diff --git a/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/CompositeRefinedObjectClassDefinitionImpl.java b/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/CompositeRefinedObjectClassDefinitionImpl.java index 98c6f08d0ed..ac8eeda193f 100644 --- a/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/CompositeRefinedObjectClassDefinitionImpl.java +++ b/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/CompositeRefinedObjectClassDefinitionImpl.java @@ -351,10 +351,15 @@ public AttributeFetchStrategyType getPasswordFetchStrategy() { } @Override + @Deprecated public ObjectReferenceType getPasswordPolicy() { return structuralObjectClassDefinition.getPasswordPolicy(); } + public ObjectReferenceType getSecurityPolicyRef() { + return structuralObjectClassDefinition.getSecurityPolicyRef(); + } + @Override public ResourceActivationDefinitionType getActivationSchemaHandling() { return structuralObjectClassDefinition.getActivationSchemaHandling(); diff --git a/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/LayerRefinedObjectClassDefinitionImpl.java b/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/LayerRefinedObjectClassDefinitionImpl.java index 0ee36c4a813..03ff114cbc7 100644 --- a/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/LayerRefinedObjectClassDefinitionImpl.java +++ b/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/LayerRefinedObjectClassDefinitionImpl.java @@ -355,10 +355,15 @@ public List getPasswordOutbound() { } @Override + @Deprecated public ObjectReferenceType getPasswordPolicy() { return refinedObjectClassDefinition.getPasswordPolicy(); } + public ObjectReferenceType getSecurityPolicyRef() { + return refinedObjectClassDefinition.getSecurityPolicyRef(); + } + @Override public ResourcePasswordDefinitionType getPasswordDefinition() { return refinedObjectClassDefinition.getPasswordDefinition(); diff --git a/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedObjectClassDefinition.java b/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedObjectClassDefinition.java index d4d7b53df9e..918965e91ba 100644 --- a/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedObjectClassDefinition.java +++ b/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedObjectClassDefinition.java @@ -171,7 +171,10 @@ default PrismObject createBlankShadow() { AttributeFetchStrategyType getPasswordFetchStrategy(); + @Deprecated ObjectReferenceType getPasswordPolicy(); + + ObjectReferenceType getSecurityPolicyRef(); ResourceActivationDefinitionType getActivationSchemaHandling(); diff --git a/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedObjectClassDefinitionImpl.java b/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedObjectClassDefinitionImpl.java index c6dfb223bb1..29a22f99c58 100644 --- a/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedObjectClassDefinitionImpl.java +++ b/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedObjectClassDefinitionImpl.java @@ -506,7 +506,17 @@ public AttributeFetchStrategyType getPasswordFetchStrategy() { return password.getFetchStrategy(); } + + @Override + public ObjectReferenceType getSecurityPolicyRef() { + if (schemaHandlingObjectTypeDefinitionType == null) { + return null; + } + return schemaHandlingObjectTypeDefinitionType.getSecurityPolicyRef(); + } + @Override + @Deprecated public ObjectReferenceType getPasswordPolicy() { ResourcePasswordDefinitionType password = getPasswordDefinition(); if (password == null || password.getPasswordPolicyRef() == null){ diff --git a/infra/prism-impl/src/main/java/com/evolveum/midpoint/prism/impl/delta/PrismValueDeltaSetTripleImpl.java b/infra/prism-impl/src/main/java/com/evolveum/midpoint/prism/impl/delta/PrismValueDeltaSetTripleImpl.java index b5115d17b1b..868b561ae94 100644 --- a/infra/prism-impl/src/main/java/com/evolveum/midpoint/prism/impl/delta/PrismValueDeltaSetTripleImpl.java +++ b/infra/prism-impl/src/main/java/com/evolveum/midpoint/prism/impl/delta/PrismValueDeltaSetTripleImpl.java @@ -170,7 +170,7 @@ private void removeEmptyValues(Collection set, boolean allowEmptyRealValues) Iterator iterator = set.iterator(); while (iterator.hasNext()) { V val = iterator.next(); - if (val.isEmpty()) { + if (val == null || val.isEmpty()) { iterator.remove(); continue; } diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd index 8d63b65fcf5..7883d04968e 100755 --- a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd +++ b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd @@ -6595,6 +6595,18 @@ + + + +

+ Reference to the object type security policy settings. +

+ + + tns:SecurityPolicyType + + + @@ -8167,10 +8179,16 @@ - Reference to the account type password policy settings. +

+ Reference to the account type password policy settings. +

+

+ DEPRECATED: use securityPolicyRef in objectType element instead. +

tns:ValuePolicyType + true diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-model-context-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-model-context-3.xsd index 279ab589b17..89791312872 100644 --- a/infra/schema/src/main/resources/xml/ns/public/common/common-model-context-3.xsd +++ b/infra/schema/src/main/resources/xml/ns/public/common/common-model-context-3.xsd @@ -1,7 +1,7 @@ - enabled - + diff --git a/model/model-common/src/test/resources/expression/functions/account-jack.xml b/model/model-common/src/test/resources/expression/functions/account-jack.xml index b40a0ac2e44..11d7e3ba80f 100644 --- a/model/model-common/src/test/resources/expression/functions/account-jack.xml +++ b/model/model-common/src/test/resources/expression/functions/account-jack.xml @@ -1,6 +1,6 @@ -rum smell - + diff --git a/model/model-common/src/test/resources/mapping/account-inbound-mapping.xml b/model/model-common/src/test/resources/mapping/account-inbound-mapping.xml index 5076b48d48a..12fc4dc6f46 100644 --- a/model/model-common/src/test/resources/mapping/account-inbound-mapping.xml +++ b/model/model-common/src/test/resources/mapping/account-inbound-mapping.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> -CN=Pavol Rufus/O=SEPSAS/C=SK pavolr - + diff --git a/model/model-common/src/test/resources/mapping/account-jack.xml b/model/model-common/src/test/resources/mapping/account-jack.xml index dde29bcd9fc..b64b8d991a0 100644 --- a/model/model-common/src/test/resources/mapping/account-jack.xml +++ b/model/model-common/src/test/resources/mapping/account-jack.xml @@ -1,6 +1,6 @@ -rum smell - + diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensProjectionContext.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensProjectionContext.java index 2ca3b570396..77cb2b2afdf 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensProjectionContext.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensProjectionContext.java @@ -204,7 +204,7 @@ public class LensProjectionContext extends LensElementContext implem private transient Collection auxiliaryObjectClassDefinitions; private transient CompositeRefinedObjectClassDefinition compositeObjectClassDefinition; - private ValuePolicyType accountPasswordPolicy; + private SecurityPolicyType projectionSecurityPolicy; /** * Resource that hosts this projection. @@ -736,9 +736,13 @@ public Collection getDependencies() { } return dependencies; } + + public SecurityPolicyType getProjectionSecurityPolicy() { + return projectionSecurityPolicy; + } - public ValuePolicyType getAccountPasswordPolicy() { - return accountPasswordPolicy; + public void setProjectionSecurityPolicy(SecurityPolicyType projectionSecurityPolicy) { + this.projectionSecurityPolicy = projectionSecurityPolicy; } public void setCanProject(boolean canProject) { @@ -749,10 +753,6 @@ public boolean isCanProject() { return canProject; } - public void setAccountPasswordPolicy(ValuePolicyType accountPasswordPolicy) { - this.accountPasswordPolicy = accountPasswordPolicy; - } - public AssignmentPolicyEnforcementType getAssignmentPolicyEnforcementType() throws SchemaException { // TODO: per-resource assignment enforcement ResourceType resource = getResource(); @@ -1425,8 +1425,10 @@ void addToPrismContainer(PrismContainer lensProjectio lensProjectionContextType.setIsActive(isActive); lensProjectionContextType.setIsLegal(isLegal); lensProjectionContextType.setIsLegalOld(isLegalOld); - if (exportType != LensContext.ExportType.REDUCED) { - lensProjectionContextType.setAccountPasswordPolicy(CloneUtil.clone(accountPasswordPolicy)); + if (exportType != LensContext.ExportType.REDUCED && projectionSecurityPolicy != null) { + ObjectReferenceType secRef = new ObjectReferenceType(); + secRef.asReferenceValue().setObject(projectionSecurityPolicy.asPrismObject()); + lensProjectionContextType.setProjectionSecurityPolicyRef(secRef); } lensProjectionContextType.setSyncAbsoluteTrigger(syncAbsoluteTrigger); } @@ -1467,7 +1469,10 @@ public static LensProjectionContext fromLensProjectionContextType(LensProjection projectionContext.doReconciliation = projectionContextType.isDoReconciliation() != null ? projectionContextType.isDoReconciliation() : false; projectionContext.synchronizationSituationDetected = projectionContextType.getSynchronizationSituationDetected(); projectionContext.synchronizationSituationResolved = projectionContextType.getSynchronizationSituationResolved(); - projectionContext.accountPasswordPolicy = projectionContextType.getAccountPasswordPolicy(); + ObjectReferenceType projectionSecurityPolicyRef = projectionContextType.getProjectionSecurityPolicyRef(); + if (projectionSecurityPolicyRef != null) { + projectionContext.projectionSecurityPolicy = (SecurityPolicyType) projectionSecurityPolicyRef.getObjectable(); + } projectionContext.syncAbsoluteTrigger = projectionContextType.isSyncAbsoluteTrigger(); return projectionContext; diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ContextLoader.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ContextLoader.java index 38efb63057c..296c772cf3d 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ContextLoader.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ContextLoader.java @@ -1337,23 +1337,9 @@ private void finishLoadOfProjectionContext(LensContext //Determine refined schema and password policies for account type RefinedObjectClassDefinition structuralObjectClassDef = projContext.getStructuralObjectClassDefinition(); if (structuralObjectClassDef != null) { - LOGGER.trace("Finishing loading of projection context: password policy"); - ObjectReferenceType passwordPolicyRef = structuralObjectClassDef.getPasswordPolicy(); - if (passwordPolicyRef != null && passwordPolicyRef.getOid() != null) { - LOGGER.trace("Loading password policy {} for projection context: {}", passwordPolicyRef, projContext); - PrismObject passwordPolicy = cacheRepositoryService.getObject( - ValuePolicyType.class, passwordPolicyRef.getOid(), null, result); - if (passwordPolicy != null) { - LOGGER.trace("Found password policy: {}", passwordPolicy); - projContext.setAccountPasswordPolicy(passwordPolicy.asObjectable()); - } else { - LOGGER.trace("No password policy found for projection context"); - } - } else { - LOGGER.trace("Password policy not defined for the projection context."); - } + loadProjectionSecurityPolicy(context, projContext, task, result); } else { - LOGGER.trace("No structural object class definition, skipping determining password policy"); + LOGGER.trace("No structural object class definition, skipping determining security policy"); } //set limitation, e.g. if this projection context should be recomputed and processed by projector @@ -1368,6 +1354,51 @@ private void finishLoadOfProjectionContext(LensContext setPrimaryDeltaOldValue(projContext); } + private void loadProjectionSecurityPolicy(LensContext context, + LensProjectionContext projContext, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException { + LOGGER.trace("Finishing loading of projection context: security policy"); + ObjectReferenceType securityPolicyRef = projContext.getStructuralObjectClassDefinition().getSecurityPolicyRef(); + if (securityPolicyRef == null || securityPolicyRef.getOid() == null) { + LOGGER.trace("Security policy not defined for the projection context."); + loadProjectionLegacyPasswordPolicy(context, projContext, task, result); + return; + } + LOGGER.trace("Loading security policy {} for projection context: {}", securityPolicyRef, projContext); + PrismObject securityPolicy = cacheRepositoryService.getObject(SecurityPolicyType.class, securityPolicyRef.getOid(), null, result); + if (securityPolicy == null) { + LOGGER.debug("Security policy {} defined for the projection does not exist", securityPolicyRef); + return; + } + LOGGER.trace("Found legacy password policy: {}", securityPolicy); + projContext.setProjectionSecurityPolicy(securityPolicy.asObjectable()); + } + + + private void loadProjectionLegacyPasswordPolicy(LensContext context, + LensProjectionContext projContext, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException { + ObjectReferenceType passwordPolicyRef = projContext.getStructuralObjectClassDefinition().getPasswordPolicy(); + if (passwordPolicyRef == null || passwordPolicyRef.getOid() == null) { + LOGGER.trace("Legacy password policy not defined for the projection context."); + return; + } + LOGGER.trace("Loading legacy password policy {} for projection context: {}", passwordPolicyRef, projContext); + PrismObject passwordPolicy = cacheRepositoryService.getObject( + ValuePolicyType.class, passwordPolicyRef.getOid(), null, result); + if (passwordPolicy == null) { + LOGGER.debug("Legacy password policy {} defined for the projection does not exist", passwordPolicyRef); + return; + } + ObjectReferenceType dummyPasswordPolicyRef = new ObjectReferenceType(); + dummyPasswordPolicyRef.asReferenceValue().setObject(passwordPolicy); + PrismObject securityPolicy = prismContext.createObject(SecurityPolicyType.class); + securityPolicy.asObjectable() + .beginCredentials() + .beginPassword() + .valuePolicyRef(dummyPasswordPolicyRef); + projContext.setProjectionSecurityPolicy(securityPolicy.asObjectable()); + } + + private boolean needToReload(LensContext context, LensProjectionContext projContext) { ResourceShadowDiscriminator discr = projContext.getResourceShadowDiscriminator(); diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/credentials/ProjectionCredentialsProcessor.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/credentials/ProjectionCredentialsProcessor.java index cd313a3b08d..00f8a63f84d 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/credentials/ProjectionCredentialsProcessor.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/credentials/ProjectionCredentialsProcessor.java @@ -32,6 +32,7 @@ import com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition; import com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision; import com.evolveum.midpoint.model.common.mapping.MappingFactory; +import com.evolveum.midpoint.model.common.stringpolicy.ObjectValuePolicyEvaluator; import com.evolveum.midpoint.model.common.stringpolicy.ShadowValuePolicyOriginResolver; import com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyProcessor; import com.evolveum.midpoint.model.impl.ModelObjectResolver; @@ -70,6 +71,7 @@ import com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType; import com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType; import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType; +import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType; import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType; import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType; import com.evolveum.midpoint.xml.ns._public.common.common_3.VariableBindingDefinitionType; @@ -119,17 +121,17 @@ private void processProjectionCredentialsFocus(LensContext OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException { - ValuePolicyType passwordPolicy = determinePasswordPolicy(context, projectionContext, now, task, result); + SecurityPolicyType securityPolicy = determineSecurityPolicy(context, projectionContext, now, task, result); - processProjectionPasswordMapping(context, projectionContext, passwordPolicy, now, task, result); + processProjectionPasswordMapping(context, projectionContext, securityPolicy, now, task, result); - validateProjectionPassword(context, projectionContext, passwordPolicy, now, task, result); + validateProjectionPassword(context, projectionContext, securityPolicy, now, task, result); applyMetadata(context, projectionContext, now, task, result); } private void processProjectionPasswordMapping(LensContext context, - final LensProjectionContext projCtx, final ValuePolicyType passwordPolicy, XMLGregorianCalendar now, Task task, OperationResult result) + final LensProjectionContext projCtx, final SecurityPolicyType securityPolicy, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException { LensFocusContext focusContext = context.getFocusContext(); @@ -188,7 +190,7 @@ public void setOutputDefinition(ItemDefinition outputDefinition) { } @Override public ValuePolicyType resolve() { - return passwordPolicy; + return SecurityUtil.getPasswordPolicy(securityPolicy); } }; @@ -327,11 +329,11 @@ private boolean getEvaluateWeak(LensProjectionContext projCtx) { } private void validateProjectionPassword(LensContext context, - final LensProjectionContext projectionContext, final ValuePolicyType passwordPolicy, XMLGregorianCalendar now, Task task, OperationResult result) + final LensProjectionContext projectionContext, final SecurityPolicyType securityPolicy, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException { - if (passwordPolicy == null) { - LOGGER.trace("Skipping processing password policies. Password policy not specified."); + if (securityPolicy == null) { + LOGGER.trace("Skipping processing password policies. Security policy not specified."); return; } @@ -374,16 +376,29 @@ private void validateProjectionPassword(LensContext con } String passwordValue = determinePasswordValue(password); - - boolean isValid = valuePolicyProcessor.validateValue(passwordValue, passwordPolicy, getOriginResolver(accountShadow), "projection password policy", task, result); - - if (!isValid) { + + ObjectValuePolicyEvaluator objectValuePolicyEvaluator = new ObjectValuePolicyEvaluator(prismContext); + objectValuePolicyEvaluator.setNow(now); + objectValuePolicyEvaluator.setOriginResolver(getOriginResolver(accountShadow)); + objectValuePolicyEvaluator.setProtector(protector); + objectValuePolicyEvaluator.setSecurityPolicy(securityPolicy); + objectValuePolicyEvaluator.setShortDesc("password for " + accountShadow); + objectValuePolicyEvaluator.setTask(task); + objectValuePolicyEvaluator.setValueItemPath(SchemaConstants.PATH_PASSWORD_VALUE); + objectValuePolicyEvaluator.setValuePolicyProcessor(valuePolicyProcessor); + + OperationResult validationResult = objectValuePolicyEvaluator.validateStringValue(passwordValue); + +// boolean isValid = valuePolicyProcessor.validateValue(passwordValue, securityPolicy, getOriginResolver(accountShadow), "projection password policy", task, result); + + if (!validationResult.isSuccess()) { + LOGGER.debug("Password for projection {} is not valid (policy={}): {}", projectionContext.getHumanReadableName(), securityPolicy, validationResult.getUserFriendlyMessage()); result.computeStatus(); throw new PolicyViolationException( new LocalizableMessageBuilder() .key("PolicyViolationException.message.projectionPassword") .arg(projectionContext.getHumanReadableName()) - .arg(result.getUserFriendlyMessage()) + .arg(validationResult.getUserFriendlyMessage()) .build()); } } @@ -436,13 +451,13 @@ private void applyMetadata(LensContext context, } - private ValuePolicyType determinePasswordPolicy(LensContext context, + private SecurityPolicyType determineSecurityPolicy(LensContext context, final LensProjectionContext projCtx, XMLGregorianCalendar now, Task task, OperationResult result) { - ValuePolicyType passwordPolicy = projCtx.getAccountPasswordPolicy(); - if (passwordPolicy != null) { - return passwordPolicy; + SecurityPolicyType securityPolicy = projCtx.getProjectionSecurityPolicy(); + if (securityPolicy != null) { + return securityPolicy; } - return SecurityUtil.getPasswordPolicy(context.getGlobalSecurityPolicy()); + return context.getGlobalSecurityPolicy(); } // On missing password this returns empty string (""). It is then up to password policy whether it allows empty passwords or not. diff --git a/model/model-impl/src/main/resources/ctx-model.xml b/model/model-impl/src/main/resources/ctx-model.xml index 87cb8528888..f7430b84269 100644 --- a/model/model-impl/src/main/resources/ctx-model.xml +++ b/model/model-impl/src/main/resources/ctx-model.xml @@ -1,7 +1,7 @@ -elaine elaine - + diff --git a/model/model-impl/src/test/resources/common/account-guybrush-dummy.xml b/model/model-impl/src/test/resources/common/account-guybrush-dummy.xml index b70d3ddd256..498b13ee9f5 100644 --- a/model/model-impl/src/test/resources/common/account-guybrush-dummy.xml +++ b/model/model-impl/src/test/resources/common/account-guybrush-dummy.xml @@ -1,6 +1,6 @@ -Guybrush Threepwood The Sea Monkey - + diff --git a/model/model-impl/src/test/resources/common/account-hbarbossa-dummy.xml b/model/model-impl/src/test/resources/common/account-hbarbossa-dummy.xml index fefed1d110d..148b37a3bd8 100644 --- a/model/model-impl/src/test/resources/common/account-hbarbossa-dummy.xml +++ b/model/model-impl/src/test/resources/common/account-hbarbossa-dummy.xml @@ -1,6 +1,6 @@ - hbarbossa - + diff --git a/model/model-impl/src/test/resources/common/account-herman-dummy.xml b/model/model-impl/src/test/resources/common/account-herman-dummy.xml index 2e34d3e080a..e36dc73b4b0 100644 --- a/model/model-impl/src/test/resources/common/account-herman-dummy.xml +++ b/model/model-impl/src/test/resources/common/account-herman-dummy.xml @@ -1,6 +1,6 @@ -Herman Toothrot Monkey Island - + diff --git a/model/model-impl/src/test/resources/common/account-herman-opendj.xml b/model/model-impl/src/test/resources/common/account-herman-opendj.xml index f178ebab481..d5421f67405 100644 --- a/model/model-impl/src/test/resources/common/account-herman-opendj.xml +++ b/model/model-impl/src/test/resources/common/account-herman-opendj.xml @@ -1,6 +1,6 @@ -Toothrot Monkey Island - + diff --git a/model/model-impl/src/test/resources/common/account-shadow-guybrush-dummy.xml b/model/model-impl/src/test/resources/common/account-shadow-guybrush-dummy.xml index c2afec3254e..9b103d395d5 100644 --- a/model/model-impl/src/test/resources/common/account-shadow-guybrush-dummy.xml +++ b/model/model-impl/src/test/resources/common/account-shadow-guybrush-dummy.xml @@ -1,6 +1,6 @@ -guybrush guybrush - + diff --git a/model/model-impl/src/test/resources/common/account-shadow-jack-dummy.xml b/model/model-impl/src/test/resources/common/account-shadow-jack-dummy.xml index 61d0b62fde1..ba063428c48 100644 --- a/model/model-impl/src/test/resources/common/account-shadow-jack-dummy.xml +++ b/model/model-impl/src/test/resources/common/account-shadow-jack-dummy.xml @@ -1,6 +1,6 @@ -jack jack - + diff --git a/model/model-impl/src/test/resources/common/resource-dummy-dependency-filter.xml b/model/model-impl/src/test/resources/common/resource-dummy-dependency-filter.xml index d5e9b7972e3..ee7c656c400 100644 --- a/model/model-impl/src/test/resources/common/resource-dummy-dependency-filter.xml +++ b/model/model-impl/src/test/resources/common/resource-dummy-dependency-filter.xml @@ -216,11 +216,21 @@ - daviejones - - - calypso - + + + attributes/name + daviejones + + + + + + + attributes/name + calypso + + + diff --git a/model/model-impl/src/test/resources/common/resource-dummy-deprecated.xml b/model/model-impl/src/test/resources/common/resource-dummy-deprecated.xml index 7cd00073386..7edef01a903 100644 --- a/model/model-impl/src/test/resources/common/resource-dummy-deprecated.xml +++ b/model/model-impl/src/test/resources/common/resource-dummy-deprecated.xml @@ -219,11 +219,21 @@ - daviejones - - - calypso - + + + attributes/name + daviejones + + + + + + + attributes/name + calypso + + + diff --git a/model/model-impl/src/test/resources/common/resource-dummy.xml b/model/model-impl/src/test/resources/common/resource-dummy.xml index d958cadc8c3..2486260626e 100644 --- a/model/model-impl/src/test/resources/common/resource-dummy.xml +++ b/model/model-impl/src/test/resources/common/resource-dummy.xml @@ -216,11 +216,21 @@ - daviejones - - - calypso - + + + attributes/name + daviejones + + + + + + + attributes/name + calypso + + + diff --git a/model/model-impl/src/test/resources/expr/account.xml b/model/model-impl/src/test/resources/expr/account.xml index 853efb5d069..f902d59a8e9 100644 --- a/model/model-impl/src/test/resources/expr/account.xml +++ b/model/model-impl/src/test/resources/expr/account.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> -Caribbean hbarbossa - + diff --git a/model/model-impl/src/test/resources/lens/account-before-script.xml b/model/model-impl/src/test/resources/lens/account-before-script.xml index 55cbee809e2..8d3b688ef71 100644 --- a/model/model-impl/src/test/resources/lens/account-before-script.xml +++ b/model/model-impl/src/test/resources/lens/account-before-script.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> - enabled - + diff --git a/model/model-impl/src/test/resources/lens/dependencies/account-elaine-template.xml b/model/model-impl/src/test/resources/lens/dependencies/account-elaine-template.xml index 03c269861bb..476dcbf028f 100644 --- a/model/model-impl/src/test/resources/lens/dependencies/account-elaine-template.xml +++ b/model/model-impl/src/test/resources/lens/dependencies/account-elaine-template.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> -elaine Elaine Marley - + diff --git a/model/model-impl/src/test/resources/sync/resource-dummy-limited.xml b/model/model-impl/src/test/resources/sync/resource-dummy-limited.xml index 9d9d29e5724..e8f617234d6 100644 --- a/model/model-impl/src/test/resources/sync/resource-dummy-limited.xml +++ b/model/model-impl/src/test/resources/sync/resource-dummy-limited.xml @@ -217,11 +217,21 @@ - daviejones - - - calypso - + + + attributes/name + daviejones + + + + + + + attributes/name + calypso + + + diff --git a/model/model-impl/src/test/resources/sync/shadow-pirates-dummy.xml b/model/model-impl/src/test/resources/sync/shadow-pirates-dummy.xml index d3c8ea038f0..154f0347c0f 100644 --- a/model/model-impl/src/test/resources/sync/shadow-pirates-dummy.xml +++ b/model/model-impl/src/test/resources/sync/shadow-pirates-dummy.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> -pirates pirates - + diff --git a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestModelServiceContractDeprecated.java b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestModelServiceContractDeprecated.java deleted file mode 100644 index af63d8a4198..00000000000 --- a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestModelServiceContractDeprecated.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2010-2013 Evolveum - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.evolveum.midpoint.model.intest; - -import java.io.File; - -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.annotation.DirtiesContext.ClassMode; -import org.springframework.test.context.ContextConfiguration; - -/** - * @author semancik - * - */ -@ContextConfiguration(locations = {"classpath:ctx-model-intest-test-main.xml"}) -@DirtiesContext(classMode = ClassMode.AFTER_CLASS) -public class TestModelServiceContractDeprecated extends TestModelServiceContract { - - @Override - protected File getResourceDummyFile() { - return RESOURCE_DUMMY_DEPRECATED_FILE; - } - - @Override - protected File getResourceDummyBlueFile() { - return RESOURCE_DUMMY_BLUE_DEPRECATED_FILE; - } - - @Override - protected File getResourceDummyGreenFile() { - return RESOURCE_DUMMY_GREEN_DEPRECATED_FILE; - } -} diff --git a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/password/AbstractPasswordTest.java b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/password/AbstractPasswordTest.java index 096715204a4..4079583803f 100644 --- a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/password/AbstractPasswordTest.java +++ b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/password/AbstractPasswordTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2018 Evolveum + * Copyright (c) 2010-2019 Evolveum * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -116,6 +116,9 @@ public abstract class AbstractPasswordTest extends AbstractInitializedModelInteg protected static final File SECURITY_POLICY_PASSWORD_STORAGE_NONE_FILE = new File(TEST_DIR, "security-policy-password-storage-none.xml"); protected static final String SECURITY_POLICY_PASSWORD_STORAGE_NONE_OID = "2997a20a-0423-11e7-af65-a7ab7d19442c"; + + protected static final File SECURITY_POLICY_GOVERNOR_FILE = new File(TEST_DIR, "security-policy-governor.xml"); + protected static final String SECURITY_POLICY_GOVERNOR_OID = "12344321-0000-0000-0055-000000000003"; protected static final String USER_JACK_EMPLOYEE_NUMBER_NEW_BAD = "No1"; protected static final String USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD = "pir321"; @@ -193,20 +196,41 @@ public void test010AddPasswordPolicy() throws Exception { // GIVEN Task task = createTask(TEST_NAME); OperationResult result = task.getResult(); - assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE); // WHEN PrismObject passwordPolicy = addObject(PASSWORD_POLICY_GLOBAL_FILE, task, result); // THEN - result.computeStatus(); - TestUtil.assertSuccess(result); + assertSuccess(result); assertEquals("Wrong OID after add", PASSWORD_POLICY_GLOBAL_OID, passwordPolicy.getOid()); // Check object PrismObject valuePolicy = repositoryService.getObject(ValuePolicyType.class, PASSWORD_POLICY_GLOBAL_OID, null, result); + // TODO: more asserts + } + + @Test + public void test012AddSecurityPolicy() throws Exception { + final String TEST_NAME = "test012AddSecurityPolicy"; + displayTestTitle(TEST_NAME); + + // GIVEN + Task task = createTask(TEST_NAME); + OperationResult result = task.getResult(); + + // WHEN + PrismObject securityPolicy = addObject(SECURITY_POLICY_GOVERNOR_FILE, task, result); + + // THEN + assertSuccess(result); + + assertEquals("Wrong OID after add", SECURITY_POLICY_GOVERNOR_OID, securityPolicy.getOid()); + + // Check object + PrismObject securityPolicyAfter = repositoryService.getObject(SecurityPolicyType.class, SECURITY_POLICY_GOVERNOR_OID, null, result); + // TODO: more asserts } @@ -312,11 +336,11 @@ public void test070AddUserHerman() throws Exception { XMLGregorianCalendar startCal = clock.currentTimeXMLGregorianCalendar(); // WHEN - TestUtil.displayWhen(TEST_NAME); + displayWhen(TEST_NAME); addObject(USER_HERMAN_FILE, task, result); // THEN - TestUtil.displayThen(TEST_NAME); + displayThen(TEST_NAME); result.computeStatus(); TestUtil.assertSuccess("executeChanges result", result); @@ -1473,13 +1497,13 @@ public void test300TwoParentOrgRefs() throws Exception { assertEquals("Wrong # of parentOrgRefs", 2, jack.getParentOrgRef().size()); ObjectDelta orgDelta = prismContext.deltaFor(OrgType.class) - .item(OrgType.F_PASSWORD_POLICY_REF).replace(itemFactory().createReferenceValue(PASSWORD_POLICY_GLOBAL_OID)) + .item(OrgType.F_SECURITY_POLICY_REF).replace(itemFactory().createReferenceValue(SECURITY_POLICY_GOVERNOR_OID)) .asObjectDelta(ORG_GOVERNOR_OFFICE_OID); executeChanges(orgDelta, null, task, result); OrgType govOffice = getObject(OrgType.class, ORG_GOVERNOR_OFFICE_OID).asObjectable(); display("governor's office", govOffice); - assertEquals("Wrong OID of password policy ref", PASSWORD_POLICY_GLOBAL_OID, govOffice.getPasswordPolicyRef().getOid()); + assertEquals("Wrong OID of security policy ref", SECURITY_POLICY_GOVERNOR_OID, govOffice.getSecurityPolicyRef().getOid()); try { // WHEN @@ -1584,11 +1608,11 @@ public void test312ChangeUserPassword() throws Exception { prepareTest(); // WHEN - TestUtil.displayWhen(TEST_NAME); + displayWhen(TEST_NAME); modifyUserChangePassword(USER_JACK_OID, USER_PASSWORD_VALID_2, task, result); // THEN - TestUtil.displayThen(TEST_NAME); + displayThen(TEST_NAME); result.computeStatus(); TestUtil.assertSuccess(result); @@ -1649,7 +1673,7 @@ public void test314RemovePasswordFail() throws Exception { try { // WHEN+THEN - TestUtil.displayWhen(TEST_NAME); + displayWhen(TEST_NAME); try { modifyUserReplace(USER_JACK_OID, PASSWORD_VALUE_PATH, task, result /*, no value */); fail("unexpected success"); @@ -1684,13 +1708,12 @@ public void test315RemovePassword() throws Exception { prepareTest(); // WHEN - TestUtil.displayWhen(TEST_NAME); + displayWhen(TEST_NAME); modifyUserReplace(USER_JACK_OID, PASSWORD_VALUE_PATH, task, result /*, no value */); // THEN - TestUtil.displayThen(TEST_NAME); - result.computeStatus(); - TestUtil.assertSuccess(result); + displayThen(TEST_NAME); + assertSuccess(result); PrismObject userAfter = getUser(USER_JACK_OID); display("User after change execution", userAfter); @@ -1733,11 +1756,11 @@ public void test316UserRecompute() throws Exception { prepareTest(); // WHEN - TestUtil.displayWhen(TEST_NAME); + displayWhen(TEST_NAME); recomputeUser(USER_JACK_OID, task, result); // THEN - TestUtil.displayThen(TEST_NAME); + displayThen(TEST_NAME); result.computeStatus(); TestUtil.assertSuccess(result); @@ -1836,11 +1859,11 @@ public void test320ChangeEmployeeNumber() throws Exception { prepareTest(); // WHEN - TestUtil.displayWhen(TEST_NAME); + displayWhen(TEST_NAME); modifyUserReplace(USER_JACK_OID, UserType.F_EMPLOYEE_NUMBER, task, result, "emp0000"); // THEN - TestUtil.displayThen(TEST_NAME); + displayThen(TEST_NAME); result.computeStatus(); TestUtil.assertSuccess(result); @@ -1870,11 +1893,11 @@ public void test330RemoveEmployeeNumber() throws Exception { prepareTest(); // WHEN - TestUtil.displayWhen(TEST_NAME); + displayWhen(TEST_NAME); modifyUserReplace(USER_JACK_OID, UserType.F_EMPLOYEE_NUMBER, task, result); // THEN - TestUtil.displayThen(TEST_NAME); + displayThen(TEST_NAME); result.computeStatus(); TestUtil.assertSuccess(result); @@ -2414,11 +2437,11 @@ public void test400AddUserRappWithAssignment() throws Exception { display("User before", userBefore); // WHEN - TestUtil.displayWhen(TEST_NAME); + displayWhen(TEST_NAME); addObject(userBefore, task, result); // THEN - TestUtil.displayThen(TEST_NAME); + displayThen(TEST_NAME); result.computeStatus(); TestUtil.assertSuccess(result); @@ -2696,11 +2719,11 @@ public void test405UserRappRecompute() throws Exception { display("User before", userBefore); // WHEN - TestUtil.displayWhen(TEST_NAME); + displayWhen(TEST_NAME); recomputeUser(USER_RAPP_OID, task, result); // THEN - TestUtil.displayThen(TEST_NAME); + displayThen(TEST_NAME); result.computeStatus(); TestUtil.assertSuccess(result); @@ -2760,11 +2783,11 @@ public void test410AssignRappDummyLifecycle() throws Exception { display("User before", userBefore); // WHEN - TestUtil.displayWhen(TEST_NAME); + displayWhen(TEST_NAME); assignAccountToUser(USER_RAPP_OID, RESOURCE_DUMMY_LIFECYCLE_OID, null, task, result); // THEN - TestUtil.displayThen(TEST_NAME); + displayThen(TEST_NAME); result.computeStatus(); TestUtil.assertSuccess(result); @@ -2816,11 +2839,11 @@ public void test412InitializeRappDummyLifecycle() throws Exception { shadowDelta.addModificationReplaceProperty(ObjectType.F_LIFECYCLE_STATE, SchemaConstants.LIFECYCLE_ACTIVE); // WHEN - TestUtil.displayWhen(TEST_NAME); + displayWhen(TEST_NAME); executeChanges(shadowDelta, null, task, result); // THEN - TestUtil.displayThen(TEST_NAME); + displayThen(TEST_NAME); result.computeStatus(); TestUtil.assertSuccess(result); @@ -3969,7 +3992,7 @@ public void test910AddUserWithNoPasswordFail() throws Exception { try { // WHEN+THEN - TestUtil.displayWhen(TEST_NAME); + displayWhen(TEST_NAME); try { UserType user = new UserType(prismContext).name("passwordless"); addObject(user.asPrismObject(), task, result); diff --git a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/password/TestPasswordDeprecated.java b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/password/TestPasswordDeprecated.java deleted file mode 100644 index 3f9dc610b91..00000000000 --- a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/password/TestPasswordDeprecated.java +++ /dev/null @@ -1,348 +0,0 @@ -/* - * Copyright (c) 2010-2017 Evolveum - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.evolveum.midpoint.model.intest.password; - -import java.io.File; - -import javax.xml.datatype.XMLGregorianCalendar; - -import com.evolveum.midpoint.xml.ns._public.common.common_3.