/// <summary>
/// Write the XML for the members
/// </summary>
/// <param name="xmlWriter"></param>
internal void WriteGroupAsXml(XmlWriter xmlWriter)
{
xmlWriter.WriteStartElement("GroupMembership");
xmlWriter.WriteAttributeString("name", this.GroupName);
//Group instructions for Grant License
xmlWriter.WriteAttributeString(
ProvisioningGroup.XmlAttribute_GrantLicenseMode,
ProvisioningGroup.GenerateGrantLicenseModeAttributeText(this.GrantLicenseInstructions));
//If there is a role specified, then write it into an attribute
//Unless the Grant License Instructions are "none" or "ignore" in these cases, the role does note matter
if ((!string.IsNullOrWhiteSpace(this.GrantLicenseRole)) &&
(this.GrantLicenseInstructions != ProvisioningGroup.GrantLicenseMode.Ignore) &&
(this.GrantLicenseInstructions != ProvisioningGroup.GrantLicenseMode.None)
)
{
xmlWriter.WriteAttributeString(
ProvisioningGroup.XmlAttribute_GrantLicenseMinimumSiteRole,
this.GrantLicenseRole);
}
//For all the users mapped to this group, write them out
foreach (var thisUserInfo in _usersSet.Values)
{
xmlWriter.WriteStartElement("GroupMember");
xmlWriter.WriteAttributeString("name", thisUserInfo);
xmlWriter.WriteEndElement();
}
xmlWriter.WriteEndElement();
}
/// <summary>
/// CONSTRUCTOR
/// </summary>
/// <param name="filePath"></param>
public ProvisionUserInstructions(string filePath)
{
//==================================================================================
//Load values from the TARGET SITE config file
//==================================================================================
var xmlConfigTargetSite = new System.Xml.XmlDocument();
xmlConfigTargetSite.Load(filePath);
//-------------------------------------------------------------------------------
//Get instructions about the intended site membership provisioning
//-------------------------------------------------------------------------------
var xnodeSiteMembership = xmlConfigTargetSite.SelectSingleNode("//SiteProvisioning/SiteMembership");
this.ActionForUnexpectedSamlUsers = ParseUnexpectedUserAction(
xnodeSiteMembership.Attributes[ProvisionUserInstructions.XmlAttribute_authSamlUnexpectedUsers].Value);
this.ActionForUnexpectedDefaultAuthUsers = ParseUnexpectedUserAction(
xnodeSiteMembership.Attributes[ProvisionUserInstructions.XmlAttribute_authDefaultUnexpectedUsers].Value);
this.ActionForMissingSamlUsers = ParseMissingUserAction(
xnodeSiteMembership.Attributes[ProvisionUserInstructions.XmlAttribute_authSamlMissingUsers].Value);
this.ActionForMissingDefaultAuthUsers = ParseMissingUserAction(
xnodeSiteMembership.Attributes[ProvisionUserInstructions.XmlAttribute_authDefaultMissingUsers].Value);
this.ActionForExistingSamlUsers = ParseExistingUserAction(
xnodeSiteMembership.Attributes[ProvisionUserInstructions.XmlAttribute_authSamlExistingUsers].Value);
this.ActionForExistingDefaultAuthUsers = ParseExistingUserAction(
xnodeSiteMembership.Attributes[ProvisionUserInstructions.XmlAttribute_authDefaultExistingUsers].Value);
//-------------------------------------------------------------------------------
//Get the users
//-------------------------------------------------------------------------------
this.UsersToProvision = ParseUsers(xmlConfigTargetSite, "//SiteProvisioning/SiteMembership/User").AsReadOnly();
//-------------------------------------------------------------------------------
//Groups' memberships
//-------------------------------------------------------------------------------
var xnodeGroups = xmlConfigTargetSite.SelectSingleNode("//SiteProvisioning/GroupsMemberships");
this.ActionForMissingGroupMembers = ParseMissingGroupMemberAction(
xnodeGroups.Attributes[ProvisionUserInstructions.XmlAttribute_MissingGroupMembers].Value);
this.ActionForUnexpectedGroupMembers = ParseUnexpectedGroupMemberAction(
xnodeGroups.Attributes[ProvisionUserInstructions.XmlAttribute_UnexpectedGroupMembers].Value);
//Load each group's membership information
var provisionGroups = new List <ProvisioningGroup>();
var xnodesGroups = xmlConfigTargetSite.SelectNodes("//SiteProvisioning/GroupsMemberships/GroupMembership");
foreach (XmlNode xmlThisGroup in xnodesGroups)
{
var thisGroup = new ProvisioningGroup(xmlThisGroup);
provisionGroups.Add(thisGroup);
}
this.GroupsToProvision = provisionGroups.AsReadOnly();
}
/// <summary>
/// Constructor: From XML
/// </summary>
/// <param name="xmlNode"></param>
public SynchronizeGroupToGroup(XmlNode xmlNode)
{
this.SourceGroupName = xmlNode.Attributes[XmlAttribute_SoruceGroup].Value;
//Note: If there is no target group specified, use the source group name
this.TargetGroupName = XmlHelper.SafeParseXmlAttribute(xmlNode, XmlAttribute_TargetGroup, this.SourceGroupName);
//Read in the grant license attributes
ProvisioningGroup.ReadGrantLicenseXmlAttributes(
xmlNode,
this.SourceGroupName,
out this.GrantLicenseInstructions,
out this.GrantLicenseRole);
}
/// <summary>
/// Parse the Grant license text returned
/// </summary>
/// <param name="text"></param>
/// <returns></returns>
ProvisioningGroup.GrantLicenseMode AttemptParseGrantLicenseText(string text)
{
//var parseGrantLicenseMode
ProvisioningGroup.GrantLicenseMode grantLicenseMode = ProvisioningGroup.GrantLicenseMode.Ignore;
try
{
return(ProvisioningGroup.ParseGrantLicenseModeFromTableauServer(text));
}
catch (Exception ex)
{
//Note the error -- but it is not fatal for our purposes
IwsDiagnostics.Assert(false, "1012-528: Unknown grant license mode parsing error, " + ex.Message);
return(grantLicenseMode);
}
}
/// <summary>
/// Constructor: From XML
/// </summary>
/// <param name="xmlNode"></param>
public SynchronizePatternMatchingGroupToGroup(XmlNode xmlNode)
{
this.SourceGroupName = xmlNode.Attributes[ProvisionConfigExternalDirectorySync.SynchronizeGroupToGroup.XmlAttribute_SoruceGroup].Value;
this.NamePatternMatch =
ProvisionConfigExternalDirectorySync.ParseNamePatternMatch(
XmlHelper.SafeParseXmlAttribute(xmlNode, XmlAttribute_SourceGroupMatch, NamePatternMatch_Equals));
//An optional filter to apply
this.FilterSourceGroupNameContains = XmlHelper.SafeParseXmlAttribute(xmlNode, XmlAttribute_FilterSourceGroupContains, "");
//Read in the grant license attributes
ProvisioningGroup.ReadGrantLicenseXmlAttributes(
xmlNode,
this.SourceGroupName,
out this.GrantLicenseInstructions,
out this.GrantLicenseRole);
}
/// <summary>
/// Provisioning for a single group
/// </summary>
/// <param name="siteSignIn"></param>
/// <param name="thisProvisionGroup"></param>
/// <param name="existingGroups"></param>
private void Execute_ProvisionGroups_SingleGroup(
TableauServerSignIn siteSignIn,
ProvisioningGroup thisProvisionGroup,
DownloadGroupsList existingGroups,
DownloadUsersList siteUsersList)
{
_statusLogs.AddStatusHeader("Provision the group: " + thisProvisionGroup.GroupName);
var thisExistingGroup = existingGroups.FindGroupWithName(thisProvisionGroup.GroupName);
ICollection <SiteUser> existingUsersInGroup = new List <SiteUser>();
//If the Group does not exist on server then create it
if (thisExistingGroup == null)
{
var createGroup = new SendCreateGroup(siteSignIn, thisProvisionGroup.GroupName);
thisExistingGroup = createGroup.ExecuteRequest();
CSVRecord_GroupModified(thisExistingGroup.Name, "created group", "");
_statusLogs.AddStatus("Created group: " + thisExistingGroup.Name);
}
else
{
//Download the members of the group
var downloadGroupMembers = new DownloadUsersListInGroup(siteSignIn, thisExistingGroup.Id);
downloadGroupMembers.ExecuteRequest();
existingUsersInGroup = downloadGroupMembers.Users;
}
//====================================================================================
//Keep a list of the remaining users in the Server Site's group
//====================================================================================
var workingListUnexaminedUsers = new WorkingListSiteUsers(existingUsersInGroup);
//====================================================================================
//Go through each of the users we need to provision, and see if they are in the group
//already
//====================================================================================
foreach (var provisionThisUser in thisProvisionGroup.Members)
{
var userInGroup = workingListUnexaminedUsers.FindUser(provisionThisUser);
if (userInGroup != null)
{
//The user is already in the group, no need to add them
workingListUnexaminedUsers.RemoveUser(userInGroup);
}
else
{
//Add the user to the group
try
{
Execute_ProvisionGroups_SingleGroup_AddUser(siteSignIn, provisionThisUser, thisExistingGroup, siteUsersList);
}
catch (Exception exAddUserToGroup) //Unexpected error case
{
IwsDiagnostics.Assert(false, "811-700: Internal error adding user to group: " + exAddUserToGroup.Message);
_statusLogs.AddError("811-700: Internal error adding user to group: " + exAddUserToGroup.Message);
}
}
}
//==============================================================================
//Remove any remaining users that are in the Server Site's Group but not in
//our provisioning list
//==============================================================================
foreach (var unexpectedUser in workingListUnexaminedUsers.GetUsers())
{
try
{
Execute_ProvisionGroups_RemoveSingleUser(siteSignIn, unexpectedUser, thisExistingGroup);
}
catch (Exception exUnxpectedUsers)
{
_statusLogs.AddError("Error removing unexpected user in GROUP " + unexpectedUser.ToString() + ", " + exUnxpectedUsers.Message);
CSVRecord_Error(unexpectedUser.Name, unexpectedUser.SiteRole, unexpectedUser.SiteAuthentication, "Error removing unexpected user in GROUP" + unexpectedUser.ToString() + ", " + exUnxpectedUsers.Message);
}
}
}
/// <summary>
/// See if we need to update the Grant License on Sign In behavior of a group
/// </summary>
/// <param name="siteSignIn"></param>
/// <param name="groupProvisionInstructions"></param>
/// <param name="thisExistingGroup"></param>
private void Execute_ProvisionGroups_SingleGroup_GrantLicenseUpdate(
TableauServerSignIn siteSignIn,
ProvisioningGroup groupProvisionInstructions,
SiteGroup thisExistingGroup)
{
//If are instruction is to INGORE this attribute, then there is nothing to do
if (groupProvisionInstructions.GrantLicenseInstructions == ProvisioningGroup.GrantLicenseMode.Ignore)
{
return;
}
//======================================================================================
//Determine if we need to updae the group's Grant License setting
//======================================================================================
string newGrantLicensingMode;
switch (groupProvisionInstructions.GrantLicenseInstructions)
{
case ProvisioningGroup.GrantLicenseMode.None:
//If the provisioning instructions are for NO Grant Licensing mode, and this is already the case, then there is nothing to do
if (string.IsNullOrEmpty(thisExistingGroup.GrantLicenseMode))
{
return;
}
newGrantLicensingMode = ""; //Set the new mode as blank;
break;
case ProvisioningGroup.GrantLicenseMode.OnLogin:
//If the grant license mode and ROLEis already as expected, then there is nothing to do
if ((thisExistingGroup.GrantLicenseMode == ProvisioningGroup.GrantLicenseMode_OnLogin) &&
(thisExistingGroup.SiteMinimumRoleOrNull == groupProvisionInstructions.GrantLicenseRole))
{
return;
}
newGrantLicensingMode = ProvisioningGroup.GrantLicenseMode_OnLogin; //Set the new mode;
break;
//Degenerate case: Unknown instruction
default:
IwsDiagnostics.Assert(false, "920-1130: Unknown Grant License instruction for group: " + groupProvisionInstructions.GroupName);
throw new Exception("920-1130: Unknown Grant License instruction for group: " + groupProvisionInstructions.GroupName);
}
//================================================================================
//Perform the update to the site
//================================================================================
var sendUpdateGroup = new SendUpdateGroup(
siteSignIn,
thisExistingGroup.Id,
groupProvisionInstructions.GroupName,
true,
newGrantLicensingMode,
groupProvisionInstructions.GrantLicenseRole);
var wasSuccessUpdatingGroup = false;
string updateGroupErrorText = "";
try
{
wasSuccessUpdatingGroup = sendUpdateGroup.ExecuteRequest();
}
catch (Exception exUpdateGroup)
{
updateGroupErrorText = exUpdateGroup.Message;
}
if (!wasSuccessUpdatingGroup)
{
//Record failure
CSVRecord_ErrorUpdatingGroup(groupProvisionInstructions.GroupName,
"Error attempting to update group auto grant roles: "
+ NullSafeText(thisExistingGroup.SiteMinimumRoleOrNull)
+ "->" + NullSafeText(groupProvisionInstructions.GrantLicenseRole) +
", error details: " + updateGroupErrorText);
}
else
{
//Record success
CSVRecord_GroupModified(
groupProvisionInstructions.GroupName
, "Grant license: " + NullSafeText(thisExistingGroup.GrantLicenseMode) + "->" + NullSafeText(newGrantLicensingMode)
+ ", Site role: " + NullSafeText(thisExistingGroup.SiteMinimumRoleOrNull) + "->" + NullSafeText(groupProvisionInstructions.GrantLicenseRole)
, ""
);
}
}
