Package com.identityworksllc.iiq.common

Class IdentityLinkUtil

  • public class IdentityLinkUtil
extends Object
    A utility class for efficiently reading various types of information from Link objects.

    This class supplements IdentityService by providing additional methods for retrieving attributes of various types.

    This is very common logic in virtually all IIQ instances, and this will prevent us from having to reimplement it for both Beanshell and Java every time. It should also increase efficiency by being in compiled Java and not Beanshell.

    There are essentially two modes of operation, depending on your purposes. If you need to pre-load all Identity Links prior to running an operation, set the forceLoad flag to true using setForceLoad(boolean). If you do not do this, this class will echo the logic used by IdentityService.getLinks(Identity, Application).

    You will generally NOT want to set forceLoad=true unless you need to repeatedly query the same Links from the Identity. The most notable example is when you are reading values from Links in more than a handful of IdentityAttribute rules.

    In all cases, the get-attribute methods take the ‘failOnMultiple’ flag into account. If the flag is false, as is default, the value from the newest Link will be retrieved.

    • Constructor Detail

      • IdentityLinkUtil

        public IdentityLinkUtil​(sailpoint.api.SailPointContext context,
                        sailpoint.object.Identity identity)
        Identity Link utility constructor
        Parameters:
        context - The Sailpoint context
        identity - the Identity

      • IdentityLinkUtil

        public IdentityLinkUtil​(sailpoint.api.SailPointContext context,
                        sailpoint.object.Identity identity,
                        sailpoint.object.Filter globalLinkFilter)
        Identity Link utility constructor
        Parameters:
        context - The Sailpoint context
        identity - the Identity

    • Method Detail

      • findUniqueLink

        public static Optional<sailpoint.object.Link> findUniqueLink​(sailpoint.api.SailPointContext context,
                                                             String applicationName,
                                                             String nativeIdentity)
                                                      throws sailpoint.tools.GeneralException
        Finds a unique Link by Native ID and Application, returning a non-null Optional
        Parameters:
        context - The context for querying
        applicationName - The application name
        nativeIdentity - The native ID
        Returns:
        If no matches, an empty Optional. If one match, an Optional containing the Link
        Throws:
        sailpoint.tools.GeneralException - if there is a query failure
        TooManyResultsException - if more than one Link matches the criteria

      • getLinkFilter

        public static sailpoint.object.Filter getLinkFilter​(String applicationName,
                                                    String nativeIdentity)
        Returns a Filter object for a Link
        Parameters:
        applicationName - The application name
        nativeIdentity - The native ID
        Returns:
        the resulting Filter

      • getUniqueLink

        public static sailpoint.object.Link getUniqueLink​(sailpoint.api.SailPointContext context,
                                                  String applicationName,
                                                  String nativeIdentity)
                                           throws sailpoint.tools.GeneralException
        Gets a unique Link by Native ID and Application or else throws an exception
        Parameters:
        context - The context for querying
        applicationName - The application name
        nativeIdentity - The native ID
        Returns:
        Null if no matches, a single Link if there is a match
        Throws:
        sailpoint.tools.GeneralException - if there is a query failure
        TooManyResultsException - if more than one Link matches the criteria

      • findManagedAttribute

        public Optional<sailpoint.object.ManagedAttribute> findManagedAttribute​(sailpoint.object.IdentityEntitlement ie)
                                                                 throws sailpoint.tools.GeneralException
        Retrieves a managed attribute for the given IdentityEntitlement
        Parameters:
        ie - The IdentityEntitlement
        Returns:
        The associated managed attribute, or an empty optional
        Throws:
        sailpoint.tools.GeneralException - If the query fails for some reason
        TooManyResultsException - If the entitlement matches more than 1 managed attribute

      • findManagedAttributes

        public Map<String,​List<sailpoint.object.ManagedAttribute>> findManagedAttributes​(sailpoint.object.Link link)
                                                                                throws sailpoint.tools.GeneralException
        Retrieves all ManagedAttributes associated with the given Link
        Parameters:
        link - the Link to check
        Returns:
        A map from field name to a list of ManagedAttribute objects
        Throws:
        sailpoint.tools.GeneralException - If the query fails for some reason
        TooManyResultsException - If the entitlement matches more than 1 managed attribute

