Skip to main content

Python Agent API Reference

Note

Implemented in Connector Pack 4.3.

Connection operations

Address attributes

Defines the address line attributes that the target will support

Signature: addressattrs(cinfo)

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

Remarks:

The agent.addAddressAttr callback should be used in this operation to define the address attributes for the target, refer to agent.addAddressAttr callback for full details. The callback can only be used in scripted agents that are defined with a .con file. The values specified for the address attributes, will be available to be used in other operations inside of the "settings" dictionary object.

Connect

Establishes a connection to the target system

Signature: connect(cinfo)

Parameters:

  • cinfo['adminid'] - The administrator account that should be used to connect to the target system

  • cinfo['adminpw'] - The password for the administrator account

  • cinfo['sysid'] - An optional system account that should be used during connection

  • cinfo['syspw'] - The password for the system account

  • cinfo['settings'] - Dictionary object containing the address attributes defined in the address attributes operation

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACNotConnected 3

Remarks:

This function will be called before other operations to establish a connection for use in the subsequent operations.

Disconnect

Terminates the connection to the target system

Signature: disconnect(cinfo)

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

Platform information

Defines additional operations the connector supports

Signature: platforminfo(cinfo)

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

Remarks:

The agent.addSupportedOp callback can be used in this operation to define additional operations the connector will support. This functionality is primarily used in scenarios where the connector is wrapping a different connector. See the agent.addAddressAttr callback page for full details.

Server information

Returns the version of the target system. Also used to validate a connection to the target system when using the "Test Connect" button during target configuration

Signature: serverinfo(cinfo)

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

Remarks:

The agent.serverInfo callback should be used to return the version information for the target system. See the agent.serverInfo callback page for full details.

List operations

List Computers

Lists computer objects from the target system.

Signature: listcomputers(cinfo, resourceType)

Parameters:

  • resourceType - The type of computer objects that should be listed

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

Remarks:

The agent.addComputer callback should be used to return the computer objects. Refer to agent.addComputer callback for full details

List Groups

Lists groups from the target system.

Signature: listgroups(cinfo, wantMembers)

Parameters:

  • wantMembers - Boolean flag to indicate if members should be listed

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

Remarks:

The agent.addGroup callback callback should be used to return the groups listed during this operation. Refer to agent.addGroup callback for full details.

List Member Method

Indicates if members will be listed while listing users or while listing groups

Signature: listmembersmethod()

Return Value:

  • 1 - If members will be listed during group listing

  • 2 - If members will be listed during user listing

Remarks:

Generally when creating custom Python integrations member information will be listed with the listgroups operation. For certain targets the membership information is provided alongside the user information instead of the group information, this function indicates during which operation memberships should be listed.

If this function is not implemented it will be assumed members will be listed during group listing.

List Subscribers

Lists objects that rely on user credentials, which should be updated when the user's password is changed

Signature: listsubscribers(cinfo, resourceType)

Parameters:

  • resourceType - The type of subscriber objects that should be listed

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

Remarks:

The agent.addSubscriber callback should be used to return the subscriber objects. Refer to agent.addSubscriber callback for full details.

List Users

Lists users from the target system

Signature: listusers(cinfo, wantGroups, wantAttributes)

Parameters:

  • cinfo['listattributes'] - Collection of attributes to be listed

  • wantGroups - Boolean flag to indicate if memberships should be listed

  • wantAttributes - Boolean flag to indicate if attributes should be listed for users

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

Remarks:

The agent.addAccount callback should be used to return the accounts listed during this operation. Refer to agent.addAccount callback for full details.

For listing attributes if wantAttributes is false, no attributes should be listed. If wantAttributes is true the attributes specified in cinfo['listattributes'] should be listed. If cinfo['listattributes'] is empty and wantAttributes is true all attributes should be listed.

Password operations

Admin Verify

Validates if a password is valid for a specified account, without incrementing the password lockout count.

Signature: adminverify(cinfo)

Parameters:

  • cinfo['acctid'] - The account to validate the password on

  • cinfo['oldpw'] - The password to check

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

  • ACAccessDenied 11

  • ACVerifyFailed 14

  • ACPasswordLocked 26

  • ACPasswordExpired 27

  • ACAccountExpired 28

  • ACAccountDisabled 29

Remarks:

If this operation is not defined the verify operation will automatically be called instead

Change Password

Verifies the old password for an account, if successful the password is then changed to a new value.

