Examples with AccIdentityAccountDto eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto used on opensource projects

Example 66 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class IdentitySynchronizationExecutor method doUnlink.

/**
 * Operation remove IdentityAccount relations and linked roles
 *
 * @param account
 * @param removeIdentityRole
 * @param log
 * @param logItem
 * @param actionLogs
 */
@Override
protected void doUnlink(AccAccountDto account, boolean removeIdentityRole, SysSyncLogDto log, SysSyncItemLogDto logItem, List<SysSyncActionLogDto> actionLogs) {
    EntityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
    identityAccountFilter.setAccountId(account.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find((AccIdentityAccountFilter) identityAccountFilter, null).getContent();
    if (identityAccounts.isEmpty()) {
        addToItemLog(logItem, "Warning! - Identity account relation was not found!");
        initSyncActionLog(SynchronizationActionType.UPDATE_ENTITY, OperationResultType.WARNING, logItem, log, actionLogs);
        return;
    }
    addToItemLog(logItem, MessageFormat.format("Identity-account relations to delete [{0}]", identityAccounts));
    identityAccounts.stream().forEach(identityAccount -> {
        // We will remove identity account, but without delete connected
        // account
        identityAccountService.delete(identityAccount, false);
        addToItemLog(logItem, MessageFormat.format("Identity-account relation deleted (without calling the delete provisioning operation) (username: [{0}], id: [{1}])", identityAccount.getIdentity(), identityAccount.getId()));
        UUID identityRole = identityAccount.getIdentityRole();
        if (removeIdentityRole && identityRole != null) {
            // We will remove connected identity role
            identityRoleService.deleteById(identityRole);
            addToItemLog(logItem, MessageFormat.format("Identity-role relation deleted (id: {0})", identityRole));
        }
    });
}

Example 67 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class DefaultSysSystemMappingService method getMappingContext.

@Override
public MappingContext getMappingContext(SysSystemMappingDto mapping, SysSystemEntityDto systemEntity, AbstractDto dto, SysSystemDto system) {
    Assert.notNull(mapping, "Mapping cannot be null!");
    Assert.notNull(systemEntity, "System entity cannot be null!");
    Assert.notNull(system, "System cannot be null!");
    // Create new context.
    MappingContext mappingContext = new MappingContext();
    if (dto == null) {
        return mappingContext;
    }
    if ((mapping.isAddContextIdentityRoles() || mapping.isAddContextIdentityRolesForSystem()) && dto instanceof IdmIdentityDto) {
        IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
        identityRoleFilter.setIdentityId(dto.getId());
        List<IdmIdentityRoleDto> identityRoles = identityRoleService.find(identityRoleFilter, PageRequest.of(0, Integer.MAX_VALUE, Sort.by(IdmIdentityRole_.created.getName()))).getContent();
        if (mapping.isAddContextIdentityRoles()) {
            // Set all identity-roles to the context.
            mappingContext.setIdentityRoles(identityRoles);
        }
        if (mapping.isAddContextIdentityRolesForSystem()) {
            Assert.notNull(system.getId(), "System identifier is required.");
            List<IdmIdentityRoleDto> identityRolesForSystem = Lists.newArrayList();
            AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
            identityAccountFilter.setIdentityId(dto.getId());
            identityAccountFilter.setSystemId(system.getId());
            List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountFilter, null).getContent();
            // Filtering only identity-roles for this system.
            identityAccounts.forEach(identityAccount -> {
                identityRolesForSystem.addAll(identityRoles.stream().filter(identityRole -> identityRole.getId().equals(identityAccount.getIdentityRole())).collect(Collectors.toList()));
            });
            // Set identity-roles for this system to the context.
            mappingContext.setIdentityRolesForSystem(identityRolesForSystem);
        }
    }
    if (mapping.isAddContextContracts() && dto instanceof IdmIdentityDto) {
        // Set all identity contracts to the context.
        mappingContext.setContracts(identityContractService.findAllByIdentity(dto.getId()));
    }
    if (mapping.isAddContextConnectorObject()) {
        // Set connector object to the context.
        mappingContext.setConnectorObject(systemEntityService.getConnectorObject(systemEntity));
    }
    String script = mapping.getMappingContextScript();
    if (StringUtils.isEmpty(script)) {
        return mappingContext;
    } else {
        Map<String, Object> variables = new HashMap<>();
        variables.put(SysSystemAttributeMappingService.ACCOUNT_UID, systemEntity.getUid());
        variables.put(SysSystemAttributeMappingService.SYSTEM_KEY, system);
        variables.put(SysSystemAttributeMappingService.ENTITY_KEY, dto);
        variables.put(SysSystemAttributeMappingService.CONTEXT_KEY, mappingContext);
        // Add default script evaluator, for call another scripts
        variables.put(AbstractScriptEvaluator.SCRIPT_EVALUATOR, pluginExecutors.getPluginFor(IdmScriptCategory.MAPPING_CONTEXT));
        // Add access for script evaluator
        List<Class<?>> extraClass = new ArrayList<>();
        extraClass.add(AbstractScriptEvaluator.Builder.class);
        extraClass.add(IcConnectorObject.class);
        // 
        Object result = groovyScriptService.evaluate(script, variables, extraClass);
        if (result instanceof MappingContext) {
            return (MappingContext) result;
        } else {
            throw new ProvisioningException(AccResultCode.MAPPING_CONTEXT_SCRIPT_RETURNS_WRONG_TYPE, ImmutableMap.of("system", system.getCode()));
        }
    }
}

Example 68 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class AccRoleDuplicateBulkActionIntegrationTest method testDontRemoveAccount.

@Test
public void testDontRemoveAccount() {
    IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
    String environment = getHelper().createName();
    IdmRoleDto role = getHelper().createRole(null, null, environment);
    IdmRoleDto roleSubOne = getHelper().createRole(null, null, environment);
    IdmRoleDto roleSubTwo = getHelper().createRole(null, null, environment);
    IdmRoleCompositionDto compositionSubOne = getHelper().createRoleComposition(role, roleSubOne);
    // 
    // create system mapping on the target
    String targetEnvironment = getHelper().createName();
    IdmRoleDto roleTarget = getHelper().createRole(null, role.getBaseCode(), targetEnvironment);
    IdmRoleDto roleSubOneTarget = getHelper().createRole(null, roleSubOne.getBaseCode(), targetEnvironment);
    IdmRoleDto roleSubTwoTarget = getHelper().createRole(null, roleSubTwo.getBaseCode(), targetEnvironment);
    SysSystemDto system = getHelper().createTestResourceSystem(true);
    getHelper().createRoleSystem(roleSubOneTarget, system);
    getHelper().createRoleSystem(roleSubTwoTarget, system);
    getHelper().createIdentityRole(identity, roleTarget);
    // 
    // check account not exist now - composition on target doesn't exist
    AccAccountDto account = accountService.getAccount(identity.getUsername(), system.getId());
    Assert.assertNull(account);
    // 
    // bulk action updates composition only
    IdmBulkActionDto bulkAction = findBulkAction(IdmRole.class, RoleDuplicateBulkAction.NAME);
    bulkAction.setIdentifiers(Sets.newHashSet(role.getId()));
    bulkAction.getProperties().put(RoleDuplicateBulkAction.PROPERTY_ENVIRONMENT, targetEnvironment);
    bulkAction.getProperties().put(DuplicateRoleCompositionProcessor.PARAMETER_INCLUDE_ROLE_COMPOSITION, true);
    IdmBulkActionDto processAction = bulkActionManager.processAction(bulkAction);
    // 
    checkResultLrt(processAction, 1l, null, null);
    // 
    account = accountService.getAccount(identity.getUsername(), system.getId());
    Assert.assertNotNull(account);
    List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
    Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(roleSubOneTarget.getId())));
    Assert.assertTrue(assignedRoles.stream().allMatch(ir -> !ir.getRole().equals(roleSubTwoTarget.getId())));
    // 
    // change a source composition
    roleCompositionService.delete(compositionSubOne);
    getHelper().createRoleComposition(role, roleSubTwo);
    // 
    processAction = bulkActionManager.processAction(bulkAction);
    checkResultLrt(processAction, 1l, null, null);
    // 
    List<IdmRoleCompositionDto> targetSubRoles = roleCompositionService.findAllSubRoles(roleTarget.getId());
    Assert.assertEquals(1, targetSubRoles.size());
    Assert.assertEquals(roleSubTwoTarget.getId(), targetSubRoles.get(0).getSub());
    // 
    assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
    Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(roleSubTwoTarget.getId())));
    Assert.assertTrue(assignedRoles.stream().allMatch(ir -> !ir.getRole().equals(roleSubOneTarget.getId())));
    // 
    // search identity accounts
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setIdentityId(identity.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
    Assert.assertEquals(1, identityAccounts.size());
    // 
    AccAccountDto switchedAccount = accountService.getAccount(identity.getUsername(), system.getId());
    Assert.assertNotNull(switchedAccount);
    Assert.assertEquals(account.getId(), switchedAccount.getId());
}

Example 69 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class ContractSliceSyncTest method setDirtyStateAndCheckIt.

@Test
public void setDirtyStateAndCheckIt() {
    // create tree type and node, tree node is used as position in contrac slice synchronization
    IdmTreeTypeDto treeType = this.getHelper().createTreeType();
    IdmTreeNodeDto treeNode = this.getHelper().createTreeNode(treeType, null);
    // create two roles, one role is used as automatic role by organization structure
    // second role is used as manually added
    IdmRoleDto roleOne = this.getHelper().createRole();
    IdmRoleDto roleTwo = this.getHelper().createRole();
    this.getHelper().createAutomaticRole(roleOne, treeNode);
    // init system
    SysSystemDto system = initData();
    // set default tree type for synchronization
    SysSyncContractConfigDto config = (SysSyncContractConfigDto) doCreateSyncConfig(system);
    config.setDefaultTreeType(treeType.getId());
    syncConfigService.save(config);
    IdmIdentityDto identity = helper.createIdentity();
    // for sure remove all contracts
    contractService.findAllByIdentity(identity.getId()).forEach(contract -> {
        contractService.delete(contract);
    });
    // check current delete audits record for identity (and their related entities)
    IdmAuditFilter filter = new IdmAuditFilter();
    filter.setOwnerId(identity.getId().toString());
    filter.setModification("DELETE");
    List<IdmAuditDto> audits = auditService.find(filter, null).getContent();
    assertEquals(0, audits.size());
    // check current slices
    IdmContractSliceFilter contractSliceFilter = new IdmContractSliceFilter();
    contractSliceFilter.setIdentity(identity.getId());
    List<IdmContractSliceDto> slices = contractSliceService.find(contractSliceFilter, null).getContent();
    assertEquals(0, slices.size());
    // check current contracts
    List<IdmIdentityContractDto> allByIdentity = contractService.findAllByIdentity(identity.getId());
    assertEquals(0, allByIdentity.size());
    // delete all data in resource
    this.getBean().deleteAllResourceData();
    // create step one data, please see inside method
    this.getBean().createTestDataStepOne(identity.getUsername(), treeNode.getCode());
    // start synchronization
    helper.startSynchronization(config);
    SysSyncLogDto log = checkSyncLog(config, SynchronizationActionType.CREATE_ENTITY, 1);
    Assert.assertFalse(log.isRunning());
    Assert.assertFalse(log.isContainsError());
    // after first synchronization exists one contract
    allByIdentity = contractService.findAllByIdentity(identity.getId());
    assertEquals(1, allByIdentity.size());
    // after first synchronization exists one slice
    slices = contractSliceService.find(contractSliceFilter, null).getContent();
    assertEquals(1, slices.size());
    // after first synchronization exists one identity role - automatic role
    List<IdmIdentityRoleDto> identityRoles = identityRoleService.findAllByIdentity(identity.getId());
    assertEquals(1, identityRoles.size());
    IdmIdentityRoleDto identityRoleDto = identityRoles.get(0);
    // manually create identity account for check if identity account will be changed or deleted after second synchronization
    // this state create two audit records for the identity account
    AccIdentityAccountDto identityAccount = helper.createIdentityAccount(system, identity);
    identityAccount.setIdentityRole(identityRoleDto.getId());
    identityAccount = identityAccountService.save(identityAccount);
    // add manually role
    IdmIdentityContractDto identityContractDto = allByIdentity.get(0);
    this.getHelper().createIdentityRole(identityContractDto, roleTwo);
    // check current identity roles - one is automatic, second is manually added
    identityRoles = identityRoleService.findAllByIdentity(identity.getId());
    assertEquals(2, identityRoles.size());
    // prepare data for second step
    this.getBean().createTestDataStepTwo(identity.getUsername(), treeNode.getCode());
    helper.startSynchronization(config);
    Assert.assertFalse(log.isRunning());
    Assert.assertFalse(log.isContainsError());
    // after second synchronization still exists one contract
    allByIdentity = contractService.findAllByIdentity(identity.getId());
    assertEquals(1, allByIdentity.size());
    // after second synchronization exists two slices
    slices = contractSliceService.find(contractSliceFilter, null).getContent();
    assertEquals(2, slices.size());
    // after second synchronization must also exists both roles
    identityRoles = identityRoleService.findAllByIdentity(identity.getId());
    assertEquals(2, identityRoles.size());
    // check delete operation for identity and their related entities
    filter = new IdmAuditFilter();
    filter.setOwnerId(identity.getId().toString());
    filter.setModification("DELETE");
    audits = auditService.find(filter, null).getContent();
    assertEquals(0, audits.size());
    // check audit for identity roles
    for (IdmIdentityRoleDto identityRole : identityRoles) {
        filter = new IdmAuditFilter();
        filter.setEntityId(identityRole.getId());
        List<IdmAuditDto> auditsForIdentityRole = auditService.find(filter, null).getContent();
        if (identityRole.getAutomaticRole() == null) {
            // manually added role, just create
            assertEquals(1, auditsForIdentityRole.size());
        } else {
            // automatic role change validity
            assertEquals(2, auditsForIdentityRole.size());
        }
    }
    // Check audit records for identity account, exists three record, because helper
    // create one and second create save with change identity role and third is
    // delete of this identity-account (role does not mapping the system)
    filter = new IdmAuditFilter();
    filter.setEntityId(identityAccount.getId());
    List<IdmAuditDto> auditsForIdentityAccount = auditService.find(filter, null).getContent();
    assertEquals(3, auditsForIdentityAccount.size());
    // some tests expect data as contract slice with id 1. Just for sure we clear test slices
    slices = contractSliceService.find(contractSliceFilter, null).getContent();
    slices.forEach(slice -> {
        contractSliceService.delete(slice);
    });
    identityService.delete(identity);
}

Example 70 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class IdentitySyncTest method testDefaultRoleToAllContracts.

@Test
public void testDefaultRoleToAllContracts() {
    IdmIdentityDto identityDto = helper.createIdentity((GuardedString) null);
    SysSystemDto system = initData(identityDto.getUsername());
    Assert.assertNotNull(system);
    IdmRoleDto defaultRole = helper.createRole();
    // 
    SysSyncIdentityConfigDto config = doCreateSyncConfig(system);
    // Set default role to sync configuration
    config.setDefaultRole(defaultRole.getId());
    config.setInactiveOwnerBehavior(SynchronizationInactiveOwnerBehaviorType.LINK);
    config.setCreateDefaultContract(false);
    config.setAssignDefaultRoleToAll(true);
    config = (SysSyncIdentityConfigDto) syncConfigService.save(config);
    // 
    // create default mapping for provisioning
    helper.createMapping(system);
    helper.createRoleSystem(defaultRole, system);
    IdmIdentityContractDto validContract = helper.getPrimeContract(identityDto);
    IdmIdentityContractDto validFutureContract = helper.createContract(identityDto, null, LocalDate.now().plusDays(10), null);
    helper.createContract(identityDto, null, null, LocalDate.now().minusDays(1));
    List<IdmIdentityContractDto> contracts = contractService.findAllByIdentity(identityDto.getId());
    Assert.assertEquals(3, contracts.size());
    helper.startSynchronization(config);
    // Have to be in the success state, because default role will be assigned to the valid contracts.
    SysSyncLogDto log = checkSyncLog(config, SynchronizationActionType.LINK, 1, OperationResultType.SUCCESS);
    Assert.assertFalse(log.isRunning());
    Assert.assertFalse(log.isContainsError());
    IdmIdentityDto identity = identityService.get(identityDto);
    List<IdmIdentityRoleDto> roles = identityRoleService.findAllByIdentity(identity.getId());
    Assert.assertEquals(2, roles.size());
    long identityRolesWithDefaultRole = roles.stream().filter(role -> role.getRole().equals(defaultRole.getId())).count();
    Assert.assertEquals(2, identityRolesWithDefaultRole);
    // Valid contract must have default role
    long identityRolesWithValidContract = roles.stream().filter(role -> role.getIdentityContract().equals(validContract.getId())).count();
    Assert.assertEquals(1, identityRolesWithValidContract);
    // Future contract must have default role
    long identityRolesWithFutureContract = roles.stream().filter(role -> role.getIdentityContract().equals(validFutureContract.getId())).count();
    Assert.assertEquals(1, identityRolesWithFutureContract);
    // Check only one identity account is created.
    // Only one identity-account relation can exists, because only one
    // current valid identity-role exists now (the second is future valid).
    AccIdentityAccountFilter accountFilter = new AccIdentityAccountFilter();
    accountFilter.setIdentityId(identity.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(accountFilter, null).getContent();
    // !!!!To delete - Test doesn't pass on the Jenkins, we need to more information
    if (identityAccounts.size() > 1) {
        identityAccounts.forEach(identityAccountDtoOne -> {
            System.out.println("Id - identityAccount: " + identityAccountDtoOne.getId());
            System.out.println("Account: " + identityAccountDtoOne.getAccount());
            System.out.println("RoleSystem: " + identityAccountDtoOne.getRoleSystem());
            System.out.println("Identity: " + identityAccountDtoOne.getIdentity());
            System.out.println("IdentityRole: " + identityAccountDtoOne.getIdentityRole());
            System.out.println("----");
        });
    }
    // !!!
    Assert.assertEquals(1, identityAccounts.size());
    // Delete log
    syncLogService.delete(log);
    syncConfigService.delete(config);
}