Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/master' into feature/repo-associ…
Browse files Browse the repository at this point in the history 
…ations
  • Loading branch information
@tonydamage
tonydamage committed Jul 2, 2024
2 parents 2a1db45 + d5454ba commit b7889ac
Show file tree
Hide file tree
Showing 467 changed files with 15,348 additions and 6,283 deletions.
11 changes: 1 addition & 10 deletions docs/admin-gui/admin-gui-config/index.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -823,16 +823,7 @@ For configuration of object details for resource (ResourceType) use tag `resourc
<connectorRef type="ConnectorType">
<resolutionTime>run</resolutionTime>
<filter>
<q:and>
<q:equal>
<q:path>connectorType</q:path>
<q:value>com.evolveum.polygon.connector.ldap.ad.AdLdapConnector</q:value>
</q:equal>
<q:equal>
<q:path>available</q:path>
<q:value>true</q:value>
</q:equal>
</q:and>
<q:text>connectorType = "com.evolveum.polygon.connector.ldap.ad.AdLdapConnector" and available = true</q:text>
</filter>
</connectorRef>
</resourceDetailsPage>
Expand Down
5 changes: 1 addition & 4 deletions docs/admin-gui/request-access/configuration.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,10 +153,7 @@ It will represent new menu item with list of roles defined by collectionRef or c
</display>
<collection>
<filter>
<q:substring>
<q:path>name</q:path>
<q:value>b</q:value>
</q:substring>
<q:text>name contains "b"</q:text>
</filter>
</collection>
</group>
Expand Down
19 changes: 3 additions & 16 deletions docs/misc/bulk/actions/search.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ Overrides "noFetch" option in "options" property if present.
<s:search>
<s:type>UserType</s:type>
<s:searchFilter>
<text>name = "jack"</text>
<q:equal>
<q:path>name</q:path>
<q:value>jack</q:value>
Expand All @@ -98,16 +99,7 @@ Overrides "noFetch" option in "options" property if present.
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<s:type>ShadowType</s:type>
<s:searchFilter>
<and xmlns="http://prism.evolveum.com/xml/ns/public/query-3">
<ref>
<path>resourceRef</path>
<value xsi:type="c:ObjectReferenceType" oid="10000000-0000-0000-0000-000000000004"/>
</ref>
<equal>
<path>objectClass</path>
<value xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance/10000000-0000-0000-0000-000000000004">ri:AccountObjectClass</value>
</equal>
</and>
<text>resourceRef matches (oid = "00b9edf3-1f98-4363-b10a-24cc3efa57b4") and objectClass = "ri:AccountObjectClass"</text>
</s:searchFilter>
<s:parameter>
<s:name>noFetch</s:name>
Expand All @@ -126,12 +118,7 @@ Overrides "noFetch" option in "options" property if present.
<s:type>UserType</s:type>
<s:query>
<q:filter>
<q:substring>
<q:matching>polyStringNorm</q:matching>
<q:path>name</q:path>
<q:value>b</q:value>
<q:anchorStart>true</q:anchorStart>
</q:substring>
<q:text>name startsWith[polyStringNorm] "b"</q:text>
</q:filter>
<q:paging>
<q:orderBy>name</q:orderBy>
Expand Down
9 changes: 2 additions & 7 deletions docs/misc/bulk/variables.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,12 +71,7 @@ It is possible to define additional variables within the `<executeScript>` eleme
<s:type>c:UserType</s:type>
<s:query>
<q:filter>
<q:equal>
<q:path>name</q:path>
<c:expression>
<c:path>$userName</c:path>
</c:expression>
</q:equal>
<q:text>name = $userName</q:text>
</q:filter>
</s:query>
</s:search>
Expand Down Expand Up @@ -199,4 +194,4 @@ For value-based the type is derived from the literal value xsi:type (if present)

Available since v3.7devel-714-ga4ad63b (October 20th, 2017).

See also xref:/midpoint/reference/tasks/task-template/[Task template HOWTO] to see how these feature can be used to execute parameterized bulk actions in ad-hoc tasks, created from a task template.
See also xref:/midpoint/reference/tasks/task-template/[Task template HOWTO] to see how these feature can be used to execute parameterized bulk actions in ad-hoc tasks, created from a task template.
7 changes: 2 additions & 5 deletions docs/resources/asynchronous/outbound/configuration/index.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,10 +96,7 @@ The resource object should then look like this:
<name>Async Provisioning Resource (Artemis JMS)</name>
<connectorRef type="ConnectorType">
<filter>
<q:equal>
<q:path>connectorType</q:path>
<q:value>AsyncProvisioningConnector</q:value>
</q:equal>
<q:text>connectorType = "AsyncProvisioningConnector"</q:text>
</filter>
</connectorRef>
<connectorConfiguration>
Expand Down Expand Up @@ -748,4 +745,4 @@ So the `$request` variable will contain a reference to `JsonAsyncProvisioningReq
. Therefore, expressions like `$!attrs["login"]` return single values of specified attributes or null, if the given attribute has no value.

Please see link:https://velocity.apache.org/engine/1.7/user-guide.html[Velocity User Guide] for more information.
(MidPoint currently uses Velocity 1.7.)
(MidPoint currently uses Velocity 1.7.)
9 changes: 3 additions & 6 deletions docs/resources/connector-setup.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,12 +164,9 @@ Like this:
<name>Dummy Resource</name>
<connectorRef>
<filter>
<q:equal>
<q:path>connectorType</q:path>
<q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value>
</q:equal>
<q:text>connectorType = "com.evolveum.polygon.connector.ldap.LdapConnector"</q:text>
</filter>
<connectorRef>
</connectorRef>
</resource>
----

Expand All @@ -185,7 +182,7 @@ All links between midPoint objects are based on OIDs, so they will remain valid
This is usually what you want for most objects.
But for the connectors there is an important consequence: if a connector is upgraded, new connector definition is created for the new connector version.
This definition will have new OID.
As the search filter in the reference is not executed for objects that are already stored in the repository the the `connectorRef` references in resource definitions need to be manually updated after connector upgrade.
As the search filter in the reference is not executed for objects that are already stored in the repository the `connectorRef` references in resource definitions need to be manually updated after connector upgrade.
====


Expand Down
15 changes: 3 additions & 12 deletions docs/resources/manual/configuration.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,7 @@ Following example shows the use of internal manual connector implementation:
<name>Manual Resource</name>
<connectorRef type="ConnectorType">
<filter>
<q:equal>
<q:path>c:connectorType</q:path>
<q:value>ManualConnector</q:value>
</q:equal>
<q:text>connectorType = "ManualConnector"</q:text>
</filter>
</connectorRef>
Expand Down Expand Up @@ -80,10 +77,7 @@ The following example shows combination of midPoint built-in manual connector an
<connectorRef type="ConnectorType">
<filter>
<q:equal>
<q:path>c:connectorType</q:path>
<q:value>ManualConnector</q:value>
</q:equal>
<q:text>connectorType = "ManualConnector"</q:text>
</filter>
</connectorRef>
Expand All @@ -95,10 +89,7 @@ The following example shows combination of midPoint built-in manual connector an
<name>csv</name>
<connectorRef type="ConnectorType">
<filter>
<q:equal>
<q:path>c:connectorType</q:path>
<q:value>com.evolveum.polygon.connector.csv.CsvConnector</q:value>
</q:equal>
<q:text>connectorType = "com.evolveum.polygon.connector.csv.CsvConnector"</q:text>
</filter>
</connectorRef>
<connectorConfiguration>
Expand Down
24 changes: 23 additions & 1 deletion docs/resources/propagation/configuration.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ Therefore there is an experimental support for multi-resource propagation task:
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/provisioning/task/propagation/multi-handler-3</handlerUri>
<objectRef type="ResourceType">
<filter>
<q:text>extension/provisioning = "propagated"</q:text>
<q:equal>
<q:path>extension/provisioning</q:path>
<q:value>propagated</q:value>
Expand All @@ -135,7 +136,7 @@ Therefore there is an experimental support for multi-resource propagation task:

Please note the difference in task handler URI (`handler-3` versus `multi-handler-3`).

