Support projection policy rules

This is to provide projection-level event tags, like account enabled/disabled, account renamed, account entitlement changed, etc. Work in progress. Some tests may fail.
Evolveum · Jan 12, 2023 · bccbcf1 · bccbcf1
1 parent 6a3d401
commit bccbcf1
Show file tree

Hide file tree

Showing 49 changed files with 1,187 additions and 436 deletions.
diff --git a/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/PolicyRuleTypeUtil.java b/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/PolicyRuleTypeUtil.java
@@ -451,13 +451,21 @@ public static boolean isApplicableToAssignment(PolicyRuleType rule) {
      * Returns true if this policy rule can be applied to an object as a whole.
      */
     public static boolean isApplicableToObject(PolicyRuleType rule) {
-        if (rule.getEvaluationTarget() != null) {
-            return rule.getEvaluationTarget() == PolicyRuleEvaluationTargetType.OBJECT;
+        PolicyRuleEvaluationTargetType evaluationTarget = rule.getEvaluationTarget();
+        if (evaluationTarget != null) {
+            return evaluationTarget == PolicyRuleEvaluationTargetType.OBJECT;
         } else {
             return !hasAssignmentOnlyConstraint(rule);
         }
     }
 
+    /**
+     * Returns true if this policy rule can be applied to a projection.
+     */
+    public static boolean isApplicableToProjection(PolicyRuleType rule) {
+        return rule.getEvaluationTarget() == PolicyRuleEvaluationTargetType.PROJECTION;
+    }
+
     private static boolean hasAssignmentOnlyConstraint(PolicyRuleType rule) {
         // 'accept' continues until isNotAssignmentOnly is false; and returns false then --> so we return true in that case (i.e. we have found assignmentOnly-constraint)
         return !accept(rule.getPolicyConstraints(), PolicyRuleTypeUtil::isNotAssignmentOnly, true, true, F_AND, false);

diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
@@ -457,7 +457,7 @@
             <xsd:element name="triggeredPolicyRule" type="tns:EvaluatedPolicyRuleType" minOccurs="0" maxOccurs="unbounded">
                 <xsd:annotation>
                     <xsd:documentation>
-                        Triggered policy rules for this assignment. (Not necessarily complete; subject to specified storage strategy.)
+                        Triggered policy rules for this object. (Not necessarily complete; subject to specified storage strategy.)
                         This is EXPERIMENTAL functionality. It is possibly to change in the near future.
                     </xsd:documentation>
                     <xsd:appinfo>
@@ -14751,7 +14751,7 @@
             <xsd:enumeration value="object">
                 <xsd:annotation>
                     <xsd:documentation>
-                        The rule is to be evaluated against an object.
+                        The rule is to be evaluated against a focus object.
                     </xsd:documentation>
                     <xsd:appinfo>
                         <jaxb:typesafeEnumMember name="OBJECT"/>
@@ -14768,6 +14768,17 @@
                     </xsd:appinfo>
                 </xsd:annotation>
             </xsd:enumeration>
+            <xsd:enumeration value="projection">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        The rule is to be evaluated against a projection (i.e. a resource object shadow).
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:since>4.7</a:since>
+                        <jaxb:typesafeEnumMember name="PROJECTION"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
         </xsd:restriction>
     </xsd:simpleType>
 
@@ -15536,6 +15547,13 @@
                     </xsd:appinfo>
                 </xsd:annotation>
             </xsd:enumeration>
+            <xsd:enumeration value="00000000-0000-0000-0000-000000000735">
+                <xsd:annotation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="TAG_PROJECTION_PASSWORD_CHANGED"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
             <xsd:enumeration value="00000000-0000-0000-0000-000000001005">
                 <xsd:annotation>
                     <xsd:appinfo>
@@ -16492,6 +16510,13 @@
             <xsd:element name="projectionCredentials" type="tns:PartialProcessingTypeType" minOccurs="0" default="automatic"/>
             <xsd:element name="projectionReconciliation" type="tns:PartialProcessingTypeType" minOccurs="0" default="automatic"/>
             <xsd:element name="projectionLifecycle" type="tns:PartialProcessingTypeType" minOccurs="0" default="automatic"/>
+            <xsd:element name="projectionPolicyRules" type="tns:PartialProcessingTypeType" minOccurs="0" default="automatic">
+                <xsd:annotation>
+                    <xsd:appinfo>
+                        <a:since>4.7</a:since>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
             <xsd:element name="objectTemplateAfterProjections" type="tns:PartialProcessingTypeType" minOccurs="0" default="automatic"/>
             <xsd:element name="approvals" type="tns:PartialProcessingTypeType" minOccurs="0" default="automatic"/>
             <xsd:element name="execution" type="tns:PartialProcessingTypeType" minOccurs="0" default="automatic"/>