From 72d678221558f06923f49c7c13bfb0237b572153 Mon Sep 17 00:00:00 2001
From: root <root@ip-172-31-22-60.us-west-2.compute.internal>
Date: Sat, 22 Jul 2023 20:14:42 +0000
Subject: [PATCH] work on group delete processing

---
 .../application/grouper-loader.properties     | 11 ++-
 .../resources/100-grouper-new.xml             |  8 ++
 .../200-metarole-grouper-provided-group.xml   | 33 -------
 .../010-system-configuration.xml              | 40 +++++++++
 .../tasks/600-task-import-grouper-groups.xml  | 69 ---------------
 .../610-task-reconcile-grouper-groups.xml     | 51 +++++++++++
 ...l => 630-task-reconcile-grouper-users.xml} | 49 +++++------
 .../tasks/995-task-group-scavenger.xml        | 86 -------------------
 8 files changed, 129 insertions(+), 218 deletions(-)
 delete mode 100644 Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/600-task-import-grouper-groups.xml
 create mode 100644 Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/610-task-reconcile-grouper-groups.xml
 rename Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/{620-task-import-grouper-subjects.xml => 630-task-reconcile-grouper-users.xml} (62%)
 delete mode 100644 Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/995-task-group-scavenger.xml

diff --git a/Workbench/configs-and-secrets/grouper/application/grouper-loader.properties b/Workbench/configs-and-secrets/grouper/application/grouper-loader.properties
index 67631c5..7d66bbd 100755
--- a/Workbench/configs-and-secrets/grouper/application/grouper-loader.properties
+++ b/Workbench/configs-and-secrets/grouper/application/grouper-loader.properties
@@ -64,9 +64,14 @@ provisioner.midPoint.customizeEntityCrud = true
 provisioner.midPoint.customizeGroupCrud = true
 provisioner.midPoint.customizeMembershipCrud = true
 provisioner.midPoint.dbExternalSystemConfigId = midPoint
-provisioner.midPoint.deleteEntities = false
-provisioner.midPoint.deleteGroups = false
-provisioner.midPoint.deleteMemberships = false
+provisioner.midPoint.deleteEntities = true
+provisioner.midPoint.deleteEntitiesIfNotExistInGrouper = false
+provisioner.midPoint.deleteEntitiesIfGrouperDeleted = true
+provisioner.midPoint.deleteGroups = true
+provisioner.midPoint.deleteGroupsIfNotExistInGrouper = true
+provisioner.midPoint.deleteMemberships = true
+provisioner.midPoint.deleteMembershipsIfNotExistInGrouper = false
+provisioner.midPoint.deleteMembershipsIfGrouperDeleted = true
 provisioner.midPoint.makeChangesToEntities = true
 provisioner.midPoint.midPointDeletedColumnName = deleted
 provisioner.midPoint.midPointLastModifiedColumnName = last_modified
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper-new.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper-new.xml
index 4ac1d2c..542db2d 100644
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper-new.xml
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper-new.xml
@@ -303,6 +303,14 @@
                         <synchronize/>
                     </actions>
                 </reaction>
+                <reaction>
+                    <situation>deleted</situation>
+		    <actions>
+		        <deleteFocus>
+		            <synchronize>true</synchronize>
+			</deleteFocus>
+                    </actions>
+                </reaction>
             </synchronization>
         </objectType>
 
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml
index 900922f..a9351a4 100644
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml
@@ -90,39 +90,6 @@
                 </target>
             </mapping>
 
-            <mapping>
-                <name>lifecycle state</name>
-                <description>This mapping sets org lifecycle state to be either "active" or "retired", depending on
-                    whether Grouper group for this org still exists. Orgs in the latter state are on the way to deletion:
-                    their members are unassigned and after no members are there, the org is automatically deleted.</description>
-                <strength>strong</strength>
-                <expression>
-                    <script>
-                        <code>
-                            import com.evolveum.midpoint.model.impl.expr.*
-                            import com.evolveum.midpoint.schema.*
-                            import com.evolveum.midpoint.xml.ns._public.common.common_3.*
-                            import com.evolveum.midpoint.model.common.expression.ModelExpressionThreadLocalHolder
-                            import com.evolveum.midpoint.model.api.context.ProjectionContextKey
-
-                            GROUPER_RESOURCE_OID = 'fb0bbf07-e33f-4ddd-85a1-16a7edc237f2'
-
-                            modelContext = ModelExpressionThreadLocalHolder.lensContext
-
-                            if (modelContext.findProjectionContextByKeyExact(ProjectionContextKey.classified(GROUPER_RESOURCE_OID, ShadowKindType.ENTITLEMENT, 'group', null)) != null) {
-                                log.info('Projection context for Grouper group found, marking as "active"')
-                                'active'
-                            } else {
-                                log.info('No projection context for Grouper group, marking as "retired"')
-                                'retired'
-                            }
-                        </code>
-                    </script>
-                </expression>
-                <target>
-                    <path>lifecycleState</path>
-                </target>
-            </mapping>
         </focusMappings>
         
         <!-- 
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
index 73b6c7f..5ac96fb 100644
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
@@ -8,6 +8,7 @@
 <systemConfiguration oid="00000000-0000-0000-0000-000000000001" version="0"
                      xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+                     xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
                      xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
                      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
                      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
@@ -129,6 +130,45 @@
             </state>
         </lifecycleStateModel>
     </defaultObjectPolicyConfiguration>
+    <globalPolicyRule>
+        <focusSelector>
+            <type>OrgType</type>
+        </focusSelector>
+        <name>unassign-children-on-org-deletion</name>
+        <documentation>
+            Unassigns members when an org is deleted.
+        </documentation>
+        <policyConstraints>
+            <modification>
+                <operation>delete</operation>
+            </modification>
+        </policyConstraints>
+        <policyActions>
+            <scriptExecution>
+                <object>
+                    <linkSource/> <!-- all objects linked to the current focus -->
+                </object>
+                <executeScript>
+                    <s:unassign>
+                        <s:filter>
+                            <q:ref>
+                                <!-- all assignments targeting the current focus -->
+                                <q:path>targetRef</q:path>
+                                <expression>
+                                    <script>
+                                        <code>
+                                            import com.evolveum.midpoint.schema.util.ObjectTypeUtil
+                                            ObjectTypeUtil.createObjectRef(focus.oid)
+                                        </code>
+                                    </script>
+                                </expression>
+                            </q:ref>
+                        </s:filter>
+                    </s:unassign>
+                </executeScript>
+            </scriptExecution>
+        </policyActions>
+    </globalPolicyRule>
     <cleanupPolicy>
         <auditRecords>
             <maxAge>P3M</maxAge>
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/600-task-import-grouper-groups.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/600-task-import-grouper-groups.xml
deleted file mode 100644
index 8d04969..0000000
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/600-task-import-grouper-groups.xml
+++ /dev/null
@@ -1,69 +0,0 @@
-<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="778463b8-10cd-4a55-abc0-340bdaddbbc9" version="0">
-    <name>Groups: Import groups/entitlements</name>
-    <metadata>
-        <requestTimestamp>2023-06-30T18:40:13.058Z</requestTimestamp>
-        <requestorRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
-            <!-- banderson -->
-        </requestorRef>
-        <createTimestamp>2023-06-30T18:40:13.385Z</createTimestamp>
-        <creatorRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
-            <!-- banderson -->
-        </creatorRef>
-        <createChannel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</createChannel>
-    </metadata>
-    <assignment id="1">
-        <metadata>
-            <requestTimestamp>2023-06-30T18:40:13.058Z</requestTimestamp>
-            <requestorRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
-                <!-- banderson -->
-            </requestorRef>
-            <createTimestamp>2023-06-30T18:40:13.385Z</createTimestamp>
-            <creatorRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
-                <!-- banderson -->
-            </creatorRef>
-            <createChannel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</createChannel>
-        </metadata>
-        <targetRef oid="00000000-0000-0000-0000-000000000503" relation="org:default" type="c:ArchetypeType">
-            <!-- Import task -->
-        </targetRef>
-        <activation>
-            <effectiveStatus>enabled</effectiveStatus>
-        </activation>
-    </assignment>
-    <iteration>0</iteration>
-    <iterationToken/>
-    <archetypeRef oid="00000000-0000-0000-0000-000000000503" relation="org:default" type="c:ArchetypeType">
-        <!-- Import task -->
-    </archetypeRef>
-    <roleMembershipRef oid="00000000-0000-0000-0000-000000000503" relation="org:default" type="c:ArchetypeType">
-        <!-- Import task -->
-    </roleMembershipRef>
-    <taskIdentifier>1688150413389-46241-1</taskIdentifier>
-    <ownerRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
-        <!-- banderson -->
-    </ownerRef>
-    <executionStatus>runnable</executionStatus>
-    <category>ImportingAccounts</category>
-    <objectRef oid="fb0bbf07-e33f-4ddd-85a1-16a7edc237f2" relation="org:default" type="c:ResourceType">
-        <!-- Source: Groups-New -->
-    </objectRef>
-    <binding>loose</binding>
-    <schedule>
-        <interval>600</interval>
-    </schedule>
-    <activity>
-        <work>
-            <import>
-                <resourceObjects>
-                    <resourceRef oid="fb0bbf07-e33f-4ddd-85a1-16a7edc237f2" relation="org:default" type="c:ResourceType">
-                        <!-- Source: Groups-New -->
-                    </resourceRef>
-                    <kind>entitlement</kind>
-                    <intent>group</intent>
-                    <objectclass>ri:GroupObjectClass</objectclass>
-                </resourceObjects>
-            </import>
-        </work>
-    </activity>
-</task>
-
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/610-task-reconcile-grouper-groups.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/610-task-reconcile-grouper-groups.xml
new file mode 100644
index 0000000..08120a2
--- /dev/null
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/610-task-reconcile-grouper-groups.xml
@@ -0,0 +1,51 @@
+<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="22625b6c-e9a7-4151-88f8-013abb1cc158" version="410">
+    <name>Groups: Reconcile groups/entitlements</name>
+
+    <assignment id="1">
+        <targetRef oid="00000000-0000-0000-0000-000000000501" relation="org:default" type="c:ArchetypeType">
+            <!-- Reconciliation task -->
+        </targetRef>
+        <activation>
+            <effectiveStatus>enabled</effectiveStatus>
+        </activation>
+    </assignment>
+    <iteration>0</iteration>
+    <iterationToken/>
+    <archetypeRef oid="00000000-0000-0000-0000-000000000501" relation="org:default" type="c:ArchetypeType">
+        <!-- Reconciliation task -->
+    </archetypeRef>
+    <roleMembershipRef oid="00000000-0000-0000-0000-000000000501" relation="org:default" type="c:ArchetypeType">
+        <!-- Reconciliation task -->
+    </roleMembershipRef>
+    <taskIdentifier>1689973935302-20962-1</taskIdentifier>
+    <ownerRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
+        <!-- banderson -->
+    </ownerRef>
+    <executionState>runnable</executionState>
+    <schedulingState>ready</schedulingState>
+    <category>Reconciliation</category>
+    <resultStatus>success</resultStatus>
+    <objectRef oid="fb0bbf07-e33f-4ddd-85a1-16a7edc237f2" relation="org:default" type="c:ResourceType">
+        <!-- Source: Groups-New -->
+    </objectRef>
+    <progress>33</progress>
+    <binding>loose</binding>
+    <schedule>
+        <interval>600</interval>
+    </schedule>
+    <activity>
+        <work>
+            <reconciliation>
+                <resourceObjects>
+                    <resourceRef oid="fb0bbf07-e33f-4ddd-85a1-16a7edc237f2" relation="org:default" type="c:ResourceType">
+                        <!-- Source: Groups-New -->
+                    </resourceRef>
+                    <kind>entitlement</kind>
+                    <intent>group</intent>
+                    <objectclass>ri:GroupObjectClass</objectclass>
+                </resourceObjects>
+            </reconciliation>
+        </work>
+    </activity>
+</task>
+
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/620-task-import-grouper-subjects.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/630-task-reconcile-grouper-users.xml
similarity index 62%
rename from Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/620-task-import-grouper-subjects.xml
rename to Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/630-task-reconcile-grouper-users.xml
index f09e3ff..d7fe038 100644
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/620-task-import-grouper-subjects.xml
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/630-task-reconcile-grouper-users.xml
@@ -1,30 +1,19 @@
-<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="f036351c-d57f-471a-9a39-0aba6ecb4944" version="0">
-    <name>Groups: Import users/accounts</name>
-    <metadata>
-        <requestTimestamp>2023-06-30T18:40:34.255Z</requestTimestamp>
-        <requestorRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
-            <!-- banderson -->
-        </requestorRef>
-        <createTimestamp>2023-06-30T18:40:34.297Z</createTimestamp>
-        <creatorRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
-            <!-- banderson -->
-        </creatorRef>
-        <createChannel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</createChannel>
-    </metadata>
+<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="95539396-14ce-4787-aaa8-c93e2aacfbc0" version="125">
+    <name>Groups: Reconcile Users/accounts</name>
     <assignment id="1">
         <metadata>
-            <requestTimestamp>2023-06-30T18:40:34.255Z</requestTimestamp>
+            <requestTimestamp>2023-07-21T21:12:58.938Z</requestTimestamp>
             <requestorRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
                 <!-- banderson -->
             </requestorRef>
-            <createTimestamp>2023-06-30T18:40:34.297Z</createTimestamp>
+            <createTimestamp>2023-07-21T21:12:58.953Z</createTimestamp>
             <creatorRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
                 <!-- banderson -->
             </creatorRef>
             <createChannel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</createChannel>
         </metadata>
-        <targetRef oid="00000000-0000-0000-0000-000000000503" relation="org:default" type="c:ArchetypeType">
-            <!-- Import task -->
+        <targetRef oid="00000000-0000-0000-0000-000000000501" relation="org:default" type="c:ArchetypeType">
+            <!-- Reconciliation task -->
         </targetRef>
         <activation>
             <effectiveStatus>enabled</effectiveStatus>
@@ -32,28 +21,34 @@
     </assignment>
     <iteration>0</iteration>
     <iterationToken/>
-    <archetypeRef oid="00000000-0000-0000-0000-000000000503" relation="org:default" type="c:ArchetypeType">
-        <!-- Import task -->
+    <archetypeRef oid="00000000-0000-0000-0000-000000000501" relation="org:default" type="c:ArchetypeType">
+        <!-- Reconciliation task -->
     </archetypeRef>
-    <roleMembershipRef oid="00000000-0000-0000-0000-000000000503" relation="org:default" type="c:ArchetypeType">
-        <!-- Import task -->
+    <roleMembershipRef oid="00000000-0000-0000-0000-000000000501" relation="org:default" type="c:ArchetypeType">
+        <!-- Reconciliation task -->
     </roleMembershipRef>
-    <taskIdentifier>1688150434298-46241-1</taskIdentifier>
+    <taskIdentifier>1689973978954-20962-1</taskIdentifier>
     <ownerRef oid="e897468f-20bd-419c-8fc5-1fe60e2600de" relation="org:default" type="c:UserType">
         <!-- banderson -->
     </ownerRef>
-    <executionStatus>runnable</executionStatus>
-    <category>ImportingAccounts</category>
+    <executionState>runnable</executionState>
+    <schedulingState>ready</schedulingState>
+    <category>Reconciliation</category>
+    <resultStatus>success</resultStatus>
     <objectRef oid="fb0bbf07-e33f-4ddd-85a1-16a7edc237f2" relation="org:default" type="c:ResourceType">
         <!-- Source: Groups-New -->
     </objectRef>
+    <lastRunStartTimestamp>2023-07-21T22:20:16.993Z</lastRunStartTimestamp>
+    <lastRunFinishTimestamp>2023-07-21T22:20:33.812Z</lastRunFinishTimestamp>
+    <completionTimestamp>2023-07-21T21:15:14.922Z</completionTimestamp>
+    <progress>98</progress>
     <binding>loose</binding>
     <schedule>
-        <interval>600</interval>
+        <interval>650</interval>
     </schedule>
     <activity>
         <work>
-            <import>
+            <reconciliation>
                 <resourceObjects>
                     <resourceRef oid="fb0bbf07-e33f-4ddd-85a1-16a7edc237f2" relation="org:default" type="c:ResourceType">
                         <!-- Source: Groups-New -->
@@ -62,7 +57,7 @@
                     <intent>default</intent>
                     <objectclass>ri:CustomSubjectObjectClass</objectclass>
                 </resourceObjects>
-            </import>
+            </reconciliation>
         </work>
     </activity>
 </task>
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/995-task-group-scavenger.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/995-task-group-scavenger.xml
deleted file mode 100644
index a4213aa..0000000
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/tasks/995-task-group-scavenger.xml
+++ /dev/null
@@ -1,86 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Copyright (c) 2019 Evolveum and contributors
-  ~
-  ~ This work is dual-licensed under the Apache License 2.0
-  ~ and European Union Public License. See LICENSE file for details.
