Skip to main content

View the structure of an existing sample script

Looking at the agtpython-simple.py comment section, the sample script documents:

Several useful variables for inputs from the Bravura Security product.

  • The Python function points for operations.

  • The Python callbacks used to integrate outputs to the Bravura Security product.

  • The Python connector return codes

Following the comment section are code samples for integrating all the operations, generally in the order of precedence.

The addressattr definition allows you to expose target address attributes in your custom connector. These address attributes are parameters that expose configuration when targeting your connector. For example, our SuccessFactor EC rest connector (which is written in Python) provides the following target system address configuration:

34733.png

And this is exposed via the following addressattr function:

def addressattrs(cinfo):
 """ Target address settings must specify:
 """
 agent.addAddressAttr(
   
   "url", "SuccessFactors OData REST API URL", "string", "", True)
   
 agent.addAddressAttr("proxy", "Proxy server to use", "string", "", False)
 agent.addAddressAttr("groupTypes",
        "GroupType(s) to list",
        "string",
        "permission",
        False)

The connect/disconnect definitions allow you to implement the connection/disconnection logic to your target. These definitions are called automatically before and after an operation function such as listusers or reset are called. The provided sample script as-is does not connect to anything but shows what variables are useful during connection. Note that cinfo Python dictionary often exposes many of the inputs from the connector framework. There are also commented out lines in the sample which present how to validate addressattr values passed in from the target system address configuration, such as port numbers. Also noteworthy is the log.info example to log to our logging facility (to the idmsuite.log):

log.info("connecting as adminid [{0}] sysid [{1}] with address line [{2}] "
       "timeout [{3}] settings [{4}]".format(adminid,
                                 sysid,
                                 address,
                                 timeout,
                                 settings))

And the agent.error example to return an error code and an error message back through the connector framework to the caller of the connector:

agent.error("Port number option must be defined");
 return ACUnknownError

The serverinfo function is mandatory with the list operation. The serverinfo operation is also used to test your connection on the Test connection tab of your target configuration in the product UI. This operation, and the function itself returns general information on the target, such as its version or any general functionality that this target might offer. Generally, the information returned is inconsequential and returning any version value is fine. As is the case in the provided sample using the agent.serverInfo callback:

attr_dict = {'attr1': ['value1-1'], 'attr2': ['value1-2']}
agent.serverInfo("1.1", attr_dict)

The listusers,listgroups,listcomputers,listsubscribers definitions provide the ability to return list information on the associated objects. The samples fill in mock data, but it shows how you can return account/group/computer/subscriber information through the connector framework using the provided agent.addAccount/agent.addGroup/agent.addComputer/agent.addSubcriber callbacks. These callbacks write the object information into the connector sqlite db files stored in psconfig, and these files are read by the iddiscover service into the product database.

Caution

Sometimes, a failure to list objects or their attribute information can fail unexpectedly due to connectivity issues or simply because the attributes or tables read do not exist for that object. It is not uncommon for targets to return object information using paged fetches. A failure to list but returning success can cause objects that were unsuccessfully listed to become invalid in the product. For example, a user’s account can disappear. Keep all this in mind when implementing the list operations.

There are other operations in the sample script, for example, verify, change, reset, expirepw, etc, that are unimplemented and return success. The operations and their respective Python definitions are generally considered push operations. Sometimes, they return attribute information, but generally, their main intent is to update the end target. As a result, they are generally easier to implement except for create and update.

Finally, the custom operations and the challengeresponse operation require detailed knowledge of the product and are complicated to implement. These are not operations we recommend writing yourself.

In this section: