File: | /home/mik/work/module/Tivoli/AccessManager/Admin/SSO/Group.pm |
Coverage: | 99.2% |
line | stmt | bran | cond | sub | pod | time | code |
---|---|---|---|---|---|---|---|
1 | package Tivoli::AccessManager::Admin::SSO::Group; | ||||||
2 | 15 15 15 | 178 67 232 | use strict; | ||||
3 | 15 15 15 | 236 68 230 | use warnings; | ||||
4 | 15 15 15 | 243 74 303 | use Carp; | ||||
5 | 15 15 15 | 246 66 295 | use Tivoli::AccessManager::Admin::Response; | ||||
6 | 15 15 15 | 187 82 244 | use Data::Dumper; | ||||
7 | |||||||
8 | #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | ||||||
9 | # $Id$ | ||||||
10 | #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | ||||||
11 | $Tivoli::AccessManager::Admin::SSO::Group::VERSION = '0.01'; | ||||||
12 | 15 | 211 | use Inline(C => 'DATA', | ||||
13 | INC => '-I/opt/PolicyDirector/include', | ||||||
14 | LIBS => ' -lpthread -lpdadminapi -lstdc++', | ||||||
15 | CCFLAGS => '-Wall', | ||||||
16 | # VERSION => '0.01', | ||||||
17 | NAME => 'Tivoli::AccessManager::Admin::SSO::Group', | ||||||
18 | 15 15 | 199 59 | ); | ||||
19 | |||||||
20 | sub new { | ||||||
21 | 22 | 1 | 327 | my $class = shift; | |||
22 | 22 | 128 | my $cont = shift; | ||||
23 | 22 | 103 | my ($name,$desc,$resources); | ||||
24 | 22 | 635 | unless ( defined($cont) and UNIVERSAL::isa($cont,'Tivoli::AccessManager::Admin::Context' ) ) { | ||||
25 | 3 | 77 | warn "Incorrect syntax -- did you forget the context?\n"; | ||||
26 | 3 | 30 | return undef; | ||||
27 | } | ||||||
28 | |||||||
29 | 19 | 265 | if ( @_ == 1 ) { | ||||
30 | 1 | 5 | $name = shift; | ||||
31 | 1 | 7 | $desc = ''; | ||||
32 | 1 | 4 | $resources = []; | ||||
33 | } | ||||||
34 | elsif ( @_ % 2 ) { | ||||||
35 | 1 | 19 | warn "Invalid parameter list -- please use a hash\n"; | ||||
36 | 1 | 14 | return undef; | ||||
37 | } | ||||||
38 | else { | ||||||
39 | 17 | 236 | my %opts = @_; | ||||
40 | 17 | 176 | $name = $opts{name} || ''; | ||||
41 | 17 | 190 | $desc = $opts{description} || ''; | ||||
42 | 17 | 315 | $resources = $opts{resources} || []; | ||||
43 | } | ||||||
44 | |||||||
45 | 18 | 252 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
46 | |||||||
47 | 18 | 241 | my $self = bless {}, $class; | ||||
48 | 18 | 144 | $self->{name} = $name; | ||||
49 | 18 | 122 | $self->{description} = $desc; | ||||
50 | 18 18 | 80 145 | for ( @{$resources} ) { | ||||
51 | 20 20 | 82 262 | push @{$self->{resources}}, ref($_) ? $_->name : $_; | ||||
52 | } | ||||||
53 | 18 | 119 | $self->{context} = $cont; | ||||
54 | 18 | 93 | $self->{exist} = 0; | ||||
55 | |||||||
56 | 18 | 125 | if ($self->{name}) { | ||||
57 | 15 | 839087 | $self->{exist} = $self->ssogroup_get($resp); | ||||
58 | 15 | 512 | if ( $resp->isok ) { | ||||
59 | 2 | 232 | $self->{description} = $self->ssogroup_getdescription(); | ||||
60 | 2 2 | 156 97 | @{$self->{resources}} = $self->ssogroup_getresources(); | ||||
61 | } | ||||||
62 | } | ||||||
63 | |||||||
64 | 18 | 245 | return $self; | ||||
65 | } | ||||||
66 | |||||||
67 | sub create { | ||||||
68 | 17 | 1 | 453 | my $self = shift; | |||
69 | 17 | 267 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
70 | 17 | 114 | my ($name,$desc); | ||||
71 | |||||||
72 | 17 | 162 | unless ( ref( $self ) ) { | ||||
73 | 6 | 42 | my $pd = shift; | ||||
74 | 6 | 86 | $self = $self->new( $pd, @_ ); | ||||
75 | 6 | 234 | unless (defined $self) { | ||||
76 | 1 | 14 | $resp->set_message("Couldn't instatiate the resource"); | ||||
77 | 1 | 10 | $resp->set_isok(0); | ||||
78 | 1 | 10 | return $resp; | ||||
79 | } | ||||||
80 | } | ||||||
81 | |||||||
82 | 16 | 243 | if ( @_ == 1 ) { | ||||
83 | 1 | 9 | $self->{name} = shift; | ||||
84 | } | ||||||
