[midPoint] Problem updating from 3.8 to 3.9, user object parse errors.
Alcides Carlos de Moraes Neto
alcides.neto at gmail.com
Fri Mar 15 19:05:36 CET 2019
I was able to fix it by deleting the assignment and adding a new corrected
clone. Is this the best way to do this?
Deleting and adding on the same delta would not work, I guess it tried to
add before the delete and would not do it, since the target was still there?
<scext:executeScript
xmlns:scext="
http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3"
xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<s:search xmlns:s="
http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
<s:type>c:UserType</s:type>
<query xmlns="http://prism.evolveum.com/xml/ns/public/query-3">
<filter>
<equal>
<matching>polyStringNorm</matching>
<path>name</path>
<value>testUser</value>
</equal>
</filter>
</query>
<s:action>
<s:type>execute-script</s:type>
<s:parameter>
<s:name>script</s:name>
<c:value xsi:type="c:ScriptExpressionEvaluatorType">
<c:code>
import
com.evolveum.midpoint.xml.ns._public.common.common_3.*
import com.evolveum.midpoint.prism.delta.builder.*
import com.evolveum.midpoint.model.api.*
import javax.xml.namespace.QName
def assignmentsToDelete = []
def assignmentsToAdd = []
for (a in input.assignment) {
if (a.targetRef != null) {
def ot =
midpoint.resolveReferenceIfExists(a.targetRef)
if (ot == null) {
def removeAssignment = new
AssignmentType()
removeAssignment.id = a.id
assignmentsToDelete.add
removeAssignment.asPrismContainerValue()
} else if (a.targetRef?.type.localPart ==
'ObjectType') {
def removeAssignment = new
AssignmentType()
removeAssignment.id = a.id
assignmentsToDelete.add
removeAssignment.asPrismContainerValue()
def addAssignment = a.clone()
addAssignment.id = null
addAssignment.metadata = null
addAssignment.targetRef.type = new
QName('http://midpoint.evolveum.com/xml/ns/public/common/common-3',
ot.class.name.split("\\.")[-1])
assignmentsToAdd.add
addAssignment.asPrismContainerValue()
}
}
}
if (!assignmentsToDelete.empty) {
log.debug "Assignments to delete: " +
assignmentsToDelete
log.debug "Assignments to add: " +
assignmentsToAdd
def delta =
DeltaBuilder.deltaFor(FocusType.class,
prismContext).item(FocusType.F_ASSIGNMENT).delete(assignmentsToDelete).asObjectDelta(input.oid)
log.debug "Deleting"
midpoint.modifyObject(delta,
ModelExecuteOptions.createRaw())
delta = DeltaBuilder.deltaFor(FocusType.class,
prismContext).item(FocusType.F_ASSIGNMENT).add(assignmentsToAdd).asObjectDelta(input.oid)
log.debug "Adding"
midpoint.modifyObject(delta,
ModelExecuteOptions.createRaw())
}
</c:code>
</c:value>
</s:parameter>
</s:action>
</s:search>
<options>
<continueOnAnyError>true</continueOnAnyError>
</options>
</scext:executeScript>
Em ter, 12 de mar de 2019 às 15:39, Alcides Carlos de Moraes Neto <
alcides.neto at gmail.com> escreveu:
> Hello list,
>
> We tried updating our test server from 3.8 to 3.9. The update seemed OK,
> but we were unable to login using AD/LDAP authentication. The logs would
> alert that our user objects were invalid, because they have an assignment
> with targetRef.type with value "ObjectType", which resulted in a parse
> object exception.
>
> 2019-03-11 09:02:24,273 [REPOSITORY] [main] ERROR (com.evolveum.midpoint.repo.sql.helpers.ObjectRetriever): Couldn't parse object UserType e934a8e4-fea1-4518-9d93-503bf4ee950a: com.evolveum.midpoint.util.exception.SchemaException: Target type specified in reference {http://midpoint.evolveum.com/xml/ns/public/common/common-3}targetRef ({http://midpoint.evolveum.com/xml/ns/public/common/common-3}ObjectType) does not match target type in schema ({http://midpoint.evolveum.com/xml/ns/public/common/common-3}FocusType)
>
>
> So we disabled ldap authentication and logged in with the administrator
> account. Looking at the users xml object, we see the faulty assignment:
>
> <assignment id="2">
> <metadata>
> <requestTimestamp>2018-06-19T16:54:51.349-03:00</requestTimestamp>
> <requestorRef oid="00000000-0000-0000-0000-000000000002"
> relation="org:default"
> type="c:UserType"/>
> <createTimestamp>2018-06-19T16:54:56.253-03:00</createTimestamp>
> <creatorRef oid="00000000-0000-0000-0000-000000000002"
> relation="org:default"
> type="c:UserType"/>
> <createChannel>http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#import</createChannel>
> <createTaskRef oid="5251c97d-8be4-46b1-bbb7-f5fc9f4d0213"
> relation="org:default"
> type="c:TaskType"/>
> <originMappingName>User template mapping</originMappingName>
> </metadata>
> <targetRef oid="24a5f2be-aed1-49e2-b3f6-9a13ed397342"
> relation="org:default"
> *type="c:ObjectType"*/>
> <activation>
> <effectiveStatus>enabled</effectiveStatus>
> </activation>
> </assignment>
>
> These assignments were created by a user template mapping, using version 3.7.
> Maybe it was a bug, I don't know, but they are everywhere.
>
> So we reverted to 3.8 and tried a bulk task with some script in order to rewrite this value.
> It didn't work, it actually erased all assignments and rewrote only the corrected one.
> I guess I need some helping with these delta scripts, can anyone assist me, please?
>
> The task definition is below:
>
> <scext:executeScript
> xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3"
> xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
> <s:type>c:UserType</s:type>
> <s:action>
> <s:type>execute-script</s:type>
> <s:parameter>
> <s:name>script</s:name>
> <c:value xsi:type="c:ScriptExpressionEvaluatorType">
> <c:code>
> import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
> import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
> import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
> import com.evolveum.midpoint.prism.delta.ObjectDelta;
> import com.evolveum.midpoint.model.api.ModelExecuteOptions;
>
> userDelta = null;
> allAssignments = input?.getAssignment();
> allAssignments?.each {
> if(it.getTargetRef()?.getType().getLocalPart() == "ObjectType") {
> AssignmentType a = it.clone();
> a.getTargetRef().setType(new QName('http://midpoint.evolveum.com/xml/ns/public/common/common-3', 'RoleType'));
> if (userDelta == null){
> userDelta = ObjectDelta.createModificationReplaceContainer(UserType.class, input?.getOid(), UserType.F_ASSIGNMENT, midpoint.getPrismContext(), a);
> } else {
> userDelta.addModificationReplaceContainer(UserType.F_ASSIGNMENT, a);
> }
>
> }
> }
>
> if (userDelta != null){
> midpoint.executeChanges([ userDelta ], ModelExecuteOptions.createRaw());
> }
> </c:code>
> </c:value>
> </s:parameter>
> </s:action>
> </s:search>
> <options>
> <continueOnAnyError>true</continueOnAnyError>
> </options>
> </scext:executeScript>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190315/0851e105/attachment.htm>
More information about the midPoint
mailing list