[midPoint] midPoint 4.0 Saving SystemConfiguration Evaluates Role Autoassignments

Forest Crowley fbc216 at lehigh.edu
Wed May 22 17:14:25 CEST 2019 

Hey everyone,

I noticed that in midPoint 4.0 when I save my systemConfiguration through
the GUI it's evaluated against my roles with autoassignment conditions. I
found this through an autoassign I wrote which sources
activation/effectiveStatus. When I went and saved a change to
systemConfiguration it fatal error-ed trying to evaluate the role's
condition (as SystemConfigurationType doesn't have effectiveStatus.)

I wrote a sample role based on the documentation at
https://wiki.evolveum.com/display/midPoint/Role+Autoassign+Configuration
which reproduces this behavior on a clean install of the most recent 4.0
snapshot. To reproduce, enable role autoassignment, import the sample role
(included below), and then make an edit to the system configuration via the
GUI and save. I tried it on 3.9 and it doesn't seem to cause the same
trouble.

Is there a way of filtering the objects that a given condition will be
executed on that I've missed? Maybe I'm missing a new way of doing things
in 4.0? I know I could stuff the conditions and role assignment in an
object template that is only applied to UserType-s but I was under the
impression this is the 'old way' of doing it.

Information about my install:
Version 4.0-SNAPSHOT
Git describe git-v4.0devel-1092-gf77681eebe

The exception that gets thrown:
Error executing changes.
com.evolveum.midpoint.util.exception.SchemaException: Cannot find
definition of a subitem activation/effectiveStatus of
ObjectDeltaObject(systemConfiguration:00000000-0000-0000-0000-000000000
001(SystemConfiguration) +
ObjectDelta(SystemConfigurationType:00000000-0000-0000-0000-000000000001,MODIFY:
ContainerDeltaImpl( / {.../common/common-3}deploymentInformation, REPLACE))
= syste
mConfiguration:00000000-0000-0000-0000-000000000001(SystemConfiguration))
        at
com.evolveum.midpoint.prism.util.ObjectDeltaObject.findIdi(ObjectDeltaObject.java:250)
...stack trace snipped...

And the role:
<role oid="AAAAAAAA-BBBB-CCCC-DDDD-DEADBEEFCAFE"
      xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">

    <name>test</name>
    <displayName>test</displayName>
    <autoassign>
        <enabled>true</enabled>
        <focus>
            <mapping>
                <strength>strong</strength>

<source><c:path>$focus/c:activation/effectiveStatus</c:path></source>
                <condition>
                    <script>
                        <code>
                            if (effectiveStatus?.toString()?.toLowerCase()
== "enabled") { return true }
                        </code>
                    </script>
                </condition>
            </mapping>
        </focus>
    </autoassign>
</role>

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190522/dfde1f22/attachment.htm>

More information about the midPoint mailing list