Deploying metadata (Salesforce- Compliance accelerator)

Let us now deploy the masking metadata content from the resource folder into a Continuous Compliance engine.

To run the deploy operation, you must first initialize and configure dxac. f you have not done so already, please refer to Getting Started.

Supported Objects

dxac supports the creation of the following global and non-global objects on a Continuous Compliance engine during the deploy process.

Global Objects

  1. Algorithms

  2. Domains

  3. Profiler Expressions

  4. JDBC Drivers

  5. Driver Support Plugins

Non-Global Objects

  1. Application

  2. Environment

  3. Connector

  4. Ruleset

  5. Inventory

To start the compliance accelerator deploy process, read the section below.

Uploading JDBC Driver

In the event that there’s an extended driver required for masking, dxac can upload the driver to a target Masking engine.Given below are the steps to upload a JDBC driver:

  1. Copy the driver zip file into /resource/jdbc_driver folder.

  2. Use dxac config update -dn to set the name of the driver file and classname for the driver in dxac config.

  3. Run the deploy command with the -ud option.

Upload JDBC driver with deploy 

./dxac deploy salesforce <authentication-parameters> -ud
Driver upload to the masking engine needs to be done manually.

Uploading Driver Support Extensions

In the event that there are driver support extensions that need to be deployed, dxac can deploy them to a Continuous Compliance engine.
Given below are the steps to upload a plugin file as part of the deploy operation.

  1. Copy the plugin jar file into the /resource/plugin folder.

  2. Use dxac config update -pn to set the name of the plugin file in dxac config.

  3. Run the deploy command with the -ue option.

Upload driver extension plugin with deploy 

./dxac deploy salesforce <authentication-parameters> -ue

Uploading Certificate Chain

Dxac can upload the certificate chain file present in the “resource/certs” folder to a target Masking engine. Given below are the steps to upload a certificate chain.

  1. Copy the certificate chain pem file into /resource/certs folder.

  2. Update the cert_name parameter in dxac config with the name of the cert file (with extension).

  3. Run the deploy command with the -uc option.

Upload certificate chain with deploy
./dxac deploy salesforce <authentication-parameters> -uc

Uploading OAuth2Settings File

In the event of using headless OAuth2 to authenticate to Salesforce, there is a need for an OAuth2Settings.txt file to be uploaded to the engine and also adding the file reference of the uploaded settings file in the JDBC URL. Dxac can upload the OAuth2Settings.txt file present in the resource/connector folder to a target Masking engine. Given below are the steps to upload the settings file.

  1. Copy the contents of the oauth settings file into the /resource/connector/OAuth2Settings.txt file.

  2. Run the deploy command with the -uo option.

Upload OAuth2Settings with deploy
./dxac deploy salesforce <authentication-parameters> -uo

For more information on how to create an OAuth2Settings.txt file for OAuth2 based authentication with salesforce, see Create OAuth Settings File.

Final Deploy Commands

Please refer Deploy command for accelerator for more information on the parameters.

On MacOS and Linux

DXAC_ENGINE_PASSWORD, DXAC_SANNBOX_PASSWORD,DX_SECURITY_TOKEN are environment variables. Please refer Setting environment variables .

  • Deploy only metadata

./dxac deploy salesforce -i <engine-name> -u <engine user> -U <database user> -e "DXAC_ENGINE_PASSWORD, DXAC_SANNBOX_PASSWORD,DX_SECURITY_TOKEN"

  • Deploy plugin with metadata

./dxac deploy salesforce -i <engine-name> -u <engine user> -U <database user> -e "DXAC_ENGINE_PASSWORD, DXAC_SANNBOX_PASSWORD,DX_SECURITY_TOKEN" -ue

  • Deploy plugin and certificate with metadata

./dxac deploy salesforce -i <engine-name> -u <engine user> -U <database user> -e "DXAC_ENGINE_PASSWORD, DXAC_SANNBOX_PASSWORD,DX_SECURITY_TOKEN" -ue -uc

On Windows 10

  • Deploy only metadata

.\dxac.exe deploy salesforce -i <engine-name> -u <engine user> -U <database user> -e "DXAC_ENGINE_PASSWORD, DXAC_SANNBOX_PASSWORD,DX_SECURITY_TOKEN"

  • Deploy plugin with metadata

.\dxac.exe deploy salesforce -i <engine-name> -u <engine user> -U <database user> -e "DXAC_ENGINE_PASSWORD, DXAC_SANNBOX_PASSWORD,DX_SECURITY_TOKEN" -ue

  • Deploy plugin, and certificate with metadata

.\dxac.exe deploy salesforce -i <engine-name> -u <engine user> -U <database user> -e "DXAC_ENGINE_PASSWORD, DXAC_SANNBOX_PASSWORD,DX_SECURITY_TOKEN" -ue -uc

Deploy command for OAuth2 Authentication

For using OAuth2 based headless authentication with Salesforce, you need to create an OAuth2Settings.txt file and place it under the resource/connector folder. You also need the ClientId and ClientSecret from a connected app that is created on the target salesforce environment. To ask dxac to use OAuth2 authentication, you have the below command line parameters:

Parameter

Description

-a / –auth-type

Auth type to be specified to dxac. It can take values in [‘basic’, ‘oauth2’]

-uc / –upload-cert

Flag to be given with the deploy command if we want to upload the certificate file.

-uo / –upload-settings

Flag to be given with the deploy command if we want to upload the OAuth2Settings.txt file.

Linux/ Mac

DXAC_ENGINE_PASSWORD, OAUTHCLIENTID,OAUTHCLIENTSECRET are environment variables. Please refer Setting environment variables .

  • Deploy command for OAuth2

./dxac deploy salesforce -i <engine-name> -u <engine user> -U <database user> -a oauth2 -e "DXAC_ENGINE_PASSWORD, OAUTHCLIENTID,OAUTHCLIENTSECRET"

  • Deploy command for OAuth2 with plugin

./dxac deploy salesforce -i <engine-name> -u <engine user> -U <database user> -a oauth2 -e "DXAC_ENGINE_PASSWORD, OAUTHCLIENTID,OAUTHCLIENTSECRET" -ue

  • Deploy command for OAuth2 with plugin, certificate and settings

./dxac deploy salesforce -i <engine-name> -u <engine user> -U <database user> -a oauth2 -e "DXAC_ENGINE_PASSWORD, OAUTHCLIENTID,OAUTHCLIENTSECRET" -ue -uc -uo
Once the driver, certificate, and OAuth2Settings file is uploaded, you can run the deploy without these options to reuse the already uploaded certificate, driver and settings file. In that scenario the command would look like the following:
./dxac deploy salesforce -i <engine-name> -u <engine user> -U <database user> -a oauth2 -e "DXAC_ENGINE_PASSWORD, OAUTHCLIENTID,OAUTHCLIENTSECRET"

What’s Next?

You have now used dxac to deploy the masking metadata content successfully to a Continuous Compliance engine.

For information on the dxac deploy command and its parameters, refer to CLI References.