Feature added import script (#33)

* feature: enhanced error handling resource scripts

* feature: import script

* Fix: optimized audit loging

* Update CHANGELOG.md

* Fix: make sure displayname has a value

Author: rhouthuijzen

CHANGELOG.md

@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com), and this project adheres to [Semantic Versioning](https://semver.org).
 
+## [3.4.0] - 14-03-2025
+
+List of changes:
+- Added account import script
+- Enhanced error handling resource scripts ([#32](https://github.com/Tools4everBV/HelloID-Conn-Prov-Target-Topdesk/issues/32))
+- Optimized audit logging
+
 ## [3.3.0] - 10-12-2024
 
 Added examples for adding additional endpoints and removed debug toggle

README.md

@@ -30,6 +30,15 @@
 
 ## Introduction
 
+Supported features:
+| Feature                             | Supported | Actions                                 | Remarks                        |
+| ----------------------------------- | --------- | --------------------------------------- | ------------------------------ |
+| **Account Lifecycle**               | ✅         | Create, Update, Enable, Disable, Delete |                                |
+| **Permissions**                     | ✅         | Retrieve, Grant, Revoke                 | Creating changes and incidents |
+| **Resources**                       | ✅         | -                                       |                                |
+| **Entitlement Import: Accounts**    | ✅         | -                                       |                                |
+| **Entitlement Import: Permissions** | ❌         | -                                       |                                |
+
 _HelloID-Conn-Prov-Target-Topdesk_ is a _target_ connector. Topdesk provides a set of REST APIs that allow you to programmatically interact with its data. The [Topdesk API documentation](https://developers.topdesk.com/explorer/?page=supporting-files#/) provides details of API commands that are used.
 
 | Endpoint                           | Description                                                |

delete.ps1

@@ -334,19 +334,6 @@ try {
         'UpdateAndDisable' {
             Write-Information "Archiving Topdesk person for: [$($personContext.Person.DisplayName)]"
 
-            $accountChangedPropertiesObject = [PSCustomObject]@{
-                OldValues = @{}
-                NewValues = @{}
-            }
-    
-            foreach ($accountOldProperty in ($accountOldProperties | Where-Object { $_.Name -in $accountNewProperties.Name })) {
-                $accountChangedPropertiesObject.OldValues.$($accountOldProperty.Name) = $accountOldProperty.Value
-            }
-    
-            foreach ($accountNewProperty in $accountNewProperties) {
-                $accountChangedPropertiesObject.NewValues.$($accountNewProperty.Name) = $accountNewProperty.Value
-            }
-
             # Unarchive person if required
             if ($TopdeskPerson.status -eq 'personArchived') {
 
@@ -378,7 +365,7 @@ try {
                 $TopdeskPersonUpdated = Set-TopdeskPerson @splatParamsPersonUpdate
             }
             else {
-                Write-Warning "DryRun would update Person. Old values: $($accountChangedPropertiesObject.oldValues | ConvertTo-Json). New values: $($accountChangedPropertiesObject.newValues | ConvertTo-Json)"
+                Write-Warning "DryRun would update Person."
             }
 
             # Archive person
@@ -401,10 +388,10 @@ try {
             $outputContext.PreviousData = $TopdeskPerson
 
             if (-Not($actionContext.DryRun -eq $true)) {
-                Write-Information "Account with id [$($TopdeskPerson.id)] and dynamicName [($($TopdeskPerson.dynamicName))] successfully updated and archived. Old values: $($accountChangedPropertiesObject.oldValues | ConvertTo-Json). New values: $($accountChangedPropertiesObject.newValues | ConvertTo-Json)"
+                Write-Information "Account with id [$($TopdeskPerson.id)] and dynamicName [($($TopdeskPerson.dynamicName))] successfully updated and archived."
 