Signature: change(cinfo)

Parameters:

  • cinfo['acctid'] - The account the password should be changed on

  • cinfo['newpw'] - The new password that should be set

  • cinfo['oldpw'] - The old password that should be verified

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

  • ACAccessDenied 11

  • ACVerifyFailed 14

  • ACPasswordLocked 26

  • ACPasswordExpired 27

  • ACAccountExpired 28

  • ACAccountDisabled 29

Expire Password

Expires the password for an account

Signature: def expirepw(cinfo)

Parameters:

  • cinfo['acctid'] - The account the password should be expired on

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Is Password Expired

Checks if the password is expired on an account

Signature: def ispwexpired(cinfo)

Parameters:

  • cinfo['acctid'] - The account the password should be checked on

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Remarks:

The agent.isPwExpired callback should be used to return the status of the password. See the agent.isPwExpired callback page for full details.

Reset

Sets the password for an account to a new value. This function will also unlock the account and unexpire the password.

  • Signature: def reset(cinfo)

Parameters:

  • cinfo['acctid'] - The account the password reset should be performed on

  • cinfo['newpw'] - The new password that should be set

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Reset Expire Password

Sets the password for an account to a new value. This function will also expire the new password.

Signature: def resetexpirepw(cinfo)

Parameters:

  • cinfo['acctid'] - The account the password should be reset and expired on

  • cinfo['newpw'] - The new password that should be set

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Unexpire Password

Unexpire the password for an account.

Signature: def unexpirepw(cinfo)

Parameters:

  • cinfo['acctid'] - The account the password should be unexpired on

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Verify Password

Validates if a password is valid for a specified account

Signature: verify(cinfo)

Parameters:

  • cinfo['acctid'] - The account to validate the password on

  • cinfo['oldpw'] - The password to check

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

  • ACAccessDenied 11

  • ACVerifyFailed 14

  • ACPasswordLocked 26

  • ACPasswordExpired 27

  • ACAccountExpired 28

  • ACAccountDisabled 29

Verify Reset Password

Validates if a password is valid for a specified account, resetting the password if it is not. This function will also unlock the account and unexpire the password if required.

Signature: verifyreset(cinfo)

Parameters:

  • cinfo['acctid'] - The account to be performing the password operations on

  • cinfo['newpw'] - The password to be verified and set

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

  • ACAccessDenied 11

  • ACVerifyFailed 14

  • ACPasswordLocked 26

  • ACPasswordExpired 27

  • ACAccountExpired 28

  • ACAccountDisabled 29

Remarks:

If this operation is not defined other operations will be automatically called instead. The priority for fallback operations is:

  • adminverify operation, followed by a reset operation if the password fails to be verified

  • verify operation, followed by a reset operation if the password fails to be verified and the adminverify operation is not defined

  • reset operation, if neither the verify operation nor the adminverify operation is defined

Account operations

Create User

Creates a new user.

Signature: create(cinfo)

Parameters:

  • cinfo['acctid'] - Identifier for the user that should be created

  • cinfo['modeluid'] - Identifier for the template account

  • cinfo['attributes'] - The attributes to be set on the new user

  • cinfo['newpw'] - The password that should be set on the new user

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACObjectAlreadyExists 6

  • ACInvalidUser 7

  • ACInvalidModelUser 8

Remarks:

The agent.stableId, agent.longId, agent.shortId and agent.addAccountAttr callbacks should be used to return information on the created user. See the callback section for full details on the individual callbacks.

The template account should be used for attributes with the "COPY" or "REPLACE" actions to be able to determine what value should be set for the attribute. For full details on attributes see the attributes definitions section.

Delete User

Deletes a user.

Signature: delete(cinfo)

Parameters:

  • cinfo['acctid'] - The user that should be deleted

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACInvalidUser 7

Move Context

Moves a user to a different context

Signature: movecontext(cinfo)

Parameters:

  • cinfo['acctid'] - The user that should be moved

  • cinfo['attributes'] - Optional attributes that can be used to indicate the new context

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACInvalidUser 7

Rename User

Renames a user.

Signature: rename(cinfo)

Parameters:

  • cinfo['acctid'] - The user that should be renamed

  • cinfo['modeluid'] - The identifier the user should be renamed to

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACInvalidUser 7

Update User

Updates the attributes of a user.

Signature: update(cinfo)

Parameters:

  • cinfo['acctid'] - The user that should be moved

  • cinfo['attributes'] - Optional attributes that can be used to indicate the new context

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACInvalidUser 7

Remarks:

The agent.stableId, agent.longId, agent.shortId and agent.addAccountAttr callbacks should be used to return information on the updated user. See the callback section for full details on the individual callbacks.

User Attributes

Queries attributes for a single user.

Signature: userattributes(cinfo)

Parameters:

  • cinfo['acctid'] - The user that should be moved

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACInvalidUser 7

Remarks:

The agent.addAccountAttr callback should be used to return information on the user. See the callback section for full details on the individual callbacks.

Account status operations

Disable Account

Disables an account.

Signature: def disable(cinfo)

Parameters:

  • cinfo['acctid'] - The account that should be disabled

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Remarks:

If the account is already disabled before doing any modifications, the function should return ACSuccess.

Enable Account

Enables an account.

Signature: def enable(cinfo)

Parameters:

  • cinfo['acctid'] - The account to be enabled

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Remarks:

If the account is already enabled before doing any modifications, the function should return ACSuccess.

Expire Account

Expires an account

Signature: def expireacct(cinfo)

Parameters:

  • cinfo['acctid'] - The account to be expired

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Remarks:

If the account is already expired before doing any modifications, the function should return ACSuccess.

Is Account Enabled

Check if an account is expired.

Signature: def isenabled(cinfo)

Parameters:

  • cinfo['acctid'] - The account to be checked

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Remarks:

The agent.isEnabled callback should be used to return the status of the account. See the agent.isEnabled callback page for full details.

Is Account Expired

Checks if an account is expired.

Signature: def isacctexpired(cinfo)

Parameters:

  • cinfo['acctid'] - The account to be checked

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Remarks:

The agent.isAcctExpired callback should be used to return the status of the account. See the agent.isAcctExpired callback page for full details.

Is Account Locked

Checks if an account is locked.

Signature: def islocked(cinfo)

Parameters:

  • cinfo['acctid'] - The account to be checked

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Remarks:

The agent.isLocked callback should be used to return the status of the account. See the agent.isLocked callback page for full details.

Lock Account

Locks an account.

Signature: def lock(cinfo)

Parameters:

  • cinfo['acctid'] - The account to be locked

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Remarks:

If the account is already locked before doing any modifications, the function should return ACSuccess.

Unexpire Account

Unexpires an account.

Signature: def unexpireacct(cinfo)

Parameters:

  • cinfo['acctid'] - The account that should be unexpired

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Remarks:

If the account is already not expired before doing any modifications, the function should return ACSuccess.

Unlock Account

Unlocks an account.

Signature: def unlock(cinfo)

Parameters:

  • cinfo['acctid'] - The account that should be unlocked

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

Remarks:

If the account is already unlocked before doing any modifications, the function should return ACSuccess.

Group operations

Create Group

Creates a new group.

Signature: def groupcreate(cinfo)

Parameters:

  • cinfo['groupid'] - Identifier for the group that should be created

  • cinfo['attributes'] - Attributes that should be set on the new group

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACObjectAlreadyExists 6

Remarks:

The agent.stableId, agent.longId, agent.shortId and the agent.addGroupAttr callbacks should be used to return information on the newly created group. See the callback section for full details on the individual callbacks.

Delete Group

Deletes a group.

Signature: def groupdelete(cinfo)

Parameters:

  • cinfo['groupid'] - The group that should be deleted

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidGroup 12

Group Group Add

Adds a group to a group.

Signature: def groupgroupadd(cinfo)

Parameters:

  • cinfo['objectid'] - The group that the member group should be added to

  • cinfo['objchildid'] - The group that should be added as a member

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

  • ACInvalidObject 38

  • ACAlreadyRelated 39

Group Group Delete

Removes a group from a group.

