com.atlassian.crowd.directory.cache

Class DeltaQueryCacheRefresher

java.lang.Object

com.atlassian.crowd.directory.cache.DeltaQueryCacheRefresher

All Implemented Interfaces:

CacheRefresher

public class DeltaQueryCacheRefresher
extends Object
implements CacheRefresher

Performs delta queries on Azure Active Directory to facilitate incremental synchronisation. More details can be found at https://developer.microsoft.com/en-us/graph/docs/concepts/delta_query_overview

If no delta tokens are present a full synchronisation using Azure AD's delta endpoints will be performed to obtain delta tokens for future incremental syncs.

As Azure AD returns a diff of group memberships, this cache refresher will add/remove the memberships specified by Azure AD instead of diffing current memberships with the ones obtained from the remote directory. This also causes a slight overhead due to the need to look up entity names for those memberships as Azure AD only specifies external ids and Crowd needs names. To facilitate this the names for added/changed entities are added into a cache local to a synchronisation and the cache is then populated whenever a lookup is performed.

This CacheRefresher uses worker threads for synchronisation. There are two reasons for this:

• Increasing performance by concurrently fetching both users and groups
• Minimising the chance to have an outdated set of users and groups. As these are handled by two separate endpoints and use two separate tokens for tracking their state it's possible that one set will refer to outdated information. For example a user was added to a group and this information was fetched from the groups endpoint. However the user was deleted after that and the deletion was contained in the response from the users endpoint. Concurrent fetching reduces the window for such changes, however they are still possible.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected static interface	DeltaQueryCacheRefresher.IdToNameProvider
protected static interface	DeltaQueryCacheRefresher.IdToNameResolver

Field Summary

Fields

Modifier and Type	Field and Description
protected AzureAdDirectory	azureAdDirectory

Constructor Summary

Constructors

Constructor and Description
DeltaQueryCacheRefresher(AzureAdDirectory remoteDirectory)

Method Summary

Modifier and Type	Method and Description
protected void	checkNoReaddedGroups(DirectoryCache directoryCache, DeltaQueryResult<GroupWithMembershipChanges> mappedGroups)
protected void	checkNoRenamedGroups(DirectoryCache directoryCache, DeltaQueryResult<GroupWithMembershipChanges> mappedGroups)
protected Optional<DeltaQuerySyncTokenHolder>	extractSyncToken(String syncToken)
protected Set<String>	getNames(Map<String,String> idToNameCache, Set<String> idsToResolve, DeltaQueryCacheRefresher.IdToNameProvider findById, boolean failOnNotResolved, String entityType)
protected DeltaQueryResult<UserWithAttributes>	getUserChangesFromDeltaQuery(String userSyncToken)
protected DeltaQueryResult<UserWithAttributes>	getUsersFromDeltaQuery()
protected DeltaQueryCacheRefresher.IdToNameResolver	groupResolver(Collection<GroupWithMembershipChanges> mappedGroups, DirectoryCache directoryCache)
protected <T> void	handleNamelessEntities(DeltaQueryResult<T> mappedEntities, String entityType)
protected boolean	isValidToken(DeltaQuerySyncTokenHolder deltaQueryTokens)
protected <T> Map<String,String>	mapIdToUniqueNames(Collection<T> entities, Function<T,String> idMapper, Function<T,String> nameMapper, String entityName)
CacheSynchronisationResult	synchroniseAll(DirectoryCache directoryCache) Will visit all Users and Groups in the external directory in order to do a Full refresh.
CacheSynchronisationResult	synchroniseChanges(DirectoryCache directoryCache, String syncToken) Attempts to synchronise changes since the last refresh as opposed to performing a full synchronisation.
protected DeltaQueryResult<GroupWithMembershipChanges>	synchroniseGroupChanges(DirectoryCache directoryCache, DeltaQueryResult<GroupWithMembershipChanges> mappedGroups, Date syncStartDate)
protected void	synchroniseMembershipChanges(DirectoryCache directoryCache, Collection<UserWithAttributes> mappedUsers, Collection<GroupWithMembershipChanges> mappedGroups)
protected DeltaQueryResult<UserWithAttributes>	synchroniseUserChanges(DirectoryCache directoryCache, DeltaQueryResult<UserWithAttributes> mappedUsers, Date syncStartDate)
protected DeltaQueryCacheRefresher.IdToNameResolver	usersResolver(Collection<UserWithAttributes> mappedUsers, DirectoryCache directoryCache)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

azureAdDirectory

protected final AzureAdDirectory azureAdDirectory

Constructor Detail

DeltaQueryCacheRefresher

public DeltaQueryCacheRefresher(AzureAdDirectory remoteDirectory)

Method Detail

synchroniseAll

public CacheSynchronisationResult synchroniseAll(DirectoryCache directoryCache)
                                          throws OperationFailedException

Description copied from interface: CacheRefresher

Will visit all Users and Groups in the external directory in order to do a Full refresh.

