Tests for modification of metarole and recompute.

Evolveum · Nov 21, 2016 · 8181429 · 8181429
1 parent e9cc551
commit 8181429
Show file tree

Hide file tree

Showing 7 changed files with 257 additions and 8 deletions.
diff --git a/icf-connectors/dummy-resource/src/main/java/com/evolveum/icf/dummy/resource/DummyGroup.java b/icf-connectors/dummy-resource/src/main/java/com/evolveum/icf/dummy/resource/DummyGroup.java
@@ -84,6 +84,7 @@ public String debugDump() {
 
 	@Override
 	protected void extendDebugDump(StringBuilder sb, int indent) {
+		sb.append("\n");
 		DebugUtil.debugDumpWithLabelToStringLn(sb, "Members", getMembers(), indent + 1);
 	}
 

diff --git a/icf-connectors/dummy-resource/src/main/java/com/evolveum/icf/dummy/resource/DummyObject.java b/icf-connectors/dummy-resource/src/main/java/com/evolveum/icf/dummy/resource/DummyObject.java
@@ -442,8 +442,10 @@ public String debugDump() {
 	public String debugDump(int indent) {
 		StringBuilder sb = new StringBuilder();
 		DebugUtil.indentDebugDump(sb, indent);
-		sb.append("DummyAccount: ").append(name).append("\n");
+		sb.append(getClass().getSimpleName());
+		sb.append(": ").append(name);
 		if (!auxiliaryObjectClassNames.isEmpty()) {
+			sb.append("\n");
 			DebugUtil.debugDumpWithLabelToString(sb, "Auxiliary object classes", auxiliaryObjectClassNames, indent + 1);
 		}
 		sb.append("\n");

diff --git a/infra/test-util/src/main/java/com/evolveum/midpoint/test/util/MidPointAsserts.java b/infra/test-util/src/main/java/com/evolveum/midpoint/test/util/MidPointAsserts.java
@@ -34,6 +34,7 @@
 import com.evolveum.midpoint.prism.util.PrismAsserts;
 import com.evolveum.midpoint.schema.constants.ObjectTypes;
 import com.evolveum.midpoint.schema.util.MiscSchemaUtil;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
@@ -98,7 +99,13 @@ public static <F extends FocusType> void assertAssignments(PrismObject<F> user,
 		F userType = user.asObjectable();
 		assertEquals("Unexepected number of assignments in "+user+": "+userType.getAssignment(), expectedNumber, userType.getAssignment().size());
 	}
-
+
+	public static <R extends AbstractRoleType> void assertInducements(PrismObject<R> role, int expectedNumber) {
+		R roleType = role.asObjectable();
+		assertEquals("Unexepected number of inducements in "+role+": "+roleType.getInducement(), 
+				expectedNumber, roleType.getInducement().size());
+	}
+
 	public static <F extends FocusType> void assertAssignments(PrismObject<F> user, Class expectedType, int expectedNumber) {
 		F userType = user.asObjectable();
 		int actualAssignments = 0;

diff --git a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/rbac/TestRbac.java b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/rbac/TestRbac.java
@@ -15,10 +15,10 @@
  */
 package com.evolveum.midpoint.model.intest.rbac;
 
-import static org.testng.AssertJUnit.assertNotNull;
-import static org.testng.AssertJUnit.assertNull;
 import static com.evolveum.midpoint.test.IntegrationTestTools.display;
 import static org.testng.AssertJUnit.assertEquals;
+import static org.testng.AssertJUnit.assertNotNull;
+import static org.testng.AssertJUnit.assertNull;
 import static org.testng.AssertJUnit.assertTrue;
 
 import java.io.File;
@@ -29,7 +29,6 @@
 import javax.xml.datatype.XMLGregorianCalendar;
 import javax.xml.namespace.QName;
 
