Class ProvisioningUtilities
- java.lang.Object
-
- com.identityworksllc.iiq.common.AbstractBaseUtility
-
- com.identityworksllc.iiq.common.ProvisioningUtilities
-
public class ProvisioningUtilities extends AbstractBaseUtility
Utilities to wrap the several provisioning APIs available in SailPoint.
-
-
Field Summary
Fields Modifier and Type Field Description static String
ASSIGNED_ROLES_ATTR
The attribute for provisioning assigned rolesstatic String
NO_APPROVAL_SCHEME
The constant to use for no approvalsstatic String
PLAN_PARAM_APPROVAL_SCHEME
The approval scheme workflow parameterstatic String
PLAN_PARAM_NOTIFICATION_SCHEME
The notification scheme workflow parameter-
Fields inherited from class com.identityworksllc.iiq.common.AbstractBaseUtility
context, debug, log
-
-
Constructor Summary
Constructors Constructor Description ProvisioningUtilities(sailpoint.api.SailPointContext c)
Constructs a workflow-based Provisioning Utilities that will use the default LCM Provisioning workflow for all operations.ProvisioningUtilities(sailpoint.api.SailPointContext c, boolean useWorkflow)
Constructs a Provisioning Utilities that will optionally directly forward provisioning operations to the Provisioner.ProvisioningUtilities(sailpoint.api.SailPointContext context, ProvisioningArguments arguments)
ProvisioningUtilities(sailpoint.api.SailPointContext c, String provisioningWorkflowName)
Constructs a workflow-based Provisioning Utilities that will use the given workflow instead of the defaultProvisioningUtilities(sailpoint.api.SailPointContext c, String provisioningWorkflowName, boolean useWorkflow)
Constructs a Provisioning Utilities that will optionally directly forward provisioning operations to the Provisioner, or else will use the given provisioning workflowProvisioningUtilities(sailpoint.api.SailPointContext context, Map<String,Object> arguments)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addEntitlement(String identityName, sailpoint.object.Link account, String attribute, String value, boolean withApproval)
Adds the given entitlement to the given account on the uservoid
addEntitlement(String identityName, sailpoint.object.Link account, sailpoint.object.ManagedAttribute entitlement, boolean withApproval)
Adds the given entitlement to the given account on the uservoid
addPlanArgument(String argument, Object value)
Adds an argument to the ProvisioningPlan that will eventually be constructed on a call todoProvisioning(ProvisioningPlan)
void
addUserRole(String identityName, String roleName)
Adds the given user to the given rolevoid
addUserRole(String identityName, String roleName, boolean withApproval)
Adds the given user to the given rolevoid
addUserRole(String identityName, String roleName, boolean withApproval, String accountName)
Adds the given user to the given role, guessing the target account by name.void
addUserRole(String identityName, String roleName, boolean withApproval, Map<String,sailpoint.object.Link> targets)
Adds the given user to the given role, associating it statically with the given target accounts (or new accounts if none are specified).static void
addUserRolePlan(sailpoint.api.SailPointContext context, String identityName, String roleName, Map<String,sailpoint.object.Link> targets, sailpoint.object.ProvisioningPlan provisioningPlan)
Modifies the plan to add the given user to the given role, associating it statically with the given target accounts (or new accounts if none are specified).void
addWorkflowArgument(String argument, Object value)
Adds an argument to the workflow or Provisioner that will be used in a call todoProvisioning(ProvisioningPlan)
.void
deleteAccount(sailpoint.object.Link link)
Deletes the given account by submitting a Delete request to IIQvoid
disableAccount(sailpoint.object.Link link)
Disables the given account by submitting a Disable request to IIQvoid
disableAccount(sailpoint.object.Link link, boolean doRefresh)
Disables the given account by submitting a Disable request to IIQvoid
disableAccounts(sailpoint.object.Identity identity)
Submits a single request to disable all accounts on the Identity that are not already disabled.void
disableAccounts(sailpoint.object.Identity identity, Predicate<sailpoint.object.Link> onlyThese)
Submits a single request to disable all accounts on the Identity that are not already disabled.void
disableAccounts(sailpoint.object.Identity identity, List<String> onlyThese)
Submits a single request to disable all accounts on the Identity that are not already disabled.void
disableAccounts(sailpoint.object.Identity identity, sailpoint.object.Filter onlyThese)
Submits a single request to disable all accounts on the Identity that are not already disabled.sailpoint.object.ProvisioningProject
doProvisioning(String identityName, sailpoint.object.ProvisioningPlan plan)
Submits a provisioning plan using the configured defaults.sailpoint.object.ProvisioningProject
doProvisioning(String identityName, sailpoint.object.ProvisioningPlan plan, boolean doRefresh)
Submits a provisioning plan using the configured defaults and optionally does a refresh.sailpoint.object.ProvisioningProject
doProvisioning(String identityName, sailpoint.object.ProvisioningPlan plan, boolean doRefresh, Map<String,Object> extraParameters)
Submits a provisioning plan using the configured defaults and optionally does a refresh.sailpoint.object.ProvisioningProject
doProvisioning(sailpoint.object.ProvisioningPlan plan)
Submits a provisioning plan using the configured defaults.sailpoint.object.ProvisioningProject
doProvisioning(sailpoint.object.ProvisioningPlan plan, boolean doRefresh, Map<String,Object> extraParameters)
Submits a provisioning plan using the configured defaults and optionally does a refresh.void
enableAccount(sailpoint.object.Link link)
Enables the given account by submitting an Enable provisioning action to IIQsailpoint.object.Identity
findIdentity(String identityName)
Finds the identity first by name and then by ID.sailpoint.object.ProvisioningProject
forceRetry(sailpoint.object.ProvisioningTransaction pt, boolean createToModify)
Force retry on the given transaction.static sailpoint.object.Attributes<String,Object>
getArguments(sailpoint.object.ProvisioningPlan plan)
Gets the arguments for the given plan, creating one if neededstatic sailpoint.object.Attributes<String,Object>
getArguments(sailpoint.object.ProvisioningPlan.AbstractRequest request)
Gets the arguments for the given request, creating one if neededString
getCaseName(String identityName)
Builds the case name based on the template providedString
getCaseNameTemplate()
String
getExternalTicketId()
static sailpoint.object.ProvisioningPlan.AccountRequest
getIIQAccountRequest(sailpoint.object.ProvisioningPlan plan)
Gets the IIQ account request from the given plan, creating one if neededstatic Object
getLatestValue(sailpoint.api.SailPointContext context, sailpoint.object.ProvisioningPlan.AccountRequest req, String name)
Intended to be used in a pre or post-provision rule, this method will return the given attribute from the AccountRequest if present and otherwise will return it from the Link.static Object
getLatestValue(sailpoint.object.Link account, sailpoint.object.ProvisioningPlan.AccountRequest req, String name)
Intended to be used in a pre or post-provision rule, this method will return the given attribute from the AccountRequest if present and otherwise will return it from the Linkstatic sailpoint.object.Link
getLinkFromRequest(sailpoint.api.SailPointContext context, sailpoint.object.ProvisioningPlan.AccountRequest request)
Retrieves the Link that is associated with the given AccountRequest, or returns null if no link can be found.String
getProvisioningWorkflow()
boolean
isErrorOnAccountSelection()
boolean
isErrorOnManualTask()
boolean
isErrorOnNewAccount()
boolean
isErrorOnProvisioningForms()
boolean
isUseWorkflow()
static sailpoint.object.ProvisioningPlan
linkMovePlan(sailpoint.object.Link theLinkToMove, sailpoint.object.Identity targetIdentity, sailpoint.object.ProvisioningPlan existingPlan)
Creates an AttributeRequest to move the given Link to the given target Identity, either modifying the provided plan or creating a new one.void
moveLinks(sailpoint.object.Identity targetOwner, sailpoint.object.Link... accounts)
Moves the given target account(s) to the given target ownervoid
removeAllAccess(sailpoint.object.Identity identity)
Removes all entitlements and assigned roles from the given Identityvoid
removeAllEntitlements(sailpoint.object.Identity identity, sailpoint.object.Application target)
Removes all entitlements from all accounts of the given type on the given uservoid
removeAllEntitlements(sailpoint.object.Identity identity, sailpoint.object.Application target, sailpoint.object.ProvisioningPlan plan)
Modifies the plan to add entitlement removal requests for all entitlements on accounts of the given typevoid
removeAllEntitlements(sailpoint.object.Link account, String attribute, sailpoint.object.ProvisioningPlan plan)
Modifies the plan to remove all values from the given attribute on the given account.void
removeEntitlement(String identityName, sailpoint.object.Link account, sailpoint.object.ManagedAttribute entitlement, boolean withApproval)
Removes the given entitlement from the given account on the uservoid
removeUserRole(String identityName, String roleName)
Removes the given role from the given uservoid
removeUserRole(String identityName, String roleName, boolean withApproval)
Removes the given role from the given uservoid
removeUserRole(String identityName, String roleName, boolean withApproval, boolean revoke)
Removes the given role from the given uservoid
removeUserRole(String identityName, String roleName, boolean withApproval, sailpoint.object.Link target)
Removes the given user from the given role associated with the target provisioned account.void
removeUserRole(String identityName, sailpoint.object.RoleAssignment targetAssignment)
