Adapt demo/complex to Grouper MQ integration

ethan · Mar 22, 2019 · 29ba916cd3e3c6cb2dab3e8723292b8dc0183307 · 29ba916
1 parent 5528ec7
commit 29ba916cd3e3c6cb2dab3e8723292b8dc0183307
diff --git a/build.sh b/build.sh
@@ -32,7 +32,7 @@ while getopts "nhr?" opt; do
        ;;
     esac
 done
-if [ "$SKIP_DOWNLOAD" = "0" ]; then ./download-midpoint || exit 1; fi
+if [ "$SKIP_DOWNLOAD" = "0" ]; then ./download-midpoint.sh || exit 1; fi
 docker build $REFRESH --tag $maintainer/$imagename:$tag --build-arg maintainer=$maintainer --build-arg imagename=$imagename . || exit 1
 echo "---------------------------------------------------------------------------------------"
 echo "The midPoint containers were successfully built. To start them, execute the following:"

diff --git a/demo/complex/after-installation.sh b/demo/complex/after-installation.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+B='\033[1;33m'
+N='\033[0m'
+
+echo -e "${B} * Uploading objects...${N}"
+$(dirname "$0")/upload-objects.sh
+
+echo -e "${B} * Testing LDAP and SQL resources...${N}"
+$(dirname "$0")/test-resources-1.sh
+
+echo -e "${B} * Recomputing Grouper admin group and user object...${N}"
+$(dirname "$0")/recompute.sh
+
+echo -e "${B} * Testing Grouper resource...${N}"
+$(dirname "$0")/test-resource-grouper.sh
+
+echo -e "${B} * Done${N}"
diff --git a/demo/complex/midpoint-objects/resources/resource-grouper.xml b/demo/complex/midpoint-objects/resources/resource-grouper.xml
@@ -38,7 +38,7 @@
 	</connectorRef>
 	<connectorConfiguration>
 		<icfc:configurationProperties>
-			<rest:baseUrl>grouper_ws:443</rest:baseUrl>
+			<rest:baseUrl>http://grouper_ws:8080</rest:baseUrl>
 			<rest:username>banderson</rest:username>
 			<rest:password>password</rest:password>
 			<rest:superGroup>etc:midpointGroups</rest:superGroup>
@@ -102,9 +102,11 @@
 			</attribute>
 			<attribute>
 				<ref>ri:group</ref>
+				<displayName>Subject Groups</displayName>
 				<inbound>
+			                <strength>strong</strength>
 					<target>
-						<path>organizationalUnit</path>
+						<path>extension/grouper_group</path>
 					</target>
 				</inbound>
 			</attribute>

diff --git a/demo/complex/midpoint-objects/users/user-banderson.xml b/demo/complex/midpoint-objects/users/user-banderson.xml
@@ -0,0 +1,20 @@
+<user xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" 
+      oid="e897468f-20bd-419c-8fc5-1fe60e2600de">
+    <name>banderson</name>
+    <assignment id="1">
+        <targetRef oid="d48ec05b-fffd-4262-acd3-d9ff63365b62" relation="org:default" type="c:RoleType">
+            <!-- role-grouper-sysadmin -->
+        </targetRef>
+    </assignment>
+    <fullName>Bob Anderson</fullName>
+    <givenName>Bob</givenName>
+    <familyName>Anderson</familyName>
+    <credentials>
+        <password>
+            <value>password</value>
+        </password>
+    </credentials>
+</user>
+
diff --git a/demo/complex/recompute.sh b/demo/complex/recompute.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+source $(dirname "$0")/../../library.bash
+
+recompute roles d48ec05b-fffd-4262-acd3-d9ff63365b62
+recompute users e897468f-20bd-419c-8fc5-1fe60e2600de
diff --git a/demo/complex/test-resource-grouper.sh b/demo/complex/test-resource-grouper.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+source $(dirname "$0")/../../library.bash
+
+test_resource 1eff65de-5bb6-483d-9edf-8cc2c2ee0233
diff --git a/demo/complex/test-resources → demo/complex/test-resources-1.sh b/demo/complex/test-resources → demo/complex/test-resources-1.sh
@@ -3,6 +3,5 @@
 source $(dirname "$0")/../../library.bash
 
