IIQ Console for testing Provisioning Rule - IIQ 8.2

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

I would like to test a jdbc provisioning rule logic from the IIQ console. I was trying to pass the plan in as an xml object. Is this possible? Can anyone supply me with a working example?
Below code is non working snippets intended for demo purposes.

IIQ Console prompt> rule myProvisioniningRule “c:\Plan.xml”

Hello World
exit

MyProvioningRule.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule created="" id="language="beanshell" modified="1682545276046" name=" myProvisioniningRule " type="JDBCProvision">
<Inputs>
…..   THE STANDARD INPUTS for a connector Provision Rule
</Inputs>
 
<Source>
     if(plan != null) {
            List accounts = plan.getAccountRequests();
            for (AccountRequest accReq: accounts) {             
                    if (accReq != null &amp;&amp; AccountRequest.Operation.Create.equals(accReq.getOperation())) {
                              System.out.println( “Hello World”);
                   }
            }
     }
</Source>
 
Plan.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ProvisioningPlan PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<plan>
  <AccountRequest application="MB_DELIMITED_APP" nativeIdentity="ABERGERON" op="Modify">
                <AttributeRequest name="Create" op="Set" value="true"/>
                <ProvisioningResult status="committed">
                                <Warnings>
                                <Message key="Native identity is neither present in the plan nor in the response" type="Warn"/>
                                </Warnings>
                </ProvisioningResult>
                
  </AccountRequest>
</plan>
2

The easier way to test this would be to use the provision console command, which has the following syntax:

> provision
usage: provision [<identity>] <planfile>

The identity argument is technically optional, and if provided, can be somewhat arbitrary - I’ve often used provision spadmin plan.xml for that command.

This will run the referenced plan through the full provisioning process (including all provisioning rules), and allows you to provide the plan XML that you already have.

Helpful hint #1 - to more easily re-use the same plan XML, I’ll often deliberately throw and exception in my rule to prevent the ACTUAL provisioning from executing. This allows me to make code changes and debug more easily. You can do this by adding a line like this before the rule exits: throw new Exception("Forcing to fail for testing purposes...");

Helpful hint #2 - Open the console using the -j flag to enable j-line. This enables the console to remember command history just like a normal command prompt, so you can repeat the same command by pressing the up arrow on your keyboard.

1 Like
3

I will try. THANK YOU FOR YOUR EXCELLENT RESPONSE!

1 Like