Scripted SQL Connector
Important
Connectors continue to be released outside the IDM release. For the latest documentation, refer to the ICF documentation.
The Scripted SQL connector is an implementation of the Scripted Groovy Connector Toolkit. This connector enables you to interact with any SQL database, using Groovy scripts for the ICF operations.
Configuring the Scripted SQL Connector
The Scripted SQL Connector is bundled in the JAR openidm/connectors/scriptedsql-connector-1.5.20.8.jar
.
A sample connector configuration and scripts are provided in the /path/to/openidm/samples/scripted-sql-with-mysql/
directory and described in Connect to a MySQL Database With ScriptedSQL. The scripts provided with this sample demonstrate how the connector can be used but most likely cannot be used as is in your deployment. They are a good starting point on which to base your customization. For information about writing your own scripts, see Writing Scripted Connectors With the Groovy Connector Toolkit.
Run scripts through the connector
Groovy Toolkit connectors have two operations that allow you to run arbitrary script actions: runScriptOnConnector
and runScriptOnResource
. runScriptOnConnector
is an operation that sends the script action to the connector to be compiled and executed. runScriptOnResource
is an operation that sends the script to another script to be handled.
runScriptOnConnector
The runScriptOnConnector
script lets you run an arbitrary script action through the connector. This script takes the following variables as input:
configuration
A handler to the connector's configuration object.
options
A handler to the Operation Options.
operation
The operation type that corresponds to the action.
log
A handler to the connector's log.
To run an arbitrary script on a Groovy Toolkit connector, define the script in the systemActions
property of your provisioner file:
"systemActions" : [ { "scriptId" : "MyScript", "actions" : [ { "systemType" : ".*ScriptedConnector", "actionType" : "groovy", "actionFile" : "path/to/scriptname.groovy" } ] } ]
If you wish to define your script in the provisioner file itself rather than in a separate file, you can use the actionSource
property instead of the actionFile
one. A simple example follows:
"systemActions" : [ { "scriptId" : "MyScript", "actions" : [ { "systemType" : ".*ScriptedConnector", "actionType" : "groovy", "actionSource" : "2 * 2" } ] } ]
Note
It is optional to prepend the last script statement in actionSource
with return
.
Running MyScript
will return:
{ "actions" : [ { "result": 4 } ] }
If your script accepts parameters, you can supply them in the request body or the query string. For example:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Content-Type: application/json" \
--header "Accept-API-Version: resource=1.0" \
--request POST \
--data-raw '{"param1":"value1"}' \
"http://localhost:8080/openidm/system/groovy?_action=script&scriptId=MyScript¶m2=value2"
You can also call it through the script engine. The system can accept arbitrary parameters:
openidm.action("/system/groovy", "script", {"contentParameter": "value"}, {"scriptId": "MyScript", "additionalParameter1": "value1", "additionalParameter2": "value2"})
runScriptOnResource
To run an arbitrary script using runScriptOnResource
, you must add some configuration details to your provisioner file. These details include a scriptOnResourceScriptFileName
that references a script file located in a path contained in the scriptRoots
array.
Define these properties in your provisioner file:
"configurationProperties": { "scriptRoots": [ "path/to/scripts" ], "scriptOnResourceScriptFileName": "ScriptOnResourceScript.groovy" }, "systemActions" : [ { "scriptId" : "script-1", "actions" : [ { "systemType" : ".*ScriptedConnector", "actionType" : "groovy", "actionFile" : "path/to/scriptname.groovy" } ] } ]
When you have defined the script, call it over REST on the system endpoint:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Content-Type: application/json" \
--header "Accept-API-Version: resource=1.0" \
--request POST \
"http://localhost:8080/openidm/system/groovy?_action=script&scriptId=scriptOnResourceScript&scriptExecuteMode=resource"
Implemented Interfaces
The following table lists the ICF interfaces that are implemented for the scripted SQL connector:
OpenICF Interfaces Implemented by the Scripted SQL Connector
The Scripted SQL Connector implements the following OpenICF interfaces.
- Authenticate
Provides simple authentication with two parameters, presumed to be a user name and password.
- Create
Creates an object and its
uid
.- Delete
Deletes an object, referenced by its
uid
.- Resolve Username
Resolves an object by its username and returns the
uid
of the object.- Schema
Describes the object types, operations, and options that the connector supports.
