use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter in project CzechIdMng by bcvsolutions.
the class DefaultRoleSynchronizationExecutorTest method testSyncRolesCatalogueByDn.
@Test
public /**
* Test create role catalog by DN:
* "CN=WizardGroup01,OU=one,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
* "CN=WizardGroup02,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
* "CN=WizardGroup03,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
* "CN=WizardGroup04,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
* "CN=WizardGroup05,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
*/
void testSyncRolesCatalogueByDn() {
AbstractSysSyncConfigDto syncConfigCustom = createSyncConfig();
SysSystemDto userSystem = helper.createTestResourceSystem(true);
List<SysSystemMappingDto> userSystemMappings = systemMappingService.findBySystem(userSystem, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY);
Assert.assertNotNull(userSystemMappings);
Assert.assertEquals(1, userSystemMappings.size());
SysSystemMappingDto userMappingDto = userSystemMappings.get(0);
// Switch to the sync.
userMappingDto.setOperationType(SystemOperationType.SYNCHRONIZATION);
userMappingDto = systemMappingService.save(userMappingDto);
List<SysSystemAttributeMappingDto> attributeMappingDtos = schemaAttributeMappingService.findBySystemMapping(userMappingDto);
SysSystemAttributeMappingDto userEmailAttribute = attributeMappingDtos.stream().filter(attribute -> attribute.getName().equalsIgnoreCase(TestHelper.ATTRIBUTE_MAPPING_EMAIL)).findFirst().orElse(null);
Assert.assertNotNull(userEmailAttribute);
Assert.assertFalse(syncConfigService.isRunning(syncConfigCustom));
Assert.assertTrue(syncConfigCustom instanceof SysSyncRoleConfigDto);
SysSyncRoleConfigDto roleConfigDto = (SysSyncRoleConfigDto) syncConfigCustom;
SysSystemMappingDto systemMappingDto = DtoUtils.getEmbedded(syncConfigCustom, SysSyncConfig_.systemMapping, SysSystemMappingDto.class);
SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(systemMappingDto, SysSystemMapping_.objectClass, SysSchemaObjectClassDto.class);
UUID roleSystemId = schemaObjectClassDto.getSystem();
Assert.assertNotNull(roleSystemId);
SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
schemaAttributeFilter.setSystemId(roleSystemId);
schemaAttributeFilter.setObjectClassId(schemaObjectClassDto.getId());
SysSchemaAttributeDto schemaAttributeDto = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase("name")).findFirst().orElse(null);
Assert.assertNotNull(schemaAttributeDto);
SysSystemDto roleSystemDto = new SysSystemDto();
roleSystemDto.setId(roleSystemId);
List<SysSystemMappingDto> roleSystemMappings = systemMappingService.findBySystem(roleSystemDto, SystemOperationType.SYNCHRONIZATION, SystemEntityType.ROLE);
Assert.assertNotNull(roleSystemMappings);
Assert.assertEquals(1, roleSystemMappings.size());
SysSystemMappingDto roleMappingDto = roleSystemMappings.get(0);
// Use ACC script "resolveRoleCatalogueByDn".
IdmScriptFilter scriptFilter = new IdmScriptFilter();
scriptFilter.setCode(MsAdSyncMappingRoleAutoAttributesProcessor.RESOLVE_ROLE_CATALOG_BY_DN_SCRIPT);
scriptFilter.setCategory(IdmScriptCategory.TRANSFORM_FROM);
String catalogTransformationScript = null;
IdmScriptDto scriptDto = scriptService.find(scriptFilter, null).getContent().stream().findFirst().orElse(null);
if (scriptDto != null) {
catalogTransformationScript = this.getPluginExecutors().getPluginFor(IdmScriptCategory.TRANSFORM_FROM).generateTemplate(scriptDto);
}
Assert.assertNotNull(catalogTransformationScript);
// Create mapping attribute for get catalog.
