Hi Team,
We are trying to execute Multiple provisioning plan using before provisioning rule.
As per our requirement are trying to execute the below code :
import sailpoint.object.Identity;
import sailpoint.object.IntegrationConfig;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import sailpoint.tools.GeneralException;
import sailpoint.object.*;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AccountRequest.Operation;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.Operation;
import sailpoint.api.Provisioner;
import sailpoint.api.SailPointContext;
List allplans = new ArrayList();
if (plan != null){
Identity identity = plan.getIdentity();
if (identity != null)
{
List accountRequests = plan.getAccountRequests();
log.debug("Account requests is--" + accountRequests);
if (accountRequests != null && accountRequests.size() > 0)
{
for (AccountRequest accRequest: accountRequests)
{
if (accRequest != null)
{
if (accRequest.getNativeIdentity() != null)
{
AccountRequest.Operation op = accRequest.getOperation();
ProvisioningPlan customplan = new ProvisioningPlan();
if (op != null)
{
if (op == AccountRequest.Operation.Disable)
{
accRequest.setOperation(ProvisioningPlan.AccountRequest.Operation.Delete);
log.debug("Account requests after is--" + accountRequests);
customplan.setIdentity(identity);
customplan.add(accRequest);
allplans.add(customplan);
}
}
}
}
}
}
}
}
else{
log.error("Before Provisioning Rule - Plan is null.");
throw new GeneralException("Before Provisioning Rule - Plan is null.");
}
Provisioner provisioner = new Provisioner(context);
for(ProvisioningPlan plan : plans) {
provisioner.execute(allplans);
}
Now, while validating the rule using cloud rule validator, we are getting the below error: -
Not sure where your are executing this rule, however i have created a Test rule and with a dummy ProvisioningPlan and can see its working, please find test rule which you can test in your environment by making necessary changes to the dummy plan Object.
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule created="1745850175516" id="c0a8010195ec1eb881967cc7901c6bf4" language="beanshell" modified="1745934885446" name="Test Rule execute plan" significantModified="1745934885446" type="FieldValue">
<Description>This rule can be used to generate a field value (eg - an account name) using data from the given Identity. If this rule is run in the context of a workflow step then the arguments passed into the step will also be available. Also, any field values that have been processed so far from the policy related to the Application/Role will be available.</Description>
<Signature returnType="String">
<Inputs>
<Argument name="log" type="org.apache.commons.logging.Log">
<Description>
The log object associated with the SailPointContext.
</Description>
</Argument>
<Argument name="context" type="sailpoint.api.SailPointContext">
<Description>
A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
</Description>
</Argument>
<Argument name="identity" type="Identity">
<Description>
The Identity object that represents the user needing the field value.
</Description>
</Argument>
<Argument name="link" type="Link">
<Description>
The sailpoint.object.Link that is being acted upon. If the link is not applicable,
this value will be null.
</Description>
</Argument>
<Argument name="group" type="AccountGroupDTO">
<Description>
The sailpoint.web.group.AccountGroupDTO that is being acted upon. If the AccountGroupDTO
is not applicable, the value will be null.
</Description>
</Argument>
<Argument name="project" type="ProvisioningProject">
<Description>
The provisioning project being acted upon. If a provisioning project is not applicable,
the value will be null.
</Description>
</Argument>
<Argument name="accountRequest" type="ProvisioningPlan.AccountRequest">
<Description>
The account request. If an account request is not applicable, the value will be null.
</Description>
</Argument>
<Argument name="objectRequest" type="ProvisioningPlan.ObjectRequest">
<Description>
The object request. If an object request is not applicable, the value will be null.
</Description>
</Argument>
<Argument name="role" type="Bundle">
<Description>
The role with the template we are compiling. If the role is
not applicable, the value will be null.
</Description>
</Argument>
<Argument name="application" type="Application">
<Description>
The sailpont.object.Application with the template we are compiling. If the application
is not applicable, the value will be null.
</Description>
</Argument>
<Argument name="template" type="Template">
<Description>
The Template that contains this field.
</Description>
</Argument>
<Argument name="field" type="Field">
<Description>
The current field being computed.
</Description>
</Argument>
<Argument name="current" type="Object">
<Description>
The current value corresponding to the identity or account attribute that the field represents.
If no current value is set, this value will be null.
</Description>
</Argument>
<Argument name="operation" type="ProvisioningPlan.Operation">
<Description>
The operation being performed.
</Description>
</Argument>
</Inputs>
<Returns>
<Argument name="value">
<Description>
The string value created.
</Description>
</Argument>
</Returns>
</Signature>
<Source>
import sailpoint.object.Identity;
import sailpoint.object.IntegrationConfig;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import sailpoint.tools.GeneralException;
import sailpoint.object.*;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AccountRequest.Operation;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.Operation;
import sailpoint.api.Provisioner;
import sailpoint.api.SailPointContext;
List allplans = new ArrayList();
ProvisioningPlan plan=new ProvisioningPlan();
plan.setIdentity(context.getObjectByName(Identity.class,"36551"));
AccountRequest request=new AccountRequest();
request.setOperation(AccountRequest.Operation.Disable);
request.setNativeIdentity("36551");
request.setApplication("Oracle");
plan.add(request);
log.error("plan=="+plan.toXml());
if (plan != null){
Identity identity = plan.getIdentity();
if (identity != null)
{
List accountRequests = plan.getAccountRequests();
log.error("Account requests is--" + accountRequests);
if (accountRequests != null && accountRequests.size() > 0)
{
for (AccountRequest accRequest: accountRequests)
{
if (accRequest != null)
{
if (accRequest.getNativeIdentity() != null)
{
AccountRequest.Operation op = accRequest.getOperation();
ProvisioningPlan customplan = new ProvisioningPlan();
if (op != null)
{
if (op == AccountRequest.Operation.Disable)
{
accRequest.setOperation(ProvisioningPlan.AccountRequest.Operation.Delete);
log.debug("Account requests after is--" + accountRequests);
customplan.setIdentity(identity);
customplan.add(accRequest);
allplans.add(customplan);
}
}
}
}
}
}
}
}
else{
log.error("Before Provisioning Rule - Plan is null.");
throw new GeneralException("Before Provisioning Rule - Plan is null.");
}
Provisioner provisioner = new Provisioner(context);
for(ProvisioningPlan plan : allplans) {
log.error("Executing Provisioner");
provisioner.execute(plan);
log.error("Executed Provisioner");
}
</Source>
</Rule>
Hi @dheerajk27
we are trying to develop a before provisioning rule to create provisioning plan based on account request present in the existing provisioning plan in SailPoint IdentityNow.
While we are trying to validate the before provision cloud rule via rule validator that time the validator showing us the above error.
The error you’re getting is because there’s no method execute() on the Provisioner class that takes a List<ProvisioningPlan> as an argument.
However, looking at your rule code, this isn’t the best way to implement your requirement. I’m not sure it would work in ISC, either.
The plan argument provided in a BeforeProvisioning rule is mutable - meaning you can change the contents within it. In this case, you can simply keep your accRequest.setOperation(ProvisioningPlan.AccountRequest.Operation.Delete); statement and remove all logic related to customPlan, allPlans, and provisioner. When a disable operation is executed on a source using this rule, the rule will change the disable operation to delete.
