github-advanced-security[bot] commented on code in PR #1258:
URL: https://github.com/apache/syncope/pull/1258#discussion_r2676666091
##########
core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/dao/repo/AnyRepoExt.java:
##########
@@ -94,4 +90,6 @@
void deleteById(String key);
void delete(A any);
+
+ void evict(Class<A> entityClass, String key);
Review Comment:
## Useless parameter
The parameter 'entityClass' is never used.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/2485)
##########
core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/DefaultUserPullResultHandler.java:
##########
@@ -645,26 +697,29 @@
LOG.debug("Linked account to ignore {}",
delta.getObject().getUid().getUidValue());
- ProvisioningReport report = new ProvisioningReport();
- report.setName(delta.getUid().getUidValue());
- report.setUidValue(delta.getUid().getUidValue());
- report.setOperation(ResourceOperation.NONE);
- report.setAnyType(MatchType.LINKED_ACCOUNT.name());
- report.setStatus(ProvisioningReport.Status.SUCCESS);
+ ProvisioningReport result = new ProvisioningReport();
+ result.setKey(account.getOwner().getKey());
Review Comment:
## Dereferenced variable may be null
Variable [account](1) may be null at this access as suggested by [this](2)
null guard.
Variable [account](1) may be null at this access because of [this](3) null
argument.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/2484)
##########
fit/build-tools/src/main/java/org/apache/syncope/fit/buildtools/KafkaBrokerStartStopListener.java:
##########
@@ -32,21 +33,22 @@
private static final Logger LOG =
LoggerFactory.getLogger(KafkaBrokerStartStopListener.class);
- private EmbeddedKafkaZKBroker embeddedKafkaBroker;
+ private EmbeddedKafkaBroker embeddedKafkaBroker;
@Override
public void contextInitialized(final ServletContextEvent sce) {
WebApplicationContext ctx =
WebApplicationContextUtils.getWebApplicationContext(sce.getServletContext());
- embeddedKafkaBroker = new EmbeddedKafkaZKBroker(
+ embeddedKafkaBroker = new EmbeddedKafkaKraftBroker(
+ 1,
1,
- false,
ctx.getEnvironment().getProperty("kafka.topics",
String[].class)).
+ // this call is useless with EmbeddedKafkaKraftBroker, there
is no way to set fixed port
kafkaPorts(ctx.getEnvironment().getProperty("kafka.port",
Integer.class));
embeddedKafkaBroker.afterPropertiesSet();
- LOG.info("Kafka broker successfully (re)started");
+ LOG.info("Kafka broker successfully (re)started {}");
Review Comment:
## Missing format argument
This format call refers to 1 argument(s) but only supplies 0 argument(s).
[Show more
details](https://github.com/apache/syncope/security/code-scanning/2482)
##########
core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/AbstractPullResultHandler.java:
##########
@@ -263,488 +264,483 @@
}
}
- end(provision.getAnyType(), UnmatchingRule.toOp(rule), resultStatus,
null, output, delta);
+ end(Optional.of(result.getKey()),
+ provision.getAnyType(),
+ UnmatchingRule.toOp(rule),
+ resultStatus,
+ null,
+ output,
+ delta);
profile.getResults().add(result);
return resultStatus;
}
protected OpEvent.Outcome update(
final SyncDelta delta,
- final List<InboundMatch> matches,
+ final InboundMatch match,
final Provision provision) throws JobExecutionException {
if (!profile.getTask().isPerformUpdate()) {
LOG.debug("PullTask not configured for update");
- end(provision.getAnyType(),
- MatchingRule.toOp(MatchingRule.UPDATE),
OpEvent.Outcome.SUCCESS, null, null, delta);
+ end(Optional.empty(),
+ provision.getAnyType(),
+ MatchingRule.toOp(MatchingRule.UPDATE),
+ OpEvent.Outcome.SUCCESS,
+ null,
+ null,
+ delta);
return OpEvent.Outcome.SUCCESS;
}
- LOG.debug("About to update {}", matches);
+ LOG.debug("About to update {}", match);
- OpEvent.Outcome global = OpEvent.Outcome.SUCCESS;
- for (InboundMatch match : matches) {
- LOG.debug("About to update {}", match);
+ ProvisioningReport result = new ProvisioningReport();
+ result.setOperation(ResourceOperation.UPDATE);
+ result.setAnyType(provision.getAnyType());
+ result.setStatus(ProvisioningReport.Status.SUCCESS);
+ result.setKey(match.getAny().getKey());
+ result.setUidValue(delta.getUid().getUidValue());
- ProvisioningReport result = new ProvisioningReport();
- result.setOperation(ResourceOperation.UPDATE);
- result.setAnyType(provision.getAnyType());
- result.setStatus(ProvisioningReport.Status.SUCCESS);
- result.setKey(match.getAny().getKey());
- result.setUidValue(delta.getUid().getUidValue());
+ AnyTO before = getAnyTO(match.getAny());
+ if (before == null) {
+ result.setStatus(ProvisioningReport.Status.FAILURE);
+ result.setMessage(String.format("Any '%s(%s)' not found",
provision.getAnyType(), match));
+ } else {
+ result.setName(getName(before));
+ }
+
+ OpEvent.Outcome resultStatus = OpEvent.Outcome.SUCCESS;
+ if (!profile.isDryRun()) {
+ Object output;
+ AnyUR req = null;
- AnyTO before = getAnyTO(match.getAny());
if (before == null) {
- result.setStatus(ProvisioningReport.Status.FAILURE);
- result.setMessage(String.format("Any '%s(%s)' not found",
provision.getAnyType(), match));
+ resultStatus = OpEvent.Outcome.FAILURE;
+ output = null;
} else {
- result.setName(getName(before));
- }
+ AnyUR anyUR = null;
+ try {
+ anyUR = connObjectUtils.getAnyUR(
+ before.getKey(),
+ delta.getObject(),
+ before,
+ profile.getTask(),
+ match.getAny().getType().getKind(),
+ provision);
- if (!profile.isDryRun()) {
- OpEvent.Outcome resultStatus;
- Object output;
- AnyUR effectiveReq = null;
+ for (InboundActions action : profile.getActions()) {
+ action.beforeUpdate(profile, delta, before, anyUR);
+ }
- if (before == null) {
- resultStatus = OpEvent.Outcome.FAILURE;
- output = null;
- } else {
- AnyUR anyUR = null;
- try {
- anyUR = connObjectUtils.getAnyUR(
- before.getKey(),
- delta.getObject(),
- before,
- profile.getTask(),
- match.getAny().getType().getKind(),
- provision);
+ req = doUpdate(before, anyUR, delta, result);
+ AnyTO updated = AnyOperations.patch(before, req);
- for (InboundActions action : profile.getActions()) {
- action.beforeUpdate(profile, delta, before, anyUR);
- }
+ for (InboundActions action : profile.getActions()) {
+ action.after(profile, delta, updated, result);
+ }
- effectiveReq = doUpdate(before, anyUR, delta, result);
- AnyTO updated = AnyOperations.patch(before,
effectiveReq);
+ output = updated;
+ resultStatus = OpEvent.Outcome.SUCCESS;
+ result.setName(getName(updated));
+
+ LOG.debug("{} {} successfully updated",
provision.getAnyType(), match);
+ } catch (PropagationException e) {
+ // A propagation failure doesn't imply a pull failure.
+ // The propagation exception status will be reported into
the propagation task execution.
+ LOG.error("Could not propagate {} {}",
+ provision.getAnyType(),
delta.getUid().getUidValue(), e);
+ output = e;
+ resultStatus = OpEvent.Outcome.FAILURE;
+ } catch (Exception e) {
+ throwIgnoreProvisionException(delta, e);
- for (InboundActions action : profile.getActions()) {
- action.after(profile, delta, updated, result);
- }
+ result.setStatus(ProvisioningReport.Status.FAILURE);
+ result.setMessage(ExceptionUtils.getRootCauseMessage(e));
+ LOG.error("Could not update {} {}",
+ provision.getAnyType(),
delta.getUid().getUidValue(), e);
+ output = e;
- output = updated;
+ if (profile.getTask().isRemediation()) {
+ // set to SUCCESS to let the incremental flow go on in
case of errors
resultStatus = OpEvent.Outcome.SUCCESS;
- result.setName(getName(updated));
-
- LOG.debug("{} {} successfully updated",
provision.getAnyType(), match);
- } catch (PropagationException e) {
- // A propagation failure doesn't imply a pull failure.
- // The propagation exception status will be reported
into the propagation task execution.
