Thursday, May 20, 2021

Code to update provisioning plan to remove the "Remove entitlement requests" from the provisioning plan

 Requirement: The function takes three inputs ProvisioningPlan, application name and the list entitlements that shouldn't be removed from the user. (This funtion can be used as a part of Mover workflow where a set of entitlements must not be removed from the user after provisioning due to mover event).


public ProvisioningPlan removeADGroupRemoveRequest(ProvisioningPlan plan, String appName, List<String> groups) {
log.debug("Entered removeADGroupRemoveRequest");
// Define a new ProvisioningPlan
ProvisioningPlan newplan = new ProvisioningPlan();
List<AccountRequest> newAccountRequests = null; 
sailpoint.object.ProvisioningPlan.AccountRequest.Operation operation = null;
// Get the account requests
List<AccountRequest> accountRequests = plan.getAccountRequests();
if (accountRequests.size()>=0) {
// Iterate for every accountRequest
for (AccountRequest accountRequest : accountRequests) {
operation = accountRequest.getOperation();
String applicationName = accountRequest.getApplicationName();
//check if the application name of the accountRequest is same as the incoming appName
if(applicationName.equalsIgnoreCase(appName)) {
log.debug("Operation for Account Request: "+operation);
if(operation.equals(AccountRequest.Operation.Modify)) {
// Get attribute requests from the accountRequest
List<AttributeRequest> attributeRequests = accountRequest.getAttributeRequests();
if(attributeRequests.size()>0) {
for(AttributeRequest attributeRequest : attributeRequests) {
String name = attributeRequest.getName();
Object value = attributeRequest.getValue();
ProvisioningPlan.Operation oper = attributeRequest.getOp();
if(name!=null)
{
if(name.equalsIgnoreCase("memberOf")) {
if(attributeRequest.getOperation().equals(ProvisioningPlan.Operation.Remove)) {
log.debug("Remove entitlement operation entered");
String entValue = (String)value;
if(groups.contains(entValue)){
// remove the attribute request from account request
accountRequest.remove(attributeRequest);
}
}
}
}
}
}
}
}
//adding all the accountRequests to the newAccountRequests list
newAccountRequests.add(accountRequest);
}
  }
//add the newAccountRequests to the newplan and return newplan
newplan.setAccountRequests(newAccountRequests);
return newplan;
}

Comment below if you find this post helpful.
-
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Form AllowedValues rule to filter Identities with Active Regular Active Directory accounts and identity is active and correlated

 The rule type is AllowedValues. import org.apache.log4j.Level ; import org.apache.log4j.Logger ; import sailpoint.object.Filter ; import sa...