Sailpoint IdentityIQ IntegrationConfig and AggregationTask Using Code

 Creating IntegrationConfig & AggregationTask Using Code

	  private void createIntegrationConfigObject(String newAppName){
				
		try{
				String defaultIC_Name = "ServiceNow IntegrationConfig Dummy";
				IntegrationConfig defaultIC = context.getObjectByName(IntegrationConfig.class, defaultIC_Name);					
				if(defaultIC!= null){
						  Map attributesMap = new HashMap();
						  List managedResourcesList = new ArrayList();
						  ManagedResource managedResource = new ManagedResource();
							IntegrationConfig newIC = null;
							newIC=(IntegrationConfig) defaultIC.derive(context);							
							managedResource.setApplication(context.getObjectByName(Application.class, newAppName));
							managedResourcesList.add(managedResource);
							newIC.setResources(managedResourcesList);
							attributesMap.put(newAppName,"IdentityIQ Access Request");
							newIC.setAttribute("catalogItem",attributesMap);
							newIC.setName(newAppName+" ServiceNow IntegrationConfig");
							context.saveObject(newIC);
						   context.commitTransaction();			  
				}						
				}
				catch(Exception ex){
					ex.printStackTrace();
				}
		}

		private void createAggregationTask(String applicationNames) throws GeneralException {

		Configuration systemConfiguration = context.getConfiguration().getSystemConfig();
		String taskScheduleHosts = null;
		if (null == systemConfiguration) {
		  log.error("Unable to retrieve SystemConfiguration");
		  throw new GeneralException("Unable to retrieve SystemConfiguration");
		} else {
		  taskScheduleHosts = systemConfiguration.get("appFactoryTaskScheduleServerHosts");
		}
		try{
			TaskManager tm = new TaskManager(context);
			HashMap taskArgs = new HashMap();
			TaskDefinition taskDefinition = new TaskDefinition();
			taskDefinition.setName(applicationNames+ " Account Aggregation Task");
			taskDefinition.setDescription("Account Aggregation task for " + applicationNames);
			taskDefinition.setType(TaskItemDefinition.Type.AccountAggregation);
			taskDefinition.setResultAction(TaskDefinition.ResultAction.Delete);
			taskDefinition.setFormPath("/monitor/tasks/accountAggregationTask.xhtml");
			taskDefinition.setArgument("applications", applicationNames);
			taskDefinition.setArgument("checkDeleted", "true");
			taskDefinition.setArgument("promoteManagedAttributes", "true");
			if(taskScheduleHosts != null){
				taskDefinition.setHost(taskScheduleHosts);
			}
			taskDefinition.setParent(context.getObject(TaskDefinition.class, "Account Aggregation"));
			context.saveObject(taskDefinition);
			context.commitTransaction(); 
		}catch(Exception ex){
			logger.error("Error : " +ex.getMessage());
		}
	}

Performance Tuning for Application Server Apache Tomcat for Sailpoint IdentityIQ

 Performance Tuning for Application  Server Apache Tomcat  for Sailpoint IdentityIQ

1. UI Server

Create a file with name setenv.sh inside /tomcat/bin Directory

# Begin settings to support SailPoint IdentityIQ application.

export CATALINA_OPTS="$CATALINA_OPTS -Xms512m"

export CATALINA_OPTS="$CATALINA_OPTS -Xmx4096m"

export CATALINA_OPTS="$CATALINA_OPTS -XX:MaxGCPauseMillis=200"

export CATALINA_OPTS="$CATALINA_OPTS -XX:+UseG1GC"

# Support time-out of LDAP pooled connections for 3 seconds to all LDAP servers.  

export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.jndi.ldap.connect.pool.timeout=3000"  

export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.jndi.ldap.connect.pool.protocol='plain ssl'"  

export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.jndi.ldap.connect.pool.authentication='none simple DIGEST-MD5'"  

export CATALINA_OUT=/logs/tomcat/catalina.out

# -End- settings to support SailPoint IdentityIQ application.  

export JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyHost=<proxy server>"

export JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyPort=<port>"

export JAVA_OPTS="$JAVA_OPTS -Dhttp.nonProxyHosts=*.company.com\|abcd"