- LOG.error("Could not propagate {} {}",
- provision.getAnyType(),
delta.getUid().getUidValue(), e);
- output = e;
+ createRemediation(provision.getAnyType(), null, null,
anyUR, result, delta);
+ } else {
resultStatus = OpEvent.Outcome.FAILURE;
- } catch (Exception e) {
- throwIgnoreProvisionException(delta, e);
-
- result.setStatus(ProvisioningReport.Status.FAILURE);
-
result.setMessage(ExceptionUtils.getRootCauseMessage(e));
- LOG.error("Could not update {} {}",
- provision.getAnyType(),
delta.getUid().getUidValue(), e);
- output = e;
-
- if (profile.getTask().isRemediation()) {
- // set to SUCCESS to let the incremental flow go
on in case of errors
- resultStatus = OpEvent.Outcome.SUCCESS;
- createRemediation(provision.getAnyType(), null,
null, anyUR, result, delta);
- } else {
- resultStatus = OpEvent.Outcome.FAILURE;
- }
}
}
- end(provision.getAnyType(),
- MatchingRule.toOp(MatchingRule.UPDATE),
- resultStatus, before, output, delta, effectiveReq);
- global = and(global, resultStatus);
}
-
- profile.getResults().add(result);
+ end(Optional.of(result.getKey()),
+ provision.getAnyType(),
+ MatchingRule.toOp(MatchingRule.UPDATE),
+ resultStatus,
+ before,
+ output,
+ delta,
+ req);
}
- return global;
+ profile.getResults().add(result);
+
+ return resultStatus;
}
protected OpEvent.Outcome deprovision(
final MatchingRule matchingRule,
final SyncDelta delta,
- final List<InboundMatch> matches,
+ final InboundMatch match,
final Provision provision)
throws JobExecutionException {
if (!profile.getTask().isPerformUpdate()) {
LOG.debug("PullTask not configured for update");
- end(provision.getAnyType(),
- MatchingRule.toOp(matchingRule), OpEvent.Outcome.SUCCESS,
null, null, delta);
+ end(Optional.empty(),
+ provision.getAnyType(),
+ MatchingRule.toOp(matchingRule),
+ OpEvent.Outcome.SUCCESS,
+ null,
+ null,
+ delta);
return OpEvent.Outcome.SUCCESS;
}
- LOG.debug("About to deprovision {}", matches);
+ LOG.debug("About to deprovision {}", match);
- OpEvent.Outcome global = OpEvent.Outcome.SUCCESS;
- for (InboundMatch match : matches) {
- LOG.debug("About to unassign resource {}", match);
+ ProvisioningReport result = new ProvisioningReport();
+ result.setOperation(ResourceOperation.DELETE);
+ result.setAnyType(provision.getAnyType());
+ result.setStatus(ProvisioningReport.Status.SUCCESS);
+ result.setKey(match.getAny().getKey());
+ result.setUidValue(delta.getUid().getUidValue());
- ProvisioningReport result = new ProvisioningReport();
- result.setOperation(ResourceOperation.DELETE);
- result.setAnyType(provision.getAnyType());
- result.setStatus(ProvisioningReport.Status.SUCCESS);
- result.setKey(match.getAny().getKey());
- result.setUidValue(delta.getUid().getUidValue());
+ AnyTO before = getAnyTO(match.getAny());
- AnyTO before = getAnyTO(match.getAny());
+ if (before == null) {
+ result.setStatus(ProvisioningReport.Status.FAILURE);
+ result.setMessage(String.format("Any '%s(%s)' not found",
provision.getAnyType(), match));
+ }
+ OpEvent.Outcome resultStatus = OpEvent.Outcome.SUCCESS;
+ if (!profile.isDryRun()) {
+ Object output;
if (before == null) {
- result.setStatus(ProvisioningReport.Status.FAILURE);
- result.setMessage(String.format("Any '%s(%s)' not found",
provision.getAnyType(), match));
- }
-
- if (!profile.isDryRun()) {
- Object output;
- OpEvent.Outcome resultStatus;
-
- if (before == null) {
- resultStatus = OpEvent.Outcome.FAILURE;
- output = null;
- } else {
- result.setName(getName(before));
-
- try {
- if (matchingRule == MatchingRule.UNASSIGN) {
- for (InboundActions action : profile.getActions())
{
- action.beforeUnassign(profile, delta, before);
- }
- } else if (matchingRule == MatchingRule.DEPROVISION) {
- for (InboundActions action : profile.getActions())
{
- action.beforeDeprovision(profile, delta,
before);
- }
- }
+ resultStatus = OpEvent.Outcome.FAILURE;
+ output = null;
+ } else {
+ result.setName(getName(before));
- PropagationByResource<String> propByRes = new
PropagationByResource<>();
- propByRes.add(ResourceOperation.DELETE,
profile.getTask().getResource().getKey());
-
- taskExecutor.execute(propagationManager.getDeleteTasks(
- match.getAny().getType().getKind(),
- match.getAny().getKey(),
- propByRes,
- null,
- null),
- false,
- securityProperties.getAdminUser());
-
- AnyUR anyUR = null;
- if (matchingRule == MatchingRule.UNASSIGN) {
- anyUR =
getAnyUtils().newAnyUR(match.getAny().getKey());
- anyUR.getResources().add(new
StringPatchItem.Builder().
- operation(PatchOperation.DELETE).