SysSystemAttributeMappingDto roleIdAttribute = new SysSystemAttributeMappingDto();
roleIdAttribute.setEntityAttribute(true);
roleIdAttribute.setUid(false);
roleIdAttribute.setSystemMapping(roleMappingDto.getId());
roleIdAttribute.setExtendedAttribute(false);
roleIdAttribute.setIdmPropertyName(RoleSynchronizationExecutor.ROLE_CATALOGUE_FIELD);
roleIdAttribute.setSchemaAttribute(schemaAttributeDto.getId());
roleIdAttribute.setTransformFromResourceScript(catalogTransformationScript);
roleIdAttribute.setName(helper.createName());
roleIdAttribute = attributeMappingService.save(roleIdAttribute);
IdmRoleCatalogueDto mainRoleCatalogue = getHelper().createRoleCatalogue();
// Enable assign of role catalogue.
roleConfigDto.setAssignCatalogueSwitch(true);
roleConfigDto.setRemoveCatalogueRoleSwitch(false);
roleConfigDto.setMainCatalogueRoleNode(mainRoleCatalogue.getId());
syncConfigCustom = syncConfigService.save(roleConfigDto);
// Init data - roles with DN.
getBean().initDataRolesWithDn();
// Start sync
helper.startSynchronization(syncConfigCustom);
//
SysSyncLogFilter logFilter = new SysSyncLogFilter();
logFilter.setSynchronizationConfigId(syncConfigCustom.getId());
List<SysSyncLogDto> logs = syncLogService.find(logFilter, null).getContent();
Assert.assertEquals(1, logs.size());
SysSyncLogDto log = logs.get(0);
Assert.assertFalse(log.isRunning());
Assert.assertFalse(log.isContainsError());
helper.checkSyncLog(syncConfigCustom, SynchronizationActionType.CREATE_ENTITY, 5, OperationResultType.SUCCESS);
// "CN=WizardGroup01,OU=one,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// "CN=WizardGroup02,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// "CN=WizardGroup03,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// "CN=WizardGroup04,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// "CN=WizardGroup05,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// Check catalog structure:
IdmRoleCatalogueDto wizardGroups = roleCatalogueService.getByCode("WizardGroups/" + mainRoleCatalogue.getCode());
Assert.assertNotNull(wizardGroups);
IdmRoleCatalogueDto one = roleCatalogueService.getByCode("one/WizardGroups/" + mainRoleCatalogue.getCode());
Assert.assertNotNull(one);
Assert.assertEquals(wizardGroups.getId(), one.getParent());
IdmRoleCatalogueDto two = roleCatalogueService.getByCode("two/one/WizardGroups/" + mainRoleCatalogue.getCode());
Assert.assertNotNull(two);
Assert.assertEquals(one.getId(), two.getParent());
IdmRoleCatalogueDto one2 = roleCatalogueService.getByCode("one/two/one/WizardGroups/" + mainRoleCatalogue.getCode());
Assert.assertNotNull(one2);
Assert.assertEquals(two.getId(), one2.getParent());
IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueRoleFilter.setRoleCatalogueId(wizardGroups.getId());
List<IdmRoleCatalogueRoleDto> roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
Assert.assertEquals(2, roleCatalogRoles.size());
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup04,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup05,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
roleCatalogueRoleFilter.setRoleCatalogueId(one.getId());
roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
Assert.assertEquals(1, roleCatalogRoles.size());
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup03,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
roleCatalogueRoleFilter.setRoleCatalogueId(two.getId());
roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
Assert.assertEquals(1, roleCatalogRoles.size());
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup02,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
roleCatalogueRoleFilter.setRoleCatalogueId(one2.getId());
roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
Assert.assertEquals(1, roleCatalogRoles.size());
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup01,OU=one,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
roleAccountFilter.setSystemId(roleSystemId);
List<AccRoleAccountDto> roleAccountDtos = roleAccountService.find(roleAccountFilter, null).getContent();
Assert.assertEquals(5, roleAccountDtos.size());
roleAccountDtos.forEach(roleAccountDto -> {
UUID roleId = roleAccountDto.getRole();
IdmRoleCatalogueRoleFilter roleCatalogueFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueFilter.setRoleId(roleId);
List<IdmRoleCatalogueRoleDto> roleCatalogueRoleDtos = roleCatalogueRoleService.find(roleCatalogueFilter, null).getContent();
Assert.assertEquals(1, roleCatalogueRoleDtos.size());
});
cleanAfterTest(syncConfigCustom, roleSystemId, log, roleAccountDtos);
}
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter in project CzechIdMng by bcvsolutions.
