Here for leaver workflow i added logic to handle delimited sources which should create me two separate access request for delimited and non delimited files but the issue is though its creating two access request but one of them shows both delimited and non delimited in same one and other is showing for non delimited.
Created two provisioning plan but issue is same.
public static String getLeaverRequestTypeRule(SailPointContext context, Workflow workflow){
String requestType = "Leaver";
return requestType;
}
public static ProvisioningPlan buildCustomLeaverPlan(SailPointContext context, Workflow workflow){
Logger logger = Logger.getLogger("AIZRules");
logger.debug("ENTRY : Inside buildCustomLeaverPlan");
String identityName=workflow.get("identityName");
logger.debug("identityName**"+identityName);
if (identityName==null || identityName == void) {
logger.error("Workflow does not contain identity");
return null;
}
Identity previousIdentity = context.getObjectByName(Identity.class,identityName);
logger.debug("previousIdentity*** " + previousIdentity);
if (previousIdentity==null || previousIdentity == void) {
logger.debug("Identity not found in repo");
return null;
}
String previousIdentityName = previousIdentity.getName();
logger.debug("previousIdentityName :" + previousIdentityName);
ProvisioningPlan plan = workflow.get("plan");
logger.debug("existing plan: " + plan);
if (plan == null){
plan = new ProvisioningPlan();
Identity requesterId = context.getObjectByName(Identity.class,"spadmin");
if (null!= requesterId){
plan.addRequester(requesterId);
}else{
logger.error("Could not find spadmin to set requester");
return null;
}
List accReqList = new ArrayList();
List previousIdentityAccounts = previousIdentity.getLinks();
Iterator accountsItr = previousIdentityAccounts.iterator();
List excludedApps = new ArrayList();
logger.debug("previousIdentityAccounts:" + previousIdentityAccounts);
//Read the custom object and store in above list
Custom obj = context.getObject( Custom.class, "SPCONF Leaver Mappings Custom" );
if (obj == null){
throw new Exception("Cannot find the custom class");
}
List excludedApps = obj.getList("ExcludedDisables");
logger.debug("excludedApps: " + excludedApps);
while(accountsItr.hasNext())
{
Link account=(Link)accountsItr.next();
if(!account.isDisabled()){
if (!excludedApps.contains(account.getApplicationName())){
String appType=account.getApplication().getType();
logger.debug("Print Seq buildCustomLeaverPlan type of app " + appType);
//Added by me
if(appType !=null && appType.equalsIgnoreCase("DelimitedFile")){
continue;
}
//till here
else{
logger.debug("Print Seq buildCustomLeaverPlan " + account.getApplicationName());
ProvisioningPlan.AccountRequest userAccount = new ProvisioningPlan.AccountRequest();
userAccount.setApplication(account.getApplicationName());
userAccount.setNativeIdentity(account.getNativeIdentity());
userAccount.setOperation(ProvisioningPlan.AccountRequest.Operation.Disable);
accReqList.add(userAccount);
}
}
}
}
logger.debug("accReqList: " + accReqList);
logger.debug("accReqList isEmpty : " + accReqList.isEmpty() );
if (accReqList.isEmpty()) return null;
plan.setAccountRequests(accReqList);
}
logger.debug("AFTER MODDING " + plan.toXml());
logger.debug("EXITING buildCutomLeaverPlan for: " + identityName);
//return null;
return plan;
}
//added by me
public static ProvisioningPlan buildDelimitedCustomLeaverPlan(SailPointContext context, Workflow workflow){
Logger logger = Logger.getLogger("AIZRules");
logger.debug("ENTRY : Inside buildCustomLeaverPlan");
String identityName=workflow.get("identityName");
logger.debug("identityName**"+identityName);
if (identityName==null || identityName == void) {
logger.debug("Workflow does not contain identity");
return null;
}
Identity previousIdentity = context.getObjectByName(Identity.class,identityName);
logger.debug("previousIdentity*** " + previousIdentity);
if (previousIdentity==null || previousIdentity == void) {
logger.debug("Identity not found in repo");
return null;
}
String previousIdentityName = previousIdentity.getName();
logger.debug("previousIdentityName :" + previousIdentityName);
ProvisioningPlan plan = workflow.get("plan");
logger.debug("existing plan: " + plan);
if (plan != null){
//plan = new ProvisioningPlan();
Identity requesterId = context.getObjectByName(Identity.class,"spadmin");
if (null!= requesterId){
plan.addRequester(requesterId);
}else{
logger.error("Could not find spadmin to set requester");
return null;
}
List accReqList = new ArrayList();
List previousIdentityAccounts = previousIdentity.getLinks();
Iterator accountsItr = previousIdentityAccounts.iterator();
List excludedApps = new ArrayList();
logger.debug("previousIdentityAccounts:" + previousIdentityAccounts);
//Read the custom object and store in above list
Custom obj = context.getObject( Custom.class, "SPCONF Leaver Mappings Custom" );
if (obj == null){
throw new Exception("Cannot find the custom class");
}
List excludedApps = obj.getList("ExcludedDisables");
logger.debug("excludedApps: " + excludedApps);
for( ProvisioningPlan.AccountRequest accReq : plan.getAccountRequests()) {
plan.remove(accReq);
}
while(accountsItr.hasNext())
{
Link account=(Link)accountsItr.next();
if(!account.isDisabled()){
if (!excludedApps.contains(account.getApplicationName())){
String appType=account.getApplication().getType();
logger.debug("Print Seq buildDelimitedCustomLeaverPlan type of app " + appType);
if(appType !=null && appType.equalsIgnoreCase("DelimitedFile")){
logger.debug("Print Seq buildDelimitedCustomLeaverPlan name of app " + account.getApplicationName());
ProvisioningPlan.AccountRequest userAccount = new ProvisioningPlan.AccountRequest();
userAccount.setApplication(account.getApplicationName());
userAccount.setNativeIdentity(account.getNativeIdentity());
userAccount.setOperation(ProvisioningPlan.AccountRequest.Operation.Disable);
plan.add(userAccount);
}
}
}
}
logger.debug("accReqList: " + accReqList);
logger.debug("accReqList isEmpty : " + accReqList.isEmpty() );
}
logger.debug("AFTER MODDING " + plan.toXml());
logger.debug("EXITING buildCutomLeaverPlan for: " + identityName);
//return null;
return plan;
}
also additional functions
//Added by me
public ProvisioningPlan getDelimitedDynamicLeaverPlan(SailPointContext context, String identityName, Workflow workflow){
llogger.error("Enter getDelimitedDynamicLeaverPlan");
Identity identity = context.getObjectByName(Identity.class, identityName);
ProvisioningPlan plan = buildDelimitedCustomLeaverPlan(context, workflow);
logger.error("Print Seq Plan from buildDelimitedCustomLeaverPlan : " + plan.toXml());
return plan;
}
// till here
public ProvisioningPlan getDynamicLeaverPlan(SailPointContext context, Identity identity, Workflow workflow){
llogger.error("Enter getDynamicLeaverPlan");
ProvisioningPlan plan = new ProvisioningPlan();
//plan.setIdentity(identity);
plan.setComments("Leaver Access");
Custom mappingObj = getLeaverMappingObject(context);
if (mappingObj == null){
String msg = "No mapping object for leaver";
llogger.error(msg);
throw new Exception(msg);
}
String planType = mappingObj.get("Leaver Build Plan Type");
llogger.trace("Plan type: " + planType);
if ("Custom Rule".equalsIgnoreCase(planType)){
llogger.trace("Call custom rule for leaver build plan");
llogger.error("Print Seq Call custom rule for leaver build plan");
plan = buildCustomLeaverPlan(context, workflow);
logger.debug("Plan from buildCustomLeaverPlan : " + plan);
llogger.error("Print Seq Plan from buildCustomLeaverPlan : " + plan.toXml());
} else {
llogger.trace("Get links");
List links = identity.getLinks();
List defDeletes = mappingObj.get("Default Deletes");
List defDisables = mappingObj.get("Default Disables");
llogger.trace("Def disables: " + defDisables);
llogger.trace("Def deletes: " + defDeletes);
llogger.trace("Loop links");
for (Link link : links){
String nativeId = link.getNativeIdentity();
String appName = link.getApplicationName();
AccountRequest acctReq;
if ("Disable All".equalsIgnoreCase(planType)){
llogger.trace("In Disable all build req");
acctReq = new AccountRequest(AccountRequest.Operation.Disable, appName, null, nativeId);
} else if ("Delete All".equalsIgnoreCase(planType)){
llogger.trace("In delete all build req");
acctReq = new AccountRequest(AccountRequest.Operation.Delete, appName, null, nativeId);
} else if ("Selective Lists".equalsIgnoreCase(planType)){
llogger.trace("In selective list build req");
if (defDisables != null && defDisables.contains(appName)){
acctReq = new AccountRequest(AccountRequest.Operation.Disable, appName, null, nativeId);
} else if (defDeletes != null && defDeletes.contains(appName)){
acctReq = new AccountRequest(AccountRequest.Operation.Delete, appName, null, nativeId);
}
}
llogger.trace("Add req");
plan.add(acctReq);
}
}
if (plan!=null){
llogger.trace("Exit getDynamicLeaverPlan: " + plan.toXml());
}
return plan;
}