I am in the process of trying to add Provisioning to an existing JDBC source, and I was trying to piece together resources from documentation, community posts, etc. Maybe it’s a “me” problem, but I was really having a hard time finding a comprehensive example that includes all the required pieces.
I am of course asking for help in my specific circumstance, but it seems like if someone wanted to write a blog on the steps in the Community Blog, it would be a helpful resource for others like me who are trying to learn.
So far, the pieces that I have are
An existing JDBC source with defined account and entitlement schemas. It essentially serves as a “read-only” source
SQL queries for performing the following operations: Create account, Modify/Provision access, enable/disable account
The rule creation process is kinda straightforward… I’ve been using the JDBC Provisioning Rule documentation page and the example rule and essentially putting my specific SQL queries in their respective parts of the rule script.
Here are some things I’ve struggled with when getting this rule created
In using the create-connector-rule API, it’s not exactly clear what I’m supposed to put for the inputs/outputs portion of the signature property. I found another example buried in a compass post, but I’m not actually sure it’s correct.
It seems you should be able to reference identity attributes when writing these rules, but I haven’t been able to piece that together from my research. In my use case, I specifically need the uid identity attribute. Would that be the same thing as account.getNativeIdentity()? I’m really not sure
There are two different entitlement types involved in my current source. I assume in when the example rule uses account.getAttributeRequest(“role”), that means there is an entitlement type called role, correct?
Formatting your script to put it in the API call. I found this tool that seems to help, but there isn’t anything in the documentation or examples that’s like "HEY BTW you’ll need to reformat this script a certain way once you write it to get it uploaded
You can not reverence any attributes that are not in the plan. The Connector Rules do not have access to “Atlas” or the backend of the system. If you need access to them, you need to pass them in with a Before Provisioning Cloud Rule, either as attribute Requests or as Arguements. I’ll have to look for the example of these in the code. Alternately, you could call a select statement in the your Connector Rule to pull the data from the source tables themselves if you need them. Both method have their pluses and minuses.
When you receive an entitlement request, the Request will be for the field marked as Entitlement in your code, so you won’t need to know which type it is.
I’ll add a little more to what @gmilunich replied with.
Technically, the signature does not mean anything. It’s just informational so you know what inputs you have to work with and what you need to return. The developer doc page for JDBC rules has the inputs and output in an HTML table, so that is technically your signature, but unfortunately their example is still in XML as opposed to JSON so it’s not easily translatable, and even their XML example does not have the signature included. If you use the VSCode extension to create the rule, it has a template rule which has the signature set up, so that is more helpful than the documentation at the moment.
I have a working rule now, and I was planning on putting together a blog post on BASIC rule creation and the tools needed to get started. Hopefully I will have some time to write it next week, then I will link it here.
