From e893b3e7c4535e563168d285b1de6971f5e53c6e Mon Sep 17 00:00:00 2001
From: skublik <lukas.skublik@evolveum.com>
Date: Mon, 1 Oct 2018 21:41:13 +0000
Subject: [PATCH 1/4] removing mistake

---
 library.bash | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/library.bash b/library.bash
index 0b2172f..a66144e 100644
--- a/library.bash
+++ b/library.bash
@@ -138,11 +138,10 @@ function add_object () {
     http_code=$(sed '$!d' <<<"$response")
     
     if [ "$http_code" -eq 201 ] || [ "$http_code" -eq 202 ]; then
-	headers=$(sed -n '1,/^\r$/p' <<<"$response")	
-
+        
 	# get the real Location
-    	location=$(grep -oP 'Location: \K.*' <<<"$headers")
-    	oid=$(sed 's/.*\///' <<<"$location")
+    	location=$(grep -oP "Location: \K.*" <<<"$response")
+	oid=$(sed 's/.*\///' <<<"$location")
 
         echo "Oid created object: $oid"
         return 0

From 32e0845e720acb42193dfbf2e1943d028426a119 Mon Sep 17 00:00:00 2001
From: skublik <lukas.skublik@evolveum.com>
Date: Tue, 2 Oct 2018 19:34:43 +0000
Subject: [PATCH 2/4] adding test for LDAP Account

---
 demo/complex/tests/main.bats                  | 27 +++++-
 ...ign-role-grouper-sysadmin-to-test-user.xml | 33 +++++++
 .../task/recom-role-grouper-sysadmin.xml      | 27 ++++++
 library.bash                                  | 90 +++++++++++++++++--
 4 files changed, 168 insertions(+), 9 deletions(-)
 create mode 100644 demo/complex/tests/resources/task/assign-role-grouper-sysadmin-to-test-user.xml
 create mode 100644 demo/complex/tests/resources/task/recom-role-grouper-sysadmin.xml

diff --git a/demo/complex/tests/main.bats b/demo/complex/tests/main.bats
index f980cdf..0568257 100755
--- a/demo/complex/tests/main.bats
+++ b/demo/complex/tests/main.bats
@@ -81,7 +81,7 @@ load ../../../library
 
     add_object tasks midpoint-objects-manual/tasks/task-import-sis-persons.xml
     search_and_check_object tasks "Import from SIS persons"
-    wait_for_task_completion 22c2a3d0-0961-4255-9eec-c550a79aeaaa
+    wait_for_task_completion 22c2a3d0-0961-4255-9eec-c550a79aeaaa 6 10
     assert_task_success 22c2a3d0-0961-4255-9eec-c550a79aeaaa
 
     search_and_check_object users jsmith
@@ -97,7 +97,30 @@ load ../../../library
     # TODO check in LDAP, check assignments etc
 }
 
