On This Page
Using Scripts to Enhance Workflows
Overview
SecureChange workflow admins with development and technical backgrounds can use scripts to enhance functionality of workflows. For example, a script can be triggered to send email updates every time a ticket is closed.
When uploading a script to SecureChange, select triggering event(s) and define any arguments that you would like to pass to the script.
Script Triggers
Scripts are configured to run following certain events, such as the closing of a ticket. These events are called triggers. When a selected trigger happens, SecureChange attempts to run the script asynchronously, up to a maximum of five times.
The following events can be selected to trigger scripts in a workflow:
Trigger |
Action |
---|---|
Advance |
Runs a script when a handled ticket has advanced to a new step on the specified workflow. |
Automatic step failed |
Runs a script when an automatic step has failed in a ticket. |
Create |
Runs a script when a ticket is created. |
Close |
Runs a script when a ticket is closed. |
Cancel |
Runs a script when a ticket is canceled. |
Redo |
Runs a script when a handler of a ticket has returned to an earlier step on a specified workflow. |
Reject |
Runs a script when a ticket is rejected. |
Reopen |
Runs a script when the requester reopens a ticket after the handlers have completed their tasks. |
Resolve |
Runs a script when all handlers have completed their tasks and is pending confirmation by the requester. |
Resubmit |
Runs a script when an expired ticket is resubmitted. |
XML Input From Scripts
When invoked, SecureChange passes ticket information to the script in XML format containing the following attributes:
completion_step_id
completion_step_name
completion_step_name
createDate
current_stage_id
current_stage_name
id
open_request_id
open_request_name
subject, updateDate
.
Custom Scripts
In TOS Aurora, SecureChange service runs in a Kubernetes pod, which does not retain changes upon restart. If your script is not pure bash, you must run it outside the TOS cluster using an external process. A mediator script connects this process and SecureChange. Tufin can provides a sample implementation of a mediator script, although this script is not an integral part of TOS Aurora. For more information, see Enabling Custom Scripts.
Add a Script to SecureChange
-
Upload your script to the cluster:
[<ADMIN> ~]$ sudo tos scripts sc push <path on local host> <relative path on SecureChange> [--overwrite]
sudo tos scripts sc push <path on local host> <relative path on SecureChange> [--overwrite]For more details, see tos scripts sc push.
-
Log into SecureChange.
-
Go to: Settings > SecureChange API
-
Click: Add script
-
Enter the full path to the script, for example:
/opt/tufin/data/securechange/scripts/example.py
-
Add any arguments that you want to pass to the script.
-
Click Test to make sure that SecureChange can run the script.
-
Select the SecureChange workflow that triggers the script.
-
Select the workflow events that trigger the script.
-
Click Save to save the script configuration.
How do I Get Here?
SecureChange > Settings > SecureChange API