-  -->
-
-<!--
-
-Looks for groups with the lifecycleState of 'retired' and completes their deletion:
- - unassigns all the users (simply by recomputing them)
-
--->
-
-<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-	  xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-	  xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
-	  xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
-	  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	  xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
-	  xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3"
-	  oid="1d7bef40-953e-443e-8e9a-ec6e313668c4">
-	<name>Groups: Group Scavenger</name>
-	<extension>
-		<scext:executeScript>
-			<s:action>
-				<s:type>execute-script</s:type>
-				<s:parameter>
-					<s:name>script</s:name>
-					<c:value xsi:type="c:ScriptExpressionEvaluatorType">
-						<c:code>import com.evolveum.midpoint.xml.ns._public.common.common_3.*
-
-						result = midpoint.currentResult
-						log.info('Processing dead group: {}', input)
-						query = prismContext.queryFor(UserType.class)
-								.item(UserType.F_ROLE_MEMBERSHIP_REF).ref(input.oid)
-								.build()
-						members = midpoint.repositoryService.searchObjects(UserType.class, query, null, result)
-						log.info('Found {} members: {}', members.size(), members)
-
-						for (member in members) {
-							log.info('Going to recompute {}', member)
-							try {
-								midpoint.recompute(UserType.class, member.oid)
-							} catch (Throwable t) {
-								log.error('Couldn\'t recompute {}: {}', member, t.message, t)
-							}
-						}
-						log.info('Members recomputed; checking if the org is still in "retired" state')
-						orgAfter = midpoint.repositoryService.getObject(OrgType.class, input.oid, null, result)
-						currentState = orgAfter.asObjectable().lifecycleState
-						log.info('Current state = {}', currentState)
-						if (currentState == 'retired') {
-							log.info('Deleting the org: {}', orgAfter)
-							midpoint.deleteObject(OrgType.class, orgAfter.oid, null)
-						} else {
-							log.info('State has changed, not deleting the org: {}', orgAfter)
-						}
-						log.info('Dead group processing done: {}', input)
-						</c:code>
-					</c:value>
-				</s:parameter>
-			</s:action>
-		</scext:executeScript>
-		<mext:objectType>OrgType</mext:objectType>
-		<mext:objectQuery>
-			<q:filter>
-				<q:equal>
-					<q:path>lifecycleState</q:path>
-					<q:value>retired</q:value>
-				</q:equal>
-			</q:filter>
-		</mext:objectQuery>
-	</extension>
-	<assignment>
-		<targetRef oid="00000000-0000-0000-0000-000000000509" type="ArchetypeType" /> <!-- Iterative bulk action task -->
-	</assignment>
-	<ownerRef oid="00000000-0000-0000-0000-000000000002"/>
-	<executionStatus>runnable</executionStatus>
-	<category>BulkActions</category>
-	<recurrence>recurring</recurrence>
-	<schedule>
-		<interval>60</interval>
-	</schedule>
-</task>