You can use the ERROR_CODE_LIMIT attribute to define which error codes can represent errors. A code that exceeds the value specified here indicates an error. Any code that is less than this value should be used for informative or warning codes. If you do not set this value, then Waveset defaults to standard behavior, in which any non-zero return code indicates an error. You can add this optional attribute to the resource definition.
To add this resource to the Waveset resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page.
Do not use control characters (for example, 0x00, 0x7f) in user passwords.
The Shell Script adapter allows you to create a set of actions that perform basic provisioning functions such as creating, updating, deleting, and retrieving user accounts. Each of these actions is defined in a shell script. The Shell Script adapter works by running resource actions as a UNIX resource adapter. To run resource actions, this adapter must
Run its create, delete, and update operations under its /tmp directory.
Have the ability to run commands such as mkdir, umask, touch, cat, chmod, rm - f, rmdir, find, set, and use operators such as <, <<, >, >>.
The adapter supports the provisioning actions listed in the following table:
Action |
Purpose |
Required? |
---|---|---|
create |
Creates a new user. |
No, but if not provided, users cannot be created. |
delete |
Deletes an existing user. |
No, but if not provided, users cannot be deleted. |
getAllUsers |
Gets information about all users on the resource |
No, but if not provided, operations that depend on account iteration, such as reconciliation and Load From Resource will not be available. |
getUser |
Fetches attributes for an existing user. |
Yes. |
update |
Updates attributes for an existing user. |
No, but if not provided, users cannot be updated. |
The $WSHOME/sample/ShellScript directory contains a set of sample resource action definitions that could be used to provision users to a theoretical shell script-based host application. You must customize these definitions to your environment.
For general information about resource actions, see Chapter 51, Adding Actions to Resources.
The Shell Script adapter implements actions as shell script files that execute on the resource host. These scripts must be written to run on the shell that has been configured for the account running the scripts on the resource host.
Scripts should follow conventions and exit with a return code of 0, which indicates success. Returning a non-zero code (chosen by the script writer) indicates the operation may not have been correctly completed.
Scripts may output text to the standard error or standard output stream. Depending on the nature of the operation, the context of the operation, and the type of failure, the text may be displayed in the results for that operation.
For the getUser and getAllUsers operations, this text is parsed in the standard output stream to determine the attributes of each user.
The following types of environment variables can be exported to the scripts:
Any account attribute defined in the Identity System Resource Attribute column of the schema map can be made available to the script by prefixing the account attribute with WSUSER_. For example, if an account attribute is named Full Name, the environment variable is named WSUSER_Full_Name. (Spaces are replaced with underscores.)
Adapter configuration settings can be passed with environment variables that begin with WSRSRC_. The most important variable is WSRSRC_Name, which defines the name of the adapter. If you are running the same script on different resources, this variable can be implemented to avoid maintaining multiple copies of scripts that do the same thing on different hosts.
The following code example illustrates an example-generated environment:
|
|
Generally, if an attribute’s value is null, you can omit the corresponding environment variable instead of having the value of a zero-length string.
For more information about the variables available in a script, see Chapter 51, Adding Actions to Resources.
The AttrParse mechanism processes the results returned by the getUser and getAllUsers actions through the standard output stream. See Chapter 50, Implementing the AttrParse Object for more information about this mechanism.
For getUser actions, AttrParse returns a map of user attributes. For the getAllUsers action, it generates a map of maps. Each entry for the returned map contains the following.
A value that is a map of user attributes similar to those typically returned by AttrParse.
A key that is the account ID, or if that is not known, the name.
The collectCsvHeader and collectCsvLines AttrParse tokens can be used to determine attributes and values.
This section provides information about supported connections and privilege requirements.
Waveset uses the following connections to communicate with the shell script adapter:
Telnet
SSH (SSH must be installed independently on the resource.)
SSHPubKey
For SSHPubKey connections, the private key must be specified on the Resource Parameters page. The key must include comment lines such as --- BEGIN PRIVATE KEY --- and --- END PRIVATE KEY --. The public key must be placed in the /.ssh/authorized_keys file on the server.
The administrative account that the script runs under must be authorized for all operations defined in the scripts.
The following table summarizes the provisioning capabilities of the Shell Script adapter.
The Shell Script adapter does not provide default account attributes because the account attributes vary greatly.
The account must have an account attribute in which the Identity System user attribute is named accountId.
Not supported.
None. You must supply the identity template with a valid value.
There are no sample user forms, but an example resource and AttrParse definition are provided in the following location:
$WSHOME/sample/ShellScript/ShellScriptResourceObjects55.xml
Use the Waveset debug pages to set trace options on the following class:
com.waveset.adapter.ShellScriptResouceAdapter