Merge pull request #79 from yannick-beot-sp/feature/read-only

⭐ Lock tenant as read-only to prevent any change (cf. #75)

CHANGELOG.md

@@ -14,6 +14,7 @@ This changelog is following the recommended format by [keepachangelog](https://k
 
 - Add searching and viewing identities by [@henrique-quintino-sp](https://github.com/henrique-quintino-sp) (cf. [#74](https://github.com/yannick-beot-sp/vscode-sailpoint-identitynow/pull/74))
 - Add attribute sync, process and delete command on identities by [@henrique-quintino-sp](https://github.com/henrique-quintino-sp) (cf. [#74](https://github.com/yannick-beot-sp/vscode-sailpoint-identitynow/pull/74))
+- Lock tenant as read-only to prevent any change (cf. [#75](https://github.com/yannick-beot-sp/vscode-sailpoint-identitynow/issues/75))
 
 ### Fixed
 

README.md

@@ -306,6 +306,7 @@ The patterns defined above use the following tokens:
 - Add searching and viewing identities by [@henrique-quintino-sp](https://github.com/henrique-quintino-sp) (cf. [#74](https://github.com/yannick-beot-sp/vscode-sailpoint-identitynow/pull/74))
 - Add attribute sync, process and delete command on identities by [@henrique-quintino-sp](https://github.com/henrique-quintino-sp) (cf. [#74](https://github.com/yannick-beot-sp/vscode-sailpoint-identitynow/pull/74))
 - Fixed normalizeNames (cf. [#73](https://github.com/yannick-beot-sp/vscode-sailpoint-identitynow/issues/73))
+- Lock tenant as read-only to prevent any change (cf. [#75](https://github.com/yannick-beot-sp/vscode-sailpoint-identitynow/issues/75))
 