Removes the given user from the given rolevoid
removeUserRole(String identityName, sailpoint.object.RoleDetection targetDetection)
Removes the given user from the given role.static void
removeUserRolePlan(String roleName, boolean revoke, sailpoint.object.ProvisioningPlan provisioningPlan)
Modifies the plan to add a role removal request for the given rolestatic sailpoint.object.AccountSelection
roleTargetToAccountSelection(sailpoint.object.RoleTarget target)
Creates a AccountSelection object from the given account selectionvoid
setBeforeProvisioning(Consumer<sailpoint.object.ProvisioningPlan> planConsumer)
void
setCaseNameTemplate(String caseNameTemplate)
void
setErrorOnAccountSelection(boolean errorOnAccountSelection)
void
setErrorOnManualTask(boolean errorOnManualTask)
void
setErrorOnNewAccount(boolean errorOnNewAccount)
void
setErrorOnProvisioningForms(boolean errorOnProvisioningForms)
void
setExternalTicketId(String externalTicketId)
void
setLauncher(String who)
void
setProjectDebugger(Consumer<sailpoint.object.ProvisioningProject> projectDebugger)
void
setProvisioningArguments(ProvisioningArguments config)
Sets workflow configuration items all at once for this utilityvoid
setProvisioningWorkflow(String provisioningWorkflow)
void
setUseWorkflow(boolean useWorkflow)
void
setWorkflowDebugger(Consumer<sailpoint.object.WorkflowLaunch> workflowDebugger)
sailpoint.object.Attributes<String,Object>
toMap()
Transforms this object into a Map that can be passed to the constructor that takes a Mapstatic sailpoint.object.ProvisioningTarget
toProvisioningTarget(sailpoint.api.SailPointContext context, sailpoint.object.Bundle role, String application, String nativeIdentity)
Creates a Provisioning Target from the given application and nativeIdentity namestatic sailpoint.object.ProvisioningTarget
toProvisioningTarget(sailpoint.object.Bundle role, sailpoint.object.Link target)
Creates a Provisioning Target from accountvoid
updateAccount(sailpoint.object.Link link, Map<String,Object> map)
Updates the given link with the given values.void
updateAccountRemove(sailpoint.object.Link link, String attribute, Object value)
Updates the given link by setting or adding the given values.void
updateAccountSet(sailpoint.object.Link link, String attribute, Object value)
Updates the given link by setting or adding the given values.void
updateUser(sailpoint.object.Identity identity, String defaultOperation, Map<String,Object> params)
Updates the given identity with the given values.void
updateUser(sailpoint.object.Identity identity, String field, sailpoint.object.ProvisioningPlan.Operation operation, Object value)
Updates the given user with the given field valuesvoid
updateUser(sailpoint.object.Identity identity, Map<String,Object> params)
Updates the given identity with the given values.-
Methods inherited from class com.identityworksllc.iiq.common.AbstractBaseUtility
inject, isDebug, setDebug
-
-
-
-
Field Detail
-
ASSIGNED_ROLES_ATTR
public static final String ASSIGNED_ROLES_ATTR
The attribute for provisioning assigned roles- See Also:
- Constant Field Values
-
NO_APPROVAL_SCHEME
public static final String NO_APPROVAL_SCHEME
The constant to use for no approvals- See Also:
- Constant Field Values
-
PLAN_PARAM_APPROVAL_SCHEME
public static final String PLAN_PARAM_APPROVAL_SCHEME
The approval scheme workflow parameter- See Also:
- Constant Field Values
-
PLAN_PARAM_NOTIFICATION_SCHEME
public static final String PLAN_PARAM_NOTIFICATION_SCHEME
The notification scheme workflow parameter- See Also:
- Constant Field Values
-
-
Constructor Detail
-
ProvisioningUtilities
public ProvisioningUtilities(sailpoint.api.SailPointContext c)
Constructs a workflow-based Provisioning Utilities that will use the default LCM Provisioning workflow for all operations.- Parameters:
c
- The SailPoint context
-
ProvisioningUtilities
public ProvisioningUtilities(sailpoint.api.SailPointContext context, ProvisioningArguments arguments)
-
ProvisioningUtilities
public ProvisioningUtilities(sailpoint.api.SailPointContext context, Map<String,Object> arguments) throws sailpoint.tools.GeneralException
- Throws:
sailpoint.tools.GeneralException
-
ProvisioningUtilities
public ProvisioningUtilities(sailpoint.api.SailPointContext c, boolean useWorkflow)
Constructs a Provisioning Utilities that will optionally directly forward provisioning operations to the Provisioner.- Parameters:
c
- The SailPoint contextuseWorkflow
- If true, workflows will be bypassed and provisioning will be sent directly to the provisioner
-
ProvisioningUtilities
public ProvisioningUtilities(sailpoint.api.SailPointContext c, String provisioningWorkflowName)
Constructs a workflow-based Provisioning Utilities that will use the given workflow instead of the default- Parameters:
c
- The SailPoint contextprovisioningWorkflowName
- The name of a provisioning workflow which should expect an ‘identityName’ and ‘plan’ attribute
-
ProvisioningUtilities
public ProvisioningUtilities(sailpoint.api.SailPointContext c, String provisioningWorkflowName, boolean useWorkflow)
Constructs a Provisioning Utilities that will optionally directly forward provisioning operations to the Provisioner, or else will use the given provisioning workflow- Parameters:
c
- The SailPoint contextprovisioningWorkflowName
- The name of a provisioning workflow which should expect an ‘identityName’ and ‘plan’ attributeuseWorkflow
- If true, workflows will be bypassed and provisioning will be sent directly to the provisioner
-
-
Method Detail
-
addUserRolePlan
public static void addUserRolePlan(sailpoint.api.SailPointContext context, String identityName, String roleName, Map<String,sailpoint.object.Link> targets, sailpoint.object.ProvisioningPlan provisioningPlan) throws sailpoint.tools.GeneralException
Modifies the plan to add the given user to the given role, associating it statically with the given target accounts (or new accounts if none are specified).- Parameters:
context
- the IIQ contextidentityName
- The identity name to add to the given roleroleName
- The role to addtargets
- These Links will be used as a provisioning target for the plan. If a value is null, a new account create will be requested.provisioningPlan
- The provisioning plan to modify- Throws:
sailpoint.tools.GeneralException
- if a failure occurs while looking up required objects
-
getArguments
public static sailpoint.object.Attributes<String,Object> getArguments(sailpoint.object.ProvisioningPlan plan)
Gets the arguments for the given plan, creating one if needed- Parameters:
plan
- The request- Returns:
- The arguments for the plan
-
getArguments
public static sailpoint.object.Attributes<String,Object> getArguments(sailpoint.object.ProvisioningPlan.AbstractRequest request)
Gets the arguments for the given request, creating one if needed- Parameters:
request
- The request- Returns:
- The arguments for the request
-
getIIQAccountRequest
public static sailpoint.object.ProvisioningPlan.AccountRequest getIIQAccountRequest(sailpoint.object.ProvisioningPlan plan)
Gets the IIQ account request from the given plan, creating one if needed- Parameters:
plan
- The plan in question- Returns:
- The IIQ account request
-
getLatestValue
public static Object getLatestValue(sailpoint.api.SailPointContext context, sailpoint.object.ProvisioningPlan.AccountRequest req, String name) throws sailpoint.tools.GeneralException
Intended to be used in a pre or post-provision rule, this method will return the given attribute from the AccountRequest if present and otherwise will return it from the Link.The Link will be looked up based on the contents of the AccountRequest.
- Parameters:
req
- The AccountRequest modifying this Linkname
- The name of the attribute to return- Returns:
- the attribute value
- Throws:
sailpoint.tools.GeneralException
- if a query failure occurs
-
getLatestValue
public static Object getLatestValue(sailpoint.object.Link account, sailpoint.object.ProvisioningPlan.AccountRequest req, String name)
Intended to be used in a pre or post-provision rule, this method will return the given attribute from the AccountRequest if present and otherwise will return it from the Link- Parameters:
account
- The Link being modifiedreq
- The AccountRequest modifying this Linkname
- The name of the attribute to return- Returns:
- the attribute value
-
getLinkFromRequest
public static sailpoint.object.Link getLinkFromRequest(sailpoint.api.SailPointContext context, sailpoint.object.ProvisioningPlan.AccountRequest request) throws sailpoint.tools.GeneralException
Retrieves the Link that is associated with the given AccountRequest, or returns null if no link can be found.The Application on the request must be set and accurate.
On create, the outcome will always be null because the Link doesn’t exist until after the operation has completed.
- Parameters:
request
- The request to use to search- Returns:
- the matching Link, or null if none can be found
- Throws:
sailpoint.tools.GeneralException
- if more than one matching Link is found
-
linkMovePlan
public static sailpoint.object.ProvisioningPlan linkMovePlan(sailpoint.object.Link theLinkToMove, sailpoint.object.Identity targetIdentity, sailpoint.object.ProvisioningPlan existingPlan) throws sailpoint.tools.GeneralException
Creates an AttributeRequest to move the given Link to the given target Identity, either modifying the provided plan or creating a new one.A move-account plan can be structured in either direction. It can be an “Add” plan that focuses on the destination Identity (allowing movement of accounts from more than one source) or a “Remove” plan that focuses on the source Identity (allowing movement of accounts to more than one target). You cannot mix these on a single plan.
If the plan does not already contain a link move, it will be set up as an Add.
This method will throw an exception if you pass an existing plan and its structure does not match the objects you pass in.
