IdStory Identity Manager

I found problem if many different systems are imported to new IdM:

• If one system doesn't have created schema, mapping, sync and second has, then export order in manifest is wrong.
• If one system has sync for identity and second for contracts, then all syncs are deleting. Problem is with inheritance of different sync types.

I found solution for this ... I hope ..

I started implementing an advanced paring field strategy = searching a entity by code from field in a DTO (in batch).

• I have extended the export descriptor for field fields to support this strategy.
• I need to distribute the target DTO as embedded data in the batch.
• I now have an obstacle to deserialization built into DTO.

• I implemented mechanism for make some DTO optional. It means in some cases we need to continue if some exported DTO was not found on target system. For example SysRoleSystem (only some roles was exported from test to production, not all, but we don't want stop whole import of systems).

• Advanced pairing mode was used in system-break-recipient (for role and identity field).

• Only related (defined in system-attribute-mapping) attribute definition is exported now.

• I implemented import for DTO with tree structures (because role-catalogue). -> I implemented detection of DTO type with itself type relation and sorting by "parentId".
• I started with export of roles:
  • Role,
  • EAVs,
  • Bussines roles,
  • Incompatible roles,
  • role-catalogue (include catalogue itself),
  • guarantees by identity,
  • guarantees by role,
  • permissions.
• In role is not implemented export for: Definition of role attributes, automatic roles.

• Export of role attributes (and parent definition) implemented.
• I started with implementation of loging imports events and presentation to the user.

Dry run mode is implemented.

- Implemented check: Only admin can execute import.
- UI: sorting by type and operation, add column with content of batch.

- Implemented check on READ permission for all exported DTOs. Only whole role/system can be exported now.
- Added filter on type, operation to import log table.
- Fixed problem with load the log tree.

• Import task show count now,
• created change scripts for Postgres and MSSQL,
• detail for Import extracted to the new component.

- First tests for exporte implemented.
- 5 info cards for system entities implemented.
- Integrity for LRT implemented.

• 3 info cards (compositions, incompatibilities, permissions) implemented
• Advanced paring for business and incompatible roles implemented.
• Fixies

• 5 Business cards implemented.
• Implemented skip for not found DTO during Dry-run mode.
• Fixed order in export for role-catalog.
• Added parent relation to the catalog export.

• Added paging to tree,
• Zip name using batch name now,
• Advanced paring implemented for guarantee by identity and role.
• Result codes (during dryrun) improved.

• Added filter by operationState (to import logs),
• Not_executed logs has correct result code now.
• Fixed problem with duplicated import's logs in dry run mode (syncs).

• Skip of confidential attributes implemented (EAV and system remote server).
• System export bulk action refactored.
• I started with documentation here: https://wiki.czechidm.com/devel/documentation/export_import

I created next 3 tests for role export (for check incompatibilities, guarantors by identity, guarantor by role).

• I completed tests for role and created 12 new tests for export/import systems.
• Remains tests for export of configurations and documentation.

• Fixed problem with export empty system (without connector).
• Implemented tests for export and import configurations.
• I have problem with test DefaultAttachmentManagerIntegrationTest doesn't pass.

I merged all changes to the develop.

Commit: https://github.com/bcvsolutions/CzechIdMng/commit/9433b3d0653ae9757c76bae6a59f3a12019a07b2

• Documentation is completed here: https://wiki.czechidm.com/devel/documentation/adm/export_import

• I fixed problem with export password in application configurations.

I solved problem with the failed test "DefaultAttachmentManagerIntegrationTest.testCreateAndPurgeTempFiles". Test fail was caused by export/import feature. I use temp directory for work with batch. Purge function deleting only file with extension ".tmp" so my batchs were not deleted.

I modified Export and Import for cleaning this temp files directly. I had to modified "testCreateAndPurgeTempFiles" too, because some temp files are deleted after IdM is trunned off. After that some empty directories remains -> This directories are skip in the test now.

Commit: https://github.com/bcvsolutions/CzechIdMng/commit/78b86610e9e7f545fe4027fc80a027e80c49f054

I made some fixies.

Commit: https://github.com/bcvsolutions/CzechIdMng/commit/ebfe2098803339ece4b86b13726dace66ecceb61

- ☑ RoleExportBulkAction#exportEAVs - I don't aggre with add the AUTOCOMPLETE, because I exporting form value and also form definition on this place. But correct way should be remove also READ permission, because I checking READ permissions after DTO is exported, so thanks for the hint. AUTOCOMPLETE permission should be used for loading form definitions (you not work with form definitions itself, you read values only, FE and other places are secured the same way). READ permission will gain access to form definition agenda on the other hand.
- ✅ UPDATE permission was removed SystemExportBulkAction#exportDto - systemService.get(dto.getId(), IdmBasePermission.READ, IdmBasePermission.UPDATE) can be used istead evaluating permissions twice (permissions to evaluate (AND)).
- ✅ UPDATE permission was removed - I'm not sure, why system export requires UPDATE permission too, when other exports not?
- ✅ Documentation added here: https://wiki.czechidm.com/devel/documentation/adm/export_import#authorization_policies. authorization policies configuration notes missing in documentation (export agenda and each export - how to enable).
- ✅ DefaultIdmImportLogService#saveDistinct - @Transactional is missing.
- ✅ IdmExportImportController#uploadImport - is not secured by authorization policies (authority is given olny).
- ✅ IdmExportImportController#download is not secured by authority (but authorization policies are ok).
- ✅ Result code localization is missiong (e.g. IMPORT_VALIDATION_FAILED_NO_MANIFEST, EXPORT_ZIP_FAILED)

Minor:
- ✅ czech documetation is forgotten: https://wiki.czechidm.com/devel/documentation/adm/export_import#export_descriptors :)
- ✅ export modularity is not implemented (future improvement in wiki can be noted or related ticket can be created).
- ✅ ExportManager#exportDTO - camelCase should be used in method name (camelCase is used in other places, e.g. IdmExportImportDto#getExportedDtos, AbstractExportBulkAction#exportDto).
- ✅ RoleExportBulkAction#exportEAVs - camelCase should be used in method name.
- ✅ ImportContext#setImportLRT, getImportLRT - camelCase should be used in method name (maybe 'setImportTaskExecutor' can be used, is not task itself).
- ✅ ExportManager#BLANK_UUID - could by defined as UUID instead String - UUID.fromString(ExportManager.BLANK_UUID) will not be necessary(called in every usage).
- ✅ Nice hint._AbstractExportBulkAction#OWNER_TYPE - LookupService#getOwnerType method can be used instead hardcoded string._
- ✅ ReadDtoService#export - javadoc is missing
- ❓IdmFormInstanceDto - id was added equlas form definition id, so id should be consistent, if formdefinition is changed (set id together with form definition).
- :-) DefaultIdmImportLogService#toDto - the same note as here #2014 :)
- ❎ Use APP_ADMIN was a agreement. But in future can be this improve how you suggesting. DefaultImportManager#executeImport - is secured internally for admins. BasePermission can be added into api instead. Then can be used from controller layer only (=> the same pattern as other services). Maybe prepared CoreGroupPermission#EXPORTIMPORT group with ADMIN permission could be use too (prevent to any customer have some dangerous APP_ADMIN user).
- AbstractEntityInfo#getNiceLabel - UiUtils can be used for short text.

Commit: https://github.com/bcvsolutions/CzechIdMng/commit/115725b5db390b2d5940100c5de22d342f5a5351