Merge remote-tracking branch 'origin/master'

model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java

@@ -15,6 +15,53 @@
  */
 package com.evolveum.midpoint.model.test;
 
+import static com.evolveum.midpoint.test.IntegrationTestTools.display;
+import static org.testng.AssertJUnit.assertEquals;
+import static org.testng.AssertJUnit.assertFalse;
+import static org.testng.AssertJUnit.assertNotNull;
+import static org.testng.AssertJUnit.assertNull;
+import static org.testng.AssertJUnit.assertTrue;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import java.util.function.Consumer;
+import java.util.stream.Collectors;
+
+import javax.xml.bind.JAXBException;
+import javax.xml.datatype.XMLGregorianCalendar;
+import javax.xml.namespace.QName;
+
+import org.apache.commons.lang.StringUtils;
+import org.opends.server.types.DirectoryException;
+import org.opends.server.types.Entry;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.SecurityConfig;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.context.SecurityContextImpl;
+import org.springframework.security.web.FilterInvocation;
+import org.testng.AssertJUnit;
+import org.testng.annotations.AfterClass;
+
 import com.evolveum.icf.dummy.resource.ConflictException;
 import com.evolveum.icf.dummy.resource.DummyAccount;
 import com.evolveum.icf.dummy.resource.DummyGroup;
@@ -43,9 +90,27 @@
 import com.evolveum.midpoint.model.common.SystemObjectCache;
 import com.evolveum.midpoint.notifications.api.NotificationManager;
 import com.evolveum.midpoint.notifications.api.transports.Message;
-import com.evolveum.midpoint.prism.*;
+import com.evolveum.midpoint.prism.Containerable;
+import com.evolveum.midpoint.prism.Item;
+import com.evolveum.midpoint.prism.ItemDefinition;
+import com.evolveum.midpoint.prism.PrismContainer;
+import com.evolveum.midpoint.prism.PrismContainerDefinition;
+import com.evolveum.midpoint.prism.PrismContainerValue;
+import com.evolveum.midpoint.prism.PrismContext;
+import com.evolveum.midpoint.prism.PrismObject;
+import com.evolveum.midpoint.prism.PrismObjectDefinition;
+import com.evolveum.midpoint.prism.PrismProperty;
+import com.evolveum.midpoint.prism.PrismPropertyDefinition;
+import com.evolveum.midpoint.prism.PrismReference;
+import com.evolveum.midpoint.prism.PrismReferenceValue;
+import com.evolveum.midpoint.prism.PrismValue;
 import com.evolveum.midpoint.prism.crypto.EncryptionException;
-import com.evolveum.midpoint.prism.delta.*;
+import com.evolveum.midpoint.prism.delta.ChangeType;
+import com.evolveum.midpoint.prism.delta.ContainerDelta;
+import com.evolveum.midpoint.prism.delta.ItemDelta;
+import com.evolveum.midpoint.prism.delta.ObjectDelta;
+import com.evolveum.midpoint.prism.delta.PropertyDelta;
+import com.evolveum.midpoint.prism.delta.ReferenceDelta;
 import com.evolveum.midpoint.prism.delta.builder.DeltaBuilder;
 import com.evolveum.midpoint.prism.match.MatchingRule;
 import com.evolveum.midpoint.prism.path.IdItemPathSegment;
@@ -60,15 +125,26 @@
 import com.evolveum.midpoint.prism.xml.XmlTypeConverter;
 import com.evolveum.midpoint.provisioning.api.ProvisioningService;
 import com.evolveum.midpoint.repo.api.RepositoryService;
-import com.evolveum.midpoint.schema.*;
+import com.evolveum.midpoint.schema.GetOperationOptions;
+import com.evolveum.midpoint.schema.ObjectDeltaOperation;
+import com.evolveum.midpoint.schema.RepositoryDiag;
+import com.evolveum.midpoint.schema.ResultHandler;
+import com.evolveum.midpoint.schema.SearchResultList;
+import com.evolveum.midpoint.schema.SelectorOptions;
 import com.evolveum.midpoint.schema.constants.ObjectTypes;
 import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.schema.internals.InternalsConfig;
 import com.evolveum.midpoint.schema.processor.ResourceAttribute;
 import com.evolveum.midpoint.schema.processor.ResourceAttributeContainer;
 import com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition;
 import com.evolveum.midpoint.schema.result.OperationResult;
-import com.evolveum.midpoint.schema.util.*;
+import com.evolveum.midpoint.schema.util.FocusTypeUtil;
+import com.evolveum.midpoint.schema.util.MiscSchemaUtil;
+import com.evolveum.midpoint.schema.util.ObjectQueryUtil;
+import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
+import com.evolveum.midpoint.schema.util.ResourceTypeUtil;
+import com.evolveum.midpoint.schema.util.SchemaTestConstants;
+import com.evolveum.midpoint.schema.util.ShadowUtil;
 import com.evolveum.midpoint.security.api.Authorization;
 import com.evolveum.midpoint.security.api.AuthorizationConstants;
 import com.evolveum.midpoint.security.api.ItemSecurityDecisions;
@@ -90,7 +166,17 @@
 import com.evolveum.midpoint.util.Holder;
 import com.evolveum.midpoint.util.MiscUtil;
 import com.evolveum.midpoint.util.QNameUtil;
-import com.evolveum.midpoint.util.exception.*;
+import com.evolveum.midpoint.util.exception.CommonException;
+import com.evolveum.midpoint.util.exception.CommunicationException;
+import com.evolveum.midpoint.util.exception.ConfigurationException;
+import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
+import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
+import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
+import com.evolveum.midpoint.util.exception.PolicyViolationException;
+import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.util.exception.SecurityViolationException;
+import com.evolveum.midpoint.util.exception.SystemException;
+import com.evolveum.midpoint.util.exception.TunnelException;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType;
@@ -104,9 +190,9 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ConstructionType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectPolicyConfigurationType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectSynchronizationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
@@ -128,44 +214,6 @@
 import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
 import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
 
-import org.apache.commons.lang.StringUtils;
-import org.opends.server.types.DirectoryException;
-import org.opends.server.types.Entry;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.SecurityConfig;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.context.SecurityContextImpl;
-import org.springframework.security.web.FilterInvocation;
-import org.testng.AssertJUnit;
-import org.testng.annotations.AfterClass;
-
-import javax.xml.bind.JAXBException;
-import javax.xml.datatype.XMLGregorianCalendar;
-import javax.xml.namespace.QName;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.net.ConnectException;
-import java.util.*;
-import java.util.function.Consumer;
-import java.util.stream.Collectors;
-
-import static com.evolveum.midpoint.test.IntegrationTestTools.display;
-import static org.testng.AssertJUnit.assertEquals;
-import static org.testng.AssertJUnit.assertFalse;
-import static org.testng.AssertJUnit.assertNotNull;
-import static org.testng.AssertJUnit.assertNull;
-import static org.testng.AssertJUnit.assertTrue;
-import static org.testng.AssertJUnit.fail;
-
 /**
  * Abstract framework for an integration test that is placed on top of a model API.
  * This provides complete environment that the test should need, e.g model service instance, repository, provisioning,
@@ -4110,4 +4158,5 @@ protected void dumpOrgTree() throws SchemaException, ObjectNotFoundException, Se
 	protected String getTopOrgOid() {
 		return null;
 	}
+
 }

provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/AbstractOpenDjTest.java

@@ -62,9 +62,9 @@ public abstract class AbstractOpenDjTest extends AbstractIntegrationTest {
 	protected static final File RESOURCE_OPENDJ_BAD_BIND_DN_FILE = new File(TEST_DIR, "resource-opendj-bad-bind-dn.xml");
 	protected static final String RESOURCE_OPENDJ_BAD_BIND_DN_OID = "d180258a-ef5f-11e4-8737-001e8c717e5b";
 
-	protected static final File ACCOUNT1_FILE = new File (TEST_DIR, "account1.xml");
-	protected static final File ACCOUNT1_REPO_FILE = new File(TEST_DIR, "account1-repo.xml");
-	protected static final String ACCOUNT1_OID = "dbb0c37d-9ee6-44a4-8d39-016dbce1cccc";
+	protected static final File ACCOUNT_JBOND_FILE = new File (TEST_DIR, "account-jbond.xml");
+	protected static final File ACCOUNT_JBOND_REPO_FILE = new File(TEST_DIR, "account-jbond-repo.xml");
+	protected static final String ACCOUNT_JBOND_OID = "dbb0c37d-9ee6-44a4-8d39-016dbce1cccc";
 
 	protected static final File ACCOUNT_WILL_FILE = new File(TEST_DIR, "account-will.xml");
 	protected static final String ACCOUNT_WILL_OID = "c0c010c0-d34d-b44f-f11d-333222123456";

provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDj.java

@@ -113,9 +113,11 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.CachingMetadataType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.CapabilityCollectionType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ConnectorType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationProvisioningScriptsType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ProvisioningScriptHostType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType;
@@ -127,12 +129,13 @@
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CredentialsCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.DeleteCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.PagedSearchCapabilityType;
+import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.PasswordCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ReadCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ScriptCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ScriptCapabilityType.Host;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.UpdateCapabilityType;
 import com.evolveum.prism.xml.ns._public.query_3.QueryType;
-
+import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
 import com.evolveum.midpoint.provisioning.ucf.api.ConnectorInstance;
 