Comment the below line from tomcat/conf/server.xml file

<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"  maxThreads="512"/>

Perform below steps for rewrite URL

Add line - <Valve className="org.apache.catalina.valves.rewrite.RewriteValve" /> in server.xml

/apps/tomcat/conf/Catalina/localhost/rewrite.config 

RewriteCond %{HTTP_HOST}  ^abcd.*

RewriteRule ^/$ /identityiq

2. Task Server

Create a file with name setenv.sh inside /tomcat/bin Directory

# Begin settings to support SailPoint IdentityIQ application.

export CATALINA_OPTS="$CATALINA_OPTS -Xms1024m"

export CATALINA_OPTS="$CATALINA_OPTS -Xmx6144m"

export CATALINA_OPTS="$CATALINA_OPTS -XX:+UseParallelGC"

# Support time-out of LDAP pooled connections for 3 seconds to all LDAP servers.  

export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.jndi.ldap.connect.pool.timeout=3000"  

export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.jndi.ldap.connect.pool.protocol='plain ssl'"  

export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.jndi.ldap.connect.pool.authentication='none simple DIGEST-MD5'"  

export CATALINA_OUT=/logs/tomcat/catalina.out

# -End- settings to support SailPoint IdentityIQ application.

export JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyHost=<proxy server>"

export JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyPort=<port>"

export JAVA_OPTS="$JAVA_OPTS -Dhttp.nonProxyHosts=*.company.com\|abcd"

3. All Server

Remove docs and examples directory from /apps/tomcat/webapps

Set tomcat/conf/tomcat-users.xml with proper username and password

Create Directory /logs/tomcat

Sailpoint IdentityIQ Database Performance Tests

Sailpoint IdentityIQ Database Performance Tests

Rule is Available in Community Site "https://community.sailpoint.com/t5/Other-Documents/IdentityIQ-Database-Performance-Tests/ta-p/78060"

Just Rule need to be Imported and can be Run using the debug Page/ Console/Rule Runner Task

2021-10-19 15:27:40,886 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - IdentityIQ Database Performance Test starting

2021-10-19 15:27:40,886 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - IdentityIQ Version: 7.3p3 6a66e78-20190718-230225

2021-10-19 15:27:40,887 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - DB Performance Test Rule version: 20190827

2021-10-19 15:27:40,887 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Executed from Host: XXXX.vishal.com

2021-10-19 15:27:40,887 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Executed on Date: 2021-10-19 15:27:40.864

2021-10-19 15:27:40,887 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Populating 1k, 4k, 8k data set HashMaps for 1000 records...

2021-10-19 15:28:16,134 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Data set HashMaps populated.

2021-10-19 15:28:16,135 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Testing 1k data set...

2021-10-19 15:28:19,814 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Completed 1k data set.

2021-10-19 15:28:19,815 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Testing 4k data set...

2021-10-19 15:28:26,533 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Completed 4k data set.

2021-10-19 15:28:26,534 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Testing 8k data set...

2021-10-19 15:28:36,435 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Completed 8k data set.

2021-10-19 15:28:36,466 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Meter Summary:

Meter Generate-IIQDB-Test-DataSets: 1 calls, 35246 milliseconds, 35246 minimum, 35246 maximum, 35246 average, top five [35246]

Meter IIQDB-Test-DataSet-1k-All: 1 calls, 3663 milliseconds, 3663 minimum, 3663 maximum, 3663 average, top five [3663]

Meter IIQDB-Test-DataSet-1k-Item: 1000 calls, 3647 milliseconds, 1 minimum, 343 maximum, 3 average, top five [343,95,63,14,13]

Meter IIQDB-Test-DataSet-4k-All: 1 calls, 6718 milliseconds, 6718 minimum, 6718 maximum, 6718 average, top five [6718]

Meter IIQDB-Test-DataSet-4k-Item: 1000 calls, 6694 milliseconds, 4 minimum, 82 maximum, 6 average, top five [82,76,67,25,22]

Meter IIQDB-Test-DataSet-8k-All: 1 calls, 9901 milliseconds, 9901 minimum, 9901 maximum, 9901 average, top five [9901]

Meter IIQDB-Test-DataSet-8k-Item: 1000 calls, 9882 milliseconds, 7 minimum, 126 maximum, 9 average, top five [126,109,70,31,30]

Meter getConnection: 0 calls, 0 milliseconds, -1 minimum, 0 maximum, 0 average, top five ]



2021-10-19 15:28:36,467 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Cleaning up test objects in the database...

