Skip to main content
DevOps icon showing cogs

This post is from the XebiaLabs blog and has not been updated since the original publish date.

Last Updated Dec 08, 2014 — DevOps Expert

XL Rules: Custom Integrations With XL Deploy Rules Framework


I was working with a customer recently to prove some concepts one of which involved sourcing a password from Cyberark Password Vault. To do this I used rules and performed an action  in the planning stage.

First I added a new property to all containers called CyberarkId using a type modification within the synthetic.xml file  (..../ext/synthetic.xml)
<type-modification type="udm.BaseContainer">
    <property name="cyberarkId" category="Cyber Ark" required="false"/>
Screen Shot 2014-11-26 at 16.36.53Then I added a rule to invoke our script (..../ext/xl-rules.xml)
    <rule name="CyberArkPasswordRegistration" scope="plan">
And created a python script that loops through the deltas, looks for containers with an assigned cyberark variable and uses that to look up a password. In our demo case we are simply parsing a key=value text file, but this could easily be a REST call or some other wrapped API call to cyberark.  We might need to add some additional information to connect to cyberark or to retrieve our credentials by specifying more information, but that's just gravy.
def emptyOrNone(s):
    return s is None or len(s.strip()) == 0
def extract_cyberark_aware_containers(deltas):
    containers = {}
    # Get our deployed containers
    for delta in deltas.deltas:
        delta_op = str(delta.operation)
        deployed = delta.previous if delta_op == "DESTROY" else delta.deployed
        container = deployed.container
        if container.hasProperty("cyberarkId") and not emptyOrNone(container.cyberarkId):
            # Ensure we only add our container once
            if in containers.keys():
            containers[] = container
    return [containers[ke] for ke in containers.keys()]
def update_passwords_from_cyberark(containers, context):
    f = open('/tmp/password.txt')
    id_pwds = f.readlines()
    for container in containers:
        cyber_ark_id = container.cyberarkId
        #call cyber ark
        # In our example password.txt is a simple key=value file.
        for id_pwd in id_pwds:
            id, pwd = id_pwd.split('=')
            if cyber_ark_id == id:
                container.setProperty("password", pwd)
update_passwords_from_cyberark(extract_cyberark_aware_containers(deltas), context)
This is cool and definitely serves to demonstrate the simple flexibility of XL Deploy, but with respect to this particular use case I would add the following cautionary note: It might be fine for demonstrating the concept, but the idea of having every deployment to every container interact with a centralized tool (that may have been designed and optimized for occasional human access) adds quite an overhead to the deployment.  I suspect as this is scaled out to hundreds of servers we would have to think of another approach (perhaps a bulk update of infrastructure CIs periodically for example using the our Command Line Interface). That said, it is however a good start, and with approximately 6 lines of configuration ( 2 if you like xml on a single line ) and a small python script we have made a powerful but manageable change to our deployment. I think the biggest win for me is to have something tangible that shows us extending the product in a straight forward way and of course meeting one of the requirements of our growing user base.  Also in my context its a very quick way to get to talk about the problem of managing information such as credentials.  The issues of making deployments dependent on another single point of failure for example.

How have you extended XL Deploy and how did you find it?

Expect to see more examples of our rules framework in the coming weeks and months. XL Rules!

More from the Blog

View more
Ascension Launch Banner
Apr 26, 2022

Get ready for peak performance with’s newest AI-Powered DevOps Platform Ascension Release

Today, is excited to announce our latest AI-Powered DevOps ...
Read More
Jan 24, 2022 Value Stream Delivery for SAFe®: The key to amazing business outcomes

The Scaled Agile Framework (SAFe) is the world’s leading framework for ...
Read More
Dec 09, 2021

How SaaS and cloud-based solutions helped the U.S. Department of Veterans Affairs achieve digital transformation

Modernizing legacy systems was an ongoing goal for the U.S. Department ...
Read More
Nov 29, 2021

Increase velocity and reduce risk with AI and machine learning

Artificial Intelligence (AI) and machine learning (ML) have proven use ...
Read More
Contact Us