Package org.odpi.openmetadata.integrationservices.security.connector

Class SecurityIntegratorContext

java.lang.Object
org.odpi.openmetadata.frameworks.integration.context.IntegrationContext
org.odpi.openmetadata.integrationservices.security.connector.SecurityIntegratorContext
public class SecurityIntegratorContext extends IntegrationContext
SecurityIntegratorContext provides a wrapper around the Security Manager OMAS client. It provides the simplified interface to open metadata needed by the SecurityIntegratorConnector.

  • Constructor Details

    • SecurityIntegratorContext

      public SecurityIntegratorContext(String connectorId, String connectorName, String connectorUserId, String serverName, OpenIntegrationClient openIntegrationClient, GovernanceConfiguration governanceConfiguration, OpenMetadataClient openMetadataStoreClient, ActionControlInterface actionControlInterface, SecurityManagerClient securityManagerClient, UserIdentityManagement userIdentityClient, SecurityManagerEventClient eventClient, boolean generateIntegrationReport, PermittedSynchronization permittedSynchronization, String integrationConnectorGUID, String externalSourceGUID, String externalSourceName, int maxPageSize, AuditLog auditLog)
      Create a new client to exchange data asset content with open metadata.
      Parameters:
      connectorId - unique identifier of the connector (used to configure the event listener)
      connectorName - name of connector from config
      connectorUserId - userId for the connector
      serverName - name of the integration daemon
      openIntegrationClient - client for calling the metadata server
      governanceConfiguration - client for managing catalog targets
      openMetadataStoreClient - client for calling the metadata server
      actionControlInterface - client for initiating governance actions
      securityManagerClient - client for exchange requests
      userIdentityClient - client form managing user identities
      eventClient - client for registered listeners
      generateIntegrationReport - should the connector generate an integration reports?
      permittedSynchronization - the direction of integration permitted by the integration connector
      integrationConnectorGUID - unique identifier for the integration connector if it is started via an integration group (otherwise it is null).
      externalSourceGUID - unique identifier of the software server capability for the asset manager
      externalSourceName - unique name of the software server capability for the asset manager
      maxPageSize - max number of elements that can be returned on a query
      auditLog - logging destination

  • Method Details

    • getExternalSourceName

      public String getExternalSourceName()
      Return the qualified name of the security manager that is supplied in the configuration document.
      Returns:
      string name

    • registerListener

      public void registerListener(SecurityManagerEventListener listener) throws InvalidParameterException, ConnectionCheckedException, ConnectorCheckedException, PropertyServerException, UserNotAuthorizedException
      Register a listener object that will be passed each of the events published by the Security Manager OMAS.
      Parameters:
      listener - listener object
      Throws:
      InvalidParameterException - one of the parameters is null or invalid.
      ConnectionCheckedException - there are errors in the configuration of the connection which is preventing the creation of a connector.
      ConnectorCheckedException - there are errors in the initialization of the connector.
      PropertyServerException - there is a problem retrieving information from the property server(s).
      UserNotAuthorizedException - the requesting user is not authorized to issue this request.

    • createSecurityGroup

      public String createSecurityGroup(SecurityGroupProperties properties) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Create a new security group. The type of the definition is located in the properties.
      Parameters:
      properties - properties of the definition
      Returns:
      unique identifier of the definition
      Throws:
      InvalidParameterException - typeName, documentIdentifier or userId is null; documentIdentifier is not unique; typeName is not valid
      PropertyServerException - problem accessing the metadata service
      UserNotAuthorizedException - security access problem

    • updateSecurityGroup

      public void updateSecurityGroup(String securityGroupGUID, boolean isMergeUpdate, SecurityGroupProperties properties) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Update an existing security group.
      Parameters:
      securityGroupGUID - unique identifier of the definition to update
      isMergeUpdate - are unspecified properties unchanged (true) or removed?
      properties - properties to update
      Throws:
      InvalidParameterException - guid, documentIdentifier or userId is null; documentIdentifier is not unique; guid is not known
      PropertyServerException - problem accessing property server
      UserNotAuthorizedException - security access problem

    • deleteSecurityGroup

      public void deleteSecurityGroup(String securityGroupGUID) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Delete a specific security group.
      Parameters:
      securityGroupGUID - unique identifier of the definition to remove
      Throws:
      InvalidParameterException - guid is null or not known
      PropertyServerException - problem accessing property server
      UserNotAuthorizedException - security access problem

    • getSecurityGroupsForDistinguishedName

      public List<SecurityGroupElement> getSecurityGroupsForDistinguishedName(String distinguishedName, int startFrom, int pageSize) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Return the list of security groups associated with a unique distinguishedName. In an ideal world, there should be only one.
      Parameters:
      distinguishedName - unique name of the security group
      startFrom - where to start from in the list of definitions
      pageSize - max number of results to return in one call
      Returns:
      list of security groups
      Throws:
      InvalidParameterException - one of the parameters is invalid
      UserNotAuthorizedException - the caller is not authorized to issue the request
      PropertyServerException - the metadata service has problems

    • getElementsGovernedBySecurityGroup

      public List<ElementStub> getElementsGovernedBySecurityGroup(String securityGroupGUID, int startFrom, int pageSize) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Return the elements that are governed by the supplied security group.
      Parameters:
      securityGroupGUID - unique name of the security group
      startFrom - where to start from in the list of definitions
      pageSize - max number of results to return in one call
      Returns:
      list of headers for the associated elements
      Throws:
      InvalidParameterException - one of the parameters is invalid
      UserNotAuthorizedException - the caller is not authorized to issue the request
      PropertyServerException - the metadata service has problems

    • findSecurityGroups

      public List<SecurityGroupElement> findSecurityGroups(String searchString, int startFrom, int pageSize) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Return the list of security groups that match the search string - this can be a regular expression.
      Parameters:
      searchString - value to search for
      startFrom - where to start from in the list of definition results
      pageSize - max number of results to return in one call
      Returns:
      list of security groups
      Throws:
      InvalidParameterException - one of the parameters is invalid
      UserNotAuthorizedException - the caller is not authorized to issue the request
      PropertyServerException - the metadata service has problems

    • createUserIdentity

      public String createUserIdentity(String anchorGUID, boolean isOwnAnchor, String anchorScopeGUID, UserIdentityProperties properties, String parentGUID, String parentRelationshipTypeName, ElementProperties parentRelationshipProperties, boolean parentAtEnd1, boolean forLineage, boolean forDuplicateProcessing, Date effectiveTime) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Create a new user identity.
      Parameters:
      anchorGUID - unique identifier of the element that should be the anchor for the new element. Set to null if no anchor, or the Anchors classification is included in the initial classifications.
      isOwnAnchor - boolean flag to day that the element should be classified as its own anchor once its element is created in the repository.
      anchorScopeGUID - unique identifier of any anchor scope to use for searching
      properties - properties for the new element.
      parentGUID - unique identifier of optional parent entity
      parentRelationshipTypeName - type of relationship to connect the new element to the parent
      parentRelationshipProperties - properties to include in parent relationship
      parentAtEnd1 - which end should the parent GUID go in the relationship
      forLineage - the retrieved elements are for lineage processing so include archived elements
      forDuplicateProcessing - the retrieved element is for duplicate processing so do not combine results from known duplicates.
      effectiveTime - only return an element if it is effective at this time. Null means anytime. Use "new Date()" for now.
      Returns:
      unique identifier of the newly created element
      Throws:
      InvalidParameterException - one of the parameters is invalid.
      PropertyServerException - there is a problem retrieving information from the property server(s).
      UserNotAuthorizedException - the requesting user is not authorized to issue this request.

    • createUserIdentityFromTemplate

      public String createUserIdentityFromTemplate(String anchorGUID, boolean isOwnAnchor, String anchorScopeGUID, Date effectiveFrom, Date effectiveTo, String templateGUID, ElementProperties replacementProperties, Map<String,String> placeholderProperties, String parentGUID, String parentRelationshipTypeName, ElementProperties parentRelationshipProperties, boolean parentAtEnd1, boolean forLineage, boolean forDuplicateProcessing, Date effectiveTime) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Create a new metadata element to represent a user identity using an existing element as a template. The template defines additional classifications and relationships that should be added to the new user identity.
      Parameters:
      anchorGUID - unique identifier of the element that should be the anchor for the new element. Set to null if no anchor, or the Anchors classification is included in the initial classifications.
      isOwnAnchor - boolean flag to day that the element should be classified as its own anchor once its element is created in the repository.
      anchorScopeGUID - unique identifier of any anchor scope to use for searching
      effectiveFrom - the date when this element is active - null for active on creation
      effectiveTo - the date when this element becomes inactive - null for active until deleted
      templateGUID - the unique identifier of the existing asset to copy (this will copy all the attachments such as nested content, schema connection etc)
      replacementProperties - properties of the new metadata element. These override the template values
      placeholderProperties - property name-to-property value map to replace any placeholder values in the template element - and their anchored elements, which are also copied as part of this operation.
      parentGUID - unique identifier of optional parent entity
      parentRelationshipTypeName - type of relationship to connect the new element to the parent
      parentRelationshipProperties - properties to include in parent relationship
      parentAtEnd1 - which end should the parent GUID go in the relationship
      forLineage - the retrieved elements are for lineage processing so include archived elements
      forDuplicateProcessing - the retrieved element is for duplicate processing so do not combine results from known duplicates.
      effectiveTime - only return an element if it is effective at this time. Null means anytime. Use "new Date()" for now.
      Returns:
      unique identifier of the new metadata element
      Throws:
      InvalidParameterException - one of the parameters is invalid
      UserNotAuthorizedException - the user is not authorized to issue this request
      PropertyServerException - there is a problem reported in the open metadata server(s)

