From e1c58f20fd87e9e310f0c2b89641e1eaf73bb4d4 Mon Sep 17 00:00:00 2001
From: Pavol Mederly <mederly@evolveum.com>
Date: Fri, 29 Mar 2019 22:15:02 +0100
Subject: [PATCH] Implement option1 up to "back in midPoint" step

What is still missing from option1 is "back in LDAP" and targets.
Plus minor improvements/fixes and tests.
---
 demo/complex/add-ref-groups.gsh               |  17 +-
 .../container_files/seed-data/demo.gsh        |  13 +-
 .../template-org-mailing-list.xml             |  18 +++
 .../objectTemplates/template-user.xml         | 153 +++++++++++++++++-
 .../resources/resource-grouper.xml            |  44 ++++-
 .../roles/metarole-affiliation.xml            |   4 +-
 .../roles/metarole-mailing-list.xml           |  16 ++
 .../SystemConfiguration.xml                   |   5 +
 demo/complex/upload-async-update-task.sh      |  17 ++
 .../upload-reconcile-grouper-groups.sh        |  17 ++
 .../complex/upload-reconcile-grouper-users.sh |  17 ++
 11 files changed, 301 insertions(+), 20 deletions(-)
 create mode 100644 demo/complex/midpoint-objects/objectTemplates/template-org-mailing-list.xml
 create mode 100644 demo/complex/midpoint-objects/roles/metarole-mailing-list.xml
 create mode 100755 demo/complex/upload-async-update-task.sh
 create mode 100755 demo/complex/upload-reconcile-grouper-groups.sh
 create mode 100755 demo/complex/upload-reconcile-grouper-users.sh

diff --git a/demo/complex/add-ref-groups.gsh b/demo/complex/add-ref-groups.gsh
index 679910c..0e952ac 100644
--- a/demo/complex/add-ref-groups.gsh
+++ b/demo/complex/add-ref-groups.gsh
@@ -1,14 +1,14 @@
 
-def addGroups(gs,stem) {
-	def supergroup = GroupFinder.findByName(gs, "etc:midpointGroups", true)
+def addGroups(gs,stem,owner,regexp) {
 	for (group in stem.childGroups) {
 		if (!group.name.endsWith('_includes') &&
 		    !group.name.endsWith('_excludes') &&
 		    !group.name.endsWith('_systemOfRecord') &&
-		    !group.name.endsWith('_systemOfRecordAndIncludes')) {
+		    !group.name.endsWith('_systemOfRecordAndIncludes') &&
+		    (regexp == null || group.extension ==~ regexp)) {
 			println 'Adding: ' + group
 			def s = SubjectFinder.findById(group.getId(), 'group', 'g:gsa')
-			supergroup.addMember(s, false)
+			owner.addMember(s, false)
 		} else {
 			println 'Ignoring: ' + group
 		}
@@ -16,8 +16,11 @@ def addGroups(gs,stem) {
 }
 
 gs = GrouperSession.startRootSession()
+def supergroup = GroupFinder.findByName(gs, "etc:midpointGroups", true)
+def cs = GroupFinder.findByName(gs, "app:cs", true)
 
-addGroups(gs, StemFinder.findByName(gs, 'ref:affiliation'))
-addGroups(gs, StemFinder.findByName(gs, 'ref:dept'))
-addGroups(gs, StemFinder.findByName(gs, 'ref:course'))
+addGroups(gs, StemFinder.findByName(gs, 'ref:affiliation'), supergroup, null)
+//addGroups(gs, StemFinder.findByName(gs, 'ref:dept'), null)
+//addGroups(gs, StemFinder.findByName(gs, 'ref:course'), null)
 
