[midPoint] Questions about the Gitlab connector sample
Devin Rosenbauer
devin at identityworksllc.com
Thu Nov 29 16:17:22 CET 2018
Hey all, I have a couple of questions about the Gitlab connector sample
here:
https://github.com/Evolveum/midpoint/tree/master/samples/resources/gitlab
My understanding of the connector is that projects and groups are both
represented as OrgTypes in Midpoint and as entitlements on the resource.
I'm curious what the inducement sections on the roles do, e.g. on the
role-permission-master.xml.
Of course the goal is to add the user to an appropriate Project and Group
out in Gitlab with the "master" access type.
So three questions:
1) How does one add the user as a master to a *particular* project. I don't
understand where the "$assignment/c:orgRef" that's referenced in the
<condition> of the <inducement> is coming from. Wouldn't that add the user
as a master to *all* of their projects? Or only allow one?
Or would the user making the request select a list of project org
references when assigning this role? Is there a UI mechanism for doing this?
https://github.com/Evolveum/midpoint/blob/master/samples/resources/gitlab/role-permission-master.xml#L124
2) What on earth is the magic in the "Add user to group as member" group
object template mapping doing? Am I reading correctly that that's
automatically populating the Midpoint-end org membership based on the
values pulled from Gitlab?
https://github.com/Evolveum/midpoint/blob/master/samples/resources/gitlab/object-template-for-group.xml#L71
3) What is the metarole-for-role doing to the user? There's no target
specified. Is this just adding the user as a member of the given orgs?
https://github.com/Evolveum/midpoint/blob/master/samples/resources/gitlab/metarole-for-role.xml
--
Devin Rosenbauer
Principal Consultant
Identity Works LLC
+1 585 210 3201
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181129/d01888d1/attachment.htm>
More information about the midPoint
mailing list