Signature: def groupgroupdelete(cinfo)

Parameters:

  • cinfo['objectid'] - The group that the member group should be removed from

  • cinfo['objchildid'] - The group that should be removed

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

  • ACInvalidObject 38

  • ACNotRelated 40

Group Owner Add

Adds a user to a group as a group owner.

Signature: def groupowneradd(cinfo)

Parameters:

  • cinfo['groupid'] - The group the user should be added as an owner to

  • cinfo['owner'] - The account that should be added as an owner

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

  • ACInvalidObject 38

  • ACAlreadyRelated 39

Group Owner Delete

Removes an owner from a group.

Signature: def groupownerdelete(cinfo)

Parameters:

  • cinfo['groupid'] - The group the owner should be removed from

  • cinfo['owner'] - The user that should be removed as an owner

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

  • ACInvalidObject 38

  • ACNotRelated 40

Group User Add

Adds a user to a group.

Signature: def groupuseradd(cinfo)

Parameters:

  • cinfo['acctid'] - The user to be added

  • cinfo['groupid'] - The group the user should be added to

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

  • ACUserAlreadyGroupMember 13

  • ACInvalidObject 38

  • ACAlreadyRelated 39

Group User Delete

Removes a user from a group.

Signature: def groupuserdelete(cinfo)

Parameters:

  • cinfo['acctid'] - The user to be removed

  • cinfo['groupid'] - The group the user should be removed from

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidUser 7

  • ACUserNotInGroup 9

  • ACInvalidObject 38

  • ACNotRelated 40

Update Group

Updates the attributes on a group.

Signature: def groupupdate(cinfo)

Parameters:

  • cinfo['groupid'] - The group that should be updated

  • cinfo['attributes'] - Attributes that should be set on the group

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACOperationNotSupported 2

  • ACInvalidGroup 12

Remarks:

The agent.stableId, agent.longId, agent.shortId and the agent.addGroupAttr callbacks should be used to return information on the updated group. See the callback section for full details on the individual callbacks.

Network resource operations

Create Network Resource

Creates a network resource.

Signature: def nrcreate(cinfo)

Parameters:

  • cinfo['resourceaddress'] - Address for the network resource being created

  • cinfo['resourcetype'] - Type of network resource to create

  • cinfo['attributes'] - Attributes to be set on the network resource

  • cinfo['acctid'] - User the network resource should be created for

  • cinfo['modeluid'] - Template user

  • cinfo['modeluri'] - Template network resource

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

Delete Network Resource

Deletes a network resource.

Signature: def nrdelete(cinfo)

Parameters:

  • cinfo['resourceaddress'] - Address for the network resource to delete

  • cinfo['resourcetype'] - Type of network resource to delete

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACObjectDoesNotExist 36

Move Network Resource

Moves a network resource.

Signature: def nrmove(cinfo)

Parameters:

  • cinfo['resourceaddress'] - Address for the network resource being moved

  • cinfo['resourcetype'] - Type of network resource to move

  • cinfo['modeluri'] - Destination for the network resource

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACObjectDoesNotExist 36

Update Network Resource

Updates a network resource.

Signature: def nrupdate(cinfo)

Parameters:

cinfo['resourceaddress'] - Address for the network resource to be updated

cinfo['resourcetype'] - Type of network resource to be updated

cinfo['attributes'] - Attributes to be set on the network resource

Return Value:

ACSuccess 0

ACUnknownError 1

Other operations

Challenge Response

Advanced authentication operation for use with token or disk encryption systems.

Signature: def challengeresponse(cinfo)

Parameters:

  • cinfo['acctid'] - The account the operation should be performed for

  • cinfo['attributes'] - Attributes for defining options in the operation

  • cinfo['challenge'] - Challenge code for the system

  • cinfocinfo['response'] - Response code for the system

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

  • ACVerifyFailed 14

Remarks:

Depending on the use case for the operation, either for token authentication or for disk encryption, both the expected input and output will vary for this operation.

For disk encryption targets generally a challenge string will be provided which will be validated by the target system to receive a response string, which should be output and provided to the end user to unlock the encrypted disk.

For token authentication targets one or more challenge response operations are passed to the target system to authenticate conditions. The challenge string contains the state across the multiple operations while the response is the string to validate. The next challenge state and response should be returned until all conditions are validated.

The agent.addChallenge and agent.addResponse callbacks should be used to return information from this operation. See the callback section for full details on the individual callbacks.