*; - -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.annotation.DirtiesContext.ClassMode; -import org.springframework.test.context.ContextConfiguration; -import org.testng.AssertJUnit; -import org.testng.annotations.Test; - -import com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest; -import com.evolveum.midpoint.prism.PrismObject; -import com.evolveum.midpoint.prism.PrismReferenceValue; -import com.evolveum.midpoint.schema.result.OperationResult; -import com.evolveum.midpoint.task.api.Task; -import com.evolveum.midpoint.test.util.TestUtil; -import com.evolveum.midpoint.util.exception.PolicyViolationException; - -/** - * Sketchy tests for deprecated password policy settings. - * Modified subset of AbstractPasswordTest. Just makes sure that the - * password policy configured in a deprecated way is applied and that it - * roughly works. It is not meant to be comprehensive. - * - * @author semancik - */ -@ContextConfiguration(locations = {"classpath:ctx-model-intest-test-main.xml"}) -@DirtiesContext(classMode = ClassMode.AFTER_CLASS) -public class TestPasswordDeprecated extends AbstractInitializedModelIntegrationTest { - - protected static final String USER_PASSWORD_0_CLEAR = "d3adM3nT3llN0Tal3s"; - protected static final String USER_PASSWORD_JACK_CLEAR = "12jAcK34"; // contains username - protected static final String USER_PASSWORD_SPARROW_CLEAR = "saRRow123"; // contains familyName - protected static final String USER_PASSWORD_VALID_1 = "abcd123"; - protected static final String USER_PASSWORD_VALID_2 = "abcd223"; - protected static final String USER_PASSWORD_VALID_3 = "abcd323"; - protected static final String USER_PASSWORD_VALID_4 = "abcd423"; - - protected static final File TEST_DIR = AbstractPasswordTest.TEST_DIR; - - protected static final File PASSWORD_POLICY_DEPRECATED_FILE = new File(TEST_DIR, "password-policy-deprecated.xml"); - protected static final String PASSWORD_POLICY_DEPRECATED_OID = "44bb6516-0d61-11e7-af71-73b639b25b04"; - - protected String accountJackOid; - protected XMLGregorianCalendar lastPasswordChangeStart; - protected XMLGregorianCalendar lastPasswordChangeEnd; - - @Override - public void initSystem(Task initTask, OperationResult initResult) throws Exception { - super.initSystem(initTask, initResult); - - importObjectFromFile(PASSWORD_POLICY_DEPRECATED_FILE); - - setGlobalSecurityPolicy(null, initResult); - - login(USER_ADMINISTRATOR_USERNAME); - } - - @Test - public void test051ModifyUserJackPassword() throws Exception { - final String TEST_NAME = "test051ModifyUserJackPassword"; - TestUtil.displayTestTitle(this, TEST_NAME); - - // GIVEN - Task task = createTask(AbstractPasswordTest.class.getName() + "." + TEST_NAME); - OperationResult result = task.getResult(); - assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL); - - XMLGregorianCalendar startCal = clock.currentTimeXMLGregorianCalendar(); - - // WHEN - TestUtil.displayWhen(TEST_NAME); - modifyUserChangePassword(USER_JACK_OID, USER_PASSWORD_0_CLEAR, task, result); - - // THEN - TestUtil.displayThen(TEST_NAME); - result.computeStatus(); - TestUtil.assertSuccess("executeChanges result", result); - - XMLGregorianCalendar endCal = clock.currentTimeXMLGregorianCalendar(); - - PrismObject userJack = getUser(USER_JACK_OID); - display("User after change execution", userJack); - assertUserJack(userJack, "Jack Sparrow"); - - assertUserPassword(userJack, USER_PASSWORD_0_CLEAR); - assertPasswordMetadata(userJack, false, startCal, endCal); - // Password policy is not active yet. No history should be kept. - assertPasswordHistoryEntries(userJack); - } - - @Test - public void test100ModifyUserJackAssignAccount() throws Exception { - final String TEST_NAME = "test100ModifyUserJackAssignAccount"; - TestUtil.displayTestTitle(this, TEST_NAME); - - // GIVEN - Task task = taskManager.createTaskInstance(AbstractPasswordTest.class.getName() + "." + TEST_NAME); - OperationResult result = task.getResult(); - assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL); - - // WHEN - assignAccountToUser(USER_JACK_OID, RESOURCE_DUMMY_OID, null, task, result); - - // THEN - result.computeStatus(); - TestUtil.assertSuccess(result); - - PrismObject userJack = getUser(USER_JACK_OID); - display("User after change execution", userJack); - assertUserJack(userJack); - accountJackOid = getSingleLinkOid(userJack); - - // Check shadow - PrismObject accountShadow = repositoryService.getObject(ShadowType.class, accountJackOid, null, result); - assertDummyAccountShadowRepo(accountShadow, accountJackOid, "jack"); - - // Check account - PrismObject accountModel = modelService.getObject(ShadowType.class, accountJackOid, null, task, result); - assertDummyAccountShadowModel(accountModel, accountJackOid, "jack", "Jack Sparrow"); - - // Check account in dummy resource - assertDefaultDummyAccount(ACCOUNT_JACK_DUMMY_USERNAME, "Jack Sparrow", true); - assertDummyPassword(null, ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_0_CLEAR); - } - - @Test - public void test200ApplyPasswordPolicy() throws Exception { - final String TEST_NAME = "test200ApplyPasswordPolicy"; - TestUtil.displayTestTitle(this, TEST_NAME); - - // GIVEN - Task task = createTask(TEST_NAME); - OperationResult result = task.getResult(); - assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL); - - PrismReferenceValue passPolicyRef = itemFactory().createReferenceValue(PASSWORD_POLICY_DEPRECATED_OID, ValuePolicyType.COMPLEX_TYPE); - - // WHEN - modifyObjectReplaceReference(SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value(), - SystemConfigurationType.F_GLOBAL_PASSWORD_POLICY_REF, - task, result, passPolicyRef); - - // THEN - result.computeStatus(); - TestUtil.assertSuccess(result); - } - - - /** - * Change to password that complies with password policy. - */ - @Test - public void test210ModifyUserJackPasswordGood() throws Exception { - doTestModifyUserJackPasswordSuccessWithHistory("test210ModifyUserJackPasswordGood", - USER_PASSWORD_VALID_1, USER_PASSWORD_0_CLEAR); - } - - /** - * Reconcile user. Nothing should be changed. - * MID-3567 - */ - @Test - public void test212ReconcileUserJack() throws Exception { - final String TEST_NAME = "test212ReconcileUserJack"; - TestUtil.displayTestTitle(this, TEST_NAME); - - // GIVEN - Task task = createTask(TEST_NAME); - OperationResult result = task.getResult(); - - // WHEN - reconcileUser(USER_JACK_OID, task, result); - - // THEN - result.computeStatus(); - TestUtil.assertSuccess(result); - - assertJackPasswordsWithHistory(USER_PASSWORD_VALID_1, USER_PASSWORD_0_CLEAR); - } - - /** - * Recompute user. Nothing should be changed. - * MID-3567 - */ - @Test - public void test214RecomputeUserJack() throws Exception { - final String TEST_NAME = "test214RecomputeUserJack"; - TestUtil.displayTestTitle(this, TEST_NAME); - - // GIVEN - Task task = createTask(TEST_NAME); - OperationResult result = task.getResult(); - - // WHEN - recomputeUser(USER_JACK_OID, task, result); - - // THEN - result.computeStatus(); - TestUtil.assertSuccess(result); - - assertJackPasswordsWithHistory(USER_PASSWORD_VALID_1, USER_PASSWORD_0_CLEAR); - } - - /** - * Change to password that violates the password policy (but is still OK for yellow resource). - */ - @Test - public void test220ModifyUserJackPasswordBadA() throws Exception { - doTestModifyUserJackPasswordFailureWithHistory("test220ModifyUserJackPasswordBadA", - USER_PASSWORD_0_CLEAR, USER_PASSWORD_VALID_1, USER_PASSWORD_0_CLEAR); - } - - /** - * Change to password that violates the password policy (contains username) - * MID-1657 - */ - @Test - public void test224ModifyUserJackPasswordBadJack() throws Exception { - doTestModifyUserJackPasswordFailureWithHistory("test224ModifyUserJackPasswordBadJack", - USER_PASSWORD_JACK_CLEAR, USER_PASSWORD_VALID_1, USER_PASSWORD_0_CLEAR); - } - - /** - * Change to password that complies with password policy. Again. See that - * the change is applied correctly and that it is included in the history. - */ - @Test - public void test230ModifyUserJackPasswordGoodAgain() throws Exception { - doTestModifyUserJackPasswordSuccessWithHistory("test230ModifyUserJackPasswordGoodAgain", - USER_PASSWORD_VALID_2, USER_PASSWORD_0_CLEAR, USER_PASSWORD_VALID_1); - } - - /** - * Change to password that complies with password policy. Again. - * This time there are enough passwords in the history. So the history should - * be truncated. - */ - @Test - public void test240ModifyUserJackPasswordGoodAgainOverHistory() throws Exception { - doTestModifyUserJackPasswordSuccessWithHistory("test240ModifyUserJackPasswordGoodAgainOverHistory", - USER_PASSWORD_VALID_3, USER_PASSWORD_VALID_1, USER_PASSWORD_VALID_2); - } - - /** - * Change to password that complies with password policy. Again. - * This time there are enough passwords in the history. So the history should - * be truncated. - */ - @Test - public void test241ModifyUserJackPasswordGoodAgainOverHistoryAgain() throws Exception { - doTestModifyUserJackPasswordSuccessWithHistory("test241ModifyUserJackPasswordGoodAgainOverHistoryAgain", - USER_PASSWORD_VALID_4, USER_PASSWORD_VALID_2, USER_PASSWORD_VALID_3); - } - - /** - * Reuse old password. Now the password should be out of the history, so - * the system should allow its reuse. - */ - @Test - public void test248ModifyUserJackPasswordGoodReuse() throws Exception { - doTestModifyUserJackPasswordSuccessWithHistory("test248ModifyUserJackPasswordGoodReuse", - USER_PASSWORD_VALID_1, USER_PASSWORD_VALID_3, USER_PASSWORD_VALID_4); - } - - private void doTestModifyUserJackPasswordSuccessWithHistory(final String TEST_NAME, - String newPassword, String... expectedPasswordHistory) throws Exception { - TestUtil.displayTestTitle(this, TEST_NAME); - - // GIVEN - Task task = createTask(TEST_NAME); - OperationResult result = task.getResult(); - assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL); - - lastPasswordChangeStart = clock.currentTimeXMLGregorianCalendar(); - - // WHEN - modifyUserChangePassword(USER_JACK_OID, newPassword, task, result); - - // THEN - result.computeStatus(); - TestUtil.assertSuccess(result); - - lastPasswordChangeEnd = clock.currentTimeXMLGregorianCalendar(); - - assertJackPasswordsWithHistory(newPassword, expectedPasswordHistory); - } - - private void doTestModifyUserJackPasswordFailureWithHistory(final String TEST_NAME, - String newPassword, String oldPassword, String... expectedPasswordHistory) throws Exception { - TestUtil.displayTestTitle(this, TEST_NAME); - - // GIVEN - Task task = createTask(TEST_NAME); - OperationResult result = task.getResult(); - assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL); - - try { - // WHEN - modifyUserChangePassword(USER_JACK_OID, newPassword, task, result); - - AssertJUnit.fail("Unexpected success"); - - } catch (PolicyViolationException e) { - // This is expected - display("Exected exception", e); - } - - // THEN - result.computeStatus(); - TestUtil.assertFailure(result); - - assertJackPasswordsWithHistory(oldPassword, expectedPasswordHistory); - } - - private void assertJackPasswordsWithHistory(String expectedCurrentPassword, String... expectedPasswordHistory) throws Exception { - PrismObject userJack = getUser(USER_JACK_OID); - display("User after change execution", userJack); - assertLinks(userJack, 1); - - assertUserPassword(userJack, expectedCurrentPassword); - assertPasswordMetadata(userJack, false, lastPasswordChangeStart, lastPasswordChangeEnd); - - assertDummyPassword(null, ACCOUNT_JACK_DUMMY_USERNAME, expectedCurrentPassword); - - assertPasswordHistoryEntries(userJack, expectedPasswordHistory); - } - -} diff --git a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/scripting/TestScriptingBasic.java b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/scripting/TestScriptingBasic.java index d074d8895f8..f3b7cd2171d 100644 --- a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/scripting/TestScriptingBasic.java +++ b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/scripting/TestScriptingBasic.java @@ -974,7 +974,7 @@ public void test510GeneratePasswords() throws Exception { List> itemDeltas = prismContext.deltaFor(SecurityPolicyType.class) .item(SecurityPolicyType.F_CREDENTIALS, CredentialsPolicyType.F_PASSWORD, - PasswordCredentialsPolicyType.F_PASSWORD_POLICY_REF) + PasswordCredentialsPolicyType.F_VALUE_POLICY_REF) .add(itemFactory().createReferenceValue(PASSWORD_POLICY_GLOBAL_OID)) .asItemDeltas(); modifySystemObjectInRepo(SecurityPolicyType.class, SECURITY_POLICY_OID, itemDeltas, result); diff --git a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java index ec8e55c91d9..7e217f26adf 100644 --- a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java +++ b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java @@ -290,11 +290,11 @@ public abstract class AbstractSecurityTest extends AbstractInitializedModelInteg protected static final File ROLE_MANAGER_USER_ADMIN_FILE = new File(TEST_DIR, "role-manager-user-admin.xml"); protected static final String ROLE_MANAGER_USER_ADMIN_OID = "c545323c-5d68-11e7-acba-2b32ef514121"; - protected static final File ROLE_ROLE_OWNER_FULL_CONTROL_FILE = new File(TEST_DIR, "role-role-owner-full-control.xml"); - protected static final String ROLE_ROLE_OWNER_FULL_CONTROL_OID = "9c6e597e-dbd7-11e5-a538-97834c1cd5ba"; - - protected static final File ROLE_ROLE_OWNER_ASSIGN_FILE = new File(TEST_DIR, "role-role-owner-assign.xml"); - protected static final String ROLE_ROLE_OWNER_ASSIGN_OID = "91b9e546-ded6-11e5-9e87-171d047c57d1"; +// protected static final File ROLE_ROLE_OWNER_FULL_CONTROL_FILE = new File(TEST_DIR, "role-role-owner-full-control.xml"); +// protected static final String ROLE_ROLE_OWNER_FULL_CONTROL_OID = "9c6e597e-dbd7-11e5-a538-97834c1cd5ba"; +// +// protected static final File ROLE_ROLE_OWNER_ASSIGN_FILE = new File(TEST_DIR, "role-role-owner-assign.xml"); +// protected static final String ROLE_ROLE_OWNER_ASSIGN_OID = "91b9e546-ded6-11e5-9e87-171d047c57d1"; protected static final File ROLE_META_NONSENSE_FILE = new File(TEST_DIR, "role-meta-nonsense.xml"); protected static final String ROLE_META_NONSENSE_OID = "602f72b8-2a11-11e5-8dd9-001e8c717e5b"; @@ -396,7 +396,7 @@ public abstract class AbstractSecurityTest extends AbstractInitializedModelInteg protected static final XMLGregorianCalendar JACK_VALID_TO_LONG_AHEAD = XmlTypeConverter.createXMLGregorianCalendar(10000000000000L); protected static final int NUMBER_OF_ALL_USERS = 11; - protected static final int NUMBER_OF_IMPORTED_ROLES = 75; + protected static final int NUMBER_OF_IMPORTED_ROLES = 73; protected static final int NUMBER_OF_ALL_ORGS = 11; protected String userRumRogersOid; @@ -478,8 +478,8 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti repoAddObjectFromFile(ROLE_MODIFY_USER_FILE, initResult); repoAddObjectFromFile(ROLE_MANAGER_FULL_CONTROL_FILE, initResult); repoAddObjectFromFile(ROLE_MANAGER_USER_ADMIN_FILE, initResult); - repoAddObjectFromFile(ROLE_ROLE_OWNER_FULL_CONTROL_FILE, initResult); - repoAddObjectFromFile(ROLE_ROLE_OWNER_ASSIGN_FILE, initResult); +// repoAddObjectFromFile(ROLE_ROLE_OWNER_FULL_CONTROL_FILE, initResult); +// repoAddObjectFromFile(ROLE_ROLE_OWNER_ASSIGN_FILE, initResult); repoAddObjectFromFile(ROLE_SELF_TASK_OWNER_FILE, initResult); repoAddObjectFromFile(ROLE_PERSONA_MANAGEMENT_FILE, initResult); repoAddObjectFromFile(ROLE_END_USER_REQUESTABLE_ABSTRACTROLES_FILE, initResult); diff --git a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java index f1da1636714..80d84e9defa 100644 --- a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java +++ b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java @@ -3087,124 +3087,50 @@ public void test283AutzJackModifyAndEndUser() throws Exception { assertGlobalStateUntouched(); } - @Test - public void test290AutzJackRoleOwnerAssign() throws Exception { - final String TEST_NAME = "test290AutzJackRoleOwnerAssign"; - displayTestTitle(TEST_NAME); - // GIVEN - cleanupAutzTest(USER_JACK_OID); - assignRole(USER_JACK_OID, ROLE_ROLE_OWNER_ASSIGN_OID); - unassignAccountFromUser(USER_JACK_OID, RESOURCE_DUMMY_OID, null); - - PrismObject user = getUser(USER_JACK_OID); - assertAssignments(user, 1); - assertLinks(user, 0); - - assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE); - - login(USER_JACK_USERNAME); - - // WHEN - displayWhen(TEST_NAME); - - assertReadAllow(NUMBER_OF_ALL_USERS + 1); - assertAddDeny(); - assertModifyDeny(); - assertDeleteDeny(); - - user = getUser(USER_JACK_OID); - assertAssignments(user, 1); - assertAssignedRole(user, ROLE_ROLE_OWNER_ASSIGN_OID); - - assertAllow("assign application role 1 to jack", - (task,result) -> assignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result)); - - user = getUser(USER_JACK_OID); - assertAssignments(user, 2); - assertAssignedRole(user, ROLE_APPLICATION_1_OID); - - assertDeny("assign application role 2 to jack", - (task, result) -> assignRole(USER_JACK_OID, ROLE_APPLICATION_2_OID, task, result)); - - assertAllow("unassign application role 1 from jack", - (task,result) -> unassignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result)); - - user = getUser(USER_JACK_OID); - assertAssignments(user, 1); - - RoleSelectionSpecification spec = getAssignableRoleSpecification(getUser(USER_JACK_OID)); - assertRoleTypes(spec); - assertFilter(spec.getFilter(), TypeFilter.class); - assertEquals("Wrong type filter type", RoleType.COMPLEX_TYPE, ((TypeFilter)spec.getFilter()).getType()); - ObjectFilter subfilter = ((TypeFilter)spec.getFilter()).getFilter(); - assertFilter(subfilter, RefFilter.class); - assertEquals(1, ((RefFilter)subfilter).getValues().size()); - assertEquals("Wrong OID in ref filter", USER_JACK_OID, ((RefFilter)subfilter).getValues().get(0).getOid()); - - assertGlobalStateUntouched(); - } - - @Test - public void test292AutzJackRoleOwnerFullControl() throws Exception { - final String TEST_NAME = "test292AutzJackRoleOwnerFullControl"; - displayTestTitle(TEST_NAME); - // GIVEN - cleanupAutzTest(USER_JACK_OID); - assignRole(USER_JACK_OID, ROLE_ROLE_OWNER_FULL_CONTROL_OID); - - assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE); - - login(USER_JACK_USERNAME); - - // WHEN - displayWhen(TEST_NAME); - - assertGetAllow(UserType.class, USER_JACK_OID); - assertGetDeny(UserType.class, USER_GUYBRUSH_OID); - - assertSearch(UserType.class, null, 1); - assertSearch(UserType.class, createNameQuery(USER_JACK_USERNAME), 1); - assertSearch(UserType.class, createNameQuery(USER_GUYBRUSH_USERNAME), 0); - - assertAddDeny(); - assertModifyDeny(); - assertDeleteDeny(); - - assertSearch(RoleType.class, null, 2); - - // TODO - +// @Test +// public void test290AutzJackRoleOwnerAssign() throws Exception { +// final String TEST_NAME = "test290AutzJackRoleOwnerAssign"; +// displayTestTitle(TEST_NAME); +// // GIVEN +// cleanupAutzTest(USER_JACK_OID); +// assignRole(USER_JACK_OID, ROLE_ROLE_OWNER_ASSIGN_OID); +// unassignAccountFromUser(USER_JACK_OID, RESOURCE_DUMMY_OID, null); +// // PrismObject user = getUser(USER_JACK_OID); -// assertAssignments(user, 2); -// assertAssignedRole(user, ROLE_ROLE_OWNER_FULL_CONTROL_OID); +// assertAssignments(user, 1); +// assertLinks(user, 0); +// +// assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE); // -// assertAllow("assign application role 1 to jack", new Attempt() { -// @Override -// public void run(Task task, OperationResult result) throws Exception { -// assignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result); -// } -// }); +// login(USER_JACK_USERNAME); +// +// // WHEN +// displayWhen(TEST_NAME); +// +// assertReadAllow(NUMBER_OF_ALL_USERS + 1); +// assertAddDeny(); +// assertModifyDeny(); +// assertDeleteDeny(); +// +// user = getUser(USER_JACK_OID); +// assertAssignments(user, 1); +// assertAssignedRole(user, ROLE_ROLE_OWNER_ASSIGN_OID); +// +// assertAllow("assign application role 1 to jack", +// (task,result) -> assignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result)); // // user = getUser(USER_JACK_OID); -// assertAssignments(user, 3); +// assertAssignments(user, 2); // assertAssignedRole(user, ROLE_APPLICATION_1_OID); // -// assertDeny("assign application role 2 to jack", new Attempt() { -// @Override -// public void run(Task task, OperationResult result) throws Exception { -// assignRole(USER_JACK_OID, ROLE_APPLICATION_2_OID, task, result); -// } -// }); +// assertDeny("assign application role 2 to jack", +// (task, result) -> assignRole(USER_JACK_OID, ROLE_APPLICATION_2_OID, task, result)); // -// assertAllow("unassign application role 1 from jack", new Attempt() { -// @Override -// public void run(Task task, OperationResult result) throws Exception { -// unassignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result); -// } -// }); +// assertAllow("unassign application role 1 from jack", +// (task,result) -> unassignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result)); // // user = getUser(USER_JACK_OID); -// assertAssignments(user, 2); +// assertAssignments(user, 1); // // RoleSelectionSpecification spec = getAssignableRoleSpecification(getUser(USER_JACK_OID)); // assertRoleTypes(spec); @@ -3214,9 +3140,83 @@ public void test292AutzJackRoleOwnerFullControl() throws Exception { // assertFilter(subfilter, RefFilter.class); // assertEquals(1, ((RefFilter)subfilter).getValues().size()); // assertEquals("Wrong OID in ref filter", USER_JACK_OID, ((RefFilter)subfilter).getValues().get(0).getOid()); - - assertGlobalStateUntouched(); - } +// +// assertGlobalStateUntouched(); +// } +// +// @Test +// public void test292AutzJackRoleOwnerFullControl() throws Exception { +// final String TEST_NAME = "test292AutzJackRoleOwnerFullControl"; +// displayTestTitle(TEST_NAME); +// // GIVEN +// cleanupAutzTest(USER_JACK_OID); +// assignRole(USER_JACK_OID, ROLE_ROLE_OWNER_FULL_CONTROL_OID); +// +// assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE); +// +// login(USER_JACK_USERNAME); +// +// // WHEN +// displayWhen(TEST_NAME); +// +// assertGetAllow(UserType.class, USER_JACK_OID); +// assertGetDeny(UserType.class, USER_GUYBRUSH_OID); +// +// assertSearch(UserType.class, null, 1); +// assertSearch(UserType.class, createNameQuery(USER_JACK_USERNAME), 1); +// assertSearch(UserType.class, createNameQuery(USER_GUYBRUSH_USERNAME), 0); +// +// assertAddDeny(); +// assertModifyDeny(); +// assertDeleteDeny(); +// +// assertSearch(RoleType.class, null, 2); +// +// // TODO +// +//// PrismObject user = getUser(USER_JACK_OID); +//// assertAssignments(user, 2); +//// assertAssignedRole(user, ROLE_ROLE_OWNER_FULL_CONTROL_OID); +//// +//// assertAllow("assign application role 1 to jack", new Attempt() { +//// @Override +//// public void run(Task task, OperationResult result) throws Exception { +//// assignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result); +//// } +//// }); +//// +//// user = getUser(USER_JACK_OID); +//// assertAssignments(user, 3); +//// assertAssignedRole(user, ROLE_APPLICATION_1_OID); +//// +//// assertDeny("assign application role 2 to jack", new Attempt() { +//// @Override +//// public void run(Task task, OperationResult result) throws Exception { +//// assignRole(USER_JACK_OID, ROLE_APPLICATION_2_OID, task, result); +//// } +//// }); +//// +//// assertAllow("unassign application role 1 from jack", new Attempt() { +//// @Override +//// public void run(Task task, OperationResult result) throws Exception { +//// unassignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result); +//// } +//// }); +//// +//// user = getUser(USER_JACK_OID); +//// assertAssignments(user, 2); +//// +//// RoleSelectionSpecification spec = getAssignableRoleSpecification(getUser(USER_JACK_OID)); +//// assertRoleTypes(spec); +//// assertFilter(spec.getFilter(), TypeFilter.class); +//// assertEquals("Wrong type filter type", RoleType.COMPLEX_TYPE, ((TypeFilter)spec.getFilter()).getType()); +//// ObjectFilter subfilter = ((TypeFilter)spec.getFilter()).getFilter(); +//// assertFilter(subfilter, RefFilter.class); +//// assertEquals(1, ((RefFilter)subfilter).getValues().size()); +//// assertEquals("Wrong OID in ref filter", USER_JACK_OID, ((RefFilter)subfilter).getValues().get(0).getOid()); +// +// assertGlobalStateUntouched(); +// } @Test public void test295AutzJackAssignOrgRelation() throws Exception { diff --git a/model/model-intest/src/test/resources/common/account-elaine-dummy-blue.xml b/model/model-intest/src/test/resources/common/account-elaine-dummy-blue.xml index a8095f9acbe..5efffb79a78 100644 --- a/model/model-intest/src/test/resources/common/account-elaine-dummy-blue.xml +++ b/model/model-intest/src/test/resources/common/account-elaine-dummy-blue.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> -elaine elaine - + diff --git a/model/model-intest/src/test/resources/common/account-elaine-dummy-red.xml b/model/model-intest/src/test/resources/common/account-elaine-dummy-red.xml index 079588053fd..e11f870b499 100644 --- a/model/model-intest/src/test/resources/common/account-elaine-dummy-red.xml +++ b/model/model-intest/src/test/resources/common/account-elaine-dummy-red.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> -elaine elaine - + diff --git a/model/model-intest/src/test/resources/common/account-elaine-dummy.xml b/model/model-intest/src/test/resources/common/account-elaine-dummy.xml index 6bf277b3d99..28a2b3897bd 100644 --- a/model/model-intest/src/test/resources/common/account-elaine-dummy.xml +++ b/model/model-intest/src/test/resources/common/account-elaine-dummy.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> -elaine elaine - + diff --git a/model/model-intest/src/test/resources/common/account-guybrush-dummy-red.xml b/model/model-intest/src/test/resources/common/account-guybrush-dummy-red.xml index 1be14436dcb..effa798ca9a 100644 --- a/model/model-intest/src/test/resources/common/account-guybrush-dummy-red.xml +++ b/model/model-intest/src/test/resources/common/account-guybrush-dummy-red.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> -guybrush guybrush - + diff --git a/model/model-intest/src/test/resources/common/account-guybrush-dummy.xml b/model/model-intest/src/test/resources/common/account-guybrush-dummy.xml index 4ab3c15cb00..e8071911684 100644 --- a/model/model-intest/src/test/resources/common/account-guybrush-dummy.xml +++ b/model/model-intest/src/test/resources/common/account-guybrush-dummy.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> -Guybrush Threepwood The Sea Monkey - + diff --git a/model/model-intest/src/test/resources/common/account-herman-dummy.xml b/model/model-intest/src/test/resources/common/account-herman-dummy.xml index fabc0d5f3d4..98e4ed5b323 100644 --- a/model/model-intest/src/test/resources/common/account-herman-dummy.xml +++ b/model/model-intest/src/test/resources/common/account-herman-dummy.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> -Herman Toothrot Monkey Island - + diff --git a/model/model-intest/src/test/resources/common/account-jack-dummy-black.xml b/model/model-intest/src/test/resources/common/account-jack-dummy-black.xml index bd223ed4ef6..aaa977b94e1 100644 --- a/model/model-intest/src/test/resources/common/account-jack-dummy-black.xml +++ b/model/model-intest/src/test/resources/common/account-jack-dummy-black.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> - enabled - + diff --git a/model/model-intest/src/test/resources/common/account-jack-dummy-red.xml b/model/model-intest/src/test/resources/common/account-jack-dummy-red.xml index f67d231d60b..5a71bf36e80 100644 --- a/model/model-intest/src/test/resources/common/account-jack-dummy-red.xml +++ b/model/model-intest/src/test/resources/common/account-jack-dummy-red.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> - jack - + diff --git a/model/model-intest/src/test/resources/common/account-jack-dummy.xml b/model/model-intest/src/test/resources/common/account-jack-dummy.xml index 45d983d0f7f..47c15807c9c 100644 --- a/model/model-intest/src/test/resources/common/account-jack-dummy.xml +++ b/model/model-intest/src/test/resources/common/account-jack-dummy.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> - enabled - + diff --git a/model/model-intest/src/test/resources/common/account-shadow-guybrush-dummy.xml b/model/model-intest/src/test/resources/common/account-shadow-guybrush-dummy.xml index 9feed77f998..f2f196c0020 100644 --- a/model/model-intest/src/test/resources/common/account-shadow-guybrush-dummy.xml +++ b/model/model-intest/src/test/resources/common/account-shadow-guybrush-dummy.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> -guybrush guybrush - + diff --git a/model/model-intest/src/test/resources/common/account-shadow-jack-dummy.xml b/model/model-intest/src/test/resources/common/account-shadow-jack-dummy.xml index 6201e990662..179f8bf053b 100644 --- a/model/model-intest/src/test/resources/common/account-shadow-jack-dummy.xml +++ b/model/model-intest/src/test/resources/common/account-shadow-jack-dummy.xml @@ -15,7 +15,7 @@ ~ limitations under the License. --> -jack jack - + diff --git a/model/model-intest/src/test/resources/common/resource-dummy-black.xml b/model/model-intest/src/test/resources/common/resource-dummy-black.xml index cb8803e027f..6389621d72a 100644 --- a/model/model-intest/src/test/resources/common/resource-dummy-black.xml +++ b/model/model-intest/src/test/resources/common/resource-dummy-black.xml @@ -1,6 +1,6 @@ - - - - - - Dummy Resource Blue - - - - - connectorType - com.evolveum.icf.dummy.connector.DummyConnector - - - connectorVersion - 2.0 - - - - - - - - blue - true - incomplete - - - - - - - account - default - Default Account - true - ri:AccountObjectClass - - icfs:name - Username - - weak - - name - - - - - - - - $user/name - - - - - icfs:uid - UID - - - ri:fullname - Full Name - - weak - - $user/fullName - - - - weak - - $user/fullName - - - - - ri:ship - Ship - - weak - - $user/organizationalUnit - - - - - ri:location - Location - - weak - - - $user/locality - - - - - - ri:quote - Quote - true - - weak - - $user/description - - - - - 5 - - - - - weak - - - - - - - - weak - - - - - - - - weak - - - - - - - - - - weak - - - - - - - - - - - - true - - - c:name - - - - - - - linked - - - - deleted - - - - unlinked - - - - - - unmatched - http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#NoNsEnSe - - - - - - diff --git a/model/model-intest/src/test/resources/common/resource-dummy-caching.xml b/model/model-intest/src/test/resources/common/resource-dummy-caching.xml index bfdc133b38d..d1b3e6cb039 100644 --- a/model/model-intest/src/test/resources/common/resource-dummy-caching.xml +++ b/model/model-intest/src/test/resources/common/resource-dummy-caching.xml @@ -111,8 +111,8 @@ weak + true @@ -274,11 +274,21 @@ - daviejones - - - calypso - + + + attributes/name + daviejones + + + + + + + attributes/name + calypso + + + diff --git a/model/model-intest/src/test/resources/common/resource-dummy-deprecated.xml b/model/model-intest/src/test/resources/common/resource-dummy-deprecated.xml deleted file mode 100644 index 42bf090c1a5..00000000000 --- a/model/model-intest/src/test/resources/common/resource-dummy-deprecated.xml +++ /dev/null @@ -1,569 +0,0 @@ - - - - - - Dummy Resource - - - - - connectorType - com.evolveum.icf.dummy.connector.DummyConnector - - - connectorVersion - 2.0 - - - - - - - - - true - - whatever - - - - - - http://midpoint.evolveum.com/xml/ns/public/resource/instance/10000000-0000-0000-0000-000000000004 - - - - account - default - Default Account - true - ri:AccountObjectClass - - icfs:name - Username - - strong - - $user/name - - - - - - - - weak - - $c:user/c:name - - - - - icfs:uid - UID - - - ri:fullname - Full Name - - - $user/fullName - - - - weak - - $user/fullName - - - - - ri:location - Location - - strong - - - $c:user/c:locality - - - - - http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#import - - - - - description - - - - - ri:ship - Ship - - - - - - organizationalUnit - - - - - - - - ri:loot - Loot - explicit - - http://pirates.net/avast - - - - - - - ri:weapon - Weapon - - weak - - - declare namespace piracy="http://midpoint.evolveum.com/xml/ns/samples/piracy"; - $user/extension/piracy:weapon - - - - - - ri:drink - Drink - false - - strong - - rum - - - - - ri:quote - Quote - true - - strong - - Arr! - - - - - ri:gossip - Gossip - true - - - ri:water - - true - - - - - fishy - - - - - - very FISHY - - - $user/fullName - - - - - - ri:group - entitlement - group - objectToSubject - ri:members - icfs:name - - - - ri:priv - entitlement - privilege - subjectToObject - ri:privileges - icfs:name - - - - 5 - - - - daviejones - - - calypso - - - - - - - - - - - - - - - weak - - - - - - - - - - - - - - - - weak - - - - - - - - - - - account - test - Testing Account - false - ri:AccountObjectClass - - icfs:name - - strong - - $user/name - - - - - - - - ri:fullname - - - $user/fullName - - - - - - - - ri:location - - strong - - - $c:user/c:locality - - - - - - - ri:group - entitlement - group - objectToSubject - ri:members - icfs:name - - - - ri:priv - entitlement - privilege - subjectToObject - ri:privileges - icfs:name - - - - 5 - - - - - - - - - - - - - - - - - - - - entitlement - group - true - ri:GroupObjectClass - - icfs:name - Groupname - - - $focus/name - - - t:norm - - - - - ri:description - - - $focus/description - - - - - ri:cc - - weak - - declare namespace piracy="http://midpoint.evolveum.com/xml/ns/samples/piracy"; - $focus/extension/piracy:costCenter - - - - - declare namespace piracy="http://midpoint.evolveum.com/xml/ns/samples/piracy"; - $focus/extension/piracy:costCenter - - - - - - - entitlement - privilege - false - ri:CustomprivilegeObjectClass - - - - - - - usr - - - - acc - - - - res - - - 3 - size - - -to spiral :size - if :size > 30 [stop] - fd :size rt 15 - spiral :size *1.02 -end - - add - account - after - - - - - - - - - true - - - - - true - - - c:name - - declare namespace icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"; - $account/attributes/icfs:name - - - - - linked - - - - deleted - - - - unlinked - - - - unmatched - - - - - - diff --git a/model/model-intest/src/test/resources/common/resource-dummy-emerald-deprecated.xml b/model/model-intest/src/test/resources/common/resource-dummy-emerald-deprecated.xml deleted file mode 100644 index ed1f2c1a282..00000000000 --- a/model/model-intest/src/test/resources/common/resource-dummy-emerald-deprecated.xml +++ /dev/null @@ -1,178 +0,0 @@ - - - - - - - - Dummy Resource Emerald - - - - - connectorType - com.evolveum.icf.dummy.connector.DummyConnector - - - connectorVersion - 2.0 - - - - - - - - emerald - false - true - - - - false - - - - - - - Default Account - true - ri:AccountObjectClass - - icfs:name - Username - - - $c:user/c:name - - - - - ri:fullname - Full Name - - strong - - - - - $user/fullName - - - - - ri:title - - strong - - - - - title - - - - - ri:loot - Loot - This will be interpreted as date and synced to validFrom - explicit - - - $user/activation/validFrom - - - - - ri:gossip - This will be interpreted as date and synced to validTo - - - $user/activation/validTo - - - - - - - - - - - - - - - - none - - - - - true - - - c:name - - $account/attributes/icfs:name - - - - - linked - - - - deleted - - - - unlinked - - - - unmatched - - - - - - diff --git a/model/model-intest/src/test/resources/common/resource-dummy-green-caching.xml b/model/model-intest/src/test/resources/common/resource-dummy-green-caching.xml index 9f3529f368c..be86331e8cd 100644 --- a/model/model-intest/src/test/resources/common/resource-dummy-green-caching.xml +++ b/model/model-intest/src/test/resources/common/resource-dummy-green-caching.xml @@ -203,11 +203,21 @@ - daviejones - - - calypso - + + + attributes/name + daviejones + + + + + + + attributes/name + calypso + + + diff --git a/model/model-intest/src/test/resources/common/resource-dummy-green-deprecated.xml b/model/model-intest/src/test/resources/common/resource-dummy-green-deprecated.xml deleted file mode 100644 index 93ae81da2b6..00000000000 --- a/model/model-intest/src/test/resources/common/resource-dummy-green-deprecated.xml +++ /dev/null @@ -1,291 +0,0 @@ - - - - - - - - Dummy Resource Green - - - - - connectorType - com.evolveum.icf.dummy.connector.DummyConnector - - - connectorVersion - 2.0 - - - - - - - - green - true - - - - - - - default - Default Account - true - ri:AccountObjectClass - - icfs:name - Username - - weak - - $user/name - - - - - - - - weak - - $c:user/c:name - - - - - icfs:uid - UID - - - ri:fullname - Full Name - - - $user/fullName - - - - strong - - $user/fullName - - - - - ri:location - Location - - strong - - - $c:user/c:locality - - - - - strong - http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#import - - - - - description - - - - - ri:ship - Ship - - strong - - - - - organizationalUnit - - - - - ri:loot - Loot - - http://pirates.net/avast - - 10000 - - - - - ri:weapon - Weapon - - weak - - - $user/extension/piracy:weapon - - - - - - ri:drink - Drink - false - - strong - - rum - - - - - ri:quote - Quote - true - - strong - - Arr! - - - - - - 5 - - - - daviejones - - - calypso - - - - - - weak - - - - - - - - - weak - - - - - - - - - weak - - - - - - - - - - - - weak - - - - - - weak - - - - - - - - - - - - - none - - - - true - - - - - default account type - true - - - c:name - - declare namespace icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"; - $account/attributes/icfs:name - - - - - linked - - - - deleted - - - - unlinked - - - - unmatched - - - - - - diff --git a/model/model-intest/src/test/resources/common/resource-dummy-green.xml b/model/model-intest/src/test/resources/common/resource-dummy-green.xml index 1b17c1f25fa..7727d8ec46e 100644 --- a/model/model-intest/src/test/resources/common/resource-dummy-green.xml +++ b/model/model-intest/src/test/resources/common/resource-dummy-green.xml @@ -208,11 +208,21 @@ - daviejones - - - calypso - + + + attributes/name + daviejones + + + + + + + attributes/name + calypso + + + diff --git a/model/model-intest/src/test/resources/common/resource-dummy-orange.xml b/model/model-intest/src/test/resources/common/resource-dummy-orange.xml index 54a047187a1..baa74f444b7 100644 --- a/model/model-intest/src/test/resources/common/resource-dummy-orange.xml +++ b/model/model-intest/src/test/resources/common/resource-dummy-orange.xml @@ -184,8 +184,6 @@ true gossip-inbound - - true