2021-10-19 15:28:52,430 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Completed cleanup of DB Performance Test records: 15960 milliseconds.


2021-10-19 15:28:52,431 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - IdentityIQ Database Performance Test done

Above is the Output from the IIQ Logs , based on the Sailpoint Recommendation if the values lies below set Database and IIQ connectivity is good

1k - 9 milliseconds

4k - 17 milliseconds

8k - 20 milliseconds

 

Custom Report In Sailpoint IdentityIQ Using JavaDataSource

 Custom Report In Sailpoint IdentityIQ Using JavaDataSource , This Report Will give the Deleage Set for the User between the Dates (Start and End Date)

Form

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Form PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Form hidden="true" name="VIS Custom Delegate Identity Report Form" type="Report">
  <Section columns="2" label="Request Parameters" name="customProperties">
    <Field columnSpan="1" displayName="Forward Start Date" helpKey="rept_id_risk_help_last_login_start" name="forwardStartDate" type="date" value="ref:forwardStartDate">
      <Attributes>
        <Map>
          <entry key="endDate" value="true"/>
        </Map>
      </Attributes>
    </Field>
    <Field columnSpan="1" displayName="Forward End Date" helpKey="rept_id_risk_help_last_login_end" name="forwardEndDate" type="date" value="ref:forwardEndDate">
      <Attributes>
        <Map>
          <entry key="endDate" value="true"/>
        </Map>
      </Attributes>
    </Field>
  </Section>
</Form>

 TaskDefinition 

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<TaskDefinition executor="sailpoint.reporting.LiveReportExecutor" name="VIS Custom Delegate Identity Report" progressMode="String" resultAction="Delete" subType="Identity and User Reports" template="true" type="LiveReport">
  <Attributes>
    <Map>
      <entry key="report">
        <value>
          <LiveReport disablePreview="true" title="Identity Forwarding Report">
            <DataSource dataSourceClass="com.vis.reports.ExperianCustomUserForwardingDataSource" type="Java"/>
            <ReportForm>
              <Reference class="sailpoint.object.Form" name="VIS Custom Delegate Identity Report Form"/>
            </ReportForm>
            <Columns>
              <ReportColumnConfig field="identity" header="rept_usr_forward_col_identity" sortable="true" width="110"/>
              <ReportColumnConfig field="displayName" header="rept_usr_forward_col_identity_display" sortable="true" width="110"/>
              <ReportColumnConfig field="identityFirstName" header="First Name" sortable="true" width="110"/>
              <ReportColumnConfig field="identityLastName" header="Last Name" sortable="true" width="110"/>
              <ReportColumnConfig field="identityEmpNumber" header="Employee Number" sortable="true" width="110"/>
              <ReportColumnConfig field="identityStatus" header="Employee Status" sortable="true" width="110"/>
              <ReportColumnConfig field="identityEmail" header="Email" sortable="true" width="110"/>
              <ReportColumnConfig field="forwardingUser" header="Delegate User" width="110"/>
              <ReportColumnConfig field="forwardingDisplayName" header="Delegate User Display Name" width="110"/>
              <ReportColumnConfig field="startDate" header="Delegate StartDate" width="110"/>
              <ReportColumnConfig field="endDate" header="Delegate EndDate" width="110"/>
              <ReportColumnConfig field="forwardingEmail" header="Delegate Email" property="name" width="110"/>
              <ReportColumnConfig field="forwardingEmpNumber" header="Delegate Employee Number" width="110"/>
              <ReportColumnConfig field="forwardingFirstName" header="Delegate First Name" width="110"/>
              <ReportColumnConfig field="forwardingLastName" header="Delegate Last Name" width="110"/>
            </Columns>
          </LiveReport>
        </value>
      </entry>
    </Map>
  </Attributes>
  <Description>A list of users who have forwarding configured and to which user.</Description>
  <RequiredRights>
    <Reference class="sailpoint.object.SPRight" name="FullAccessUserReport"/>
  </RequiredRights>
  <Signature>
    <Inputs>
      <Argument name="forwardStartDate" type="date">
        <Description>delegation start date</Description>
      </Argument>
      <Argument name="forwardEndDate" type="date">
        <Description>delegation end date</Description>
      </Argument>
    </Inputs>
  </Signature>
</TaskDefinition>