Custom operation

Performs a custom operation.

Signature: custom_<functionName>(cinfo)

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

Remarks:

This operation lets you define your own operations that should be run. The definition of this function will vary as you can define your own operations. The format of your function definition should be "custom_" followed by whatever your custom function name is, so for example something like custom_hello_world(cinfo).

To invoke these custom defined operations, the agent should be called with "custom" as the operation and the "customop" input set to the value of the custom function name that should be invoked. For example, to call a custom_hello_world(cinfo) function the "customop" input should be set to the value "hello_world".

Due to the nature of this operation a hard-coded list of expected parameters that would be used or return values that might be returned cannot be defined, as they will vary depending on your custom definition.

The agent.addCustomAttrs and the agent.listAttribute callbacks should be used to return information from this operation. See the callback section for full details on the individual callbacks.

Run Command

Runs a specified command

Signature: def runcommand(cinfo)

Parameters:

  • cinfo['command'] - The command that should be run

  • cinfo['commandFile'] - The file the command's output should be stored in

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

Remarks:

The agent.commandOutput should be used to return the command's output from the agent. See the callback section for full details on the callback.

Update Resource

Updates the password on a subscriber resource.

Signature: def updateresource(cinfo)

Parameters:

  • cinfo['resourceaddress'] - Address of the subscriber resource

  • cinfo['resourcetype'] - Type of subscriber resource

  • cinfo['newpw'] - The password that should be set

  • cinfo['restart'] - Bool flag for If the resource should be restarted as part of the password update

  • cinfo['position'] - Indicates if the restart should be done before or after the password update

Return Value:

  • ACSuccess 0

  • ACUnknownError 1

Remarks:

If a restart should be done as part of the operation, the position parameter indicates if it should be done before or after the password update. It's value will either be "pre" for before the update, or "post" if it should be done after.

Callbacks

Logging callbacks

Debug Log

Logs a message at debug (5) level.

Signature: log.debug(message)

Parameters:

  • message - The message that should be logged

Error Log

Logs a message at error (1) level.

Signature: log.error(message)

Parameters:

  • message - The message that should be logged

Info Log

Logs a message at info (4) level.

Signature: log.info(message)

Parameters:

  • message - The message that should be logged

Warning Log

Logs a message at warning (2) level.

Signature: log.warning(message)

Parameters:

  • message - The message that should be logged

Listing callbacks

Add Account

Adds an account and it's information to the list file.

Signature: agent.addAccount('stableid', 'longid', 'shortid', attrsDict, groupsDict)

Parameters:

  • stableid - The ID for the account that cannot be changed

  • longid - The ID for the account that will be used to identify it in operations

  • shortid - The ID for the account that is human readable and will be displayed in the UI

  • attrsDict - Dictionary object of the attributes for the account

  • groupsDict - Dictionary object of the memberships for the account

Return Value:

Remarks:

This callback should only be used in the list users operation.

For the expected format on the dictionary objects see the definitions section for full details.

Add Computer

Adds a computer and it's information to the list file.

Signature: agent.addComputer('compid', 'desc', disabledStatus, attrsDict)

Parameters:

  • compid - The id of the computer object that will be used to identify it in operations

  • desc - The description for the computer that is human readable and will be displayed in the UI

  • disabledStatus - Boolean flag for if the computer is enabled or disabled

  • attrsDict - Dictionary object of the attributes for the computer object

Remarks:

This callback should only be used in the list computers operation

For the expected format on the dictionary objects see the definitions section for full details.

Add Group

Adds a group and it's information to the list file.

Signature: agent.addGroup('stableid', 'longid', 'shortid', attrsDict, ownersDict, membersDict)

Parameters:

  • stableid - The ID for the group that cannot be changed

  • longid - The ID for the group that will be used to identify it in operations

  • shortid - The ID for the account that is human readable and will be displayed in the UI

  • attrsDict - Dictionary object of the attributes for the group

  • ownersDict - Dictionary object of the owners for the group

  • membersDict - Dictionary object of the group's members

Remarks:

This callback should only be used in the list groups operation

For the expected format on the dictionary objects see the definitions section for full details.

Add Subscriber

Adds a subscriber and it's information to the list file.

