Page tree
Skip to end of metadata
Go to start of metadata

This action is available in midPoint 3.6 and later.

Description

Generate new values for item or items specified in the request according to the value policy.

Input

Any object.

Output

Object with the generated values.

Properties

Property nameMeaning
itemsDescription of items to generate (see below).

The description of items to be generated is the same as for the corresponding REST call (i.e. /{type}/{oid}/generate). It is PolicyItemsDefinitionType structure, consisting of PolicyItemDefinitionType elements, with the following structure:

ItemMeaningExamplesDefault
targetPath of the item whose value is to be generated.credentials/password/value, employeeNumber-
valuePolicyRefReference to the value policy to be used.oid=00000000-0000-0000-0000-000000000003, type=ValuePolicyTypeuser or system-wide password policy
execute"True" if the generated value should be stored into the repository or resource object.true, falsefalse

Note that if the items parameter is not present, the default value is the following:

Default value for "items" parameter
<c:value xsi:type="api:PolicyItemsDefinitionType">
  <api:policyItemDefinition>
    <api:target>
      <api:path>credentials/password/value</api:path>
    </api:target>
  </api:policyItemDefinition>
</c:value>

Meaning that the item generated is the password value using user or system-wide password policy and not storing it into midPoint users.

Examples

Takes selected users, generates and stores passwords for them
<s:executeScript xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
                 xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xmlns:api="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3">
    <s:pipeline>
        <s:action>
            <s:type>resolve</s:type>        <!-- resolves references to real objects -->
        </s:action>
        <s:action>
            <s:type>generate-value</s:type>
            <s:parameter>
                <s:name>items</s:name>
                <c:value xsi:type="api:PolicyItemsDefinitionType">
                    <api:policyItemDefinition>
                        <api:target>
                            <api:path>credentials/password/value</api:path>
                        </api:target>
                        <api:execute>true</api:execute>
                    </api:policyItemDefinition>
                </c:value>
            </s:parameter>
        </s:action>
        <s:filterContent>
            <s:keep>name</s:keep>
            <s:keep>credentials/password/value</s:keep>     <!-- removes everything except OID, name and password -->
        </s:filterContent>
    </s:pipeline>
    <s:input>
        <s:value xsi:type="c:ObjectReferenceType" oid="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" type="UserType"/> <!-- invalid OID -->
        <s:value xsi:type="c:ObjectReferenceType" oid="c0c010c0-d34d-b33f-f00d-111111111116" type="UserType"/> <!-- guybrush -->
        <s:value xsi:type="c:ObjectReferenceType" oid="c0c010c0-d34d-b33f-f00d-11111111111e" type="UserType"/> <!-- elaine -->
    </s:input>
    <s:options>
        <s:continueOnAnyError>true</s:continueOnAnyError>
    </s:options>
</s:executeScript>
  • No labels