 Report JavaDataSource src code

package com.vis.reports;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.Statement;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import net.sf.jasperreports.engine.JRException;
import net.sf.jasperreports.engine.JRField;
import sailpoint.api.SailPointContext;
import sailpoint.object.Attributes;
import sailpoint.object.Identity;
import sailpoint.object.LiveReport;
import sailpoint.object.QueryOptions;
import sailpoint.object.Sort;
import sailpoint.reporting.datasource.JavaDataSource;
import sailpoint.task.Monitor;
import sailpoint.tools.GeneralException;


public class CustomUserForwardingDataSource implements JavaDataSource{
	
	private Map<String, Object> currentRow;
	private QueryOptions baseQueryOptions;
	private SailPointContext context;
	private Map customQueryOptions = new HashMap();
	private Integer startRow;
	private Integer pageSize;
	private Iterator<Map<String, Object>> finalobjects;
	private Map<String, Object> object = new HashMap<String, Object>();	
	private Iterator<Entry<String, Object>> mapIterator;
	private List<Map<String, Object>> objectList = new ArrayList<Map<String, Object>>();
	
	Log logger = LogFactory.getLog("vis.task.CustomTask");
	
	@SuppressWarnings("unchecked")
	public void initialize(SailPointContext context, LiveReport report,Attributes<String, Object> arguments, String groupBy, List<Sort> sort) throws GeneralException {
		logger.info("entered initialize method of  CustomUserForwardingDataSource with :::arguments : "+arguments);
		this.context = context;
		baseQueryOptions = new QueryOptions();	
		try {			
			SimpleDateFormat formatter = new SimpleDateFormat("dd-MMM-YYYY");			
			if(arguments.containsKey("forwardStartDate")) { 
			    String startDate= formatter.format(arguments.get("forwardStartDate"));   
				customQueryOptions.put("forwardStartDate",startDate);	
				logger.info("forwardStartDate------convert" +startDate);
			}
			if(arguments.containsKey("forwardEndDate")) {
			    String endDate= formatter.format(arguments.get("forwardEndDate"));
				customQueryOptions.put("forwardEndDate",endDate);				
				logger.info("forwardEndDate------convert" +endDate);
			}			
			prepare();			
		} catch(Exception ex) {
			logger.info("Exception occured in initialize method CustomUserForwardingDataSource :::");
			ex.printStackTrace();
			logger.error(ex.getMessage());
		 }
	}
	
	private void prepare() throws GeneralException{
		
		logger.info("Enter in method prepare() of CustomUserForwardingDataSsource Class::::");
		Map<String, Object> itemMap = null;		
		String sql;
		String forwardStartDate = "";
		String forwardEndDate = "";		
		try {			
			if(null != customQueryOptions.get("forwardStartDate")) {
				
				forwardStartDate = (String) customQueryOptions.get("forwardStartDate");
			} 
			if(null != customQueryOptions.get("forwardEndDate")) {
				forwardEndDate = (String)customQueryOptions.get("forwardEndDate");
			}
	
			//SQL Query to fetch the delegated identity details with in date range.
	