-import com.evolveum.midpoint.prism.query.builder.QueryBuilder;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.annotation.DirtiesContext.ClassMode;
 import org.springframework.test.context.ContextConfiguration;
@@ -38,8 +37,8 @@
 
 import com.evolveum.icf.dummy.resource.DummyAccount;
 import com.evolveum.midpoint.model.api.PolicyViolationException;
-import com.evolveum.midpoint.model.api.context.EvaluatedAssignmentTarget;
 import com.evolveum.midpoint.model.api.context.EvaluatedAssignment;
+import com.evolveum.midpoint.model.api.context.EvaluatedAssignmentTarget;
 import com.evolveum.midpoint.model.api.context.ModelContext;
 import com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest;
 import com.evolveum.midpoint.prism.PrismContainer;
@@ -52,9 +51,8 @@
 import com.evolveum.midpoint.prism.path.IdItemPathSegment;
 import com.evolveum.midpoint.prism.path.ItemPath;
 import com.evolveum.midpoint.prism.path.NameItemPathSegment;
-import com.evolveum.midpoint.prism.query.EqualFilter;
-import com.evolveum.midpoint.prism.query.ObjectFilter;
 import com.evolveum.midpoint.prism.query.ObjectQuery;
+import com.evolveum.midpoint.prism.query.builder.QueryBuilder;
 import com.evolveum.midpoint.prism.schema.PrismSchema;
 import com.evolveum.midpoint.prism.util.PrismAsserts;
 import com.evolveum.midpoint.prism.util.PrismTestUtil;
@@ -125,6 +123,12 @@ public class TestRbac extends AbstractInitializedModelIntegrationTest {
 	protected static final File ROLE_NON_ASSIGNABLE_FILE = new File(TEST_DIR, "role-non-assignable.xml");
 	protected static final String ROLE_NON_ASSIGNABLE_OID = "db67d2f0-abd8-11e6-9c30-b35abe3e4e3a";
 
+	protected static final File ROLE_META_FOOL_FILE = new File(TEST_DIR, "role-meta-fool.xml");
+	protected static final String ROLE_META_FOOL_OID = "2edc5fe4-af3c-11e6-a81e-eb332578ec4f";
+
+	protected static final File ROLE_BLOODY_FOOL_FILE = new File(TEST_DIR, "role-bloody-fool.xml");
+	protected static final String ROLE_BLOODY_FOOL_OID = "0a0ac150-af3d-11e6-9901-67fbcbd5bb25";
+
 	protected static final File ORG_PROJECT_RECLAIM_BLACK_PEARL_FILE = new File(TEST_DIR, "org-project-reclaim-black-pearl.xml");
 	protected static final String ORG_PROJECT_RECLAIM_BLACK_PEARL_OID = "00000000-8888-6666-0000-200000005000";
 
@@ -140,6 +144,9 @@ public class TestRbac extends AbstractInitializedModelIntegrationTest {
 	private static final String USER_BIGNOSE_NAME = "bignose";
 	private static final String USER_BIGNOSE_FULLNAME = "Bignose the Noncannibal";
 
+	private static final String GROUP_FOOLS_NAME = "fools";
+	private static final String GROUP_SIMPLETONS_NAME = "simpletons";
+
 
 	private String userLemonheadOid;
 	private String userSharptoothOid;
@@ -175,6 +182,11 @@ public void initSystem(Task initTask, OperationResult initResult)
 		repoAddObjectFromFile(ROLE_WEAK_GOSSIPER_FILE, RoleType.class, initResult);
 		repoAddObjectFromFile(ROLE_IMMUTABLE_FILE, RoleType.class, initResult);
 		repoAddObjectFromFile(ROLE_NON_ASSIGNABLE_FILE, RoleType.class, initResult);
+		repoAddObjectFromFile(ROLE_META_FOOL_FILE, RoleType.class, initResult);
+		repoAddObjectFromFile(ROLE_BLOODY_FOOL_FILE, RoleType.class, initResult);
+
+		dummyResourceCtl.addGroup(GROUP_FOOLS_NAME);
+		dummyResourceCtl.addGroup(GROUP_SIMPLETONS_NAME);
 
