Permalink
Cannot retrieve contributors at this time
midPoint_container/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/resource-grouper.xml
Go to file| <?xml version="1.0" encoding="UTF-8"?> | |
| <!-- | |
| ~ Copyright (c) 2019 Evolveum and contributors | |
| ~ | |
| ~ This work is dual-licensed under the Apache License 2.0 | |
| ~ and European Union Public License. See LICENSE file for details. | |
| --> | |
| <resource oid="1eff65de-5bb6-483d-9edf-8cc2c2ee0233" | |
| xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | |
| xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | |
| xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" | |
| xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" | |
| xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" | |
| xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" | |
| xmlns:rest="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-grouper-rest/com.evolveum.polygon.connector.grouper.rest.GrouperConnector" | |
| xmlns:conf="http://midpoint.evolveum.com/xml/ns/public/connector/builtin-1/bundle/com.evolveum.midpoint.provisioning.ucf.impl.builtin.async/AsyncUpdateConnector" | |
| xmlns:xsd="http://www.w3.org/2001/XMLSchema" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |
| <name>Grouper Resource</name> | |
| <connectorRef type="c:ConnectorType"> | |
| <filter> | |
| <q:equal> | |
| <q:path>connectorType</q:path> | |
| <q:value>com.evolveum.polygon.connector.grouper.rest.GrouperConnector</q:value> | |
| </q:equal> | |
| </filter> | |
| </connectorRef> | |
| <connectorConfiguration> | |
| <icfc:configurationProperties> | |
| <rest:baseUrl>https://grouper-ws:443</rest:baseUrl> | |
| <rest:username>banderson</rest:username> | |
| <rest:password>password</rest:password> | |
| <rest:testStem>:</rest:testStem> | |
| <!-- no testGroup: we cannot be sure that banderson is a member of sysadmingroup when doing the first test --> | |
| <rest:baseStem>:</rest:baseStem> | |
| <rest:groupIncludePattern>app:.*</rest:groupIncludePattern> | |
| <rest:groupIncludePattern>test:.*</rest:groupIncludePattern> | |
| <rest:groupIncludePattern>ref:.*</rest:groupIncludePattern> | |
| <rest:groupExcludePattern>.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)</rest:groupExcludePattern> | |
| <rest:subjectSource>ldap</rest:subjectSource> | |
| <rest:ignoreSslValidation>true</rest:ignoreSslValidation> | |
| </icfc:configurationProperties> | |
| <icfc:resultsHandlerConfiguration> | |
| <icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler> | |
| <icfc:enableFilteredResultsHandler>true</icfc:enableFilteredResultsHandler> | |
| <icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler> | |
| </icfc:resultsHandlerConfiguration> | |
| </connectorConfiguration> | |
| <additionalConnector> | |
| <name>AMQP async update connector</name> | |
| <connectorRef type="c:ConnectorType"> | |
| <filter> | |
| <q:equal> | |
| <q:path>connectorType</q:path> | |
| <q:value>AsyncUpdateConnector</q:value> | |
| </q:equal> | |
| </filter> | |
| </connectorRef> | |
| <connectorConfiguration> | |
| <conf:sources> | |
| <amqp091> | |
| <uri>amqp://mq:5672</uri> | |
| <username>guest</username> | |
| <password>guest</password> | |
| <queue>sampleQueue</queue> | |
| </amqp091> | |
| </conf:sources> | |
| <conf:transformExpression> | |
| <script> | |
| <code> | |
| // ------------------ START OF CONFIGURATION ------------------ | |
| parameters = [ | |
| groupIncludePattern: [ 'app:.*', 'test:.*', 'ref:.*' ], | |
| groupExcludePattern: [ '.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)' ], | |
| relevantSourceId: 'ldap' | |
| ] | |
| // ------------------ END OF CONFIGURATION ------------------ | |
| parameters.put('message', message) | |
| grouper.execute('createUcfChange', parameters) | |
| </code> | |
| </script> | |