+addGroups(gs, StemFinder.findByName(gs, 'ref:course'), cs, /CS.*/)
diff --git a/demo/complex/grouper_data/container_files/seed-data/demo.gsh b/demo/complex/grouper_data/container_files/seed-data/demo.gsh
index 0d13760..2cb43fd 100644
--- a/demo/complex/grouper_data/container_files/seed-data/demo.gsh
+++ b/demo/complex/grouper_data/container_files/seed-data/demo.gsh
@@ -73,7 +73,16 @@ attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperL
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId");
 
 midpointGroupsGroup = new GroupSave(gs).assignName("etc:midpointGroups").assignCreateParentStemsIfNotExist(true).save();
+
 testGroup = new GroupSave(gs).assignName("midpoint:test").assignCreateParentStemsIfNotExist(true).save();
+chess = new GroupSave(gs).assignName("app:mailinglist:chess").assignCreateParentStemsIfNotExist(true).save()
+idmfans = new GroupSave(gs).assignName("app:mailinglist:idm-fans").assignCreateParentStemsIfNotExist(true).save()
+cs = new GroupSave(gs).assignName("app:cs").assignCreateParentStemsIfNotExist(true).save()
+volunteers = new GroupSave(gs).assignName("test:volunteers").assignCreateParentStemsIfNotExist(true).save()
+
+midpointGroupsGroup.addMember(SubjectFinder.findById(testGroup.getId(), 'group', 'g:gsa'), false)
+midpointGroupsGroup.addMember(SubjectFinder.findById(chess.getId(), 'group', 'g:gsa'), false)
+midpointGroupsGroup.addMember(SubjectFinder.findById(idmfans.getId(), 'group', 'g:gsa'), false)
+midpointGroupsGroup.addMember(SubjectFinder.findById(cs.getId(), 'group', 'g:gsa'), false)
+midpointGroupsGroup.addMember(SubjectFinder.findById(volunteers.getId(), 'group', 'g:gsa'), false)
 