Signature: agent.addSubscriber('subid', 'desc', disabledStatus, 'subacct', 'stableid', 'longid', 'shortid', 'securitydomain', attrsDict)

Parameters:

  • subid - The ID for the subscriber that will be used to identify it in operations

  • desc - The description for the subscriber that is human readable and will be displayed in the UI

  • disabledStatus - Boolean flag for if the subscriber is enabled or disabled

  • subacct - Long ID for the subscription account

  • stableid - Stable ID for the subscription account

  • longid - Long ID for the subscription account

  • shortid - The ID for the subscription account that is human readable and will be displayed in the UI

  • securitydomain - The security domain of the subscription account

  • attrsDict - Dictionary object of the attributes for the subscriber

Remarks:

This callback should only be used in the list subscribers operation

For the expected format on the dictionary objects see the definitions section for full details.

Return callbacks

Add Account Attribute

Adds an attribute and it's value(s) to the output KVG.

Signature: agent.addAccountAttr('name', valueList)

Parameters:

  • name - The name of the attribute

  • valueList - One or more values for the attribute

Remarks:

For the valueList either a single string value may be specified or a list of string values if the attribute can be multi-valued.

Add Address Attribute

Defines an address attribute for the scripted platform.

Signature: agent.addAddressAttr('name', 'desc', 'type', 'valueDefault', required, advancedOptions)

Parameters:

  • name - Name of the address attribute

  • desc - Description of the address attribute

  • type - The type of the address attribute

  • valueDefault - The default value that should be used if the address attribute is not specified

  • required - Boolean flag for If the address attribute is required to be specified

  • advancedOptions - Defines the potential values when adding a "restricted" type attribute

Remarks:

Valid options for the type parameter are: "boolean" "integer" "kvgroup" "restricted" "script" "string" "dir" "file" "readonly" "multivalue".

If an address attribute with restricted type is being added, the syntax for defining the restricted values in advancedOptions is:

{'restrictedValues':<list of potential restricted values>, 'advanced': 'true'}

Where the syntax for each restricted value option is:

{'value': '<value>', 'description': '<description>'}

Add Challenge

Adds a challenge string to the agent output.

Signature: agent.addChallenge('challenge')

Parameters:

  • challenge - The challenge string that should be returned

Remarks:

This callback should only be used with the Challenge Response operation

Add Custom Attributes

Adds attributes to a custom list file.

Signature: agent.addCustomAttrs('id', attrsDict)

Parameters:

  • id - ID for the object to add attributes for

  • attrsDict - Dictionary object of the attributes for the object

Remarks:

This callback should only be used with the custom operation. For the expected format on the attrsDict object see the definitions section for full details.

Add Group Attribute

Adds a group attribute and it's value(s) to the output KVG.

Signature: agent.addGroupAttr('name', valueList)

Parameters:

  • name - The name of the attribute

  • valueList - One or more values for the attribute

Remarks:

For the valueList either a single string value may be specified or a list of string values if the attribute can be multi-valued.

Add Retry Data

Adds the retry data to the agent output KVG.

Signature: agent.retryData('retrydata')

Parameters:

  • retrydata - The value for the data to retry for the operation.

Remarks:

This callback is usually used along with retryTime for agent codes such as ACTryAgainLater.

Add Retry Time

Adds the retry time to the agent output KVG.

Signature: agent.retryTime(retrytime)

Parameters:

  • retrytime - The value for the number of times to retry for the operation.

Remarks:

This callback is usually used along with retryData for agent codes such as ACTryAgainLater.

Add Response

Adds a response and it's attributes to the output KVG.

Signature: agent.addResponse('response', attrsDict)

Parameters:

  • response - The response message

  • attrsDict - Dictionary object of the attributes for the response

Remarks:

This callback should only be used with the challenge response operation. For the expected format on the attrsDict object see the definitions section for full details.

Add Supported Operation

Adds an operation to the supported operations for a platform

Signature: agent.addSupportedOp(operation)

Parameters:

  • operation - The string for the operation that should be supported

Remarks:

The operation string should take the form OpReset, OpGroupUserAdd, OpListUsers, etc.

Set Error Message

Sets the agent error message in the output KVG.

Signature: agent.error('errormsg')

Parameters:

  • errormsg - The message that should be set

Set Info Message

Sets the agent info message in the output KVG.