                 $outputContext.AuditLogs.Add([PSCustomObject]@{
-                        Message = "Account with id [$($TopdeskPerson.id)] and dynamicName [($($TopdeskPerson.dynamicName))] successfully updated and archived. Old values: $($accountChangedPropertiesObject.oldValues | ConvertTo-Json). New values: $($accountChangedPropertiesObject.newValues | ConvertTo-Json)"
+                        Message = "Account with id [$($TopdeskPerson.id)] and dynamicName [($($TopdeskPerson.dynamicName))] successfully updated and archived."
                         IsError = $false
                     })
             }

import.ps1

@@ -0,0 +1,111 @@
+#####################################################
+# HelloID-Conn-Prov-Target-Topdesk-Import
+# PowerShell V2
+#####################################################
+
+# Enable TLS1.2
+[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor [System.Net.SecurityProtocolType]::Tls12
+
+try {
+    Write-Information 'Starting target account import'
+
+    $importFields = $($actionContext.ImportFields)
+    
+    # Remove all '.' and the value behind. For example branch instead of branch.name
+    $importFields = $importFields -replace '\..*', ''
+
+    # Gender is not a supported field to query (APIv2), if exists it will be filtered
+    $importFields = $importFields | Where-Object { $_ -ne 'gender' }
+
+    # Add mandatory fields for HelloID to query and return
+    if ('id' -notin $importFields) { $importFields += 'id' }
+    if ('archived' -notin $importFields) { $importFields += 'archived' }
+    if ('dynamicName' -notin $importFields) { $importFields += 'dynamicName' }
+    if ('tasLoginName' -notin $importFields) { $importFields += 'tasLoginName' }
+
+    # Remove fields from other endpoints
+    if ('privateDetails' -in $importFields) { $importFields = $importFields | Where-Object { $_ -ne 'privateDetails' } }
+    if ('contract' -in $importFields) { $importFields = $importFields | Where-Object { $_ -ne 'contract' } }
+
+    # Convert to a ',' string
+    $fields = $importFields -join ','
+    Write-Information "Querying fields [$fields]"
+
+    # Create basic authentication string
+    $username = $actionContext.Configuration.username
+    $apikey = $actionContext.Configuration.apikey
+    $bytes = [System.Text.Encoding]::ASCII.GetBytes("${username}:${apikey}")
+    $base64 = [System.Convert]::ToBase64String($bytes)
+
+    # Set authentication headers
+    $headers = [System.Collections.Generic.Dictionary[string, string]]::new()
+    $headers.Add("Authorization", "BASIC $base64")
+    $headers.Add('Accept', 'application/x.topdesk-collection-person-v2+json')
+
+    $existingAccounts = @()
+    $pageSize = 5000
+    $uri = "$($actionContext.Configuration.baseUrl)/tas/api/persons?pageStart=0&pageSize=$pageSize&fields=$fields"
+    
+    do {
+        $splatParams = @{
+            Uri         = $uri
+            Headers     = $headers
+            Method      = 'GET'
+            ContentType = 'application/json; charset=utf-8'
+        }
+    
+        $partialResultUsers = Invoke-RestMethod @splatParams
+        $existingAccounts += $partialResultUsers.item
+        $uri = $partialResultUsers.next
+
+        Write-Information "Successfully queried [$($existingAccounts.count)] existing accounts"
+    } while ($uri)
+
+    # Map the imported data to the account field mappings
+    foreach ($account in $existingAccounts) {
+        $enabled = $true
+        # Convert archived to disabled
+        if ($account.archived) {
+            $enabled = $false
+        }
+
+        # Make sure the DisplayName has a value
+        if ([string]::IsNullOrEmpty($account.dynamicName)) {
+            $account.dynamicName = $account.id
+        }
+
+        # Make sure the Username has a value
+        if ([string]::IsNullOrEmpty($account.tasLoginName)) {
+            $account.tasLoginName = $account.id
+        }
+
+        # Return the result
+        Write-Output @{
+            AccountReference = $account.id
+            DisplayName      = $account.dynamicName
+            UserName         = $account.tasLoginName
+            Enabled          = $enabled
+            Data             = $account
+        }
+    }
+    Write-Information 'Target account import completed'
+}
+catch {
+    $ex = $PSItem
+    if ($($ex.Exception.GetType().FullName -eq 'Microsoft.PowerShell.Commands.HttpResponseException') -or
+        $($ex.Exception.GetType().FullName -eq 'System.Net.WebException')) {
+
+        if (-Not [string]::IsNullOrEmpty($ex.ErrorDetails.Message)) {
+            Write-Information "Error at Line '$($ex.InvocationInfo.ScriptLineNumber)': $($ex.InvocationInfo.Line). Error: $($ex.ErrorDetails.Message)"
+            Write-Error "Could not import account entitlements. Error: $($ex.ErrorDetails.Message)"
+        }
+        else {
+            Write-Information "Error at Line '$($ex.InvocationInfo.ScriptLineNumber)': $($ex.InvocationInfo.Line). Error: $($ex.Exception.Message)"
+            Write-Error "Could not import account entitlements. Error: $($ex.Exception.Message)"
+        }
+    }
+    else {
+        Write-Information "Error at Line '$($ex.InvocationInfo.ScriptLineNumber)': $($ex.InvocationInfo.Line). Error: $($ex.Exception.Message)"
+        Write-Error "Could not import account entitlements. Error: $($ex.Exception.Message)"
+    }
+}

