Skip to content
Jump to bottom

changes for midpoint's grouper resource #167

Merged
merged 1 commit into from Oct 12, 2023
+43 −59
Merged

changes for midpoint's grouper resource #167

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
40 changes: 37 additions & 3 deletions ...server/container_files/mp-home/post-initial-objects/objectTemplates/100-template-user.xml
View file
Open in desktop
Expand Up @@ -37,14 +37,14 @@
</variable>
<script>
<code>
import com.evolveum.midpoint.xml.ns._public.common.common_3.*
import com.evolveum.midpoint.xml.ns._public.common.common_3.*
import com.evolveum.midpoint.schema.constants.*
import com.evolveum.midpoint.schema.*
import javax.xml.namespace.*
import com.evolveum.midpoint.util.*
import com.evolveum.midpoint.prism.path.*
import com.evolveum.midpoint.prism.polystring.*
import com.evolveum.midpoint.prism.PrismContainer.*
import com.evolveum.midpoint.prism.polystring.*
import com.evolveum.midpoint.prism.PrismContainer.*

def nameunique = false
def uidunique = false
Expand Down Expand Up @@ -126,4 +126,38 @@
</condition>
</mapping>
</item>

<mapping>
<description>
This mapping will remove assignments with grouper-grouper subtype for all users who don't have account linked on Grouper resource.
This is addressing the situation when a user account on Grouper resource is deleted and therefore is not logner synchronized.
Also, this will clean up all grouper-group assignments that shouldn't exist. We want such assignments exist only if they exists in Grouper resource.
</description>
<strength>strong</strength>
<expression>
<script>
<code>
return null
</code>
</script>
</expression>
<target>
<path>assignment</path>
<set>
<condition>
<script>
<code>
//OID points to Grouper resource
if(!midpoint.hasLinkedAccount('fb0bbf07-e33f-4ddd-85a1-16a7edc237f2')) {
return assignment?.subtype?.contains('grouper-group')
} else {
return false
}
</code>
</script>
</condition>
</set>
</target>
</mapping>

</objectTemplate>
62 changes: 6 additions & 56 deletions ...idpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper-new.xml
View file
Open in desktop
Expand Up @@ -199,6 +199,12 @@
<synchronize/>
</actions>
</reaction>
<reaction>
<situation>deleted</situation>
<actions>
<synchronize/>
</actions>
</reaction>
</synchronization>

</objectType>
Expand Down Expand Up @@ -289,62 +295,6 @@
<fetchStrategy>explicit</fetchStrategy>
</attribute>

<association>
<ref>ri:subjects</ref>
<inbound>
<expression>
<assignmentTargetSearch>
<targetType>c:OrgType</targetType>
<filter>
<q:equal>
<q:path>name</q:path>
<expression>
<script>
<code>
def groupName;
if (entitlement!=null){
def attrs = entitlement.getAttributes();
pcvi = attrs.asPrismContainerValue().getItems();

for (obj in pcvi){
if (obj.isSingleValue()){

if("uid".equals(obj?.getElementName().toString())){

groupName = obj?.getValue()?.getRealValue()

//TODO remove log
log.info("The group name: " +groupName)

return groupName
}
}
}

}

return groupName;
</code>
</script>
</expression>
</q:equal>
</filter>
</assignmentTargetSearch>
</expression>
<target>
<path>assignment</path>
</target>
</inbound>
<kind>account</kind>
<intent>default</intent>
<direction>subjectToObject</direction>
<associationAttribute>ri:members</associationAttribute>
<valueAttribute>icfs:uid</valueAttribute>
<shortcutAssociationAttribute>ri:member_of</shortcutAssociationAttribute>
<shortcutValueAttribute>icfs:uid</shortcutValueAttribute>
<explicitReferentialIntegrity>false</explicitReferentialIntegrity>
</association>

<correlation>
<correlators>
<items>
Expand Down