use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class IdentitySynchronizationExecutor method doUnlink.
/**
* Operation remove IdentityAccount relations and linked roles
*
* @param account
* @param removeIdentityRole
* @param log
* @param logItem
* @param actionLogs
*/
@Override
protected void doUnlink(AccAccountDto account, boolean removeIdentityRole, SysSyncLogDto log, SysSyncItemLogDto logItem, List<SysSyncActionLogDto> actionLogs) {
EntityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setAccountId(account.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find((AccIdentityAccountFilter) identityAccountFilter, null).getContent();
if (identityAccounts.isEmpty()) {
addToItemLog(logItem, "Warning! - Identity account relation was not found!");
initSyncActionLog(SynchronizationActionType.UPDATE_ENTITY, OperationResultType.WARNING, logItem, log, actionLogs);
return;
}
addToItemLog(logItem, MessageFormat.format("Identity-account relations to delete [{0}]", identityAccounts));
identityAccounts.stream().forEach(identityAccount -> {
// We will remove identity account, but without delete connected
// account
identityAccountService.delete(identityAccount, false);
addToItemLog(logItem, MessageFormat.format("Identity-account relation deleted (without calling the delete provisioning operation) (username: [{0}], id: [{1}])", identityAccount.getIdentity(), identityAccount.getId()));
UUID identityRole = identityAccount.getIdentityRole();
if (removeIdentityRole && identityRole != null) {
// We will remove connected identity role
identityRoleService.deleteById(identityRole);
addToItemLog(logItem, MessageFormat.format("Identity-role relation deleted (id: {0})", identityRole));
}
});
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class DefaultSysSystemMappingService method getMappingContext.
@Override
public MappingContext getMappingContext(SysSystemMappingDto mapping, SysSystemEntityDto systemEntity, AbstractDto dto, SysSystemDto system) {
Assert.notNull(mapping, "Mapping cannot be null!");
Assert.notNull(systemEntity, "System entity cannot be null!");
Assert.notNull(system, "System cannot be null!");
// Create new context.
MappingContext mappingContext = new MappingContext();
if (dto == null) {
return mappingContext;
}
if ((mapping.isAddContextIdentityRoles() || mapping.isAddContextIdentityRolesForSystem()) && dto instanceof IdmIdentityDto) {
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setIdentityId(dto.getId());
List<IdmIdentityRoleDto> identityRoles = identityRoleService.find(identityRoleFilter, PageRequest.of(0, Integer.MAX_VALUE, Sort.by(IdmIdentityRole_.created.getName()))).getContent();
if (mapping.isAddContextIdentityRoles()) {
// Set all identity-roles to the context.
mappingContext.setIdentityRoles(identityRoles);
}
if (mapping.isAddContextIdentityRolesForSystem()) {
Assert.notNull(system.getId(), "System identifier is required.");
List<IdmIdentityRoleDto> identityRolesForSystem = Lists.newArrayList();
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(dto.getId());
identityAccountFilter.setSystemId(system.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountFilter, null).getContent();
// Filtering only identity-roles for this system.
identityAccounts.forEach(identityAccount -> {
identityRolesForSystem.addAll(identityRoles.stream().filter(identityRole -> identityRole.getId().equals(identityAccount.getIdentityRole())).collect(Collectors.toList()));
});
// Set identity-roles for this system to the context.
mappingContext.setIdentityRolesForSystem(identityRolesForSystem);
}
}
if (mapping.isAddContextContracts() && dto instanceof IdmIdentityDto) {
// Set all identity contracts to the context.
mappingContext.setContracts(identityContractService.findAllByIdentity(dto.getId()));
}
if (mapping.isAddContextConnectorObject()) {
// Set connector object to the context.
mappingContext.setConnectorObject(systemEntityService.getConnectorObject(systemEntity));
}
String script = mapping.getMappingContextScript();
if (StringUtils.isEmpty(script)) {
return mappingContext;
} else {
Map<String, Object> variables = new HashMap<>();
variables.put(SysSystemAttributeMappingService.ACCOUNT_UID, systemEntity.getUid());
variables.put(SysSystemAttributeMappingService.SYSTEM_KEY, system);
variables.put(SysSystemAttributeMappingService.ENTITY_KEY, dto);
variables.put(SysSystemAttributeMappingService.CONTEXT_KEY, mappingContext);
// Add default script evaluator, for call another scripts
variables.put(AbstractScriptEvaluator.SCRIPT_EVALUATOR, pluginExecutors.getPluginFor(IdmScriptCategory.MAPPING_CONTEXT));
// Add access for script evaluator
List<Class<?>> extraClass = new ArrayList<>();
extraClass.add(AbstractScriptEvaluator.Builder.class);
extraClass.add(IcConnectorObject.class);
//
Object result = groovyScriptService.evaluate(script, variables, extraClass);
if (result instanceof MappingContext) {
return (MappingContext) result;
} else {
throw new ProvisioningException(AccResultCode.MAPPING_CONTEXT_SCRIPT_RETURNS_WRONG_TYPE, ImmutableMap.of("system", system.getCode()));
}
}
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class AccRoleDuplicateBulkActionIntegrationTest method testDontRemoveAccount.
@Test
public void testDontRemoveAccount() {
IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
String environment = getHelper().createName();
IdmRoleDto role = getHelper().createRole(null, null, environment);
IdmRoleDto roleSubOne = getHelper().createRole(null, null, environment);
IdmRoleDto roleSubTwo = getHelper().createRole(null, null, environment);
IdmRoleCompositionDto compositionSubOne = getHelper().createRoleComposition(role, roleSubOne);
//
// create system mapping on the target
String targetEnvironment = getHelper().createName();
IdmRoleDto roleTarget = getHelper().createRole(null, role.getBaseCode(), targetEnvironment);
IdmRoleDto roleSubOneTarget = getHelper().createRole(null, roleSubOne.getBaseCode(), targetEnvironment);
IdmRoleDto roleSubTwoTarget = getHelper().createRole(null, roleSubTwo.getBaseCode(), targetEnvironment);
SysSystemDto system = getHelper().createTestResourceSystem(true);
getHelper().createRoleSystem(roleSubOneTarget, system);
getHelper().createRoleSystem(roleSubTwoTarget, system);
getHelper().createIdentityRole(identity, roleTarget);
//
// check account not exist now - composition on target doesn't exist
AccAccountDto account = accountService.getAccount(identity.getUsername(), system.getId());
Assert.assertNull(account);
//
// bulk action updates composition only
IdmBulkActionDto bulkAction = findBulkAction(IdmRole.class, RoleDuplicateBulkAction.NAME);
bulkAction.setIdentifiers(Sets.newHashSet(role.getId()));
bulkAction.getProperties().put(RoleDuplicateBulkAction.PROPERTY_ENVIRONMENT, targetEnvironment);
bulkAction.getProperties().put(DuplicateRoleCompositionProcessor.PARAMETER_INCLUDE_ROLE_COMPOSITION, true);
IdmBulkActionDto processAction = bulkActionManager.processAction(bulkAction);
//
checkResultLrt(processAction, 1l, null, null);
//
account = accountService.getAccount(identity.getUsername(), system.getId());
Assert.assertNotNull(account);
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(roleSubOneTarget.getId())));
Assert.assertTrue(assignedRoles.stream().allMatch(ir -> !ir.getRole().equals(roleSubTwoTarget.getId())));
//
// change a source composition
roleCompositionService.delete(compositionSubOne);
getHelper().createRoleComposition(role, roleSubTwo);
//
processAction = bulkActionManager.processAction(bulkAction);
checkResultLrt(processAction, 1l, null, null);
//
List<IdmRoleCompositionDto> targetSubRoles = roleCompositionService.findAllSubRoles(roleTarget.getId());
Assert.assertEquals(1, targetSubRoles.size());
Assert.assertEquals(roleSubTwoTarget.getId(), targetSubRoles.get(0).getSub());
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(roleSubTwoTarget.getId())));
Assert.assertTrue(assignedRoles.stream().allMatch(ir -> !ir.getRole().equals(roleSubOneTarget.getId())));
//
// search identity accounts
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
Assert.assertEquals(1, identityAccounts.size());
//
AccAccountDto switchedAccount = accountService.getAccount(identity.getUsername(), system.getId());
Assert.assertNotNull(switchedAccount);
Assert.assertEquals(account.getId(), switchedAccount.getId());
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class ContractSliceSyncTest method setDirtyStateAndCheckIt.
@Test
public void setDirtyStateAndCheckIt() {
// create tree type and node, tree node is used as position in contrac slice synchronization
IdmTreeTypeDto treeType = this.getHelper().createTreeType();
IdmTreeNodeDto treeNode = this.getHelper().createTreeNode(treeType, null);
// create two roles, one role is used as automatic role by organization structure
// second role is used as manually added
IdmRoleDto roleOne = this.getHelper().createRole();
IdmRoleDto roleTwo = this.getHelper().createRole();
this.getHelper().createAutomaticRole(roleOne, treeNode);
// init system
SysSystemDto system = initData();
// set default tree type for synchronization
SysSyncContractConfigDto config = (SysSyncContractConfigDto) doCreateSyncConfig(system);
config.setDefaultTreeType(treeType.getId());
syncConfigService.save(config);
IdmIdentityDto identity = helper.createIdentity();
// for sure remove all contracts
contractService.findAllByIdentity(identity.getId()).forEach(contract -> {
contractService.delete(contract);
});
// check current delete audits record for identity (and their related entities)
IdmAuditFilter filter = new IdmAuditFilter();
filter.setOwnerId(identity.getId().toString());
filter.setModification("DELETE");
List<IdmAuditDto> audits = auditService.find(filter, null).getContent();
assertEquals(0, audits.size());
// check current slices
IdmContractSliceFilter contractSliceFilter = new IdmContractSliceFilter();
contractSliceFilter.setIdentity(identity.getId());
List<IdmContractSliceDto> slices = contractSliceService.find(contractSliceFilter, null).getContent();
assertEquals(0, slices.size());
// check current contracts
List<IdmIdentityContractDto> allByIdentity = contractService.findAllByIdentity(identity.getId());
assertEquals(0, allByIdentity.size());
// delete all data in resource
this.getBean().deleteAllResourceData();
// create step one data, please see inside method
this.getBean().createTestDataStepOne(identity.getUsername(), treeNode.getCode());
// start synchronization
helper.startSynchronization(config);
SysSyncLogDto log = checkSyncLog(config, SynchronizationActionType.CREATE_ENTITY, 1);
Assert.assertFalse(log.isRunning());
Assert.assertFalse(log.isContainsError());
// after first synchronization exists one contract
allByIdentity = contractService.findAllByIdentity(identity.getId());
assertEquals(1, allByIdentity.size());
// after first synchronization exists one slice
slices = contractSliceService.find(contractSliceFilter, null).getContent();
assertEquals(1, slices.size());
// after first synchronization exists one identity role - automatic role
List<IdmIdentityRoleDto> identityRoles = identityRoleService.findAllByIdentity(identity.getId());
assertEquals(1, identityRoles.size());
IdmIdentityRoleDto identityRoleDto = identityRoles.get(0);
// manually create identity account for check if identity account will be changed or deleted after second synchronization
// this state create two audit records for the identity account
AccIdentityAccountDto identityAccount = helper.createIdentityAccount(system, identity);
identityAccount.setIdentityRole(identityRoleDto.getId());
identityAccount = identityAccountService.save(identityAccount);
// add manually role
IdmIdentityContractDto identityContractDto = allByIdentity.get(0);
this.getHelper().createIdentityRole(identityContractDto, roleTwo);
// check current identity roles - one is automatic, second is manually added
identityRoles = identityRoleService.findAllByIdentity(identity.getId());
assertEquals(2, identityRoles.size());
// prepare data for second step
this.getBean().createTestDataStepTwo(identity.getUsername(), treeNode.getCode());
helper.startSynchronization(config);
Assert.assertFalse(log.isRunning());
Assert.assertFalse(log.isContainsError());
// after second synchronization still exists one contract
allByIdentity = contractService.findAllByIdentity(identity.getId());
assertEquals(1, allByIdentity.size());
// after second synchronization exists two slices
slices = contractSliceService.find(contractSliceFilter, null).getContent();
assertEquals(2, slices.size());
// after second synchronization must also exists both roles
identityRoles = identityRoleService.findAllByIdentity(identity.getId());
assertEquals(2, identityRoles.size());
// check delete operation for identity and their related entities
filter = new IdmAuditFilter();
filter.setOwnerId(identity.getId().toString());
filter.setModification("DELETE");
audits = auditService.find(filter, null).getContent();
assertEquals(0, audits.size());
// check audit for identity roles
for (IdmIdentityRoleDto identityRole : identityRoles) {
filter = new IdmAuditFilter();
filter.setEntityId(identityRole.getId());
List<IdmAuditDto> auditsForIdentityRole = auditService.find(filter, null).getContent();
if (identityRole.getAutomaticRole() == null) {
// manually added role, just create
assertEquals(1, auditsForIdentityRole.size());
} else {
// automatic role change validity
assertEquals(2, auditsForIdentityRole.size());
}
}
// Check audit records for identity account, exists three record, because helper
// create one and second create save with change identity role and third is
// delete of this identity-account (role does not mapping the system)
filter = new IdmAuditFilter();
filter.setEntityId(identityAccount.getId());
List<IdmAuditDto> auditsForIdentityAccount = auditService.find(filter, null).getContent();
assertEquals(3, auditsForIdentityAccount.size());
// some tests expect data as contract slice with id 1. Just for sure we clear test slices
slices = contractSliceService.find(contractSliceFilter, null).getContent();
slices.forEach(slice -> {
contractSliceService.delete(slice);
});
identityService.delete(identity);
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class IdentitySyncTest method testDefaultRoleToAllContracts.
@Test
public void testDefaultRoleToAllContracts() {
IdmIdentityDto identityDto = helper.createIdentity((GuardedString) null);
SysSystemDto system = initData(identityDto.getUsername());
Assert.assertNotNull(system);
IdmRoleDto defaultRole = helper.createRole();
//
SysSyncIdentityConfigDto config = doCreateSyncConfig(system);
// Set default role to sync configuration
config.setDefaultRole(defaultRole.getId());
config.setInactiveOwnerBehavior(SynchronizationInactiveOwnerBehaviorType.LINK);
config.setCreateDefaultContract(false);
config.setAssignDefaultRoleToAll(true);
config = (SysSyncIdentityConfigDto) syncConfigService.save(config);
//
// create default mapping for provisioning
helper.createMapping(system);
helper.createRoleSystem(defaultRole, system);
IdmIdentityContractDto validContract = helper.getPrimeContract(identityDto);
IdmIdentityContractDto validFutureContract = helper.createContract(identityDto, null, LocalDate.now().plusDays(10), null);
helper.createContract(identityDto, null, null, LocalDate.now().minusDays(1));
List<IdmIdentityContractDto> contracts = contractService.findAllByIdentity(identityDto.getId());
Assert.assertEquals(3, contracts.size());
helper.startSynchronization(config);
// Have to be in the success state, because default role will be assigned to the valid contracts.
SysSyncLogDto log = checkSyncLog(config, SynchronizationActionType.LINK, 1, OperationResultType.SUCCESS);
Assert.assertFalse(log.isRunning());
Assert.assertFalse(log.isContainsError());
IdmIdentityDto identity = identityService.get(identityDto);
List<IdmIdentityRoleDto> roles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(2, roles.size());
long identityRolesWithDefaultRole = roles.stream().filter(role -> role.getRole().equals(defaultRole.getId())).count();
Assert.assertEquals(2, identityRolesWithDefaultRole);
// Valid contract must have default role
long identityRolesWithValidContract = roles.stream().filter(role -> role.getIdentityContract().equals(validContract.getId())).count();
Assert.assertEquals(1, identityRolesWithValidContract);
// Future contract must have default role
long identityRolesWithFutureContract = roles.stream().filter(role -> role.getIdentityContract().equals(validFutureContract.getId())).count();
Assert.assertEquals(1, identityRolesWithFutureContract);
// Check only one identity account is created.
// Only one identity-account relation can exists, because only one
// current valid identity-role exists now (the second is future valid).
AccIdentityAccountFilter accountFilter = new AccIdentityAccountFilter();
accountFilter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(accountFilter, null).getContent();
// !!!!To delete - Test doesn't pass on the Jenkins, we need to more information
if (identityAccounts.size() > 1) {
identityAccounts.forEach(identityAccountDtoOne -> {
System.out.println("Id - identityAccount: " + identityAccountDtoOne.getId());
System.out.println("Account: " + identityAccountDtoOne.getAccount());
System.out.println("RoleSystem: " + identityAccountDtoOne.getRoleSystem());
System.out.println("Identity: " + identityAccountDtoOne.getIdentity());
System.out.println("IdentityRole: " + identityAccountDtoOne.getIdentityRole());
System.out.println("----");
});
}
// !!!
Assert.assertEquals(1, identityAccounts.size());
// Delete log
syncLogService.delete(log);
syncConfigService.delete(config);
}
Aggregations