6525036 Super Contributor.
Super Contributor.
258 views

Regex DN matching woes

I'm feeling abit stupid here, but I simply cannot see what the problem is:

The following code, should in my opinion match, and thus set the local variable lOK to "false".
But it does not..... why oh why, here is the rule:

<do-for-each>
<arg-node-set>
<token-src-attr name="nrfAssociatedRoles"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lcurrChild" scope="policy">
<arg-node-set>
<token-query datastore="src">
<arg-dn>
<token-xpath expression="$current-node/component[@name='volume']/text()"/>
</arg-dn>
</token-query>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-local-variable name="lcurrChild"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lOK" scope="policy">
<arg-string>
<token-text xml:space="preserve">true</token-text>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lCurrentRole" scope="policy">
<arg-string>
<token-xpath expression="$current-node/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-global-variable name="drv.except"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lContainer" scope="policy">
<arg-string>
<token-xpath expression='$current-node/definition[@name="container"]/value/text()'/>
</arg-string>
</do-set-local-variable>
<do-if>
<arg-conditions>
<and>
<if-local-variable mode="regex" name="lCurrentRole" op="equal">.*$lContainer$.*</if-local-variable>
</and>
</arg-conditions>
<arg-actions>
<do-set-local-variable name="lOK" scope="policy">
<arg-string>
<token-text xml:space="preserve">false</token-text>
</arg-string>
</do-set-local-variable>
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
</do-for-each>
<do-if>
<arg-conditions>
<and>
<if-local-variable mode="nocase" name="lOK" op="equal">true</if-local-variable>
</and>
</arg-conditions>
<arg-actions>
<do-set-local-variable name="lAssignments" scope="policy">
<arg-string>
<token-local-variable name="lAssignments"/>
<token-parse-dn dest-dn-format="ldap" src-dn-format="qualified-slash">
<token-xpath expression="$current-node/@qualified-src-dn"/>
</token-parse-dn>
<token-text xml:space="preserve">|</token-text>
</arg-string>
</do-set-local-variable>
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
</do-for-each>
</arg-actions>
</do-for-each>


And here is the relevant portion of the trace:

Action: do-set-local-variable("lOK",scope="policy","true").
arg-string("true")
token-text("true")
Arg Value: "true".
Action: do-set-local-variable("lCurrentRole",scope="policy",token-xpath("$current-node/@src-dn")).
arg-string(token-xpath("$current-node/@src-dn"))
token-xpath("$current-node/@src-dn")
Token Value: "\BLACKPILL\system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation\Struct\Dept\956e45e0-b465-ce28-5ee0-c54a6ae8229e".
Arg Value: "\BLACKPILL\system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation\Struct\Dept\956e45e0-b465-ce28-5ee0-c54a6ae8229e".
Action: do-for-each(arg-node-set(token-global-variable("drv.except"))).
arg-node-set(token-global-variable("drv.except"))
token-global-variable("drv.except")
Token Value: {<instance>}.
Arg Value: {<instance>}.
Performing actions for local-variable(current-node) = <instance>.
Action: do-set-local-variable("lContainer",scope="policy",token-xpath("$current-node/definition[@name="container"]/value/text()")).
arg-string(token-xpath("$current-node/definition[@name="container"]/value/text()"))
token-xpath("$current-node/definition[@name="container"]/value/text()")
Token Value: "system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation".
Arg Value: "system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation".
Action: do-if().
Evaluating conditions.
Expanded variable reference '$lContainer$' to 'system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation'.
(if-local-variable 'lCurrentRole' match ".*$lContainer$.*") = FALSE.
Performing else actions.
Action: do-if().
Evaluating conditions.
(if-local-variable 'lOK' equal "true") = TRUE.


Why does it not match? Anyone?

-Nicolai
Labels (1)
Tags (3)
0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: Regex DN matching woes

6525036 wrote:

> Expanded variable reference '$lContainer$' to 'system\driverset1\User
> Application
> Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation'.
> (if-local-variable 'lCurrentRole' match ".*$lContainer$.*") = FALSE.


Probably because the backslashes in your expanded variable value are no literal
backslashes in a regex context but an escape char. You'd have to escape them
with another backslash for the regex to match.

Why don't you use if-xpath with:

contains($lCurrentRole, $lContainer)

or even more reliable:

starts-with($lCurrentRole, concat('\',$dirxml.auto.treename,'\',$lContainer))

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
6525036 Super Contributor.
Super Contributor.

