I recently came across an instance where I needed to certify access for an application hosted in the cloud. The application does not have an out-of-the-box IIQ connector, but the application could export the users and entitlements and send them to my instance of IIQ.
I decided to use SFTP to get a csv file. The cloud application would write the file to the SFTP folder and I would copy it down locally for aggregation. IIQ doesn’t support SFTP out of the box as a transfer method. Standard FTP and SCP are supported, but wouldn’t work in this situation. An SFTP location was setup and openssh keys were generated so that a password would not be required.
Rather than try to change to another communication method, I used a PreIterate rule as a workaround. The PreIterate rule would SFTP the file from the remote location to a local folder and then aggregated the file locally. To SFTP the file, I created a command file named getFile that ran the following commands:
get /Application/MyAccess.csv /iiq/application.csv exit
I then created a PreIterate rule that calls runs the appropriate shell command to connect using SFTP and run the command file to perform the transfer.
String command = "sftp -oIdentityFile=/iiq/iiq.openssh -b /iiq/getFile iiq@server"; Runtime runtime = Runtime.getRuntime(); Process proc = runtime.exec(command); proc.waitFor(); proc.getInputStream().close();
The first thing that occurs during the aggregation is that the PreIterate rule is called. The PreIterate rule calls the SFTP command which creates a connection to the SFTP location and runs the command file which copies the file locally. The aggregation uses the newly copied file for the aggregation like any normal aggregation. The application definition points uses /iiq/application.csv as the file path. Not that I had to set the permissions correctly on the command file and the openssh keys for this to function properly. I tested the commands in the command line before entering it into the PreIterate rule.
The method of using a PreIterate rule to construct a delimited file for aggregation can be useful in many situations. In this situation, it allowed me to overcome an unsupported connection method. This work was accomplished in IIQ 6.3, but could be used in almost any version of IIQ.