[midPoint] bulk unassign deleted role or org

Thu Jan 11 08:09:33 CET 2024

Thank you Paul and Alcides,

I just tried the solution from Paul and that worked out nicely. I'll test/save the solution from Alcides later. It does seem like a better solution to remove the ones deleted, than to remove all and rebuild.

Thanks again,
Markus

On Wednesday, 10 January 2024 at 23:22, Alcides Moraes <alcides.neto at gmail.com> wrote:

> Hello Markus,
>
> We have a task that runs daily and deletes assignments to deleted objects
>
> Here’s the groovy script we use:
>
> import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>
> import com.evolveum.midpoint.prism.delta.builder.*
>
> import com.evolveum.midpoint.model.api.*
>
> import javax.xml.namespace.QName
>
> def assignmentsToDelete = []
>
> for (a in input.assignment) {
>
> if (a.targetRef != null) {
>
> def ot = midpoint.resolveReferenceIfExists(a.targetRef)
>
> if (ot == null) {
>
> def removeAssignment = new AssignmentType()
>
> removeAssignment.id = a.id
>
> assignmentsToDelete.add removeAssignment.asPrismContainerValue()
>
> }
>
> }
>
> }
>
> if (!assignmentsToDelete.empty) {
>
> def delta = prismContext.deltaFor(FocusType.class).item(FocusType.F_ASSIGNMENT).delete(assignmentsToDelete).asObjectDelta(input.oid)
>
> midpoint.modifyObject(delta, ModelExecuteOptions.createRaw())
>
> }
>
>> Em 10 de jan. de 2024, à(s) 11:50, Markus Calmius via midPoint <midpoint at lists.evolveum.com> escreveu:
>>
>> Hi,
>>
>> is it possible, and if so, can anyone guide me on how to unassign all roles (or orgs) that has been deleted*.
>>
>> I've been trying to use the bulk script actions, but I cannot figure out how to figure out how to compose the filter.
>> All my tests end up with either a stack-trace or "There are no roles nor resources to unassign and no filter is specified"
>>
>> What I got working was the example:
>> <s:action>
>> <s:type>unassign</s:type>
>> <s:parameter>
>> <s:name>role</s:name>
>> <c:value xsi:type="xsd:string”>OID</c:value>
>> </s:parameter>
>> </s:action>
>> But that take one OID, and... I need to have at least a list, but preferably something even smarter.
>>
>> I tried to do something like this:
>>
>> <
>>
>> s
>>
>> :action
>>
>>>
>>
>> <
>>
>> s
>>
>> :type
>>
>>>
>>
>> unassign
>>
>> </
>>
>> s
>>
>> :type
>>
>>>
>>
>> <
>>
>> s
>>
>> :parameter
>>
>>>
>>
>> <
>>
>> s
>>
>> :name
>>
>>>
>>
>> filter
>>
>> </
>>
>> s
>>
>> :name
>>
>>>
>>
>> <
>>
>> s
>>
>> :searchFilter
>>
>>>
>>
>> <
>>
>> q
>>
>> :inOid
>>
>>>
>>
>> <
>>
>> q
>>
>> :value
>>
>>>
>>
>> fef34a49-f7d4-4a68-97ee-cb240fe13022
>>
>> </
>>
>> q
>>
>> :value
>>
>>>
>>
>> <
>>
>> q
>>
>> :value
>>
>>>
>>
>> f379d31e-6990-4226-8007-932b9676a8ff
>>
>> </
>>
>> q
>>
>> :value
>>
>>>
>>
>> </
>>
>> q
>>
>> :inOid
>>
>>>
>>
>> </
>>
>> s
>>
>> :searchFilter
>>
>>>
>>
>> </
>>
>> s
>>
>> :parameter
>>
>>>
>>
>> </
>>
>> s
>>
>> :action
>>
>>>
>>
>> But cannot get any thing to work.
>>
>> Anyway, any pointers is greatly appreciated.
>>
>> * I know there is a message saying this role/org has members, do you still want to etc.
>>
>> Markus
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240111/55fca151/attachment-0001.htm>