You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by roccom <fo...@gmail.com> on 2020/03/16 20:56:07 UTC
Cannot access attributes in custom pull action
I have a custom pull action groovy script running when I run my pull action.
My understanding is that the search script fires and builds a conn object
with the attributes I have mapped. Next the custom pull action fires. I can
see this in core.log with lots of logging statements I have in beforeUpdate
function. However at this point none of the parameters passed in seem to
have the attributes on them from the search script step.
Here is the connid.log when I run the pull task. This is the output of the
connid object constructed in the search script:
{Uid=Attribute:
{Name=__UID__, Value=[834f03a5-f5c5-42d5-ac61-21757444e929]},
ObjectClass=ObjectClass: __ACCOUNT__,
Attributes=[
Attribute: {Name=Email_Address,
Value=[something.installer@something.com]},
Attribute: {Name=User_Id, Value=[SomethingInstaller]},
Attribute: {Name=username, Value=[something.installer@something.com]},
Attribute: {Name=__NAME__, Value=[834f03a5-f5c5-42d5-ac61-21757444e929]},
Attribute: {Name=__UID__, Value=[834f03a5-f5c5-42d5-ac61-21757444e929]},
Attribute: {Name=IFSPersonId,
Value=[834f03a5-f5c5-42d5-ac61-21757444e929]},
Attribute: {Name=ActorId, Value=[SomethingInstaller]},
Attribute: {Name=CLRoles, Value=[
{5C56FD1C-8D7E-4CDE-BDEC-88CD4EAD6818=Test-Administrator,
84FABAF6-A66D-410F-8169-469459516E68=TestAdministrator_ST ]},
Attribute: {Name=FamilyName, Value=[Installer]},
Attribute: {Name=GivenName, Value=[Something]}],
Name=Attribute: {Name=__NAME__,
Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}}) Method: handle
Here is my beforeUpdate method. The important parts are just the logging and
trying to find the attributes from the above object, specifically the
CLRoles attribute. From the parameters how can I access the above attributes
or should I be looking in a different function all together?
@Transactional(readOnly = true)
@Override
public <P extends AnyPatch> void beforeUpdate(
org.apache.syncope.core.provisioning.api.pushpull.ProvisioningProfile
profile,
org.identityconnectors.framework.common.objects.SyncDelta delta,
EntityTO entity,
P anyPatch) throws JobExecutionException {
LOG.info("**************************************** before update! " +
entity.getUid().getUidValue());
List tests = getMembAttrValues(delta, profile.getConnector());
LOG.info("****************************************entity.getKey(): " +
entity.getKey());
//I can replace entity here with any of the parameters but I do not see the
properties/attributes from the search script. Specifically I need CLRoles
attribute.
for (Field field : entity.getClass().getDeclaredFields()) {
field.setAccessible(true);
String name = field.getName();
Object value = field.get(entity);
LOG.info("****************************************name: " + name);
LOG.info("****************************************value: " + value);
}
if (anyPatch instanceof UserPatch) {
final UserTO user = ((UserTO) entity);
Group oGroup = null;
String oGroupColumn = "members";
Set<AttrTO> attrsDer = user.getDerAttrs();
LOG.info("****************************************der attr length: "
+ attrsDer.size());
for(AttrTO derattr : attrsDer) {
LOG.info("****************************************der attr
name: " + derattr.getSchema());
LOG.info("****************************************der attr value: " +
derattr.getValues().get(0).toString());
}
Set<AttrTO> attrsVir = user.getVirAttrs();
LOG.info("****************************************vir attr length: "
+ attrsVir.size());
for(AttrTO virattr : attrsVir) {
LOG.info("****************************************vir attr
name: " + virattr.getSchema());
LOG.info("****************************************vir attr value: " +
virattr.getValues().get(0).toString());
}
Set<AttrTO> attrs = user.getPlainAttrs();
LOG.info("****************************************attr length: " +
attrs.size());
for(AttrTO attr : attrs) {
LOG.info("****************************************attr name: "
+ attr.getSchema());
LOG.info("****************************************attr value: " +
attr.getValues().get(0).toString());
if(attr.getSchema().equalsIgnoreCase( oGroupColumn)){
LOG.info("We check the schema:"+ attr.getSchema());
//Found
LOG.info("Content:
"+attr.getValues().get(0).toString()); //Found
oGroup =
groupDAO.findByName(attr.getValues().get(0).toString());
LOG.info("Group Key: "+oGroup.getKey()); //Group key
correctly retrieved
final MembershipTO membershipTO = new
MembershipTO.Builder().group(oGroup.getKey()).build();
LOG.info("Check membership :"+
membershipTO.getGroupKey()); //Correct, it corresponds to the previous group
key
LOG.info("Get user key:"+ user.getUsername()); //
Correct, it corresponds to what found in Syncope DB
boolean result =
user.getMemberships().add(membershipTO);
LOG.info("Was the user added to the group?: "+result);
// Returns true
}
//group = user.getPlainAttrMap().get("role");
}
}
/*
groupDAO.findUMemberships(groupDAO.find(entity.getKey())).forEach(uMembership
-> {
Set<String> memb =
membershipsBefore.get(uMembership.getLeftEnd().getKey());
if (memb == null) {
memb = new HashSet<>();
membershipsBefore.put(uMembership.getLeftEnd().getKey(),
memb);
}
memb.add(entity.getKey());
});
*/
}
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Cannot access attributes in custom pull action
Posted by roccom <fo...@gmail.com>.
Hello,
That makes sense that Syncope will only return attributes that are mapped
despite what Search Script returns. I think I have that but I must be
missing it.
Attached is an image of my mapping.
