Role based user provisioning improvements

[sadilchamishka]

Proposed changes in this pull request

$subject

Related Issues

• Role based outbound provisioning not triggered via assigning roles/groups through console app product-is#11394

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 105 lines in your changes missing coverage. Please review.

Please upload report for BASE (master@f1e53c8). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
...isioning/listener/ProvisioningRoleMgtListener.java	0.00%	43 Missing ⚠️
...tity/provisioning/OutboundProvisioningManager.java	0.00%	36 Missing ⚠️
...ng/internal/IdentityProvisionServiceComponent.java	0.00%	13 Missing ⚠️
...ioning/internal/ProvisioningServiceDataHolder.java	0.00%	6 Missing ⚠️
...carbon/identity/provisioning/ProvisioningUtil.java	0.00%	4 Missing ⚠️
...stener/DefaultInboundUserProvisioningListener.java	0.00%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##             master    #5915   +/-   ##
=========================================
  Coverage          ?   21.05%           
  Complexity        ?     5626           
=========================================
  Files             ?     1562           
  Lines             ?    99299           
  Branches          ?    15202           
=========================================
  Hits              ?    20904           
  Misses            ?    75374           
  Partials          ?     3021           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/10713577446

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/10713577446
Status: success

[jenkins-is-staging]

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/10713577446

[IsuraD]

Shouldn't this be backwards compatible?

[sadilchamishka]

Before IS 7.0 all the roles are organization audience roles. Hence previous roles and new roles created with organization audience role can be used for role base outbound provisioning.

The new type of role which is application audience roles came with IS 7.0. How to handle the role based provisioning for those types of roles should be analyzed due to below concerns.

• Role name are not unique hence we have to register role uuid or role prefixed with its corresponding app name
• As outbound provisioning is organization wide config by default (we can configure app wise also), the use cases of having application roles for role based outbound provisioning required to be analyzed.

Due to above concerns, outbound provisioning for application audience is not given at first phase.

Hope the explanation is clear enough, please raise if there any concerns. Here backward compatibility is preserved as here the application roles means not the Application/<role-name> role type had in previous IS versions.