resources/branch/resources.ps1

@@ -189,60 +189,89 @@ try {
 
     # Process
     foreach ($HelloIdBranch in $rRefSourceData) {
-        
-        # Mapping how to create a branch. https://developers.topdesk.com/explorer/?page=supporting-files#/Branches/createBranch
-        $branch = [PSCustomObject]@{
-            name          = $HelloIdBranch.name
-            postalAddress = @{
-                country = @{id = $country.id }
-            }
-            branchType    = 'independentBranch' # valid values: 'independentBranch' 'headBranch' 'hasAHeadBranch'.
-        }
-        if (-not($TopdeskBranches.name -eq $branch.name)) {
-            if (-not ($actionContext.DryRun -eq $true)) {
-                Write-Information "Creating TOPdesk branch with the name [$($branch.name)] in TOPdesk..."
-                # Create branch
-                $splatParamsCreateBranch = @{
-                    Headers = $authHeaders
-                    BaseUrl = $actionContext.Configuration.baseUrl
-                    Branch  = $branch
+        try {
+            # Mapping how to create a branch. https://developers.topdesk.com/explorer/?page=supporting-files#/Branches/createBranch
+            $branch = [PSCustomObject]@{
+                name          = $HelloIdBranch.name
+                postalAddress = @{
+                    country = @{id = $country.id }
                 }
-                $newBranch = New-TOPdeskBranch @splatParamsCreateBranch
+                branchType    = 'independentBranch' # valid values: 'independentBranch' 'headBranch' 'hasAHeadBranch'.
+            }
+            if (-not($TopdeskBranches.name -eq $branch.name)) {
+                if (-not ($actionContext.DryRun -eq $true)) {
+                    Write-Information "Creating TOPdesk branch with the name [$($branch.name)] in TOPdesk..."
+                    # Create branch
+                    $splatParamsCreateBranch = @{
+                        Headers = $authHeaders
+                        BaseUrl = $actionContext.Configuration.baseUrl
+                        Branch  = $branch
+                    }
+                    $newBranch = New-TOPdeskBranch @splatParamsCreateBranch
 
-                $outputContext.AuditLogs.Add([PSCustomObject]@{
-                        Action  = "CreateResource"    
-                        Message = "Created Topdesk branch with the name [$($newBranch.name)] and ID [$($newBranch.id)]"
-                        IsError = $false
-                    })
+                    $outputContext.AuditLogs.Add([PSCustomObject]@{
+                            Action  = "CreateResource"    
+                            Message = "Created Topdesk branch with the name [$($newBranch.name)] and ID [$($newBranch.id)]"
+                            IsError = $false
+                        })
+                }
+                else {
+                    Write-Warning "Preview: Would create Topdesk branch $($branch.name)"
+                }
             }
             else {
-                Write-Warning "Preview: Would create Topdesk branch $($branch.name)"
+                Write-Information "Not creating branch [$($branch.name)] as it already exists in Topdesk"
             }
         }
-        else {
-            Write-Information "Not creating branch [$($branch.name)] as it already exists in Topdesk"
+        catch {
+            $ex = $PSItem
+
+            if ($($ex.Exception.GetType().FullName -eq 'Microsoft.PowerShell.Commands.HttpResponseException') -or
+                $($ex.Exception.GetType().FullName -eq 'System.Net.WebException')) {
+                if (-Not [string]::IsNullOrEmpty($ex.ErrorDetails.Message)) {
+                    $errorMessage = $($ex.ErrorDetails.Message)
+                }
+                else {
+                    $errorMessage = $($ex.Exception.Message)
+                }
+                $auditMessage = "Could not create branch [$($branch.name)]. Error: $($errorMessage)"
+                Write-Warning "Error at Line '$($ex.InvocationInfo.ScriptLineNumber)': $($ex.InvocationInfo.Line). Error: $($errorMessage)"
+            }
+            else {
+                $auditMessage = "Could not create branch [$($branch.name)]. Error: $($ex.Exception.Message)"
+                Write-Warning "Error at Line '$($ex.InvocationInfo.ScriptLineNumber)': $($ex.InvocationInfo.Line). Error: $($ex.Exception.Message)"
+            }
+            $outputContext.AuditLogs.Add([PSCustomObject]@{
+                    Action  = "CreateResource"    
+                    Message = $auditMessage
+                    IsError = $true
+                })
         }
     }
 }
 catch {
     $ex = $PSItem
-    
+
     if ($($ex.Exception.GetType().FullName -eq 'Microsoft.PowerShell.Commands.HttpResponseException') -or
         $($ex.Exception.GetType().FullName -eq 'System.Net.WebException')) {
-        $errorMessage = "Could not create branch [$($branch.name)]. Error:  $($ex.Exception.Message) $($ex.ScriptStackTrace)"
+        if (-Not [string]::IsNullOrEmpty($ex.ErrorDetails.Message)) {
+            $errorMessage = $($ex.ErrorDetails.Message)
+        }
+        else {
+            $errorMessage = $($ex.Exception.Message)
+        }
+        $auditMessage = "Could not create branches. Error: $($errorMessage)"
+        Write-Warning "Error at Line '$($ex.InvocationInfo.ScriptLineNumber)': $($ex.InvocationInfo.Line). Error: $($errorMessage)"
     }
     else {
-        $errorMessage = "Could not create branch [$($branch.name)]. Error: $($ex.Exception.Message) $($ex.ScriptStackTrace)"
-    }
-
-    # Only log when there are no lookup values, as these generate their own audit message
-    if (-Not($ex.Exception.Message -eq 'Error(s) occured while looking up required values')) {
-        $outputContext.AuditLogs.Add([PSCustomObject]@{
-                Action  = "CreateResource"    
-                Message = $errorMessage
-                IsError = $true
-            })
+        $auditMessage = "Could not create branches. Error: $($ex.Exception.Message)"
+        Write-Warning "Error at Line '$($ex.InvocationInfo.ScriptLineNumber)': $($ex.InvocationInfo.Line). Error: $($ex.Exception.Message)"
     }
+    $outputContext.AuditLogs.Add([PSCustomObject]@{
+            Action  = "CreateResource"    
+            Message = $auditMessage
+            IsError = $true
+        })
 }
 finally {
     # Check if auditLogs contains errors, if errors are found, set success to false