 	}
 
@@ -2957,5 +2969,114 @@ public void test820AssignRoleNonAssignable() throws Exception {
         display("user after", userJackAfter);
         assertNoAssignments(userJackAfter);
 	}
+
+	@Test
+    public void test850JackAssignRoleBloodyFool() throws Exception {
+		final String TEST_NAME = "test850JackAssignRoleBloodyFool";
+        TestUtil.displayTestTile(this, TEST_NAME);
+        assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL);
+
+        Task task = taskManager.createTaskInstance(TestRbac.class.getName() + "." + TEST_NAME);
+        task.setOwner(getUser(USER_ADMINISTRATOR_OID));
+        OperationResult result = task.getResult();
+
+        PrismObject<UserType> userBefore = getUser(USER_JACK_OID);
+        display("User jack before", userBefore);
+
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        assignRole(USER_JACK_OID, ROLE_BLOODY_FOOL_OID, task, result);
+
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+
+        PrismObject<UserType> userAfter = getUser(USER_JACK_OID);
+        display("User jack after", userAfter);
+
+        assertAssignedRole(userAfter, ROLE_BLOODY_FOOL_OID);
+
+        assertDummyAccount(null, ACCOUNT_JACK_DUMMY_USERNAME, ACCOUNT_JACK_DUMMY_FULLNAME, true);
+        assertDummyAccountAttribute(null, ACCOUNT_JACK_DUMMY_USERNAME, 
+        		DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_TITLE_NAME, "Fool", "Simpleton");
+
+        display("Simpleton groups", dummyResource.getGroupByName(GROUP_SIMPLETONS_NAME));
+
+        assertDummyGroupMember(null, GROUP_FOOLS_NAME, ACCOUNT_JACK_DUMMY_USERNAME);
+        assertDummyGroupMember(null, GROUP_SIMPLETONS_NAME, ACCOUNT_JACK_DUMMY_USERNAME);
+
+	}
+
+	@Test
+    public void test855JackModifyFoolMetaroleDeleteInducement() throws Exception {
+		final String TEST_NAME = "test855JackModifyFoolMetaroleDeleteInducement";
+        TestUtil.displayTestTile(this, TEST_NAME);
+        assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL);
+
+        Task task = taskManager.createTaskInstance(TestRbac.class.getName() + "." + TEST_NAME);
+        task.setOwner(getUser(USER_ADMINISTRATOR_OID));
+        OperationResult result = task.getResult();
+
+        PrismObject<RoleType> roleBefore = getObject(RoleType.class, ROLE_META_FOOL_OID);
+        display("Role meta fool before", roleBefore);
+        assertInducements(roleBefore, 2);
+
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        modifyRoleDeleteInducement(ROLE_META_FOOL_OID, 10002L, false, task);
+
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+
+        PrismObject<RoleType> roleAfter = getObject(RoleType.class, ROLE_META_FOOL_OID);
+        display("Role meta fool after", roleAfter);
+        assertInducements(roleAfter, 1);
+	}
+
+	@Test
+    public void test857JackReconcile() throws Exception {
+		final String TEST_NAME = "test857JackReconcile";
+        TestUtil.displayTestTile(this, TEST_NAME);
+        assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL);
+
+        Task task = taskManager.createTaskInstance(TestRbac.class.getName() + "." + TEST_NAME);
+        task.setOwner(getUser(USER_ADMINISTRATOR_OID));
+        OperationResult result = task.getResult();
+
+        PrismObject<UserType> userBefore = getUser(USER_JACK_OID);
+        display("User jack before", userBefore);
+
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        reconcileUser(USER_JACK_OID, task, result);
+
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+
+        PrismObject<UserType> userAfter = getUser(USER_JACK_OID);
+        display("User jack after", userAfter);
+
+        assertAssignedRole(userAfter, ROLE_BLOODY_FOOL_OID);
+
+        assertDummyAccount(null, ACCOUNT_JACK_DUMMY_USERNAME, ACCOUNT_JACK_DUMMY_FULLNAME, true);
+
+        // Title attribute is tolerant. As there is no delta then there is no reason to remove
+        // the Simpleton value.
+        assertDummyAccountAttribute(null, ACCOUNT_JACK_DUMMY_USERNAME, 
+        		DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_TITLE_NAME, "Fool", "Simpleton");
+
+        display("Simpleton groups", dummyResource.getGroupByName(GROUP_SIMPLETONS_NAME));
+
+        assertDummyGroupMember(null, GROUP_FOOLS_NAME, ACCOUNT_JACK_DUMMY_USERNAME);
+        // Group association is non-tolerant. It should be removed.
+        assertNoDummyGroupMember(null, GROUP_SIMPLETONS_NAME, ACCOUNT_JACK_DUMMY_USERNAME);
+
+
+	}
 
