work on group delete processing

internet2 · Jul 22, 2023 · 72d6782 · 72d6782
1 parent 803a892
commit 72d6782
Show file tree

Hide file tree

Showing 8 changed files with 129 additions and 218 deletions.
diff --git a/Workbench/configs-and-secrets/grouper/application/grouper-loader.properties b/Workbench/configs-and-secrets/grouper/application/grouper-loader.properties
@@ -64,9 +64,14 @@ provisioner.midPoint.customizeEntityCrud = true
 provisioner.midPoint.customizeGroupCrud = true
 provisioner.midPoint.customizeMembershipCrud = true
 provisioner.midPoint.dbExternalSystemConfigId = midPoint
-provisioner.midPoint.deleteEntities = false
-provisioner.midPoint.deleteGroups = false
-provisioner.midPoint.deleteMemberships = false
+provisioner.midPoint.deleteEntities = true
+provisioner.midPoint.deleteEntitiesIfNotExistInGrouper = false
+provisioner.midPoint.deleteEntitiesIfGrouperDeleted = true
+provisioner.midPoint.deleteGroups = true
+provisioner.midPoint.deleteGroupsIfNotExistInGrouper = true
+provisioner.midPoint.deleteMemberships = true
+provisioner.midPoint.deleteMembershipsIfNotExistInGrouper = false
+provisioner.midPoint.deleteMembershipsIfGrouperDeleted = true
 provisioner.midPoint.makeChangesToEntities = true
 provisioner.midPoint.midPointDeletedColumnName = deleted
 provisioner.midPoint.midPointLastModifiedColumnName = last_modified

diff --git a/...idpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper-new.xml b/...idpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper-new.xml
@@ -303,6 +303,14 @@
                         <synchronize/>
                     </actions>
                 </reaction>
+                <reaction>
+                    <situation>deleted</situation>
+		    <actions>
+		        <deleteFocus>
+		            <synchronize>true</synchronize>
+			</deleteFocus>
+                    </actions>
+                </reaction>
             </synchronization>
         </objectType>
 

diff --git a/...ontainer_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml b/...ontainer_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml
@@ -90,39 +90,6 @@
                 </target>
             </mapping>
 
-            <mapping>
-                <name>lifecycle state</name>
-                <description>This mapping sets org lifecycle state to be either "active" or "retired", depending on
-                    whether Grouper group for this org still exists. Orgs in the latter state are on the way to deletion:
-                    their members are unassigned and after no members are there, the org is automatically deleted.</description>
-                <strength>strong</strength>
-                <expression>
-                    <script>
-                        <code>
-                            import com.evolveum.midpoint.model.impl.expr.*
-                            import com.evolveum.midpoint.schema.*
-                            import com.evolveum.midpoint.xml.ns._public.common.common_3.*
-                            import com.evolveum.midpoint.model.common.expression.ModelExpressionThreadLocalHolder
-                            import com.evolveum.midpoint.model.api.context.ProjectionContextKey
-
-                            GROUPER_RESOURCE_OID = 'fb0bbf07-e33f-4ddd-85a1-16a7edc237f2'
-
-                            modelContext = ModelExpressionThreadLocalHolder.lensContext
-
-                            if (modelContext.findProjectionContextByKeyExact(ProjectionContextKey.classified(GROUPER_RESOURCE_OID, ShadowKindType.ENTITLEMENT, 'group', null)) != null) {
-                                log.info('Projection context for Grouper group found, marking as "active"')
-                                'active'
-                            } else {
-                                log.info('No projection context for Grouper group, marking as "retired"')
-                                'retired'
-                            }
-                        </code>
-                    </script>
-                </expression>
-                <target>
-                    <path>lifecycleState</path>
-                </target>
-            </mapping>
         </focusMappings>
 