Specified by:

synchroniseAll in interface CacheRefresher

Parameters:

directoryCache - the DirectoryCache to update.

Returns:

result of synchronisation

Throws:

OperationFailedException - if there was an error processing the operation

getUsersFromDeltaQuery

protected DeltaQueryResult<UserWithAttributes> getUsersFromDeltaQuery()
                                                               throws OperationFailedException

Throws:

OperationFailedException

getUserChangesFromDeltaQuery

protected DeltaQueryResult<UserWithAttributes> getUserChangesFromDeltaQuery(String userSyncToken)
                                                                     throws OperationFailedException

Throws:

OperationFailedException

synchroniseChanges

public CacheSynchronisationResult synchroniseChanges(DirectoryCache directoryCache,
                                                     @Nullable
                                                     String syncToken)
                                              throws OperationFailedException

Description copied from interface: CacheRefresher

Attempts to synchronise changes since the last refresh as opposed to performing a full synchronisation. Returns true if changes since the last refresh were synchronised successfully.

Specified by:

synchroniseChanges in interface CacheRefresher

Parameters:

directoryCache - the DirectoryCache to update.

Returns:

result of the synchronisation

Throws:

OperationFailedException - if there was an error processing the operation

extractSyncToken

protected Optional<DeltaQuerySyncTokenHolder> extractSyncToken(String syncToken)

isValidToken

protected boolean isValidToken(DeltaQuerySyncTokenHolder deltaQueryTokens)

synchroniseMembershipChanges

protected void synchroniseMembershipChanges(DirectoryCache directoryCache,
                                            Collection<UserWithAttributes> mappedUsers,
                                            Collection<GroupWithMembershipChanges> mappedGroups)
                                     throws OperationFailedException

Throws:

OperationFailedException

getNames

protected Set<String> getNames(Map<String,String> idToNameCache,
                               Set<String> idsToResolve,
                               DeltaQueryCacheRefresher.IdToNameProvider findById,
                               boolean failOnNotResolved,
                               String entityType)
                        throws OperationFailedException

Throws:

OperationFailedException

mapIdToUniqueNames

protected <T> Map<String,String> mapIdToUniqueNames(Collection<T> entities,
                                                    Function<T,String> idMapper,
                                                    Function<T,String> nameMapper,
                                                    String entityName)

usersResolver

protected DeltaQueryCacheRefresher.IdToNameResolver usersResolver(Collection<UserWithAttributes> mappedUsers,
                                                                  DirectoryCache directoryCache)

groupResolver

protected DeltaQueryCacheRefresher.IdToNameResolver groupResolver(Collection<GroupWithMembershipChanges> mappedGroups,
                                                                  DirectoryCache directoryCache)

synchroniseUserChanges

protected DeltaQueryResult<UserWithAttributes> synchroniseUserChanges(DirectoryCache directoryCache,
                                                                      DeltaQueryResult<UserWithAttributes> mappedUsers,
                                                                      Date syncStartDate)
                                                               throws OperationFailedException

Throws:

OperationFailedException

synchroniseGroupChanges

protected DeltaQueryResult<GroupWithMembershipChanges> synchroniseGroupChanges(DirectoryCache directoryCache,
                                                                               DeltaQueryResult<GroupWithMembershipChanges> mappedGroups,
                                                                               Date syncStartDate)
                                                                        throws OperationFailedException

Throws:

OperationFailedException

checkNoRenamedGroups

protected void checkNoRenamedGroups(DirectoryCache directoryCache,
                                    DeltaQueryResult<GroupWithMembershipChanges> mappedGroups)
                             throws OperationFailedException

Throws:

OperationFailedException

checkNoReaddedGroups

protected void checkNoReaddedGroups(DirectoryCache directoryCache,
                                    DeltaQueryResult<GroupWithMembershipChanges> mappedGroups)
                             throws OperationFailedException

Throws:

OperationFailedException

handleNamelessEntities

protected <T> void handleNamelessEntities(DeltaQueryResult<T> mappedEntities,
                                          String entityType)