 }
diff --git a/model/model-intest/src/test/resources/rbac/role-bloody-fool.xml b/model/model-intest/src/test/resources/rbac/role-bloody-fool.xml
@@ -0,0 +1,23 @@
+<!--
+  ~ Copyright (c) 2016 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<role oid="0a0ac150-af3d-11e6-9901-67fbcbd5bb25"
+        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
+    <name>Bloody Fool</name>
+    <assignment>
+    	<!-- Fool metarole -->
+        <targetRef oid="2edc5fe4-af3c-11e6-a81e-eb332578ec4f" type="RoleType"/>
+    </assignment>
+</role>
diff --git a/model/model-intest/src/test/resources/rbac/role-meta-fool.xml b/model/model-intest/src/test/resources/rbac/role-meta-fool.xml
@@ -0,0 +1,89 @@
+<!--
+  ~ Copyright (c) 2016 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<role oid="2edc5fe4-af3c-11e6-a81e-eb332578ec4f"
+        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance/10000000-0000-0000-0000-000000000004"
+        xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
+        xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3">
+    <name>Fool Metaroler</name>
+    <inducement id="10001">
+        <construction>
+    		<resourceRef oid="10000000-0000-0000-0000-000000000004"/>
+    		<kind>account</kind>
+    		<attribute>
+                <ref>ri:title</ref>
+                <outbound>
+                	<strength>strong</strength>
+                	<expression>
+						<value>Fool</value>
+					</expression>
+				</outbound>
+            </attribute>
+            <association>
+            	<ref>ri:group</ref>
+            	<outbound>
+            		<strength>strong</strength>
+                	<expression>
+						<associationTargetSearch>
+							<filter>
+								<q:equal>
+									<q:path>attributes/icfs:name</q:path>
+									<q:value>fools</q:value>
+								</q:equal>
+							</filter>
+							<searchStrategy>onResourceIfNeeded</searchStrategy>
+						</associationTargetSearch>
+					</expression>
+				</outbound>
+            </association>
+        </construction>
+        <focusType>UserType</focusType>
+        <order>2</order>
+    </inducement>
+    <inducement id="10002">
+        <construction>
+    		<resourceRef oid="10000000-0000-0000-0000-000000000004"/>
+    		<kind>account</kind>
+    		<attribute>
+                <ref>ri:title</ref>
+                <outbound>
+                	<expression>
+						<value>Simpleton</value>
+					</expression>
+				</outbound>
+            </attribute>
+            <association>
+            	<ref>ri:group</ref>
+            	<outbound>
+            		<strength>strong</strength>
+                	<expression>
+						<associationTargetSearch>
+							<filter>
+								<q:equal>
+									<q:path>attributes/icfs:name</q:path>
+									<q:value>simpletons</q:value>
+								</q:equal>
+							</filter>
+							<searchStrategy>onResourceIfNeeded</searchStrategy>
+						</associationTargetSearch>
+					</expression>
+				</outbound>
+            </association>
+        </construction>
+        <focusType>UserType</focusType>
+        <order>2</order>
+    </inducement>
+</role>
diff --git a/...del-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java b/...del-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
@@ -111,6 +111,7 @@
 import com.evolveum.midpoint.util.exception.*;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AdminGuiConfigurationType;
@@ -1673,6 +1674,10 @@ protected <F extends FocusType> void assertAssignments(PrismObject<F> user, int
 		MidPointAsserts.assertAssignments(user, expectedNumber);
 	}
 
+	protected <R extends AbstractRoleType> void assertInducements(PrismObject<R> role, int expectedNumber) {
+		MidPointAsserts.assertInducements(role, expectedNumber);
+	}
+
 	protected <F extends FocusType> void assertAssignments(PrismObject<F> user, Class expectedType, int expectedNumber) {
 		MidPointAsserts.assertAssignments(user, expectedType, expectedNumber);
 	}
@@ -2859,6 +2864,7 @@ protected void assertDummyGroupAttribute(String dummyInstanceName, String groupn
     protected void assertDummyGroupMember(String dummyInstanceName, String dummyGroupName, String accountId) throws ConnectException, FileNotFoundException, SchemaViolationException, ConflictException {
     	DummyResource dummyResource = DummyResource.getInstance(dummyInstanceName);
 		DummyGroup group = dummyResource.getGroupByName(dummyGroupName);
+		assertNotNull("No dummy group "+dummyGroupName, group);
 		IntegrationTestTools.assertGroupMember(group, accountId);
 	}