Package icc.util
Class IdentitySnapshotHelper
- java.lang.Object
-
- icc.util.IdentitySnapshotHelper
-
public class IdentitySnapshotHelper extends java.lang.Object
-
-
Constructor Summary
Constructors Constructor Description IdentitySnapshotHelper()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static boolean
assignedRolesDiff(sailpoint.object.IdentityDifference diff)
Checks if IdentityDifference has added or removed assigned rolesstatic boolean
attributeDiff(sailpoint.object.IdentityDifference diff)
Checks if identity attributes have changed.static boolean
bundleDiff(sailpoint.object.IdentitySnapshot identitySnapshotPrev, sailpoint.object.IdentitySnapshot identitySnapshotNew)
Compares the bundles of two IdentitySnapshots for changesstatic boolean
compareListsAsSet(java.util.List<java.lang.String> listA, java.util.List<java.lang.String> listB)
Compares to Lists of Strings ignoring element orderstatic boolean
compareListsAttAssignments(java.util.List<sailpoint.object.AttributeAssignment> listA, java.util.List<sailpoint.object.AttributeAssignment> listB)
Compares two Lists with AttributeAssignments (order ignored)static boolean
compareListsBundleSnapshot(java.util.List<sailpoint.object.BundleSnapshot> listA, java.util.List<sailpoint.object.BundleSnapshot> listB)
Compares two Lists with BundleSnapshot (order ignored)static boolean
compareListsRoleAssignments(java.util.List<sailpoint.object.RoleAssignment> listA, java.util.List<sailpoint.object.RoleAssignment> listB)
Compares two Lists with RoleAssignments (order ignored)static boolean
createSnapshotWhenTriggered(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity)
Generates a new snapshot for an identity if it is justified by the current configuration and makes the snapshot persistent in IIQstatic boolean
createSnapshotWhenTriggered(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity, boolean isPersistent)
Generates a new snapshot for an identity if it is justified by the current configuration and makes the snapshot persistent in IIQstatic sailpoint.object.IdentitySnapshot
generateSnapshot(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity)
Generates a snapshot of an identity.static java.lang.Object
getAccountAttributefromSnapshot(sailpoint.object.IdentitySnapshot snap, java.lang.String applicationName, java.lang.String nativeIdentity, java.lang.String attributeName)
retrieve an account attribute from a snapshotstatic sailpoint.object.Attributes<java.lang.String,java.lang.Object>
getAccountAttributesfromSnapshot(sailpoint.object.IdentitySnapshot snap, java.lang.String applicationName, java.lang.String nativeIdentity)
retrieve attribute map of an account from a snapshotstatic sailpoint.object.Assignment
getAttributeAssignmentFromLastSnapshotBeforeDate(sailpoint.api.SailPointContext context, java.util.Date date, sailpoint.object.Identity identity, java.lang.String appName, java.lang.String nativeIdentity, java.lang.String attrName, java.lang.String attrValue)
retrieve a AttributeAssignment for a specific attribute modified in given IdentityRequest from last identitySnapshot before a certain datestatic sailpoint.object.IdentityDifference
getDiff(sailpoint.api.SailPointContext context, sailpoint.object.IdentitySnapshot identitySnapshotPrev, sailpoint.object.IdentitySnapshot identitySnapshotNew)
Generates the differences between two IdentitySnapshotsstatic java.util.List<java.lang.String>
getEntitlementOwnerships(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity)
static IdentitySnapshotHelper
getInstance()
static sailpoint.object.IdentitySnapshot
getLastSnapshot(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity)
Retrieves the latest snapshot of an Identity from the database and returns itstatic sailpoint.object.IdentitySnapshot
getLastSnapshotBeforeDate(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity, java.util.Date date)
Retrieves the latest snapshot of an Identity which was created before a given date from the database and returns itstatic sailpoint.object.Assignment
getRoleAssignmentFromLastSnapshotBeforeDate(sailpoint.api.SailPointContext context, java.util.Date date, sailpoint.object.Identity identity, sailpoint.object.IdentityRequest idenReq, java.lang.String attrValue)
retrieve a roleAssignment for a specific role modified in given IdentityRequest from last identitySnapshot before a certain datestatic java.util.List<java.lang.String>
getRoleOwnerships(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity)
static java.util.List<java.lang.String>
getWorkgroupMemberships(sailpoint.object.Identity identity)
static boolean
linkDiff(sailpoint.object.IdentityDifference diff)
Checks if link attributes have changed.static boolean
linkIdDiff(sailpoint.object.IdentitySnapshot identitySnapshotPrev, sailpoint.object.IdentitySnapshot identitySnapshotNew)
Compares the ID-Values of the links of two snapshotsstatic void
setConfiguration(java.util.List<java.lang.String> pAttributeTriggerList, java.util.HashMap<java.lang.String,java.util.List<java.lang.String>> pLinkTriggerMap, java.util.HashMap<java.lang.String,java.util.List<java.lang.String>> pEntitlementNames)
Sets a configuration to use for triggering snapshots.static java.util.List<java.lang.String>
snapshotToLinkIdList(sailpoint.object.IdentitySnapshot snap)
Gets the ApplicationIds as a List for each Link on an IdentitySnapshot
-
-
-
Method Detail
-
getInstance
public static IdentitySnapshotHelper getInstance()
-
setConfiguration
public static void setConfiguration(java.util.List<java.lang.String> pAttributeTriggerList, java.util.HashMap<java.lang.String,java.util.List<java.lang.String>> pLinkTriggerMap, java.util.HashMap<java.lang.String,java.util.List<java.lang.String>> pEntitlementNames)
Sets a configuration to use for triggering snapshots. When all parameters are set, we use the provided values. Afterwards the init method, which loads/reloads the configuration from the configuration object, is ignored. If any parameter is null, the init method will be reactivated and used afterwards- Parameters:
pAttributeTriggerList
- Attribute triggerspLinkTriggerMap
- Link (Account) Attribute TriggerspEntitlementNames
- Entitlements for each application
-
createSnapshotWhenTriggered
public static boolean createSnapshotWhenTriggered(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity) throws sailpoint.tools.GeneralException
Generates a new snapshot for an identity if it is justified by the current configuration and makes the snapshot persistent in IIQ- Parameters:
identity
- to possibly generate a snapshot for- Returns:
- true or false, whether a snapshot has been created or not
- Throws:
sailpoint.tools.GeneralException
-
createSnapshotWhenTriggered
public static boolean createSnapshotWhenTriggered(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity, boolean isPersistent) throws sailpoint.tools.GeneralException
Generates a new snapshot for an identity if it is justified by the current configuration and makes the snapshot persistent in IIQ- Parameters:
identity
- to possibly generate a snapshot forisPersistent
- if true: snapshot will be comitted to database, false: no snapshot will be commited to database for testing purposes- Returns:
- true or false, whether a snapshot has been created or not
- Throws:
sailpoint.tools.GeneralException
-
getWorkgroupMemberships
public static java.util.List<java.lang.String> getWorkgroupMemberships(sailpoint.object.Identity identity)
-
getEntitlementOwnerships
public static java.util.List<java.lang.String> getEntitlementOwnerships(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity) throws sailpoint.tools.GeneralException
- Throws:
sailpoint.tools.GeneralException
-
getRoleOwnerships
public static java.util.List<java.lang.String> getRoleOwnerships(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity) throws sailpoint.tools.GeneralException
- Throws:
sailpoint.tools.GeneralException
-
getDiff
public static sailpoint.object.IdentityDifference getDiff(sailpoint.api.SailPointContext context, sailpoint.object.IdentitySnapshot identitySnapshotPrev, sailpoint.object.IdentitySnapshot identitySnapshotNew) throws sailpoint.tools.GeneralException
Generates the differences between two IdentitySnapshots- Parameters:
identitySnapshotPrev
- Older Identity snapshotidentitySnapshotNew
- New Identity snapshot- Returns:
- IdentityDifference differences of snapshots
- Throws:
sailpoint.tools.GeneralException
-
generateSnapshot
public static sailpoint.object.IdentitySnapshot generateSnapshot(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity) throws sailpoint.tools.GeneralException
Generates a snapshot of an identity. Snapshot is returned and not written to database- Parameters:
identity
- Identity the snapshot is based on- Returns:
- IdentitySnapshot
- Throws:
sailpoint.tools.GeneralException
-
getLastSnapshot
public static sailpoint.object.IdentitySnapshot getLastSnapshot(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity) throws sailpoint.tools.GeneralException
Retrieves the latest snapshot of an Identity from the database and returns it- Parameters:
identity
- Identity- Returns:
- IdentitySnapshot
- Throws:
sailpoint.tools.GeneralException
-
getLastSnapshotBeforeDate
public static sailpoint.object.IdentitySnapshot getLastSnapshotBeforeDate(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity, java.util.Date date) throws sailpoint.tools.GeneralException
Retrieves the latest snapshot of an Identity which was created before a given date from the database and returns it- Parameters:
identity
- Identitydate
- Date- Returns:
- IdentitySnapshot
- Throws:
sailpoint.tools.GeneralException
-
getAccountAttributefromSnapshot
public static java.lang.Object getAccountAttributefromSnapshot(sailpoint.object.IdentitySnapshot snap, java.lang.String applicationName, java.lang.String nativeIdentity, java.lang.String attributeName)
retrieve an account attribute from a snapshot- Parameters:
snap
- IdentitySnapshotapplicationName
- name of account applicationnativeIdentity
- nativeidentity of accountattributeName
- Name of account attribute- Returns:
- value of account attribute
-
getAccountAttributesfromSnapshot
public static sailpoint.object.Attributes<java.lang.String,java.lang.Object> getAccountAttributesfromSnapshot(sailpoint.object.IdentitySnapshot snap, java.lang.String applicationName, java.lang.String nativeIdentity)
retrieve attribute map of an account from a snapshot- Parameters:
snap
- IdentitySnapshotapplicationName
- name of account applicationnativeIdentity
- nativeidentity of account- Returns:
- Attributes of account
-
getRoleAssignmentFromLastSnapshotBeforeDate
public static sailpoint.object.Assignment getRoleAssignmentFromLastSnapshotBeforeDate(sailpoint.api.SailPointContext context, java.util.Date date, sailpoint.object.Identity identity, sailpoint.object.IdentityRequest idenReq, java.lang.String attrValue) throws sailpoint.tools.GeneralException
retrieve a roleAssignment for a specific role modified in given IdentityRequest from last identitySnapshot before a certain date- Parameters:
context
-date
- select last snapshot before this dateidentity
- Identity for which the roleAssignment should be searchedidenReq
- IdentityRequest which modified the roleattrValue
- roleName- Returns:
- Assignment or null
- Throws:
sailpoint.tools.GeneralException
-
getAttributeAssignmentFromLastSnapshotBeforeDate
public static sailpoint.object.Assignment getAttributeAssignmentFromLastSnapshotBeforeDate(sailpoint.api.SailPointContext context, java.util.Date date, sailpoint.object.Identity identity, java.lang.String appName, java.lang.String nativeIdentity, java.lang.String attrName, java.lang.String attrValue) throws sailpoint.tools.GeneralException
retrieve a AttributeAssignment for a specific attribute modified in given IdentityRequest from last identitySnapshot before a certain date- Parameters:
context
-date
- select last snapshot before this dateidentity
- Identity for which the attributeAssignment should be searchedappName
- Name of applicationnativeIdentity
- nativeIdentity of AccountattrName
- Attribute nameattrValue
- attribute value- Returns:
- Assignment or null
- Throws:
sailpoint.tools.GeneralException
-
assignedRolesDiff
public static boolean assignedRolesDiff(sailpoint.object.IdentityDifference diff) throws sailpoint.tools.GeneralException
