Sample transformation script for a CSV file
CSV file structure example
For the script to work in a correct way, make sure the fields in the CSV file are the same as written in the transformation script. The example of CSV file structure is given below.
MANAGED_SYSTEM_NAME,GROUP_TYPE,ROLE_TYPE,ENTITLEMENT_NAME,IS_ACTIVE,ENTITLEMENT_OWNER_TYPE,ENTITLEMENT_OWNER,ENTITLEMENT_ADMIN_TYPE,ENTITLEMENT_ADMIN,APPROVER1_TYPE,APPROVER1,APPROVER2_TYPE,APPROVER2,APPROVER3_TYPE,APPROVER3,AD_GROUPS,ATTRIBUTE_NAME1,ATTRIBUTE_VALUE1,ATTRIBUTE_NAME2,ATTRIBUTE_VALUE2,ATTRIBUTE_NAME3,ATTRIBUTE_VALUE3,MAX_MEMBERSHIP_DURATION01_Test Active Directory,,Access Role,Test AD Role,Y,GROUP,Security group,USER,snelson,SUPERVISOR,Supervisor,OWNER,,ADMIN,,,attrbiuteTest1,value1,attrbiuteTest2,value2,attrbiuteTest3,value3,9000
Transformation script example
The text for transformation script (with comments) to get roles via CSV file for manual applications is provided below.
import org.openiam.base.request.ApproverAssociationsCrudRequestimport org.openiam.base.response.list.ApproverAssociationListResponseimport org.openiam.common.beans.mq.ApproverAssociationRabbitMQServiceimport org.openiam.common.beans.mq.MetadataTypeRabbitMQServiceimport org.openiam.common.beans.mq.RabbitMQSenderimport org.openiam.idm.srvc.grp.dto.Groupimport org.openiam.idm.srvc.membership.dto.ObjectAdminimport org.openiam.idm.srvc.membership.dto.ObjectOwnerimport org.openiam.idm.srvc.meta.domain.MetadataTypeGroupingimport org.openiam.idm.srvc.meta.dto.MetadataTypeimport org.openiam.idm.srvc.mngsys.bean.ApproverAssociationSearchBeanimport org.openiam.idm.srvc.mngsys.domain.AssociationTypeimport org.openiam.idm.srvc.mngsys.dto.ApproverAssociationimport org.openiam.idm.srvc.role.dto.Roleimport org.openiam.idm.srvc.synch.dto.LineObjectimport org.openiam.idm.srvc.user.dto.Userimport org.openiam.mq.constants.api.OpenIAMAPIimport org.openiam.mq.constants.api.am.ApproverAssociationAPIimport org.openiam.mq.constants.queue.am.ApproverAssociationQueueimport org.openiam.provision.type.Attributeimport org.openiam.sync.service.impl.service.AbstractRoleTransformScriptimport org.springframework.util.CollectionUtilsimport org.springframework.util.StringUtils/*** This is OpenIAM common Role transformation script for default CSV file.* If you use your custom CSV or modify default CSV file please take care of the new fields.*/class CsvRoleCommonTransformationScript extends AbstractRoleTransformScript {private static final String DEFAULT_PASSWORD_POLICY_ID = "4000"private ApproverAssociationRabbitMQService approverAssociationRabbitMQServiceprivate ApproverAssociationQueue approverAssociationQueueprivate RabbitMQSender rabbitMQSender/*** We cannot use @Autowired annotation here so we need to get beans from the context.*/@Overridevoid init() {if (metadataTypeRabbitMQService == null) {metadataTypeRabbitMQService = context.getBean(MetadataTypeRabbitMQService.class)}if (approverAssociationRabbitMQService == null) {approverAssociationRabbitMQService = context.getBean(ApproverAssociationRabbitMQService.class)}if (approverAssociationQueue == null) {approverAssociationQueue = context.getBean(ApproverAssociationQueue.class)}if (rabbitMQSender == null) {rabbitMQSender = context.getBean(RabbitMQSender.class)}}@Overrideint execute(LineObject rowObj, Role role) {try {return populateObject(rowObj, role)} catch (Exception ex) {return SKIP}}/*** Populate Role object from CSV row.** @param rowObj* @param role* @return*/private int populateObject(LineObject rowObj, Role role) {Map<String, Attribute> map = rowObj.columnMaprole.setPolicyId(DEFAULT_PASSWORD_POLICY_ID)Attribute attribute = map.get("ENTITLEMENT_NAME")if (attribute && StringUtils.hasText(attribute.getValue())) {role.setName(attribute.getValue())} else {log.error("ENTITLEMENT_NAME field cannot be empty!")return SKIP}attribute = map.get("ROLE_TYPE")if (attribute && StringUtils.hasText(attribute.getValue())) {role.setMdTypeId(getMetadataTypeByNameAndGrouping(attribute.getValue(), MetadataTypeGrouping.ROLE_TYPE)?.getId())}if (!StringUtils.hasText(role.getMdTypeId())) {log.error("ROLE_TYPE field empty or incorrect for ENTITLEMENT_NAME: ${role.getName()}.")return SKIP}attribute = map.get("MANAGED_SYSTEM_NAME")String managedSystemId = nullif (attribute && StringUtils.hasText(attribute.getValue())) {managedSystemId = getManagedSystemByName(attribute.getValue())?.getId()if (!managedSystemId) {log.warn("Cannot find Managed System with name: ${attribute.getValue()}")}}role.setManagedSysId(managedSystemId)attribute = map.get("IS_ACTIVE")if (attribute && StringUtils.hasText(attribute.getValue()) && "Y" == attribute.getValue()) {role.setStatus("ACTIVE")} else {role.setStatus("INACTIVE")}attribute = map.get("DESCRIPTION")if (attribute && StringUtils.hasText(attribute.getValue())) {role.setDescription(attribute.getValue())}attribute = map.get("MAX_MEMBERSHIP_DURATION")if (attribute && StringUtils.hasText(attribute.getValue())) {role.setMembershipDuration(Integer.valueOf(attribute.getValue()))}def roleAttrName = map.get("ATTRIBUTE_NAME1")?.valuedef roleAttrValue = map.get("ATTRIBUTE_VALUE1")?.valueif (role.getId() && StringUtils.hasText(roleAttrName) && StringUtils.hasText(roleAttrValue)) {addRoleAttribute(role, roleAttrName, roleAttrValue)}roleAttrName = map.get("ATTRIBUTE_NAME2")?.valueroleAttrValue = map.get("ATTRIBUTE_VALUE2")?.valueif (role.getId() && StringUtils.hasText(roleAttrName) && StringUtils.hasText(roleAttrValue)) {addRoleAttribute(role, roleAttrName, roleAttrValue)}roleAttrName = map.get("ATTRIBUTE_NAME3")?.valueroleAttrValue = map.get("ATTRIBUTE_VALUE3")?.valueif (role.getId() && StringUtils.hasText(roleAttrName) && StringUtils.hasText(roleAttrValue)) {addRoleAttribute(role, roleAttrName, roleAttrValue)}Attribute appOwnerType = map.get("ENTITLEMENT_OWNER_TYPE")Attribute appOwner = map.get("ENTITLEMENT_OWNER")if (appOwnerType && StringUtils.hasText(appOwnerType.getValue()) && appOwner && StringUtils.hasText(appOwner.getValue())) {role.setOwner(getOwnerObject(appOwnerType.getValue().trim(), appOwner.getValue().trim()))} else {role.setOwner(null)}Attribute appAdminType = map.get("ENTITLEMENT_ADMIN_TYPE")Attribute appAdmin = map.get("ENTITLEMENT_ADMIN")if (appAdminType && StringUtils.hasText(appAdminType.getValue()) && appAdmin && StringUtils.hasText(appAdmin.getValue())) {role.setAdmin(getAdminObject(appAdminType.getValue().trim(), appAdmin.getValue().trim()))} else {role.setAdmin(null)}// in case if we need to add some AD groups (1199 issue).attribute = map.get("AD_GROUPS")if (attribute && StringUtils.hasText(attribute.getValue())) {addRoleAttribute(role, attribute.getName(), attribute.getValue())}if (!isNewUser) {populateAndSaveApproverAssociations(role, map)}return NO_DELETE}/*** Get Owner object by type (user/group) and name.** @param type* @param name* @return*/private ObjectOwner getOwnerObject(String type, String name) {log.debug("==== execute getOwnerObject method start. =====")type = type.toUpperCase()ObjectOwner obj = new ObjectOwner()obj.setType(type.toLowerCase())switch (type) {case "USER":User user = getUserByLogin(name)if (user) {obj.setId(user.getId())} else {log.warn("Cannot find User for getOwnerObject method with login: ${name}")obj = null}breakcase "GROUP":Group group = getGroupByName(name, config.getManagedSysId())if (group) {obj.setId(group.getId())} else {log.warn("Cannot find Group for getOwnerObject method with name: ${name}")obj = null}breakdefault:log.warn("Unknown type: ${type}")obj = null}log.debug("==== execute getOwnerObject method end. =====")return obj}/*** Get Admin object by type (user/group) and name.** @param type* @param name* @return*/private ObjectAdmin getAdminObject(String type, String name) {log.debug("==== execute getAdminObject method start. =====")type = type.toUpperCase()ObjectAdmin obj = new ObjectAdmin()obj.setType(type.toLowerCase())switch (type) {case "USER":User user = getUserByLogin(name)if (user) {obj.setId(user.getId())} else {log.warn("Cannot find User for getAdminObject method with login: ${name}")obj = null}breakcase "GROUP":Group group = getGroupByName(name, config.getManagedSysId())if (group) {obj.setId(group.getId())} else {log.warn("Cannot find Group for getAdminObject method with name: ${name}")obj = null}breakdefault:log.warn("Unknown type: ${type}")obj = null}log.debug("==== execute getAdminObject method end. =====")return obj}/*** Populate and save new Approver Associations.