.Notation in 4.4 and after
.Notation in 4.4 and after - XML query
[source,xml]
----
<task>
Expand All @@ -159,6 +160,27 @@ Please note the difference in task handler URI (`handler-3` versus `multi-handle
</task>
----

.Notation in 4.8 and after - MidPoint Query
[source,xml]
----
<task>
...
<activity>
<work>
<multiPropagation>
<resources>
<query>
<q:filter>
<q:text>extension/provisioning = "propagated"</q:text>
</q:filter>
</query>
</resources>
</multiPropagation>
</work>
</activity>
</task>
----

== Limitations

Current implementation of provisioning propagation was designed specifically to work with simple xref:/midpoint/reference/resources/manual/[manual resources]. Therefore there are some limitations:
Expand Down
9 changes: 3 additions & 6 deletions docs/resources/resource-configuration/index.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,10 +103,7 @@ Using filters in smart references make it easy to define connector by type or ve
<connectorRef type="ConnectorType">
<description>Reference to the ICF LDAP connector by connectorType</description>
<filter>
<q:equal>
<q:path>connectorType</q:path>
<q:value>org.identityconnectors.ldap.LdapConnector</q:value>
</q:equal>
<q:text>connectorType = "org.identityconnectors.ldap.LdapConnector"</q:text>
</filter>
</connectorRef>
Expand Down Expand Up @@ -219,7 +216,7 @@ There are used for internal midPoint optimizations.
...
</xsd:schema>
</definition>
</schema>
</schema>
----

Expand Down Expand Up @@ -799,4 +796,4 @@ The samples have in-line comments to make it easier to understand them.

* What is link:https://evolveum.com/midpoint/[midPoint Open Source Identity & Access Management]