 test_resource 0a37121f-d515-4a23-9b6d-554c5ef61272
-test_resource 6dcb84f5-bf82-4931-9072-fbdf87f96442
 test_resource 13660d60-071b-4596-9aa1-5efcd1256c04
 test_resource 4d70a0da-02dd-41cf-b0a1-00e75d3eaa15
diff --git a/demo/complex/tests/main.bats b/demo/complex/tests/main.bats
@@ -68,7 +68,7 @@ load ../../../library
     docker exec complex_sources_1 mysql sis -u root -p123321 -e "delete from SIS_PERSONS where uid not in ('amorrison', 'banderson', 'cmorrison', 'danderson', 'ddavis', 'jsmith', 'kwhite', 'mroberts', 'whenderson', 'wprice')"
 
     check_health
-    ./upload-objects
+    ./upload-objects.sh
 
     search_and_check_object objectTemplates template-org-course
     search_and_check_object objectTemplates template-org-department
@@ -79,7 +79,7 @@ load ../../../library
     search_and_check_object orgs departments
 
     search_and_check_object resources "OpenLDAP (directory)"
-    search_and_check_object resources "Grouper SQL/MQ"
+    search_and_check_object resources "Grouper Resource"
     search_and_check_object resources "SQL SIS courses (sources)"
     search_and_check_object resources "SQL SIS persons (sources)"
 
@@ -91,10 +91,9 @@ load ../../../library
     search_and_check_object roles role-ldap-basic
 }
 
-@test "210 Test resource" {
+@test "210 Test LDAP and SQL resources" {
     if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
     test_resource 0a37121f-d515-4a23-9b6d-554c5ef61272
-    test_resource 6dcb84f5-bf82-4931-9072-fbdf87f96442
     test_resource 13660d60-071b-4596-9aa1-5efcd1256c04
     test_resource 4d70a0da-02dd-41cf-b0a1-00e75d3eaa15
 }
@@ -201,86 +200,149 @@ load ../../../library
     delete_object_by_name users TestUser240
 }
 
-@test "300 Add wprice to 'etc:testGroup' and 'ref:affiliation:alum_includes'. Export 'ref:affiliation:alum'" {
+@test "250 Make 'banderson' Grouper administrator" {
     if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+    check_health
+    recompute roles d48ec05b-fffd-4262-acd3-d9ff63365b62
+    execute_bulk_action tests/resources/bulk-action/assign-role-grouper-sysadmin-to-banderson.xml complex_midpoint_server_1
+    recompute users e897468f-20bd-419c-8fc5-1fe60e2600de # for some reason this looks necessary (TODO)
+    check_of_ldap_membership banderson "ou=groups,dc=internet2,dc=edu" "sysadmingroup" complex_directory_1
+}
+
+@test "260 Export groups" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+
+    docker cp tests/resources/grouper/t260.gsh complex_grouper_daemon_1:/tmp/
+    docker exec complex_grouper_daemon_1 bash -c "/opt/grouper/grouper.apiBinary/bin/gsh /tmp/t260.gsh"
+}
 
-    docker cp tests/resources/grouper/t300.gsh complex_grouper_daemon_1:/tmp/
-    docker exec complex_grouper_daemon_1 bash -c "/opt/grouper/grouper.apiBinary/bin/gsh /tmp/t300.gsh"
+@test "265 Wait 120 seconds for changes to be propagated to MQ" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+
+    sleep 120
+}
+
+@test "300 Test Grouper resource" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+    test_resource 1eff65de-5bb6-483d-9edf-8cc2c2ee0233
 }
 
-@test "310 Import Grouper-to-midPoint import task" {
+@test "310 Import Grouper-to-midPoint async update task" {
     if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
 
     check_health
-    add_object tasks midpoint-objects-manual/tasks/task-import-grouper.xml
-    search_and_check_object tasks "Import from Grouper"
+    add_object tasks midpoint-objects-manual/tasks/task-async-update-grouper.xml
+    search_and_check_object tasks "Grouper async updates"
 }
 
-@test "320 Wait for the import to finish" {
+@test "320 Wait for the queue to become empty" {
     if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
 