-s = SubjectFinder.findById(testGroup.getId(), 'group', 'g:gsa');
-midpointGroupsGroup.addMember(s, false);
diff --git a/demo/complex/midpoint-objects/objectTemplates/template-org-mailing-list.xml b/demo/complex/midpoint-objects/objectTemplates/template-org-mailing-list.xml
new file mode 100644
index 0000000..058d131
--- /dev/null
+++ b/demo/complex/midpoint-objects/objectTemplates/template-org-mailing-list.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+    oid="be84a39a-c004-490b-9b78-a871b837f6df">
+    <name>template-org-mailing-list</name>
+    <mapping>
+        <strength>strong</strength>
+        <expression>
+            <assignmentTargetSearch>
+                <targetType>RoleType</targetType>
+                <oid>1c7beff4-cdf6-4e9f-b54c-79d0766f6fbe</oid>     <!--  metarole-mailing-list -->
+            </assignmentTargetSearch>
+        </expression>
+        <target>
+            <path>assignment</path>
+        </target>
+    </mapping>
+    
+</objectTemplate>
diff --git a/demo/complex/midpoint-objects/objectTemplates/template-user.xml b/demo/complex/midpoint-objects/objectTemplates/template-user.xml
index 288bd24..c2bb8a5 100644
--- a/demo/complex/midpoint-objects/objectTemplates/template-user.xml
+++ b/demo/complex/midpoint-objects/objectTemplates/template-user.xml
@@ -5,6 +5,15 @@
         <strength>strong</strength>
         <source>
             <path>extension/grouperGroup</path>
+            <set>
+                <condition>
+                    <script>
+                        <code>
+                            !(grouperGroup ==~ /ref:affiliation:.*/) &amp;&amp; !(grouperGroup ==~ /app:mailinglist:.*/)
+                        </code>
+                    </script>
+                </condition>
+            </set>
         </source>
         <expression>
             <assignmentTargetSearch>
@@ -15,7 +24,7 @@
                         <expression>
                             <script>
                                 <code>
-                                    grouperGroup
+                                    'generic_' + grouperGroup
                                 </code>
                             </script>
                         </expression>
@@ -33,7 +42,7 @@
                         <expression>
                             <script>
                                 <code>
-                                    grouperGroup
+                                    'generic_' + grouperGroup
                                 </code>
                             </script>
                         </expression>
@@ -62,4 +71,144 @@
             </set>
         </target>
     </mapping>
+    <mapping>
+        <strength>strong</strength>
+        <source>
+            <path>extension/grouperGroup</path>
+            <set>
+                <condition>
+                    <script>
+                        <code>
+                            grouperGroup ==~ /app:mailinglist:.*/
+                        </code>
+                    </script>
+                </condition>
+            </set>
+        </source>
+        <expression>
+            <assignmentTargetSearch>
+                <targetType>OrgType</targetType>
+                <filter>
+                    <q:equal>
+                        <q:path>name</q:path>                       
+                        <expression>
+                            <script>
+                                <code>
+                                    'mailinglist_' + grouperGroup.substring(16)
+                                </code>
+                            </script>
+                        </expression>
+                    </q:equal>
+                </filter>
+                <assignmentProperties>
+                    <subtype>mailing-list</subtype>
+                </assignmentProperties>
+                <createOnDemand>true</createOnDemand>
+                <populateObject>
+                    <populateItem>
+                        <target>
+                            <path>name</path>
+                        </target>
+                        <expression>
+                            <script>
+                                <code>
+                                    'mailinglist_' + grouperGroup.substring(16)
+                                </code>
+                            </script>
+                        </expression>
+                    </populateItem>
+                    <populateItem>
+                        <target>
+                            <path>subtype</path>
+                        </target>
+                        <expression>
+                            <value>mailing-list</value>
+                        </expression>
+                    </populateItem>
+                </populateObject>
+            </assignmentTargetSearch>       
+        </expression>
+        <target>
+            <path>assignment</path>
+            <set>
+                <condition>
+                    <script>
+                        <code>
+                            assignment?.subtype.contains('mailing-list')
+                        </code>
+                    </script>
+                </condition>
+            </set>
+        </target>
+    </mapping>
+    <mapping>
+        <strength>strong</strength>
+        <source>
+            <path>extension/grouperGroup</path>
+            <set>
+                <condition>
+                    <script>
+                        <code>
+                            grouperGroup ==~ /ref:affiliation:.*/
+                        </code>
+                    </script>
+                </condition>
+            </set>
+        </source>
+        <expression>
+            <assignmentTargetSearch>
+                <targetType>OrgType</targetType>
+                <filter>
+                    <q:equal>
+                        <q:path>name</q:path>                       
+                        <expression>
+                            <script>
+                                <code>
+                                    'affiliation_' + grouperGroup.substring(16)
+                                </code>
+                            </script>
+                        </expression>
+                    </q:equal>
+                </filter>
+                <assignmentProperties>
+                    <subtype>affiliation</subtype>
+                </assignmentProperties>
+                <createOnDemand>true</createOnDemand>
+                <populateObject>
+                    <populateItem>
+                        <target>
+                            <path>name</path>
+                        </target>
+                        <expression>
+                            <script>
+                                <code>
+                                    'affiliation_' + grouperGroup.substring(16)
+                                </code>
+                            </script>
+                        </expression>
+                    </populateItem>
+                    <populateItem>
+                        <target>
+                            <path>subtype</path>
+                        </target>
+                        <expression>
+                            <value>affiliation</value>
+                        </expression>
+                    </populateItem>
+                </populateObject>
+            </assignmentTargetSearch>       
+        </expression>
+        <target>
+            <path>assignment</path>
+            <set>
+                <condition>
+                    <script>
+                        <code>
+                            assignment?.subtype.contains('affiliation')
+                        </code>
+                    </script>
+                </condition>
+            </set>
+        </target>
+    </mapping>
 </objectTemplate>
diff --git a/demo/complex/midpoint-objects/resources/resource-grouper.xml b/demo/complex/midpoint-objects/resources/resource-grouper.xml
index 186e929..ebefae8 100644
--- a/demo/complex/midpoint-objects/resources/resource-grouper.xml
+++ b/demo/complex/midpoint-objects/resources/resource-grouper.xml
@@ -43,8 +43,10 @@
 			<rest:password>password</rest:password>
 			<rest:superGroup>etc:midpointGroups</rest:superGroup>
 			<rest:groupIncludePattern>midpoint:.*</rest:groupIncludePattern>
-			<rest:groupIncludePattern>ref:.*</rest:groupIncludePattern>
-			<rest:groupExcludePattern>ref:.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)</rest:groupExcludePattern>
+			<rest:groupIncludePattern>app:.*</rest:groupIncludePattern>
+			<rest:groupIncludePattern>test:.*</rest:groupIncludePattern>
+			<rest:groupIncludePattern>ref:affiliation:.*</rest:groupIncludePattern>
+			<rest:groupExcludePattern>.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)</rest:groupExcludePattern>
 			<rest:subjectSource>ldap</rest:subjectSource>
 			<rest:groupSource>g:gsa</rest:groupSource>
 			<rest:ignoreSslValidation>true</rest:ignoreSslValidation>
@@ -76,8 +78,8 @@
 
 						parameters = [
 							superGroup: 'etc:midpointGroups',
-							groupIncludePattern: [ 'midpoint:.*', 'ref:.*' ],
-							groupExcludePattern: [ 'ref:.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)' ],
+							groupIncludePattern: [ 'midpoint:.*', 'app:.*', 'test:.*', 'ref:affiliation:.*' ],
+							groupExcludePattern: [ '.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)' ],
 							relevantSourceId: 'ldap'
 						]
 
@@ -124,6 +126,17 @@
 				<ref>icfs:name</ref>
 				<inbound>
 			                <strength>strong</strength>
+					<expression>
+						<script>
+							<code>
+								switch (input) {
+									case ~/ref:affiliation:.*/: return 'affiliation_' + input.substring(16)
+									case ~/app:mailinglist:.*/: return 'mailinglist_' + input.substring(16)
+									default: return 'generic_' + input
+								}
+							</code>
+						</script>
+					</expression>
 					<target>
 						<path>name</path>
 					</target>
@@ -131,7 +144,15 @@
 				<inbound>
 			                <strength>strong</strength>
 					<expression>
-						<value>generic-group</value>
+						<script>
+							<code>
+								switch (input) {
+									case ~/ref:affiliation:.*/: return 'affiliation'
+									case ~/app:mailinglist:.*/: return 'mailing-list'
+									default: return 'generic-group'
+								}
+							</code>
+						</script>
 					</expression>
 					<target>
 						<path>subtype</path>
@@ -190,9 +211,16 @@
 				<q:equal>
 					<q:path>name</q:path>
 					<expression>
-						<path>
-							$account/attributes/name
-						</path>
+						<script>
+							<code>
+								def name = basic.getAttributeValue(shadow, 'http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3', 'name')
+                                                                switch (name) {
+                                                                        case ~/ref:affiliation:.*/: return 'affiliation_' + name.substring(16)
+                                                                        case ~/app:mailinglist:.*/: return 'mailinglist_' + name.substring(16)
+                                                                        default: return 'generic_' + name
+                                                                }
+							</code>
+						</script>
 					</expression>
 				</q:equal>
 			</correlation>
diff --git a/demo/complex/midpoint-objects/roles/metarole-affiliation.xml b/demo/complex/midpoint-objects/roles/metarole-affiliation.xml
index cdfa819..d986597 100644
--- a/demo/complex/midpoint-objects/roles/metarole-affiliation.xml
+++ b/demo/complex/midpoint-objects/roles/metarole-affiliation.xml
@@ -9,5 +9,7 @@
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
       oid="fecae27b-d1d3-40ae-95fa-8f7e44e2ee70">
     <name>metarole-affiliation</name>
-	<!-- TODO -->
+    <inducement id="1">
+        <targetRef oid="1d7c0e3a-4456-409c-9f50-95407b2eb785" relation="org:default" type="c:OrgType" />     <!-- affiliations -->
+    </inducement>
 </role>
diff --git a/demo/complex/midpoint-objects/roles/metarole-mailing-list.xml b/demo/complex/midpoint-objects/roles/metarole-mailing-list.xml
new file mode 100644
index 0000000..acdc319
--- /dev/null
+++ b/demo/complex/midpoint-objects/roles/metarole-mailing-list.xml
@@ -0,0 +1,16 @@
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" 
+      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" 
+      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" 
+      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+      xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" 
+      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" 
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+      oid="1c7beff4-cdf6-4e9f-b54c-79d0766f6fbe">
+    <name>metarole-mailing-list</name>
+    <inducement id="1">
+        <targetRef oid="d81fb46c-20c7-44d3-8402-fef404ea1264" relation="org:default" type="c:OrgType" />     <!-- mailing-lists -->
+    </inducement>
+
+</role>
diff --git a/demo/complex/midpoint-objects/systemConfigurations/SystemConfiguration.xml b/demo/complex/midpoint-objects/systemConfigurations/SystemConfiguration.xml
index eb5f90c..ac59d68 100644
--- a/demo/complex/midpoint-objects/systemConfigurations/SystemConfiguration.xml
+++ b/demo/complex/midpoint-objects/systemConfigurations/SystemConfiguration.xml
@@ -105,6 +105,11 @@
          <subtype>course</subtype>
          <objectTemplateRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="d35bdec6-643b-41d8-ad5d-8eeb701169d1" relation="org:default" type="tns:ObjectTemplateType"/>
       </defaultObjectPolicyConfiguration>
+      <defaultObjectPolicyConfiguration id="110">
+         <type>OrgType</type>
+         <subtype>mailing-list</subtype>
+         <objectTemplateRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="be84a39a-c004-490b-9b78-a871b837f6df" relation="org:default" type="tns:ObjectTemplateType"/>
+      </defaultObjectPolicyConfiguration>
       <defaultObjectPolicyConfiguration id="100">
          <type>OrgType</type>
          <subtype>generic-group</subtype>
diff --git a/demo/complex/upload-async-update-task.sh b/demo/complex/upload-async-update-task.sh
new file mode 100755
index 0000000..35e8640
--- /dev/null
+++ b/demo/complex/upload-async-update-task.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+function upload () {
+  local filename=$1
+  local regex="midpoint-objects.*/(.*)/(.*)"
+  if [[ $filename =~ $regex ]]
+  then
+    type="${BASH_REMATCH[1]}"
+    oid=`cat $filename | sed -n 's:.*oid=\"\([A-Za-z0-9\-]*\)\".*:\1:p' | sed -n '1 p'`
+    echo "Uploading $filename ($type, $oid)"
+    curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X PUT "https://localhost:8443/midpoint/ws/rest/$type/$oid?options=overwrite" --data-binary @$filename
+  else
+    echo "Skipping $filename"
+  fi
+}
+
+upload midpoint-objects-manual/tasks/task-async-update-grouper.xml
diff --git a/demo/complex/upload-reconcile-grouper-groups.sh b/demo/complex/upload-reconcile-grouper-groups.sh
new file mode 100755
index 0000000..b1d14ee
--- /dev/null
+++ b/demo/complex/upload-reconcile-grouper-groups.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+function upload () {
+  local filename=$1
+  local regex="midpoint-objects.*/(.*)/(.*)"
+  if [[ $filename =~ $regex ]]
+  then
+    type="${BASH_REMATCH[1]}"
+    oid=`cat $filename | sed -n 's:.*oid=\"\([A-Za-z0-9\-]*\)\".*:\1:p' | sed -n '1 p'`
+    echo "Uploading $filename ($type, $oid)"
+    curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X PUT "https://localhost:8443/midpoint/ws/rest/$type/$oid?options=overwrite" --data-binary @$filename
+  else
+    echo "Skipping $filename"
+  fi
+}
+
+upload midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml
diff --git a/demo/complex/upload-reconcile-grouper-users.sh b/demo/complex/upload-reconcile-grouper-users.sh
new file mode 100755
index 0000000..784403c
--- /dev/null
+++ b/demo/complex/upload-reconcile-grouper-users.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+function upload () {
+  local filename=$1
+  local regex="midpoint-objects.*/(.*)/(.*)"
+  if [[ $filename =~ $regex ]]
+  then
+    type="${BASH_REMATCH[1]}"
+    oid=`cat $filename | sed -n 's:.*oid=\"\([A-Za-z0-9\-]*\)\".*:\1:p' | sed -n '1 p'`
+    echo "Uploading $filename ($type, $oid)"
+    curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X PUT "https://localhost:8443/midpoint/ws/rest/$type/$oid?options=overwrite" --data-binary @$filename
+  else
+    echo "Skipping $filename"
+  fi
+}
+
+upload midpoint-objects-manual/tasks/task-reconciliation-grouper-users.xml