Share all details related to your problem, including any error messages you may have received.
We’ve had a request from a developer team on our floor to switch when our primary provisioning task runs from running off of a schedule within IIQ to instead be triggerable via API whenever our Payroll IT team has finished their processing. Since IIQ doesn’t currently have a task API, we’re trying to figure out if we can set up a workflow that will run a task, wait for the task to finish, and then return a taskResult on completion.
Two workflows (one to run the task, one to allow someone to check the completionStatus of the taskResult via API) would also work, but we were going to try for the first idea first.
I know we can use taskExecutor to launch the task as long as we supply the name of the task in the taskSchedule, and that part’s already complete. Is there a good way to build a workflow step that will “check” the taskResult’s completionStatus before proceeding? Maybe by going back to the start of that step if the completionStatus is not Success or Error? And does the taskExecutor need a separate taskResult value from the workflow’s taskResult? I would assume it does, but using the same taskResult would be convenient for ensuring we’re returning the right values on completion.
I had to do something similar a while ago where I had to run a specific aggregation before moving forward in a workflow. You can add a wait to step that checks the status of the task, and then basically just continue to loop back to that check status step until the TaskManager says the task is complete, then finally move on to the step where you return the task results. The wait step will be backgrounded for the minutes defined + the time until the next Perform Maintenance task runs to pick up the backgrounded workflow step.
Here is a dumbed down version of the workflow steps:
<Step name="Aggregate Safe Targets" posX="930" posY="261">
<Description>
Safe target objects are required for the PermissionRequest
Need to check if the current task is running and retry if it
as there is no way to aggregate a single target
</Description>
<Arg name="safePlan" value="ref:safePlan"/>
<Arg name="identityName" value="ref:identityName"/>
<Arg name="pamApplicationName" value="ref:pamApplicationName"/>
<Script>
<Source><![CDATA[
import sailpoint.api.TaskManager;
import org.apache.log4j.Logger;
//Start our target aggregation in the background so we have the target for when we add permissions to the safe
TaskManager tm = new TaskManager(context);
tm.run("CyberArk - Target Aggregation", null);
]]></Source>
</Script>
<Transition to="Wait for Target Aggregation"/>
</Step>
<Step name="Wait for Target Aggregation" posX="882" posY="417" resultVariable="isTargetAggRunning" wait="10">
<Description>
Safe target objects are required for the PermissionRequest
Need to check if the current task is running and retry if it
as there is no way to aggregate a single target
</Description>
<Arg name="safePlan" value="ref:safePlan"/>
<Arg name="identityName" value="ref:identityName"/>
<Arg name="pamApplicationName" value="ref:pamApplicationName"/>
<Script>
<Source><![CDATA[
import sailpoint.api.TaskManager;
import org.apache.log4j.Logger;
//Check if our target aggregation is already running from schedule or another approved admin request
TaskManager tm = new TaskManager(context);
boolean isTargetAggRunning = tm.isTaskRunning("CyberArk - Target Aggregation", "CyberArk - Target Aggregation");
return isTargetAggRunning;
]]></Source>
</Script>
<Transition to="Wait for Target Aggregation" when="isTargetAggRunning"/>
<Transition to="Next Step...." when="!isTargetAggRunning"/>
</Step>