Cybersecurity
DevOps Cloud
IT Operations Cloud
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC "policy-builder-dtd" "/root/designer/plugins/com.novell.idm.policybuilder_4.0.0.201505010256/DTD/dirxmlscript4.5.1.dtd"><policy>
<rule>
<description>If Active, set employeeStatus to A</description>
<conditions>
<and>
<if-op-attr mode="nocase" name="employeeStatus" op="changing-to">Active</if-op-attr>
</and>
</conditions>
<actions>
<do-reformat-op-attr name="employeeStatus">
<arg-value type="string">
<token-text xml:space="preserve">A</token-text>
</arg-value>
</do-reformat-op-attr>
</actions>
</rule>
<rule>
<description>If Inactive, set employeeStatus to I</description>
<conditions>
<and>
<if-op-attr mode="nocase" name="employeeStatus" op="changing-to">Inactive</if-op-attr>
</and>
</conditions>
<actions>
<do-reformat-op-attr name="employeeStatus">
<arg-value type="string">
<token-text xml:space="preserve">L</token-text>
</arg-value>
</do-reformat-op-attr>
</actions>
</rule>
<rule>
<description>If Terminated, set employeeStatus to T</description>
<conditions>
<and>
<if-op-attr mode="nocase" name="employeeStatus" op="changing-to">Terminated</if-op-attr>
</and>
</conditions>
<actions>
<do-reformat-op-attr name="employeeStatus">
<arg-value type="string">
<token-text xml:space="preserve">T</token-text>
</arg-value>
</do-reformat-op-attr>
<do-veto/>
</actions>
</rule>
</policy>
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC "policy-builder-dtd" "/root/designer/plugins/com.novell.idm.policybuilder_4.0.0.201505010256/DTD/dirxmlscript4.5.1.dtd"><policy>
<rule>
<description>reformat employeeStatus</description>
<comment xml:space="preserve">An attribute needs to be transformed from the application value to the vault value on adds, removes, and query responses.
Valid values should pass through, invalid values should be stripped out. If all values stripped out, the attribute itself should also go away.
If multiple values go through, all valid values should pass through, no invalid values should make it, and if any single value is stripped for being invalid, it alone should be stripped (leaving valid values alone).
0.1.20150701063000 - Initial version</comment>
Test cases with hr_status attribute:
<nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
<source>
<product build="20150417_0410" instance="employee-hr" version="4.0.1.0">DirXML Driver for JDBC</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="hr_pers" event-id="0" src-dn="HR_PERSID=248,table=HR_PERS">
<association state="associated">HR_PERSID=248,table=HR_PERS</association>
<attr attr-name="hr_status">
<value type="string">Active</value>
<value type="string">Junk</value>
</attr>
</instance>
<status event-id="0" level="success"></status>
</output>
</nds>
<nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
<source>
<product build="20150417_0410" instance="employee-hr" version="4.0.1.0">DirXML Driver for JDBC</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="hr_pers" event-id="0" src-dn="HR_PERSID=248,table=HR_PERS">
<association state="associated">HR_PERSID=248,table=HR_PERS</association>
<modify-attr attr-name="hr_status">
<remove-value>
<value type="string">Junk</value>
</remove-value>
<add-value>
<value type="string">Active</value>
</add-value>
</modify-attr>
</modify>
<status event-id="0" level="success"></status>
</input>
</nds>
<comment name="author" xml:space="preserve">Aaron Burgemeister</comment>
<comment name="version" xml:space="preserve">0.1.20150701063000</comment>
<comment name="lastchanged" xml:space="preserve">2015-07-01T06:30:00</comment>
<conditions>
<and/>
</conditions>
<actions>
<do-if>
<arg-conditions>
<and>
<if-class-name mode="nocase" op="equal">hr_pers</if-class-name>
</and>
</arg-conditions>
<arg-actions>
<do-set-local-variable name="map-attr-name" scope="policy">
<arg-string>
<token-text xml:space="preserve">hr_status</token-text>
</arg-string>
</do-set-local-variable>
<do-if>
<arg-conditions>
<and>
<if-op-attr name="$map-attr-name$" op="changing"/>
</and>
</arg-conditions>
<arg-actions>
<do-reformat-op-attr name="$map-attr-name$">
<arg-value type="string">
<token-map default-value="~drv.employee-hr.map-value-not-found~" dest="vaultvalue" src="appvalue" table="employee-state">
<token-local-variable name="current-value"/>
</token-map>
</arg-value>
</do-reformat-op-attr>
<do-if>
<arg-conditions>
<or>
<if-op-attr mode="nocase" name="$map-attr-name$" op="changing-from">~drv.employee-hr.map-value-not-found~</if-op-attr>
<if-op-attr mode="nocase" name="$map-attr-name$" op="changing-to">~drv.employee-hr.map-value-not-found~</if-op-attr>
</or>
</arg-conditions>
<arg-actions>
<do-trace-message level="1">
<arg-string>
<token-text xml:space="preserve">A value coming from the application was not found in the mapping table which means the mapping table must be updated. For now cleaning out the invalid value(s) to avoid problems later in this operation.</token-text>
</arg-string>
</do-trace-message>
<do-strip-xpath expression="*[@attr-name=$map-attr-name]/value[text()='~drv.employee-hr.map-value-not-found~']"/>
<do-strip-xpath expression="*[@attr-name=$map-attr-name]/add-value[value='~drv.employee-hr.map-value-not-found~']"/>
<do-strip-xpath expression="*[@attr-name=$map-attr-name]/remove-value[value='~drv.employee-hr.map-value-not-found~']"/>
<do-strip-xpath expression="*[@attr-name=$map-attr-name and not(*)]"/>
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
<arg-actions/>
</do-if>
</actions>
</rule>
</policy>