85 | elsif ( @_ % 2 ) { | ||||||
86 | 1 | 17 | $resp->set_message("Invalid parameter list -- please use a hash"); | ||||
87 | 1 | 18 | $resp->set_isok(0); | ||||
88 | 1 | 11 | return $resp; | ||||
89 | } | ||||||
90 | else { | ||||||
91 | 14 | 176 | my %opts = @_; | ||||
92 | 14 | 266 | $self->{name} = $opts{name} || $self->{name} || ''; | ||||
93 | 14 | 253 | $self->{description} = $opts{description} || $self->{description} || ''; | ||||
94 | 14 | 346 | $self->{resources} = $opts{resources} || $self->{resources} || []; | ||||
95 | } | ||||||
96 | |||||||
97 | 15 | 153 | unless ( $self->{name} ) { | ||||
98 | 1 | 25 | $resp->set_message("I cannot create an unnamed GSO group"); | ||||
99 | 1 | 18 | $resp->set_isok(0); | ||||
100 | 1 | 17 | return $resp; | ||||
101 | } | ||||||
102 | |||||||
103 | 14 | 152 | if ( $self->exist ) { | ||||
104 | 1 | 14 | $resp->set_message("The GSO group " . $self->name . " already exists"); | ||||
105 | 1 | 15 | $resp->set_value($self); | ||||
106 | 1 | 16 | $resp->set_iswarning(1); | ||||
107 | 1 | 9 | return $resp; | ||||
108 | } | ||||||
109 | |||||||
110 | 13 | 863749 | my $rc = $self->ssogroup_create($resp); | ||||
111 | 13 | 443 | return $resp unless $resp->isok; | ||||
112 | 12 | 141 | $self->{exist} = $rc; | ||||
113 | |||||||
114 | # If we have been provided resources on the create call, add them here | ||||||
115 | 12 | 136 | if ( $self->{resources} ) { | ||||
116 | 11 | 169 | $resp = $self->resources( add => $self->{resources} ); | ||||
117 | 11 | 85 | $resp = $self->get; | ||||
118 | } | ||||||
119 | |||||||
120 | 12 | 216 | $resp->set_value($self); | ||||
121 | 12 | 149 | return $resp; | ||||
122 | } | ||||||
123 | |||||||
124 | sub delete { | ||||||
125 | 14 | 1 | 192 | my $self = shift; | |||
126 | 14 | 239 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
127 | |||||||
128 | 14 | 156 | unless ( $self->exist ) { | ||||
129 | 1 | 13 | $resp->set_message("The GSO group " . $self->name . " doesn't exist"); | ||||
130 | 1 | 14 | $resp->set_isok(0); | ||||
131 | 1 | 10 | return $resp; | ||||
132 | } | ||||||
133 | |||||||
134 | 13 | 1100229 | my $rc = $self->ssogroup_delete($resp); | ||||
135 | 13 | 315 | if ($rc) { | ||||
136 | 12 | 269 | $self->{exist} = 0; | ||||
137 | } | ||||||
138 | 13 | 339 | $resp->set_value($rc); | ||||
139 | 13 | 221 | return $resp; | ||||
140 | } | ||||||
141 | |||||||
142 | sub list { | ||||||
143 | 4 | 1 | 33 | my $class = shift; | |||
144 | 4 | 56 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
145 | 4 | 15 | my $pd; | ||||
146 | |||||||
147 | # I want this to be called as either Tivoli::AccessManager::Admin::User->list or | ||||||
148 | # $self->list | ||||||
149 | 4 | 28 | if ( ref($class) ) { | ||||
150 | 1 | 8 | $pd = $class->{context}; | ||||
151 | } | ||||||
152 | else { | ||||||
153 | 3 | 17 | $pd = shift; | ||||
154 | } | ||||||
155 | 4 | 79 | unless ( defined($pd) and UNIVERSAL::isa($pd,'Tivoli::AccessManager::Admin::Context' ) ) { | ||||
156 | 2 | 25 | $resp->set_message("Incorrect syntax -- did you forget the context?"); | ||||
157 | 2 | 20 | $resp->set_isok(0); | ||||
158 | 2 | 14 | return $resp; | ||||
159 | } | ||||||
160 | |||||||
161 | 2 | 103761 | my @rc = ssogroup_list($pd,$resp); | ||||
162 | 2 | 67 | $resp->isok() && $resp->set_value( $rc[0],\@rc ); | ||||
163 | 2 | 28 | return $resp; | ||||
164 | } | ||||||
165 | |||||||
166 | sub resources { | ||||||
167 | 22 | 1 | 166 | my $self = shift; | |||
168 | 22 | 127 | my (@resources,$rc); | ||||
169 | 22 | 331 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
170 | |||||||
171 | 22 | 377 | my %dispatch = ( add => \&ssogroup_addresource, | ||||
172 | remove => \&ssogroup_removeresource | ||||||