| </conf:transformExpression> | |
| </connectorConfiguration> | |
| </additionalConnector> | |
| <schemaHandling> | |
| <objectType> | |
| <kind>entitlement</kind> | |
| <intent>group</intent> | |
| <objectClass>ri:Group</objectClass> | |
| <default>true</default> | |
| <attribute> | |
| <ref>ri:name</ref> | |
| <inbound> | |
| <strength>strong</strength> | |
| <target> | |
| <path>extension/grouperName</path> | |
| </target> | |
| </inbound> | |
| <inbound> | |
| <strength>strong</strength> | |
| <expression> | |
| <script> | |
| <code> | |
| import com.evolveum.midpoint.schema.util.* | |
| import com.evolveum.midpoint.schema.constants.* | |
| if (input == null) { | |
| null | |
| } else { | |
| archetypeOid = '5f2b96d2-49b5-4a8a-9601-14457309a69b' // generic-grouper-group archetype | |
| switch (input) { | |
| case ~/ref:affiliation:.*/: archetypeOid = '56f53812-047d-4b69-83e8-519a73d161e1'; break; // affiliation archetype | |
| case ~/ref:dept:.*/: archetypeOid = '1cec5f78-8fba-459b-9547-ef7485009f40'; break; // department archetype | |
| case ~/ref:course:.*/: archetypeOid = '3dab9a72-118b-4e40-a138-bb691c335eca'; break; // course archetype | |
| case ~/app:mailinglist:.*/: archetypeOid = '1645d1dc-1f7c-4508-b50b-97b501ccdee3'; break; // mailing-list archetype | |
| } | |
| ObjectTypeUtil.createAssignmentTo(archetypeOid, ObjectTypes.ARCHETYPE, prismContext) | |
| } | |
| </code> | |
| </script> | |
| </expression> | |
| <target> | |
| <path>assignment</path> | |
| <set> | |
| <predefined>all</predefined> <!-- we tolerate no other assignments --> | |
| </set> | |
| </target> | |
| </inbound> | |
| </attribute> | |
| <attribute> | |
| <ref>ri:member</ref> | |
| <fetchStrategy>explicit</fetchStrategy> | |
| <storageStrategy>indexOnly</storageStrategy> | |
| </attribute> | |
| </objectType> | |
| </schemaHandling> | |
| <synchronization> | |
| <objectSynchronization> | |
| <enabled>true</enabled> | |
| <kind>entitlement</kind> | |
| <intent>group</intent> | |
| <objectClass>ri:Group</objectClass> | |
| <focusType>OrgType</focusType> | |
| <correlation> | |
| <q:equal> | |
| <q:path>extension/grouperName</q:path> | |
| <expression> | |
| <path>$projection/attributes/name</path> | |
| </expression> | |
| </q:equal> | |
| </correlation> | |
| <reaction> | |
| <situation>linked</situation> | |
| <channel>http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#asyncUpdate</channel> | |
| <condition> | |
| <script> | |
| <code>import com.evolveum.midpoint.prism.path.ItemPath | |
| import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType | |
| // member-only updates should _NOT_ be synchronized | |
| resourceObjectDelta != null && resourceObjectDelta.isModify() && | |
| resourceObjectDelta.modifications.size() == 1 && | |
| ItemPath.create(ShadowType.F_ATTRIBUTES, 'member').equivalent(resourceObjectDelta.modifications.iterator().next().path) | |
| </code> | |
| </script> | |
| </condition> | |
| <synchronize>false</synchronize> | |
| </reaction> | |
| <reaction> | |
| <situation>linked</situation> | |
| <synchronize>true</synchronize> | |
| </reaction> | |
| <reaction> | |
| <situation>deleted</situation> | |
| <!-- a separate task will take care of deleted groups --> | |
| <!-- we don't even need to unlink the shadow --> | |
| <synchronize>true</synchronize> | |
| </reaction> | |
| <reaction> | |
| <situation>unlinked</situation> | |
| <action> | |
| <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri> | |
| </action> | |
| </reaction> | |
| <reaction> | |
| <situation>unmatched</situation> | |
| <action> | |
| <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri> | |
| </action> | |
| </reaction> | |
| </objectSynchronization> | |
| </synchronization> | |
| <caching> | |
| <cachingStategy>passive</cachingStategy> | |
| </caching> | |
| </resource> |