|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.waveset.provision.Provisioner
The Provisioner class implements what the design refers to as the "Provisioning Engine". It is the object responsible for coordinating the provisioning of accounts among multiple resources, enforcing rules defined by the role, and implementing provisioning notification options defined by the role.
A Provisioner object is typically maintained by the singleton Server, and also may be maintained by one or more WorkflowProvisioner objects managed by the workflow engine.
There is currently no real need for this to be a singleton, though we do need references to some singletons, notably the repository and the cache. They are suppplied through the constructor. We also need a few other things, which we'll assume we can get through their static factory methods.
Much of the original logic has been moved into the ProvisionContext class, as part of a redesign to support multiple provisioning threads.
Nested Class Summary | |
static class |
Provisioner.ProvisionOp
|
Field Summary | |
static java.lang.String |
code_id
|
static java.lang.String |
DEFAULT_FORM
The name of the Configuration object containing the form to use for reProvisioning. |
static java.lang.String |
IDENTITY_ATTRIBUTE
Special attribute name that may be passed down in the ResourceInfo._attributes map to convey the full identity of the account. |
static java.lang.String |
OLD_USER_FORM
The id of the Configuration object containing the original user form, provided for backward compatibility. |
protected static Trace |
trace
|
Constructor Summary | |
Provisioner(LighthouseContext context)
|
|
Provisioner(LighthouseContext context,
PolicyManager policies,
PolicyProcessor policyProcessor)
|
Method Summary | |
void |
checkPasswordPolicies(WSUser user,
ProvisioningOptions options)
Check accountId and password policies for the Lighthouse user and resource accounts. |
void |
checkPolicies(WSUser user,
ProvisioningOptions options)
Check all policies enforced by the provisioning engine. |
WavesetResult |
deleteAccount(ProvisioningOptions ops)
Delete the Lighthouse account. |
WavesetResult |
deProvision(ProvisioningOptions ops)
Deprovision resource accounts (but retain the Lighthouse account). |
void |
fetchAccounts(ProvisioningOptions options)
Given a user object, fetch resource accounts associated with this user, and merge their attributes into the user object. |
void |
generateIdentity(WSUser user,
ResourceInfo info,
boolean tolerateFailure,
WSUser resuser,
ResourceResult result)
Fill in any accountId missing from the resource info. |
ResourceAdapter |
getAdapter(Resource res)
Get the adapter for a resource definition. |
ObjectCache |
getCache()
Return the cache we use. |
LighthouseContext |
getContext()
|
Policy |
getLighthousePolicy(WSUser user)
Return the effective Lighthouse policies. |
ProvisionMonitor |
getMonitor()
Get the currently registered ProvisioningMonitor. |
OrderedResourceOps |
getOrderedResourceOps(ProvisioningOptions ops,
boolean deProvision)
|
PasswordGenerator |
getPasswordGenerator()
Return a password generator. |
PolicyManager |
getPolicyManager()
Exposed only so we can get to a policy manager from within ProvisionResult. |
java.util.List |
getResourceOps(ProvisioningOptions ops)
Build the list of resource "ops" that would be used to process a provison with the given options. |
java.util.List |
getResourceOps(WSUser user)
This method returns the list of ResourceOp objects that would be built if a provision or reprovision were done. |
void |
println(java.lang.String msg)
|
void |
propertiesFileChanged()
Properties file listener. |
WavesetResult |
provision(ProvisioningOptions options)
Provision a new Lighthouse user and optionally create resource accounts. |
WavesetResult |
reProvision(ProvisioningOptions ops)
Perform a provisioning pass on an existing user account. |
void |
setCurrentTime(java.util.Date d)
Set the current time override. |
void |
setMonitor(ProvisionMonitor mon)
Used by IDMX to disable the recon monitor. |
void |
setPasswordExpiration(WSUser user)
Public utility method to reset a user's password expiration. |
void |
updateResetHistory(WSUser user,
boolean checkLimits)
Called by the password views to maintain the reset history on the user object, and optionally check for reset limits. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final java.lang.String code_id
protected static final Trace trace
public static final java.lang.String IDENTITY_ATTRIBUTE
public static final java.lang.String DEFAULT_FORM
public static final java.lang.String OLD_USER_FORM
Constructor Detail |
public Provisioner(LighthouseContext context) throws WavesetException
public Provisioner(LighthouseContext context, PolicyManager policies, PolicyProcessor policyProcessor) throws WavesetException
Method Detail |
public LighthouseContext getContext()
public PolicyManager getPolicyManager()
public ProvisionMonitor getMonitor()
public void setMonitor(ProvisionMonitor mon)
public void setCurrentTime(java.util.Date d)
public ObjectCache getCache()
public void propertiesFileChanged()
propertiesFileChanged
in interface WavesetProperties.Listener
public void println(java.lang.String msg)
public void generateIdentity(WSUser user, ResourceInfo info, boolean tolerateFailure, WSUser resuser, ResourceResult result) throws WavesetException
WavesetException
public java.util.List getResourceOps(WSUser user) throws WavesetException
Since this is for informational purposes, make sure that ProvisionContext.buildResourceOps continues to be a relativel cheap operation. It shouldn't be doing any repo or resource hits.
WavesetException
public OrderedResourceOps getOrderedResourceOps(ProvisioningOptions ops, boolean deProvision) throws WavesetException
WavesetException
public java.util.List getResourceOps(ProvisioningOptions ops) throws WavesetException
WavesetException
public Policy getLighthousePolicy(WSUser user) throws WavesetException
WavesetException
public void setPasswordExpiration(WSUser user) throws WavesetException
WavesetException
public ResourceAdapter getAdapter(Resource res) throws WavesetException
WavesetException
public WavesetResult provision(ProvisioningOptions options) throws MissingAttribute, PolicyViolation, WavesetException
MissingAttribute
PolicyViolation
WavesetException
public void checkPasswordPolicies(WSUser user, ProvisioningOptions options) throws WavesetException
We assume the ResourceInfo list is fleshed out as necessary.
This is subject to certain provisioning options, notably the targetResources list and the noCreate flag. This is important for some BNSF cases where they want to set the Lighthouse password and the RACF password differently with different policies. But the user may have a ResourceInfo for RACF with created=false so we have to allow the Lighthouse password policy to be checked without assuming that this password will also be pushed to RACF.
WavesetException
public void checkPolicies(WSUser user, ProvisioningOptions options) throws WavesetException
This should now always be called prior to getting into the provisioner. provision() and reProvision() will continue to check policies, but it should be done sooner so the errors can be displayed before the task suspends for approvals.
WavesetException
public PasswordGenerator getPasswordGenerator() throws WavesetException
WavesetException
public WavesetResult reProvision(ProvisioningOptions ops) throws WavesetException
This will reconcile changes made to the resource lists, and propagate any pending changes found in the user object to the resources.
Note that if we're propagating password changes, we expect the password policies to have been checked by now, and the expiration date to have been set relative to the time the change was made, which may have been some time ago. This is normally done by a view handler.
WavesetException
public WavesetResult deProvision(ProvisioningOptions ops) throws WavesetException
WavesetException
public WavesetResult deleteAccount(ProvisioningOptions ops) throws WavesetException
WavesetException
public void updateResetHistory(WSUser user, boolean checkLimits) throws WavesetException
WavesetException
public void fetchAccounts(ProvisioningOptions options) throws WavesetException
Convenience method that combines the fetchAccounts and mergeAccounts methods.
If the resources list is null, all of the accounts associated with this user are fetched.
WavesetException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |