Package icc.util

Class IdentitySnapshotHelper


  • public class IdentitySnapshotHelper
    extends java.lang.Object
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static boolean assignedRolesDiff​(sailpoint.object.IdentityDifference diff)
      Checks if IdentityDifference has added or removed assigned roles
      static boolean attributeDiff​(sailpoint.object.IdentityDifference diff)
      Checks if identity attributes have changed.
      static boolean bundleDiff​(sailpoint.object.IdentitySnapshot identitySnapshotPrev, sailpoint.object.IdentitySnapshot identitySnapshotNew)
      Compares the bundles of two IdentitySnapshots for changes
      static boolean compareListsAsSet​(java.util.List<java.lang.String> listA, java.util.List<java.lang.String> listB)
      Compares to Lists of Strings ignoring element order
      static boolean compareListsAttAssignments​(java.util.List<sailpoint.object.AttributeAssignment> listA, java.util.List<sailpoint.object.AttributeAssignment> listB)
      Compares two Lists with AttributeAssignments (order ignored)
      static boolean compareListsBundleSnapshot​(java.util.List<sailpoint.object.BundleSnapshot> listA, java.util.List<sailpoint.object.BundleSnapshot> listB)
      Compares two Lists with BundleSnapshot (order ignored)
      static boolean compareListsRoleAssignments​(java.util.List<sailpoint.object.RoleAssignment> listA, java.util.List<sailpoint.object.RoleAssignment> listB)
      Compares two Lists with RoleAssignments (order ignored)
      static boolean createSnapshotWhenTriggered​(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity)
      Generates a new snapshot for an identity if it is justified by the current configuration and makes the snapshot persistent in IIQ
      static boolean createSnapshotWhenTriggered​(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity, boolean isPersistent)
      Generates a new snapshot for an identity if it is justified by the current configuration and makes the snapshot persistent in IIQ
      static sailpoint.object.IdentitySnapshot generateSnapshot​(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity)
      Generates a snapshot of an identity.
      static java.lang.Object getAccountAttributefromSnapshot​(sailpoint.object.IdentitySnapshot snap, java.lang.String applicationName, java.lang.String nativeIdentity, java.lang.String attributeName)
      retrieve an account attribute from a snapshot
      static sailpoint.object.Attributes<java.lang.String,​java.lang.Object> getAccountAttributesfromSnapshot​(sailpoint.object.IdentitySnapshot snap, java.lang.String applicationName, java.lang.String nativeIdentity)
      retrieve attribute map of an account from a snapshot
      static sailpoint.object.Assignment getAttributeAssignmentFromLastSnapshotBeforeDate​(sailpoint.api.SailPointContext context, java.util.Date date, sailpoint.object.Identity identity, java.lang.String appName, java.lang.String nativeIdentity, java.lang.String attrName, java.lang.String attrValue)
      retrieve a AttributeAssignment for a specific attribute modified in given IdentityRequest from last identitySnapshot before a certain date
      static sailpoint.object.IdentityDifference getDiff​(sailpoint.api.SailPointContext context, sailpoint.object.IdentitySnapshot identitySnapshotPrev, sailpoint.object.IdentitySnapshot identitySnapshotNew)
      Generates the differences between two IdentitySnapshots
      static java.util.List<java.lang.String> getEntitlementOwnerships​(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity)  
      static IdentitySnapshotHelper getInstance()  
      static sailpoint.object.IdentitySnapshot getLastSnapshot​(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity)
      Retrieves the latest snapshot of an Identity from the database and returns it
      static sailpoint.object.IdentitySnapshot getLastSnapshotBeforeDate​(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity, java.util.Date date)
      Retrieves the latest snapshot of an Identity which was created before a given date from the database and returns it
      static sailpoint.object.Assignment getRoleAssignmentFromLastSnapshotBeforeDate​(sailpoint.api.SailPointContext context, java.util.Date date, sailpoint.object.Identity identity, sailpoint.object.IdentityRequest idenReq, java.lang.String attrValue)
      retrieve a roleAssignment for a specific role modified in given IdentityRequest from last identitySnapshot before a certain date
      static java.util.List<java.lang.String> getRoleOwnerships​(sailpoint.api.SailPointContext context, sailpoint.object.Identity identity)  
      static java.util.List<java.lang.String> getWorkgroupMemberships​(sailpoint.object.Identity identity)  
      static boolean linkDiff​(sailpoint.object.IdentityDifference diff)
      Checks if link attributes have changed.
      static boolean linkIdDiff​(sailpoint.object.IdentitySnapshot identitySnapshotPrev, sailpoint.object.IdentitySnapshot identitySnapshotNew)
      Compares the ID-Values of the links of two snapshots
      static void setConfiguration​(java.util.List<java.lang.String> pAttributeTriggerList, java.util.HashMap<java.lang.String,​java.util.List<java.lang.String>> pLinkTriggerMap, java.util.HashMap<java.lang.String,​java.util.List<java.lang.String>> pEntitlementNames)
      Sets a configuration to use for triggering snapshots.
      static java.util.List<java.lang.String> snapshotToLinkIdList​(sailpoint.object.IdentitySnapshot snap)
      Gets the ApplicationIds as a List for each Link on an IdentitySnapshot
      • Methods inherited from class java.lang.Object

        equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • IdentitySnapshotHelper

        public IdentitySnapshotHelper()
    • Method Detail

      • setConfiguration

        public static void setConfiguration​(java.util.List<java.lang.String> pAttributeTriggerList,
                                            java.util.HashMap<java.lang.String,​java.util.List<java.lang.String>> pLinkTriggerMap,
                                            java.util.HashMap<java.lang.String,​java.util.List<java.lang.String>> pEntitlementNames)
        Sets a configuration to use for triggering snapshots. When all parameters are set, we use the provided values. Afterwards the init method, which loads/reloads the configuration from the configuration object, is ignored. If any parameter is null, the init method will be reactivated and used afterwards
        Parameters:
        pAttributeTriggerList - Attribute triggers
        pLinkTriggerMap - Link (Account) Attribute Triggers
        pEntitlementNames - Entitlements for each application
      • createSnapshotWhenTriggered

        public static boolean createSnapshotWhenTriggered​(sailpoint.api.SailPointContext context,
                                                          sailpoint.object.Identity identity)
                                                   throws sailpoint.tools.GeneralException
        Generates a new snapshot for an identity if it is justified by the current configuration and makes the snapshot persistent in IIQ
        Parameters:
        identity - to possibly generate a snapshot for
        Returns:
        true or false, whether a snapshot has been created or not
        Throws:
        sailpoint.tools.GeneralException
      • createSnapshotWhenTriggered

        public static boolean createSnapshotWhenTriggered​(sailpoint.api.SailPointContext context,
                                                          sailpoint.object.Identity identity,
                                                          boolean isPersistent)
                                                   throws sailpoint.tools.GeneralException
        Generates a new snapshot for an identity if it is justified by the current configuration and makes the snapshot persistent in IIQ
        Parameters:
        identity - to possibly generate a snapshot for
        isPersistent - if true: snapshot will be comitted to database, false: no snapshot will be commited to database for testing purposes
        Returns:
        true or false, whether a snapshot has been created or not
        Throws:
        sailpoint.tools.GeneralException
      • getWorkgroupMemberships

        public static java.util.List<java.lang.String> getWorkgroupMemberships​(sailpoint.object.Identity identity)
      • getEntitlementOwnerships

        public static java.util.List<java.lang.String> getEntitlementOwnerships​(sailpoint.api.SailPointContext context,
                                                                                sailpoint.object.Identity identity)
                                                                         throws sailpoint.tools.GeneralException
        Throws:
        sailpoint.tools.GeneralException
      • getRoleOwnerships

        public static java.util.List<java.lang.String> getRoleOwnerships​(sailpoint.api.SailPointContext context,
                                                                         sailpoint.object.Identity identity)
                                                                  throws sailpoint.tools.GeneralException
        Throws:
        sailpoint.tools.GeneralException
      • getDiff

        public static sailpoint.object.IdentityDifference getDiff​(sailpoint.api.SailPointContext context,
                                                                  sailpoint.object.IdentitySnapshot identitySnapshotPrev,
                                                                  sailpoint.object.IdentitySnapshot identitySnapshotNew)
                                                           throws sailpoint.tools.GeneralException
        Generates the differences between two IdentitySnapshots
        Parameters:
        identitySnapshotPrev - Older Identity snapshot
        identitySnapshotNew - New Identity snapshot
        Returns:
        IdentityDifference differences of snapshots
        Throws:
        sailpoint.tools.GeneralException
      • generateSnapshot