 /**
@@ -318,7 +321,9 @@ public void test005Capabilities() throws Exception {
         assertFalse("Empty capabilities returned",nativeCapabilitiesList.isEmpty());
         CredentialsCapabilityType capCred = CapabilityUtil.getCapability(nativeCapabilitiesList, CredentialsCapabilityType.class);
         assertNotNull("credentials capability not found",capCred);
-        assertNotNull("password capability not present",capCred.getPassword());
+        PasswordCapabilityType capPassword = capCred.getPassword();
+        assertNotNull("password capability not present", capPassword);
+        assertPasswordCapability(capPassword);
 
         // Connector cannot do activation, this should be null
         ActivationCapabilityType capAct = CapabilityUtil.getCapability(nativeCapabilitiesList, ActivationCapabilityType.class);
@@ -364,6 +369,11 @@ public void test005Capabilities() throws Exception {
         assertShadows(1);
 	}
 
+	protected void assertPasswordCapability(PasswordCapabilityType capPassword) {
+		assertTrue("Wrong password capability readable flag: "+capPassword.isReadable(), 
+				capPassword.isReadable() != Boolean.TRUE);
+	}
+
 	@Test
 	public void test006Schema() throws Exception {
 		final String TEST_NAME = "test006RefinedSchema";
@@ -677,50 +687,50 @@ public void test110GetObject() throws Exception {
 		Task task = createTask(TEST_NAME);
 		OperationResult result = task.getResult();
 
-		ShadowType objectToAdd = parseObjectType(ACCOUNT1_FILE, ShadowType.class);
+		ShadowType objectToAdd = parseObjectType(ACCOUNT_JBOND_FILE, ShadowType.class);
 
 		display(SchemaDebugUtil.prettyPrint(objectToAdd));
 		display(objectToAdd.asPrismObject().debugDump());
 
 		String addedObjectOid = provisioningService.addObject(objectToAdd.asPrismObject(), null, null, task, result);
-		assertEquals(ACCOUNT1_OID, addedObjectOid);
+		assertEquals(ACCOUNT_JBOND_OID, addedObjectOid);
 		PropertyReferenceListType resolve = new PropertyReferenceListType();
 
 		// WHEN
 		TestUtil.displayWhen(TEST_NAME);
-		ShadowType shadow = provisioningService.getObject(ShadowType.class, ACCOUNT1_OID, null, task, result).asObjectable();
+		ShadowType provisioningShadow = provisioningService.getObject(ShadowType.class, ACCOUNT_JBOND_OID, null, task, result).asObjectable();
 
 		// THEN
 		TestUtil.displayThen(TEST_NAME);
 		assertSuccess(result);
 
-		assertNotNull(shadow);
-
-		display(SchemaDebugUtil.prettyPrint(shadow));
-		display(shadow.asPrismObject().debugDump());
+		assertNotNull(provisioningShadow);
+		display("Account provisioning", provisioningShadow);
 
-		PrismAsserts.assertEqualsPolyString("Name not equals.", "uid=jbond,ou=People,dc=example,dc=com", shadow.getName());
+		PrismAsserts.assertEqualsPolyString("Name not equals.", "uid=jbond,ou=People,dc=example,dc=com", provisioningShadow.getName());
 
 		final String resourceNamespace = ResourceTypeUtil.getResourceNamespace(resource);
 
