SshKeyAuthenticators

COmanage · Nov 30, 2025 · 24d5d20 · 24d5d20
1 parent f6d7f51
commit 24d5d20
Show file tree

Hide file tree

Showing 2 changed files with 79 additions and 3 deletions.
diff --git a/app/plugins/Transmogrify/config/schema/tables.json b/app/plugins/Transmogrify/config/schema/tables.json
@@ -366,7 +366,12 @@
         },
         "addChangelog": true
     },
-
+    "ssh_key_authenticators": {
+        "source": "cm_ssh_key_authenticators",
+        "displayField": "id",
+        "cache": ["authenticator_id"],
+        "addChangelog": true
+    },
     "__NOTES__": "DATA MIGRATIONS",
     "authentication_events": {
         "source": "cm_authentication_events",
@@ -394,6 +399,14 @@
         },
         "addChangelog": true
     },
+    "ssh_keys": {
+        "source": "cm_ssh_keys",
+        "displayField": "comment",
+        "cache": ["person_id", "ssh_key_authenticator_id"],
+        "fieldMap": {
+            "co_person_id": "person_id"
+        }
+    },
     "person_roles": {
         "source": "cm_co_person_roles",
         "sqlSelect": "roleSqlSelect",
@@ -599,6 +612,7 @@
             "co_person_role_id": "person_role_id",
             "co_group_id": "group_id",
             "org_identity_id": "external_identity_id",
+            "action": "&mapHistoryAction",
             "co_email_list_id": null,
             "co_service_id": null
         }

diff --git a/app/plugins/Transmogrify/src/Lib/Traits/ActionCodeMapperTrait.php b/app/plugins/Transmogrify/src/Lib/Traits/ActionCodeMapperTrait.php
@@ -30,6 +30,8 @@
 
 namespace Transmogrify\Lib\Traits;
 
+use SshKeyAuthenticator\Lib\Enum\SshKeyActionEnum;
+
 trait ActionCodeMapperTrait
 {
   /**
@@ -131,11 +133,25 @@ trait ActionCodeMapperTrait
     'DNAM' => 'DMVE', // NameDeleted  -> MVEADeleted
   ];
 
+  /**
+   * Legacy SSH key history actions that should be normalized to SSHU.
+   *
+   * Keys are incoming v4 history action codes, values are the v5 code.
+   *
+   * @var array<string,string>
+   */
+  protected const HISTORY_ACTION_SSH_MAP = [
+    // Legacy SSH key events that no longer exist as separate actions
+    'SSHA'                         => SshKeyActionEnum::SshKeyUploaded, // Added -> Uploaded
+    'SSHE'                         => SshKeyActionEnum::SshKeyUploaded, // Edited -> Uploaded
+  ];
+
+
   /**
    * Map a v4 ActionEnum right-hand code to v5.
    *
    * Returns:
-   * - enum: 'ActionEnum' | 'PetitionActionEnum' | null
+   * - enum: 'ActionEnum' | 'PetitionActionEnum' | 'SshKeyActionEnum' | null
    * - code: string|null
    *
    * When enum is null, there is no v5 equivalent; callers can log/skip.
@@ -148,25 +164,40 @@ protected function mapActionCode(string $v4Code, bool $enableOpinionated = false
   {
     $key = strtoupper(trim($v4Code));
 
+    if ($key === '') {
+      return ['enum' => null, 'code' => null];
+    }
+
+    // 1) Direct ActionEnum mappings (same code)
     if (isset(self::ACTION_CODE_DIRECT_MAP[$key])) {
       return ['enum' => 'ActionEnum', 'code' => self::ACTION_CODE_DIRECT_MAP[$key]];
     }
 
+    // 2) Renamed ActionEnum mappings
     if (isset(self::ACTION_CODE_RENAMED_MAP[$key])) {
       return ['enum' => 'ActionEnum', 'code' => self::ACTION_CODE_RENAMED_MAP[$key]];
     }
 
+    // 3) PetitionActionEnum mappings
     if (isset(self::ACTION_CODE_PETITION_MAP[$key])) {
       return ['enum' => 'PetitionActionEnum', 'code' => self::ACTION_CODE_PETITION_MAP[$key]];
     }
 
+    // 4) Optional/opinionated ActionEnum mappings
     if ($enableOpinionated && isset(self::ACTION_CODE_OPTIONAL_OPINIONATED_MAP[$key])) {
       return ['enum' => 'ActionEnum', 'code' => self::ACTION_CODE_OPTIONAL_OPINIONATED_MAP[$key]];
     }
 
+    // 5) Legacy SSH key actions (SSHA/SSHE) normalized to SSHU in SshKeyActionEnum
+    if (isset(self::HISTORY_ACTION_SSH_MAP[$key])) {
+      return ['enum' => 'SshKeyActionEnum', 'code' => self::HISTORY_ACTION_SSH_MAP[$key]];
+    }
+
+    // No known mapping
     return ['enum' => null, 'code' => null];
   }
 
+
   /**
    * Convenience: map from a row array. Tries 'action' first, then 'action_code'.
    *
@@ -189,9 +220,40 @@ protected function mapActionFromRow(array $row, bool $enableOpinionated = false)
     return $this->mapActionCode($code, $enableOpinionated);
   }
 
+
+  /**
+   * Map an SSH key history action to the current action code.
+   *
+   * Uses mapActionCode() so that legacy actions are normalized.
+   * For all other actions, returns the original action value unchanged.
+   *
+   * @param array $row Row data containing an 'action' key
+   * @return string|null Mapped action code or null if not set
+   */
+  protected function mapHistoryAction(array $row): ?string
+  {
+    if (!isset($row['action']) || !is_string($row['action'])) {
+      return null;
+    }
+
+    $action = (string)$row['action'];
+
+    // Delegate to the generic mapper
+    $mapped = $this->mapActionCode($action);
+
+    // If this is one of the SSH key legacy actions, use the mapped SSH key code
+    if ($mapped['enum'] !== null && $mapped['code'] !== null) {
+      return $mapped['code'];
+    }
+
+    // Otherwise, return the original action unchanged
+    return $action;
+  }
+
+
   /**
    * Map a cm_co_notifications row’s action code to a v5 ActionEnum code.
-   * For notifications we only accept ActionEnum; PetitionActionEnum mappings return null.
+   * For the notifications we only accept ActionEnum; PetitionActionEnum mappings return null.
    */
   protected function mapNotificationAction(array $row): ?string
   {