         <!-- 

diff --git a/...iner_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml b/...iner_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
@@ -8,6 +8,7 @@
 <systemConfiguration oid="00000000-0000-0000-0000-000000000001" version="0"
                      xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+                     xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
                      xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
                      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
                      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
@@ -129,6 +130,45 @@
             </state>
         </lifecycleStateModel>
     </defaultObjectPolicyConfiguration>
+    <globalPolicyRule>
+        <focusSelector>
+            <type>OrgType</type>
+        </focusSelector>
+        <name>unassign-children-on-org-deletion</name>
+        <documentation>
+            Unassigns members when an org is deleted.
+        </documentation>
+        <policyConstraints>
+            <modification>
+                <operation>delete</operation>
+            </modification>
+        </policyConstraints>
+        <policyActions>
+            <scriptExecution>
+                <object>
+                    <linkSource/> <!-- all objects linked to the current focus -->
+                </object>
+                <executeScript>
+                    <s:unassign>
+                        <s:filter>
+                            <q:ref>
+                                <!-- all assignments targeting the current focus -->
+                                <q:path>targetRef</q:path>
+                                <expression>
+                                    <script>
+                                        <code>
+                                            import com.evolveum.midpoint.schema.util.ObjectTypeUtil
+                                            ObjectTypeUtil.createObjectRef(focus.oid)
+                                        </code>
+                                    </script>
+                                </expression>
+                            </q:ref>
+                        </s:filter>
+                    </s:unassign>
+                </executeScript>
+            </scriptExecution>
+        </policyActions>
+    </globalPolicyRule>
     <cleanupPolicy>
         <auditRecords>
             <maxAge>P3M</maxAge>

diff --git a/...ver/container_files/mp-home/post-initial-objects/tasks/600-task-import-grouper-groups.xml b/...ver/container_files/mp-home/post-initial-objects/tasks/600-task-import-grouper-groups.xml
diff --git a/.../container_files/mp-home/post-initial-objects/tasks/610-task-reconcile-grouper-groups.xml b/.../container_files/mp-home/post-initial-objects/tasks/610-task-reconcile-grouper-groups.xml
@@ -0,0 +1,51 @@
+<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="22625b6c-e9a7-4151-88f8-013abb1cc158" version="410">
+    <name>Groups: Reconcile groups/entitlements</name>
+
+    <assignment id="1">
+        <targetRef oid="00000000-0000-0000-0000-000000000501" relation="org:default" type="c:ArchetypeType">
+            <!-- Reconciliation task -->
+        </targetRef>
+        <activation>
+            <effectiveStatus>enabled</effectiveStatus>
+        </activation>
+    </assignment>
+    <iteration>0</iteration>
+    <iterationToken/>
+    <archetypeRef oid="00000000-0000-0000-0000-000000000501" relation="org:default" type="c:ArchetypeType">
+        <!-- Reconciliation task -->
+    </archetypeRef>
+    <roleMembershipRef oid="00000000-0000-0000-0000-000000000501" relation="org:default" type="c:ArchetypeType">
+        <!-- Reconciliation task -->
+    </roleMembershipRef>
+    <taskIdentifier>1689973935302-20962-1</taskIdentifier>
+    <ownerRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
+        <!-- banderson -->
+    </ownerRef>
+    <executionState>runnable</executionState>
+    <schedulingState>ready</schedulingState>
+    <category>Reconciliation</category>
+    <resultStatus>success</resultStatus>
+    <objectRef oid="fb0bbf07-e33f-4ddd-85a1-16a7edc237f2" relation="org:default" type="c:ResourceType">
+        <!-- Source: Groups-New -->
+    </objectRef>
+    <progress>33</progress>
+    <binding>loose</binding>
+    <schedule>
+        <interval>600</interval>
+    </schedule>
+    <activity>
+        <work>
+            <reconciliation>
+                <resourceObjects>
+                    <resourceRef oid="fb0bbf07-e33f-4ddd-85a1-16a7edc237f2" relation="org:default" type="c:ResourceType">
+                        <!-- Source: Groups-New -->
+                    </resourceRef>
+                    <kind>entitlement</kind>
+                    <intent>group</intent>
+                    <objectclass>ri:GroupObjectClass</objectclass>
+                </resourceObjects>
+            </reconciliation>
+        </work>
+    </activity>
+</task>
+
diff --git a/...asks/620-task-import-grouper-subjects.xml → ...asks/630-task-reconcile-grouper-users.xml b/...asks/620-task-import-grouper-subjects.xml → ...asks/630-task-reconcile-grouper-users.xml
@@ -1,59 +1,54 @@
-<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="f036351c-d57f-471a-9a39-0aba6ecb4944" version="0">
-    <name>Groups: Import users/accounts</name>
-    <metadata>
-        <requestTimestamp>2023-06-30T18:40:34.255Z</requestTimestamp>
-        <requestorRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
-            <!-- banderson -->
-        </requestorRef>
-        <createTimestamp>2023-06-30T18:40:34.297Z</createTimestamp>
-        <creatorRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
-            <!-- banderson -->
-        </creatorRef>
-        <createChannel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</createChannel>
-    </metadata>
+<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="95539396-14ce-4787-aaa8-c93e2aacfbc0" version="125">
+    <name>Groups: Reconcile Users/accounts</name>
     <assignment id="1">
         <metadata>
-            <requestTimestamp>2023-06-30T18:40:34.255Z</requestTimestamp>
+            <requestTimestamp>2023-07-21T21:12:58.938Z</requestTimestamp>
             <requestorRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
                 <!-- banderson -->
             </requestorRef>
-            <createTimestamp>2023-06-30T18:40:34.297Z</createTimestamp>
+            <createTimestamp>2023-07-21T21:12:58.953Z</createTimestamp>
             <creatorRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
                 <!-- banderson -->
             </creatorRef>
             <createChannel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</createChannel>
         </metadata>
-        <targetRef oid="00000000-0000-0000-0000-000000000503" relation="org:default" type="c:ArchetypeType">
-            <!-- Import task -->
+        <targetRef oid="00000000-0000-0000-0000-000000000501" relation="org:default" type="c:ArchetypeType">
+            <!-- Reconciliation task -->
         </targetRef>
         <activation>
             <effectiveStatus>enabled</effectiveStatus>
         </activation>
     </assignment>
     <iteration>0</iteration>
     <iterationToken/>
-    <archetypeRef oid="00000000-0000-0000-0000-000000000503" relation="org:default" type="c:ArchetypeType">
-        <!-- Import task -->
+    <archetypeRef oid="00000000-0000-0000-0000-000000000501" relation="org:default" type="c:ArchetypeType">
+        <!-- Reconciliation task -->
     </archetypeRef>
-    <roleMembershipRef oid="00000000-0000-0000-0000-000000000503" relation="org:default" type="c:ArchetypeType">
-        <!-- Import task -->
+    <roleMembershipRef oid="00000000-0000-0000-0000-000000000501" relation="org:default" type="c:ArchetypeType">
+        <!-- Reconciliation task -->
     </roleMembershipRef>
-    <taskIdentifier>1688150434298-46241-1</taskIdentifier>
+    <taskIdentifier>1689973978954-20962-1</taskIdentifier>
     <ownerRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
         <!-- banderson -->
     </ownerRef>
-    <executionStatus>runnable</executionStatus>
-    <category>ImportingAccounts</category>
+    <executionState>runnable</executionState>
+    <schedulingState>ready</schedulingState>
+    <category>Reconciliation</category>
+    <resultStatus>success</resultStatus>
     <objectRef oid="fb0bbf07-e33f-4ddd-85a1-16a7edc237f2" relation="org:default" type="c:ResourceType">
         <!-- Source: Groups-New -->
     </objectRef>
+    <lastRunStartTimestamp>2023-07-21T22:20:16.993Z</lastRunStartTimestamp>
+    <lastRunFinishTimestamp>2023-07-21T22:20:33.812Z</lastRunFinishTimestamp>
+    <completionTimestamp>2023-07-21T21:15:14.922Z</completionTimestamp>
+    <progress>98</progress>
     <binding>loose</binding>
     <schedule>
-        <interval>600</interval>
+        <interval>650</interval>
     </schedule>
     <activity>
         <work>
-            <import>
+            <reconciliation>
                 <resourceObjects>
                     <resourceRef oid="fb0bbf07-e33f-4ddd-85a1-16a7edc237f2" relation="org:default" type="c:ResourceType">
                         <!-- Source: Groups-New -->
@@ -62,7 +57,7 @@
                     <intent>default</intent>
                     <objectclass>ri:CustomSubjectObjectClass</objectclass>
                 </resourceObjects>
-            </import>
+            </reconciliation>
         </work>
     </activity>
 </task>