+@test "230 Check 'TestUser230' in Midpoint and LDAP" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+    check_health
+    echo "<user><name>TestUser230</name><fullName>Test User230</fullName><givenName>Test</givenName><familyName>User230</familyName><credentials><password><value><clearValue>password</clearValue></value></password></credentials></user>" >/tmp/testuser230.xml
+    add_object users /tmp/testuser230.xml
+    rm /tmp/testuser230.xml
+    search_and_check_object users TestUser230
+
+    add_object tasks tests/resources/task/recom-role-grouper-sysadmin.xml
+    search_and_check_object tasks "Recompute role-grouper-sysadmin"
+    wait_for_task_completion 22c2a3d0-0961-4255-9eec-caasa79aeaaa 6 10
+    assert_task_success 22c2a3d0-0961-4255-9eec-caasa79aeaaa
+
+    add_object tasks tests/resources/task/assign-role-grouper-sysadmin-to-test-user.xml
+    search_and_check_object tasks "Assign role-grouper-sysadmin to TestUser230"
+    wait_for_task_completion 22c2a3d0-0961-4255-9eec-c550a791237s 6 10
+    assert_task_success 22c2a3d0-0961-4255-9eec-c550a791237s
+
+    check_ldap_account_by_user_name TestUser230
+    check_of_ldap_membership TestUser230 sysadmingroup
+}
+
+
 @test "999 Clean up" {
-#	skip TEMP
+	skip TEMP
     docker-compose down -v
 }
diff --git a/demo/complex/tests/resources/task/assign-role-grouper-sysadmin-to-test-user.xml b/demo/complex/tests/resources/task/assign-role-grouper-sysadmin-to-test-user.xml
new file mode 100644
index 0000000..7d490f5
--- /dev/null
+++ b/demo/complex/tests/resources/task/assign-role-grouper-sysadmin-to-test-user.xml
@@ -0,0 +1,33 @@
+    <task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+         xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+         xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+         oid="22c2a3d0-0961-4255-9eec-c550a791237s">
+        <name>Assign role-grouper-sysadmin to TestUser230</name>
+		<extension>
+            <scext:executeScript xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">
+                <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
+                    <s:type>c:UserType</s:type>
+                    <s:searchFilter>
+                        <q:equal>
+                            <q:path>c:name</q:path>
+                            <q:value>TestUser230</q:value>
+                        </q:equal>
+                    </s:searchFilter>
+                    <s:action>
+                        <s:type>assign</s:type>
+                        <s:parameter>
+                            <s:name>role</s:name>
+							<c:value xsi:type="xsd:string">d48ec05b-fffd-4262-acd3-d9ff63365b62</c:value>
+                        </s:parameter>
+                    </s:action>
+                </s:search>
+            </scext:executeScript>
+		</extension>
+        <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
+        <executionStatus>runnable</executionStatus>
+        <category>BulkActions</category>
+        <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3</handlerUri>
+        <recurrence>single</recurrence>
+    </task>
diff --git a/demo/complex/tests/resources/task/recom-role-grouper-sysadmin.xml b/demo/complex/tests/resources/task/recom-role-grouper-sysadmin.xml
new file mode 100644
index 0000000..cfb41bb
--- /dev/null
+++ b/demo/complex/tests/resources/task/recom-role-grouper-sysadmin.xml
@@ -0,0 +1,27 @@
+<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+      oid="22c2a3d0-0961-4255-9eec-caasa79aeaaa">
+    <name>Recompute role-grouper-sysadmin</name>
+	<extension>
+            <scext:executeScript xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">
+                <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
+                    <s:type>c:RoleType</s:type>
+                    <s:searchFilter>
+                        <q:equal>
+                            <q:path>name</q:path>
+                            <q:value>role-grouper-sysadmin</q:value>
+                        </q:equal>
+                    </s:searchFilter>
+                    <s:action>
+                        <s:type>recompute</s:type>
+                    </s:action>
+                </s:search>
+            </scext:executeScript>
+	</extension>
+    <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
+    <executionStatus>runnable</executionStatus>
+    <category>BulkActions</category>
+    <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3</handlerUri>
+    <recurrence>single</recurrence>
+</task>
diff --git a/library.bash b/library.bash
index a66144e..10afbf4 100644
--- a/library.bash
+++ b/library.bash
@@ -134,23 +134,23 @@ function add_object () {
     local FILE=$2
     echo "Adding to $TYPE from $FILE..."
     
-    response=$(curl -k -sD - --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE" -d @$FILE)
-    http_code=$(sed '$!d' <<<"$response")
+    local response=$(curl -k -sD - --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE" -d @$FILE)
+    local http_code=$(sed '$!d' <<<"$response")
     
     if [ "$http_code" -eq 201 ] || [ "$http_code" -eq 202 ]; then
         
 	# get the real Location
-    	location=$(grep -oP "Location: \K.*" <<<"$response")
-	oid=$(sed 's/.*\///' <<<"$location")
+    	local location=$(grep -oP "Location: \K.*" <<<"$response")
+	OID=$(sed 's/.*\///' <<<"$location")
 
-        echo "Oid created object: $oid"
+        echo "Oid created object: $OID"
         return 0
     else
     	echo "Error code: $http_code"
     	if [ "$http_code" -eq 500 ]; then
             echo "Error message: Internal server error. Unexpected error occurred, if necessary please contact system administrator."
     	else
-            error_message=$(grep 'message' <<<"$response" | head -1 | awk -F">" '{print $2}' | awk -F"<" '{print $1}')
+            local error_message=$(grep 'message' <<<"$response" | head -1 | awk -F">" '{print $2}' | awk -F"<" '{print $1}')
             echo "Error message: $error_message"
     	fi
         return 1
@@ -186,6 +186,7 @@ EOF
     if [ "$http_code" -eq 200 ]; then
         return 0
     else
+        rm $SEARCH_RESULT_FILE
     	return 1
     fi
 }
@@ -243,6 +244,81 @@ function assert_task_success () {
 
 function wait_for_task_completion () {
     local OID=$1
-    sleep 60		# TODO
+    local ATTEMPT=0
+    local MAX_ATTEMPTS=$2
+    local DELAY=$3
+
+    until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
+        ATTEMPT=$((ATTEMPT+1))
+        echo "Waiting $DELAY seconds for task with oid $OID to finish (attempt $ATTEMPT) ..."
+        sleep $DELAY
+	get_object tasks $OID
+        TASK_EXECUTION_STATUS=$(xmllint --xpath "/*/*[local-name()='executionStatus']/text()" $TMPFILE) || (echo "Couldn't extract task status from task $OID" ; cat $TMPFILE ; rm $TMPFILE ; return 1)
+        if [[ $TASK_EXECUTION_STATUS = "suspended" ]] || [[ $TASK_EXECUTION_STATUS = "closed" ]]; then
+    	    echo "Task $OID is finished"
+        	rm $TMPFILE
+        	return 0
+        fi
+    done
+    rm $TMPFILE
+    echo Task with $OID did not finish in $(( $MAX_ATTEMPTS * $DELAY )) seconds
+    return 1
+}
+
+
+#search LDAP accout by uid
+function search_ldap_object_by_filter () {
+    local BASE_CONTEXT_FOR_SEARCH=$1
+    local FILTER="$2"
+    TMPFILE=$(mktemp /tmp/ldapsearch.XXXXXX)
+
+    ldapsearch -h localhost -p 389 -D "cn=Directory Manager" -w password -b "$BASE_CONTEXT_FOR_SEARCH" "($FILTER)" >$TMPFILE || (rm $TMPFILE ; return 1)
+    LDAPSEARCH_RESULT_FILE=$TMPFILE  
     return 0
 }
+
+function check_ldap_account_by_user_name () {
+    local NAME=$1
+    search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME"
+    search_objects_by_name users $NAME
+    
+    local MP_FULL_NAME=$(xmllint --xpath "/*/*/*[local-name()='fullName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user fullName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+    local MP_GIVEN_NAME=$(xmllint --xpath "/*/*/*[local-name()='givenName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user givenName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+    local MP_FAMILY_NAME=$(xmllint --xpath "/*/*/*[local-name()='familyName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user familyName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)    
+
+    local LDAP_CN=$(grep -oP "cn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user cn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+    local LDAP_GIVEN_NAME=$(grep -oP "givenName: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user givenName from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+    local LDAP_SN=$(grep -oP "sn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user sn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+
+    rm $SEARCH_RESULT_FILE
+    rm $LDAPSEARCH_RESULT_FILE
+
+    if [[ $MP_FULL_NAME = $LDAP_CN ]] && [[ $MP_GIVEN_NAME = $LDAP_GIVEN_NAME ]] && [[ $MP_FAMILY_NAME = $LDAP_SN ]]; then
+	return 0
+    fi
+    
+    echo "User in Midpoint and LDAP Account with uid $NAME are not same"
+    return 1
+}
+
+function check_of_ldap_membership () {
+    local NAME_OF_USER=$1
+    local NAME_OF_GROUP=$2
+    search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME_OF_USER"
+
+    local LDAP_ACCOUNT_DN=$(grep -oP "dn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user dn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+    
+    search_ldap_object_by_filter "ou=groups,dc=internet2,dc=edu" "cn=$NAME_OF_GROUP"
+
+    local LDAP_MEMBERS_DNS=$(grep -oP "uniqueMember: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user uniqueMember from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+
+    rm $LDAPSEARCH_RESULT_FILE
+
+    if [[ $LDAP_MEMBERS_DNS =~ $LDAP_ACCOUNT_DN ]]; then
+        return 0
+    fi
+
+    echo "LDAP Account with uid $NAME_OF_USER is not member of LDAP Group $NAME_OF_GROUP"
+    return 1
+}
+

From 55b1d16c5ae5a137f969ba14f80de1ba163cfa88 Mon Sep 17 00:00:00 2001
From: skublik <lukas.skublik@evolveum.com>
Date: Wed, 3 Oct 2018 07:06:04 +0000
Subject: [PATCH 3/4] using docker exec for ldapsearch

