Prepare use of the new Grouper connector

demo/complex/grouper_data/container_files/seed-data/demo.gsh

@@ -7,6 +7,7 @@ addStem("", "basis", "basis")
 addStem("", "bundle", "bundle")
 addStem("", "org", "org")
 addStem("", "test", "test")
+addStem("", "midpoint", "midpoint")
 
 addRootStem("ref", "ref")
 addStem("ref", "course", "course")
@@ -71,9 +72,8 @@ attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperL
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "uniqueMember");
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId");
 
-testGroup = new GroupSave(gs).assignName("etc:testGroup").assignCreateParentStemsIfNotExist(true).save();
-
-exportedGroups = new GroupSave(gs).assignName("etc:exportedGroups").assignCreateParentStemsIfNotExist(true).save();
+midpointGroupsGroup = new GroupSave(gs).assignName("etc:midpointGroups").assignCreateParentStemsIfNotExist(true).save();
+testGroup = new GroupSave(gs).assignName("midpoint:test").assignCreateParentStemsIfNotExist(true).save();
 
 s = SubjectFinder.findById(testGroup.getId(), 'group', 'g:gsa');
-exportedGroups.addMember(s, false);
+midpointGroupsGroup.addMember(s, false);

demo/complex/midpoint-objects-manual/tasks/task-async-update-grouper.xml

@@ -0,0 +1,43 @@
+<!--
+  ~ Copyright (c) 2010-2019 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	  xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	  xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
+	  xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
+	  xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+	  xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+	  xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
+	  oid="47fc57bd-8c34-4555-9b9f-7087ff179860">
+	<name>Grouper async updates</name>
+	<extension xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
+			   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ExtensionType">
+		<!-- ... -->
+	</extension>
+	<taskIdentifier>1552664339630-0-2</taskIdentifier>
+	<ownerRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
+		<!-- administrator -->
+	</ownerRef>
+	<executionStatus>runnable</executionStatus>
+	<category>AsynchronousUpdate</category>
+	<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/async-update/handler-3</handlerUri>
+	<objectRef oid="1eff65de-5bb6-483d-9edf-8cc2c2ee0233" relation="org:default" type="c:ResourceType">
+		<!-- Grouper Resource -->
+	</objectRef>
+	<recurrence>single</recurrence>
+	<binding>loose</binding>
+	<threadStopAction>restart</threadStopAction>
+</task>

demo/complex/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml

@@ -0,0 +1,43 @@
+<!--
+  ~ Copyright (c) 2010-2019 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	  xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	  xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
+	  xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
+	  xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+	  xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+	  xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
+	  oid="605a0127-a313-442a-9d5e-151eac8b0745">
+	<name>Grouper reconciliation (groups)</name>
+	<extension xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
+			   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ExtensionType">
+		<mext:objectclass>ri:GroupObjectClass</mext:objectclass>
+	</extension>
+	<taskIdentifier>605a0127-a313-442a-9d5e-151eac8b0745</taskIdentifier>
+	<ownerRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
+		<!-- administrator -->
+	</ownerRef>
+	<executionStatus>runnable</executionStatus>
+	<category>Reconciliation</category>
+	<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/reconciliation/handler-3</handlerUri>
+	<objectRef oid="1eff65de-5bb6-483d-9edf-8cc2c2ee0233" relation="org:default" type="c:ResourceType">
+		<!-- Grouper Resource -->
+	</objectRef>
+	<recurrence>single</recurrence>
+	<binding>loose</binding>
+	<threadStopAction>restart</threadStopAction>
+</task>

demo/complex/midpoint-objects-manual/tasks/task-reconciliation-grouper-users.xml

@@ -0,0 +1,43 @@
+<!--
+  ~ Copyright (c) 2010-2019 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	  xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	  xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
+	  xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
+	  xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+	  xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+	  xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
+	  oid="42aa9f43-64c5-41a6-814c-b58b9ea4e204">
+	<name>Grouper reconciliation (users)</name>
+	<extension xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
+			   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ExtensionType">
+		<mext:objectclass>ri:AccountObjectClass</mext:objectclass>
+	</extension>
+	<taskIdentifier>42aa9f43-64c5-41a6-814c-b58b9ea4e204</taskIdentifier>
+	<ownerRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
+		<!-- administrator -->
+	</ownerRef>
+	<executionStatus>runnable</executionStatus>
+	<category>Reconciliation</category>
+	<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/reconciliation/handler-3</handlerUri>
+	<objectRef oid="1eff65de-5bb6-483d-9edf-8cc2c2ee0233" relation="org:default" type="c:ResourceType">
+		<!-- Grouper Resource -->
+	</objectRef>
+	<recurrence>single</recurrence>
+	<binding>loose</binding>
+	<threadStopAction>restart</threadStopAction>
+</task>

demo/complex/midpoint-objects/resources/function-library-grouper.xml

@@ -0,0 +1,156 @@
+<!--
+  ~ Copyright (c) 2010-2019 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<functionLibrary oid="2eef4181-25fa-420f-909d-846a36ca90f3"
+				 xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
+				 xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
+				 xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3'
+				 xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
+				 xmlns:xsd='http://www.w3.org/2001/XMLSchema'
+				 xmlns:piracy='http://midpoint.evolveum.com/xml/ns/samples/piracy'>
+	<name>grouper</name>
+	<description>Functions for Grouper AMQP connector</description>
+	<function>
+
+		<!-- Some examples:
+	{
+	  encrypted=false,
+	  esbEvent=[
+	  {
+		sourceId=ldap,
+		membershipType=flattened,
+		fieldName=members,
+		groupId=00000000000000000000000000000001,
+		changeOccurred=false,
+		createdOnMicros=1551884863420000,
+		subjectId=banderson,
+		id=94320942304930294023940329403294,
+		sequenceNumber=1000,
+		eventType=MEMBERSHIP_ADD,
+		groupName=etc:midpointGroups
+	  }
+	]}
+
+
+	 {
+	  "encrypted": false,
+	  "esbEvent": [
+		{
+		  "displayName": "ref:alumni",
+		  "changeOccurred": false,
+		  "createdOnMicros": 1551884850499000,
+		  "parentStemId": "9a7ce40af6c546148b41eec81b8ca18d",
+		  "id": "00000000000000000000000000000002",
+		  "sequenceNumber": "110",
+		  "eventType": "GROUP_ADD",
+		  "name": "ref:alumni"
+		}
+	  ]
+	}
+	 -->
+
+
+		<name>createUcfChange</name>
+		<parameter>
+			<name>message</name>
+			<type>c:AsyncUpdateMessageType</type>
+		</parameter>
+		<parameter>
+			<name>superGroup</name>
+			<type>xsd:string</type>
+		</parameter>
+		<parameter>
+			<name>exportedGroupPrefix</name>
+			<type>xsd:string</type>
+		</parameter>
+		<parameter>
+			<name>relevantSourceId</name>
+			<type>xsd:string</type>
+		</parameter>
+		<script>
+			<code>
+				import com.evolveum.midpoint.xml.ns._public.common.common_3.*
+				import com.evolveum.prism.xml.ns._public.types_3.*
+				import static com.evolveum.midpoint.schema.constants.SchemaConstants.*
+				import com.evolveum.midpoint.schema.util.*
+				import com.evolveum.midpoint.prism.path.*
+
+				esbEvent = midpoint.getMessageBodyAsMap(message)['esbEvent'][0]
+				log.info('esbEvent = {}', esbEvent)
+				eventType = esbEvent['eventType']
+				if (eventType == 'MEMBERSHIP_ADD' || eventType == 'MEMBERSHIP_DELETE') {
+					groupName = esbEvent['groupName']
+					if (groupName == null) {
+						log.warn('No group name in membership change message, ignoring it: {}', esbEvent)
+						return null
+					}
+					isExported = groupName.startsWith(exportedGroupPrefix)
+					isSuper = groupName == superGroup
+					if (!isExported &amp;&amp; !isSuper) {
+						log.info('Irrelevant group membership change, ignoring it: {}', groupName)
+						return null
+					}
+					sourceId = esbEvent['sourceId']
+					if (sourceId != relevantSourceId) {
+						log.info('Irrelevant subject source ID in membership change message, ignoring it: {}', sourceId)
+						return null
+					}
+					subjectId = esbEvent['subjectId']
+					log.info('### {} - {} - {}', subjectId, eventType, groupName)
+					identifiers = new HashMap()
+					identifiers.put(ICFS_NAME, subjectId)
+					identifiers.put(ICFS_UID, subjectId)
+					ObjectDeltaType delta
+					if (isExported) {
+						itemDelta = new ItemDeltaType()
+						itemDelta.modificationType = eventType == 'MEMBERSHIP_ADD' ? ModificationTypeType.ADD : ModificationTypeType.DELETE
+						itemDelta.path = new ItemPathType(ItemPath.create(ShadowType.F_ATTRIBUTES, 'group'))
+						itemDelta.value.add(RawType.fromPropertyRealValue(groupName, null, prismContext))
+						delta = new ObjectDeltaType()
+						delta.changeType = ChangeTypeType.MODIFY
+						delta.itemDelta.add(itemDelta)
+					} else {
+						delta = null
+					}
+					return UcfChangeUtil.create(RI_ACCOUNT_OBJECT_CLASS, identifiers, delta, prismContext)
+				} else if (eventType == 'GROUP_ADD' || eventType == 'GROUP_DELETE') {
+					groupName = esbEvent['name']
+					groupId = esbEvent['id']
+					isExported = groupName.startsWith(exportedGroupPrefix)
+					if (!isExported) {
+						log.info('Irrelevant group add/delete event, ignoring it: {}', groupName)
+						return null
+					}
+					identifiers = new HashMap()
+					identifiers.put(ICFS_NAME, groupName)
+					identifiers.put(ICFS_UID, groupId)
+					ObjectDeltaType delta
+					if (eventType == 'GROUP_DELETE') {
+						delta = new ObjectDeltaType()
+						delta.changeType = ChangeTypeType.DELETE
+					} else {
+						delta = null
+					}
+					return UcfChangeUtil.create(RI_GROUP_OBJECT_CLASS, identifiers, delta, prismContext)
+				} else {
+					log.warn('Unsupported event type: {} -> {}', eventType, esbEvent)
+					return null
+				}
+			</code>
+		</script>
+		<returnType>c:UcfChangeType</returnType>
+	</function>
+</functionLibrary>