* link:https://evolveum.com/[Evolveum] - Team of IAM professionals who developed midPoint
* link:https://evolveum.com/[Evolveum] - Team of IAM professionals who developed midPoint
19 changes: 2 additions & 17 deletions docs/resources/resource-configuration/protected-accounts.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,7 @@ Following code provides an example of such definition:
...
<protected>
<filter>
<q:equal>
<q:matching>stringIgnoreCase</q:matching>
<q:path>
declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
attributes/ri:carLicense
</q:path>
<q:value>ignoreme</q:value>
</q:equal>
<q:text>attributes/carLicense =[stringIgnoreCase] "ignoreme"</q:text>
</filter>
</protected>
...
Expand All @@ -66,15 +59,7 @@ Please see bug:MID-7671[]. This restriction is going to be lifted by caching the
...
<protected>
<filter>
<q:substring>
<q:matching>stringIgnoreCase</q:matching>
<q:path>
declare namespace icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3";
attributes/icfs:name
</q:path>
<q:value>ou=SUPERSECRET,dc=example,dc=com</q:value>
<q:anchorEnd>true</q:anchorEnd>
</q:substring>
<q:text>attributes/name endsWith[stringIgnoreCase] "ou=SUPERSECRET,dc=example,dc=com"</q:text>
</filter>
</protected>
...
Expand Down
25 changes: 5 additions & 20 deletions docs/resources/resource-configuration/schema-handling/changes-in-4.6.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,10 +83,7 @@ The following configuration restricts the `entitlement/unixGroup` type to object
<baseContext>
<objectClass>ri:organizationalUnit</objectClass>
<filter>
<q:equal>
<q:path>attributes/dn</q:path>
<q:value>ou=unixgroups,dc=example,dc=com</q:value>
</q:equal>
<q:text>attributes/dn = "ou=unixgroups,dc=example,dc=com"</q:text>
</filter>
</baseContext>
</delineation>
Expand Down Expand Up @@ -227,10 +224,7 @@ Here is an (artificial) example of using advanced resource object type delineati
<baseContext>
<objectClass>ri:organizationalUnit</objectClass>
<filter>
<q:equal>
<q:path>attributes/dn</q:path>
<q:value>ou=employees,dc=example,dc=com</q:value>
</q:equal>
<q:text>attributes/dn = "ou=employees,dc=example,dc=com"</q:text>
</filter>
</baseContext>
</delineation>
Expand All @@ -249,10 +243,7 @@ Here is an (artificial) example of using advanced resource object type delineati
<baseContext>
<objectClass>ri:organizationalUnit</objectClass>
<filter>
<q:equal>
<q:path>attributes/dn</q:path>
<q:value>ou=special,dc=example,dc=com</q:value>
</q:equal>
<q:text>attributes/dn = "ou=special,dc=example,dc=com"</q:text>
</filter>
</baseContext>
</delineation>
Expand All @@ -272,10 +263,7 @@ Here is an (artificial) example of using advanced resource object type delineati
<delineation>
<!-- baseContext is inherited -->
<filter>
<q:equal>
<q:path>attributes/businessCategory</q:path>
<q:value>admin</q:value>
</q:equal>
<q:text>attributes/businessCategory = "admin"</q:text>
</filter>
</delineation>
</objectType>
Expand All @@ -294,10 +282,7 @@ Here is an (artificial) example of using advanced resource object type delineati
<delineation>
<!-- baseContext is inherited -->
<filter>
<q:equal>
<q:path>attributes/businessCategory</q:path>
<q:value>tester</q:value>
</q:equal>
<q:text>attributes/businessCategory = "tester"</q:text>
</filter>
</delineation>
</objectType>
Expand Down
16 changes: 3 additions & 13 deletions docs/roles-policies/assignment/configuration/index.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,10 +279,7 @@ Following example is looking up the group by name:
<expression>
<associationTargetSearch>
<filter>
<q:equal>
<q:path>attributes/icfs:name</q:path>
<q:value>landlubers</q:value>
</q:equal>
<q:text>attributes/name = "landlubers"</q:text>
</filter>
</associationTargetSearch>
</expression>
Expand Down Expand Up @@ -313,14 +310,7 @@ In this case we can use algorithm to determine the name of the entitlement (grou
<expression>
<associationTargetSearch>
<filter>
<q:equal>
<q:path>attributes/icfs:name</q:path>
<expression>
<script>
<code>'group-' + name</code>
</script>
</expression>
</q:equal>
<q:text>attributes/name = `"group-" + name`</q:text>
</filter>
</associationTargetSearch>
</expression>
Expand Down Expand Up @@ -672,4 +662,4 @@ See xref:/midpoint/architecture/concepts/relaxed-referential-integrity/[Relaxed

* xref:/midpoint/reference/expressions/expressions/[Expression], especially part about assignment expressions

* xref:/midpoint/architecture/concepts/relaxed-referential-integrity/[Relaxed Referential Integrity]
* xref:/midpoint/architecture/concepts/relaxed-referential-integrity/[Relaxed Referential Integrity]
11 changes: 2 additions & 9 deletions docs/roles-policies/automatic-role-assignment.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,14 +98,7 @@ This evaluator can be used to dynamically look up assignment targets:
<assignmentTargetSearch>
<targetType>RoleType</targetType>
<filter>
<q:equal>
<q:path>name</q:path>
<expression>
<script>
<code>'Employee:' + employeeType</code>
</script>
</expression>
</q:equal>
<q:text>name = `"Employee:" + employeeType`</q:text>
</filter>
</assignmentTargetSearch>
</expression>
Expand Down Expand Up @@ -145,4 +138,4 @@ And so on.

* xref:/midpoint/reference/roles-policies/assignment/[Assignment]

* xref:/midpoint/reference/expressions/object-template/[Object Template]
* xref:/midpoint/reference/expressions/object-template/[Object Template]
Loading

0 comments on commit b7889ac

Please sign in to comment.