 ## 1.2.0
 

package.json

@@ -72,6 +72,16 @@
         "title": "ISC: Add tenant...",
         "icon": "$(add)"
       },
+      {
+        "command": "vscode-sailpoint-identitynow.tenant.set-writable",
+        "title": "Read-only",
+        "icon": "$(lock)"
+      },
+      {
+        "command": "vscode-sailpoint-identitynow.tenant.set-readonly",
+        "title": "writable",
+        "icon": "$(unlock)"
+      },
       {
         "command": "vscode-sailpoint-identitynow.remove-tenant",
         "title": "Remove tenant"
@@ -126,6 +136,10 @@
         "title": "ISC: Import config...",
         "icon": "$(import)"
       },
+      {
+        "command": "vscode-sailpoint-identitynow.modified-resource",
+        "title": "Modified resource"
+      },
       {
         "command": "vscode-sailpoint-identitynow.refresh-forced",
         "title": "ISC: Refresh",
@@ -514,10 +528,22 @@
     ],
     "menus": {
       "commandPalette": [
+        {
+          "command": "vscode-sailpoint-identitynow.modified-resource",
+          "when": "never"
+        },
         {
           "command": "vscode-sailpoint-identitynow.refresh",
           "when": "never"
         },
+        {
+          "command": "vscode-sailpoint-identitynow.tenant.set-readonly",
+          "when": "never"
+        },
+        {
+          "command": "vscode-sailpoint-identitynow.tenant.set-writable",
+          "when": "never"
+        },
         {
           "command": "vscode-sailpoint-identitynow.rename-tenant",
           "when": "never"
@@ -850,38 +876,48 @@
         },
         {
           "command": "vscode-sailpoint-identitynow.remove-tenant",
-          "when": "view == vscode-sailpoint-identitynow.view && viewItem == tenant"
+          "when": "view == vscode-sailpoint-identitynow.view && viewItem =~ /^tenant/"
+        },
+        {
+          "command": "vscode-sailpoint-identitynow.tenant.set-readonly",
+          "when": "view == vscode-sailpoint-identitynow.view && viewItem == tenantWritable",
+          "group": "inline@1"
+        },
+        {
+          "command": "vscode-sailpoint-identitynow.tenant.set-writable",
+          "when": "view == vscode-sailpoint-identitynow.view && viewItem == tenantReadOnly",
+          "group": "inline@1"
         },
         {
           "command": "vscode-sailpoint-identitynow.rename-tenant",
-          "when": "view == vscode-sailpoint-identitynow.view && viewItem == tenant"
+          "when": "view == vscode-sailpoint-identitynow.view && viewItem =~ /^tenant/"
         },
         {
           "command": "vscode-sailpoint-identitynow.tenant.edit.public-identities-config",
-          "when": "view == vscode-sailpoint-identitynow.view && viewItem == tenant"
+          "when": "view == vscode-sailpoint-identitynow.view && viewItem =~ /^tenant/"
         },
         {
           "command": "vscode-sailpoint-identitynow.tenant.edit.access-request-config",
-          "when": "view == vscode-sailpoint-identitynow.view && viewItem == tenant"
+          "when": "view == vscode-sailpoint-identitynow.view && viewItem =~ /^tenant/"
         },
         {
           "command": "vscode-sailpoint-identitynow.tenant.edit.password-org-config",
-          "when": "view == vscode-sailpoint-identitynow.view && viewItem == tenant",
+          "when": "view == vscode-sailpoint-identitynow.view && viewItem =~ /^tenant/",
           "group": "password"
         },
         {
           "command": "vscode-sailpoint-identitynow.tenant.generate-digit-token",
-          "when": "view == vscode-sailpoint-identitynow.view && viewItem == tenant",
+          "when": "view == vscode-sailpoint-identitynow.view && viewItem =~ /^tenant/",
           "group": "password"
         },
         {
           "command": "vscode-sailpoint-identitynow.export-config.view",
-          "when": "view == vscode-sailpoint-identitynow.view && viewItem == tenant",
+          "when": "view == vscode-sailpoint-identitynow.view && viewItem =~ /^tenant/",
           "group": "config"
         },
         {
           "command": "vscode-sailpoint-identitynow.import-config.view",
-          "when": "view == vscode-sailpoint-identitynow.view && viewItem == tenant",
+          "when": "view == vscode-sailpoint-identitynow.view && viewItem =~ /^tenant/",
           "group": "config"
         },
         {

src/ISCUriHandler.ts

@@ -63,7 +63,8 @@ export class ISCUriHandler implements vscode.UriHandler {
                 id: tenantId,
                 name: q.displayName ?? q.tenantName,
                 tenantName: normalizedTenantName,
-                authenticationMethod: (q.authenticationMethod.toLowerCase() === "accesstoken" ? AuthenticationMethod.accessToken : AuthenticationMethod.personalAccessToken)
+                authenticationMethod: (q.authenticationMethod.toLowerCase() === "accesstoken" ? AuthenticationMethod.accessToken : AuthenticationMethod.personalAccessToken),
+                readOnly: true
             });
         }
         if (q.authenticationMethod.toLowerCase() === "accesstoken") {

src/commands/NewAttributeSearchConfigCommand.ts

@@ -34,7 +34,7 @@ export class NewAttributeSearchConfigCommand {
 
         // if the command is called from the Tree View
         if (node !== undefined && node instanceof SearchAttributesTreeItem) {
-            context["tenant"] = await this.tenantService.getTenant(node.tenantId);
+            context["tenant"] = this.tenantService.getTenant(node.tenantId);
         }
 
         let client: ISCClient | undefined = undefined;

src/commands/access-profile/NewAccessProfileCommand.ts

@@ -37,7 +37,7 @@ export class NewAccessProfileCommand {
         const context: WizardContext = {};
         // if the command is called from the Tree View
         if (accessProfilesTreeItem !== undefined && accessProfilesTreeItem instanceof AccessProfilesTreeItem) {
-            context["tenant"] = await this.tenantService.getTenant(accessProfilesTreeItem.tenantId);
+            context["tenant"] = this.tenantService.getTenant(accessProfilesTreeItem.tenantId);
         }
 