-    wait_for_task_completion 617fec0c-f7a6-4f91-89d0-395fb8878edd 8 10
-    assert_task_success 617fec0c-f7a6-4f91-89d0-395fb8878edd
+    ATTEMPT=0
+    MAX_ATTEMPTS=20
+    DELAY=10
+
+    get_messages sampleQueue
+    echo "Messages: $MESSAGES"
+
+    until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
+        ATTEMPT=$((ATTEMPT+1))
+        get_messages sampleQueue
+        echo "Messages: $MESSAGES"
+        if [ "$MESSAGES" = "0" ]; then return 0; fi
+        echo "Waiting $DELAY seconds for the queue to become empty (attempt $ATTEMPT) ..."
+        sleep $DELAY
+    done
+    return 1
 }
 
-@test "330 Assert wprice membership in LDAP" {
+@test "330 Add wprice to 'midpoint:test' and 'ref:affiliation:alum_includes' groups" {
     if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
 
-    assert_ldap_user_has_value wprice Entitlement "etc:testGroup" complex_directory_1
-    assert_ldap_user_has_value wprice Entitlement "ref:affiliation:alum" complex_directory_1
+    docker cp tests/resources/grouper/t330.gsh complex_grouper_daemon_1:/tmp/
+    docker exec complex_grouper_daemon_1 bash -c "/opt/grouper/grouper.apiBinary/bin/gsh /tmp/t330.gsh"
 }
 
-@test "400 Clean sampleQueue" {
+@test "335 Wait 80 seconds for changes to be propagated to MQ" {
     if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
 
-    docker exec complex_mq_1 rabbitmqctl purge_queue sampleQueue
+    sleep 80
 }
 
-@test "410 Import Grouper-to-midPoint live sync task" {
+@test "340 Assert wprice membership in LDAP" {
     if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
 
-    check_health
-    add_object tasks tests/resources/tasks/task-livesync-grouper-single.xml
-    search_and_check_object tasks "LiveSync from Grouper"
-    wait_for_task_completion 87ffce52-717a-4205-ba01-0a698f0deaee 8 10
-    assert_task_success 87ffce52-717a-4205-ba01-0a698f0deaee
+    assert_ldap_user_has_value wprice Entitlement "midpoint:test" complex_directory_1
+    assert_ldap_user_has_value wprice Entitlement "midpoint:alum" complex_directory_1
 }
 
-@test "420 Add kwhite to 'etc:testGroup', remove wprice from 'ref:affiliation:alum_includes'" {
+@test "350 Add kwhite to 'midpoint:test', remove wprice from 'ref:affiliation:alum_includes'" {
     if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
 
-    docker cp tests/resources/grouper/t420.gsh complex_grouper_daemon_1:/tmp/
-    docker exec complex_grouper_daemon_1 bash -c "/opt/grouper/grouper.apiBinary/bin/gsh /tmp/t420.gsh"
+    docker cp tests/resources/grouper/t350.gsh complex_grouper_daemon_1:/tmp/
+    docker exec complex_grouper_daemon_1 bash -c "/opt/grouper/grouper.apiBinary/bin/gsh /tmp/t350.gsh"
 }
 
-@test "425 Wait 80 seconds for changes to be propagated to MQ" {
+@test "355 Wait 80 seconds for changes to be propagated to MQ" {
     if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
 
     sleep 80
 }
 
-@test "430 Assert existence of change messages in sampleQueue" {
+@test "360 Assert wprice and kwhite membership in LDAP" {
     if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
 
-    docker cp tests/resources/rabbitmq/check-samplequeue.sh complex_mq_1:/tmp/
-    docker exec complex_mq_1 bash /tmp/check-samplequeue.sh
+    assert_ldap_user_has_value kwhite Entitlement "midpoint:test" complex_directory_1
+    assert_ldap_user_has_value wprice Entitlement "midpoint:test" complex_directory_1
+    assert_ldap_user_has_no_value wprice Entitlement "ref:affiliation:alum" complex_directory_1
 }
 
-@test "440 Execute Grouper-to-midPoint live sync task (again)" {
+@test "400 Suspend async update task" {
     if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
 
-    check_health
-    run_task_now 87ffce52-717a-4205-ba01-0a698f0deaee
-    wait_for_task_completion 87ffce52-717a-4205-ba01-0a698f0deaee 8 10
-    assert_task_success 87ffce52-717a-4205-ba01-0a698f0deaee
+    suspend_task 47fc57bd-8c34-4555-9b9f-7087ff179860 complex_midpoint_server_1
+    wait_for_task_completion 47fc57bd-8c34-4555-9b9f-7087ff179860 5 10
 }
 
-@test "450 Assert wprice and kwhite membership in LDAP" {
+@test "410 Remove kwhite and wprice from 'midpoint:test'" {
     if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
 
-    assert_ldap_user_has_value kwhite Entitlement "etc:testGroup" complex_directory_1
-    assert_ldap_user_has_value wprice Entitlement "etc:testGroup" complex_directory_1
-    assert_ldap_user_has_no_value wprice Entitlement "ref:affiliation:alum" complex_directory_1
+    docker cp tests/resources/grouper/t410.gsh complex_grouper_daemon_1:/tmp/
+    docker exec complex_grouper_daemon_1 bash -c "/opt/grouper/grouper.apiBinary/bin/gsh /tmp/t410.gsh"
+}
+
+@test "420 Reconcile Grouper" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+
+    add_object tasks midpoint-objects-manual/tasks/task-reconciliation-grouper-users.xml
+    search_and_check_object tasks "Grouper reconciliation (users)"
+    wait_for_task_completion 42aa9f43-64c5-41a6-814c-b58b9ea4e204 6 10
+    assert_task_success 42aa9f43-64c5-41a6-814c-b58b9ea4e204
+
+    search_and_check_object users jsmith
+    search_and_check_object users banderson
+    search_and_check_object users kwhite
+    search_and_check_object users whenderson
+    search_and_check_object users ddavis
+    search_and_check_object users cmorrison
+    search_and_check_object users danderson
+    search_and_check_object users amorrison
+    search_and_check_object users wprice
+    search_and_check_object users mroberts
+
+    check_ldap_account_by_user_name jsmith complex_directory_1
+    check_ldap_account_by_user_name banderson complex_directory_1
+    check_ldap_account_by_user_name kwhite complex_directory_1
+    check_ldap_account_by_user_name whenderson complex_directory_1
+    check_ldap_account_by_user_name ddavis complex_directory_1
+    check_ldap_account_by_user_name cmorrison complex_directory_1
+    check_ldap_account_by_user_name danderson complex_directory_1
+    check_ldap_account_by_user_name amorrison complex_directory_1
+    check_ldap_account_by_user_name wprice complex_directory_1
+    check_ldap_account_by_user_name mroberts complex_directory_1
+
+    assert_ldap_user_has_no_value wprice Entitlement "midpoint:test" complex_directory_1
+    assert_ldap_user_has_no_value kwhite Entitlement "midpoint:test" complex_directory_1
 }
 
 @test "999 Clean up" {

diff --git a/demo/complex/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-banderson.xml b/demo/complex/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-banderson.xml
@@ -0,0 +1,22 @@
+<scext:executeScript xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">
+                <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
+   			  xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+			  xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+			  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         		  xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+                    <s:type>c:UserType</s:type>
+                    <s:searchFilter>
+                        <q:equal>
+                            <q:path>c:name</q:path>
+                            <q:value>banderson</q:value>
+                        </q:equal>
+                    </s:searchFilter>
+                    <s:action>
+                        <s:type>assign</s:type>
+                        <s:parameter>
+                            <s:name>role</s:name>
+							<c:value xsi:type="xsd:string">d48ec05b-fffd-4262-acd3-d9ff63365b62</c:value>
+                        </s:parameter>
+                    </s:action>
+                </s:search>
+            </scext:executeScript>
diff --git a/demo/complex/tests/resources/grouper/t260.gsh b/demo/complex/tests/resources/grouper/t260.gsh
@@ -0,0 +1,31 @@
+System.out.println("************** t260.gsh starting **************");
+
+gs = GrouperSession.startRootSession()
+
+midpointGroups = GroupFinder.findByName(gs, 'etc:midpointGroups')
+
+new GroupSave(gs).assignName("midpoint:alum").assignCreateParentStemsIfNotExist(true).save()
+GroupFinder.findByName(gs, 'midpoint:alum').addMember(SubjectFinder.findByIdentifier('ref:affiliation:alum', 'group', 'g:gsa'), false)
+midpointGroups.addMember(SubjectFinder.findByIdentifier('midpoint:alum', 'group', 'g:gsa'), false)
+
+new GroupSave(gs).assignName("midpoint:community").assignCreateParentStemsIfNotExist(true).save()
+GroupFinder.findByName(gs, 'midpoint:community').addMember(SubjectFinder.findByIdentifier('ref:affiliation:community', 'group', 'g:gsa'), false)
+midpointGroups.addMember(SubjectFinder.findByIdentifier('midpoint:community', 'group', 'g:gsa'), false)
+
+new GroupSave(gs).assignName("midpoint:faculty").assignCreateParentStemsIfNotExist(true).save()
+GroupFinder.findByName(gs, 'midpoint:faculty').addMember(SubjectFinder.findByIdentifier('ref:affiliation:faculty', 'group', 'g:gsa'), false)
+midpointGroups.addMember(SubjectFinder.findByIdentifier('midpoint:faculty', 'group', 'g:gsa'), false)
+
+new GroupSave(gs).assignName("midpoint:member").assignCreateParentStemsIfNotExist(true).save()
+GroupFinder.findByName(gs, 'midpoint:member').addMember(SubjectFinder.findByIdentifier('ref:affiliation:member', 'group', 'g:gsa'), false)
+midpointGroups.addMember(SubjectFinder.findByIdentifier('midpoint:member', 'group', 'g:gsa'), false)
+
+new GroupSave(gs).assignName("midpoint:staff").assignCreateParentStemsIfNotExist(true).save()
+GroupFinder.findByName(gs, 'midpoint:staff').addMember(SubjectFinder.findByIdentifier('ref:affiliation:staff', 'group', 'g:gsa'), false)
+midpointGroups.addMember(SubjectFinder.findByIdentifier('midpoint:staff', 'group', 'g:gsa'), false)
+
+new GroupSave(gs).assignName("midpoint:student").assignCreateParentStemsIfNotExist(true).save()
+GroupFinder.findByName(gs, 'midpoint:student').addMember(SubjectFinder.findByIdentifier('ref:affiliation:student', 'group', 'g:gsa'), false)
+midpointGroups.addMember(SubjectFinder.findByIdentifier('midpoint:student', 'group', 'g:gsa'), false)
+
+System.out.println("************** t260.gsh done **************");
diff --git a/demo/complex/tests/resources/grouper/t330.gsh b/demo/complex/tests/resources/grouper/t330.gsh
@@ -0,0 +1,11 @@
+System.out.println("************** t330.gsh starting **************");
+
+gs = GrouperSession.startRootSession()
+
+testGroup = GroupFinder.findByName(gs, 'midpoint:test')
+alumIncludesGroup = GroupFinder.findByName(gs, 'ref:affiliation:alum_includes')
+wprice = SubjectFinder.findById('wprice', 'person', 'ldap')
+testGroup.addMember(wprice, false)
+alumIncludesGroup.addMember(wprice, false)
+
+System.out.println("************** t330.gsh done **************");
diff --git a/.../complex/tests/resources/grouper/t420.gsh → .../complex/tests/resources/grouper/t350.gsh b/.../complex/tests/resources/grouper/t420.gsh → .../complex/tests/resources/grouper/t350.gsh
@@ -1,12 +1,12 @@
-System.out.println("************** t420.gsh starting **************");
+System.out.println("************** t350.gsh starting **************");
 
 gs = GrouperSession.startRootSession()
 
 alumIncludes = GroupFinder.findByName(gs, 'ref:affiliation:alum_includes')
-testGroup = GroupFinder.findByName(gs, 'etc:testGroup')
+testGroup = GroupFinder.findByName(gs, 'midpoint:test')
 kwhite = SubjectFinder.findById('kwhite', 'person', 'ldap')
 wprice = SubjectFinder.findById('wprice', 'person', 'ldap')
 testGroup.addMember(kwhite, false)
 alumIncludes.deleteMember(wprice, false)
 
-System.out.println("************** t420.gsh done **************");
+System.out.println("************** t350.gsh done **************");