-
Notifications
You must be signed in to change notification settings - Fork 188
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Write auto-assignment expression profile tests
Also, added a note to the XSD docs that expressions in auto-assignment filters are not supported.
- Loading branch information
Showing
12 changed files
with
319 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
49 changes: 49 additions & 0 deletions
49
...l/model-intest/src/test/resources/profiles/role-restricted-auto-bad-mapping-condition.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
<!-- | ||
~ Copyright (C) 2010-2023 Evolveum and contributors | ||
~ | ||
~ This work is dual-licensed under the Apache License 2.0 | ||
~ and European Union Public License. See LICENSE file for details. | ||
--> | ||
|
||
<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" | ||
oid="eceab160-de05-4b1b-9d09-27cc789252c3"> | ||
<name>restricted-auto-bad-mapping-condition</name> | ||
<documentation> | ||
Auto-assigned role that contains a non-compliant mapping condition. | ||
</documentation> | ||
<assignment> | ||
<targetRef oid="a2242707-43cd-4f18-b986-573cb468693d" type="ArchetypeType"/> | ||
</assignment> | ||
<autoassign> | ||
<enabled>true</enabled> | ||
<focus> | ||
<mapping id="456"> | ||
<expression> | ||
<script> | ||
<code> | ||
assignment // compliant | ||
</code> | ||
</script> | ||
</expression> | ||
<condition> | ||
<script> | ||
<code> | ||
System.setProperty('hack', 'true') // non-compliant | ||
true | ||
</code> | ||
</script> | ||
</condition> | ||
</mapping> | ||
<selector> | ||
<type>UserType</type> | ||
<filter> | ||
<q:equal> | ||
<q:path>costCenter</q:path> | ||
<q:value>auto</q:value> | ||
</q:equal> | ||
</filter> | ||
</selector> | ||
</focus> | ||
</autoassign> | ||
</role> |
47 changes: 47 additions & 0 deletions
47
.../model-intest/src/test/resources/profiles/role-restricted-auto-bad-mapping-expression.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
<!-- | ||
~ Copyright (C) 2010-2023 Evolveum and contributors | ||
~ | ||
~ This work is dual-licensed under the Apache License 2.0 | ||
~ and European Union Public License. See LICENSE file for details. | ||
--> | ||
|
||
<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" | ||
oid="26f61dc6-efff-4614-aac6-25753b81512f"> | ||
<name>restricted-auto-bad-mapping-expression</name> | ||
<documentation> | ||
Auto-assigned role that contains a non-compliant mapping expression. | ||
</documentation> | ||
<assignment> | ||
<targetRef oid="a2242707-43cd-4f18-b986-573cb468693d" type="ArchetypeType"/> | ||
</assignment> | ||
<autoassign> | ||
<enabled>true</enabled> | ||
<focus> | ||
<mapping id="123"> | ||
<expression> | ||
<script> | ||
<code> | ||
System.setProperty('hack', 'true') // non-compliant | ||
assignment | ||
</code> | ||
</script> | ||
</expression> | ||
<condition> | ||
<script> | ||
<code>true</code> <!-- compliant --> | ||
</script> | ||
</condition> | ||
</mapping> | ||
<selector> | ||
<type>UserType</type> | ||
<filter> | ||
<q:equal> | ||
<q:path>costCenter</q:path> | ||
<q:value>auto</q:value> | ||
</q:equal> | ||
</filter> | ||
</selector> | ||
</focus> | ||
</autoassign> | ||
</role> |
40 changes: 40 additions & 0 deletions
40
model/model-intest/src/test/resources/profiles/role-restricted-auto-filter-expression.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
<!-- | ||
~ Copyright (C) 2010-2023 Evolveum and contributors | ||
~ | ||
~ This work is dual-licensed under the Apache License 2.0 | ||
~ and European Union Public License. See LICENSE file for details. | ||
--> | ||
|
||
<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" | ||
oid="885bc0b4-2493-4658-a523-8a3f7eeb770b"> | ||
<name>restricted-auto-filter-expression</name> | ||
<documentation> | ||
Auto-assigned role that contains an expression in a filter. | ||
</documentation> | ||
<assignment> | ||
<targetRef oid="a2242707-43cd-4f18-b986-573cb468693d" type="ArchetypeType"/> | ||
</assignment> | ||
<autoassign> | ||
<enabled>true</enabled> | ||
<focus> | ||
<selector> | ||
<type>UserType</type> | ||
<filter> | ||
<q:equal> | ||
<q:path>name</q:path> | ||
<expression> | ||
<script> | ||
<code> | ||
// the script will not be evaluated (for now), so this will not explode - but will not | ||
// assign anything, as there are no unnamed users | ||
throw new IllegalStateException() | ||
</code> | ||
</script> | ||
</expression> | ||
</q:equal> | ||
</filter> | ||
</selector> | ||
</focus> | ||
</autoassign> | ||
</role> |
46 changes: 46 additions & 0 deletions
46
model/model-intest/src/test/resources/profiles/role-restricted-auto-good.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
<!-- | ||
~ Copyright (C) 2010-2023 Evolveum and contributors | ||
~ | ||
~ This work is dual-licensed under the Apache License 2.0 | ||
~ and European Union Public License. See LICENSE file for details. | ||
--> | ||
|
||
<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" | ||
oid="a6ace69f-ecfb-457b-97ea-0b5a8b4a6ad3"> | ||
<name>restricted-auto-good</name> | ||
<documentation> | ||
Auto-assigned role that contains only "correct" mappings w.r.t. `restricted` expression profile. | ||
</documentation> | ||
<assignment> | ||
<targetRef oid="a2242707-43cd-4f18-b986-573cb468693d" type="ArchetypeType"/> | ||
</assignment> | ||
<autoassign> | ||
<enabled>true</enabled> | ||
<focus> | ||
<mapping> | ||
<expression> | ||
<script> | ||
<code> | ||
assignment // compliant | ||
</code> | ||
</script> | ||
</expression> | ||
<condition> | ||
<script> | ||
<code>true</code> <!-- compliant --> | ||
</script> | ||
</condition> | ||
</mapping> | ||
<selector> | ||
<type>UserType</type> | ||
<filter> | ||
<q:equal> | ||
<q:path>costCenter</q:path> | ||
<q:value>auto</q:value> <!-- no scripting expressions here are supported for now --> | ||
</q:equal> | ||
</filter> | ||
</selector> | ||
</focus> | ||
</autoassign> | ||
</role> |
Oops, something went wrong.