-
value(profile.getTask().getResource().getKey()).build());
- }
- if (anyUR == null) {
- output = getAnyTO(match.getAny());
- } else {
- output = doUpdate(before, anyUR, delta, result);
+ try {
+ if (matchingRule == MatchingRule.UNASSIGN) {
+ for (InboundActions action : profile.getActions()) {
+ action.beforeUnassign(profile, delta, before);
}
-
+ } else if (matchingRule == MatchingRule.DEPROVISION) {
for (InboundActions action : profile.getActions()) {
- action.after(profile, delta,
AnyTO.class.cast(output), result);
+ action.beforeDeprovision(profile, delta, before);
}
+ }
- resultStatus = OpEvent.Outcome.SUCCESS;
+ PropagationByResource<String> propByRes = new
PropagationByResource<>();
+ propByRes.add(ResourceOperation.DELETE,
profile.getTask().getResource().getKey());
+
+ taskExecutor.execute(propagationManager.getDeleteTasks(
+ match.getAny().getType().getKind(),
+ match.getAny().getKey(),
+ propByRes,
+ null,
+ null),
+ false,
+ securityProperties.getAdminUser());
+
+ AnyUR req = null;
+ if (matchingRule == MatchingRule.UNASSIGN) {
+ req = anyUtils().newAnyUR(match.getAny().getKey());
+ req.getResources().add(new StringPatchItem.Builder().
+ operation(PatchOperation.DELETE).
+
value(profile.getTask().getResource().getKey()).build());
+ }
+ if (req == null) {
+ output = getAnyTO(match.getAny());
+ } else {
+ output = doUpdate(before, req, delta, result);
+ }
- LOG.debug("{} {} successfully updated",
provision.getAnyType(), match);
- } catch (PropagationException e) {
- // A propagation failure doesn't imply a pull failure.
- // The propagation exception status will be reported
into the propagation task execution.
- LOG.error("Could not propagate {} {}",
- provision.getAnyType(),
delta.getUid().getUidValue(), e);
- output = e;
- resultStatus = OpEvent.Outcome.FAILURE;
- } catch (Exception e) {
- throwIgnoreProvisionException(delta, e);
-
- result.setStatus(ProvisioningReport.Status.FAILURE);
-
result.setMessage(ExceptionUtils.getRootCauseMessage(e));
- LOG.error("Could not update {} {}",
- provision.getAnyType(),
delta.getUid().getUidValue(), e);
- output = e;
- resultStatus = OpEvent.Outcome.FAILURE;
+ for (InboundActions action : profile.getActions()) {
+ action.after(profile, delta, AnyTO.class.cast(output),
result);
}
+
+ resultStatus = OpEvent.Outcome.SUCCESS;
+
+ LOG.debug("{} {} successfully updated",
provision.getAnyType(), match);
+ } catch (PropagationException e) {
+ // A propagation failure doesn't imply a pull failure.
+ // The propagation exception status will be reported into
the propagation task execution.
+ LOG.error("Could not propagate {} {}",
+ provision.getAnyType(),
delta.getUid().getUidValue(), e);
+ output = e;
+ resultStatus = OpEvent.Outcome.FAILURE;
+ } catch (Exception e) {
+ throwIgnoreProvisionException(delta, e);
+
+ result.setStatus(ProvisioningReport.Status.FAILURE);
+ result.setMessage(ExceptionUtils.getRootCauseMessage(e));
+ LOG.error("Could not update {} {}",
+ provision.getAnyType(),
delta.getUid().getUidValue(), e);
+ output = e;
+ resultStatus = OpEvent.Outcome.FAILURE;
}
- end(provision.getAnyType(),
- MatchingRule.toOp(matchingRule),
- resultStatus, before, output, delta);
- global = and(global, resultStatus);
}
-
- profile.getResults().add(result);
+ end(Optional.of(result.getKey()),
+ provision.getAnyType(),
+ MatchingRule.toOp(matchingRule),
+ resultStatus,
+ before,
+ output,
+ delta);
}
- return global;
+ profile.getResults().add(result);
+
+ return resultStatus;
}
protected OpEvent.Outcome link(
final SyncDelta delta,
- final List<InboundMatch> matches,
+ final InboundMatch match,
final Provision provision,
final boolean unlink)
throws JobExecutionException {
if (!profile.getTask().isPerformUpdate()) {
LOG.debug("PullTask not configured for update");
- end(provision.getAnyType(),
- unlink
- ? MatchingRule.toOp(MatchingRule.UNLINK)
- : MatchingRule.toOp(MatchingRule.LINK),
- OpEvent.Outcome.SUCCESS, null, null, delta);
+ end(Optional.empty(),
+ provision.getAnyType(),
+ unlink ? MatchingRule.toOp(MatchingRule.UNLINK) :
MatchingRule.toOp(MatchingRule.LINK),
+ OpEvent.Outcome.SUCCESS,
+ null,
+ null,
+ delta);
return OpEvent.Outcome.SUCCESS;
}
- LOG.debug("About to update {}", matches);
+ LOG.debug("About to " + (unlink ? "un" : "") + "link {}", match);
+
+ ProvisioningReport result = new ProvisioningReport();
+ result.setOperation(ResourceOperation.NONE);
+ result.setAnyType(provision.getAnyType());
+ result.setStatus(ProvisioningReport.Status.SUCCESS);
+ result.setKey(match.getAny().getKey());
+ result.setUidValue(delta.getUid().getUidValue());
- OpEvent.Outcome global = OpEvent.Outcome.SUCCESS;
- for (InboundMatch match : matches) {
- LOG.debug("About to unassign resource {}", match);
+ AnyTO before = getAnyTO(match.getAny());
- ProvisioningReport result = new ProvisioningReport();
- result.setOperation(ResourceOperation.NONE);
- result.setAnyType(provision.getAnyType());
- result.setStatus(ProvisioningReport.Status.SUCCESS);
- result.setKey(match.getAny().getKey());
- result.setUidValue(delta.getUid().getUidValue());
+ if (before == null) {
+ result.setStatus(ProvisioningReport.Status.FAILURE);
+ result.setMessage(String.format("Any '%s(%s)' not found",
provision.getAnyType(), match));
+ }
- AnyTO before = getAnyTO(match.getAny());
+ OpEvent.Outcome resultStatus = OpEvent.Outcome.SUCCESS;
+ if (!profile.isDryRun()) {
+ Object output;
+ AnyUR effectiveReq = null;
if (before == null) {
- result.setStatus(ProvisioningReport.Status.FAILURE);
- result.setMessage(String.format("Any '%s(%s)' not found",
provision.getAnyType(), match));
- }
-
- if (!profile.isDryRun()) {
- OpEvent.Outcome resultStatus;
- Object output;
- AnyUR effectiveReq = null;
+ resultStatus = OpEvent.Outcome.FAILURE;
+ output = null;
+ } else {
+ result.setName(getName(before));
- if (before == null) {
- resultStatus = OpEvent.Outcome.FAILURE;
- output = null;
- } else {
- result.setName(getName(before));
-
- try {
- if (unlink) {
- for (InboundActions action : profile.getActions())
{
- action.beforeUnlink(profile, delta, before);
- }
- } else {
- for (InboundActions action : profile.getActions())
{
- action.beforeLink(profile, delta, before);
- }
+ try {
+ if (unlink) {
+ for (InboundActions action : profile.getActions()) {
+ action.beforeUnlink(profile, delta, before);
}
-
- AnyUR anyUR = getAnyUtils().newAnyUR(before.getKey());
- anyUR.getResources().add(new StringPatchItem.Builder().
- operation(unlink ? PatchOperation.DELETE :
PatchOperation.ADD_REPLACE).
-
value(profile.getTask().getResource().getKey()).build());
-
- effectiveReq = update(anyUR).getResult();
- output = AnyOperations.patch(before, effectiveReq);
-
+ } else {
for (InboundActions action : profile.getActions()) {
- action.after(profile, delta,
AnyTO.class.cast(output), result);
+ action.beforeLink(profile, delta, before);
}
+ }
- resultStatus = OpEvent.Outcome.SUCCESS;
+ AnyUR req = anyUtils().newAnyUR(before.getKey());
+ req.getResources().add(new StringPatchItem.Builder().
+ operation(unlink ? PatchOperation.DELETE :
PatchOperation.ADD_REPLACE).
+
value(profile.getTask().getResource().getKey()).build());
- LOG.debug("{} {} successfully updated",
provision.getAnyType(), match);
- } catch (PropagationException e) {
- // A propagation failure doesn't imply a pull failure.
- // The propagation exception status will be reported
into the propagation task execution.
- LOG.error("Could not propagate {} {}",
- provision.getAnyType(),
delta.getUid().getUidValue(), e);
- output = e;
- resultStatus = OpEvent.Outcome.FAILURE;
- } catch (Exception e) {
- throwIgnoreProvisionException(delta, e);
-
- result.setStatus(ProvisioningReport.Status.FAILURE);
-
result.setMessage(ExceptionUtils.getRootCauseMessage(e));
- LOG.error("Could not update {} {}",
- provision.getAnyType(),
delta.getUid().getUidValue(), e);
- output = e;
- resultStatus = OpEvent.Outcome.FAILURE;
+ effectiveReq = update(req).getResult();
+ output = AnyOperations.patch(before, effectiveReq);
+
+ for (InboundActions action : profile.getActions()) {
+ action.after(profile, delta, AnyTO.class.cast(output),
result);
}
+
+ resultStatus = OpEvent.Outcome.SUCCESS;
+
+ LOG.debug("{} {} successfully updated",
provision.getAnyType(), match);
+ } catch (PropagationException e) {
+ // A propagation failure doesn't imply a pull failure.