- Script on Connector
Enables an application to run a script in the context of the connector. Any script that runs on the connector has the following characteristics:
The script runs in the same execution environment as the connector and has access to all the classes to which the connector has access.
The script has access to a
connector
variable that is equivalent to an initialized instance of the connector. At a minimum, the script can access the connector configuration.The script has access to any script-arguments passed in by the application.
- Script on Resource
Runs a script on the target resource that is managed by this connector.
- Search
Searches the target resource for all objects that match the specified object class and filter.
- Sync
Polls the target resource for synchronization events, that is, native changes to objects on the target resource.
- Test
Tests the connector configuration. Testing a configuration checks all elements of the environment that are referred to by the configuration are available. For example, the connector might make a physical connection to a host that is specified in the configuration to verify that it exists and that the credentials that are specified in the configuration are valid.
This operation might need to connect to a resource, and, as such, might take some time. Do not invoke this operation too often, such as before every provisioning operation. The test operation is not intended to check that the connector is alive (that is, that its physical connection to the resource has not timed out).
You can invoke the test operation before a connector configuration has been validated.
- Update
Updates (modifies or replaces) objects on a target resource.
Configuration Properties
The following table lists the configuration properties for the scripted SQL connector:
Scripted SQL Connector Configuration
The Scripted SQL Connector has the following configurable properties.
Operation Script Files
Property | Type | Default | Encrypted [a] | Required [b] | ||
---|---|---|---|---|---|---|
createScriptFileName | String | null |
| |||
The name of the file used to perform the CREATE operation. | ||||||
| ||||||
customizerScriptFileName | String | null | ||||
The script used to customize some function of the connector. Read the documentation for more details. | ||||||
| ||||||
resolveUsernameScriptFileName | String | null |
| |||
The name of the file used to perform the RESOLVE_USERNAME operation. | ||||||
| ||||||
updateScriptFileName | String | null |
| |||
The name of the file used to perform the UPDATE operation. | ||||||
| ||||||
schemaScriptFileName | String | null |
| |||
The name of the file used to perform the SCHEMA operation. | ||||||
| ||||||
authenticateScriptFileName | String | null |
| |||
The name of the file used to perform the AUTHENTICATE operation. | ||||||
| ||||||
scriptOnResourceScriptFileName | String | null |
| |||
The name of the file used to perform the RUNSCRIPTONRESOURCE operation. | ||||||
| ||||||
deleteScriptFileName | String | null |
| |||
The name of the file used to perform the DELETE operation. | ||||||
| ||||||
searchScriptFileName | String | null |
| |||
The name of the file used to perform the SEARCH operation. | ||||||
| ||||||
testScriptFileName | String | null |
| |||
The name of the file used to perform the TEST operation. | ||||||
| ||||||
syncScriptFileName | String | null |
| |||
The name of the file used to perform the SYNC operation. | ||||||
| ||||||
[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM. [b] A list of operations in this column indicates that the property is required for those operations. |
Groovy Engine configuration
Property | Type | Default | Encrypted [a] | Required [b] |
---|---|---|---|---|
targetDirectory | File | null | ||
Directory into which to write classes. | ||||
| ||||
warningLevel | int | 1 | ||
Warning Level of the compiler | ||||
| ||||
scriptExtensions | String[] | ['groovy'] | ||
Gets the extensions used to find groovy files | ||||
| ||||
scriptBaseClass | String | null | ||
Base class name for scripts (must derive from Script) | ||||
| ||||
scriptRoots | String[] | null | ||
The root folder to load the scripts from. If the value is null or empty the classpath value is used. | ||||
| ||||
tolerance | int | 10 | ||
The error tolerance, which is the number of non-fatal errors (per unit) that should be tolerated before compilation is aborted. | ||||
| ||||
disabledGlobalASTTransformations | String[] | null | ||
Sets a list of global AST transformations which should not be loaded even if they are defined in META-INF/org.codehaus.groovy.transform.ASTTransformation files. By default, none is disabled. | ||||
| ||||
sourceEncoding | String | UTF-8 | ||
Encoding for source files | ||||
| ||||
recompileGroovySource | boolean | false | ||
If set to true recompilation is enabled | ||||
| ||||
minimumRecompilationInterval | int | 100 | ||
Sets the minimum of time after a script can be recompiled. | ||||
| ||||
debug | boolean | false | ||
If true, debugging code should be activated | ||||
| ||||
classpath | String[] | [] | ||
Classpath for use during compilation. | ||||
| ||||
verbose | boolean | false | ||
If true, the compiler should produce action information | ||||
| ||||
[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM. [b] A list of operations in this column indicates that the property is required for those operations. |
Configuration properties
Property | Type | Default | Encrypted [a] | Required [b] |
---|---|---|---|---|
password | String | null | ||
The connection password to be passed to our JDBC driver to establish a connection. Note that method DataSource.getConnection(username,password) by default will not use credentials passed into the method, but will use the ones configured here. See alternateUsernameAllowed property for more details. | ||||
| ||||
customSensitiveConfiguration | GuardedString | null | ||
Custom Sensitive Configuration script for Groovy ConfigSlurper | ||||
| ||||
customConfiguration | String | null | ||
Custom Configuration script for Groovy ConfigSlurper | ||||
| ||||
connectionProperties | String | null | ||
The connection properties that will be sent to our JDBC driver when establishing new connections. Format of the string must be [propertyName=property;]* NOTE - The "user" and "password" properties will be passed explicitly, so they do not need to be included here. The default value is null. | ||||
| ||||
propagateInterruptState | boolean | false | ||
Set this to true to propagate the interrupt state for a thread that has been interrupted (not clearing the interrupt state). Default value is false for backwards compatibility. | ||||
| ||||
useDisposableConnectionFacade | boolean | true | ||
Set this to true if you wish to put a facade on your connection so that it cannot be reused after it has been closed. This prevents a thread holding on to a reference of a connection it has already called closed on, to execute queries on it. | ||||
| ||||
defaultCatalog | String | null | ||
The default catalog of connections created by this pool. | ||||
| ||||
validationInterval | long | 3000 | ||
avoid excess validation, only run validation at most at this frequency - time in milliseconds. If a connection is due for validation, but has been validated previously within this interval, it will not be validated again. The default value is 30000 (30 seconds). | ||||
| ||||
ignoreExceptionOnPreLoad | boolean | false | ||
Flag whether ignore error of connection creation while initializing the pool. Set to true if you want to ignore error of connection creation while initializing the pool. Set to false if you want to fail the initialization of the pool by throwing exception. | ||||
| ||||
jmxEnabled | boolean | true | ||
Register the pool with JMX or not. The default value is true. | ||||
| ||||
commitOnReturn | boolean | false | ||
If autoCommit==false then the pool can complete the transaction by calling commit on the connection as it is returned to the pool If rollbackOnReturn==true then this attribute is ignored. Default value is false. | ||||
| ||||
logAbandoned | boolean | false | ||
Flag to log stack traces for application code which abandoned a Connection. Logging of abandoned Connections adds overhead for every Connection borrow because a stack trace has to be generated. The default value is false. | ||||
| ||||
maxIdle | int | 100 | ||
The maximum number of connections that should be kept in the pool at all times. Default value is maxActive:100 Idle connections are checked periodically (if enabled) and connections that been idle for longer than minEvictableIdleTimeMillis will be released. (also see testWhileIdle) | ||||
| ||||
testWhileIdle | boolean | false | ||
The indication of whether objects will be validated by the idle object evictor (if any). If an object fails to validate, it will be dropped from the pool. NOTE - for a true value to have any effect, the validationQuery parameter must be set to a non-null string. The default value is false and this property has to be set in order for the pool cleaner/test thread is to run (also see timeBetweenEvictionRunsMillis) | ||||
| ||||
removeAbandoned | boolean | false | ||
Flag to remove abandoned connections if they exceed the removeAbandonedTimeout. If set to true a connection is considered abandoned and eligible for removal if it has been in use longer than the removeAbandonedTimeout Setting this to true can recover db connections from applications that fail to close a connection. See also logAbandoned The default value is false. | ||||
| ||||
abandonWhenPercentageFull | int | 0 | ||
Connections that have been abandoned (timed out) wont get closed and reported up unless the number of connections in use are above the percentage defined by abandonWhenPercentageFull. The value should be between 0-100. The default value is 0, which implies that connections are eligible for closure as soon as removeAbandonedTimeout has been reached. | ||||
| ||||
minIdle | int | 10 | ||
The minimum number of established connections that should be kept in the pool at all times. The connection pool can shrink below this number if validation queries fail. Default value is derived from initialSize:10 (also see testWhileIdle) | ||||
| ||||
defaultReadOnly | Boolean | null | ||
The default read-only state of connections created by this pool. If not set then the setReadOnly method will not be called. (Some drivers dont support read only mode, ex: Informix) | ||||
| ||||
maxWait | int | 30000 | ||
The maximum number of milliseconds that the pool will wait (when there are no available connections) for a connection to be returned before throwing an exception. Default value is 30000 (30 seconds) | ||||
| ||||
logValidationErrors | boolean | false | ||
Set this to true to log errors during the validation phase to the log file. If set to true, errors will be logged as SEVERE. Default value is false for backwards compatibility. | ||||
| ||||
driverClassName | String | null | ||
The fully qualified Java class name of the JDBC driver to be used. The driver has to be accessible from the same classloader as tomcat-jdbc.jar | ||||
| ||||
name | String | Tomcat Connection Pool[4-153647080] | ||
Returns the name of the connection pool. By default a JVM unique random name is assigned. | ||||
| ||||
useStatementFacade | boolean | true | ||
If a statement proxy is set, wrap statements so that equals() and hashCode() methods can be called on closed statements. | ||||
| ||||
initSQL | String | null | ||
A custom query to be run when a connection is first created. The default value is null. | ||||
| ||||
validationQueryTimeout | int | -1 | ||
The timeout in seconds before a connection validation queries fail. This works by calling java.test_sample.Statement.setQueryTimeout(seconds) on the statement that executes the validationQuery. The pool itself doesnt timeout the query, it is still up to the JDBC driver to enforce query timeouts. A value less than or equal to zero will disable this feature. The default value is -1. | ||||
| ||||
validationQuery | String | null | ||
The SQL query that will be used to validate connections from this pool before returning them to the caller. If specified, this query does not have to return any data, it just cant throw a SQLException. The default value is null. Example values are SELECT 1(mysql), select 1 from dual(oracle), SELECT 1(MS Sql Server) | ||||
| ||||
rollbackOnReturn | boolean | false | ||
If autoCommit==false then the pool can terminate the transaction by calling rollback on the connection as it is returned to the pool Default value is false. | ||||
| ||||
alternateUsernameAllowed | boolean | false | ||
By default, the jdbc-pool will ignore the DataSource.getConnection(username,password) call, and simply return a previously pooled connection under the globally configured properties username and password, for performance reasons. The pool can however be configured to allow use of different credentials each time a connection is requested. To enable the functionality described in the DataSource.getConnection(username,password) call, simply set the property alternateUsernameAllowed to true. Should you request a connection with the credentials user1/password1 and the connection was previously connected using different user2/password2, the connection will be closed, and reopened with the requested credentials. This way, the pool size is still managed on a global level, and not on a per schema level. | ||||
| ||||
dataSourceJNDI | String | null | ||
The JNDI name for a data source to be looked up in JNDI and then used to establish connections to the database. See the dataSource attribute. Default value is null | ||||
| ||||
validatorClassName | String | null | ||
The name of a class which implements the org.apache.tomcat.jdbc.pool.Validator interface and provides a no-arg constructor (may be implicit). If specified, the class will be used to create a Validator instance which is then used instead of any validation query to validate connections. The default value is null. An example value is com.mycompany.project.SimpleValidator. | ||||
| ||||
suspectTimeout | int | 0 | ||
Timeout value in seconds. Similar to to the removeAbandonedTimeout value but instead of treating the connection as abandoned, and potentially closing the connection, this simply logs the warning if logAbandoned is set to true. If this value is equal or less than 0, no suspect checking will be performed. Suspect checking only takes place if the timeout value is larger than 0 and the connection was not abandoned or if abandon check is disabled. If a connection is suspect a WARN message gets logged and a JMX notification gets sent once. | ||||
| ||||
useEquals | boolean | true | ||
Set to true if you wish the ProxyConnection class to use String.equals and set to false when you wish to use == when comparing method names. This property does not apply to added interceptors as those are configured individually. The default value is true. | ||||
| ||||
removeAbandonedTimeout | int | 60 | ||
Timeout in seconds before an abandoned(in use) connection can be removed. The default value is 60 (60 seconds). The value should be set to the longest running query your applications might have. | ||||
| ||||
defaultAutoCommit | Boolean | null | ||
The default auto-commit state of connections created by this pool. If not set, default is JDBC driver default (If not set then the setAutoCommit method will not be called.) | ||||
| ||||
testOnConnect | boolean | false | ||
Validate the connection when connecting to the database for the first time. False by default. Set to true if you want to use the validationQuery as an init query. | ||||
| ||||
jdbcInterceptors | String | null | ||
A semicolon separated list of classnames extending org.apache.tomcat.jdbc.pool.JdbcInterceptor class. See Configuring JDBC interceptors below for more detailed description of syntaz and examples. These interceptors will be inserted as an interceptor into the chain of operations on a java.test_sample.Connection object. The default value is null. | ||||
| ||||
initialSize | int | 10 | ||
The initial number of connections that are created when the pool is started. Default value is 10 | ||||
| ||||
defaultTransactionIsolation | int | -1 | ||
The default TransactionIsolation state of connections created by this pool. One of the following: NONE, READ_COMMITTED, READ_UNCOMMITTED, REPEATABLE_READ, SERIALIZABLE If not set, the method will not be called and it defaults to the JDBC driver. | ||||
| ||||
numTestsPerEvictionRun | int | 0 | ||
Property not used in tomcat-jdbc-pool. | ||||
| ||||
url | String | null | ||
The URL used to connect to the database. | ||||
| ||||
testOnBorrow | boolean | false | ||
The indication of whether objects will be validated before being borrowed from the pool. If the object fails to validate, it will be dropped from the pool, and we will attempt to borrow another. NOTE - for a true value to have any effect, the validationQuery parameter must be set to a non-null string. In order to have a more efficient validation, see validationInterval. Default value is false | ||||
| ||||
fairQueue | boolean | true | ||
Set to true if you wish that calls to getConnection should be treated fairly in a true FIFO fashion. This uses the org.apache.tomcat.jdbc.pool.FairBlockingQueue implementation for the list of the idle connections. The default value is true. This flag is required when you want to use asynchronous connection retrieval. Setting this flag ensures that threads receive connections in the order they arrive. During performance tests, there is a very large difference in how locks and lock waiting is implemented. When fairQueue=true there is a decision making process based on what operating system the system is running. If the system is running on Linux (property os.name=Linux. To disable this Linux specific behavior and still use the fair queue, simply add the property org.apache.tomcat.jdbc.pool.FairBlockingQueue.ignoreOS=true to your system properties before the connection pool classes are loaded. | ||||
| ||||
accessToUnderlyingConnectionAllowed | boolean | true | ||
Property not used. Access can be achieved by calling unwrap on the pooled connection. see javax.test_sample.DataSource interface, or call getConnection through reflection or cast the object as javax.test_sample.PooledConnection | ||||
| ||||
maxAge | long | 0 | ||
Time in milliseconds to keep this connection. When a connection is returned to the pool, the pool will check to see if the now - time-when-connected > maxAge has been reached, and if so, it closes the connection rather than returning it to the pool. The default value is 0, which implies that connections will be left open and no age check will be done upon returning the connection to the pool. | ||||
| ||||
minEvictableIdleTimeMillis | int | 60000 | ||
The minimum amount of time an object may sit idle in the pool before it is eligible for eviction. The default value is 60000 (60 seconds). | ||||
| ||||
timeBetweenEvictionRunsMillis | int | 5000 | ||
The number of milliseconds to sleep between runs of the idle connection validation/cleaner thread. This value should not be set under 1 second. It dictates how often we check for idle, abandoned connections, and how often we validate idle connections. The default value is 5000 (5 seconds). | ||||
| ||||
testOnReturn | boolean | false | ||
The indication of whether objects will be validated before being returned to the pool. NOTE - for a true value to have any effect, the validationQuery parameter must be set to a non-null string. The default value is false. | ||||
| ||||
useLock | boolean | false | ||
Use a lock when performing operations on the connection object. False by default. Set to true if you will use a separate background thread for idle and abandon checking (e.g. JMX clients). If the pool sweeper is enabled, a lock is used, regardless of this setting. | ||||
| ||||
maxActive | int | 100 | ||
The maximum number of active connections that can be allocated from this pool at the same time. The default value is 100 | ||||
| ||||
username | String | null | ||
The connection username to be passed to our JDBC driver to establish a connection. Note that method DataSource.getConnection(username,password) by default will not use credentials passed into the method, but will use the ones configured here. See alternateUsernameAllowed property for more details. | ||||
| ||||
[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM. [b] A list of operations in this column indicates that the property is required for those operations. |