Signature: agent.info('infomsg')

Parameters:

  • infomsg - The message that should be set

Set Account Expired

Sets the account expiration value in the output KVG.

Signature: agent.isAcctExpired(expiredStatus)

Parameters:

  • expiredStatus - Boolean flag indicating if the account is expired or not

Remarks:

This callback should only be used with the isacctexpired operation

Set Account Enabled

Sets the account expired value in the output KVG.

Signature: agent.isEnabled(enabledStatus)

Parameters:

  • enabledStatus - Boolean flag indicating if the account is enabled or not

Remarks:

This callback should only be used with the isEnabled operation

Set Account Locked

Sets the account expired value in the output KVG.

Signature: agent.isLocked(lockedStatus)

Parameters:

  • lockedStatus - Boolean flag indicating if the account is locked or not

Remarks:

This callback should only be used with the isLocked operation

Set Groups

Sets the groups for a newly created account in the output KVG.

Signature: agent.groups(groupList)

Parameters:

  • groupList - One or more groups the account is a member of

Remarks:

This callback should only be used with the create operation

Set Password Expired

Sets the password expired value in the output KVG.

Signature: agent.isPwExpired(expiredStatus)

Parameters:

  • expiredStatus - Boolean flag indicating if the password is expired or not

Remarks:

This callback should only be used with the ispwexpired operation

Set Long ID

Sets the long id value for the object in the output KVG

Signature: agent.longId('longid')

Parameters:

  • longid - The long id of the object

Remarks:

This callback should only be used with the create, update, groupcreate and groupupdate operation

Set Server Info

Sets the server information in the output KVG.

Signature: agent.serverInfo('version', attrsDict)

Parameters:

  • version - Version string of the target system

  • attrsDict - Optional dictionary object of attributes of the target

Remarks:

This callback should only be used with the serverinfo operation. For the expected format on the attrsDict object see the definitions section for full details.

Set Short ID

Sets the short id value for the object in the output KVG.

Signature: agent.shortId('shortid')

Parameters:

  • shortid - The short id id of the object

Remarks:

This callback should only be used with the create, update, groupcreate and groupupdate operation.

Set Stable ID

Sets the stable id value for the object in the output KVG.

Signature: agent.stableId('stableid')

Parameters:

  • stableid - The stable id of the object

Remarks:

This callback should only be used with the create, update, groupcreate and groupupdate operation.

Set Warning Message

Sets the agent warning message in the output KVG.

Signature: agent.warning('warningmsg')

Parameters:

  • warningmsg - The message that should be set

Other callbacks

Run Agent

Runs an agent.

Signature: agent.run(agentexe, agentinput, opinput, attributes)

Parameters:

  • agentexe - The binary that should be run

  • agentinput - The agent input for the operation

  • opinput - The operation input for the operation

  • attributes - The attributes for the operation

Return Value:

  • Agent return code from operation that was run

Remarks:

The agentinput, opinput and attributes are what is normally stored in the cinfo['agentinput'], cinfo['opinput'], cinfo['attributes'] respectively. If calling list operations the filename should be changed for the list file. If wrapping a list operation the listing callbacks should be called to populate the agent's list file from the wrapped agent's list files.

Definitions

AgentCode

See explanation of agent codes .

Attributes

A dictionary object containing dictionaries for each attribute that is specified when creating or updating users. Each individual attribute dictionary will have 5 keys:

  • "NAME" - String value for the name of the attribute. Also stored as the key to the attribute dictionary

  • "ACTION" - String value for the action that should be performed for the attribute.During the create user operation the valid values are: "VALUE", "IGNORE", "COPY" or"REPLACE".During the update user operation the only valid values are: "VALUE" or "IGNORE".

  • "SEQUENCE" - Integer value for when the attribute should be set during the create user operation.The value "-1" is specified if it should be set when creating the object or the value "0" is specified if it should be set after creating the object.

  • "VALUE" - The value(s) that should be set.Either a single string value may be specified or a list of string values if the attribute can be multi-valued.

  • "GROUP" - Integer value for the attribute group.Default value is 0.

Remarks:

Depending on the value of the "ACTION" field different things should be done for the attribute being set.They are:

  • "VALUE" - The attribute should be set to the specified value.