         let client: ISCClient | undefined = undefined;

src/commands/addTenant.ts

@@ -80,7 +80,8 @@ export class AddTenantCommand {
             id: tenantId,
             name: displayName,
             tenantName: normalizedTenantName,
-            authenticationMethod: authMethod
+            authenticationMethod: authMethod,
+            readOnly: true
         });
         try {
             const session: vscode.AuthenticationSession = await vscode.authentication.getSession(

src/commands/constants.ts

@@ -1,9 +1,12 @@
 const COMMAND_PREFIX = 'vscode-sailpoint-identitynow';
 export const OPEN_RESOURCE = `${COMMAND_PREFIX}.open-resource`;
 export const REMOVE_RESOURCE = `${COMMAND_PREFIX}.remove-resource`;
+export const MODIFIED_RESOURCE = `${COMMAND_PREFIX}.modified-resource`;
 export const REFRESH_FORCED = `${COMMAND_PREFIX}.refresh-forced`;
 export const REFRESH = `${COMMAND_PREFIX}.refresh`;
 export const ADD_TENANT = `${COMMAND_PREFIX}.add-tenant`;
+export const TENANT_SET_READONLY = `${COMMAND_PREFIX}.tenant.set-readonly`;
+export const TENANT_SET_WRITABLE = `${COMMAND_PREFIX}.tenant.set-writable`;
 export const RENAME_TENANT = `${COMMAND_PREFIX}.rename-tenant`;
 export const REMOVE_TENANT = `${COMMAND_PREFIX}.remove-tenant`;
 export const EXPORT_CONFIG_VIEW = `${COMMAND_PREFIX}.export-config.view`;

src/commands/renameTenant.ts

@@ -23,7 +23,7 @@ export class RenameTenantCommand {
         if (isEmpty(displayName)) {
             return;
         }
-        const tenantInfo = await this.tenantService.getTenant(node.tenantId);
+        const tenantInfo = this.tenantService.getTenant(node.tenantId);
         if (tenantInfo) {
             tenantInfo.name = displayName;
             await this.tenantService.setTenant(tenantInfo);

src/commands/role/NewRoleCommand.ts

@@ -44,7 +44,7 @@ export class NewRoleCommand {
 
         // if the command is called from the Tree View
         if (rolesTreeItem !== undefined && rolesTreeItem instanceof RolesTreeItem) {
-            context["tenant"] = await this.tenantService.getTenant(rolesTreeItem.tenantId);
+            context["tenant"] = this.tenantService.getTenant(rolesTreeItem.tenantId);
         }
 
         let client: ISCClient | undefined = undefined;

src/commands/source/CloneSourceCommand.ts

@@ -96,7 +96,7 @@ export class CloneSourceCommand {
 
         // if the command is called from the Tree View
         if (node !== undefined && node instanceof SourceTreeItem) {
-            context["tenant"] = await this.tenantService.getTenant(node.tenantId);
+            context["tenant"] = this.tenantService.getTenant(node.tenantId);
             context["source"] = {
                 id: node.id!,
                 name: node.label!

src/commands/source/PeekSourceCommand.ts

@@ -31,7 +31,7 @@ export class PeekSourceCommand {
 
         // if the command is called from the Tree View
         if (node !== undefined && node instanceof SourceTreeItem) {
-            context["tenant"] = await this.tenantService.getTenant(node.tenantId);
+            context["tenant"] = this.tenantService.getTenant(node.tenantId);
             context["source"] = {
                 id: node.id!,
                 name: node.label!

src/commands/source/PingClusterCommand.ts

@@ -25,7 +25,7 @@ export class PingClusterCommand {
 
         // if the command is called from the Tree View
         if (node !== undefined && node instanceof SourceTreeItem) {
-            context["tenant"] = await this.tenantService.getTenant(node.tenantId);
+            context["tenant"] = this.tenantService.getTenant(node.tenantId);
             context["source"] = {
                 id: node.id!,
                 name: node.label!

src/commands/source/TestConnectionCommand.ts

@@ -25,7 +25,7 @@ export class TestConnectionCommand {
 
         // if the command is called from the Tree View
         if (node !== undefined && node instanceof SourceTreeItem) {
-            context["tenant"] = await this.tenantService.getTenant(node.tenantId);
+            context["tenant"] = this.tenantService.getTenant(node.tenantId);
             context["source"] = {
                 id: node.id!,
                 name: node.label!

src/commands/tenant/generateDigitTokenCommand.ts

@@ -18,7 +18,7 @@ export class GenerateDigitTokenCommand {
 
         // if the command is called from the Tree View
         if (node !== undefined && node instanceof TenantTreeItem) {
-            context["tenant"] = await this.tenantService.getTenant(node.tenantId);
+            context["tenant"] = this.tenantService.getTenant(node.tenantId);
         }
         let client: ISCClient | undefined = undefined;
 

src/commands/tenant/tenantReadOnlyConfigCommand.ts

@@ -0,0 +1,43 @@
+import { TenantTreeItem } from "../../models/ISCTreeItem";
+import * as vscode from 'vscode';
+import * as commands from '../constants';
+import { TenantService } from "../../services/TenantService";
+
+export class TenantReadOnlyConfigCommand {
+
+    constructor(private readonly tenantService: TenantService) {
+
+    }
+
+    public async setReadOnly(node: TenantTreeItem): Promise<void> {
+        console.log("> TenantReadOnlyConfigCommand.setReadOnly", node);
+        await this.updateReadonly(node, true)
+    }
+
+    public async setWritable(node: TenantTreeItem): Promise<void> {
+        console.log("> TenantReadOnlyConfigCommand.setWritable", node);
+        await this.updateReadonly(node, false)
+    }
+
+    private async updateReadonly(node: TenantTreeItem, readOnly: boolean): Promise<void> {
+        const tenantInfo = this.tenantService.getTenant(node.tenantId)
+        tenantInfo.readOnly = readOnly
+        this.tenantService.setTenant(tenantInfo)
+
+        // force refresh to update icon
+        await vscode.commands.executeCommand(commands.REFRESH_FORCED);
+
+        const uris = vscode.window.tabGroups?.all?.
+            flatMap(tabGroup => tabGroup.tabs)?.
+            map(tab => tab.input).
+            map(input => typeof input === 'object' && input !== null && 'uri' in input ? input.uri : undefined)
+            .filter(Boolean)
+            .filter((uri: vscode.Uri) => uri.authority === tenantInfo.tenantName)
+        console.log(uris);
+
+        if (uris && uris.length > 0) {
+            await vscode.commands.executeCommand(commands.MODIFIED_RESOURCE, uris);
+        }
+
+    }
+}

src/extension.ts

@@ -62,6 +62,7 @@ import { onErrorResponse, onRequest, onResponse } from './services/AxiosHandlers
 import axios from 'axios';
 import { OpenScriptCommand } from './commands/rule/openScriptCommand';
 import { IdentityTreeViewCommand } from './commands/identity/IdentityTreeViewCommand';
+import { TenantReadOnlyConfigCommand } from './commands/tenant/tenantReadOnlyConfigCommand';
 
 // this method is called when your extension is activated
 // your extension is activated the very first time the command is executed
@@ -153,6 +154,15 @@ export function activate(context: vscode.ExtensionContext) {
 		vscode.commands.registerCommand(commands.RESET_SOURCE_ENTITLEMENTS,
 			(tenantTreeItem) => treeManager.resetEntitlements(tenantTreeItem)));
 	const testConnectionCommand = new TestConnectionCommand(tenantService);
+
+	const tenantReadOnlyConfigCommand = new TenantReadOnlyConfigCommand(tenantService)
+	context.subscriptions.push(
+		vscode.commands.registerCommand(commands.TENANT_SET_READONLY,
+			tenantReadOnlyConfigCommand.setReadOnly, tenantReadOnlyConfigCommand))
+	context.subscriptions.push(
+		vscode.commands.registerCommand(commands.TENANT_SET_WRITABLE,
+			tenantReadOnlyConfigCommand.setWritable, tenantReadOnlyConfigCommand))
+
 	context.subscriptions.push(
 		vscode.commands.registerCommand(commands.TEST_SOURCE,
 			testConnectionCommand.execute, testConnectionCommand));
@@ -290,12 +300,15 @@ export function activate(context: vscode.ExtensionContext) {
 		vscode.commands.registerCommand(commands.IMPORT_CONFIG_VIEW,
 			treeviewImporterCommand.execute, treeviewImporterCommand));
 
+	const iscClientResourceProvider = new ISCResourceProvider(tenantService)
 	context.subscriptions.push(
 		vscode.workspace.registerFileSystemProvider(
 			URL_PREFIX,
-			new ISCResourceProvider(tenantService)
+			iscClientResourceProvider
 		));
-
+	context.subscriptions.push(
+		vscode.commands.registerCommand(commands.MODIFIED_RESOURCE,
+			iscClientResourceProvider.triggerModified, iscClientResourceProvider));
 	const newTransformCommand = new NewTransformCommand();
 	context.subscriptions.push(
 		vscode.commands.registerCommand(commands.NEW_TRANSFORM,

src/files/ISCResourceProvider.ts

@@ -43,14 +43,16 @@ export class ISCResourceProvider implements FileSystemProvider {
 		const data = await this.lookupResource(uri);
 		const id = getIdByUri(uri);
 		const resourcePath = getPathByUri(uri);
-		// const isFile = this.isUUID(id);
+		const tenantName = uri.authority;
+		const tenantInfo = await this.tenantService.getTenantByTenantName(tenantName)
+		const isReadOnly = tenantInfo && tenantInfo.readOnly
 		const isFile = id !== "provisioning-policies" && id !== "schemas";
 		return {
 			type: (isFile ? FileType.File : FileType.Directory),
 			ctime: toTimestamp(data.created),
 			mtime: toTimestamp(data.modified),
 			size: convertToText(data).length,
-			permissions: resourcePath.match("identities") ? vscode.FilePermission.Readonly : null
+			permissions: isReadOnly || resourcePath.match("identities") ? vscode.FilePermission.Readonly : null
 		};
 	}
 	readDirectory(
@@ -102,7 +104,7 @@ export class ISCResourceProvider implements FileSystemProvider {
 				null,
 				true
 			);
-			if (response.data.length ===1 ) {
+			if (response.data.length === 1) {
 				data = response.data[0]
 			}
 		} else {
@@ -132,6 +134,13 @@ export class ISCResourceProvider implements FileSystemProvider {
 		const tenantInfo = await this.tenantService.getTenantByTenantName(
 			tenantName
 		);
+
+		// Additional check just in case
+		if (tenantInfo.readOnly) {
+			throw new Error("Tenant is read-only");
+
+		}
+
 		const client = new ISCClient(tenantInfo?.id ?? "", tenantName);
 		let data = uint8Array2Str(content);
 
@@ -274,11 +283,21 @@ export class ISCResourceProvider implements FileSystemProvider {
 	delete(uri: Uri, options: { recursive: boolean }): void | Thenable<void> {
 		throw new Error("Method delete not implemented.");
 	}
+
 	rename(
 		oldUri: Uri,
 		newUri: Uri,
 		options: { overwrite: boolean }
 	): void | Thenable<void> {
 		throw new Error("Method rename not implemented.");
 	}
+
+	public triggerModified(uris: vscode.Uri | vscode.Uri[]) {
+		if (uris === undefined) { return }
+
+		if (!Array.isArray(uris)) {
+			uris = [uris]
+		}
+		uris.forEach(uri => this._emitter.fire([{ type: vscode.FileChangeType.Changed, uri }]), this)
+	}
 }