-        assertNotNull(shadow.getOid());
-        assertNotNull(shadow.getName());
-        assertEquals(new QName(resourceNamespace, OBJECT_CLASS_INETORGPERSON_NAME), shadow.getObjectClass());
-        assertEquals(RESOURCE_OPENDJ_OID, shadow.getResourceRef().getOid());
-        String idPrimaryVal = getAttributeValue(shadow, getPrimaryIdentifierQName());
+        assertNotNull(provisioningShadow.getOid());
+        assertNotNull(provisioningShadow.getName());
+        assertEquals(new QName(resourceNamespace, OBJECT_CLASS_INETORGPERSON_NAME), provisioningShadow.getObjectClass());
+        assertEquals(RESOURCE_OPENDJ_OID, provisioningShadow.getResourceRef().getOid());
+        String idPrimaryVal = getAttributeValue(provisioningShadow, getPrimaryIdentifierQName());
         assertNotNull("No primary identifier ("+getPrimaryIdentifierQName().getLocalPart()+")", idPrimaryVal);
-        String idSecondaryVal = getAttributeValue(shadow, getSecondaryIdentifierQName());
+        String idSecondaryVal = getAttributeValue(provisioningShadow, getSecondaryIdentifierQName());
         assertNotNull("No secondary ("+getSecondaryIdentifierQName().getLocalPart()+")", idSecondaryVal);
         // Capitalization is the same as returned by OpenDJ
         assertEquals("Wrong secondary identifier", "uid=jbond,ou=People,dc=example,dc=com", idSecondaryVal);
-        assertEquals("Wrong LDAP uid", "jbond", getAttributeValue(shadow, new QName(resourceNamespace, "uid")));
-        assertEquals("Wrong LDAP cn", "James Bond", getAttributeValue(shadow, new QName(resourceNamespace, "cn")));
-        assertEquals("Wrong LDAP sn", "Bond", getAttributeValue(shadow, new QName(resourceNamespace, "sn")));        
-        assertNotNull("Missing activation", shadow.getActivation());
-        assertNotNull("Missing activation status", shadow.getActivation().getAdministrativeStatus());
-        assertEquals("Not enabled", ActivationStatusType.ENABLED, shadow.getActivation().getAdministrativeStatus());
-
-        ShadowType repoShadow = repositoryService.getObject(ShadowType.class, shadow.getOid(), null, result).asObjectable();
+        assertEquals("Wrong LDAP uid", "jbond", getAttributeValue(provisioningShadow, new QName(resourceNamespace, "uid")));
+        assertEquals("Wrong LDAP cn", "James Bond", getAttributeValue(provisioningShadow, new QName(resourceNamespace, "cn")));
+        assertEquals("Wrong LDAP sn", "Bond", getAttributeValue(provisioningShadow, new QName(resourceNamespace, "sn")));        
+        assertNotNull("Missing activation", provisioningShadow.getActivation());
+        assertNotNull("Missing activation status", provisioningShadow.getActivation().getAdministrativeStatus());
+        assertEquals("Not enabled", ActivationStatusType.ENABLED, provisioningShadow.getActivation().getAdministrativeStatus());
+        assertShadowPassword(provisioningShadow);
+
+        ShadowType repoShadow = repositoryService.getObject(ShadowType.class, provisioningShadow.getOid(), null, result).asObjectable();
+        display("Account repo", repoShadow);
         assertEquals(new QName(resourceNamespace, OBJECT_CLASS_INETORGPERSON_NAME), repoShadow.getObjectClass());
         assertEquals(RESOURCE_OPENDJ_OID, repoShadow.getResourceRef().getOid());
         idPrimaryVal = getAttributeValue(repoShadow, getPrimaryIdentifierQName());
@@ -733,6 +743,19 @@ public void test110GetObject() throws Exception {
         assertShadows(2 + getNumberOfBaseContextShadows());        
 	}
 
+	protected void assertShadowPassword(ShadowType provisioningShadow) throws Exception {
+		CredentialsType credentials = provisioningShadow.getCredentials();
+		if (credentials == null) {
+			return;
+		}
+		PasswordType passwordType = credentials.getPassword();
+		if (passwordType == null) {
+			return;
+		}
+		ProtectedStringType passwordValue = passwordType.getValue();
+		assertNull("Unexpected password value in "+provisioningShadow+": "+passwordValue, passwordValue);
+	}
+
 	/**
 	 * Let's try to fetch object that does not exist in the repository.
 	 */
@@ -799,7 +822,7 @@ public void test112GetObjectNotFoundResource() throws Exception {
 			Assert.fail("Expected ObjectNotFoundException, but got" + e);
 		} finally {
 			try {
-				repositoryService.deleteObject(ShadowType.class, ACCOUNT1_OID, result);
+				repositoryService.deleteObject(ShadowType.class, ACCOUNT_JBOND_OID, result);
 			} catch (Exception ex) {
 			}
 			try {