Merge remote-tracking branch 'refs/remotes/origin/master'

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractConfiguredModelIntegrationTest.java

@@ -533,6 +533,8 @@ public class AbstractConfiguredModelIntegrationTest extends AbstractModelIntegra
 	protected static final String AUTZ_GAMBLE_URL = QNameUtil.qNameToUri(AUTZ_GAMBLE_QNAME);
 	protected static final QName AUTZ_CROUPIER_QNAME = new QName(NS_TEST_AUTZ, "croupier");
 	protected static final String AUTZ_CROUPIER_URL = QNameUtil.qNameToUri(AUTZ_CROUPIER_QNAME);
+	protected static final QName AUTZ_PIT_BOSS_QNAME = new QName(NS_TEST_AUTZ, "pitBoss");
+	protected static final String AUTZ_PIT_BOSS_URL = QNameUtil.qNameToUri(AUTZ_PIT_BOSS_QNAME);
 
 	protected static final String NOTIFIER_ACCOUNT_PASSWORD_NAME = "accountPasswordNotifier";
 	protected static final String NOTIFIER_USER_PASSWORD_NAME = "userPasswordNotifier";

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestLifecycle.java

@@ -65,6 +65,9 @@ public class TestLifecycle extends AbstractInitializedModelIntegrationTest {
 	public static final File ROLE_CROUPIER_FILE = new File(TEST_DIR, "role-croupier.xml");
 	protected static final String ROLE_CROUPIER_OID = "a7b8de9a-20a1-84f6-b452-01254a1256e3";
 
+	public static final File ROLE_PIT_BOSS_FILE = new File(TEST_DIR, "role-pit-boss.xml");
+	protected static final String ROLE_PIT_BOSS_OID = "c4525ef8-31d4-95e6-d542-745e263f596c";
+
 	public static final String SUBTYPE_EMPLOYEE = "employee";
 	private static final Object USER_JACK_TELEPHONE_NUMBER = "12345654321";
 
@@ -78,6 +81,7 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 		repoAddObjectFromFile(ROLE_CARETAKER_FILE, initResult);
 		repoAddObjectFromFile(ROLE_GAMBLER_FILE, initResult);
 		repoAddObjectFromFile(ROLE_CROUPIER_FILE, initResult);
+		repoAddObjectFromFile(ROLE_PIT_BOSS_FILE, initResult);
 
 		assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL);
     }
@@ -195,6 +199,8 @@ public void test062PrincipalJackProposed() throws Exception {
         assertAuthorized(principal, AUTZ_GAMBLE_URL);
         assertAuthorized(principal, AUTZ_APPARATE_URL);
         // Forced assignment as specified in proposed lifecycle model
+        assertAuthorized(principal, AUTZ_PIT_BOSS_URL);
+        // and induced authz from pit boss
         assertAuthorized(principal, AUTZ_CROUPIER_URL);
 	}
 
@@ -244,6 +250,7 @@ public void test092PrincipalJackDefaultActive() throws Exception {
         assertAuthorized(principal, AUTZ_GAMBLE_URL);
         assertAuthorized(principal, AUTZ_APPARATE_URL);
      // Forced assignment not specified for active lifecycle state
+        assertNotAuthorized(principal, AUTZ_PIT_BOSS_URL);
         assertNotAuthorized(principal, AUTZ_CROUPIER_URL);
 	}
 

model/model-intest/src/test/resources/lifecycle/role-pit-boss.xml

@@ -0,0 +1,31 @@
+<!--
+  ~ Copyright (c) 2018 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<role oid="c4525ef8-31d4-95e6-d542-745e263f596c"
+        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
+        xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance/10000000-0000-0000-0000-000000000004"
+        xmlns:piracy="http://midpoint.evolveum.com/xml/ns/samples/piracy">
+    <name>Pit Boss</name>
+    <description>This is non-employee role. It does NOT work as data processing basis.</description>
+    <!-- No roleType -->
+     <inducement id="1">
+         <targetRef oid="a7b8de9a-20a1-84f6-b452-01254a1256e3" type="c:RoleType"/>
+      </inducement>
+    <authorization>
+    	<action>http://midpoint.evolveum.com/xml/ns/test/authorization#pitBoss</action>
+    </authorization>
+</role>

model/model-intest/src/test/resources/lifecycle/system-configuration-lifecycle.xml

@@ -52,7 +52,7 @@
 	            		<q:equal>
 			            	<q:matching>polyStringNorm</q:matching>
 			                <q:path>name</q:path>
-			                <q:value>croupier</q:value>
+			                <q:value>pit boss</q:value>
 			            </q:equal>
 	            	</filter>
 	           	</forcedAssignment>

testing/story/testng-integration.xml

@@ -53,7 +53,7 @@
             <class name="com.evolveum.midpoint.testing.story.TestExistentialIssues"/>
             <class name="com.evolveum.midpoint.testing.story.TestServiceAccounts"/>
             <class name="com.evolveum.midpoint.testing.story.TestLimitedResources"/>
-            <class name="com.evolveum.midpoint.testing.story.TestConsistencyMechanism"/>
+            <!-- MID-3353 <class name="com.evolveum.midpoint.testing.story.TestConsistencyMechanism"/>  -->
             <class name="com.evolveum.midpoint.testing.story.TestDelayedEnable"/>
             <class name="com.evolveum.midpoint.testing.story.TestMisbehavingResources"/>
             <class name="com.evolveum.midpoint.testing.story.TestInboundOutboundAssociation"/>