Hi,
I am implementing an access request workflow and need some input on the below requirements-
1- Is there a way to fetch the whole payload which is coming as part of external trigger. Want to send the whole json request in the mail in case of failure.
2- For the manage access, I am successfully able to add and revoke the entitlement, however I want to verify if the request is successful or not which is not working as expected. Please see below workflow-
So once the Manage Access request happens, I am putting a Wait, so that if there is any issue with access provision(or revoke), it should go to the failed side. I am simulating this scenario by failing the source Test Connection. Now, what is happening the outcome is intermittent like sometimes it gives failure but mostly going with success even though the access is not added. Is there a way to implement this?
Also, I am trying to capture the error when it fails, but I don’t see any status or error field in the manage access result.
{“displayName”:“Manage Access”,“result”:{“failedAccessRequests”:,“successfulAccessRequests”:},“stepName”:“manageAccess”,“task”:“sp:access:manage”}
And, is there a way to get the workflow execution id inside the workflow ?
Any help is much appreciated.
Have you tried using $.trigger variable to get the whole payload.?
Try using $.manageAccess.failedAccessRequests in your compare operator. If TRUE, then send Failure email.
Alternatively, you can try using an HTTP action to Add/Revoke entitlements with the Access request API and then use the $.hTTPRequest.statusCode to check the request status. You may need to use a loop in that case. This will give you the response body as well.
Have you tried using $.trigger variable to get the whole payload.?- Yes I did try that, but it was giving value inside the map, I was hoping like exactly the payload request.
Payload Request- {
“entitlement”:“ABC”,
“operation”:“GRANT”
}
$.trigger output-
map[entitlement:ABC operation:GRANT]
It’s not a big thing but as I am sending it over the mail, thought of having the same pattern.
2- 1. Try using $.manageAccess.failedAccessRequests in your compare operator. If TRUE, then send Failure email. ----------------It is just the same what I am trying with $.manageAccess.successfulAccessRequests. If true, then success mail else failure mail and like I mentioned it is intermittent. So not sure, what difference will it make?
HttpRequest is definitely other option but I was hoping to achieve it using Manage Access as the earlier one involves looping which gets tricky to handle.
$.manageAccess.failedAccessRequests → if there is a success and a failure, you would get an output as TRUE which would correctly send out the failure email $.manageAccess.successfulAccessRequests → if there is a success and a failure, you would get an output as TRUE which would not send out the email
Hi Jevin,
The problem is even when the access is not provisioned, successfulAccessRequests field is getting populated and not the failedAccessRequests[], so I think it does not matter if I change it to failedAccessRequests
@jesvin90 provided the correct answer. You will use $.trigger to get the whole trigger payload. However, it will not be represented as JSON, but as a Golang map. There is no way to convert this to a pretty JSON output at this time.
Manage access uses the access request API to submit access requests. This is an asynchronous API that can take an unspecified amount of time to complete. Using a wait operator may work sometimes, depending on how fast the request can complete. For a more robust solution, I recommend creating a separate workflow to track provisioning completed events. This will be a much better signal when access has finished provisioning.
Thanks @colin_mckibben for the response, will try the separate workflow thing.
Also, can you help with the below points-
1- Is there a way to get the workflow execution id inside the workflow ?
2- How to check empty string. for eg if the payload has an attribute operation and it just contains double quotes. I believe it is treated a string and not null value, so is there way to put validation over such case
{
“operation”:“”
}
To keep this topic succinct, can you please open separate topics for your other questions? That way we can more focused conversations for your questions and allow others the opportunity to answer.