173 | ); | ||||||
174 | |||||||
175 | 22 | 237 | if ( @_ % 2 ) { | ||||
176 | 1 | 12 | $resp->set_message("Invalid syntax"); | ||||
177 | 1 | 9 | $resp->set_isok(0); | ||||
178 | 1 | 10 | return $resp; | ||||
179 | } | ||||||
180 | 21 | 150 | my %opts = @_; | ||||
181 | |||||||
182 | 21 | 186 | for my $op ( qw/remove add/ ) { | ||||
183 | 42 | 368 | next unless defined $opts{$op}; | ||||
184 | 15 13 | 161 139 | for my $rsc ( ref($opts{$op}) ? @{$opts{$op}} : $opts{$op} ) { | ||||
185 | 28 | 382 | for my $resource ( ref($rsc) ? $rsc->name : $rsc ) { | ||||
186 | 28 | 1498459 | $rc = $dispatch{$op}->($self,$resp,$resource); | ||||
187 | 28 | 914 | return $resp unless $resp->isok; | ||||
188 | } | ||||||
189 | } | ||||||
190 | 14 | 194 | $resp = $self->get; | ||||
191 | } | ||||||
192 | |||||||
193 | 20 | 2777 | @resources = $self->ssogroup_getresources(); | ||||
194 | 20 | 293 | $resp->isok and $resp->set_value($resources[0], \@resources); | ||||
195 | |||||||
196 | 20 | 310 | return $resp; | ||||
197 | } | ||||||
198 | |||||||
199 | sub get { | ||||||
200 | 26 | 1 | 317 | my $self = shift; | |||
201 | 26 | 352 | my $resp = Tivoli::AccessManager::Admin::Response->new; | ||||
202 | 26 | 147 | my $rc; | ||||
203 | |||||||
204 | 26 | 243 | unless ( $self->exist ) { | ||||
205 | 1 | 10 | $resp->set_message( "The GSO groups doesn't exist"); | ||||
206 | 1 | 10 | $resp->set_isok(0); | ||||
207 | 1 | 8 | return $resp; | ||||
208 | } | ||||||
209 | |||||||
210 | 25 | 1290446 | $rc = $self->ssogroup_get($resp); | ||||
211 | 25 | 713 | return $resp; | ||||
212 | } | ||||||
213 | |||||||
214 | 4 | 1 | 81 | sub description { return $_[0]->{description} } | |||
215 | 8 | 1 | 219 | sub name { return $_[0]->{name} } | |||
216 | 58 | 1 | 961 | sub exist { return $_[0]->{exist} } | |||
217 | |||||||
218 | sub DESTROY { | ||||||
219 | 18 | 133 | my $self = shift; | ||||
220 | 18 | 342 | $self->_ssogroupfree(); | ||||
221 | } | ||||||
222 | |||||||
223 | 1; | ||||||
224 | |||||||
225 - 432 | =head1 NAME Tivoli::AccessManager::Admin::SSO::Group =head1 SYNOPSIS =head1 DESCRIPTION L<Tivoli::AccessManager::Admin::SSO::Group> provides the interface to modify, create and delete GSO cred groups. =head1 CONSTRUCTORS =head2 new(PDADMIN[,name =E<gt> STRING, description =E<gt> STRING, resources =E<gt> RESOURCES]) Initializes a blessed L<Tivoli::AccessManager::Admin::SSO::Group> object. =head3 Parameters =over 4 =item PDADMIN An initialized L<Tivoli::AccessManager::Admin::Context> object. As with every other class, the only way to change the context is to destroy the L<Tivoli::AccessManager::Admin::SSO::Cred> object and recreate it with the new context. This parameter is required. =item name =E<gt> STRING The name of the GSO resource group. This is optional. If provided, the module will attempt to determine if a resource group of the same name already exists. =item description =E<gt> STRING A description for the resource group. This is completely optional. =item resources =E<gt> RESOURCES Some GSO resources to be added to the group. This can be just about anything you want. It can consist of a scalar or a list. The scalar can be a simple string -- the name of the resource -- or it can be either a L<Tivoli::AccessManager::Admin::SSO::Cred> or L<Tivoli::AccessManager::Admin::SSO::Web> object. =back =head3 Returns A fully blessed L<Tivoli::AccessManager::Admin::SSO::Cred> object under normal circumstances, undef otherwise. Since no TAM API calls are made by this method, "otherwise" can loosely be defined as "syntax error". =head2 create(PDADMIN,name =E<gt> STRING[,description =E<gt> STRING,resources =E<gt> RESOURCES]) Does the same thing