the class RoleExportBulkAction method exportRoleCatalogs.
/**
* Export role-catalogs for given role.
*
* @param role
*/
private void exportRoleCatalogs(IdmRoleDto role) {
IdmRoleCatalogueRoleFilter filter = new IdmRoleCatalogueRoleFilter();
filter.setRoleId(role.getId());
List<IdmRoleCatalogueRoleDto> dtos = roleCatalogueRoleService.find(filter, null).getContent();
if (dtos.isEmpty()) {
roleCatalogueRoleService.export(ExportManager.BLANK_UUID, this.getBatch());
}
dtos.forEach(dto -> {
roleCatalogueRoleService.export(dto.getId(), this.getBatch());
});
// Set parent field -> set authoritative mode.
this.getExportManager().setAuthoritativeMode(IdmRoleCatalogueRole_.role.getName(), "roleId", IdmRoleCatalogueRoleDto.class, this.getBatch());
List<ExportDescriptorDto> exportOrder = getBatch().getExportOrder();
// Order can be wrong now! Catalog descriptor must be first (then role-catalogue-role)!
ExportDescriptorDto roleCatalogDescriptor = this.getExportManager().getDescriptor(getBatch(), IdmRoleCatalogueRoleDto.class);
ExportDescriptorDto catalogDescriptor = this.getExportManager().getDescriptor(getBatch(), IdmRoleCatalogueDto.class);
if (roleCatalogDescriptor != null && catalogDescriptor != null) {
int roleCatalogueIndex = exportOrder.indexOf(roleCatalogDescriptor);
int catalogueIndex = exportOrder.indexOf(catalogDescriptor);
if (roleCatalogueIndex < catalogueIndex) {
exportOrder.set(catalogueIndex, roleCatalogDescriptor);
exportOrder.set(roleCatalogueIndex, catalogDescriptor);
}
}
}
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method checkCatalogChange.
/**
* Check if role catalog is different then value form transformation.
*/
private void checkCatalogChange(IdmRoleDto dto, SynchronizationContext context, String attributeProperty, Object transformedValue) {
if (!context.isEntityDifferent() && dto.getId() != null && getConfig(context).isAssignCatalogueSwitch()) {
// Check if catalog should be modified (differential sync).
// If exist at least one role-catalogue in transformation without ID, then a change (create) will be made.
List<IdmRoleCatalogueDto> roleCataloguesFromTransformation = getRoleCatalogueFromValue(transformedValue);
boolean existCatalogueWithoutId = roleCataloguesFromTransformation.stream().anyMatch(roleCatalogue -> roleCatalogue.getId() == null);
if (existCatalogueWithoutId) {
setDifferentChange(context, attributeProperty);
return;
}
List<UUID> roleCatalogsFromTransformationUUIDs = roleCataloguesFromTransformation.stream().map(AbstractDto::getId).collect(Collectors.toList());
List<UUID> currentUseRoleCatalogueRoleIds = Lists.newArrayListWithExpectedSize(10);
for (UUID roleCatalogueId : roleCatalogsFromTransformationUUIDs) {
Assert.notNull(roleCatalogueId, "Role catalogue ID cannot be null here!");
IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueRoleFilter.setRoleCatalogueId(roleCatalogueId);
roleCatalogueRoleFilter.setRoleId(dto.getId());
IdmRoleCatalogueRoleDto roleCatalogueRoleDto = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent().stream().findFirst().orElse(null);
if (roleCatalogueRoleDto == null) {
// The role is not assigned to the catalog yet. Change will be made.
