File Coverage

File:/home/mik/work/module/Tivoli/AccessManager/Admin/SSO/Group.pm
Coverage:99.2%

linestmtbrancondsubpodtimecode
1package Tivoli::AccessManager::Admin::SSO::Group;
2
15
15
15
178
67
232
use strict;
3
15
15
15
236
68
230
use warnings;
4
15
15
15
243
74
303
use Carp;
5
15
15
15
246
66
295
use Tivoli::AccessManager::Admin::Response;
6
15
15
15
187
82
244
use Data::Dumper;
7
8#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
9# $Id$
10#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
11$Tivoli::AccessManager::Admin::SSO::Group::VERSION = '0.01';
12
15
211
use Inline(C => 'DATA',
13                INC => '-I/opt/PolicyDirector/include',
14                LIBS => ' -lpthread -lpdadminapi -lstdc++',
15                CCFLAGS => '-Wall',
16# VERSION => '0.01',
17                NAME => 'Tivoli::AccessManager::Admin::SSO::Group',
18
15
15
199
59
           );
19
20sub new {
21
22
1
327
    my $class = shift;
22
22
128
    my $cont = shift;
23
22
103
    my ($name,$desc,$resources);
24
22
635
    unless ( defined($cont) and UNIVERSAL::isa($cont,'Tivoli::AccessManager::Admin::Context' ) ) {
25
3
77
        warn "Incorrect syntax -- did you forget the context?\n";
26
3
30
        return undef;
27    }
28
29
19
265
    if ( @_ == 1 ) {
30
1
5
        $name = shift;
31
1
7
        $desc = '';
32
1
4
        $resources = [];
33    }
34    elsif ( @_ % 2 ) {
35
1
19
        warn "Invalid parameter list -- please use a hash\n";
36
1
14
        return undef;
37    }
38    else {
39
17
236
        my %opts = @_;
40
17
176
        $name = $opts{name} || '';
41
17
190
        $desc = $opts{description} || '';
42
17
315
        $resources = $opts{resources} || [];
43    }
44
45
18
252
    my $resp = Tivoli::AccessManager::Admin::Response->new();
46
47
18
241
    my $self = bless {}, $class;
48
18
144
    $self->{name} = $name;
49
18
122
    $self->{description} = $desc;
50
18
18
80
145
    for ( @{$resources} ) {
51
20
20
82
262
        push @{$self->{resources}}, ref($_) ? $_->name : $_;
52    }
53
18
119
    $self->{context} = $cont;
54
18
93
    $self->{exist} = 0;
55
56
18
125
    if ($self->{name}) {
57
15
839087
        $self->{exist} = $self->ssogroup_get($resp);
58
15
512
        if ( $resp->isok ) {
59
2
232
            $self->{description} = $self->ssogroup_getdescription();
60
2
2
156
97
            @{$self->{resources}} = $self->ssogroup_getresources();
61        }
62    }
63
64
18
245
    return $self;
65}
66
67sub create {
68
17
1
453
    my $self = shift;
69
17
267
    my $resp = Tivoli::AccessManager::Admin::Response->new();
70
17
114
    my ($name,$desc);
71
72
17
162
    unless ( ref( $self ) ) {
73
6
42
        my $pd = shift;
74
6
86
        $self = $self->new( $pd, @_ );
75
6
234
        unless (defined $self) {
76
1
14
            $resp->set_message("Couldn't instatiate the resource");
77
1
10
            $resp->set_isok(0);
78
1
10
            return $resp;
79        }
80    }
81
82
16
243
    if ( @_ == 1 ) {
83
1
9
        $self->{name} = shift;
84    }
85    elsif ( @_ % 2 ) {
86
1
17
        $resp->set_message("Invalid parameter list -- please use a hash");
87
1
18
        $resp->set_isok(0);
88
1
11
        return $resp;
89    }
90    else {
91
14
176
        my %opts = @_;
92
14
266
        $self->{name} = $opts{name} || $self->{name} || '';
93
14
253
        $self->{description} = $opts{description} || $self->{description} || '';
94
14
346
        $self->{resources} = $opts{resources} || $self->{resources} || [];
95    }
96
97
15
153
    unless ( $self->{name} ) {
98
1
25
        $resp->set_message("I cannot create an unnamed GSO group");
99
1
18
        $resp->set_isok(0);
100
1
17
        return $resp;
101    }
102
103
14
152
    if ( $self->exist ) {
104
1
14
        $resp->set_message("The GSO group " . $self->name . " already exists");
105
1
15
        $resp->set_value($self);
106
1
16
        $resp->set_iswarning(1);
107
1
9
        return $resp;
108    }
109
110
13
863749
    my $rc = $self->ssogroup_create($resp);
111
13
443
    return $resp unless $resp->isok;
112
12
141
    $self->{exist} = $rc;
113
114    # If we have been provided resources on the create call, add them here
115
12
136
    if ( $self->{resources} ) {
116
11
169
        $resp = $self->resources( add => $self->{resources} );
117
11
85
        $resp = $self->get;
118    }
119
120
12
216
    $resp->set_value($self);
121
12
149
    return $resp;
122}
123
124sub delete {
125
14
1
192
    my $self = shift;
126
14
239
    my $resp = Tivoli::AccessManager::Admin::Response->new();
127
128
14
156
    unless ( $self->exist ) {
129
1
13
        $resp->set_message("The GSO group " . $self->name . " doesn't exist");
130
1
14
        $resp->set_isok(0);
131
1
10
        return $resp;
132    }
133
134
13
1100229
    my $rc = $self->ssogroup_delete($resp);
135
13
315
    if ($rc) {
136
12
269
        $self->{exist} = 0;
137    }
138
13
339
    $resp->set_value($rc);
139
13
221
    return $resp;
140}
141
142sub list {
143
4
1
33
    my $class = shift;
144
4
56
    my $resp = Tivoli::AccessManager::Admin::Response->new();
145
4
15
    my $pd;
146
147    # I want this to be called as either Tivoli::AccessManager::Admin::User->list or
148    # $self->list
149
4
28
    if ( ref($class) ) {
150
1
8
        $pd = $class->{context};
151    }
152    else {
153
3
17
        $pd = shift;
154    }
155
4
79
    unless ( defined($pd) and UNIVERSAL::isa($pd,'Tivoli::AccessManager::Admin::Context' ) ) {
156
2
25
        $resp->set_message("Incorrect syntax -- did you forget the context?");
157
2
20
        $resp->set_isok(0);
158
2
14
        return $resp;
159    }
160
161
2
103761
    my @rc = ssogroup_list($pd,$resp);
162
2
67
    $resp->isok() && $resp->set_value( $rc[0],\@rc );
163
2
28
    return $resp;
164}
165
166sub resources {
167
22
1
166
    my $self = shift;
168
22
127
    my (@resources,$rc);
169
22
331
    my $resp = Tivoli::AccessManager::Admin::Response->new();
170
171
22
377
    my %dispatch = ( add => \&ssogroup_addresource,
172                     remove => \&ssogroup_removeresource
173                 );
174
175
22
237
    if ( @_ % 2 ) {
176
1
12
        $resp->set_message("Invalid syntax");
177
1
9
        $resp->set_isok(0);
178
1
10
        return $resp;
179    }
180
21
150
    my %opts = @_;
181
182
21
186
    for my $op ( qw/remove add/ ) {
183
42
368
        next unless defined $opts{$op};
184
15
13
161
139
        for my $rsc ( ref($opts{$op}) ? @{$opts{$op}} : $opts{$op} ) {
185
28
382
            for my $resource ( ref($rsc) ? $rsc->name : $rsc ) {
186
28
1498459
                $rc = $dispatch{$op}->($self,$resp,$resource);
187
28
914
                return $resp unless $resp->isok;
188            }
189        }
190
14
194
        $resp = $self->get;
191    }
192
193
20
2777
    @resources = $self->ssogroup_getresources();
194
20
293
    $resp->isok and $resp->set_value($resources[0], \@resources);
195
196
20
310
    return $resp;
197}
198
199sub get {
200
26
1
317
    my $self = shift;
201
26
352
    my $resp = Tivoli::AccessManager::Admin::Response->new;
202
26
147
    my $rc;
203
204
26
243
    unless ( $self->exist ) {
205
1
10
        $resp->set_message( "The GSO groups doesn't exist");
206
1
10
        $resp->set_isok(0);
207
1
8
        return $resp;
208    }
209
210
25
1290446
    $rc = $self->ssogroup_get($resp);
211
25
713
    return $resp;
212}
213
214
4
1
81
sub description { return $_[0]->{description} }
215
8
1
219
sub name { return $_[0]->{name} }
216
58
1
961
sub exist { return $_[0]->{exist} }
217
218sub DESTROY {
219
18
133
    my $self = shift;
220
18
342
    $self->_ssogroupfree();
221}
222
2231;
224
225 - 432
=head1 NAME

Tivoli::AccessManager::Admin::SSO::Group

=head1 SYNOPSIS

=head1 DESCRIPTION

L<Tivoli::AccessManager::Admin::SSO::Group> provides the interface to modify, create and delete
GSO cred groups.

=head1 CONSTRUCTORS

=head2 new(PDADMIN[,name =E<gt> STRING, description =E<gt> STRING, resources =E<gt> RESOURCES])

Initializes a blessed L<Tivoli::AccessManager::Admin::SSO::Group> object.

=head3 Parameters

=over 4

=item PDADMIN

An initialized L<Tivoli::AccessManager::Admin::Context> object.  As with every other class, the
only way to change the context is to destroy the L<Tivoli::AccessManager::Admin::SSO::Cred>
object and recreate it with the new context.  This parameter is required.

=item name =E<gt> STRING

The name of the GSO resource group.  This is optional.  If provided, the
module will attempt to determine if a resource group of the same name already
exists.

=item description =E<gt> STRING

A description for the resource group.  This is completely optional.

=item resources =E<gt> RESOURCES

Some GSO resources to be added to the group.  This can be just about anything
you want.  It can consist of a scalar or a list.  The scalar can be a simple
string -- the name of the resource -- or it can be either a
L<Tivoli::AccessManager::Admin::SSO::Cred> or L<Tivoli::AccessManager::Admin::SSO::Web> object.

=back

=head3 Returns

A fully blessed L<Tivoli::AccessManager::Admin::SSO::Cred> object under normal circumstances,
undef otherwise.  Since no TAM API calls are made by this method, "otherwise" can
loosely be defined as "syntax error".

=head2 create(PDADMIN,name =E<gt> STRING[,description =E<gt> STRING,resources =E<gt> RESOURCES])

Does the same thing as L</"new">, and creates the GSO group as well.

=head3 Parameters

See the parameter list for L</"new">.  The only difference is that the name of
the resource group is now required.

=head3 Returns


A L<Tivoli::AccessManager::Admin::Response> object indicating the success or failure of the
create operation.  If it could be created, the new L<Tivoli::AccessManager::Admin::SSO::Group>
object will be embedded in the response object as well.

If you are adding resources at create time, do be aware that this is not an
atomic operation -- the resource group can be created by adding the resources
can fail.

=head1 CLASS METHODS

=head2 list(PDADMIN)

Lists all GSO resource groups.

=head2 Parameters

=over 4

=item PDADMIN

An initialized L<Tivoli::AccessManager::Admin::Context> object.  

=back

=head3 Returns

A list of all the resource groups defined in TAM.  This list may be empty.  

This list is, of course, embedded in a L<Tivoli::AccessManager::Admin::Response> object.

=head1 METHODS

The standard disclaimer.  All the methods will return a
L<Tivoli::AccessManager::Admin::Response> object unless specifically stated otherwise.  See the
documentation for that module on how to coax the values out.

The methods also follow the same basic pattern.  If an optional parameter is
provided, it will have the affect of setting the attribute.  All method calls
will embed the results of a 'get' in the L<Tivoli::AccessManager::Admin::Response> object.

=head2 create([name =E<gt> STRING, description =E<gt> STRING, resources =E<gt> RESOURCES])

As you might expect, create can also be used as a method call.

=head3 Parameters

See L</"new"> for a full description.  The name parameter is required only if
it was not provided to L</"new">

=head3 Returns

The success or failure of the operation.

=head2 delete

Deletes the GSO resource group.

=head3 Parameters

None.

=head3 Returns

The success or failure of the operation.

=head2 resources( [add =E<gt> RESOURCES, remove =E<gt> RESOURCES] );

Adds or removes resources from the resource group.

=head3 Parameters

=over 4

=item add =E<gt> RESOURCES

Adds the named resources to the group.  As with L</"create"> and L</"new">,
the RESOURCES can be a single value or a list, a list of names or objects or
some combination there of.

=item remove =E<gt> RESOURCES

Removes the named resources from the group.  As with L</"create"> and L</"new">,
the RESOURCES can be a single value or a list, a list of names or objects or
some combination there of.

If both add and remove are provided, the removes will be processed before the
adds.

=back

=head3 Returns

The success or failure of the operations and the current list (ie, the list of
resource after all the operations) of resources in the group.

=head2 get

Updates the underlying API structure.  You should almost never, ever need to
call this directly.

=head3 Parameters

None.

=head2 Returns

The failure or success of the operation.

The following methods are read only.  They do NOT return their data in 
L<Tivoli::AccessManager::Admin::Response> object.

=head2 name

Returns the name of the resource group.

=head2 exist

Returns 1 if the resource group exists, 0 otherwise.

=head1 ACKNOWLEDGEMENTS

See L<Tivoli::AccessManager::Admin> for the list.  This was not possible without the help of a
bunch of people smarter than I.

=head1 BUGS

None known.

=head1 TODO

=head1 AUTHOR

Mik Firestone E<lt>mikfire@gmail.comE<gt>

=head1 COPYRIGHT

Copyright (c) 2006-2013 Mik Firestone.  All rights reserved.  This program is
free software; you can redistibute it and/or modify it under the same terms as
Perl itself.

All references to TAM, Tivoli Access Manager, etc are copyrighted, trademarked
and otherwise patented by IBM.

=cut
433