Feature/acs 9456 SCIM user sync (#3324)

packaging/tests/scripts/start-compose.sh

@@ -49,5 +49,6 @@ then
   echo "Docker Compose started ok"
 else
   echo "Docker Compose failed to start" >&2
+  docker compose ${DOCKER_COMPOSES} logs --tail 200
   exit 1
 fi

repository/src/main/java/org/alfresco/repo/security/authority/AuthorityDAO.java

@@ -248,4 +248,9 @@ public interface AuthorityDAO
      * Remove an authority from zones.
      */
     public void removeAuthorityFromZones(String authorityName, Set<String> zones);
+
+    /**
+     * @return Returns the authority container, <b>which must exist</b>
+     */
+    NodeRef getAuthorityContainer();
 }

repository/src/main/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java

@@ -1360,7 +1360,8 @@ public class AuthorityDAOImpl implements AuthorityDAO, NodeServicePolicies.Befor
     /**
      * @return Returns the authority container, <b>which must exist</b>
      */
-    private NodeRef getAuthorityContainer()
+    @Override
+    public NodeRef getAuthorityContainer()
     {
         return getSystemContainer(qnameAssocAuthorities);
     }

repository/src/main/java/org/alfresco/repo/security/sync/ChainingUserRegistrySynchronizer.java

@@ -411,6 +411,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
             Date groupLastModified = groupLastModifiedMillis == -1 ? null : new Date(groupLastModifiedMillis);
             Date personLastModified = personLastModifiedMillis == -1 ? null : new Date(personLastModifiedMillis);
 
+            plugin.initSync(groupLastModified, syncDelete);
             ret.setGroups(plugin.getGroupNames());
 
             ret.setUsers(plugin.getPersonNames());
@@ -918,7 +919,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
                 : getMostRecentUpdateTime(
                         ChainingUserRegistrySynchronizer.GROUP_LAST_MODIFIED_ATTRIBUTE, zoneId, splitTxns);
         Date lastModified = lastModifiedMillis == -1 ? null : new Date(lastModifiedMillis);
-
+        userRegistry.initSync(lastModified, syncDelete);
         if (ChainingUserRegistrySynchronizer.logger.isInfoEnabled())
         {
             if (lastModified == null)
@@ -945,6 +946,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
                 this.loggingInterval);
         class Analyzer extends BaseBatchProcessWorker<NodeDescription>
         {
+            private final Map<String, NodeDescription> nodeDescriptions = new HashMap<>();
             private final Map<String, String> groupsToCreate = new TreeMap<String, String>();
             private final Map<String, Set<String>> personParentAssocsToCreate = newPersonMap();
             private final Map<String, Set<String>> personParentAssocsToDelete = newPersonMap();
@@ -1103,6 +1105,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
             {
                 PropertyMap groupProperties = group.getProperties();
                 String groupName = (String) groupProperties.get(ContentModel.PROP_AUTHORITY_NAME);
+                nodeDescriptions.put(groupName, group);
                 String groupDisplayName = (String) groupProperties.get(ContentModel.PROP_AUTHORITY_DISPLAY_NAME);
                 if (groupDisplayName == null)
                 {
@@ -1565,9 +1568,11 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
                                                 + groupShortName + "'");
                                     }
                                     // create the group
+                                    Map<QName, Serializable> groupProperties = Optional.ofNullable(Analyzer.this.nodeDescriptions.get(child))
+                                            .map(NodeDescription::getProperties)
+                                            .orElse(new PropertyMap());
                                     ChainingUserRegistrySynchronizer.this.authorityService.createAuthority(
-                                            AuthorityType.getAuthorityType(child), groupShortName, groupDisplayName,
-                                            zoneSet);
+                                            AuthorityType.getAuthorityType(child), groupShortName, groupDisplayName, zoneSet, groupProperties);
                                 }
                                 else
                                 {

repository/src/main/java/org/alfresco/repo/security/sync/UserRegistry.java

@@ -76,4 +76,17 @@ public interface UserRegistry
      * @return the person mapped properties
      */
     public Set<QName> getPersonMappedProperties();
+
+    /**
+     * Notifies the user registry that the sync process is about to start.
+     *
+     * @param modifiedSince
+     *            if non-null, then only descriptions of groups and users modified since this date should be returned; if <code>null</code> then descriptions of all groups and users should be returned.
+     * @param syncDelete
+     *            if <code>true</code> then registry will be queried for all users and groups to calculate deleted entities
+     */
+    default void initSync(Date modifiedSince, boolean syncDelete)
+    {
+        // default implementation does nothing
+    }
 }