Merge remote-tracking branch 'refs/remotes/origin/master'

README.md

@@ -15,16 +15,15 @@ The image contains the midPoint application along with some TIER-specific compon
   - `shibboleth` to show integration with Shibboleth IdP,
   - `postgresql` to show how to use alternative dockerized repository,
   - `extrepo` to show how to use external repository,
-  - `complex` to demonstrate more complex deployment of midPoint in a sample university environment, featuring midPoint along with Grouper, LDAP directory, RabbitMQ, Shibboleth IdP, source and target systems.
+  - `grouper` to demonstrate more complex deployment of midPoint in a sample university environment, featuring midPoint along with Grouper, LDAP directory, RabbitMQ, Shibboleth IdP, source and target systems.
 
 # Build instructions
 ```
 $ ./build.sh
 ```
-You can then continue with one of demo composition, e.g. simple or complex one.
+You can then continue with one of demo composition.
 
 # Documentation
 Please see [Dockerized midPoint](https://spaces.at.internet2.edu/display/MID/Dockerized+midPoint) wiki page.
 
 This is a work in progress, suitable for testing.
-For details on the project, see [Status of the work](https://spaces.at.internet2.edu/display/MID/Status+of+the+work).

demo/grouper/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml

@@ -25,7 +25,7 @@
 	<name>Grouper reconciliation (groups)</name>
 	<extension xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
 			   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ExtensionType">
-		<mext:objectclass>ri:CustomPlainGroupObjectClass</mext:objectclass>
+		<mext:objectclass>ri:Group</mext:objectclass>
 	</extension>
 	<taskIdentifier>605a0127-a313-442a-9d5e-151eac8b0745</taskIdentifier>
 	<ownerRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">

demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/functionLibraries/function-library-grouper.xml

@@ -78,12 +78,16 @@
 				import static com.evolveum.midpoint.schema.constants.SchemaConstants.*
 				import com.evolveum.midpoint.schema.util.*
 				import com.evolveum.midpoint.prism.path.*
-                import com.evolveum.midpoint.schema.constants.*
-                import com.evolveum.midpoint.prism.delta.*
+                		import com.evolveum.midpoint.schema.constants.*
+                		import com.evolveum.midpoint.prism.delta.*
 
-                PLAIN_GROUP_OBJECT_CLASS = new ItemName(MidPointConstants.NS_RI, 'CustomPlainGroupObjectClass')
-                TRIGGER_FIRE_AFTER = 60000
-                TRIGGER_SAFETY_MARGIN = 10000
+                		GROUP_OBJECT_CLASS = new ItemName(MidPointConstants.NS_RI, 'Group')
+                		ATTR_NAME = new ItemName(MidPointConstants.NS_RI, 'name')
+                		ATTR_UUID = new ItemName(MidPointConstants.NS_RI, 'uuid')
+                		ATTR_MEMBER = new ItemName(MidPointConstants.NS_RI, 'member')
+
+                		TRIGGER_FIRE_AFTER = 60000
+                		TRIGGER_SAFETY_MARGIN = 10000
 
 				esbEvent = midpoint.getMessageBodyAsMap(message)['esbEvent'][0]
 				log.info('esbEvent = {}', esbEvent)
@@ -94,11 +98,11 @@
 						log.warn('No group name in membership change message, ignoring it: {}', esbEvent)
 						return null
 					}
-                    groupId = esbEvent['groupId']
-                    if (groupId == null) {
-                        log.warn('No group ID in membership change message, ignoring it: {}', esbEvent)
-                        return null
-                    }
+					groupId = esbEvent['groupId']
+					if (groupId == null) {
+						log.warn('No group ID in membership change message, ignoring it: {}', esbEvent)
+						return null
+					}
 					isExported = matches(groupName, groupIncludePattern, groupExcludePattern)
 					if (!isExported) {
 						log.info('Irrelevant group membership change, ignoring it: {}', groupName)
@@ -110,29 +114,29 @@
 						return null
 					}
 					subjectId = esbEvent['subjectId']
-                    if (subjectId == null) {
-                        log.info('Null subject ID in membership change message, ignoring it: {}', sourceId)
-                        return null
-                    }
+					if (subjectId == null) {
+						log.info('Null subject ID in membership change message, ignoring it: {}', sourceId)
+						return null
+					}
 					log.info('### {} - {} - {}', subjectId, eventType, groupName)
 					identifiers = new HashMap()
-					identifiers.put(ICFS_NAME, groupName)
-					identifiers.put(ICFS_UID, groupId)
+					identifiers.put(ATTR_NAME, groupName)
+					identifiers.put(ATTR_UUID, groupId)
 					ObjectDeltaType delta
 					itemDelta = new ItemDeltaType()
 					itemDelta.modificationType = eventType == 'MEMBERSHIP_ADD' ? ModificationTypeType.ADD : ModificationTypeType.DELETE
-					itemDelta.path = new ItemPathType(ItemPath.create(ShadowType.F_ATTRIBUTES, 'member'))
+					itemDelta.path = new ItemPathType(ItemPath.create(ShadowType.F_ATTRIBUTES, ATTR_MEMBER))
 					itemDelta.value.add(RawType.fromPropertyRealValue(subjectId, null, prismContext))
 					delta = new ObjectDeltaType()
 					delta.changeType = ChangeTypeType.MODIFY
 					delta.itemDelta.add(itemDelta)
 
-                    added = midpoint
-                            .getOptimizingTriggerCreator(TRIGGER_FIRE_AFTER, TRIGGER_SAFETY_MARGIN)
-                            .createForNamedUser(subjectId)
-                    log.info('Recompute trigger for {}: {}', subjectId, added ? 'added' : 'not added (already present or user not found)')
+                    			added = midpoint
+                            			.getOptimizingTriggerCreator(TRIGGER_FIRE_AFTER, TRIGGER_SAFETY_MARGIN)
+                            			.createForNamedUser(subjectId)
+                    			log.info('Recompute trigger for {}: {}', subjectId, added ? 'added' : 'not added (already present or user not found)')
 
-					return UcfChangeUtil.create(PLAIN_GROUP_OBJECT_CLASS, identifiers, delta, prismContext)
+					return UcfChangeUtil.create(GROUP_OBJECT_CLASS, identifiers, delta, prismContext)
 				} else if (eventType == 'GROUP_ADD' || eventType == 'GROUP_DELETE') {
 					groupName = esbEvent['name']
 					groupId = esbEvent['id']
@@ -142,16 +146,16 @@
 						return null
 					}
 					identifiers = new HashMap()
-					identifiers.put(ICFS_NAME, groupName)
-					identifiers.put(ICFS_UID, groupId)
+					identifiers.put(ATTR_NAME, groupName)
+					identifiers.put(ATTR_UUID, groupId)
 					ObjectDeltaType delta
 					if (eventType == 'GROUP_DELETE') {
 						delta = new ObjectDeltaType()
 						delta.changeType = ChangeTypeType.DELETE
 					} else {
 						delta = null
 					}
-					return UcfChangeUtil.create(PLAIN_GROUP_OBJECT_CLASS, identifiers, delta, prismContext)
+					return UcfChangeUtil.create(GROUP_OBJECT_CLASS, identifiers, delta, prismContext)
 				} else {
 					log.warn('Unsupported event type: {} -> {}', eventType, esbEvent)
 					return null

demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/resource-grouper.xml

@@ -32,15 +32,15 @@
             <rest:baseUrl>https://grouper-ws:443</rest:baseUrl>
             <rest:username>banderson</rest:username>
             <rest:password>password</rest:password>
-            <rest:superGroup>etc:sysadmingroup</rest:superGroup>		<!-- parameter name will be changed -->
+            <rest:testStem>:</rest:testStem>
+            <!-- no testGroup: we cannot be sure that banderson is a member of sysadmingroup when doing the first test -->
+            <rest:exportStem>:</rest:exportStem>
             <rest:groupIncludePattern>app:.*</rest:groupIncludePattern>
             <rest:groupIncludePattern>test:.*</rest:groupIncludePattern>
             <rest:groupIncludePattern>ref:.*</rest:groupIncludePattern>
             <rest:groupExcludePattern>.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)</rest:groupExcludePattern>
             <rest:subjectSource>ldap</rest:subjectSource>
-            <rest:groupSource>g:gsa</rest:groupSource>
             <rest:ignoreSslValidation>true</rest:ignoreSslValidation>
-            <rest:exportStem>:</rest:exportStem>
         </icfc:configurationProperties>
     </connectorConfiguration>
         <additionalConnector>
@@ -86,10 +86,10 @@
         <objectType>
             <kind>entitlement</kind>
             <intent>group</intent>
-            <objectClass>ri:CustomPlainGroupObjectClass</objectClass>
+            <objectClass>ri:Group</objectClass>
             <default>true</default>
             <attribute>
-                <ref>icfs:name</ref>
+                <ref>ri:name</ref>
                 <inbound>
                     <strength>strong</strength>
                     <target>
@@ -139,7 +139,7 @@
             <enabled>true</enabled>
             <kind>entitlement</kind>
             <intent>group</intent>
-            <objectClass>ri:CustomPlainGroupObjectClass</objectClass>
+            <objectClass>ri:Group</objectClass>
             <focusType>OrgType</focusType>
             <correlation>
                 <q:equal>

demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/SystemConfiguration.xml

@@ -49,6 +49,10 @@
             <level>INFO</level>
             <package>com.evolveum.midpoint.model.impl.lens.Clockwork</package>
         </classLogger>
+        <classLogger>
+            <level>DEBUG</level>
+            <package>com.evolveum.polygon.connector.grouper</package>
+        </classLogger>
         <appender id="11" xsi:type="c:FileAppenderConfigurationType">
             <pattern>%date [%X{subsystem}] [%thread] %level \(%logger\): %msg%n</pattern>
             <name>MIDPOINT_LOG</name>