        public static sailpoint.object.IdentitySnapshot generateSnapshot​(sailpoint.api.SailPointContext context,
                                                                         sailpoint.object.Identity identity)
                                                                  throws sailpoint.tools.GeneralException
        Generates a snapshot of an identity. Snapshot is returned and not written to database
        Parameters:
        identity - Identity the snapshot is based on
        Returns:
        IdentitySnapshot
        Throws:
        sailpoint.tools.GeneralException
      • getLastSnapshot

        public static sailpoint.object.IdentitySnapshot getLastSnapshot​(sailpoint.api.SailPointContext context,
                                                                        sailpoint.object.Identity identity)
                                                                 throws sailpoint.tools.GeneralException
        Retrieves the latest snapshot of an Identity from the database and returns it
        Parameters:
        identity - Identity
        Returns:
        IdentitySnapshot
        Throws:
        sailpoint.tools.GeneralException
      • getLastSnapshotBeforeDate

        public static sailpoint.object.IdentitySnapshot getLastSnapshotBeforeDate​(sailpoint.api.SailPointContext context,
                                                                                  sailpoint.object.Identity identity,
                                                                                  java.util.Date date)
                                                                           throws sailpoint.tools.GeneralException
        Retrieves the latest snapshot of an Identity which was created before a given date from the database and returns it
        Parameters:
        identity - Identity
        date - Date
        Returns:
        IdentitySnapshot
        Throws:
        sailpoint.tools.GeneralException
      • getAccountAttributefromSnapshot

        public static java.lang.Object getAccountAttributefromSnapshot​(sailpoint.object.IdentitySnapshot snap,
                                                                       java.lang.String applicationName,
                                                                       java.lang.String nativeIdentity,
                                                                       java.lang.String attributeName)
        retrieve an account attribute from a snapshot
        Parameters:
        snap - IdentitySnapshot
        applicationName - name of account application
        nativeIdentity - nativeidentity of account
        attributeName - Name of account attribute
        Returns:
        value of account attribute
      • getAccountAttributesfromSnapshot

        public static sailpoint.object.Attributes<java.lang.String,​java.lang.Object> getAccountAttributesfromSnapshot​(sailpoint.object.IdentitySnapshot snap,
                                                                                                                            java.lang.String applicationName,
                                                                                                                            java.lang.String nativeIdentity)
        retrieve attribute map of an account from a snapshot
        Parameters:
        snap - IdentitySnapshot
        applicationName - name of account application
        nativeIdentity - nativeidentity of account
        Returns:
        Attributes of account
      • getRoleAssignmentFromLastSnapshotBeforeDate

        public static sailpoint.object.Assignment getRoleAssignmentFromLastSnapshotBeforeDate​(sailpoint.api.SailPointContext context,
                                                                                              java.util.Date date,
                                                                                              sailpoint.object.Identity identity,
                                                                                              sailpoint.object.IdentityRequest idenReq,
                                                                                              java.lang.String attrValue)
                                                                                       throws sailpoint.tools.GeneralException
        retrieve a roleAssignment for a specific role modified in given IdentityRequest from last identitySnapshot before a certain date
        Parameters:
        context -
        date - select last snapshot before this date
        identity - Identity for which the roleAssignment should be searched
        idenReq - IdentityRequest which modified the role
        attrValue - roleName
        Returns:
        Assignment or null
        Throws:
        sailpoint.tools.GeneralException
      • getAttributeAssignmentFromLastSnapshotBeforeDate

        public static sailpoint.object.Assignment getAttributeAssignmentFromLastSnapshotBeforeDate​(sailpoint.api.SailPointContext context,
                                                                                                   java.util.Date date,
                                                                                                   sailpoint.object.Identity identity,
                                                                                                   java.lang.String appName,
                                                                                                   java.lang.String nativeIdentity,
                                                                                                   java.lang.String attrName,
                                                                                                   java.lang.String attrValue)
                                                                                            throws sailpoint.tools.GeneralException
        retrieve a AttributeAssignment for a specific attribute modified in given IdentityRequest from last identitySnapshot before a certain date
        Parameters:
        context -
        date - select last snapshot before this date
        identity - Identity for which the attributeAssignment should be searched
        appName - Name of application
        nativeIdentity - nativeIdentity of Account
        attrName - Attribute name
        attrValue - attribute value
        Returns:
        Assignment or null
        Throws:
        sailpoint.tools.GeneralException
      • assignedRolesDiff

        public static boolean assignedRolesDiff​(sailpoint.object.IdentityDifference diff)
                                         throws sailpoint.tools.GeneralException
        Checks if IdentityDifference has added or removed assigned roles
        Parameters:
        diff - IdentityDifference to check for changes
        Returns:
        true: difference detected, false: no difference detected
        Throws:
        sailpoint.tools.GeneralException
      • bundleDiff