  • "IGNORE" - No action should be taken on the attribute.

  • "COPY" - The value should be copied from the template account.

  • "REPLACE" - The value should be copied from the template account, replacing the template user's id with the account id of the user being created.

AttrsDict

A dictionary object containing attributes and their value(s).

For each entry in the dictionary the key is the attribute's name, while the value is either a singular string value or a list of string values if the attribute is multi-valued.

For example:

attrsDict = {'attr1': 'value1', 'attr2': ['value2-1','value2-2']}

Cinfo

A dictionary object containing the inputs for the operations. It's contents are:

  • acctid - [String] ID of the account that will be used to identify it in operations

  • address - [String] The address string for the target

  • adminid - [String] The administrator account for authenticating to the target

  • adminpw - [String] The password for the administrator account

  • agentinput - [Dictionary] Dictionary object of dictionary objects containing connection information

  • attributes - [Dictionary] Dictionary of dictionary objects containing attribute information. See the Attributes definition for details.

  • challenge - [String] The challenge code for performing challenge response

  • command - [String] The command to be run during the run command operation

  • commandFile - [String] The filename to store command output in during run command operation

  • customop - [String] The name of the custom operation which should be run during the custom operation

  • fullname - [String] The full name of the user

  • groupid - [String] The group ID to be operated on for group operations

  • groupname - [String] The description of the group

  • listattributes - [List] List of string values for attributes that should be listed

  • modeluid - [String] The template account that should be used for creating new users

  • modeluri - [String] The address for the template network resource

  • newpw - [String] The new password that should be set for password operations

  • objchildid - [String] The child object ID in managed object relation operations

  • objchildtype - [String] The child object type in managed object relation operations

  • objectid - [String] The object ID in managed object operations

  • objecttype - [String] The object type in managed object operations

  • objreltype - [String] The relationship type in managed object relation operations

  • oldpw - [String] The old password to be check in verify operations

  • operation - [String] The operation that is being run

  • opinput - [Dictionary] Dictionary object of dictionary objects containing operation information

  • owner - [String] The ID of the owner object

  • ownertype - [String] The type of the owner object

  • position - [String] Indicates when a subscriber should be restarted during subscriber update. Possible values are "pre" for before the update, or "post" if it should be done after.

  • resourceaddress - [String] Address for the network resource in network resource operations

  • resourcetype - [String] Type of the network resource in network resource operations

  • response - [String] The response code for performing challenge response

  • restart - [Boolean] Flag value indicating if a subscriber should be restarted during update resource update

  • settings - [Dictionary] Dictionary object containing the additional address attribute and their values that are defined in the address attributes operations

  • shortid - [String] The ID of the account that is human readable

  • sysid - [String] The target's system ID used for authentication

  • syspw - [String] The password for the system ID

  • userid - [String] The profile ID of the user

GroupsDict

A dictionary object containing the groups an account is a member of.

For each entry in the dictionary the key is the group's stable id, while the value is a dictionary object with 2 keys:

  • GAttrLongID - The long id of the group

  • GAttrSecurityDomain - The security domain of the group

An example is

groupsDict = {'stableid': {GAttrLongID: 'group1', GAttrSecurityDomain: 'domain1'}, 'stableid2': {GAttrLongID: 'group2'}}

OwnersDict

A dictionary object containing the owners of a group

For each entry in the dictionary the key is the owner's stable id, while the value is a dictionary object with 3 keys:

  • GAttrLongID - The long id of the owner

  • GAttrSecurityDomain - The security domain of the owner

  • KeyType - The type of the owner. Valid values are: 'account' or 'group'

An example is

ownersDict = {'user1': {GAttrLongID: 'user1', GAttrSecurityDomain: 'domain1', KeyType: 'account'}}

MembersDict

A dictionary object containing the members of a group

For each entry in the dictionary the key is the member's stable id, while the value is a dictionary object with 3 keys:

  • GAttrLongID - The long id of the member

  • GAttrSecurityDomain - The security domain of the member

  • KeyType - The type of the member. Valid values are: 'account' or 'group'

An example is:

membersDict = {'user1': {GAttrLongID: 'user1', GAttrSecurityDomain: 'domain1', KeyType: 'account'}}
In this section: