Ninja is new command line tool bundled with midPoint. Implemented features are based on "repo-ninja", but code was rewritten from the ground up. This tool comes in handy when one needs to export or import objects from/to midPoint. Operations can be done on top of repository (DB) layer or through REST API. Access through DB layer can be very powerful, especially in cases when UI fails. For example when midPoint fails to start because of configuration issue or objects data corruption. Another great example is "administrator" user lockout.
Users of this tool need to be aware that using repository layer, access is not validated using authorisations, model component is not used during processing and changes are not audited. It allows you to obtain or modify data in an otherwise unusable midPoint. Ninja also plan to support some other operations like listing keys from keystore, enforcing objects reencryption with new key, DB schema validation, password reset or user unlock.
Ninja comes with also with shell and bat scripts located in midPoint installation directory, eg. <midpoint>/bin/ninja.sh. These scripts will preset midpoint.home to default midPoint home folder, eg. <midpoint>/var.
Connecting to midPoint
Connection options:
- using midpoint.home
- using REST service (not yet implemented)
midpoint.home connection
This type of connection initialises repository layer of midpoint and operates on top of DB as new midPoint node. Mostly only one option is needed and that's specification of midpoint.home directory using -m option. This is not sufficient if config.xml uses datasource definition. Ninja then doesn't know how to connect to DB. For this case one have to use options to specify url ( -U ), username ( -u ) and password ( -p or -P ). These options can also be used to override JDBC url, username and password specified in config.xml.
REST connection
Not yet implemented.
Supported operations
Currently supports three operations:
- import
- export
- verify (midPoint 3.9 or later)
- keys
- count
- delete
Ninja can be started using standart java -jar or via bundles shell/bat script. Bundled scripts will automatically fill in path to for midPoint home option -m. There's also a difference between usage when pointing ninja to correct JDBC drivers. Example use with java -jar option:
java -Dloader.path=<jdbc_driver_jar_path> -jar ninja.jar [general options] [command] [command options]
Example use with bundled shell script:
Error rendering macro 'code': Invalid value specified for parameter 'com.atlassian.confluence.ext.code.render.InvalidValueException'<MIDPOINT_INSTALLATION_PATH>/bin/ninja.sh -j <JDBC_DRIVER_JAR> [general options] [command] [command options]
Import
Import command allow users to import objects from SYSOUT or file (either plain XML or compressed ZIP, which may contain multiple files). One can define oid, multiple types or filter to filter imported objects. Example of import from XML file using 4 threads with raw and overwrite option using explicit midpoint.home folder path:
java -jar ninja.jar -m ~/Desktop/midpoint/var import -O -i midpoint/samples/objects/user-ceresnickova.xml -l 4 -r
Export
Export command allows users to export objects to SYSOUT or file (either plain XML or compressed ZIP). One can define oid, multiple types or filter to filter exported objects. Export objects to compressed zip file using 4 threads:
java -jar ninja.jar -m ~/Desktop/midpoint/var export -O export.zip -z -l 4
Verify
MidPoint 3.9 and later
This feature is available only in midPoint 3.9 and later.
Command that verifies objects in midPoint repository. It displays warnings about objects to SYSOUT or file. Similarly to export, one can define oid, multiple types or filter to filter verified objects. Simple usage to verify all objects in the repository for all warnings:
ninja.sh verify
There is a -w switch that can be used to select specific warnings to display. Currently it only supports values deprecated and plannedRemoval. Following command will show warnings about planned removal of items used by all objects in the repository:
ninja.sh verify -w plannedRemoval
Keys
List keys in with aliases from keystore located in midpoint.home.
java -jar ninja.jar -m /opt/midpoint-home keys -K
Full help
$ java -jar target/ninja.jar -h
Usage: java [-Dloader.path=<jdbc_driver_jar_path>] -jar ninja.jar [options] [command] [command options]
Options:
-c, --charset
Charset used for input/output
Default: utf-8
-h, --help
Print this help
-m, --midpoint-home
Path to MidPoint home folder. If relative path is specified, it will be translated to absolute path.
-p, --password
Password for rest/jdbc connection
-P, --password-ask
Please write rest/jdbc connection password
-s, --silent
No output at all
Default: false
-U, --url
Url to MidPoint model webservice endpoint or JDBC url to database. If '-m' option is used url will be used to connect to JDBC database. If '-m'
is not specified then this parameter is used as MidPoint REST url endpoint.
-u, --username
Username for rest/jdbc connection
-v, --verbose
Verbose output
Default: false
-V, --version
Version and build description
Default: false
Commands:
import Imports objects into MidPoint
Usage: import [options]
Options:
-e, --allowUnencryptedValues
Allow unencrypted values
Default: false
-f, --filter
Value of object filter used to search objects. If you start the filter with the letter @, the rest should be a filename.
-i, --input
-l, --multi-thread
How many threads to use for operation.
Default: 1
-o, --oid
Object oid
-O, --overwrite
Use overwrite option
Default: false
-r, --raw
Use raw option
Default: false
-t, --type
Object type, case insensitive value. Rest type name can be used as well.
Default: []
-z, --zip
Use zip/unzip compression
Default: false
export Exports objects from MidPoint
Usage: export [options]
Options:
-f, --filter
Value of object filter used to search objects. If you start the filter with the letter @, the rest should be a filename.
-l, --multi-thread
How many threads to use for operation.
Default: 1
-o, --oid
Object oid
-O, --output
-r, --raw
Use raw option
Default: false
-t, --type
Object type, case insensitive value. Rest type name can be used as well.
Default: []
-z, --zip
Use zip/unzip compression
Default: false
delete delete
Usage: delete [options]
Options:
-a, --ask
Default: false
-f, --filter
-F, --force
Force option
Default: false
-o, --oid
Object oid
-r, --raw
Raw option
Default: false
-t, --type
Possible Values: [CONNECTOR, CONNECTOR_HOST, GENERIC_OBJECT, RESOURCE, USER, OBJECT_TEMPLATE, SYSTEM_CONFIGURATION, TASK, SHADOW, ROLE, PASSWORD_POLICY, NODE, FORM, ORG, ABSTRACT_ROLE, FOCUS_TYPE, REPORT, REPORT_OUTPUT, SECURITY_POLICY, LOOKUP_TABLE, ACCESS_CERTIFICATION_DEFINITION, ACCESS_CERTIFICATION_CAMPAIGN, SEQUENCE, SERVICE, CASE, FUNCTION_LIBRARY, OBJECT]
count
Usage: count [options]
Options:
-f, --filter
-t, --type
Default: []
keys List keys from keystore
Usage: keys [options]
Options:
-k, --key-password
Key password
-K
Please write key password