setDifferentChange(context, attributeProperty);
return;
}
currentUseRoleCatalogueRoleIds.add(roleCatalogueRoleDto.getId());
}
// If exist at least one redundant role-catalogue (and remove of redundant relations are allowed), then a change (delete) will be made.
if (getConfig(context).isRemoveCatalogueRoleSwitch()) {
List<IdmRoleCatalogueRoleDto> redundantRoleCatalogs = findRedundantRoleCatalogs(dto, currentUseRoleCatalogueRoleIds, getConfig(context));
if (redundantRoleCatalogs.size() > 0) {
setDifferentChange(context, attributeProperty);
}
}
}
}
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method findRedundantRoleCatalogs.
private List<IdmRoleCatalogueRoleDto> findRedundantRoleCatalogs(IdmRoleDto roleDto, List<UUID> currentRoleCatalogueRoles, SysSyncRoleConfigDto config) {
UUID removeCatalogueRoleParentNode = config.getRemoveCatalogueRoleParentNode();
Assert.notNull(removeCatalogueRoleParentNode, "A parent catalogue for remove redundant roles cannot be null!");
IdmRoleCatalogueDto removeCatalogueRoleParentNodeDto = roleCatalogueService.get(removeCatalogueRoleParentNode);
Assert.notNull(removeCatalogueRoleParentNodeDto, "A parent catalogue for remove redundant roles cannot be null!");
IdmRoleCatalogueRoleFilter catalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
catalogueRoleFilter.setRoleId(roleDto.getId());
List<IdmRoleCatalogueRoleDto> cataloguesWithRole = roleCatalogueRoleService.find(catalogueRoleFilter, null).getContent().stream().filter(catalogueRole -> {
// Check if catalog is under main remove catalog.
if (catalogueRole.getRoleCatalogue().equals(removeCatalogueRoleParentNodeDto.getId())) {
// If is role connected directly to parent remove catalog, then should checked too.
return true;
}
IdmRoleCatalogueFilter catalogueFilter = new IdmRoleCatalogueFilter();
catalogueFilter.setParent(removeCatalogueRoleParentNodeDto.getId());
catalogueFilter.setId(catalogueRole.getRoleCatalogue());
catalogueFilter.setRecursively(true);
return roleCatalogueService.count(catalogueFilter) > 0;
}).collect(Collectors.toList());
return cataloguesWithRole.stream().filter(catalogueWithRole -> !currentRoleCatalogueRoles.contains(catalogueWithRole.getId())).collect(Collectors.toList());
}
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method resolveRoleCatalogue.
/**
* Resolve 'Role catalogues'.
*/
private void resolveRoleCatalogue(boolean isNew, SynchronizationContext context, IdmRoleDto roleDto, SysSyncItemLogDto logItem, IcConnectorObject connectorObject) {
SysSystemAttributeMappingDto roleCatalogueAttributeDto = context.getMappedAttributes().stream().filter(attribute -> !attribute.isDisabledAttribute() && attribute.isEntityAttribute() && ROLE_CATALOGUE_FIELD.equals(attribute.getIdmPropertyName())).findFirst().orElse(null);
Assert.notNull(roleCatalogueAttributeDto, "Attribute for resolve role catalogues cannot be null!");
if (isNew && AttributeMappingStrategyType.CREATE == roleCatalogueAttributeDto.getStrategyType()) {
addToItemLog(logItem, "The attribute for 'role catalogues' has strategy set to 'Set only for new entity'. Role isn't new, so resolving will be skipped for this role.");
return;
}
addToItemLog(logItem, MessageFormat.format("Resolving of 'role catalogues' is activated for this role [{0}].", roleDto.getCode()));
// Get role-catalogue values from attribute transformation.