- Parameters:
theLinkToMove
- The link to movetargetIdentity
- The Identity to which the link should be movedexistingPlan
- The existing plan to modify, or null to create a new one- Returns:
- The plan created or modified by this method
- Throws:
sailpoint.tools.GeneralException
- if any validation failures occur
-
removeUserRolePlan
public static void removeUserRolePlan(String roleName, boolean revoke, sailpoint.object.ProvisioningPlan provisioningPlan) throws sailpoint.tools.GeneralException
Modifies the plan to add a role removal request for the given role- Parameters:
roleName
- The role to remove from the identityrevoke
- If true, the role will be revoked and not removedprovisioningPlan
- The plan to add the role removal to- Throws:
sailpoint.tools.GeneralException
- If a failure occurs
-
roleTargetToAccountSelection
public static sailpoint.object.AccountSelection roleTargetToAccountSelection(sailpoint.object.RoleTarget target)
Creates a AccountSelection object from the given account selection- Parameters:
target
- The target to transform- Returns:
- An
AccountSelection
with the given RoleTarget parameters
-
toProvisioningTarget
public static sailpoint.object.ProvisioningTarget toProvisioningTarget(sailpoint.object.Bundle role, sailpoint.object.Link target)
Creates a Provisioning Target from account- Parameters:
role
- The role being provisionedtarget
- The target account- Returns:
- A ProvisioningTarget object for the given role / account combination
-
toProvisioningTarget
public static sailpoint.object.ProvisioningTarget toProvisioningTarget(sailpoint.api.SailPointContext context, sailpoint.object.Bundle role, String application, String nativeIdentity) throws sailpoint.tools.GeneralException
Creates a Provisioning Target from the given application and nativeIdentity name- Parameters:
role
- The role being provisionedapplication
- The application to targetnativeIdentity
- The native identity to target- Returns:
- A ProvisioningTarget object for the given role / account combination
- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
addEntitlement
public void addEntitlement(String identityName, sailpoint.object.Link account, sailpoint.object.ManagedAttribute entitlement, boolean withApproval) throws sailpoint.tools.GeneralException
Adds the given entitlement to the given account on the user- Parameters:
identityName
- The identity nameaccount
- The account to modifyentitlement
- The managed attribute from which to extract the entitlementwithApproval
- If false, approval will be skipped- Throws:
sailpoint.tools.GeneralException
- if any failure occurs
-
addEntitlement
public void addEntitlement(String identityName, sailpoint.object.Link account, String attribute, String value, boolean withApproval) throws sailpoint.tools.GeneralException
Adds the given entitlement to the given account on the user- Parameters:
identityName
- The identity nameaccount
- The account to modifyattribute
- The attribute to modifyvalue
- The value to addwithApproval
- If false, approval will be skipped- Throws:
sailpoint.tools.GeneralException
- if any failure occurs
-
addPlanArgument
public void addPlanArgument(String argument, Object value)
Adds an argument to the ProvisioningPlan that will eventually be constructed on a call todoProvisioning(ProvisioningPlan)
- Parameters:
argument
- The argument to add to the planvalue
- The value to add to the plan
-
addUserRole
public void addUserRole(String identityName, String roleName, boolean withApproval, String accountName) throws sailpoint.tools.GeneralException
Adds the given user to the given role, guessing the target account by name.If the plan expands to more than one account selection question, this method will throw an exception.
- Parameters:
identityName
- The identity name to add to the given roleroleName
- The role to addwithApproval
- If true, default approval will be requiredaccountName
- The target account to locate- Throws:
sailpoint.tools.GeneralException
- if a provisioning failure occurs
-
addUserRole
public void addUserRole(String identityName, String roleName, boolean withApproval, Map<String,sailpoint.object.Link> targets) throws sailpoint.tools.GeneralException
Adds the given user to the given role, associating it statically with the given target accounts (or new accounts if none are specified).If a target is not supplied for a given application that is provisioned by this role, the provisioning engine will automatically run any account selection rule followed by an attempt at heuristic guessing.
- Parameters:
identityName
- The identity name to add to the given roleroleName
- The role to addwithApproval
- If true, default approval will be requiredtargets
- These Links will be used as a provisioning target for the plan. If a value is null, a new account create will be requested.- Throws:
sailpoint.tools.GeneralException
- if a provisioning failure occurs
-
addUserRole
public void addUserRole(String identityName, String roleName) throws sailpoint.tools.GeneralException
Adds the given user to the given role- Parameters:
identityName
- The identity name to add to the given roleroleName
- The role to add- Throws:
sailpoint.tools.GeneralException
- if a provisioning failure occurs
-
addUserRole
public void addUserRole(String identityName, String roleName, boolean withApproval) throws sailpoint.tools.GeneralException
Adds the given user to the given role- Parameters:
identityName
- The identity name to add to the given roleroleName
- The role to addwithApproval
- If true, default approval will be required- Throws:
sailpoint.tools.GeneralException
- if a provisioning failure occurs
-
addWorkflowArgument
public void addWorkflowArgument(String argument, Object value)
Adds an argument to the workflow or Provisioner that will be used in a call todoProvisioning(ProvisioningPlan)
.If the value provided is null, the key will be removed from the arguments.
