Esempio n. 1
0
        /// <summary>
        /// Write the XML for the members
        /// </summary>
        /// <param name="xmlWriter"></param>
        internal void WriteGroupAsXml(XmlWriter xmlWriter)
        {
            xmlWriter.WriteStartElement("GroupMembership");
            xmlWriter.WriteAttributeString("name", this.GroupName);

            //Group instructions for Grant License
            xmlWriter.WriteAttributeString(
                ProvisioningGroup.XmlAttribute_GrantLicenseMode,
                ProvisioningGroup.GenerateGrantLicenseModeAttributeText(this.GrantLicenseInstructions));

            //If there is a role specified, then write it into an attribute
            //Unless the Grant License Instructions are "none" or "ignore" in these cases, the role does note matter
            if ((!string.IsNullOrWhiteSpace(this.GrantLicenseRole)) &&
                (this.GrantLicenseInstructions != ProvisioningGroup.GrantLicenseMode.Ignore) &&
                (this.GrantLicenseInstructions != ProvisioningGroup.GrantLicenseMode.None)
                )
            {
                xmlWriter.WriteAttributeString(
                    ProvisioningGroup.XmlAttribute_GrantLicenseMinimumSiteRole,
                    this.GrantLicenseRole);
            }


            //For all the users mapped to this group, write them out
            foreach (var thisUserInfo in _usersSet.Values)
            {
                xmlWriter.WriteStartElement("GroupMember");
                xmlWriter.WriteAttributeString("name", thisUserInfo);
                xmlWriter.WriteEndElement();
            }
            xmlWriter.WriteEndElement();
        }
    /// <summary>
    /// CONSTRUCTOR
    /// </summary>
    /// <param name="filePath"></param>
    public ProvisionUserInstructions(string filePath)
    {
        //==================================================================================
        //Load values from the TARGET SITE config file
        //==================================================================================
        var xmlConfigTargetSite = new System.Xml.XmlDocument();

        xmlConfigTargetSite.Load(filePath);

        //-------------------------------------------------------------------------------
        //Get instructions about the intended site membership provisioning
        //-------------------------------------------------------------------------------
        var xnodeSiteMembership = xmlConfigTargetSite.SelectSingleNode("//SiteProvisioning/SiteMembership");

        this.ActionForUnexpectedSamlUsers = ParseUnexpectedUserAction(
            xnodeSiteMembership.Attributes[ProvisionUserInstructions.XmlAttribute_authSamlUnexpectedUsers].Value);

        this.ActionForUnexpectedDefaultAuthUsers = ParseUnexpectedUserAction(
            xnodeSiteMembership.Attributes[ProvisionUserInstructions.XmlAttribute_authDefaultUnexpectedUsers].Value);

        this.ActionForMissingSamlUsers = ParseMissingUserAction(
            xnodeSiteMembership.Attributes[ProvisionUserInstructions.XmlAttribute_authSamlMissingUsers].Value);

        this.ActionForMissingDefaultAuthUsers = ParseMissingUserAction(
            xnodeSiteMembership.Attributes[ProvisionUserInstructions.XmlAttribute_authDefaultMissingUsers].Value);

        this.ActionForExistingSamlUsers = ParseExistingUserAction(
            xnodeSiteMembership.Attributes[ProvisionUserInstructions.XmlAttribute_authSamlExistingUsers].Value);

        this.ActionForExistingDefaultAuthUsers = ParseExistingUserAction(
            xnodeSiteMembership.Attributes[ProvisionUserInstructions.XmlAttribute_authDefaultExistingUsers].Value);

        //-------------------------------------------------------------------------------
        //Get the users
        //-------------------------------------------------------------------------------
        this.UsersToProvision = ParseUsers(xmlConfigTargetSite, "//SiteProvisioning/SiteMembership/User").AsReadOnly();

        //-------------------------------------------------------------------------------
        //Groups' memberships
        //-------------------------------------------------------------------------------
        var xnodeGroups = xmlConfigTargetSite.SelectSingleNode("//SiteProvisioning/GroupsMemberships");

        this.ActionForMissingGroupMembers = ParseMissingGroupMemberAction(
            xnodeGroups.Attributes[ProvisionUserInstructions.XmlAttribute_MissingGroupMembers].Value);

        this.ActionForUnexpectedGroupMembers = ParseUnexpectedGroupMemberAction(
            xnodeGroups.Attributes[ProvisionUserInstructions.XmlAttribute_UnexpectedGroupMembers].Value);

        //Load each group's membership information
        var provisionGroups = new List <ProvisioningGroup>();
        var xnodesGroups    = xmlConfigTargetSite.SelectNodes("//SiteProvisioning/GroupsMemberships/GroupMembership");

        foreach (XmlNode xmlThisGroup in xnodesGroups)
        {
            var thisGroup = new ProvisioningGroup(xmlThisGroup);
            provisionGroups.Add(thisGroup);
        }
        this.GroupsToProvision = provisionGroups.AsReadOnly();
    }
        /// <summary>
        /// Constructor: From XML
        /// </summary>
        /// <param name="xmlNode"></param>
        public SynchronizeGroupToGroup(XmlNode xmlNode)
        {
            this.SourceGroupName = xmlNode.Attributes[XmlAttribute_SoruceGroup].Value;
            //Note: If there is no target group specified, use the source group name
            this.TargetGroupName = XmlHelper.SafeParseXmlAttribute(xmlNode, XmlAttribute_TargetGroup, this.SourceGroupName);


            //Read in the grant license attributes
            ProvisioningGroup.ReadGrantLicenseXmlAttributes(
                xmlNode,
                this.SourceGroupName,
                out this.GrantLicenseInstructions,
                out this.GrantLicenseRole);
        }
Esempio n. 4
0
 /// <summary>
 /// Parse the Grant license text returned
 /// </summary>
 /// <param name="text"></param>
 /// <returns></returns>
 ProvisioningGroup.GrantLicenseMode AttemptParseGrantLicenseText(string text)
 {
     //var parseGrantLicenseMode
     ProvisioningGroup.GrantLicenseMode grantLicenseMode = ProvisioningGroup.GrantLicenseMode.Ignore;
     try
     {
         return(ProvisioningGroup.ParseGrantLicenseModeFromTableauServer(text));
     }
     catch (Exception ex)
     {
         //Note the error -- but it is not fatal for our purposes
         IwsDiagnostics.Assert(false, "1012-528: Unknown grant license mode parsing error, " + ex.Message);
         return(grantLicenseMode);
     }
 }
Esempio n. 5
0
        /// <summary>
        /// Constructor: From XML
        /// </summary>
        /// <param name="xmlNode"></param>
        public SynchronizePatternMatchingGroupToGroup(XmlNode xmlNode)
        {
            this.SourceGroupName = xmlNode.Attributes[ProvisionConfigExternalDirectorySync.SynchronizeGroupToGroup.XmlAttribute_SoruceGroup].Value;

            this.NamePatternMatch =
                ProvisionConfigExternalDirectorySync.ParseNamePatternMatch(
                    XmlHelper.SafeParseXmlAttribute(xmlNode, XmlAttribute_SourceGroupMatch, NamePatternMatch_Equals));

            //An optional filter to apply
            this.FilterSourceGroupNameContains = XmlHelper.SafeParseXmlAttribute(xmlNode, XmlAttribute_FilterSourceGroupContains, "");

            //Read in the grant license attributes
            ProvisioningGroup.ReadGrantLicenseXmlAttributes(
                xmlNode,
                this.SourceGroupName,
                out this.GrantLicenseInstructions,
                out this.GrantLicenseRole);
        }
    /// <summary>
    /// Provisioning for a single group
    /// </summary>
    /// <param name="siteSignIn"></param>
    /// <param name="thisProvisionGroup"></param>
    /// <param name="existingGroups"></param>
    private void Execute_ProvisionGroups_SingleGroup(
        TableauServerSignIn siteSignIn,
        ProvisioningGroup thisProvisionGroup,
        DownloadGroupsList existingGroups,
        DownloadUsersList siteUsersList)
    {
        _statusLogs.AddStatusHeader("Provision the group: " + thisProvisionGroup.GroupName);

        var thisExistingGroup = existingGroups.FindGroupWithName(thisProvisionGroup.GroupName);
        ICollection <SiteUser> existingUsersInGroup = new List <SiteUser>();

        //If the Group does not exist on server then create it
        if (thisExistingGroup == null)
        {
            var createGroup = new SendCreateGroup(siteSignIn, thisProvisionGroup.GroupName);
            thisExistingGroup = createGroup.ExecuteRequest();

            CSVRecord_GroupModified(thisExistingGroup.Name, "created group", "");
            _statusLogs.AddStatus("Created group: " + thisExistingGroup.Name);
        }
        else
        {
            //Download the members of the group
            var downloadGroupMembers = new DownloadUsersListInGroup(siteSignIn, thisExistingGroup.Id);
            downloadGroupMembers.ExecuteRequest();
            existingUsersInGroup = downloadGroupMembers.Users;
        }

        //====================================================================================
        //Keep a list of the remaining users in the Server Site's group
        //====================================================================================
        var workingListUnexaminedUsers = new WorkingListSiteUsers(existingUsersInGroup);

        //====================================================================================
        //Go through each of the users we need to provision, and see if they are in the group
        //already
        //====================================================================================
        foreach (var provisionThisUser in thisProvisionGroup.Members)
        {
            var userInGroup = workingListUnexaminedUsers.FindUser(provisionThisUser);
            if (userInGroup != null)
            {
                //The user is already in the group, no need to add them
                workingListUnexaminedUsers.RemoveUser(userInGroup);
            }
            else
            {
                //Add the user to the group
                try
                {
                    Execute_ProvisionGroups_SingleGroup_AddUser(siteSignIn, provisionThisUser, thisExistingGroup, siteUsersList);
                }
                catch (Exception exAddUserToGroup) //Unexpected error case
                {
                    IwsDiagnostics.Assert(false, "811-700: Internal error adding user to group: " + exAddUserToGroup.Message);
                    _statusLogs.AddError("811-700: Internal error adding user to group: " + exAddUserToGroup.Message);
                }
            }
        }

        //==============================================================================
        //Remove any remaining users that are in the Server Site's Group but not in
        //our provisioning list
        //==============================================================================
        foreach (var unexpectedUser in workingListUnexaminedUsers.GetUsers())
        {
            try
            {
                Execute_ProvisionGroups_RemoveSingleUser(siteSignIn, unexpectedUser, thisExistingGroup);
            }
            catch (Exception exUnxpectedUsers)
            {
                _statusLogs.AddError("Error removing unexpected user in GROUP " + unexpectedUser.ToString() + ", " + exUnxpectedUsers.Message);
                CSVRecord_Error(unexpectedUser.Name, unexpectedUser.SiteRole, unexpectedUser.SiteAuthentication, "Error removing unexpected user in GROUP" + unexpectedUser.ToString() + ", " + exUnxpectedUsers.Message);
            }
        }
    }
    /// <summary>
    /// See if we need to update the Grant License on Sign In behavior of a group
    /// </summary>
    /// <param name="siteSignIn"></param>
    /// <param name="groupProvisionInstructions"></param>
    /// <param name="thisExistingGroup"></param>
    private void Execute_ProvisionGroups_SingleGroup_GrantLicenseUpdate(
        TableauServerSignIn siteSignIn,
        ProvisioningGroup groupProvisionInstructions,
        SiteGroup thisExistingGroup)
    {
        //If are instruction is to INGORE this attribute, then there is nothing to do
        if (groupProvisionInstructions.GrantLicenseInstructions == ProvisioningGroup.GrantLicenseMode.Ignore)
        {
            return;
        }

        //======================================================================================
        //Determine if we need to updae the group's Grant License setting
        //======================================================================================
        string newGrantLicensingMode;

        switch (groupProvisionInstructions.GrantLicenseInstructions)
        {
        case ProvisioningGroup.GrantLicenseMode.None:
            //If the provisioning instructions are for NO Grant Licensing mode, and this is already the case, then there is nothing to do
            if (string.IsNullOrEmpty(thisExistingGroup.GrantLicenseMode))
            {
                return;
            }

            newGrantLicensingMode = "";     //Set the new mode as blank;
            break;

        case ProvisioningGroup.GrantLicenseMode.OnLogin:
            //If the grant license mode and ROLEis already as expected, then there is nothing to do
            if ((thisExistingGroup.GrantLicenseMode == ProvisioningGroup.GrantLicenseMode_OnLogin) &&
                (thisExistingGroup.SiteMinimumRoleOrNull == groupProvisionInstructions.GrantLicenseRole))
            {
                return;
            }

            newGrantLicensingMode = ProvisioningGroup.GrantLicenseMode_OnLogin;     //Set the new mode;
            break;

        //Degenerate case: Unknown instruction
        default:
            IwsDiagnostics.Assert(false, "920-1130: Unknown Grant License instruction for group: " + groupProvisionInstructions.GroupName);
            throw new Exception("920-1130: Unknown Grant License instruction for group: " + groupProvisionInstructions.GroupName);
        }

        //================================================================================
        //Perform the update to the site
        //================================================================================
        var sendUpdateGroup = new SendUpdateGroup(
            siteSignIn,
            thisExistingGroup.Id,
            groupProvisionInstructions.GroupName,
            true,
            newGrantLicensingMode,
            groupProvisionInstructions.GrantLicenseRole);

        var    wasSuccessUpdatingGroup = false;
        string updateGroupErrorText    = "";

        try
        {
            wasSuccessUpdatingGroup = sendUpdateGroup.ExecuteRequest();
        }
        catch (Exception exUpdateGroup)
        {
            updateGroupErrorText = exUpdateGroup.Message;
        }

        if (!wasSuccessUpdatingGroup)
        {
            //Record failure
            CSVRecord_ErrorUpdatingGroup(groupProvisionInstructions.GroupName,
                                         "Error attempting to update group auto grant roles: "
                                         + NullSafeText(thisExistingGroup.SiteMinimumRoleOrNull)
                                         + "->" + NullSafeText(groupProvisionInstructions.GrantLicenseRole) +
                                         ", error details: " + updateGroupErrorText);
        }
        else
        {
            //Record success
            CSVRecord_GroupModified(
                groupProvisionInstructions.GroupName
                , "Grant license: " + NullSafeText(thisExistingGroup.GrantLicenseMode) + "->" + NullSafeText(newGrantLicensingMode)
                + ", Site role: " + NullSafeText(thisExistingGroup.SiteMinimumRoleOrNull) + "->" + NullSafeText(groupProvisionInstructions.GrantLicenseRole)
                , ""
                );
        }
    }