Extending eDirectory tests (group aux object class)

testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractEDirTest.java

@@ -61,12 +61,17 @@
 import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
+import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
 import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
 
 /**
@@ -81,6 +86,9 @@ public abstract class AbstractEDirTest extends AbstractLdapTest {
 	protected static final File ROLE_PIRATES_FILE = new File(TEST_DIR, "role-pirate.xml");
 	protected static final String ROLE_PIRATES_OID = "5dd034e8-41d2-11e5-a123-001e8c717e5b";
 
+	protected static final File ROLE_META_ORG_FILE = new File(TEST_DIR, "role-meta-org.xml");
+	protected static final String ROLE_META_ORG_OID = "f2ad0ace-45d7-11e5-af54-001e8c717e5b";
+
 	public static final String ATTRIBUTE_LOCKOUT_LOCKED_NAME = "lockedByIntruder";
 	public static final String ATTRIBUTE_LOCKOUT_RESET_TIME_NAME = "loginIntruderResetTime";
 	public static final String ATTRIBUTE_GROUP_MEMBERSHIP_NAME = "groupMembership";
@@ -91,6 +99,7 @@ public abstract class AbstractEDirTest extends AbstractLdapTest {
 	protected static final String ACCOUNT_JACK_PASSWORD = "qwe123";
 
 	private static final String GROUP_PIRATES_NAME = "pirates";
+	private static final String GROUP_MELEE_ISLAND_NAME = "Mêlée Island";
 
 	protected static final int NUMBER_OF_ACCOUNTS = 4;
 	protected static final int LOCKOUT_EXPIRATION_SECONDS = 65;
@@ -100,7 +109,8 @@ public abstract class AbstractEDirTest extends AbstractLdapTest {
 	protected String groupPiratesOid;
 	protected long jackLockoutTimestamp;
 	private String accountBarbossaOid;
-
+	private String orgMeleeIslandOid;
+	protected String groupMeleeOid;
 
 	@Override
 	public String getStartSystemCommand() {
@@ -178,6 +188,7 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 
 		// Roles
 		repoAddObjectFromFile(ROLE_PIRATES_FILE, RoleType.class, initResult);
+		repoAddObjectFromFile(ROLE_META_ORG_FILE, RoleType.class, initResult);
 
 	}
 
@@ -188,6 +199,7 @@ public void test000Sanity() throws Exception {
 		cleanupDelete(toDn(USER_BARBOSSA_USERNAME));
 		cleanupDelete(toDn(USER_CPTBARBOSSA_USERNAME));
 		cleanupDelete(toDn(USER_GUYBRUSH_USERNAME));
+		cleanupDelete(toGroupDn("Mêlée Island"));
 	}
 
 	@Test
@@ -609,6 +621,73 @@ public void test390ModifyUserBarbossaRename() throws Exception {
 
 	// TODO: create account with a group membership
 
+	@Test
+    public void test500AddOrgMeleeIsland() throws Exception {
+		final String TEST_NAME = "test500AddOrgMeleeIsland";
+        TestUtil.displayTestTile(this, TEST_NAME);
+
+        // GIVEN
+        Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+
+        PrismObject<OrgType> org = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(OrgType.class).instantiate();
+        OrgType orgType = org.asObjectable();
+        orgType.setName(new PolyStringType(GROUP_MELEE_ISLAND_NAME));
+        AssignmentType metaroleAssignment = new AssignmentType();
+        ObjectReferenceType metaroleRef = new ObjectReferenceType();
+        metaroleRef.setOid(ROLE_META_ORG_OID);
+        metaroleRef.setType(RoleType.COMPLEX_TYPE);
+		metaroleAssignment.setTargetRef(metaroleRef);
+		orgType.getAssignment().add(metaroleAssignment);
+
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        addObject(org, task, result);
+
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+
+        orgMeleeIslandOid = org.getOid();
+        Entry entry = assertLdapGroup(GROUP_MELEE_ISLAND_NAME);
+
+        org = getObject(OrgType.class, orgMeleeIslandOid);
+        groupMeleeOid = getSingleLinkOid(org);
+        PrismObject<ShadowType> shadow = getShadowModel(groupMeleeOid);
+        display("Shadow (model)", shadow);
+	}
+
+	@Test
+    public void test510AssignGuybrushMeleeIsland() throws Exception {
+		final String TEST_NAME = "test510AssignGuybrushMeleeIsland";
+        TestUtil.displayTestTile(this, TEST_NAME);
+
+        // GIVEN
+        Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        assignOrg(USER_GUYBRUSH_OID, orgMeleeIslandOid, task, result);
+
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+
+        Entry entry = assertLdapAccount(USER_GUYBRUSH_USERNAME, USER_GUYBRUSH_FULL_NAME);
+
+        PrismObject<UserType> user = getUser(USER_GUYBRUSH_OID);
+        String shadowOid = getSingleLinkOid(user);
+        PrismObject<ShadowType> shadow = getShadowModel(shadowOid);
+        display("Shadow (model)", shadow);
+
+        assertEDirGroupMember(entry, GROUP_PIRATES_NAME);
+
+        IntegrationTestTools.assertAssociation(shadow, getAssociationGroupQName(), groupMeleeOid);
+	}
+
 	// Wait until the lockout of Jack expires, check status
 	@Test
     public void test800JackLockoutExpires() throws Exception {

testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapTest.java

@@ -352,9 +352,15 @@ public void test020Schema() throws Exception {
 
         ResourceAttributeDefinition<String> cnDef = accountObjectClassDefinition.findAttributeDefinition("cn");
         PrismAsserts.assertDefinition(cnDef, new QName(MidPointConstants.NS_RI, "cn"), DOMUtil.XSD_STRING, 1, -1);
-        assertTrue("createTimestampDef read", cnDef.canRead());
-        assertTrue("createTimestampDef read", cnDef.canModify());
-        assertTrue("createTimestampDef read", cnDef.canAdd());
+        assertTrue("cn read", cnDef.canRead());
+        assertTrue("cn read", cnDef.canModify());
+        assertTrue("cn read", cnDef.canAdd());
+
+        ResourceAttributeDefinition<String> oDef = accountObjectClassDefinition.findAttributeDefinition("o");
+        PrismAsserts.assertDefinition(oDef, new QName(MidPointConstants.NS_RI, "o"), DOMUtil.XSD_STRING, 0, -1);
+        assertTrue("o read", oDef.canRead());
+        assertTrue("o read", oDef.canModify());
+        assertTrue("o read", oDef.canAdd());
 
         ResourceAttributeDefinition<Long> createTimestampDef = accountObjectClassDefinition.findAttributeDefinition("createTimestamp");
         PrismAsserts.assertDefinition(createTimestampDef, new QName(MidPointConstants.NS_RI, "createTimestamp"),
@@ -449,6 +455,12 @@ protected Entry getLdapGroupByName(String name) throws LdapException, IOExceptio
 		return entry;
 	}
 
+	protected Entry assertLdapGroup(String cn) throws LdapException, IOException, CursorException {
+		Entry entry = getLdapGroupByName(cn);
+		assertAttribute(entry, "cn", cn);
+		return entry;
+	}
+
 	protected void assertAttribute(Entry entry, String attrName, String expectedValue) throws LdapInvalidAttributeValueException {
 		String dn = entry.getDn().toString();
 		Attribute ldapAttribute = entry.get(attrName);

