Currently within ARS, you write sript modules of various types and trigger them via policies, schedules, events, etc. Those scripts however must live within the ARS environment, specifically written in the inline script window ARS provides, with little to no code intelligence or syntax assistance. Further, there's no version control and for those of us that use git, no integration that I know of.
So, I'm here hoping I've completely overlooked something. Is it possible to have ARS load scripts at run time from a git repo? Is it possible to determine the physical script location on the ARS server, and perhaps create an external job using something like Jenkins that would keep those files updated when commits happened to a specific repo? Anything that would help us integrate source control with ARS? Right now I'm manually committing important changes and scripts to a git repo but it's subject to the failures of... well being manual of course.
I've had a few thoughts on potential solutions but none seem great:
1) If there were an API to import files into ARS, that would be one potential solution.
2) If we knew the physical script location on the ARS server, we could write something back end to replace those files based on git commits.
3) We could source the script content in real time from git, within the script module itself. This one I feel could actually work, but it's hacky. I'll explain.
We would still require the script module to exist in ARS. For simple scripts which just run, the only line in the script would be to source the script content from our desired git repo. This could be a few lines or could call a single internal function we write to help out. We would essentially then leave this script as is, forever. Any changes would be done downstream using our IDE of choice. Changes would be committed to git, and when ARS ran again, the new content would be sourced at run time.
For scripts which have multiple functions that we may want to call/trigger from policies, we would need to define the function (at minimum) within the script module within ARS still. If the function weren't defined the workflow or policy wouldn't see it as an available starting place when we're configuring it. I've knocked my head against this but I don't see a way around it. You would leave the function empty however and then source the content for it from the git source.
Put it all together, and the best I can come up with is this approach. A bunch of script modules, some just sourcing git, others with empty defined functions which source their content from git. On the git end you'd have a bunch of seemingly disconnected pieces of code in separate files which would link up to these various sourcing/imports actions.
It's dirty, and any time you made a chance to functions you'd have to change your sourcing/git stuff. But it's all I can come up with.
Alright, so can anyone think of any other way to integrate ARS with git? I'm really surprised they haven't come up with a solution... or I'm really hoping I've just completely overlooked something.
- View all products
- Free trials
- Identity Governance and Administration
- AD Account Lifecycle Management
- Privileged Access Management
- Access control
- syslog-ng Log Management
- Support Home
- By Product
- Contact Support
- Download Software
- Knowledge Base
- My Account
- Policies & Procedures
- Professional Services
- Technical Documentation
- One Identity University
- User Forums
- Video Tutorials
- Social Networks