Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test for inducements having condition "do not induce if user is member
of role xy" (cherry-picked from 0aff149)
- Loading branch information
Showing
7 changed files
with
382 additions
and
0 deletions.
There are no files selected for viewing
217 changes: 217 additions & 0 deletions
217
testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestInducement.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,217 @@ | ||
/* | ||
* Copyright (c) 2019 michael.gruber@wwk.de, Evolveum | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package com.evolveum.midpoint.testing.story; | ||
|
||
import java.io.File; | ||
import javax.xml.namespace.QName; | ||
|
||
import org.springframework.test.annotation.DirtiesContext; | ||
import org.springframework.test.annotation.DirtiesContext.ClassMode; | ||
import org.springframework.test.context.ContextConfiguration; | ||
import org.testng.annotations.Test; | ||
|
||
import com.evolveum.midpoint.prism.PrismObject; | ||
import com.evolveum.midpoint.schema.result.OperationResult; | ||
import com.evolveum.midpoint.task.api.Task; | ||
import com.evolveum.midpoint.test.util.MidPointTestConstants; | ||
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType; | ||
|
||
|
||
@ContextConfiguration(locations = { "classpath:ctx-story-test-main.xml" }) | ||
@DirtiesContext(classMode = ClassMode.AFTER_CLASS) | ||
|
||
|
||
/** | ||
* testing inducements, no ressources, no accounts in use. | ||
* role "processor" is assigned to user, it contains inducements for role1, role2, role3 having following conditions | ||
* | ||
* role1: no condition | ||
* role2: should not be induced when description of user equals "NO" | ||
* role3: should not be induced when user is member of role named "lock" (directly or indirectly, therefore condition runs against rolemembershipRef) | ||
*/ | ||
|
||
public class TestInducement extends AbstractStoryTest { | ||
|
||
public static final File TEST_DIR = new File(MidPointTestConstants.TEST_RESOURCES_DIR, "inducement"); | ||
|
||
public static final File ROLE_ROLE1_FILE = new File(TEST_DIR, "role-role1.xml"); | ||
public static final String ROLE_ROLE1_OID = "10000000-0000-0000-0000-100000000001"; | ||
|
||
public static final File ROLE_ROLE2_FILE = new File(TEST_DIR, "role-role2.xml"); | ||
public static final String ROLE_ROLE2_OID = "10000000-0000-0000-0000-100000000002"; | ||
|
||
public static final File ROLE_ROLE3_FILE = new File(TEST_DIR, "role-role3.xml"); | ||
public static final String ROLE_ROLE3_OID = "10000000-0000-0000-0000-100000000003"; | ||
|
||
public static final File ROLE_LOCK_FILE = new File(TEST_DIR, "role-lock.xml"); | ||
public static final String ROLE_LOCK_OID = "10000000-0000-0000-0000-10000000lock"; | ||
|
||
public static final File ROLE_PROCESSOR_FILE = new File(TEST_DIR, "role-processor.xml"); | ||
public static final String ROLE_PROCESSOR_OID = "10000000-0000-0000-0000-100processor"; | ||
|
||
public static final File USER_SIMPLE_FILE = new File(TEST_DIR, "user-simple.xml"); | ||
public static final String USER_SIMPLE_OID = "10000000-0000-0000-0001-100000simple"; | ||
|
||
@Override | ||
public void initSystem(Task initTask, OperationResult initResult) throws Exception { | ||
super.initSystem(initTask, initResult); | ||
|
||
// Roles | ||
importObjectFromFile(ROLE_ROLE1_FILE, initResult); | ||
importObjectFromFile(ROLE_ROLE2_FILE, initResult); | ||
importObjectFromFile(ROLE_ROLE3_FILE, initResult); | ||
importObjectFromFile(ROLE_LOCK_FILE, initResult); | ||
importObjectFromFile(ROLE_PROCESSOR_FILE, initResult); | ||
|
||
//User | ||
importObjectFromFile(USER_SIMPLE_FILE, initResult); | ||
|
||
} | ||
|
||
@Test | ||
public void test000Sanity() throws Exception { | ||
final String TEST_NAME = "test000Sanity"; | ||
displayTestTitle(TEST_NAME); | ||
//no resource, no extension definition | ||
//anything to check? | ||
|
||
} | ||
|
||
/** | ||
* assign role "processor". | ||
* role "processor" contains inducements for role1, role2, role3 | ||
*/ | ||
@Test | ||
public void test010InducementConditionsTrue() throws Exception { | ||
final String TEST_NAME = "test010InducementConditionsTrue"; | ||
displayTestTitle(TEST_NAME); | ||
|
||
// GIVEN | ||
Task task = createTask(TEST_NAME); | ||
OperationResult result = task.getResult(); | ||
dummyAuditService.clear(); | ||
|
||
// WHEN | ||
assignRole(USER_SIMPLE_OID, ROLE_PROCESSOR_OID, task, result); | ||
|
||
// THEN | ||
assertSuccess(result); | ||
|
||
PrismObject<UserType> user = getUser(USER_SIMPLE_OID); | ||
display("User simple after role assignment", user); | ||
|
||
assertAssignedRole(user, ROLE_PROCESSOR_OID); | ||
assertNotAssignedRole(user, ROLE_LOCK_OID); | ||
assertNotAssignedRole(user, ROLE_ROLE1_OID); | ||
assertNotAssignedRole(user, ROLE_ROLE2_OID); | ||
assertNotAssignedRole(user, ROLE_ROLE3_OID); | ||
assertRoleMembershipRef(user, ROLE_PROCESSOR_OID, ROLE_ROLE1_OID, ROLE_ROLE2_OID, ROLE_ROLE3_OID); | ||
} | ||
|
||
/** | ||
* modify description of user | ||
* condition in "processor" for inducing role2 returns false if description equals "NO" | ||
*/ | ||
@Test | ||
public void test020InducementRole2ConditionFalse() throws Exception { | ||
final String TEST_NAME = "test020InducementRole2ConditionFalse"; | ||
displayTestTitle(TEST_NAME); | ||
|
||
// GIVEN | ||
Task task = createTask(TEST_NAME); | ||
OperationResult result = task.getResult(); | ||
dummyAuditService.clear(); | ||
|
||
// WHEN | ||
modifyUserReplace(USER_SIMPLE_OID, UserType.F_DESCRIPTION, task, result, "NO"); | ||
|
||
// THEN | ||
assertSuccess(result); | ||
|
||
PrismObject<UserType> user = getUser(USER_SIMPLE_OID); | ||
display("User simple having description 'NO'", user); | ||
|
||
assertUserProperty(USER_SIMPLE_OID, new QName("description"), "NO"); | ||
assertAssignedRole(user, ROLE_PROCESSOR_OID); | ||
assertNotAssignedRole(user, ROLE_LOCK_OID); | ||
assertNotAssignedRole(user, ROLE_ROLE1_OID); | ||
assertNotAssignedRole(user, ROLE_ROLE2_OID); | ||
assertNotAssignedRole(user, ROLE_ROLE3_OID); | ||
assertRoleMembershipRef(user, ROLE_PROCESSOR_OID, ROLE_ROLE1_OID, ROLE_ROLE3_OID); | ||
} | ||
|
||
/** | ||
* assign role "lock" to user | ||
* condition in "processor" for inducing role3 returns false if lock is contained in rolemembership | ||
*/ | ||
@Test | ||
public void test030InducementRole3ConditionFalse() throws Exception { | ||
final String TEST_NAME = "test030InducementRole3ConditionFalse"; | ||
displayTestTitle(TEST_NAME); | ||
|
||
// GIVEN | ||
Task task = createTask(TEST_NAME); | ||
OperationResult result = task.getResult(); | ||
dummyAuditService.clear(); | ||
|
||
// WHEN | ||
assignRole(USER_SIMPLE_OID, ROLE_LOCK_OID, task, result); | ||
|
||
|
||
// THEN | ||
assertSuccess(result); | ||
|
||
PrismObject<UserType> user = getUser(USER_SIMPLE_OID); | ||
display("User simple having role lock assigned'", user); | ||
|
||
assertAssignedRole(user, ROLE_PROCESSOR_OID); | ||
assertAssignedRole(user, ROLE_LOCK_OID); | ||
assertNotAssignedRole(user, ROLE_ROLE1_OID); | ||
assertNotAssignedRole(user, ROLE_ROLE2_OID); | ||
assertNotAssignedRole(user, ROLE_ROLE3_OID); | ||
assertRoleMembershipRef(user, ROLE_PROCESSOR_OID, ROLE_LOCK_OID, ROLE_ROLE1_OID); | ||
} | ||
|
||
/** | ||
* same as Test30, just recomputed again | ||
*/ | ||
@Test | ||
public void test040Recomputed() throws Exception { | ||
final String TEST_NAME = "test040Recomputed"; | ||
displayTestTitle(TEST_NAME); | ||
|
||
// GIVEN | ||
Task task = createTask(TEST_NAME); | ||
OperationResult result = task.getResult(); | ||
dummyAuditService.clear(); | ||
|
||
// WHEN | ||
recomputeUser(USER_SIMPLE_OID); | ||
|
||
// THEN | ||
assertSuccess(result); | ||
|
||
PrismObject<UserType> user = getUser(USER_SIMPLE_OID); | ||
display("User simple having role lock assigned'", user); | ||
|
||
assertAssignedRole(user, ROLE_PROCESSOR_OID); | ||
assertAssignedRole(user, ROLE_LOCK_OID); | ||
assertNotAssignedRole(user, ROLE_ROLE1_OID); | ||
assertNotAssignedRole(user, ROLE_ROLE2_OID); | ||
assertNotAssignedRole(user, ROLE_ROLE3_OID); | ||
assertRoleMembershipRef(user, ROLE_PROCESSOR_OID, ROLE_LOCK_OID, ROLE_ROLE1_OID); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<role | ||
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" | ||
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" | ||
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" | ||
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" | ||
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" | ||
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
oid="10000000-0000-0000-0000-10000000lock" | ||
version="1"> | ||
<name>Lock</name> | ||
<activation> | ||
<effectiveStatus>enabled</effectiveStatus> | ||
<enableTimestamp>2019-05-23T13:31:24.828+02:00</enableTimestamp> | ||
</activation> | ||
<iteration>0</iteration> | ||
<iterationToken /> | ||
</role> |
55 changes: 55 additions & 0 deletions
55
testing/story/src/test/resources/inducement/role-processor.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
<role | ||
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" | ||
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" | ||
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" | ||
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" | ||
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" | ||
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
oid="10000000-0000-0000-0000-100processor" | ||
version="1"> | ||
<name>INDUCEPROCESSOR</name> | ||
<activation> | ||
<effectiveStatus>enabled</effectiveStatus> | ||
<enableTimestamp>2019-05-23T13:30:47.650+02:00</enableTimestamp> | ||
</activation> | ||
<iteration>0</iteration> | ||
<iterationToken/> | ||
<inducement> | ||
<targetRef oid="10000000-0000-0000-0000-100000000001" relation="org:default" type="c:RoleType"/> | ||
</inducement> | ||
<inducement> | ||
<targetRef oid="10000000-0000-0000-0000-100000000002" relation="org:default" type="c:RoleType"/> | ||
<condition> | ||
<source> | ||
<path>description</path> | ||
</source> | ||
<expression> | ||
<script> | ||
<code> | ||
//log.error("TESTINDUCE does DESC equal 'NO'? result: {} ", description?.equals("NO")) | ||
!description?.equals("NO") | ||
</code> | ||
</script> | ||
</expression> | ||
</condition> | ||
</inducement> | ||
<inducement> | ||
<targetRef oid="10000000-0000-0000-0000-100000000003" relation="org:default" type="c:RoleType"/> | ||
<condition> | ||
<source> | ||
<path>roleMembershipRef</path> | ||
</source> | ||
<expression> | ||
<script> | ||
<relativityMode>absolute</relativityMode> | ||
<code> | ||
!roleMembershipRef?.oid?.contains("10000000-0000-0000-0000-10000000lock") | ||
</code> | ||
</script> | ||
</expression> | ||
</condition> | ||
</inducement> | ||
</role> |
20 changes: 20 additions & 0 deletions
20
testing/story/src/test/resources/inducement/role-role1.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<role | ||
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" | ||
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" | ||
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" | ||
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" | ||
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" | ||
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
oid="10000000-0000-0000-0000-100000000001" | ||
version="1"> | ||
<name>Role1</name> | ||
<activation> | ||
<effectiveStatus>enabled</effectiveStatus> | ||
<enableTimestamp>2019-05-23T13:31:24.828+02:00</enableTimestamp> | ||
</activation> | ||
<iteration>0</iteration> | ||
<iterationToken /> | ||
</role> |
20 changes: 20 additions & 0 deletions
20
testing/story/src/test/resources/inducement/role-role2.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<role | ||
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" | ||
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" | ||
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" | ||
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" | ||
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" | ||
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
oid="10000000-0000-0000-0000-100000000002" | ||
version="1"> | ||
<name>Role2</name> | ||
<activation> | ||
<effectiveStatus>enabled</effectiveStatus> | ||
<enableTimestamp>2019-05-23T13:31:24.828+02:00</enableTimestamp> | ||
</activation> | ||
<iteration>0</iteration> | ||
<iterationToken /> | ||
</role> |
20 changes: 20 additions & 0 deletions
20
testing/story/src/test/resources/inducement/role-role3.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<role | ||
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" | ||
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | ||
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" | ||
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" | ||
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" | ||
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" | ||
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
oid="10000000-0000-0000-0000-100000000003" | ||
version="1"> | ||
<name>Role3</name> | ||
<activation> | ||
<effectiveStatus>enabled</effectiveStatus> | ||
<enableTimestamp>2019-05-23T13:31:24.828+02:00</enableTimestamp> | ||
</activation> | ||
<iteration>0</iteration> | ||
<iterationToken /> | ||
</role> |
30 changes: 30 additions & 0 deletions
30
testing/story/src/test/resources/inducement/user-simple.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!-- | ||
~ Copyright (c) 2010-2017 Evolveum, mythoss | ||
~ | ||
~ Licensed under the Apache License, Version 2.0 (the "License"); | ||
~ you may not use this file except in compliance with the License. | ||
~ You may obtain a copy of the License at | ||
~ | ||
~ http://www.apache.org/licenses/LICENSE-2.0 | ||
~ | ||
~ Unless required by applicable law or agreed to in writing, software | ||
~ distributed under the License is distributed on an "AS IS" BASIS, | ||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
~ See the License for the specific language governing permissions and | ||
~ limitations under the License. | ||
--> | ||
<user oid="10000000-0000-0000-0001-100000simple" | ||
xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3' | ||
xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3' | ||
xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3' | ||
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' | ||
xmlns:xsd='http://www.w3.org/2001/XMLSchema'> | ||
<name>simple</name> | ||
<fullName>Simple User</fullName> | ||
<givenName>Simple</givenName> | ||
<familyName>User</familyName> | ||
<activation> | ||
<administrativeStatus>enabled</administrativeStatus> | ||
</activation> | ||
</user> |