use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method checkMembershipChange.
/**
* Check if role membership value is different.
*/
private void checkMembershipChange(IdmRoleDto dto, SynchronizationContext context, String attributeProperty, Object transformedValue) {
if (!context.isEntityDifferent() && dto.getId() != null && getConfig(context).isMembershipSwitch()) {
// Check if forward ACM value should be modified (differential sync).
SysSystemAttributeMappingDto memberOfAttributeDto = lookupService.lookupEmbeddedDto(getConfig(context), SysSyncRoleConfig_.memberOfAttribute);
Assert.notNull(memberOfAttributeDto, "Member attribute cannot be null!");
SysSchemaAttributeDto schemaAttributeDto = lookupService.lookupEmbeddedDto(memberOfAttributeDto, SysSystemAttributeMapping_.schemaAttribute);
SysSchemaObjectClassDto schemaObjectClassDto = lookupService.lookupEmbeddedDto(schemaAttributeDto, SysSchemaAttribute_.objectClass);
Assert.notNull(schemaObjectClassDto, "Schema cannot be null!");
String roleIdentifier = null;
if (transformedValue != null) {
Assert.isInstanceOf(String.class, transformedValue, "Role identifier must be String!");
roleIdentifier = (String) transformedValue;
} else {
// Identifier form transformation is null -> We will delete role-system relations.
setDifferentChange(context, attributeProperty);
return;
}
SysRoleSystemDto roleSystemDto = findRoleSystemDto(dto, memberOfAttributeDto, schemaObjectClassDto);
if (roleSystemDto != null) {
SysRoleSystemAttributeDto roleMemberOfAttributeDto = findMemberAttribute(memberOfAttributeDto, schemaObjectClassDto, roleSystemDto);
if (roleMemberOfAttributeDto == null) {
// Role attribute by mapping system attribute will be created.
setDifferentChange(context, attributeProperty);
return;
}
String membershipTransformationScript = getMembershipTransformationScript(roleIdentifier);
if (!roleMemberOfAttributeDto.getTransformScript().equals(membershipTransformationScript)) {
// Transformation script is different and will be updated.
setDifferentChange(context, attributeProperty);
}
} else {
// Role system will be created.
setDifferentChange(context, attributeProperty);
}
}
}
use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.
the class RoleWorkflowAdSyncTest method n9_testSyncWithWfSituationMissingEntityAddResource.
@Test
public void n9_testSyncWithWfSituationMissingEntityAddResource() {
String USER_SYSTEM_NAME = "TestName001";
String overridedAttributeName = "EAV_ATTRIBUTE";
configurationService.setValue("idm.pub.acc.syncRole.provisioningOfIdentities.system.code", USER_SYSTEM_NAME);
configurationService.setValue("idm.pub.acc.syncRole.system.mapping.attributeMemberOf", helper.getSchemaColumnName(overridedAttributeName));
SysSystemDto userSystem = initData(USER_SYSTEM_NAME, true);
SysSystemDto system = initData();
IdmRoleFilter roleFilter = new IdmRoleFilter();
roleFilter.setText(ROLE_NAME);
List<IdmRoleDto> roles = roleService.find(roleFilter, null).getContent();
Assert.assertEquals(0, roles.size());
Assert.assertNotNull(system);
SysSyncRoleConfigDto config = doCreateSyncConfig(system);
config.setLinkedActionWfKey(wfExampleKey);
config.setMissingAccountActionWfKey(wfExampleKey);
config.setMissingEntityActionWfKey(wfExampleKey);
config.setUnlinkedActionWfKey(wfExampleKey);
config = (SysSyncRoleConfigDto) syncConfigService.save(config);
// Start sync
helper.startSynchronization(config);
SysSyncLogDto log = checkSyncLog(config, SynchronizationActionType.MISSING_ENTITY, 1, OperationResultType.WF);
Assert.assertFalse(log.isRunning());
Assert.assertFalse(log.isContainsError());
roles = roleService.find(roleFilter, null).getContent();
Assert.assertEquals(1, roles.size());
IdmRoleDto role = roles.get(0);
List<IdmFormValueDto> dnValues = formService.getValues(role, ATTRIBUTE_DN);
Assert.assertEquals(1, dnValues.size());
Assert.assertEquals(ATTRIBUTE_DN_VALUE, dnValues.get(0).getValue());
// resource existing
SysRoleSystemAttributeDto systemAttribute = getSystemAttribute(userSystem.getId(), overridedAttributeName, role.getId());
Assert.assertNotNull(systemAttribute);
String transformationScript = "\"" + ATTRIBUTE_DN_VALUE + "\"";
Assert.assertEquals(systemAttribute.getTransformToResourceScript(), transformationScript);
// Delete log
syncLogService.delete(log);
configurationService.deleteValue("idm.pub.acc.syncRole.provisioningOfIdentities.system.code");
configurationService.deleteValue("idm.pub.acc.syncRole.system.mapping.attributeMemberOf");
}
use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.
the class DefaultRoleSynchronizationExecutorTest method testSyncRolesSkipValueIfExcluded.
@Test
public void testSyncRolesSkipValueIfExcluded() {
AbstractSysSyncConfigDto syncConfigCustom = createSyncConfig();
SysSystemDto userSystem = helper.createTestResourceSystem(true);
List<SysSystemMappingDto> userSystemMappings = systemMappingService.findBySystem(userSystem, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY);
Assert.assertNotNull(userSystemMappings);
Assert.assertEquals(1, userSystemMappings.size());
SysSystemMappingDto userMappingDto = userSystemMappings.get(0);
// Switch to the sync.
userMappingDto.setOperationType(SystemOperationType.SYNCHRONIZATION);
userMappingDto = systemMappingService.save(userMappingDto);
List<SysSystemAttributeMappingDto> attributeMappingDtos = schemaAttributeMappingService.findBySystemMapping(userMappingDto);
SysSystemAttributeMappingDto userEmailAttribute = attributeMappingDtos.stream().filter(attribute -> attribute.getName().equalsIgnoreCase(TestHelper.ATTRIBUTE_MAPPING_EMAIL)).findFirst().orElse(null);
Assert.assertNotNull(userEmailAttribute);
Assert.assertFalse(syncConfigService.isRunning(syncConfigCustom));
Assert.assertTrue(syncConfigCustom instanceof SysSyncRoleConfigDto);
SysSyncRoleConfigDto roleConfigDto = (SysSyncRoleConfigDto) syncConfigCustom;
SysSystemMappingDto systemMappingDto = DtoUtils.getEmbedded(syncConfigCustom, SysSyncConfig_.systemMapping, SysSystemMappingDto.class);
SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(systemMappingDto, SysSystemMapping_.objectClass, SysSchemaObjectClassDto.class);
UUID systemId = schemaObjectClassDto.getSystem();
Assert.assertNotNull(systemId);
SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
schemaAttributeFilter.setSystemId(systemId);
schemaAttributeFilter.setObjectClassId(schemaObjectClassDto.getId());
SysSchemaAttributeDto schemaAttributeDto = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase("name")).findFirst().orElse(null);
Assert.assertNotNull(schemaAttributeDto);
SysSystemDto roleSystemDto = new SysSystemDto();
roleSystemDto.setId(systemId);
List<SysSystemMappingDto> roleSystemMappings = systemMappingService.findBySystem(roleSystemDto, SystemOperationType.SYNCHRONIZATION, SystemEntityType.ROLE);
Assert.assertNotNull(roleSystemMappings);
Assert.assertEquals(1, roleSystemMappings.size());
SysSystemMappingDto roleMappingDto = roleSystemMappings.get(0);
// Create mapping attribute for get ID of role.
SysSystemAttributeMappingDto roleIdAttribute = new SysSystemAttributeMappingDto();
roleIdAttribute.setEntityAttribute(true);
roleIdAttribute.setUid(false);
roleIdAttribute.setSystemMapping(roleMappingDto.getId());
roleIdAttribute.setExtendedAttribute(false);
roleIdAttribute.setIdmPropertyName(RoleSynchronizationExecutor.ROLE_MEMBERSHIP_ID_FIELD);
roleIdAttribute.setSchemaAttribute(schemaAttributeDto.getId());
roleIdAttribute.setName(helper.createName());
attributeMappingService.save(roleIdAttribute);
// Create mapping attribute for get ID of role.
SysSystemAttributeMappingDto frorwardAcmAttribute = new SysSystemAttributeMappingDto();
frorwardAcmAttribute.setEntityAttribute(true);
frorwardAcmAttribute.setUid(false);
frorwardAcmAttribute.setSystemMapping(roleMappingDto.getId());
frorwardAcmAttribute.setExtendedAttribute(false);
frorwardAcmAttribute.setIdmPropertyName(RoleSynchronizationExecutor.ROLE_SKIP_VALUE_IF_EXCLUDED_FIELD);
frorwardAcmAttribute.setSchemaAttribute(schemaAttributeDto.getId());
frorwardAcmAttribute.setName(helper.createName());
frorwardAcmAttribute.setTransformFromResourceScript("return true");
attributeMappingService.save(frorwardAcmAttribute);
// Enable membership and use the user system.
roleConfigDto.setMembershipSwitch(true);
roleConfigDto.setMemberSystemMapping(userMappingDto.getId());
roleConfigDto.setMemberOfAttribute(userEmailAttribute.getId());
roleConfigDto.setSkipValueIfExcludedSwitch(false);
roleConfigDto = (SysSyncRoleConfigDto) syncConfigService.save(roleConfigDto);
Assert.assertNotNull(roleConfigDto.getSkipValueIfExcludedMappingAttribute());
// Start sync of roles.
helper.startSynchronization(roleConfigDto);
SysSyncLogFilter logFilter = new SysSyncLogFilter();
logFilter.setSynchronizationConfigId(roleConfigDto.getId());
List<SysSyncLogDto> logs = syncLogService.find(logFilter, null).getContent();
Assert.assertEquals(1, logs.size());
SysSyncLogDto log = logs.get(0);
Assert.assertFalse(log.isRunning());
Assert.assertFalse(log.isContainsError());
helper.checkSyncLog(roleConfigDto, SynchronizationActionType.CREATE_ENTITY, 5, OperationResultType.SUCCESS);
AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
roleAccountFilter.setSystemId(systemId);
List<AccRoleAccountDto> roleAccountDtos = roleAccountService.find(roleAccountFilter, null).getContent();
Assert.assertEquals(5, roleAccountDtos.size());
roleAccountDtos.forEach(roleAccountDto -> {
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setRoleId(roleAccountDto.getRole());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
Assert.assertEquals(1, roleSystemDtos.size());
SysRoleSystemDto roleSystem = roleSystemDtos.get(0);
// Skip value if contract excluded feature is disabled now -> value should be "false".
SysRoleSystemAttributeFilter roleSystemAttributeFilter = new SysRoleSystemAttributeFilter();
roleSystemAttributeFilter.setRoleSystemId(roleSystem.getId());
List<SysRoleSystemAttributeDto> roleSystemAttributeDtos = roleSystemAttributeService.find(roleSystemAttributeFilter, null).getContent();
Assert.assertEquals(1, roleSystemAttributeDtos.size());
Assert.assertFalse(roleSystemAttributeDtos.get(0).isSkipValueIfExcluded());
});
// Activate 'Skip value if excluded' in sync.
roleConfigDto.setSkipValueIfExcludedSwitch(true);
roleConfigDto = (SysSyncRoleConfigDto) syncConfigService.save(roleConfigDto);
// Start sync of roles.
helper.startSynchronization(roleConfigDto);
helper.checkSyncLog(roleConfigDto, SynchronizationActionType.UPDATE_ENTITY, 5, OperationResultType.SUCCESS);
roleAccountFilter.setSystemId(systemId);
roleAccountDtos = roleAccountService.find(roleAccountFilter, null).getContent();
Assert.assertEquals(5, roleAccountDtos.size());
roleAccountDtos.forEach(roleAccountDto -> {
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setRoleId(roleAccountDto.getRole());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
Assert.assertEquals(1, roleSystemDtos.size());
SysRoleSystemDto roleSystem = roleSystemDtos.get(0);
// Skip value if contract excluded feature is enabled now -> value should be "true".
SysRoleSystemAttributeFilter roleSystemAttributeFilter = new SysRoleSystemAttributeFilter();
roleSystemAttributeFilter.setRoleSystemId(roleSystem.getId());
List<SysRoleSystemAttributeDto> roleSystemAttributeDtos = roleSystemAttributeService.find(roleSystemAttributeFilter, null).getContent();
Assert.assertEquals(1, roleSystemAttributeDtos.size());
Assert.assertTrue(roleSystemAttributeDtos.get(0).isSkipValueIfExcluded());
});
cleanAfterTest(syncConfigCustom, systemId, log, roleAccountDtos);
}
use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.
the class DefaultSysSystemServiceTest method testReferentialIntegrity.
@Test
public void testReferentialIntegrity() {
SysSystemDto system = new SysSystemDto();
String systemName = "t_s_" + System.currentTimeMillis();
system.setName(systemName);
system = systemService.save(system);
// object class
SysSchemaObjectClassDto objectClass = new SysSchemaObjectClassDto();
objectClass.setSystem(system.getId());
objectClass.setObjectClassName("obj_class");
objectClass = schemaObjectClassService.save(objectClass);
SysSchemaObjectClassFilter objectClassFilter = new SysSchemaObjectClassFilter();
objectClassFilter.setSystemId(system.getId());
// schema attribute
SysSchemaAttributeDto schemaAttribute = new SysSchemaAttributeDto();
schemaAttribute.setObjectClass(objectClass.getId());
schemaAttribute.setName("name");
schemaAttribute.setClassType("class");
schemaAttribute = schemaAttributeService.save(schemaAttribute);
SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
schemaAttributeFilter.setSystemId(system.getId());
// system entity handling
SysSystemMappingDto systemMapping = new SysSystemMappingDto();
systemMapping.setName("default_" + System.currentTimeMillis());
systemMapping.setObjectClass(objectClass.getId());
systemMapping.setOperationType(SystemOperationType.PROVISIONING);
systemMapping.setEntityType(SystemEntityType.IDENTITY);
systemMapping = systemMappingService.save(systemMapping);
SysSystemMappingFilter entityHandlingFilter = new SysSystemMappingFilter();
entityHandlingFilter.setSystemId(system.getId());
// schema attribute handling
SysSystemAttributeMappingDto schemaAttributeHandling = new SysSystemAttributeMappingDto();
schemaAttributeHandling.setSchemaAttribute(schemaAttribute.getId());
schemaAttributeHandling.setSystemMapping(systemMapping.getId());
schemaAttributeHandling.setName("name");
schemaAttributeHandling.setIdmPropertyName("name");
schemaAttributeHandling = systemAttributeMappingService.save(schemaAttributeHandling);
SysSystemAttributeMappingFilter schemaAttributeHandlingFilter = new SysSystemAttributeMappingFilter();
schemaAttributeHandlingFilter.setSystemId(system.getId());
// role system
IdmRoleDto role = helper.createRole();
SysRoleSystemDto roleSystem = new SysRoleSystemDto();
roleSystem.setSystem(system.getId());
roleSystem.setRole(role.getId());
roleSystem.setSystemMapping(systemMapping.getId());
roleSystem = roleSystemService.save(roleSystem);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setRoleId(role.getId());
// role system attributes
SysRoleSystemAttributeDto roleSystemAttribute = new SysRoleSystemAttributeDto();
roleSystemAttribute.setRoleSystem(roleSystem.getId());
roleSystemAttribute.setSystemAttributeMapping(schemaAttributeHandling.getId());
roleSystemAttribute.setName("name");
roleSystemAttribute.setIdmPropertyName("name");
roleSystemAttribute = roleSystemAttributeService.save(roleSystemAttribute);
assertEquals(systemName, systemService.getByCode(systemName).getName());
assertEquals(1, schemaObjectClassService.find(objectClassFilter, null).getTotalElements());
assertEquals(1, schemaAttributeService.find(schemaAttributeFilter, null).getTotalElements());
assertEquals(1, systemMappingService.find(entityHandlingFilter, null).getTotalElements());
assertEquals(1, systemAttributeMappingService.find(schemaAttributeHandlingFilter, null).getTotalElements());
assertEquals(1, roleSystemService.find(roleSystemFilter, null).getTotalElements());
assertNotNull(roleSystemAttributeService.get(roleSystemAttribute.getId()));
systemService.delete(system);
assertNull(systemService.getByCode(systemName));
assertEquals(0, schemaObjectClassService.find(objectClassFilter, null).getTotalElements());
assertEquals(0, schemaAttributeService.find(schemaAttributeFilter, null).getTotalElements());
assertEquals(0, systemMappingService.find(entityHandlingFilter, null).getTotalElements());
assertEquals(0, systemAttributeMappingService.find(schemaAttributeHandlingFilter, null).getTotalElements());
assertEquals(0, roleSystemService.find(roleSystemFilter, null).getTotalElements());
assertNull(roleSystemAttributeService.get(roleSystemAttribute.getId()));
}
use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.
the class DefaultLdapTestHelper method createMergeAttributeForRole.
@Override
public void createMergeAttributeForRole(SysSystemDto system, SysRoleSystemDto roleSystem, String value) {
SysSchemaAttributeDto memberOfAttributeForSystem = getSchemaAttributeMemberOfAttributeForSystem(system);
SysSystemAttributeMappingDto attributeMappingMemberOfAttributeForSystem = getAttributeMappingMemberOfAttributeForSystem(system, memberOfAttributeForSystem);
SysRoleSystemAttributeDto roleSystemAttributeDto = new SysRoleSystemAttributeDto();
roleSystemAttributeDto.setStrategyType(AttributeMappingStrategyType.MERGE);
roleSystemAttributeDto.setSystemAttributeMapping(attributeMappingMemberOfAttributeForSystem.getId());
roleSystemAttributeDto.setRoleSystem(roleSystem.getId());
roleSystemAttributeDto.setSchemaAttribute(memberOfAttributeForSystem.getId());
roleSystemAttributeDto.setName(memberOfAttributeForSystem.getName());
roleSystemAttributeDto.setEntityAttribute(false);
roleSystemAttributeDto.setExtendedAttribute(false);
roleSystemAttributeDto.setTransformToResourceScript("return '" + value + "';" + System.lineSeparator());
roleSystemAttributeDto = roleSystemAttributeService.save(roleSystemAttributeDto);
}
Aggregations