** @param role* @param map*/private void populateAndSaveApproverAssociations(Role role, Map<String, Attribute> map) {log.debug("==== execute populateAndSaveApproverAssociations method start. =====")removeApproverAssociations(role.getId())Attribute approverType1 = map.get("APPROVER1_TYPE")Attribute approver1 = map.get("APPROVER1")if (approverType1 && approverType1.getValue()) {List<ApproverAssociation> approverAssociationList = new ArrayList<>()int level = 0ApproverAssociation firstApprover = getApproverAssociation(role.getId(),approverType1.getValue().trim(), approver1.getValue().trim(), level++)if (firstApprover) {approverAssociationList.add(firstApprover)Attribute approverType2 = map.get("APPROVER2_TYPE")Attribute approver2 = map.get("APPROVER2")ApproverAssociation secondApprover = getApproverAssociation(role.getId(),approverType2.getValue().trim(), approver2.getValue().trim(), level++)if (secondApprover) {approverAssociationList.add(secondApprover)Attribute approverType3 = map.get("APPROVER3_TYPE")Attribute approver3 = map.get("APPROVER3")ApproverAssociation thirdApprover = getApproverAssociation(role.getId(),approverType3.getValue().trim(), approver3.getValue().trim(), level++)if (thirdApprover) {approverAssociationList.add(thirdApprover)}}}if (!CollectionUtils.isEmpty(approverAssociationList)) {ApproverAssociationsCrudRequest request = new ApproverAssociationsCrudRequest()request.setApproverAssociationList(approverAssociationList)rabbitMQSender.send(approverAssociationQueue, (OpenIAMAPI) ApproverAssociationAPI.SaveApproverAssociations, request)}}log.debug("==== execute populateAndSaveApproverAssociations method end. =====")}/*** Remove existed Approver Associations.** @param roleId*/private void removeApproverAssociations(String roleId) {log.debug("==== execute removeApproverAssociations method start. =====")ApproverAssociationSearchBean bean = new ApproverAssociationSearchBean()bean.setAssociationEntityId(roleId)ApproverAssociationListResponse approvers = approverAssociationRabbitMQService.getApproverAssociations(bean)if (approvers && !CollectionUtils.isEmpty(approvers.getList())) {List<String> approverIdList = approvers.getList().collect { it.getApproverEntityId() }approverAssociationRabbitMQService.removeApproverAssociations(roleId, approverIdList)}log.debug("==== execute removeApproverAssociations method end. =====")}/*** Get ApproverAssociation object by type and name.* type can be: [USER, SUPERVISOR, ROLE, GROUP, OWNER, ADMIN].** @param roleId* @param type* @param name* @param level* @return*/private ApproverAssociation getApproverAssociation(String roleId, String type, String name, int level) {log.debug("==== execute getApproverAssociation method start. =====")type = type.toUpperCase()if (("USER" == type || "ROLE" == type || "GROUP" == type) && !StringUtils.hasText(name)) {log.warn("For types: [USER, ROLE, GROUP] name cannot be empty!")return null}ApproverAssociation result = new ApproverAssociation()result.setAssociationEntityId(roleId)result.setAssociationType(AssociationType.ROLE)result.setApproverLevel(level)switch (type) {case "USER":result.setApproverEntityType(AssociationType.USER)User user = getUserByLogin(name)if (user) {result.setApproverEntityId(user.getId())} else {log.warn("Cannot find User for getApproverAssociation method with login: ${name}")result = null}breakcase "SUPERVISOR":result.setApproverEntityType(AssociationType.SUPERVISOR)if (StringUtils.hasText(name)) {if (name == "Supervisor") {result.setApproverEntityId("Supervisor")break}MetadataType metadataType = getMetadataTypeByNameAndGrouping(name, MetadataTypeGrouping.SUPERVISOR_TYPE)if (metadataType) {result.setApproverEntityId(metadataType.getId())} else {log.warn("Cannot find Supervisor type for getApproverAssociation method with name: ${name}")result = null}}breakcase "ROLE":result.setApproverEntityType(AssociationType.ROLE)Role role = getRoleByName(name, config.getManagedSysId())if (role) {result.setApproverEntityId(role.getId())} else {log.warn("Cannot find Role for getApproverAssociation method with name: ${name}")result = null}breakcase "GROUP":result.setApproverEntityType(AssociationType.GROUP)Group group = getGroupByName(name, config.getManagedSysId())if (group) {result.setApproverEntityId(group.getId())} else {log.warn("Cannot find Group for getApproverAssociation method with name: ${name}")result = null}breakcase "OWNER":result.setApproverEntityType(AssociationType.OWNER)result.setApproverEntityId("Owner")breakcase "ADMIN":result.setApproverEntityType(AssociationType.ADMIN)result.setApproverEntityId("Admin")breakdefault:log.warn("Unknown type: ${type}")result = nullbreak}log.debug("==== execute getApproverAssociation method end. =====")return result}}