    • updateUserIdentity

      public void updateUserIdentity(String userIdentityGUID, boolean replaceAllProperties, UserIdentityProperties properties, boolean forLineage, boolean forDuplicateProcessing, Date effectiveTime) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Update the properties of a user identity.
      Parameters:
      userIdentityGUID - unique identifier of the user identity (returned from create)
      replaceAllProperties - flag to indicate whether to completely replace the existing properties with the new properties, or just update the individual properties specified on the request.
      properties - properties for the element.
      forLineage - the query is to support lineage retrieval
      forDuplicateProcessing - the query is for duplicate processing and so must not deduplicate
      effectiveTime - the time that the retrieved elements must be effective for (null for any time, new Date() for now)
      Throws:
      InvalidParameterException - one of the parameters is invalid.
      PropertyServerException - there is a problem retrieving information from the property server(s).
      UserNotAuthorizedException - the requesting user is not authorized to issue this request.

    • linkIdentityToProfile

      public void linkIdentityToProfile(String userIdentityGUID, String profileGUID, ProfileIdentityProperties relationshipProperties, boolean forLineage, boolean forDuplicateProcessing, Date effectiveTime) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Attach a profile to a user identity.
      Parameters:
      userIdentityGUID - unique identifier of the parent
      profileGUID - unique identifier of the actor profile
      relationshipProperties - description of the relationship.
      forLineage - the query is to support lineage retrieval
      forDuplicateProcessing - the query is for duplicate processing and so must not deduplicate
      effectiveTime - the time that the retrieved elements must be effective for (null for any time, new Date() for now)
      Throws:
      InvalidParameterException - one of the parameters is null or invalid.
      PropertyServerException - there is a problem retrieving information from the property server(s).
      UserNotAuthorizedException - the requesting user is not authorized to issue this request.

    • detachProfileIdentity

      public void detachProfileIdentity(String userIdentityGUID, String profileGUID, boolean forLineage, boolean forDuplicateProcessing, Date effectiveTime) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Detach an actor profile from a user identity.
      Parameters:
      userIdentityGUID - unique identifier of the parent actor profile.
      profileGUID - unique identifier of the nested actor profile.
      forLineage - the query is to support lineage retrieval
      forDuplicateProcessing - the query is for duplicate processing and so must not deduplicate
      effectiveTime - the time that the retrieved elements must be effective for (null for any time, new Date() for now)
      Throws:
      InvalidParameterException - one of the parameters is null or invalid.
      PropertyServerException - there is a problem retrieving information from the property server(s).
      UserNotAuthorizedException - the requesting user is not authorized to issue this request.

    • addSecurityGroupMembership

      public void addSecurityGroupMembership(String userIdentityGUID, SecurityGroupMembershipProperties properties, boolean forLineage, boolean forDuplicateProcessing, Date effectiveTime) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Add the SecurityGroupMembership classification to the user identity.
      Parameters:
      userIdentityGUID - unique identifier of the user identity.
      properties - properties for the classification
      forLineage - the query is to support lineage retrieval
      forDuplicateProcessing - the query is for duplicate processing and so must not deduplicate
      effectiveTime - the time that the retrieved elements must be effective for (null for any time, new Date() for now)
      Throws:
      InvalidParameterException - one of the parameters is null or invalid.
      PropertyServerException - there is a problem retrieving information from the property server(s).
      UserNotAuthorizedException - the requesting user is not authorized to issue this request.

    • updateSecurityGroupMembership

      public void updateSecurityGroupMembership(String userIdentityGUID, SecurityGroupMembershipProperties properties, boolean forLineage, boolean forDuplicateProcessing, Date effectiveTime) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Update the SecurityGroupMembership classification for the user identity.
      Parameters:
      userIdentityGUID - unique identifier of the user identity.
      properties - properties for the classification
      forLineage - the query is to support lineage retrieval
      forDuplicateProcessing - the query is for duplicate processing and so must not deduplicate
      effectiveTime - the time that the retrieved elements must be effective for (null for any time, new Date() for now)
      Throws:
      InvalidParameterException - one of the parameters is null or invalid.
      PropertyServerException - there is a problem retrieving information from the property server(s).
      UserNotAuthorizedException - the requesting user is not authorized to issue this request.

    • removeAllSecurityGroupMembership

      public void removeAllSecurityGroupMembership(String userIdentityGUID, boolean forLineage, boolean forDuplicateProcessing, Date effectiveTime) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Remove the SecurityGroupMembership classification from the user identity.
      Parameters:
      userIdentityGUID - unique identifier of the user identity.
      forLineage - the query is to support lineage retrieval
      forDuplicateProcessing - the query is for duplicate processing and so must not deduplicate
      effectiveTime - the time that the retrieved elements must be effective for (null for any time, new Date() for now)
      Throws:
      InvalidParameterException - one of the parameters is null or invalid.
      PropertyServerException - there is a problem retrieving information from the property server(s).
      UserNotAuthorizedException - the requesting user is not authorized to issue this request.

    • deleteUserIdentity

      public void deleteUserIdentity(String userIdentityGUID, boolean cascadedDelete, boolean forLineage, boolean forDuplicateProcessing, Date effectiveTime) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Delete a user identity.
      Parameters:
      userIdentityGUID - unique identifier of the element
      cascadedDelete - can the user identity be deleted if it has actor profiles linked to it?
      forLineage - the query is to support lineage retrieval
      forDuplicateProcessing - the query is for duplicate processing and so must not deduplicate
      effectiveTime - the time that the retrieved elements must be effective for (null for any time, new Date() for now)
      Throws:
      InvalidParameterException - one of the parameters is null or invalid.
      PropertyServerException - there is a problem retrieving information from the property server(s).
      UserNotAuthorizedException - the requesting user is not authorized to issue this request.

    • getUserIdentitiesByName

      public List<UserIdentityElement> getUserIdentitiesByName(String name, TemplateFilter templateFilter, List<ElementStatus> limitResultsByStatus, Date asOfTime, SequencingOrder sequencingOrder, String sequencingProperty, int startFrom, int pageSize, boolean forLineage, boolean forDuplicateProcessing, Date effectiveTime) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Returns the list of user identities with a particular name.
      Parameters:
      name - name of the element to return - match is full text match in qualifiedName or name
      templateFilter - should templates be returned?
      limitResultsByStatus - control the status of the elements to retrieve - default is everything but Deleted
      asOfTime - repository time to use
      sequencingOrder - order to retrieve results
      sequencingProperty - property to use for sequencing order
      startFrom - paging start point
      pageSize - maximum results that can be returned
      forLineage - the query is to support lineage retrieval
      forDuplicateProcessing - the query is for duplicate processing and so must not deduplicate
      effectiveTime - the time that the retrieved elements must be effective for (null for any time, new Date() for now)
      Returns:
      a list of elements
      Throws:
      InvalidParameterException - one of the parameters is null or invalid.
      PropertyServerException - there is a problem retrieving information from the property server(s).
      UserNotAuthorizedException - the requesting user is not authorized to issue this request.

    • getUserIdentityByGUID

      public UserIdentityElement getUserIdentityByGUID(String userIdentityGUID, Date asOfTime, boolean forLineage, boolean forDuplicateProcessing, Date effectiveTime) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Return the properties of a specific user identity.
      Parameters:
      userIdentityGUID - unique identifier of the required element
      asOfTime - repository time to use
      forLineage - the query is to support lineage retrieval
      forDuplicateProcessing - the query is for duplicate processing and so must not deduplicate
      effectiveTime - the time that the retrieved elements must be effective for (null for any time, new Date() for now)
      Returns:
      retrieved properties
      Throws:
      InvalidParameterException - one of the parameters is null or invalid.
      PropertyServerException - there is a problem retrieving information from the property server(s).
      UserNotAuthorizedException - the requesting user is not authorized to issue this request.

    • findUserIdentities

      public List<UserIdentityElement> findUserIdentities(String searchString, TemplateFilter templateFilter, List<ElementStatus> limitResultsByStatus, Date asOfTime, SequencingOrder sequencingOrder, String sequencingProperty, int startFrom, int pageSize, boolean forLineage, boolean forDuplicateProcessing, Date effectiveTime) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Retrieve the list of user identities metadata elements that contain the search string. The search string is treated as a regular expression.
      Parameters:
      searchString - string to find in the properties
      templateFilter - should templates be returned?
      limitResultsByStatus - control the status of the elements to retrieve - default is everything but Deleted
      asOfTime - repository time to use
      sequencingOrder - order to retrieve results
      sequencingProperty - property to use for sequencing order
      startFrom - paging start point
      pageSize - maximum results that can be returned
      forLineage - the query is to support lineage retrieval
      forDuplicateProcessing - the query is for duplicate processing and so must not deduplicate
      effectiveTime - the time that the retrieved elements must be effective for (null for any time, new Date() for now)
      Returns:
      list of matching metadata elements
      Throws:
      InvalidParameterException - one of the parameters is invalid
      UserNotAuthorizedException - the user is not authorized to issue this request
      PropertyServerException - there is a problem reported in the open metadata server(s)

    • getActorProfileByGUID

      public ActorProfileGraphElement getActorProfileByGUID(String actorProfileGUID) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Return information about a specific actor profile.
      Parameters:
      actorProfileGUID - unique identifier for the actor profile
      Returns:
      properties of the actor profile
      Throws:
      InvalidParameterException - actorProfileGUID or userId is null
      PropertyServerException - problem accessing property server
      UserNotAuthorizedException - security access problem

    • getActorProfileByUserId

      public ActorProfileGraphElement getActorProfileByUserId(String actorProfileUserId) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Return information about a specific actor profile.
      Parameters:
      actorProfileUserId - unique identifier for the actor profile
      Returns:
      properties of the actor profile
      Throws:
      InvalidParameterException - actorProfileUserId or userId is null
      PropertyServerException - problem accessing property server
      UserNotAuthorizedException - security access problem

    • getActorProfileByName

      public List<ActorProfileElement> getActorProfileByName(String name, int startFrom, int pageSize) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Return information about a named actor profile.
      Parameters:
      name - unique name for the actor profile
      startFrom - index of the list to start from (0 for start)
      pageSize - maximum number of elements to return.
      Returns:
      list of matching actor profiles (hopefully only one)
      Throws:
      InvalidParameterException - name or userId is null
      PropertyServerException - problem accessing property server
      UserNotAuthorizedException - security access problem

    • findActorProfile

      public List<ActorProfileElement> findActorProfile(String searchString, int startFrom, int pageSize) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Retrieve the list of matching profiles for the search string.
      Parameters:
      searchString - RegEx string to search for
      startFrom - index of the list to start from (0 for start)
      pageSize - maximum number of elements to return.
      Returns:
      list of matching actor profiles
      Throws:
      InvalidParameterException - guid invalid or the external references are not correctly specified, or are null.
      PropertyServerException - the server is not available.
      UserNotAuthorizedException - the calling user is not authorized to issue the call.

    • getAppointees

      public List<Appointee> getAppointees(String personRoleGUID, Date effectiveTime, int startFrom, int pageSize) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Return the list of people appointed to a particular role.
      Parameters:
      personRoleGUID - unique identifier of the person role
      effectiveTime - time for appointments, null for full appointment history
      startFrom - index of the list to start from (0 for start)
      pageSize - maximum number of elements to return
      Returns:
      list of appointees
      Throws:
      InvalidParameterException - one of the guids is null or not known
      PropertyServerException - problem accessing property server
      UserNotAuthorizedException - security access problem

    • getPersonRoleByGUID

      public ActorRoleElement getPersonRoleByGUID(String personRoleGUID) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Return information about a specific person role.
      Parameters:
      personRoleGUID - unique identifier for the person role
      Returns:
      properties of the person role
      Throws:
      InvalidParameterException - personRoleGUID or userId is null
      PropertyServerException - problem accessing property server
      UserNotAuthorizedException - security access problem

    • getPersonRoleByName

      public List<ActorRoleElement> getPersonRoleByName(String name, int startFrom, int pageSize) throws InvalidParameterException, UserNotAuthorizedException, PropertyServerException
      Return information about a named person role.
      Parameters:
      name - unique name for the actor profile
      startFrom - index of the list to start from (0 for start)
      pageSize - maximum number of elements to return.
      Returns:
      list of matching actor profiles (hopefully only one)
      Throws:
      InvalidParameterException - name or userId is null
      PropertyServerException - problem accessing property server
      UserNotAuthorizedException - security access problem

    • findPersonRole

      public List<ActorRoleElement> findPersonRole(String searchString, int startFrom, int pageSize) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Retrieve the list of matching roles for the search string.
      Parameters:
      searchString - RegEx string to search for
      startFrom - index of the list to start from (0 for start)
      pageSize - maximum number of elements to return.
      Returns:
      list of matching actor profiles
      Throws:
      InvalidParameterException - guid invalid or the external references are not correctly specified, or are null.
      PropertyServerException - the server is not available.
      UserNotAuthorizedException - the calling user is not authorized to issue the call.