delta.ObjectDelta;
>> import com.evolveum.midpoint.model.api.ModelExecuteOptions;
>>
>> userDelta = null;
>> allAssignments = input?.getAssignment();
>> allAssignments?.each {
>> if(it.getTargetRef()?.getType().getLocalPart() == "ObjectType") {
>> AssignmentType a = it.clone();
>> a.getTargetRef().setType(new QName('http://midpoint.evolveum.com/xml/ns/public/common/common-3', 'RoleType'));
>> if (userDelta == null){
>> userDelta = ObjectDelta.createModificationReplaceContainer(UserType.class, input?.getOid(), UserType.F_ASSIGNMENT, midpoint.getPrismContext(), a);
>> } else {
>> userDelta.addModificationReplaceContainer(UserType.F_ASSIGNMENT, a);
>> }
>>
>> }
>> }
>>
>> if (userDelta != null){
>> midpoint.executeChanges([ userDelta ], ModelExecuteOptions.createRaw());
>> }
>> </c:code>
>> </c:value>
>> </s:parameter>
>> </s:action>
>> </s:search>
>> <options>
>> <continueOnAnyError>true</continueOnAnyError>
>> </options>
>> </scext:executeScript>
>>
>>
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190402/d0b6ad98/attachment.htm>
More information about the midPoint
mailing list