/** * Looks for conflicting account on the resource (not just repository). We will get conflicting shadow. * But a side-effect of this search is that the shadow for the conflicting account is created in the repo. */ private List<PrismObject<ShadowType>> findConflictingShadowsOnResource(ObjectQuery query, Task task, OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, ConfigurationException, SchemaException, SecurityViolationException, ExpressionEvaluationException { final List<PrismObject<ShadowType>> foundAccount = new ArrayList<>(); // noDiscovery option to avoid calling notifyChange from ShadowManager (in case that new resource object is discovered) Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(GetOperationOptions.createDoNotDiscovery()); provisioningService.searchObjectsIterative(ShadowType.class, query, options, (object,result) -> foundAccount.add(object), task, parentResult); return foundAccount; }
private PrismObject<ShadowType> fetchShadow(ShadowCheckResult checkResult, PrismObject<ShadowType> shadow, Task task, OperationResult result) { try { return provisioningService.getObject(ShadowType.class, shadow.getOid(), SelectorOptions.createCollection(GetOperationOptions.createDoNotDiscovery()), task, result); } catch (ObjectNotFoundException | CommunicationException | SchemaException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException | RuntimeException | Error e) { checkResult.recordError(ShadowStatistics.CANNOT_FETCH_RESOURCE_OBJECT, new SystemException("The resource object couldn't be fetched", e)); return null; } }
private PrismObject<ShadowType> reconcileShadow(PrismObject<ShadowType> shadow, PrismObject<ResourceType> resource, Task task) { OperationResult opResult = new OperationResult(OperationConstants.RECONCILIATION+".shadowReconciliation.object"); try { Collection<SelectorOptions<GetOperationOptions>> options = null; if (ModelImplUtils.isDryRun(task)) { options = SelectorOptions.createCollection(GetOperationOptions.createDoNotDiscovery()); } else { options = SelectorOptions.createCollection(GetOperationOptions.createForceRefresh()); } return provisioningService.getObject(ShadowType.class, shadow.getOid(), options, task, opResult); } catch (ObjectNotFoundException e) { // Account is gone reactShadowGone(shadow, resource, task, opResult); // actually, for deleted objects here is the recon code called second time if (opResult.isUnknown()) { opResult.setStatus(OperationResultStatus.HANDLED_ERROR); } } catch (CommunicationException | SchemaException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) { processShadowReconError(e, shadow, opResult); } return null; }
LOGGER.trace("resolving old object"); if (!StringUtils.isEmpty(oldShadowOid)){ oldShadow = getObject(ShadowType.class, oldShadowOid, SelectorOptions.createCollection(GetOperationOptions.createDoNotDiscovery()), task, parentResult); eventDescription.setOldShadow(oldShadow); LOGGER.trace("old object resolved to: {}", oldShadow.debugDump());
GetOperationOptions rootOps = GetOperationOptions.createDoNotDiscovery(); rootOps.setPointInTimeType(PointInTimeType.FUTURE); PrismObject<ShadowType> objectOld = provisioningService.getObject(ShadowType.class,