        public static boolean bundleDiff​(sailpoint.object.IdentitySnapshot identitySnapshotPrev,
                                         sailpoint.object.IdentitySnapshot identitySnapshotNew)
                                  throws sailpoint.tools.GeneralException
        Compares the bundles of two IdentitySnapshots for changes
        Parameters:
        identitySnapshotPrev - first IdentityDifference to check for changes
        identitySnapshotNew - second IdentityDifference to check for changes
        Returns:
        true: difference detected, false: no difference detected
        Throws:
        sailpoint.tools.GeneralException
      • attributeDiff

        public static boolean attributeDiff​(sailpoint.object.IdentityDifference diff)
                                     throws sailpoint.tools.GeneralException
        Checks if identity attributes have changed. This would trigger the generation of a new snapshot
        Parameters:
        diff - IdentityDifference to check for changes
        Returns:
        true: change detected, false: no change detected
        Throws:
        sailpoint.tools.GeneralException
      • linkDiff

        public static boolean linkDiff​(sailpoint.object.IdentityDifference diff)
                                throws sailpoint.tools.GeneralException
        Checks if link attributes have changed. This would trigger the generation of a new snapshot
        Parameters:
        diff - IdentityDifference to check for changes
        Returns:
        true: change detected, false: no change detected
        Throws:
        sailpoint.tools.GeneralException
      • linkIdDiff

        public static boolean linkIdDiff​(sailpoint.object.IdentitySnapshot identitySnapshotPrev,
                                         sailpoint.object.IdentitySnapshot identitySnapshotNew)
                                  throws sailpoint.tools.GeneralException
        Compares the ID-Values of the links of two snapshots
        Parameters:
        identitySnapshotPrev -
        identitySnapshotNew -
        Returns:
        true : difference has been detected in the id of the links, false: no change detected
        Throws:
        sailpoint.tools.GeneralException
      • snapshotToLinkIdList

        public static java.util.List<java.lang.String> snapshotToLinkIdList​(sailpoint.object.IdentitySnapshot snap)
                                                                     throws sailpoint.tools.GeneralException
        Gets the ApplicationIds as a List for each Link on an IdentitySnapshot
        Parameters:
        snap - Snapshot
        Returns:
        List with all ApplicationIds
        Throws:
        sailpoint.tools.GeneralException
      • compareListsAsSet

        public static boolean compareListsAsSet​(java.util.List<java.lang.String> listA,
                                                java.util.List<java.lang.String> listB)
        Compares to Lists of Strings ignoring element order
        Parameters:
        listA - List of Strings
        listB - List of Strings
        Returns:
        true: both Lists contain the same elements, false: otherwise
      • compareListsAttAssignments

        public static boolean compareListsAttAssignments​(java.util.List<sailpoint.object.AttributeAssignment> listA,
                                                         java.util.List<sailpoint.object.AttributeAssignment> listB)
                                                  throws sailpoint.tools.GeneralException
        Compares two Lists with AttributeAssignments (order ignored)
        Parameters:
        listA - List of AttributeAssignment
        listB - List of AttributeAssignment
        Returns:
        true: both Lists are equal, false: not equal
        Throws:
        sailpoint.tools.GeneralException
      • compareListsRoleAssignments

        public static boolean compareListsRoleAssignments​(java.util.List<sailpoint.object.RoleAssignment> listA,
                                                          java.util.List<sailpoint.object.RoleAssignment> listB)
                                                   throws sailpoint.tools.GeneralException
        Compares two Lists with RoleAssignments (order ignored)
        Parameters:
        listA - List of RoleAssignment
        listB - List of RoleAssignment
        Returns:
        true: both Lists are equal, false: not equal
        Throws:
        sailpoint.tools.GeneralException
      • compareListsBundleSnapshot

        public static boolean compareListsBundleSnapshot​(java.util.List<sailpoint.object.BundleSnapshot> listA,
                                                         java.util.List<sailpoint.object.BundleSnapshot> listB)
                                                  throws sailpoint.tools.GeneralException
        Compares two Lists with BundleSnapshot (order ignored)
        Parameters:
        listA - List of BundleSnapshot
        listB - List of BundleSnapshot
        Returns:
        true: both Lists are equal, false: not equal
        Throws:
        sailpoint.tools.GeneralException