+ // The propagation exception status will be reported into
the propagation task execution.
+ LOG.error("Could not propagate {} {}",
+ provision.getAnyType(),
delta.getUid().getUidValue(), e);
+ output = e;
+ resultStatus = OpEvent.Outcome.FAILURE;
+ } catch (Exception e) {
+ throwIgnoreProvisionException(delta, e);
+
+ result.setStatus(ProvisioningReport.Status.FAILURE);
+ result.setMessage(ExceptionUtils.getRootCauseMessage(e));
+ LOG.error("Could not update {} {}",
+ provision.getAnyType(),
delta.getUid().getUidValue(), e);
+ output = e;
+ resultStatus = OpEvent.Outcome.FAILURE;
}
- end(provision.getAnyType(),
- unlink
- ? MatchingRule.toOp(MatchingRule.UNLINK)
- : MatchingRule.toOp(MatchingRule.LINK),
- resultStatus, before, output, delta, effectiveReq);
- global = and(global, resultStatus);
}
+ end(Optional.of(result.getKey()),
+ provision.getAnyType(),
+ unlink ? MatchingRule.toOp(MatchingRule.UNLINK) :
MatchingRule.toOp(MatchingRule.LINK),
+ resultStatus,
+ before,
+ output,
+ delta,
+ effectiveReq);
profile.getResults().add(result);
}
- return global;
+ return resultStatus;
}
protected OpEvent.Outcome delete(
final SyncDelta delta,
- final List<InboundMatch> matches,
+ final InboundMatch match,
final Provision provision) {
if (!profile.getTask().isPerformDelete()) {
LOG.debug("PullTask not configured for delete");
- end(provision.getAnyType(),
- ResourceOperation.DELETE.name().toLowerCase(),
OpEvent.Outcome.SUCCESS, null, null, delta);
+ end(Optional.empty(),
+ provision.getAnyType(),
+ ResourceOperation.DELETE.name().toLowerCase(),
+ OpEvent.Outcome.SUCCESS,
+ null,
+ null,
+ delta);
return OpEvent.Outcome.SUCCESS;
}
- LOG.debug("About to delete {}", matches);
+ LOG.debug("About to delete {}", match);
- OpEvent.Outcome global = OpEvent.Outcome.SUCCESS;
- for (InboundMatch match : matches) {
- Object output;
- OpEvent.Outcome resultStatus = OpEvent.Outcome.FAILURE;
+ OpEvent.Outcome resultStatus = OpEvent.Outcome.SUCCESS;
- ProvisioningReport result = new ProvisioningReport();
+ ProvisioningReport result = new ProvisioningReport();
+ try {
+ AnyTO before = getAnyTO(match.getAny());
- try {
- AnyTO before = getAnyTO(match.getAny());
+ result.setKey(match.getAny().getKey());
+ result.setName(getName(before));
+ result.setOperation(ResourceOperation.DELETE);
+ result.setAnyType(provision.getAnyType());
+ result.setStatus(ProvisioningReport.Status.SUCCESS);
+ result.setUidValue(delta.getUid().getUidValue());
- result.setKey(match.getAny().getKey());
- result.setName(getName(before));
- result.setOperation(ResourceOperation.DELETE);
- result.setAnyType(provision.getAnyType());
- result.setStatus(ProvisioningReport.Status.SUCCESS);
- result.setUidValue(delta.getUid().getUidValue());
+ if (!profile.isDryRun()) {
+ for (InboundActions action : profile.getActions()) {
+ action.beforeDelete(profile, delta, before);
+ }
+
+ Object output;
+ try {
+ provisioningManager().delete(
+ match.getAny().getKey(),
+ Set.of(profile.getTask().getResource().getKey()),
+ true,
+ profile.getExecutor(),
+ profile.getContext());
+ output = null;
+ resultStatus = OpEvent.Outcome.SUCCESS;
- if (!profile.isDryRun()) {
for (InboundActions action : profile.getActions()) {
- action.beforeDelete(profile, delta, before);
+ action.after(profile, delta, before, result);
}
+ } catch (Exception e) {
+ throwIgnoreProvisionException(delta, e);
- try {
- getProvisioningManager().delete(
- match.getAny().getKey(),
-
Set.of(profile.getTask().getResource().getKey()),
- true,
- profile.getExecutor(),
- profile.getContext());
- output = null;
- resultStatus = OpEvent.Outcome.SUCCESS;
+ result.setStatus(ProvisioningReport.Status.FAILURE);
+ result.setMessage(ExceptionUtils.getRootCauseMessage(e));
+ LOG.error("Could not delete {} {}",
provision.getAnyType(), match, e);
+ output = e;
- for (InboundActions action : profile.getActions()) {
- action.after(profile, delta, before, result);
- }
- } catch (Exception e) {
- throwIgnoreProvisionException(delta, e);
-
- result.setStatus(ProvisioningReport.Status.FAILURE);
-
result.setMessage(ExceptionUtils.getRootCauseMessage(e));
- LOG.error("Could not delete {} {}",
provision.getAnyType(), match, e);
- output = e;
-
- if (profile.getTask().isRemediation()) {
- // set to SUCCESS to let the incremental flow go
on in case of errors
- resultStatus = OpEvent.Outcome.SUCCESS;
- createRemediation(
- provision.getAnyType(),
match.getAny().getKey(), null, null, result, delta);
- }
+ if (profile.getTask().isRemediation()) {
+ // set to SUCCESS to let the incremental flow go on in
case of errors
+ resultStatus = OpEvent.Outcome.SUCCESS;
+ createRemediation(
+ provision.getAnyType(),
match.getAny().getKey(), null, null, result, delta);
}
-
- end(provision.getAnyType(),
- ResourceOperation.DELETE.name().toLowerCase(),
- resultStatus, before, output, delta);
- global = and(global, resultStatus);
}
- profile.getResults().add(result);
- } catch (NotFoundException e) {
- LOG.error("Could not find {} {}", provision.getAnyType(),
match, e);
- } catch (DelegatedAdministrationException e) {
- LOG.error("Not allowed to read {} {}", provision.getAnyType(),
match, e);
- } catch (Exception e) {
- LOG.error("Could not delete {} {}", provision.getAnyType(),
match, e);
+ end(Optional.of(result.getKey()),
+ provision.getAnyType(),
+ ResourceOperation.DELETE.name().toLowerCase(),
+ resultStatus,
+ before,
+ output,
+ delta);
}
+
+ profile.getResults().add(result);
+ } catch (NotFoundException e) {
+ LOG.error("Could not find {} {}", provision.getAnyType(), match,
e);
+ } catch (DelegatedAdministrationException e) {
+ LOG.error("Not allowed to read {} {}", provision.getAnyType(),
match, e);
+ } catch (Exception e) {
+ LOG.error("Could not delete {} {}", provision.getAnyType(), match,
e);
}
- return global;
+ return resultStatus;
}
protected OpEvent.Outcome ignore(
final SyncDelta delta,
- final List<InboundMatch> matches,
+ final InboundMatch match,
final Provision provision,
final boolean matching,
final String... message) {
- LOG.debug("Any to ignore {}",
delta.getObject().getUid().getUidValue());
-
- if (matches == null) {
- ProvisioningReport report = new ProvisioningReport();
- report.setKey(null);
- report.setName(delta.getObject().getUid().getUidValue());
- report.setOperation(ResourceOperation.NONE);
- report.setAnyType(provision.getAnyType());
- report.setStatus(ProvisioningReport.Status.SUCCESS);
- report.setUidValue(delta.getUid().getUidValue());
- if (message != null && message.length >= 1) {
- report.setMessage(message[0]);
- }
-
- profile.getResults().add(report);
- } else {
- matches.forEach(match -> {
- ProvisioningReport report = new ProvisioningReport();
- report.setKey(match.getAny().getKey());
- report.setName(delta.getObject().getUid().getUidValue());
- report.setOperation(ResourceOperation.NONE);
- report.setAnyType(provision.getAnyType());
- report.setStatus(ProvisioningReport.Status.SUCCESS);
- report.setUidValue(delta.getUid().getUidValue());
- if (message != null && message.length >= 1) {
- report.setMessage(message[0]);
- }
+ LOG.debug("About to ignore {}", match);
- profile.getResults().add(report);
- });
+ ProvisioningReport result = new ProvisioningReport();
+ result.setKey(match.getAny().getKey());
Review Comment:
## Dereferenced variable may be null
Variable [match](1) may be null at this access because of [this](2) null
argument.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/2483)
##########
core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/DefaultRealmPullResultHandler.java:
##########
@@ -280,358 +289,360 @@
resultStatus = OpEvent.Outcome.FAILURE;
}
- end(UnmatchingRule.toOp(unmatchingRule), resultStatus, null, output,
delta);
+ end(Optional.of(result.getKey()), UnmatchingRule.toOp(unmatchingRule),
resultStatus, null, output, delta);
return resultStatus;
}
- protected OpEvent.Outcome update(final SyncDelta delta, final List<Realm>
realms, final boolean inLink)
+ protected OpEvent.Outcome update(final SyncDelta delta, final Realm realm,
final boolean inLink)
throws JobExecutionException {
if (!profile.getTask().isPerformUpdate()) {
LOG.debug("PullTask not configured for update");
- end(MatchingRule.toOp(MatchingRule.UPDATE),
OpEvent.Outcome.SUCCESS, null, null, delta);
+ end(Optional.empty(), MatchingRule.toOp(MatchingRule.UPDATE),
OpEvent.Outcome.SUCCESS, null, null, delta);
return OpEvent.Outcome.SUCCESS;
}
- LOG.debug("About to update {}", realms);
-
- OpEvent.Outcome global = OpEvent.Outcome.SUCCESS;
- for (Realm realm : realms) {
- LOG.debug("About to update {}", realm);
-
- ProvisioningReport result = new ProvisioningReport();
- result.setOperation(ResourceOperation.UPDATE);
- result.setAnyType(SyncopeConstants.REALM_ANYTYPE);
- result.setStatus(ProvisioningReport.Status.SUCCESS);
- result.setKey(realm.getKey());
- result.setName(realm.getFullPath());
-
- if (!profile.isDryRun()) {
- OpEvent.Outcome resultStatus;
- Object output;
+ LOG.debug("About to update {}", realm);
- RealmTO before = binder.getRealmTO(realm, true);
- try {
- if (!inLink) {
- for (InboundActions action : profile.getActions()) {
- action.beforeUpdate(profile, delta, before, null);
- }
- }
-
- List<PropagationManager.PropagationAttrs> beforeAttrs =
propagationManager.prepareAttrs(realm);
-
- PropagationByResource<String> propByRes =
binder.update(realm, before);
- Realm merged = realmDAO.save(realm);
- RealmTO updated = binder.getRealmTO(merged, true);
+ ProvisioningReport result = new ProvisioningReport();
+ result.setOperation(ResourceOperation.UPDATE);
+ result.setAnyType(SyncopeConstants.REALM_ANYTYPE);
+ result.setStatus(ProvisioningReport.Status.SUCCESS);
+ result.setKey(realm.getKey());
+ result.setName(realm.getFullPath());
- List<PropagationTaskInfo> taskInfos =
propagationManager.setAttributeDeltas(
- propagationManager.createTasks(merged, propByRes,
null),
- beforeAttrs);
- taskExecutor.execute(taskInfos, false,
securityProperties.getAdminUser());
+ OpEvent.Outcome resultStatus = OpEvent.Outcome.SUCCESS;
+ if (!profile.isDryRun()) {
+ Object output;
+ RealmTO before = binder.getRealmTO(realm, true);
+ try {
+ if (!inLink) {
for (InboundActions action : profile.getActions()) {
- action.after(profile, delta, updated, result);
+ action.beforeUpdate(profile, delta, before, null);
}
+ }
- output = updated;
- resultStatus = OpEvent.Outcome.SUCCESS;
- result.setName(updated.getFullPath());
+ List<PropagationManager.PropagationAttrs> beforeAttrs =
propagationManager.prepareAttrs(realm);
- LOG.debug("{} successfully updated", updated);
- } catch (PropagationException e) {
- // A propagation failure doesn't imply a pull failure.
- // The propagation exception status will be reported into
the propagation task execution.
- LOG.error("Could not propagate Realm {}",
delta.getUid().getUidValue(), e);
- output = e;
- resultStatus = OpEvent.Outcome.FAILURE;
- } catch (Exception e) {
- throwIgnoreProvisionException(delta, e);
+ PropagationByResource<String> propByRes = binder.update(realm,
before);
+ Realm merged = realmDAO.save(realm);
+ RealmTO updated = binder.getRealmTO(merged, true);
- result.setStatus(ProvisioningReport.Status.FAILURE);
- result.setMessage(ExceptionUtils.getRootCauseMessage(e));
- LOG.error("Could not update Realm {}",
delta.getUid().getUidValue(), e);
- output = e;
- resultStatus = OpEvent.Outcome.FAILURE;
+ List<PropagationTaskInfo> taskInfos =
propagationManager.setAttributeDeltas(
+ propagationManager.createTasks(merged, propByRes,
null),
+ beforeAttrs);
+ taskExecutor.execute(taskInfos, false,
securityProperties.getAdminUser());
+
+ for (InboundActions action : profile.getActions()) {
+ action.after(profile, delta, updated, result);
}
- end(MatchingRule.toOp(MatchingRule.UPDATE), resultStatus,
before, output, delta);
- global = and(global, resultStatus);
+ output = updated;
+ resultStatus = OpEvent.Outcome.SUCCESS;
+ result.setName(updated.getFullPath());
+
+ LOG.debug("{} successfully updated", updated);
Review Comment:
## Use of default toString()
Default toString(): RealmTO inherits toString() from Object, and so is not
suitable for printing.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/2488)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
