Resource Action

Resource actions are scripts that run on the managed resource. In the context of Microsoft Windows, this would be a DOS console command. In Solaris/Linux, the actions are executed as shell commands.
You would use a Resource Action to perform things that before or after a managed account is created, updated, or deleted. It's much easier using Resource Actions than creating a custom Resource Adapter.

Before attempting to create Resource Actions, check with the Identity Manager Resource Reference to make sure your resource supports Before/after actions.

This example is using a shell script for a managed resource. You may use this Resource Action in a form, as outlined in the Resource Reference, but I'd like to demonstrate a different way.
Prior to creating this Resource Action, I modified the Shell Script Resource Parameters and filled in Get User Resource Action, Create User Resource Action,Update User Resource Action, Delete User Resource Action, and Get User Result Handler. I'll explain the reason for Get User, Get User Result Handler later.
I modified my shell script schema to use identity attributes accountID, and host mapped to IGNORE_ATTR. You'll see below that $WSUSER_accountId, and $WSUSER_host were variables that are used by the resource action.

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ResourceAction PUBLIC 'waveset.dtd' 'waveset.dtd'>
<ResourceAction name='ResAction:myProj:Resource-After-Create'>
<ResTypeAction restype='Shell Script' timeout='20000'>
<act>
#!/bin/csh
echo "Account ID" >> /myProjFolder/.$WSUSER_accountId.txt
echo $WSUSER_accountId >> /myProjFolder/.$WSUSER_accountId.txt
/myProjFolder/scr/runMyScr.csh $WSUSER_accountId
ssh -l someuser $WSUSER_host /myProjFolder/exe/someExecutable $WSUSER_accountId &
exit 0
</act>
</ResTypeAction>
<MemberObjectGroups>
<ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
</MemberObjectGroups>
</ResourceAction>

If you decide to use this code for a different resource type, like Solaris, make sure you've changed the restype='Solaris'. One note I should mention. If you are using a custom resource adapter and you've named your resource something other than out-of-the-box, like MyCustomResource, then restype='MyCustomResource'.

I'm not going to show the Update, or Delete since you can pretty much figure out what you'll need to do. However, I will show you my Get user Result handler for the Shell Script Resource Adapter. The Get User, and Get User Result Handler are needed for the Resource Adapter to query account information on that managed resource. If you notice in my After Create, I stored Account ID and then on the next line, the accountID in a file named after the accountId. So in JosephSmith.txt there is a header, Account ID with JosephSmith as the value. This is important for when you are editing the user. IDM needs to query to see if the account exists in the assigned resources. If you don't supply a Get User/Get User Result Handler, you'll receive an error, "JosephSmith doesn't exist on Resource xxx." The account may exist, but IDM had no way of querying. My Get User Resource Action will simply dump that txt file to stdio for the Result Handler to read. The Result Handler will actually parse the stdio, with an AttrParse.

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ResourceAction PUBLIC 'waveset.dtd' 'waveset.dtd'>
<ResourceAction name='ResAction:myProj:GetUserAction'
<ResTypeAction restype='Shell Script'>
<act>
#!/bin/csh
cat /myProjFolder/.$WSUSER_accountId.txt
exit 0
</act>
</ResTypeAction>
<MemberObjectGroups>
<ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
</MemberObjectGroups>
</ResourceAction>

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE AttrParse PUBLIC 'waveset.dtd' 'waveset.dtd'>
<AttrParse \ name='AttrParse:myProj:GetUserHandler'
<collectCsvHeader idHeader='Account ID' delim=',' trim='true' unQuote='true'/>
<collectCsvLines trim='true' unQuote='true'/>
<MemberObjectGroups>
<ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
</MemberObjectGroups>
</AttrParse>

Basically, what the AttrParse is doing is looking for the Header that maps to accountID. I'm stating the Account ID is mapped to accountID.
For more detail information about the AttrParse, read the Resource Reference Implementing the AttrParse. For me, this was all I needed.

HTH,
JosephSmith - smith.josephATgmailDOTcom

Labels

resource resource Delete
action action Delete
shell shell Delete
script script Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact