Groovy Script Management

OpenIAM uses Groovy scripts as customization hooks across the platform — provisioning policy maps, reconciliation transformers, authentication providers, batch task logic, and more. All scripts are managed through the Groovy Manager, accessible in the Webconsole under Administration → Groovy Manager.

Navigating the Groovy Manager

The Groovy Manager presents a file-browser tree on the left. Scripts are organized into folders (e.g. policymap, recon, auth). Click a folder to expand it and click a script name to open it in the editor.

The toolbar across the top provides:

Creating and editing scripts

1. Expand the folder in the tree where the script belongs.
2. Click New Script, enter a name and version, then write your Groovy code in the editor.
3. Click Save. OpenIAM compiles the script before saving — any compilation errors appear in the editor panel with a stack trace.

To edit an existing script, click its name in the tree. The editor opens with the current source. Edit and Save as above.

Scripts that import from org.openiam.ui.* are compiled inside the Webconsole JVM. All other scripts are compiled by the Groovy Manager service.

Compiling all scripts

Click Compile All to validate every script in the system in one pass. The result panel lists each script that failed to compile, with the full stack trace. This is useful after an OpenIAM upgrade to catch API incompatibilities before they surface at runtime.

Importing scripts from a zip

Use Import to move scripts from another environment (e.g. development → staging → production) or to restore from a backup.

Steps

1. Click Import in the toolbar.
2. Select a .zip file from your filesystem and confirm.
3. A success banner appears: "Groovy scripts imported" (all scripts loaded) or "Groovy scripts partially imported" (some entries were skipped — see below).

Zip file format

The importer expects each Groovy file to be at:

<folder>/<name>_<version>.groovy

Examples of valid entries:

policymap/AddUserToAD_1.0.groovy
recon/LDAPTransformer_2.5.groovy

Examples of invalid entries (these are skipped):

AddUserToAD_1.0.groovy        ← root level, no folder
policymap/AddUserToAD.groovy  ← missing version number

How conflicts are handled

If a script with the same path + name + version already exists, it is updated in-place — no duplicate is created. Scripts that are in the target system but absent from the zip are left untouched.

Skipped entries

Entries that fail the format check are logged as warnings in the OpenIAM audit log under the IMPORT_GROOVY_SCRIPTS action. Check the audit log if the "partially imported" banner appears to see exactly which files were skipped and why.

Exporting scripts

Exporting lets you back up all scripts or promote a subset to another environment.

Export all scripts

Click Export All. The browser downloads groovy-scripts.zip. The archive preserves the full folder hierarchy:

policymap/AddUserToAD_1.0.groovy
recon/LDAPTransformer_2.5.groovy
auth/MFAProvider_1.0.groovy
...

Export selected scripts

1. Check the scripts you want in the file-browser tree (checkboxes appear on hover).
2. Click Export Selected. The browser downloads groovy-scripts-selected.zip containing only the checked scripts.

Importing the exported zip into another environment

The export format is fully compatible with the importer. A typical promotion workflow:

1. In the source environment  → Export All (or Export Selected)
2. In the target environment  → Import → pick the downloaded zip
3. Verify with Compile All

Audit trail

Every import and export operation is recorded in the OpenIAM audit log:

The audit record includes the number of scripts exported, and for imports lists any skipped entries as warnings.

REST API

All operations above are also available programmatically. See the Groovy Manager API reference for endpoint details.