---
 demo/complex/tests/main.bats |  4 ++--
 library.bash                 | 13 ++++++++-----
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/demo/complex/tests/main.bats b/demo/complex/tests/main.bats
index 0568257..0a87412 100755
--- a/demo/complex/tests/main.bats
+++ b/demo/complex/tests/main.bats
@@ -115,8 +115,8 @@ load ../../../library
     wait_for_task_completion 22c2a3d0-0961-4255-9eec-c550a791237s 6 10
     assert_task_success 22c2a3d0-0961-4255-9eec-c550a791237s
 
-    check_ldap_account_by_user_name TestUser230
-    check_of_ldap_membership TestUser230 sysadmingroup
+    check_ldap_account_by_user_name TestUser230 complex_directory_1
+    check_of_ldap_membership TestUser230 sysadmingroup complex_directory_1
 }
 
 
diff --git a/library.bash b/library.bash
index 10afbf4..f12ef85 100644
--- a/library.bash
+++ b/library.bash
@@ -12,7 +12,7 @@ function generic_wait_for_log () {
     FAILURE="$4"
     ADDITIONAL_CONTAINER_NAME=$5
     ATTEMPT=0
-    MAX_ATTEMPTS=20
+    MAX_ATTEMPTS=40
     DELAY=10
 
     until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
@@ -270,16 +270,18 @@ function wait_for_task_completion () {
 function search_ldap_object_by_filter () {
     local BASE_CONTEXT_FOR_SEARCH=$1
     local FILTER="$2"
+    local LDAP_CONTAINER=$3
     TMPFILE=$(mktemp /tmp/ldapsearch.XXXXXX)
 
-    ldapsearch -h localhost -p 389 -D "cn=Directory Manager" -w password -b "$BASE_CONTEXT_FOR_SEARCH" "($FILTER)" >$TMPFILE || (rm $TMPFILE ; return 1)
+    docker exec $LDAP_CONTAINER ldapsearch -h localhost -p 389 -D "cn=Directory Manager" -w password -b "$BASE_CONTEXT_FOR_SEARCH" "($FILTER)" >$TMPFILE || (rm $TMPFILE ; return 1)
     LDAPSEARCH_RESULT_FILE=$TMPFILE  
     return 0
 }
 
 function check_ldap_account_by_user_name () {
     local NAME=$1
-    search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME"
+    local LDAP_CONTAINER=$2
+    search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME" $LDAP_CONTAINER
     search_objects_by_name users $NAME
     
     local MP_FULL_NAME=$(xmllint --xpath "/*/*/*[local-name()='fullName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user fullName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
@@ -304,11 +306,12 @@ function check_ldap_account_by_user_name () {
 function check_of_ldap_membership () {
     local NAME_OF_USER=$1
     local NAME_OF_GROUP=$2
-    search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME_OF_USER"
+    local LDAP_CONTAINER=$3
+    search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME_OF_USER" $LDAP_CONTAINER
 
     local LDAP_ACCOUNT_DN=$(grep -oP "dn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user dn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
     
-    search_ldap_object_by_filter "ou=groups,dc=internet2,dc=edu" "cn=$NAME_OF_GROUP"
+    search_ldap_object_by_filter "ou=groups,dc=internet2,dc=edu" "cn=$NAME_OF_GROUP" $LDAP_CONTAINER
 
     local LDAP_MEMBERS_DNS=$(grep -oP "uniqueMember: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user uniqueMember from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
 

From e85c28d6504e258c5319fe0427fd0bbc76824fed Mon Sep 17 00:00:00 2001
From: skublik <lukas.skublik@evolveum.com>
Date: Wed, 3 Oct 2018 07:08:40 +0000
Subject: [PATCH 4/4] return back MAX_ATTEMPTS to 20

---
 library.bash | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library.bash b/library.bash
index f12ef85..ec4065c 100644
--- a/library.bash
+++ b/library.bash
@@ -12,7 +12,7 @@ function generic_wait_for_log () {
     FAILURE="$4"
     ADDITIONAL_CONTAINER_NAME=$5
     ATTEMPT=0
-    MAX_ATTEMPTS=40
+    MAX_ATTEMPTS=20
     DELAY=10
 
     until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do