      • getGlobalLinkFilter

        public sailpoint.object.Filter getGlobalLinkFilter()
        Gets the applied (possibly null) global link filter
        Returns:
        The applied global link filter

      • getLinkByNativeIdentity

        public sailpoint.object.Link getLinkByNativeIdentity​(sailpoint.object.Application application,
                                                     String nativeIdentity)
                                              throws sailpoint.tools.GeneralException
        Gets the Link from the Identity by native identity
        Parameters:
        application - The application type of the Link
        nativeIdentity - The native identity of the Link
        Returns:
        The Link
        Throws:
        sailpoint.tools.GeneralException - if any failures occur

      • getLinksByApplication

        public List<sailpoint.object.Link> getLinksByApplication​(sailpoint.object.Application application,
                                                         sailpoint.object.Filter linkFilter)
                                                  throws sailpoint.tools.GeneralException
        Gets the list of Links of the given application type, applying the given optional filter to the links.

        If a filter is present, only Links matching the filter will be returned.

        Parameters:
        application - The application object
        linkFilter - The filter object, optional
        Returns:
        A non-null list of links (optionally filtered) on this user of the given application type
        Throws:
        sailpoint.tools.GeneralException - if any failures occur

      • getMultiValueLinkAttribute

        public List<StringgetMultiValueLinkAttribute​(sailpoint.object.Application application,
                                               String attributeName,
                                               sailpoint.object.Filter linkFilter)
                                        throws sailpoint.tools.GeneralException
        Gets the value of a multi-valued attribute from one Link of the given type belonging to this Identity.

        The actual type of the attribute doesn’t matter. A CSV single-valued String will be converted to a List here.

        Parameters:
        application - The application type of the Links
        attributeName - The attribute name to grab
        linkFilter - The Link filter, optional
        Returns:
        The value of the attribute, or null
        Throws:
        sailpoint.tools.GeneralException - if any errors occur

      • getSingleValueLinkAttribute

        public String getSingleValueLinkAttribute​(sailpoint.object.Application application,
                                          String attributeName,
                                          sailpoint.object.Filter linkFilter)
                                   throws sailpoint.tools.GeneralException
        Gets the value of a single-valued attribute from one Link of the given type belonging to this Identity.
        Parameters:
        application - The application type of the Links
        attributeName - The attribute name to grab
        linkFilter - The Link filter, optional
        Returns:
        The value of the attribute, or null
        Throws:
        sailpoint.tools.GeneralException - if any errors occur

      • isFailOnMultiple

        public boolean isFailOnMultiple()
        Returns true if the class is set to fail on multiple Links of the same type
        See Also:
        failOnMultiple

      • isForceLoad

        public boolean isForceLoad()
        Returns true if you want to force-load all Links on the Identity using Identity.getLinks(), rather than using IdentityService
        See Also:
        forceLoad

      • mergeLinkAttributes

        public List<StringmergeLinkAttributes​(sailpoint.object.Application application,
                                        String attributeName,
                                        sailpoint.object.Filter linkFilter)
                                 throws sailpoint.tools.GeneralException
        Extracts the named attribute from each Link of the given application and adds all values from each Link into a common List.
        Parameters:
        application - The application to query
        attributeName - The attribute name to query
        linkFilter - The link filter, optional
        Returns:
        The merged set of attributes from each application
        Throws:
        sailpoint.tools.GeneralException - if any failures occur

      • setFailOnMultiple

        public void setFailOnMultiple​(boolean failOnMultiple)
        If true, and the Identity has more than one (post-filter) Link of a given Application type, the get-attribute methods will throw an exception.
        Parameters:
        failOnMultiple - True if we should fail on multiple accounts

      • setForceLoad

        public void setForceLoad​(boolean forceLoad)
        If true, the Identity’s links container will be populated before searching for items.

        This will make the IdentityService faster in some circumstances, notably repeated queries of links in Identity Attributes.

        Parameters:
        forceLoad - True if we should always load the Link objects

      • setGlobalLinkFilter

        public void setGlobalLinkFilter​(sailpoint.object.Filter globalLinkFilter)
        Sets a global link filter, allowing use of a constant
        Parameters:
        globalLinkFilter - The filter to apply to any operation