Trigger filter parsing

chirag_patel · February 3, 2023, 7:42am

Hi folks , I am trying to filter the provisioning completed event trigger.
Requirement is :
Filter events which are from specific source, with Modify Account request, Add attribute request, specific role, the account request should be committed AND action should be “Access Request”.

I am able to achieve all other filtering apart from action because of the way json is structured. Sharing the json for provisioning trigger

{
    "_metadata": {
        "invocationId": "6a700aed-8c01-410b-9578-ef37958d7f5f",
        "triggerId": "idn:post-provisioning",
        "triggerType": "fireAndForget"
    },
    "accountRequests": [
        {
            "accountId": "123",
            "accountOperation": "Modify",
            "attributeRequests": [
                {
                    "attributeName": "detectedRoles",
                    "attributeValue": "Signage - Zoom [AccessProfile-1675050307522]",
                    "operation": "Add"
                }
            ],
            "provisioningResult": "IdentityNow Task",
            "provisioningTarget": "IdentityNow",
            "source": {
                "id": "IdentityNow",
                "name": "IdentityNow",
                "type": "SOURCE"
            },
            "ticketId": null
        },
        {
            "accountId": "VkHJk3oMQLapAWC9kLUcYw",
            "accountOperation": "Modify",
            "attributeRequests": [
                {
                    "attributeName": "role_id",
                    "attributeValue": "123",
                    "operation": "Add"
                },
                {
                    "attributeName": "email",
                    "attributeValue": "[email protected]",
                    "operation": "Add"
                },
                {
                    "attributeName": "first_name",
                    "attributeValue": "abc",
                    "operation": "Add"
                },
                {
                    "attributeName": "last_name",
                    "attributeValue": "abc",
                    "operation": "Add"
                }
            ],
            "provisioningResult": "committed",
            "provisioningTarget": "Zoom",
            "source": {
                "id": "123",
                "name": "Zoom",
                "type": "SOURCE"
            },
            "ticketId": null
        }
    ],
    "action": "Access Request",
    "errors": [],
    "recipient": {
        "id": "123",
        "name": "Abc",
        "type": "IDENTITY"
    },
    "requester": {
        "id": "abc",
        "name": "1002",
        "type": "IDENTITY"
    },
    "sources": "Zoom, IdentityNow",
    "trackingNumber": "abc",
    "warnings": []
}

and the filter which is working fine without action filter.
$.accountRequests[?(@.source.id == "abc" && @.provisioningResult == "committed" && @.accountOperation == "Modify")].attributeRequests[?(@.attributeName == "role_id" && @.operation == "Add" && @.attributeValue == "abc")]

Some of the values are randomly replaced but the filter is working fine.

How do I add action=“Access Request” along with above filter.

Single filter on action is working fine which is below:

$[?(@.action == 'Access Request']

colin_mckibben · February 3, 2023, 2:37pm

What if you try this?

$[?($.action == "Access Request")].accountRequests[?(@.source.id == "abc" && @.provisioningResult == "committed" && @.accountOperation == "Modify")].attributeRequests[?(@.attributeName == "role_id" && @.operation == "Add" && @.attributeValue == "abc")]

chirag_patel · February 7, 2023, 1:35pm

action and accountRequest are at same level so nesting would not work in filter.

attribute request is inside account request so it’s working fine. This is something quite common use case where we want to filter using attributes which are on same level. It is not working.

colin_mckibben · February 7, 2023, 2:13pm

FWIW, I tested the above JSONpath and it worked for me. Have you tried it?

chirag_patel · February 8, 2023, 8:29am

Thanks @colin_mckibben , seems like it is working. I tried so many combinations and made mistake.

I still do not understand why do I need to use “.” which is for inner object but action and accountRequests are at same level.
Also you have used $.action which was throwing error in jsonpath.com but works fine in trigger filter. @.action also works fine here but I am not able to understand underlying logic.

colin_mckibben · February 8, 2023, 2:18pm

Our ETS service uses Jayway jsonpath, while http://jsonpath.com/ uses Goessner jsonpath. Jayway has support for more operators than Goessner, hence the reason for some things not working in that editor. I recently updated the trigger filter docs to point to a new online editor that matches very closely, if not exactly, to the ETS jsonpath implementation. In the future, use https://www.javainuse.com/jsonpath when crafting jsonpath for ETS filters.

I’m not a JSONpath guru, but I find it helps to break down the expression into parts when using the online editor. This expression will return the entire root object if the filter matches:

$[?($.action == "Access Request")]

Hence, the need for the .accountRequests, since the output of the above expression is the original object to begin with.

Topic		Replies	Views
Event Trigger Filter Help ISC Discussion and Questions	4	1226	July 19, 2023
Filter Provisioning Completed trigger in Workflows ISC Discussion and Questions workflows , event-triggers	7	585	December 17, 2023
Event Trigger filter ISC Discussion and Questions	16	2561	July 29, 2023
Provisioning Completed Workflow Trigger Filtering ISC Discussion and Questions workflows , identity-security-cloud	4	480	April 26, 2024
Provisioning Completed Filter ISC Discussion and Questions workflows , identity-security-cloud	5	415	August 10, 2023

Trigger filter parsing

Related topics