Re: Regex DN matching woes

Nothing short of brilliant.
Thanks a lot.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Regex DN matching woes

On 4/22/2019 6:14 AM, 6525036 wrote:
>
> I'm feeling abit stupid here, but I simply cannot see what the problem
> is:
>
> The following code, should in my opinion match, and thus set the local
> variable lOK to "false".
> But it does not..... why oh why, here is the rule:
>
>
> Code:
> --------------------
> <do-for-each>
> <arg-node-set>
> <token-src-attr name="nrfAssociatedRoles"/>
> </arg-node-set>
> <arg-actions>
> <do-set-local-variable name="lcurrChild" scope="policy">
> <arg-node-set>
> <token-query datastore="src">
> <arg-dn>
> <token-xpath expression="$current-node/component[@name='volume']/text()"/>
> </arg-dn>
> </token-query>
> </arg-node-set>
> </do-set-local-variable>
> <do-for-each>
> <arg-node-set>
> <token-local-variable name="lcurrChild"/>
> </arg-node-set>
> <arg-actions>
> <do-set-local-variable name="lOK" scope="policy">
> <arg-string>
> <token-text xml:space="preserve">true</token-text>
> </arg-string>
> </do-set-local-variable>
> <do-set-local-variable name="lCurrentRole" scope="policy">
> <arg-string>
> <token-xpath expression="$current-node/@src-dn"/>
> </arg-string>
> </do-set-local-variable>
> <do-for-each>
> <arg-node-set>
> <token-global-variable name="drv.except"/>
> </arg-node-set>
> <arg-actions>
> <do-set-local-variable name="lContainer" scope="policy">
> <arg-string>
> <token-xpath expression='$current-node/definition[@name="container"]/value/text()'/>
> </arg-string>
> </do-set-local-variable>
> <do-if>
> <arg-conditions>
> <and>
> <if-local-variable mode="regex" name="lCurrentRole" op="equal">.*$lContainer$.*</if-local-variable>
> </and>
> </arg-conditions>
> <arg-actions>
> <do-set-local-variable name="lOK" scope="policy">
> <arg-string>
> <token-text xml:space="preserve">false</token-text>
> </arg-string>
> </do-set-local-variable>
> </arg-actions>
> <arg-actions/>
> </do-if>
> </arg-actions>
> </do-for-each>
> <do-if>
> <arg-conditions>
> <and>
> <if-local-variable mode="nocase" name="lOK" op="equal">true</if-local-variable>
> </and>
> </arg-conditions>
> <arg-actions>
> <do-set-local-variable name="lAssignments" scope="policy">
> <arg-string>
> <token-local-variable name="lAssignments"/>
> <token-parse-dn dest-dn-format="ldap" src-dn-format="qualified-slash">
> <token-xpath expression="$current-node/@qualified-src-dn"/>
> </token-parse-dn>
> <token-text xml:space="preserve">|</token-text>
> </arg-string>
> </do-set-local-variable>
> </arg-actions>
> <arg-actions/>
> </do-if>
> </arg-actions>
> </do-for-each>
> </arg-actions>
> </do-for-each>
> --------------------
>
>
> And here is the relevant portion of the trace:
>
>
> Code:
> --------------------
> Action: do-set-local-variable("lOK",scope="policy","true").
> arg-string("true")
> token-text("true")
> Arg Value: "true".
> Action: do-set-local-variable("lCurrentRole",scope="policy",token-xpath("$current-node/@src-dn")).
> arg-string(token-xpath("$current-node/@src-dn"))
> token-xpath("$current-node/@src-dn")
> Token Value: "\BLACKPILL\system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation\Struct\Dept\956e45e0-b465-ce28-5ee0-c54a6ae8229e".
> Arg Value: "\BLACKPILL\system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation\Struct\Dept\956e45e0-b465-ce28-5ee0-c54a6ae8229e".
> Action: do-for-each(arg-node-set(token-global-variable("drv.except"))).
> arg-node-set(token-global-variable("drv.except"))
> token-global-variable("drv.except")
> Token Value: {<instance>}.
> Arg Value: {<instance>}.
> Performing actions for local-variable(current-node) = <instance>.
> Action: do-set-local-variable("lContainer",scope="policy",token-xpath("$current-node/definition[@name="container"]/value/text()")).
> arg-string(token-xpath("$current-node/definition[@name="container"]/value/text()"))
> token-xpath("$current-node/definition[@name="container"]/value/text()")
> Token Value: "system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation".
> Arg Value: "system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation".
> Action: do-if().
> Evaluating conditions.
> Expanded variable reference '$lContainer$' to 'system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation'.
> (if-local-variable 'lCurrentRole' match ".*$lContainer$.*") = FALSE.
> Performing else actions.
> Action: do-if().
> Evaluating conditions.
> (if-local-variable 'lOK' equal "true") = TRUE.


Since you know the engine is going to return the TREE at the root ofthe
path, why not just add it with a leading backslash, for your compare?
Designer's simulator will NOT show the tree name but the engine will.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.