Policy Violation Rule (This rule is used to format a PolicyViolation object)
<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd"> <Rule language="beanshell" name="VIS Policy Violation Rule" type="Violation"> <Description>This rule is used to format a PolicyViolation object.</Description> <Signature returnType="PolicyViolation"> <Inputs> <Argument name="log"> <Description> The log object associated with the SailPointContext. </Description> </Argument> <Argument name="context"> <Description> A sailpoint.api.SailPointContext object that can be used to query the database if necessary. </Description> </Argument> <Argument name="identity"> <Description> The Identity in violation. </Description> </Argument> <Argument name="policy"> <Description> The Policy being violated. </Description> </Argument> <Argument name="constraint"> <Description> The Constraint being violated. </Description> </Argument> <Argument name="violation"> <Description> The PolicyViolation object. </Description> </Argument> <Argument name="state"> <Description> A Map containing state information. </Description> </Argument> </Inputs> <Returns> <Argument name="violation"> <Description> The formatted PolicyViolation object. </Description> </Argument> </Returns> </Signature> <Source> import java.util.List; import sailpoint.api.PolicyUtil; import sailpoint.api.PolicyUtil.EntitlementSummary; import sailpoint.api.PolicyUtil.RoleSummary; import sailpoint.api.PolicyUtil.ApplicationSummary; import sailpoint.api.PolicyUtil.ItemSummary; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import sailpoint.object.Attributes; import sailpoint.object.Filter; import sailpoint.object.ManagedAttribute; import sailpoint.object.QueryOptions; public ManagedAttribute getOriginalEntitlementObject(String entitlementDNValue, String appName) { customLog.debug("Entering getOriginalEntitlementObject : "+entitlementDNValue+" : "+appName); ManagedAttribute managedAttribute = null; Filter filterValue = Filter.eq("value",entitlementDNValue); Filter filterAppType =Filter.eq("application.name",appName); Filter filterAndCond = Filter.and(filterValue,filterAppType); QueryOptions qo = new QueryOptions(); qo.add(filterAndCond); List entitlements = context.getObjects(ManagedAttribute.class,qo); customLog.debug("Entering getOriginalEntitlementObject : size is" +entitlements.size()); if(entitlements.size()> 0){ for(ManagedAttribute entitlement : entitlements){ managedAttribute = entitlement; } } customLog.debug("Exiting getOriginalEntitlementObject: "+managedAttribute); return managedAttribute; } private summarizeApp(StringBuilder b, ApplicationSummary app) { List atts = app.attributes; if (atts != null && atts.size() > 0) { customLog.debug("app.name: "+ app.name); b.append(" account on: ["+app.name); //b.append(": "); for (int i = 0 ; i < atts.size() ; i++) { ItemSummary as = atts.get(i); if (i > 0) b.append(" "); // b.append(as.name); customLog.debug("as.name: "+ as.name); // b.append("="); List values = as.values; customLog.debug("as.values: "+ as.values); if (values == null) { b.append("null"); } else if (values.size() > 1) { // this will bracket it with [] b.append(" with entitlements as: '"); for(int j=0;j < values.size() ; j++){ ManagedAttribute managedAttribute = getOriginalEntitlementObject(values.get(j).toString(),app.name); b.append(managedAttribute.getDisplayName()); b.append(", "); } b.append("'"); // b.append(values.toString()); } else if(values.size() == 1){ b.append(" with entitlements as: '"); // b.append("'"); // b.append(values.get(0).toString()); // b.append("'"); ManagedAttribute managedAttribute = getOriginalEntitlementObject(values.get(0).toString(),app.name); b.append("'"); customLog.debug("summarizeApp: "+ managedAttribute.getDisplayName()); b.append(managedAttribute.getDisplayName()); b.append("'"); } b.append("]"); } } List perms = app.permissions; if (perms != null && perms.size() > 0) { for (int i = 0 ; i < perms.size() ; i++) { ItemSummary ps = perms.get(i); b.append(app.name); b.append(": "); List values = ps.values; if (values == null) { b.append("none"); } else if (values.size() > 1) { // this will bracket it with [] b.append(values.toString()); } else { b.append("'"); b.append(values.get(i).toString()); b.append("'"); } b.append(" on "); b.append(ps.name); b.append(" "); } } } private summarizeRole(StringBuilder b, RoleSummary role) { if (role.name != null) { b.append("Role: "); b.append(role.name); b.append(" "); } List apps = role.applications; if (apps != null) { for (int i = 0 ; i < apps.size() ; i++) summarizeApp(b, apps.get(i)); } } private summarizeRoles(StringBuilder b, List roles) { if (roles != null) { for (int i = 0 ; i < roles.size() ; i++) { summarizeRole(b, roles.get(i)); } } } private static Log customLog = LogFactory.getLog("vis.rule.visViolation"); customLog.debug("Entering Policy Volidation Rule for: "+ identity.getStringAttribute("name")) EntitlementSummary summary =PolicyUtil.summarizeViolationEntitlements(context, identity,violation, null); if (summary != null) { StringBuilder b = new StringBuilder(); summarizeRoles(b, summary.left); b.append("--- conflicts with --- "); summarizeRoles(b, summary.right); violation.setDescription(b.toString()); } </Source> </Rule>
No comments:
Post a Comment