as L</"new">, and creates the GSO group as well. =head3 Parameters See the parameter list for L</"new">. The only difference is that the name of the resource group is now required. =head3 Returns A L<Tivoli::AccessManager::Admin::Response> object indicating the success or failure of the create operation. If it could be created, the new L<Tivoli::AccessManager::Admin::SSO::Group> object will be embedded in the response object as well. If you are adding resources at create time, do be aware that this is not an atomic operation -- the resource group can be created by adding the resources can fail. =head1 CLASS METHODS =head2 list(PDADMIN) Lists all GSO resource groups. =head2 Parameters =over 4 =item PDADMIN An initialized L<Tivoli::AccessManager::Admin::Context> object. =back =head3 Returns A list of all the resource groups defined in TAM. This list may be empty. This list is, of course, embedded in a L<Tivoli::AccessManager::Admin::Response> object. =head1 METHODS The standard disclaimer. All the methods will return a L<Tivoli::AccessManager::Admin::Response> object unless specifically stated otherwise. See the documentation for that module on how to coax the values out. The methods also follow the same basic pattern. If an optional parameter is provided, it will have the affect of setting the attribute. All method calls will embed the results of a 'get' in the L<Tivoli::AccessManager::Admin::Response> object. =head2 create([name =E<gt> STRING, description =E<gt> STRING, resources =E<gt> RESOURCES]) As you might expect, create can also be used as a method call. =head3 Parameters See L</"new"> for a full description. The name parameter is required only if it was not provided to L</"new"> =head3 Returns The success or failure of the operation. =head2 delete Deletes the GSO resource group. =head3 Parameters None. =head3 Returns The success or failure of the operation. =head2 resources( [add =E<gt> RESOURCES, remove =E<gt> RESOURCES] ); Adds or removes resources from the resource group. =head3 Parameters =over 4 =item add =E<gt> RESOURCES Adds the named resources to the group. As with L</"create"> and L</"new">, the RESOURCES can be a single value or a list, a list of names or objects or some combination there of. =item remove =E<gt> RESOURCES Removes the named resources from the group. As with L</"create"> and L</"new">, the RESOURCES can be a single value or a list, a list of names or objects or some combination there of. If both add and remove are provided, the removes will be processed before the adds. =back =head3 Returns The success or failure of the operations and the current list (ie, the list of resource after all the operations) of resources in the group. =head2 get Updates the underlying API structure. You should almost never, ever need to call this directly. =head3 Parameters None. =head2 Returns The failure or success of the operation. The following methods are read only. They do NOT return their data in L<Tivoli::AccessManager::Admin::Response> object. =head2 name Returns the name of the resource group. =head2 exist Returns 1 if the resource group exists, 0 otherwise. =head1 ACKNOWLEDGEMENTS See L<Tivoli::AccessManager::Admin> for the list. This was not possible without the help of a bunch of people smarter than I. =head1 BUGS None known. =head1 TODO =head1 AUTHOR Mik Firestone E<lt>mikfire@gmail.comE<gt> =head1 COPYRIGHT Copyright (c) 2006-2013 Mik Firestone. All rights reserved. This program is free software; you can redistibute it and/or modify it under the same terms as Perl itself. All references to TAM, Tivoli Access Manager, etc are copyrighted, trademarked and otherwise patented by IBM. =cut | ||||||
433 |