Checks if IdentityDifference has added or removed assigned roles- Parameters:
diff
- IdentityDifference to check for changes- Returns:
- true: difference detected, false: no difference detected
- Throws:
sailpoint.tools.GeneralException
-
bundleDiff
public static boolean bundleDiff(sailpoint.object.IdentitySnapshot identitySnapshotPrev, sailpoint.object.IdentitySnapshot identitySnapshotNew) throws sailpoint.tools.GeneralException
Compares the bundles of two IdentitySnapshots for changes- Parameters:
identitySnapshotPrev
- first IdentityDifference to check for changesidentitySnapshotNew
- second IdentityDifference to check for changes- Returns:
- true: difference detected, false: no difference detected
- Throws:
sailpoint.tools.GeneralException
-
attributeDiff
public static boolean attributeDiff(sailpoint.object.IdentityDifference diff) throws sailpoint.tools.GeneralException
Checks if identity attributes have changed. This would trigger the generation of a new snapshot- Parameters:
diff
- IdentityDifference to check for changes- Returns:
- true: change detected, false: no change detected
- Throws:
sailpoint.tools.GeneralException
-
linkDiff
public static boolean linkDiff(sailpoint.object.IdentityDifference diff) throws sailpoint.tools.GeneralException
Checks if link attributes have changed. This would trigger the generation of a new snapshot- Parameters:
diff
- IdentityDifference to check for changes- Returns:
- true: change detected, false: no change detected
- Throws:
sailpoint.tools.GeneralException
-
linkIdDiff
public static boolean linkIdDiff(sailpoint.object.IdentitySnapshot identitySnapshotPrev, sailpoint.object.IdentitySnapshot identitySnapshotNew) throws sailpoint.tools.GeneralException
Compares the ID-Values of the links of two snapshots- Parameters:
identitySnapshotPrev
-identitySnapshotNew
-- Returns:
- true : difference has been detected in the id of the links, false: no change detected
- Throws:
sailpoint.tools.GeneralException
-
snapshotToLinkIdList
public static java.util.List<java.lang.String> snapshotToLinkIdList(sailpoint.object.IdentitySnapshot snap) throws sailpoint.tools.GeneralException
Gets the ApplicationIds as a List for each Link on an IdentitySnapshot- Parameters:
snap
- Snapshot- Returns:
- List
with all ApplicationIds - Throws:
sailpoint.tools.GeneralException
-
compareListsAsSet
public static boolean compareListsAsSet(java.util.List<java.lang.String> listA, java.util.List<java.lang.String> listB)
Compares to Lists of Strings ignoring element order- Parameters:
listA
- List of StringslistB
- List of Strings- Returns:
- true: both Lists contain the same elements, false: otherwise
-
compareListsAttAssignments
public static boolean compareListsAttAssignments(java.util.List<sailpoint.object.AttributeAssignment> listA, java.util.List<sailpoint.object.AttributeAssignment> listB) throws sailpoint.tools.GeneralException
Compares two Lists with AttributeAssignments (order ignored)- Parameters:
listA
- List of AttributeAssignmentlistB
- List of AttributeAssignment- Returns:
- true: both Lists are equal, false: not equal
- Throws:
sailpoint.tools.GeneralException
-
compareListsRoleAssignments
public static boolean compareListsRoleAssignments(java.util.List<sailpoint.object.RoleAssignment> listA, java.util.List<sailpoint.object.RoleAssignment> listB) throws sailpoint.tools.GeneralException
Compares two Lists with RoleAssignments (order ignored)- Parameters:
listA
- List of RoleAssignmentlistB
- List of RoleAssignment- Returns:
- true: both Lists are equal, false: not equal
- Throws:
sailpoint.tools.GeneralException
-
compareListsBundleSnapshot
public static boolean compareListsBundleSnapshot(java.util.List<sailpoint.object.BundleSnapshot> listA, java.util.List<sailpoint.object.BundleSnapshot> listB) throws sailpoint.tools.GeneralException
Compares two Lists with BundleSnapshot (order ignored)- Parameters:
listA
- List of BundleSnapshotlistB
- List of BundleSnapshot- Returns:
- true: both Lists are equal, false: not equal
- Throws:
sailpoint.tools.GeneralException
-
-