testing/conntest/src/test/resources/edir/resource-athena.xml

@@ -154,7 +154,7 @@
 
             <association>
             	<ref>ri:group</ref>
-            	<displayName>LDAP Group Membership</displayName>
+            	<displayName>Ordinary LDAP Group Membership</displayName>
             	<kind>entitlement</kind>
             	<intent>ldapGroup</intent>
             	<direction>objectToSubject</direction>
@@ -163,6 +163,19 @@
             	<shortcutAssociationAttribute>ri:groupMembership</shortcutAssociationAttribute>
             	<shortcutValueAttribute>ri:dn</shortcutValueAttribute>
             </association>
+
+            <association>
+            	<ref>ri:orgGroup</ref>
+            	<displayName>Organizational Group Membership</displayName>
+            	<kind>entitlement</kind>
+            	<intent>orgGroup</intent>
+            	<direction>objectToSubject</direction>
+            	<associationAttribute>ri:member</associationAttribute>
+            	<valueAttribute>ri:dn</valueAttribute>
+            	<shortcutAssociationAttribute>ri:groupMembership</shortcutAssociationAttribute>
+            	<shortcutValueAttribute>ri:dn</shortcutValueAttribute>
+            </association>
+
 				<protected>
 				<filter>
 					<q:equal>
@@ -245,6 +258,73 @@
                 </outbound>
             </attribute>
         </objectType>
+
+        <objectType>
+		        <kind>entitlement</kind>
+				<intent>orgGroup</intent>
+				<displayName>Organizational Group</displayName>
+				<objectClass>ri:groupOfNames</objectClass>
+				<auxiliaryObjectClass>ri:nestedGroupAux</auxiliaryObjectClass>
+				<attribute>
+					<ref>ri:member</ref>
+					<matchingRule>mr:distinguishedName</matchingRule>
+					<fetchStrategy>minimal</fetchStrategy>
+				</attribute>
+				<attribute>
+		        	<ref>ri:dn</ref>
+					<matchingRule>mr:distinguishedName</matchingRule>
+		        	<outbound>
+					<source>
+						<path>$focus/name</path>
+					</source>
+					<expression>
+						<script>
+							<code>
+								return 'cn=' + name + ',ou=groups,o=example'
+							</code>
+						</script>
+					</expression>
+				</outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:cn</ref>
+					<displayName>Common Name</displayName>
+					<matchingRule>mr:stringIgnoreCase</matchingRule>
+					<outbound>
+						<strength>weak</strength>
+						<source>
+							<path>$focus/name</path>
+						</source>
+					</outbound>
+				</attribute>
+				<attribute>
+			        <ref>ri:fullName</ref>
+					<description>Complete organization name</description>
+					<limitations>
+						<maxOccurs>1</maxOccurs>
+					</limitations>
+					<matchingRule>mr:stringIgnoreCase</matchingRule>
+		        	<outbound>
+					<source>
+						<path>$focus/displayName</path>
+					</source>
+				</outbound>
+			</attribute>
+            <association>
+            	<ref>ri:group</ref>
+                <tolerant>true</tolerant>
+                <matchingRule>mr:stringIgnoreCase</matchingRule>
+            	<displayName>eDirectory Group in Group Membership</displayName>
+            	<kind>entitlement</kind>
+            	<intent>orgGroup</intent>
+            	<direction>objectToSubject</direction>
+            	<associationAttribute>ri:groupMember</associationAttribute>
+                <shortcutAssociationAttribute>ri:groupMembership</shortcutAssociationAttribute>
+                <shortcutValueAttribute>ri:dn</shortcutValueAttribute>
+                <explicitReferentialIntegrity>false</explicitReferentialIntegrity>
+            	<valueAttribute>ri:dn</valueAttribute>
+            </association>
+			</objectType>
 
 		</schemaHandling>
 

testing/conntest/src/test/resources/edir/role-meta-org.xml

@@ -0,0 +1,54 @@
+<!--
+  ~ Copyright (c) 2015 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<role oid="f2ad0ace-45d7-11e5-af54-001e8c717e5b"
+        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
+        xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
+    <name>Org Metarole</name>
+
+    <inducement>
+    	<construction>
+    		<resourceRef oid="0893372c-3c42-11e5-9179-001e8c717e5b" type="c:ResourceType"/>
+    		<kind>entitlement</kind>
+            <intent>orgGroup</intent>
+    	</construction>
+    </inducement>
+
+    <inducement>
+    	<construction>
+    		<resourceRef oid="0893372c-3c42-11e5-9179-001e8c717e5b" type="c:ResourceType"/>
+    		<kind>account</kind>
+    		<intent>default</intent>
+    		<association>
+            	<ref>ri:orgGroup</ref>
+            	<outbound>
+            		<expression>
+            			<associationFromLink>
+            				<projectionDiscriminator>
+	            				<kind>entitlement</kind>
+	            				<intent>orgGroup</intent>
+            				</projectionDiscriminator>
+            			</associationFromLink>
+            		</expression>
+            	</outbound>
+            </association>
+    	</construction>  
+    	<order>2</order>
+    </inducement>
+
+</role>