Hi all,
As we know, IdentityIQ provides OOTB mechanism to get export of all the managed attributes from entitlement catalog section. However, there we get properties and description of managed attributes in separate file, then we have to merge them to create one. To reduce that work and for the users who will have right to run tasks only, have developed this rule and a custom task which can be used to easily achieve the task.
Here we will get separate files (CSV) with application names. In the custom task, user can select the application name from the drop down for which export is required and has to provide location where exports will be saved.
This rule will access the application name and the file location from the task. Then will take export with properties and description and create separate files and save in the given location.
Here is the rule:
import java.lang.Exception;
import java.util.List;
import java.io.FileWriter;
import java.io.File;
import java.io.BufferedWriter;
import java.util.Arrays;
import sailpoint.object.QueryOptions;
import sailpoint.object.Filter;
import sailpoint.object.Application;
import sailpoint.object.ManagedAttribute;
import sailpoint.object.Custom;
import sailpoint.tools.GeneralException;
import sailpoint.object.TaskDefinition;
import org.apache.log4j.Logger;
String message = "";
Logger logger = Logger.getLogger("sailpoint.rule.managedAttributeExport");
logger.debug("---------Entering Managed Attribute Export Rule--------");
String filePath = config.get("path").toString();
//Method for creating CSV export files
public void createExportFile(String appName, String column){
FileWriter fw = new FileWriter(new File(filePath + appName + "-ManagedAttribute.csv"));
BufferedWriter bw = new BufferedWriter(fw);
logger.debug("Export Created for application : " + appName);
bw.write(column);
bw.close();
}
try{
//Gets the TaskDefinition object to access arguments
TaskDefinition taskDefinition = context.getObjectByName(TaskDefinition.class, "Custom Run Rule");
if(taskDefinition==null){
logger.error("TaskDefinition object :: TaskDefinition is not found");
throw new GeneralException("TaskDefinition object :: TaskDefinition is not found");
}else{
System.out.println(taskDefinition.getArgument("applications"));
String[] applicationsForExport = taskDefinition.getArgument("applications").split(",");
if(!(applicationsForExport.length>0)){
logger.error("No Application names given in the Task");
throw new GeneralException("No Application names given in the Task");
}else{
for(String appName : applicationsForExport){
if(context.getObjectByName(Application.class,appName.trim())==null){
logger.error("Application: " + appName.trim() + " does not exists in current system");
//throw new GeneralException("Application: " + appName.trim() + " does not exists in current system");
}else{
//gets list of all the managed attribute for the given application
List managedAttributes = context.getObjects(ManagedAttribute.class, new QueryOptions().addFilter(Filter.eq("application.name",appName.trim())));
if(managedAttributes.isEmpty()){
logger.info("Application: " + appName.trim() + " does not contain any managed attributes");
}else{
//creates file contain
String column = "# attribute, value, displayName, owner, requestable, en_US" + "\n";
column += "# application=" + appName.trim() + "\n";
for(ManagedAttribute entitlement : managedAttributes){
String attribute = entitlement.getAttribute();
String value = entitlement.getValue();
String displayName = entitlement.getDisplayName()!=null? entitlement.getDisplayName() : "";
String owner = entitlement.getOwner()!=null ? entitlement.getOwner().getName() : "";
boolean requestable = entitlement.isRequestable();
String description = entitlement.getDescription("en_US")!=null ? entitlement.getDescription("en_US") : "";
column += attribute + "," + value + "," + displayName + "," + owner + "," + requestable + "," + description + "\n";
}
//calls method to write in file
createExportFile(appName.trim(),column);
}
}
}
}
}
}catch(Exception ex){
logger.error("Exception occured :: " + ex.getMessage());
logger.debug("---------Exiting Managed Attribute Export Rule with Errors--------");
}
logger.debug("---------Exiting Managed Attribute Export Rule--------");
and here is the custom task:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<TaskDefinition executor="sailpoint.task.RuleExecutor" name="Custom Run Rule" resultAction="Delete" subType="task_item_type_generic" type="Generic">
<Description>Custom task for taking Managed attribute export</Description>
<Signature>
<Inputs>
<Argument helpKey="help_task_select_apps" multi="true" name="applications" required="true" type="Application">
<Prompt>task_in_account_aggregation_applications</Prompt>
</Argument>
<Argument helpKey="help_task_run_rule_rule" name="ruleName" type="Rule">
<Prompt>label_rule</Prompt>
</Argument>
<Argument helpKey="help_task_run_rule_ruleconfig" name="ruleConfig" required="true" type="string">
<Prompt>label_rule_config</Prompt>
</Argument>
</Inputs>
</Signature>
</TaskDefinition>
Regards,
Subhajit
Has anyone used this? I have it working however, we would like to adjust the file so it looks like what we would import into entitlement catalog. Right now when we run the export process in Prod, it errors. So I am building this in our development environment. However the file is not as helpful as pulling it out of the entitlement catalog. Any help would be appreciated.