- Parameters:
argument
- The argument to set the value forvalue
- The value to set
-
deleteAccount
public void deleteAccount(sailpoint.object.Link link) throws sailpoint.tools.GeneralException
Deletes the given account by submitting a Delete request to IIQ- Parameters:
link
- The Link to disable- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
disableAccount
public void disableAccount(sailpoint.object.Link link) throws sailpoint.tools.GeneralException
Disables the given account by submitting a Disable request to IIQ- Parameters:
link
- The Link to disable- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
disableAccount
public void disableAccount(sailpoint.object.Link link, boolean doRefresh) throws sailpoint.tools.GeneralException
Disables the given account by submitting a Disable request to IIQ- Parameters:
link
- The Link to disable- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
disableAccounts
public void disableAccounts(sailpoint.object.Identity identity) throws sailpoint.tools.GeneralException
Submits a single request to disable all accounts on the Identity that are not already disabled.- Parameters:
identity
- Who to disable the accounts on- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
disableAccounts
public void disableAccounts(sailpoint.object.Identity identity, List<String> onlyThese) throws sailpoint.tools.GeneralException
Submits a single request to disable all accounts on the Identity that are not already disabled.- Parameters:
identity
- Who to disable the accounts ononlyThese
- Only applications in this list will be disabled- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
disableAccounts
public void disableAccounts(sailpoint.object.Identity identity, Predicate<sailpoint.object.Link> onlyThese) throws sailpoint.tools.GeneralException
Submits a single request to disable all accounts on the Identity that are not already disabled.- Parameters:
identity
- Who to disable the accounts ononlyThese
- Only Link objects where the Predicate returns true will be disabled- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
disableAccounts
public void disableAccounts(sailpoint.object.Identity identity, sailpoint.object.Filter onlyThese) throws sailpoint.tools.GeneralException
Submits a single request to disable all accounts on the Identity that are not already disabled.- Parameters:
identity
- Who to disable the accounts ononlyThese
- Only Link objects matching the filter will be disabled. This uses theHybridObjectMatcher
, allowing fields like “application.name” in the filter.- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
doProvisioning
public sailpoint.object.ProvisioningProject doProvisioning(sailpoint.object.ProvisioningPlan plan) throws sailpoint.tools.GeneralException
Submits a provisioning plan using the configured defaults.This plan must have an Identity attached to it using setIdentity().
- Parameters:
plan
- The ProvisioningPlan to execute- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
doProvisioning
public sailpoint.object.ProvisioningProject doProvisioning(String identityName, sailpoint.object.ProvisioningPlan plan) throws sailpoint.tools.GeneralException
Submits a provisioning plan using the configured defaults.- Parameters:
identityName
- If the plan does not already have an Identity configured, this one will be used.plan
- The provisioning plan.- Returns:
- The compiled provisioning project, post-provision
- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
doProvisioning
public sailpoint.object.ProvisioningProject doProvisioning(String identityName, sailpoint.object.ProvisioningPlan plan, boolean doRefresh) throws sailpoint.tools.GeneralException
Submits a provisioning plan using the configured defaults and optionally does a refresh.- Parameters:
identityName
- If the plan does not already have an Identity configured, this one will be used.plan
- The provisioning plandoRefresh
- If true, a refresh will be performed by the provisioning handler- Returns:
- The compiled provisioning project, post-provision
- Throws:
sailpoint.tools.GeneralException
- if any IIQ failures occur
-
doProvisioning
public sailpoint.object.ProvisioningProject doProvisioning(String identityName, sailpoint.object.ProvisioningPlan plan, boolean doRefresh, Map<String,Object> extraParameters) throws sailpoint.tools.GeneralException
Submits a provisioning plan using the configured defaults and optionally does a refresh.Additionally, extra arguments to the workflow can be provided in a Map.
- Parameters:
identityName
- If the plan does not already have an Identity configured, this one will be used.plan
- The provisioning plandoRefresh
- If true, a refresh will be performed by the provisioning handlerextraParameters
- A Map containing workflow parameters that will be passed to the provisioning workflow or Provisioner- Returns:
- The compiled provisioning project, post-provision
- Throws:
sailpoint.tools.GeneralException
- if any IIQ failures occur
-
doProvisioning
public sailpoint.object.ProvisioningProject doProvisioning(sailpoint.object.ProvisioningPlan plan, boolean doRefresh, Map<String,Object> extraParameters) throws sailpoint.tools.GeneralException
Submits a provisioning plan using the configured defaults and optionally does a refresh.Additionally, extra arguments to the workflow can be provided in a Map.
- Parameters:
plan
- The provisioning plandoRefresh
- If true, a refresh will be performed by the provisioning handlerextraParameters
- A Map containing workflow parameters that will be passed to the provisioning workflow or Provisioner- Throws:
sailpoint.tools.GeneralException
- if any IIQ failures occur
-
enableAccount
public void enableAccount(sailpoint.object.Link link) throws sailpoint.tools.GeneralException
Enables the given account by submitting an Enable provisioning action to IIQ- Parameters:
link
- The Link to enable- Throws:
sailpoint.tools.GeneralException
- if any IIQ errors occur
-
findIdentity
public sailpoint.object.Identity findIdentity(String identityName) throws sailpoint.tools.GeneralException
Finds the identity first by name and then by ID.This is mainly here so that it can be overridden by customer-specific subclasses. Otherwise, it does the same thing as
Resolver.getObject(Class, String)
.- Parameters:
identityName
- The identity name to search for- Returns:
- The Identity if found
- Throws:
sailpoint.tools.GeneralException
- if any errors occur
-
forceRetry
public sailpoint.object.ProvisioningProject forceRetry(sailpoint.object.ProvisioningTransaction pt, boolean createToModify) throws sailpoint.tools.GeneralException
Force retry on the given transaction.There is an out-of-box API for doing this on transactions pending retry (to force them to run ‘right now’ rather than ‘later’), but there is none for doing this on failed transactions.
- Parameters:
pt
- The transaction to retrycreateToModify
- If true, a Create operation will be transmuted to a Modify- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
getCaseName
public String getCaseName(String identityName)
Builds the case name based on the template provided- Parameters:
identityName
- The identity name passed to this case- Returns:
- The case name generated
-
getCaseNameTemplate
public String getCaseNameTemplate()
-
getExternalTicketId
public String getExternalTicketId()
-
getProvisioningWorkflow
public String getProvisioningWorkflow()
-
isErrorOnAccountSelection
public boolean isErrorOnAccountSelection()
-
isErrorOnManualTask
public boolean isErrorOnManualTask()
-
isErrorOnNewAccount
public boolean isErrorOnNewAccount()
-
isErrorOnProvisioningForms
public boolean isErrorOnProvisioningForms()
-
isUseWorkflow
public boolean isUseWorkflow()
-
moveLinks
public void moveLinks(sailpoint.object.Identity targetOwner, sailpoint.object.Link... accounts) throws sailpoint.tools.GeneralException
Moves the given target account(s) to the given target owner- Parameters:
targetOwner
- The target owner for the given accountsaccounts
- One or more accounts to move to the new owner- Throws:
sailpoint.tools.GeneralException
- if anything goes wrong during provisioning
-
removeAllAccess
public void removeAllAccess(sailpoint.object.Identity identity) throws sailpoint.tools.GeneralException
Removes all entitlements and assigned roles from the given Identity- Parameters:
identity
- The identity from whom to strip access- Throws:
sailpoint.tools.GeneralException
- if anything goes wrong during provisioning
-
removeAllEntitlements
public void removeAllEntitlements(sailpoint.object.Identity identity, sailpoint.object.Application target) throws sailpoint.tools.GeneralException
Removes all entitlements from all accounts of the given type on the given user- Parameters:
identity
- The identity to targettarget
- The target application from which to remove accounts- Throws:
sailpoint.tools.GeneralException
- if a failure occurs
-
removeAllEntitlements
public void removeAllEntitlements(sailpoint.object.Identity identity, sailpoint.object.Application target, sailpoint.object.ProvisioningPlan plan) throws sailpoint.tools.GeneralException
Modifies the plan to add entitlement removal requests for all entitlements on accounts of the given type- Parameters:
identity
- The identity from which to extract the entitlementstarget
- The target applicationplan
- The provisioning plan- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
removeAllEntitlements
public void removeAllEntitlements(sailpoint.object.Link account, String attribute, sailpoint.object.ProvisioningPlan plan)
Modifies the plan to remove all values from the given attribute on the given account.- Parameters:
account
- The account to modifyattribute
- The attribute to remove attributes fromplan
- The provisioning plan
-
removeEntitlement
public void removeEntitlement(String identityName, sailpoint.object.Link account, sailpoint.object.ManagedAttribute entitlement, boolean withApproval) throws sailpoint.tools.GeneralException
Removes the given entitlement from the given account on the user- Parameters:
identityName
- The identity nameaccount
- The account to modifyentitlement
- The managed attribute from which to extract the entitlementwithApproval
- If false, approval will be skipped- Throws:
sailpoint.tools.GeneralException
- if any failure occurs
-
removeUserRole
public void removeUserRole(String identityName, sailpoint.object.RoleAssignment targetAssignment) throws sailpoint.tools.GeneralException
Removes the given user from the given role- Parameters:
targetAssignment
- The target existing RoleAssignment from an Identity- Throws:
sailpoint.tools.GeneralException
- if a provisioning failure occurs
-
removeUserRole
public void removeUserRole(String identityName, sailpoint.object.RoleDetection targetDetection) throws sailpoint.tools.GeneralException
Removes the given user from the given role.For a detected role, this will remove any entitlements provisioned by that role that are not required by another role assigned to the user.
- Parameters:
identityName
- The name of the Identity to modifytargetDetection
- The target existing RoleDetection from an Identity- Throws:
sailpoint.tools.GeneralException
- if a provisioning failure occurs
-
removeUserRole
public void removeUserRole(String identityName, String roleName, boolean withApproval, sailpoint.object.Link target) throws sailpoint.tools.GeneralException
Removes the given user from the given role associated with the target provisioned account.Note that the role may also be associated with a different account. This is used only to locate the RoleAssignment object for deprovisioning by assignment ID.