Object roleCataloguesObj = this.getValueByMappedAttribute(roleCatalogueAttributeDto, connectorObject.getAttributes(), context);
List<IdmRoleCatalogueDto> roleCatalogueRoleDtos = getRoleCatalogueFromValue(roleCataloguesObj);
List<UUID> currentRoleCatalogueRoles = Lists.newArrayList();
roleCatalogueRoleDtos.forEach(roleCatalogueDto -> {
List<IdmRoleCatalogueDto> parents = extractCatalogStructure(roleCatalogueDto);
AtomicReference<IdmRoleCatalogueDto> parent = new AtomicReference<>();
Lists.reverse(parents).forEach(catalogueDto -> {
if (roleCatalogueService.isNew(catalogueDto)) {
IdmRoleCatalogueDto newCatalogDto = new IdmRoleCatalogueDto();
newCatalogDto.setCode(catalogueDto.getCode());
newCatalogDto.setName(catalogueDto.getName());
newCatalogDto.setExternalId(catalogueDto.getExternalId());
newCatalogDto.setParent(catalogueDto.getParent());
if (newCatalogDto.getParent() == null && parent.get() != null) {
newCatalogDto.setParent(parent.get().getId());
}
if (newCatalogDto.getName() == null) {
throw new ResultCodeException(AccResultCode.SYNC_OF_ROLES_CATALOGUE_NAME_IS_NULL);
}
// Make sure that the catalog with the same code and parent does not really exist.
IdmRoleCatalogueFilter catalogueFilter = new IdmRoleCatalogueFilter();
catalogueFilter.setCode(newCatalogDto.getCode());
catalogueFilter.setParent(newCatalogDto.getParent());
IdmRoleCatalogueDto byCode = roleCatalogueService.find(catalogueFilter, null).getContent().stream().findFirst().orElse(null);
if (byCode != null) {
parent.set(roleCatalogueService.save(byCode));
addToItemLog(logItem, MessageFormat.format("Role catalog item with code [{0}] was reused (catalog with same code and parent already exist).", parent.get().getCode()));
} else {
parent.set(roleCatalogueService.save(newCatalogDto));
addToItemLog(logItem, MessageFormat.format("Role catalog item with code [{0}] was created.", parent.get().getCode()));
}
} else {
parent.set(catalogueDto);
}
});
// Last parent should be leaf catalog.
IdmRoleCatalogueDto leafCatalogueDto = parent.get();
IdmRoleCatalogueRoleDto roleCatalogueRoleDto = null;
if (leafCatalogueDto.getId() != null) {
IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueRoleFilter.setRoleCatalogueId(leafCatalogueDto.getId());
roleCatalogueRoleFilter.setRoleId(roleDto.getId());
roleCatalogueRoleDto = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent().stream().findFirst().orElse(null);
}
if (roleCatalogueRoleDto == null) {
// Create new role-catalogue-role.
roleCatalogueRoleDto = new IdmRoleCatalogueRoleDto();
roleCatalogueRoleDto.setRole(roleDto.getId());
roleCatalogueRoleDto.setRoleCatalogue(leafCatalogueDto.getId());
roleCatalogueRoleDto = roleCatalogueRoleService.save(roleCatalogueRoleDto);
addToItemLog(logItem, MessageFormat.format("This role was included to the catalog with code [{0}].", leafCatalogueDto.getCode()));
}
currentRoleCatalogueRoles.add(roleCatalogueRoleDto.getId());
});
SysSyncRoleConfigDto config = getConfig(context);
if (config.isRemoveCatalogueRoleSwitch()) {
resolveRedundantCatalogueRole(roleDto, logItem, currentRoleCatalogueRoles, config);
}
}
Aggregations