[midPoint] PoilcyRules prune with filter

Sylvaire kevin TIPA sylvaire-kevin.tipa at mythalesgroup.io
Wed May 16 10:41:47 CEST 2018 

Oh ! So good to help you :D


Just for be sure, it's all expression in filter (in Exclusion Constraint) or just some filter type like inOID ?





Cordialement.


Sylvaire-Kevin TIPA
Thales Services / OIC INFRAS
Devops Infrastructure Automation

        [cid:be0cd124-7e89-4222-bb4d-d90e00e37760]





THALES SERVICES SAS
44 Quai Charles de Gaulle
CS 20100
69463 Lyon Cedex 06



--------------------------------------------------
www.thalesgroup.com<http://www.thalesgroup.com>

________________________________
De : midPoint <midpoint-bounces at lists.evolveum.com> de la part de Pavol Mederly <mederly at evolveum.com>
Envoyé : mercredi 16 mai 2018 10:09:17
À : midpoint at lists.evolveum.com
Objet : Re: [midPoint] PoilcyRules prune with filter


Hello,


this is not a spam :) Actually, the JIRA you mentioned is not quite related to your problem.


Having looked at the source code now I see the problem is that although filters are supported in exclusion constraints, expressions in these filters are not. What is missing is the resolution of expressions somewhere at ExclusionConstraintEvaluator.java:185 (in current master).


I have created a new JIRA for that: https://jira.evolveum.com/browse/MID-4663.


Best regards,

Pavol Mederly
Software developer
evolveum.com


On 16.05.2018 7:54, Sylvaire kevin TIPA wrote:

I forgot to say that I'm in 3.6, and I just see that a JIRA is openning on it ...

https://jira.evolveum.com/browse/MID-3966


Sorry for the spam



Cordialement.


Sylvaire-Kevin TIPA
Thales Services / OIC INFRAS
Devops Infrastructure Automation

        [cid:part3.67DCF051.DA64AA01 at evolveum.com]





THALES SERVICES SAS
44 Quai Charles de Gaulle
CS 20100
69463 Lyon Cedex 06



--------------------------------------------------
www.thalesgroup.com<http://www.thalesgroup.com>
________________________________
De : midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> de la part de Sylvaire kevin TIPA <sylvaire-kevin.tipa at mythalesgroup.io><mailto:sylvaire-kevin.tipa at mythalesgroup.io>
Envoyé : mercredi 16 mai 2018 00:11:26
À : midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Objet : [midPoint] PoilcyRules prune with filter


Hello,


I have something strange in my SoD metarole. I use a policyRules with prune action, when I set the target ref static (with oid) it work. But when I set it with filter, it do nothing .. some idea ?


WORK :

<inducement >
         <policyRule>
            <name>Segregation for Guestt</name>
            <policyConstraints>
               <exclusion>
                  <targetRef oid="e7eb6293-79a9-4be7-b417-21dee480c871" relation="org:default" type="c:RoleType"/>
               </exclusion>
            </policyConstraints>
            <policyActions>
               <prune/>
            </policyActions>
         </policyRule>
      </inducement>
      <inducement>
         <policyRule>
            <name>Segregation for Reporterr</name>
            <policyConstraints>
               <exclusion>
                  <targetRef oid="1f756f93-1f46-4d66-b3df-c2f33634807b" relation="org:default" type="c:RoleType"/>
               </exclusion>
            </policyConstraints>
            <policyActions>
               <prune/>
            </policyActions>
         </policyRule>
      </inducement>



HS :

<inducement id="1">
        <policyRule>
            <name>Segregation for Guest</name>
            <policyConstraints>
                <exclusion>
                    <targetRef relation="org:default" type="c:RoleType">
                        <filter>
                            <q:inOid>
                                <expression>
                                    <script>
                                        <code>
                                            return "e7eb6293-79a9-4be7-b417-21dee480c871"
                                </code>
                                    </script>
                                </expression>
                            </q:inOid>
                        </filter>
                        <resolutionTime>run</resolutionTime>
                    </targetRef>
                </exclusion>
            </policyConstraints>
            <policyActions>
                <prune />
            </policyActions>
        </policyRule>
    </inducement>
    <inducement id="2">
        <policyRule>
            <name>Segregation for Reporter</name>
            <policyConstraints>
                <exclusion>
                    <targetRef relation="org:default" type="c:RoleType">
                        <filter>
                            <q:inOid>
                                <expression>
                                    <script>
                                        <code>
                                        return "1f756f93-1f46-4d66-b3df-c2f33634807b"
                                </code>
                                    </script>
                                </expression>
                            </q:inOid>
                        </filter>
                            <resolutionTime>run</resolutionTime>
                    </targetRef>
                </exclusion>
            </policyConstraints>
            <policyActions>
                <prune />
            </policyActions>
        </policyRule>
    </inducement>




Cordialement.


Sylvaire-Kevin TIPA
Thales Services / OIC INFRAS
Devops Infrastructure Automation

        [cid:part5.86037552.1D8AEF22 at evolveum.com]





THALES SERVICES SAS
44 Quai Charles de Gaulle
CS 20100
69463 Lyon Cedex 06



--------------------------------------------------
www.thalesgroup.com<http://www.thalesgroup.com>

This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.

This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.



_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint



This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/a64a6742/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-op3lod2a.png
Type: image/png
Size: 6112 bytes
Desc: Outlook-op3lod2a.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/a64a6742/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-huov1ps1.png
Type: image/png
Size: 6112 bytes
Desc: Outlook-huov1ps1.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/a64a6742/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-xl3rok35.png
Type: image/png
Size: 6112 bytes
Desc: Outlook-xl3rok35.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/a64a6742/attachment-0002.png>

More information about the midPoint mailing list