- Parameters:
identityName
- The identity name to add to the given roleroleName
- The role to addwithApproval
- If true, default approval will be requiredtarget
- If not null, this will be used as a provisioning target for the plan- Throws:
sailpoint.tools.GeneralException
- if a provisioning failure occurs
-
removeUserRole
public void removeUserRole(String identityName, String roleName) throws sailpoint.tools.GeneralException
Removes the given role from the given user- Parameters:
identityName
- The identity to remove the role fromroleName
- The role to remove from the identity- Throws:
sailpoint.tools.GeneralException
- If a failure occurs
-
removeUserRole
public void removeUserRole(String identityName, String roleName, boolean withApproval) throws sailpoint.tools.GeneralException
Removes the given role from the given user- Parameters:
identityName
- The identity to remove the role fromroleName
- The role to remove from the identitywithApproval
- If true, a default approval will be required- Throws:
sailpoint.tools.GeneralException
- If a failure occurs
-
removeUserRole
public void removeUserRole(String identityName, String roleName, boolean withApproval, boolean revoke) throws sailpoint.tools.GeneralException
Removes the given role from the given user- Parameters:
identityName
- The identity to remove the role fromroleName
- The role to remove from the identitywithApproval
- If true, a default approval will be requiredrevoke
- If true, the role will be revoked and not removed- Throws:
sailpoint.tools.GeneralException
- If a failure occurs
-
setBeforeProvisioning
public void setBeforeProvisioning(Consumer<sailpoint.object.ProvisioningPlan> planConsumer)
-
setCaseNameTemplate
public void setCaseNameTemplate(String caseNameTemplate)
-
setErrorOnAccountSelection
public void setErrorOnAccountSelection(boolean errorOnAccountSelection)
-
setErrorOnManualTask
public void setErrorOnManualTask(boolean errorOnManualTask)
-
setErrorOnNewAccount
public void setErrorOnNewAccount(boolean errorOnNewAccount)
-
setErrorOnProvisioningForms
public void setErrorOnProvisioningForms(boolean errorOnProvisioningForms)
-
setExternalTicketId
public void setExternalTicketId(String externalTicketId)
-
setProjectDebugger
public void setProjectDebugger(Consumer<sailpoint.object.ProvisioningProject> projectDebugger)
-
setLauncher
public void setLauncher(String who)
-
setProvisioningArguments
public void setProvisioningArguments(ProvisioningArguments config)
Sets workflow configuration items all at once for this utility- Parameters:
config
- The workflow configuration to use
-
setProvisioningWorkflow
public void setProvisioningWorkflow(String provisioningWorkflow)
-
setUseWorkflow
public void setUseWorkflow(boolean useWorkflow)
-
setWorkflowDebugger
public void setWorkflowDebugger(Consumer<sailpoint.object.WorkflowLaunch> workflowDebugger)
-
toMap
public sailpoint.object.Attributes<String,Object> toMap()
Transforms this object into a Map that can be passed to the constructor that takes a Map- Returns:
- The resulting map transformation
-
updateAccount
public void updateAccount(sailpoint.object.Link link, Map<String,Object> map) throws sailpoint.tools.GeneralException
Updates the given link with the given values.Field names can also have the form “Operation:Name”, e.g. “Add:memberOf”, to specify an operation.
Values ‘Set’ to a multi-value field will be transformed to ‘Add’ by default. You can override this using the colon syntax above, which will always take priority.
- Parameters:
link
- The Link to updatemap
- The values to update (Set by default)- Throws:
sailpoint.tools.GeneralException
- if any provisioning failures occur
-
updateAccountRemove
public void updateAccountRemove(sailpoint.object.Link link, String attribute, Object value) throws sailpoint.tools.GeneralException
Updates the given link by setting or adding the given values.Multi-value attributes will be transformed to Set.
- Parameters:
link
- The Link to updateattribute
- The name of the attribute to either set or addvalue
- The value(s) to set or add- Throws:
sailpoint.tools.GeneralException
- if any provisioning failures occur
-
updateAccountSet
public void updateAccountSet(sailpoint.object.Link link, String attribute, Object value) throws sailpoint.tools.GeneralException
Updates the given link by setting or adding the given values.Multi-value attributes will be transformed to Set.
- Parameters:
link
- The Link to updateattribute
- The name of the attribute to either set or addvalue
- The value(s) to set or add- Throws:
sailpoint.tools.GeneralException
- if any provisioning failures occur
-
updateUser
public void updateUser(sailpoint.object.Identity identity, Map<String,Object> params) throws sailpoint.tools.GeneralException
Updates the given identity with the given values.Field names can also have the form “Operation:Name”, e.g. “Add:memberOf”, to specify an operation.
Values ‘Set’ to a multi-value field will be transformed to ‘Add’ by default. You can override this using the colon syntax above, which will always take priority.
- Parameters:
identity
- The identity to modifyparams
- The parameters to modify- Throws:
sailpoint.tools.GeneralException
- if anything goes wrong
-
updateUser
public void updateUser(sailpoint.object.Identity identity, String defaultOperation, Map<String,Object> params) throws sailpoint.tools.GeneralException
Updates the given identity with the given values.Field names can also have the form “Operation:Name”, e.g. “Add:memberOf”, to specify an operation.
Values ‘Set’ to a multi-value field will be transformed to ‘Add’ by default. You can override this using the colon syntax above, which will always take priority.
- Parameters:
identity
- The identity to modifydefaultOperation
- The default operation to update with (Set, Add, Remove, etc) if one is not givenparams
- The parameters to modify- Throws:
sailpoint.tools.GeneralException
- if anything goes wrong
-
updateUser
public void updateUser(sailpoint.object.Identity identity, String field, sailpoint.object.ProvisioningPlan.Operation operation, Object value) throws sailpoint.tools.GeneralException
Updates the given user with the given field values- Parameters:
identity
- The identity in questionfield
- The field to setoperation
- The operation to usevalue
- The value to update- Throws:
sailpoint.tools.GeneralException
- if any provisioning failures occur
-
-