<http://syncope-user.1051894.n5.nabble.com/file/t339152/full_user_map.png>
One thing I see in core-connid.log is output from the handle method from the
rest connector that has the full payload I am wanting. The very next entry
is another output from handle method that has only the attributes showing in
core.log (missing all of the ones I think I have mapped). This points to
missing the mapping like you said.
/10:35:26.733 DEBUG instance='RESTConnector' Enter: handle({Uid=Attribute:
{Name=__UID__, Value=[834f03a5-f5c5-42d5-ac61-21757444e929]},
ObjectClass=ObjectClass: __ACCOUNT__, Attributes=[Attribute:
{Name=Email_Address, Value=[something.installer@something.com]}, Attribute:
{Name=User_Id, Value=[somethingInstaller]}, Attribute: {Name=username,
Value=[something.installer@something.com]}, Attribute: {Name=__NAME__,
Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}, Attribute: {Name=__UID__,
Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}, Attribute: {Name=IFSPersonId,
Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}, Attribute: {Name=ActorId,
Value=[somethingInstaller]}, Attribute: {Name=CLRoles,
Value=[{5C56FD1C-8D7E-4CDE-BDEC-88CD4EAD6818=GRID-Administrator,
84FABAF6-A66D-410F-8169-469459516E68=BenefitAdministrator_ST,
F3161A2C-2BD9-42F3-853C-FE7225117015=something-SystemAdministrator}]},
Attribute: {Name=FamilyName, Value=[Installer]}, Attribute: {Name=GivenName,
Value=[something]}], Name=Attribute: {Name=__NAME__,
Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}}) Method: handle
10:35:26.733 DEBUG Enter: handle({Uid=Attribute: {Name=__UID__,
Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}, ObjectClass=ObjectClass:
__ACCOUNT__, Attributes=[Attribute: {Name=username,
Value=[something.installer@something.com]}, Attribute: {Name=__NAME__,
Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}, Attribute: {Name=__UID__,
Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}], Name=Attribute:
{Name=__NAME__, Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}}) Method:
handle
/
Does my mapping image look correct? If so are there any other places I need
to confirm mapping in order to get my attributes to continue in the workflow
and accessible in my pull action?
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Cannot access attributes in custom pull action
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 17/03/20 17:34, roccom wrote:
> Francesco, when I call delta.getObject() I get this: MyPullActions3 -
> ****************************************delta.getObject(): {Uid=Attribute:
> {Name=__UID__, Value=[834f03a5-f5c5-42d5-ac61-21757444e929]},
> ObjectClass=ObjectClass: __ACCOUNT__, Attributes=[Attribute: {Name=username,
> Value=[something.installer@something.com]}, Attribute: {Name=__NAME__,
> Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}, Attribute: {Name=__UID__,
> Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}], Name=Attribute:
> {Name=__NAME__, Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}}
>
> Same thing when I call delta.getObject().getAttributes()....it just the set
> of attributes that only contains those 3 attributes but it does not contain
> all of the attributes that are returned from the search script. Am I missing
> a step someplace? Thank you for your help!
Hi,
I confirm that, despite of what your search script is returning, Syncope will pass to your PullActions only the mapped items.
Well, at least this happens up to Syncope 2.1.6; starting with Syncope 2.1.6 (not yet released) you have the chance to enlarge the set of returned attributes by overriding the new moreAttrsToGet() method: see
https://github.com/apache/syncope/blob/2_1_X/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/pushpull/PullActions.java#L45
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Cannot access attributes in custom pull action
Posted by roccom <fo...@gmail.com>.
Francesco, when I call delta.getObject() I get this: MyPullActions3 -
****************************************delta.getObject(): {Uid=Attribute:
{Name=__UID__, Value=[834f03a5-f5c5-42d5-ac61-21757444e929]},
ObjectClass=ObjectClass: __ACCOUNT__, Attributes=[Attribute: {Name=username,
Value=[something.installer@something.com]}, Attribute: {Name=__NAME__,
Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}, Attribute: {Name=__UID__,
Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}], Name=Attribute:
{Name=__NAME__, Value=[834f03a5-f5c5-42d5-ac61-21757444e929]}}
Same thing when I call delta.getObject().getAttributes()....it just the set
of attributes that only contains those 3 attributes but it does not contain
all of the attributes that are returned from the search script. Am I missing
a step someplace? Thank you for your help!
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Cannot access attributes in custom pull action
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 16/03/20 21:56, roccom wrote:
> I have a custom pull action groovy script running when I run my pull action.
> My understanding is that the search script fires and builds a conn object
> with the attributes I have mapped. Next the custom pull action fires. I can
> see this in core.log with lots of logging statements I have in beforeUpdate
> function. However at this point none of the parameters passed in seem to
> have the attributes on them from the search script step.
>
> [...]
>
> Here is my beforeUpdate method. The important parts are just the logging and
> trying to find the attributes from the above object, specifically the
> CLRoles attribute. From the parameters how can I access the above attributes
> or should I be looking in a different function all together?
>
> @Transactional(readOnly = true)
> @Override
> public <P extends AnyPatch> void beforeUpdate(
> org.apache.syncope.core.provisioning.api.pushpull.ProvisioningProfile
> profile,
> org.identityconnectors.framework.common.objects.SyncDelta delta,
> EntityTO entity,
> P anyPatch) throws JobExecutionException {
You'll find everything in the "delta" object, namely:
* delta.getUid()
* delta.getObject().getName()
* delta.getObject().getAttributes()
Javadoc: http://connid.tirasa.net/apidocs/1.5/org/identityconnectors/framework/common/objects/SyncDelta.html
HTH
Regards.
> [...]
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/