        sql= "with A as(select name,display_name,EXTRACT(xmltype(preferences),'/Map/entry[@key=\"forward\"]/@value').getStringVal() as delegateduser,EXTRACT(xmltype(preferences),'/Map/entry[@key=\"forwardStartDate\"]/value/Date/text()').getStringVal() as forwardStartDate ,EXTRACT(xmltype(preferences),'/Map/entry[@key=\"forwardEndDate\"]/value/Date/text()').getStringVal() as forwardEndDate from spt_identity where preferences like ('%forward%'))"
		+ "select A.name as identity,A.display_name as displayName,A.delegateduser as forwardingUser, A.forwardStartDate as startDate,A.forwardEndDate as endDate from A "
		+ "where To_date('1970-01-01 00', 'yyyy-mm-dd hh24') + (A.forwardStartDate) / 1000 / 60 / 60 / 24 >=" 
		+ "'"+forwardStartDate+"'"+" and To_date('1970-01-01 00', 'yyyy-mm-dd hh24') + (A.forwardEndDate) / 1000 / 60 / 60 / 24<="
		+ "'"+forwardEndDate+"'";

		logger.info("Sqlquery build---------"+sql);
		System.out.println("Sqlquery build---------"+sql);
			
			Connection connection = context.getJdbcConnection();
	           Statement  stmt = connection.createStatement();
	           if (stmt == null){
	     			throw new Exception("Unable to create stmt");
	     		}
	           
	           ResultSet rs=stmt.executeQuery(sql);
	           if (rs == null){
	               throw new Exception("Result set is null");
	             }
	           ResultSetMetaData md = rs.getMetaData();
	           int columns = md.getColumnCount();	          
	           while (rs.next()){
	        	     itemMap = new HashMap<String, Object>();
				     for(int i=1; i<=columns; ++i){           
				    	 itemMap.put(md.getColumnName(i),rs.getObject(i));
				     }				     
				     mapIterator = itemMap.entrySet().iterator();				     
				     while(mapIterator.hasNext()) {
				    	 Entry<String, Object> entry = 	mapIterator.next();	 
				    	// logger.info("Item map entries::::"+entry.getKey() + ": " + entry.getValue());
				     }
				     
				     objectList.add(itemMap);				    
	           }
	           			           		
	           finalobjects = objectList.iterator();
	           
		}catch(Exception ex){
			System.out.println("Error occured in prepare() method of CustomUserForwardingDataSsource Class:::");
			ex.printStackTrace();
			logger.error(ex.getMessage());
		}
	}

	public Object getFieldValue(String fieldName) throws GeneralException {
		
		logger.info("Enter into getFieldValue() method of CustomUserForwardingDataSsource Class:::");;
		
     	Identity identity = this.context.getObjectByName(Identity.class, (String)this.object.get("IDENTITY"));		
		Identity delegateId = this.context.getObjectByName(Identity.class, (String)this.object.get("FORWARDINGUSER"));				
		SimpleDateFormat formatteddate = new SimpleDateFormat("MM/dd/yyyy");		
		if(fieldName.equals("identity")) {			
			return this.object.get("IDENTITY");
		}else if(fieldName.equals("displayName")) {			
			return this.object.get("DISPLAYNAME");			
		}else if(fieldName.equals("identityFirstName")) {
			return identity.getFirstname();
		}else if(fieldName.equals("identityLastName")) {
			return identity.getLastname();
		}else if(fieldName.equals("identityEmpNumber")) {
			return identity.getAttribute("employeeNumber");
		}else if(fieldName.equals("identityStatus")) {
			return identity.getAttribute("employeeStatus");
		}else if(fieldName.equals("identityEmail")) {
			return identity.getEmail();
		}else if(fieldName.equals("forwardingUser")) {
			return this.object.get("FORWARDINGUSER");
		}else if(fieldName.equals("startDate")) {					
			Date d = new Date();
			 if(this.object.get("STARTDATE") != null) {
				 long milliSeconds= Long.parseLong((String) this.object.get("STARTDATE"));
			    d.setTime(milliSeconds);
			    String startDate = formatteddate.format(d);
			    return startDate;
			 }
				 return "";
		}
		else if(fieldName.equals("endDate")) {			
			Date d = new Date();
			 if(this.object.get("ENDDATE") != null) {
				 long milliSeconds= Long.parseLong((String) this.object.get("ENDDATE"));
			    d.setTime(milliSeconds);
			    String endDate = formatteddate.format(d);
			    return endDate;
			 }
				 return "";
		}else if(fieldName.equals("forwardingEmail")) {
			return delegateId.getEmail();
		}
		else if(fieldName.equals("forwardingEmpNumber")) {
			return delegateId.getAttribute("employeeNumber");
		}else if(fieldName.equals("forwardingFirstName")) {
			return delegateId.getFirstname();
		}
		else if(fieldName.equals("forwardingLastName")) {
			return delegateId.getLastname();
		}else if(fieldName.equals("forwardingDisplayName")) {
			return delegateId.getDisplayName();
		}
		else {
			throw new GeneralException("Unknown column '" + fieldName + "'");
		} 	
	}
	
	public int getSizeEstimate() throws GeneralException {
		// TODO Auto-generated method stub
		return 0;
	}

	@Override
	public void close() {
		// TODO Auto-generated method stub
		
	}

	@Override
	public void setMonitor(Monitor arg0) {
		// TODO Auto-generated method stub
		
	}

	public Object getFieldValue(JRField jrField) throws JRException {
		String fieldName = jrField.getName();
		try {			
			return getFieldValue(fieldName);
			
		} catch (GeneralException e) {
			throw new JRException(e);
		}
	}

	public boolean next() throws JRException {
		boolean hasMore = false;
		 
		if (this.finalobjects != null) {
			hasMore = this.finalobjects.hasNext();
			if (hasMore) {
				this.object = this.finalobjects.next();
			} else {
				this.object = null;
			}

		}
		return hasMore;
	}

	@Override
	public void setLimit(int startRow, int pageSize) {
		this.startRow = startRow;
		this.pageSize = pageSize;

	}

	@Override
	public String getBaseHql() {
		// TODO Auto-generated method stub
		return null;
	}

	@Override
	public QueryOptions getBaseQueryOptions() {
		return baseQueryOptions;
	}
}

Achieve Old Audit Data

 Achieve Old Audit Data

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell"  name="VIS Archive AuditEvent Rule">
  <Source>

		import java.util.List;
		import java.util.ArrayList;
		import java.util.Iterator;
		import java.lang.Object;
		import java.lang.Thread;
		import java.util.Date;
		import java.io.File;
		import java.util.Calendar;
		import java.io.PrintWriter;
		import java.io.StringWriter;		
		import sailpoint.object.Identity;
		import sailpoint.api.Terminator;
		import sailpoint.tools.Util;
		import sailpoint.object.Application;
		import sailpoint.object.Attributes;
		import sailpoint.object.AuditEvent;
		import sailpoint.server.Auditor;
		import sailpoint.tools.GeneralException;
                import sailpoint.object.*;
		import sailpoint.tools.Message;
		import sailpoint.object.Link;
		import sailpoint.task.TaskMonitor;
		import sailpoint.task.TaskManager;  
		import sailpoint.object.MessageTemplate;
		import sailpoint.tools.Message.Type;		
                import org.apache.commons.logging.Log;
                import org.apache.commons.logging.LogFactory;
                import java.sql.Connection;
                import java.sql.PreparedStatement;
                import java.sql.Types;
                import java.sql.ResultSet;

		Log log = LogFactory.getLog("vis.rule.archiveAuditEvent");
		taskResult.setProgress("Starting Rule Archive Audit Event..."); 
		context.saveObject(taskResult); 
		context.commitTransaction();
	
		public static String StackTraceAsString(Exception exception) {
			StringWriter sw = new StringWriter();
			PrintWriter pw = new PrintWriter(sw);
			exception.printStackTrace(pw);
			return "\n" + sw.toString(); // stack trace as a string
		}
		
		public static Date generateDate(int daysToSet) {
			Calendar cal = Calendar.getInstance();
			//if value is not 0 then we will leave the expiration date to the date this method is called.
			cal.setTime(new Date());

			if (daysToSet != 0) {
				cal.add(Calendar.DAY_OF_YEAR, daysToSet);
			}
			return (cal.getTime());
		}
    
  public static void doArchive(AuditEvent paramAuditEvent,Connection conn){
    
        String str = paramAuditEvent.toXml();
        PreparedStatement preparedStatement =null;
	  
    try{
        preparedStatement = conn.prepareStatement(INSERT_SQL);
        preparedStatement.setLong(1, Long.valueOf(new Date().getTime()));
        preparedStatement.setString(2, paramAuditEvent.getId());
	    preparedStatement.setLong(3, Long.valueOf(paramAuditEvent.getCreated().getTime()));     
	    if(  null != paramAuditEvent.getModified()){
	    preparedStatement.setLong(4,  Long.valueOf(paramAuditEvent.getModified().getTime()) );
        }else{
        preparedStatement.setNull(4,Types.NUMERIC);
        }   
	    if(null != paramAuditEvent.getOwner()){
        preparedStatement.setString(5, paramAuditEvent.getOwner().toString());
        }else{
        preparedStatement.setString(5, null);
        }     
	    if(null != paramAuditEvent.getAssignedScope()){
        preparedStatement.setString(6, paramAuditEvent.getAssignedScope().toString());
        }else{
        preparedStatement.setString(6, null);
        }	  
	    preparedStatement.setString(7, paramAuditEvent.getAssignedScopePath());
	    preparedStatement.setString(8, paramAuditEvent.getInterface());
	    preparedStatement.setString(9, paramAuditEvent.getSource());
	    preparedStatement.setString(10, paramAuditEvent.getAction());
	    preparedStatement.setString(11, paramAuditEvent.getTarget());
	    preparedStatement.setString(12, paramAuditEvent.getApplication());
	    preparedStatement.setString(13, paramAuditEvent.getAccountName());
	    preparedStatement.setString(14, paramAuditEvent.getInstance());
            preparedStatement.setString(15, paramAuditEvent.getAttributeName());
            preparedStatement.setString(16, paramAuditEvent.getAttributeValue());
	    preparedStatement.setString(17, paramAuditEvent.getTrackingId());
      if(null != paramAuditEvent.getAttributes()){
	    preparedStatement.setString(18,  paramAuditEvent.getAttributes().toString());
      }else{
            preparedStatement.setString(18, null);
      }
            preparedStatement.setString(19, paramAuditEvent.getString1());
	    preparedStatement.setString(20, paramAuditEvent.getString2());
	    preparedStatement.setString(21, paramAuditEvent.getString3());
	    preparedStatement.setString(22, paramAuditEvent.getString4());
	    preparedStatement.setString(23, str.substring(str.indexOf("AuditEvent")));
            preparedStatement.executeUpdate();
    }catch (Exception e){
       log.debug("Exception in doArchive method during audit event table archive"+e);
    }finally{
       if( null != preparedStatement){
           preparedStatement.close();
       }	    
    }	       
  }
  
  public static boolean isAuditArchived(String paramString,Connection conn){
   // log.debug("Enter into method isAuditArchived: Audit Event ObjectID: " + paramString);
    PreparedStatement localPreparedStatement =null;
    ResultSet localResultSet =null;
    boolean result = false;
    try{
     String str = "SELECT  * FROM idc_auditevent_archive where id = ?";
     localPreparedStatement= conn.prepareStatement(str);
     localPreparedStatement.setString(1, paramString);
     localResultSet = localPreparedStatement.executeQuery();
     while (localResultSet.next()) {
            result = true;
        }  
    }catch(Exception e){
      log.debug("Exception in isAuditArchived method "+e);
      result = true;
    }finally{
      if(null != localResultSet){
        localResultSet.close();
      }
      if(null != localPreparedStatement){
      localPreparedStatement.close();
      }
    }    
    return result;    
  }
 
	//Create custom table similar to SPT_AUDIT_EVENT
    public static String INSERT_SQL = "INSERT INTO sp_auditevent_archive (archived, id, created, modified, owner, assigned_scope, assigned_scope_path,interface, source,action,target,application,account_name,instance,attribute_name, attribute_value, tracking_id, attributes,string1,string2,string3,string4,rawdata) VALUES (?, ?,?, ?, ?,?, ?,?, ?, ?,?, ?,?, ?, ?,?, ?,?, ?, ?, ?, ?, ?)";	
	
	String summaryMessage = "";
	String status = "Completed";
        int completionCount = 0;
        String endDay=config.get("ENDDAY");
        String startDay=config.get("STARTDAY");
	log.debug("Fetching the parameters STARTDAY" + startDay );
        log.debug("Fetching the parameters ENDDAY" + endDay );
		QueryOptions qo = new QueryOptions();
	//	int endDaysInPast = (-128);
   //   int startDaysInPast=(-130);
   
    int endDaysInPast = Integer.parseInt(endDay);
    int startDaysInPast = Integer.parseInt(startDay);
    Connection conn=context.getConnection();
    List filters = new ArrayList();
    filters.add(Filter.ge("created", generateDate( startDaysInPast )));
    filters.add(Filter.le("created", generateDate( endDaysInPast )));
    Filter f=Filter.and(filters);
		qo.addFilter( f );
		qo.setDistinct(true);

	int count = context.countObjects(AuditEvent.class, qo);
	log.debug("Found: " + count + " audit events that match filter!");
		
	taskResult.setProgress("Found: " + count + " that match filter to archive!"); 
        context.saveObject(taskResult); 
        context.commitTransaction();
		
	String allowUpdateStr = Util.otos(config.get("AllowRemoval"));
	boolean allowUpdateB = false;

		if (null == allowUpdateStr) {
			taskResult.addMessage(sailpoint.tools.Message.error(("AllowRemoval variable is required. Please provide either true or false!"), null));
			taskResult.setCompletionStatus(TaskResult.CompletionStatus.Error);
			summaryMessage = "FAILED, AllowRemoval variable is required. Please provide either true or false!";
			status = "Error";
			
		} else {
			allowUpdateB = Util.otob(allowUpdateStr);
	
			try{
				Iterator iterator = context.search(AuditEvent.class, qo);
				taskResult.setProgress("Allowing removal: " + allowUpdateB); 
				context.saveObject(taskResult); 
				context.commitTransaction();
				StringBuilder sb = new StringBuilder();
				
				while( iterator.hasNext() ){
					AuditEvent auditEvent = (AuditEvent)iterator.next();
					String details = auditEvent.getId();				
					if(allowUpdateB &amp;&amp;!isAuditArchived(details,conn)){
                                        doArchive(auditEvent,conn);
						Terminator terminator = new Terminator(context);
						terminator.deleteObject(auditEvent);
                                                completionCount++;
                    }else{
                                        log.debug("Aleady archive Audit Event ID" + details );
                                        continue;
                    }									
					if( sb.length() > 0 ){
						sb.append(", ");
					}			
				}
				
				Util.flushIterator(iterator);
				
				taskResult.setCompletionStatus(TaskResult.CompletionStatus.Success);
				taskResult.setAttribute("_objectsUpdated", sb.toString() );				
				summaryMessage = "Successfully Deleted [ " + completionCount + " ] AuditEvents";
				status = "Success";
			
			} catch (Exception e){
				taskResult.setCompletionStatus(TaskResult.CompletionStatus.Error);
				taskResult.addMessage(sailpoint.tools.Message.error( ("Error Message: " + e.getMessage() + " stackTrace: " + StackTraceAsString(e)), null));
				summaryMessage = "Error Message: " + e.getMessage() + " stackTrace: " + StackTraceAsString(e);
				status = "Error";
                                log.debug("Exception in auditevent archive rule"+e);
        
            }finally{
                conn.close();
            }
		}
		taskResult.setAttribute("_totalObjectsUpdated",  Util.otos(completionCount));
		taskResult.setAttribute("_allowUpdate", Util.otos(allowUpdateB));
		taskResult.setAttribute("_summary",  summaryMessage);
		
		log.debug("Completed Deleting [ " + completionCount + " ] AuditEvents");		
		return(status);

  </Source>
</Rule>