Add anonymized export of role mining data

1. Adding role mining data export using ninja (exportMining (supports json/xml)). 2. Adding role mining data export to the repository object section (action selector). 3. Adding inducements generator (for testing). 4. Minor edits.
Evolveum · Apr 28, 2023 · 699bb49 · 699bb49
1 parent de06daa
commit 699bb49
Show file tree

Hide file tree

Showing 18 changed files with 1,455 additions and 7 deletions.
diff --git a/...com/evolveum/midpoint/gui/api/component/mining/analyse/tools/RoleMiningDataGenerator.java b/...com/evolveum/midpoint/gui/api/component/mining/analyse/tools/RoleMiningDataGenerator.java
@@ -33,7 +33,7 @@
 
 public class RoleMiningDataGenerator {
 
-    int generateRolesGroupSize(int size) {
+    public int generateRolesGroupSize(int size) {
         ProbabilityGenerator probabilityGenerator = new ProbabilityGenerator();
         if (size >= 8) {
             probabilityGenerator.addGroupProbability(7, 0.2d);

diff --git a/...om/evolveum/midpoint/gui/api/component/mining/analyse/tools/prune/PruneDataGenerator.java b/...om/evolveum/midpoint/gui/api/component/mining/analyse/tools/prune/PruneDataGenerator.java
@@ -20,6 +20,7 @@
 
 import com.evolveum.midpoint.gui.api.component.mining.RoleMiningFilter;
 import com.evolveum.midpoint.gui.api.component.mining.analyse.tools.ProbabilityGenerator;
+import com.evolveum.midpoint.gui.api.component.mining.analyse.tools.RoleMiningDataGenerator;
 import com.evolveum.midpoint.gui.api.page.PageBase;
 import com.evolveum.midpoint.gui.api.component.mining.structure.ProbabilityStructure;
 import com.evolveum.midpoint.prism.Containerable;
@@ -107,6 +108,48 @@ public void assignRoles(List<PrismObject<UserType>> userList, List<PrismObject<R
         pageBase.showResult(result);
     }
 
+    public void assignInducements(List<PrismObject<RoleType>> rolesList, PageBase pageBase) {
+        OperationResult result = new OperationResult("Assign role");
+
+        for (PrismObject<RoleType> roleTypePrismObject : rolesList) {
+            if (!roleTypePrismObject.getName().toString().equals("Superuser")) {
+
+                if (roleTypePrismObject.asObjectable().getInducement().size() == 0) {
+                    int groupSize = new RoleMiningDataGenerator().generateRolesGroupSize(rolesList.size());
+
+                    int startIndex = new Random().nextInt(((rolesList.size() - groupSize)) + 1);
+
+                    for (int i = 0; i < groupSize; i++) {
+                        RoleType roleType = rolesList.get(startIndex + i).asObjectable();
+                        RoleType roleObject = roleTypePrismObject.asObjectable();
+
+                        if(roleType.equals(roleObject)){
+                            continue;
+                        }
+                        try {
+
+                            Task task = pageBase.createSimpleTask("Assign RoleType object");
+
+                            ObjectDelta<UserType> objectDelta = pageBase.getPrismContext().deltaFor(RoleType.class)
+                                    .item(RoleType.F_INDUCEMENT)
+                                    .add(ObjectTypeUtil.createAssignmentTo(roleType.getOid(),
+                                            ObjectTypes.ROLE, pageBase.getPrismContext()))
+                                    .asObjectDelta(roleObject.getOid());
+
+                            Collection<ObjectDelta<? extends ObjectType>> deltas = MiscSchemaUtil.createCollection(objectDelta);
+                            pageBase.getModelService().executeChanges(deltas, null, task, result);
+                        } catch (Throwable e) {
+                            LOGGER.error("Error while assign object {}, {}", roleObject, e.getMessage(), e);
+                        }
+
+                    }
+                }
+            }
+        }
+
+        result.computeStatusComposite();
+        pageBase.showResult(result);
+    }
     public void assignAuthorizationMultiple(List<PrismObject<RoleType>> rolesList, int maxAuthorizations, PageBase pageBase) {
 
         ArrayList<String> authorizationTemp = new ArrayList<>();

diff --git a/...ain/java/com/evolveum/midpoint/gui/impl/page/admin/role/panels/GenerateDataPanelRBAM.html b/...ain/java/com/evolveum/midpoint/gui/impl/page/admin/role/panels/GenerateDataPanelRBAM.html
@@ -45,6 +45,9 @@
             <button class="btn btn-default ml-4" wicket:id="unassign">
             </button>
 
+            <button class="btn btn-default ml-4" wicket:id="inducements">
+            </button>
+
             <button class="btn btn-default ml-4" wicket:id="assign_auth">
             </button>
 

diff --git a/...ain/java/com/evolveum/midpoint/gui/impl/page/admin/role/panels/GenerateDataPanelRBAM.java b/...ain/java/com/evolveum/midpoint/gui/impl/page/admin/role/panels/GenerateDataPanelRBAM.java
@@ -43,6 +43,7 @@ public class GenerateDataPanelRBAM extends BasePanel<String> implements Popupabl
     private static final String ID_USER_COUNT = "userCount";
     private static final String ID_ROLE_COUNT = "roleCount";
     private static final String ID_ASSIGN = "assign";
+    private static final String ID_ASSIGN_INDUCEMENTS = "inducements";
     private static final String ID_ASSIGN_AUTH = "assign_auth";
     private static final String ID_ASSIGN_AUTH_MULTIPLE = "assign_auth_multiple";
     private static final String ID_UNASSIGN = "unassign";
@@ -146,6 +147,16 @@ public void onClick(AjaxRequestTarget target) {
         ajaxLinkUnassign.setOutputMarkupId(true);
         form.add(ajaxLinkUnassign);
 
+        AjaxButton ajaxLinkAssignInducements = new AjaxButton(ID_ASSIGN_INDUCEMENTS, Model.of("Random assign inducements")) {
+            @Override
+            public void onClick(AjaxRequestTarget target) {
+                new PruneDataGenerator().assignInducements(new RoleMiningFilter().filterRoles(getPageBase()), getPageBase());
+                getPage().setResponsePage(PageRoleMiningRBAM.class);
+            }
+        };
+        ajaxLinkAssignInducements.setOutputMarkupId(true);
+        form.add(ajaxLinkAssignInducements);
+
         AjaxButton ajaxLinkUnassignAuth = new AjaxButton(ID_UNASSIGN_AUTH, Model.of("Unassign authorizations")) {
             @Override
             public void onClick(AjaxRequestTarget target) {

diff --git a/...java/com/evolveum/midpoint/gui/impl/page/admin/role/panels/tables/BasicTableSelector.html b/...java/com/evolveum/midpoint/gui/impl/page/admin/role/panels/tables/BasicTableSelector.html
@@ -19,7 +19,7 @@
                 </button>
             </div>
             <div >
-                <div wicket:id="datatable" class="col overflow-auto" style="height:900px; width:1500px"></div>
+                <div wicket:id="datatable" class="col overflow-auto" style="height:900px"></div>
             </div>
         </form>
 

diff --git a/...admin-gui/src/main/java/com/evolveum/midpoint/web/component/dialog/ExportMiningPanel.html b/...admin-gui/src/main/java/com/evolveum/midpoint/web/component/dialog/ExportMiningPanel.html
@@ -0,0 +1,94 @@
+<!--
+  ~ Copyright (C) 2010-2023 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
+<!DOCTYPE html>
+
+<wicket:panel xmlns:wicket="http://wicket.apache.org">
+
+
+    <p class="text-center" wicket:id="confirmText"/>
+
+
+    <wicket:fragment wicket:id="buttons">
+
+        <div class="d-flex flex-wrap gap-2 w-100">
+            <span class="col-3 d-flex justify-content-end">
+            <wicket:message key="roleMiningExportPanel.encryption.key.title"/>
+            </span>
+            <input class="form-control form-control-sm col-6" wicket:id="keyField" type="text"/>
+            <button type="button" class="btn btn-primary btn-sm" wicket:id="keyGenerateButton"></button>
+        </div>
+
+        <div class="d-flex flex-wrap gap-2 w-100">
+            <span class="col-3 d-flex justify-content-end">
+            <wicket:message key="roleMiningExportPanel.zip.format.title"/>
+            </span>
+            <input type="checkbox" wicket:id="zipCheckBox"/>
+        </div>
+
+
+        <form wicket:id="exportOptions" class="d-flex flex-wrap gap-2 w-100">
+
+
+            <div class="d-flex flex-wrap gap-2 w-100">
+                    <span class="col-3 d-flex justify-content-end">
+                        <wicket:message key="roleMiningExportPanel.application.role.label"/>
+                    </span>
+            </div>
+
+            <div class="d-flex flex-wrap gap-2 w-100">
+                    <span class="col-3 d-flex justify-content-end">
+                             <wicket:message key="roleMiningExportPanel.role.prefix.label"/>
+                    </span>
+                <input class="form-control form-control-sm col-6" placeholder="(none)" wicket:id="applicationPrefix" type="text"/>
+            </div>
+
+            <div class="d-flex flex-wrap gap-2 w-100">
+                    <span class="col-3 d-flex justify-content-end">
+                           <wicket:message key="roleMiningExportPanel.role.suffix.label"/>
+                    </span>
+                <input class="form-control form-control-sm col-6" placeholder="(none)" wicket:id="applicationSuffix" type="text"/>
+            </div>
+
+            <div class="d-flex flex-wrap gap-2 w-100">
+                    <span class="col-3 d-flex justify-content-end">
+                        <wicket:message key="roleMiningExportPanel.business.role.label"/>
+                    </span>
+            </div>
+
+            <div class="d-flex flex-wrap gap-2 w-100">
+                    <span class="col-3 d-flex justify-content-end">
+                          <wicket:message key="roleMiningExportPanel.role.prefix.label"/>
+                    </span>
+                <input class="form-control form-control-sm col-6" placeholder="(none)" wicket:id="businessPrefix" type="text"/>
+            </div>
+
+            <div class="d-flex flex-wrap gap-2 w-100">
+                    <span class="col-3 d-flex justify-content-end">
+                           <wicket:message key="roleMiningExportPanel.role.suffix.label"/>
+                    </span>
+                <input class="form-control form-control-sm col-6" placeholder="(none)" wicket:id="businessSuffix" type="text"/>
+            </div>
+
+            <div class="d-flex flex-wrap gap-2 w-100">
+                <div class="col-3 d-flex justify-content-end">
+                    <input class="btn btn-default btn-sm" wicket:id="submitExportOptions" type="submit" value="Edit options"/>
+                </div>
+            </div>
+
+        </form>
+
+
+        <div class="show-empty-button d-flex justify-content-center w-100" wicket:id="showAdditionalOptions"/>
+
+        <div class="d-flex justify-content-end gap-2 w-100">
+            <a class="btn btn-primary" wicket:id="yes"></a>
+            <a class="btn btn-default" wicket:id="no"></a>
+        </div>
+
+    </wicket:fragment>
+</wicket:panel>