/
Inter-Cloud Data Monitor

Inter-Cloud Data Monitor

Disclaimer

Your use of this download is governed by Stonebranch’s Terms of Use, which are available at Stonebranch Integration Hub - Terms of Use.

Version Information

Template NameExtension NameVersionStatus
Cloud Data Monitorue-cloud-dm2 (Current 2.0.0)Fixes and new features are introduced.
Cloud Data Monitorue-cloud-dm1Hot Fixes Only (Until UAC 7.5 is End of Support)

Refer to Changelog for version history information.

Version 2.0.0 is a major release and introduces breaking changes that might affect some users depending on their setup. Administrators are strongly advised to refer to Changelog for more information on the changes introduced in this release. Refer also to the Migration Guide to apply changes in existing task definitions.  

Overview

One of the key use cases for Service Orchestration and Automation Platforms is the ability to detect changes in files or directories and respond to these events by executing specific actions.

This integration enables monitoring of files and directories across various local and cloud storage systems. When a change is detected, Local Universal Events are triggered and can be processed within Universal Controller, such as initiating a task or workflow. 


Key Features

This Universal Extension supports the following key features:

FeatureDescription
Monitoring
  • Monitor one or multiple objects' creation, modification, or deletion.
  • Support for multiple Storage Systems across multiple platforms.
Options
  • Event-driven task execution when combined with Universal Triggers.
  • Advanced filtering capabilities.
  • Dynamic token refresh for OneDrive cloud storage.
Universal Events
  • Universal Event is published upon occurring action, sharing information about the object that prompted it.
Rclone
  • This integration is bundled with Rclone v1.66.0. Installing Rclone binaries on the Agent is not required.

Requirements

This integration requires a Universal Agent, and a Python runtime to execute the Universal Task. The following are the requirements for Version 2

AreaDetails

Python Version

Requires Python 3.11.  Tested with Python 3.11.6.

Universal Agent Compatibility

  • Compatible with Universal Agent for Windows x64 and version >= 7.6.0.0.

  • Compatible with Universal Agent for Linux and version >= 7.6.0.0.

Universal Controller Compatibility

Universal Controller Version >= 7.6.0.0.
Network and Connectivity

Universal Agent should be able to establish a connection with:

  • The remote storage providers used at the Universal Task Definition.
  • The Universal Controller host. This is required only in case Update Credentials field is used.

Supported Actions

This integration supports the following actions.

Action: Monitor On Create

This action enables monitoring for the creation of one or multiple objects. The object can either be a file or a directory. Selecting this action enables the Trigger On Existence option, which treats the initial files of the directory as a file creation event. If this option is enabled, the user has to set a filter based on rclone filtering rules.

Configuration examples

User Scenario:

Monitor On Create minimum configuration.

User Scenario:

Monitor On Create with the Trigger On Existence option enabled. The Filter option is used to select specific files.

Action Output

This extension provides EXTENSION output on Cancel or on Failure.

OutputTypeDescriptionExamples
EXTENSION

The EXTENSION OUTPUT provides the following information:

  • exit_code, status_description: General info regarding the task execution. For more information, refer to the Exit Codes section.
  • invocation.fields: The task configuration used for this task execution.
  • result.cmd: The executed command line.
  • result.rc: The return code from the executed command line.
  • result.errors: List of errors that might have occurred during Universal Task Execution.
Successful Execution
{
	"exit_code": 0,
	"status_description": "Task executed successfully",
	"invocation": {
		"extension": "ue-cloud-dm",
		"version": "2.0.0",
		"fields": {
			"action": "Monitor On Create",
			"trigger_on_existence": false,
			"configuration_file": "/home/user/data/tmp/6e9d8fd1-167c-4e74-b210-898d1eaaebef.con",
			"storage_system": "local_ua",
			"storage_filepath": "/home/ue-dev/USERS/user/cloud-dm/",
			"files_only": false,
			"storage_credentials": {
				"user": "599910b6-1234-1234-abcdef-1234cc63bd0",
				"password": "****",
				"token": "****",
				"key_location": null,
				"passphrase": "****"
			},
			"update_credentials": false,
			"controller_url": null,
			"controller_credentials": null,
			"refresh_storage_credentials": null,
			"monitor_time_interval": 10,
			"use_storage_modtime": false,
			"recursion_depth": 1,
			"use_filter": "Include",
			"filter": "{{report.*}}",
			"additional_options": null,
			"tag": null,
			"correlation_id": null,
			"log_level": "DEBUG",
			"configuration_file_name": "rclone.conf",
			"storage_credentials_user": null,
			"storage_credentials_password": null,
			"storage_credentials_token": null,
			"storage_credentials_name": "local_credentials",
			"controller_credentials_user": null,
			"controller_credentials_password": null,
			"controller_credentials_name": null
			}
		},
	"result": {
		"cmd": "/home/user/data/uag/extensions/.ue-cloud-dm/vendor/rclone lsjson 
               local_ua:/home/ue-dev/USERS/user/cloud-dm/ 
               --config=/home/user/data/tmp/2a100d7f-08b5-43c2-b20d-344a2c2d85a9.con 
               --max-depth=1 --log-level=DEBUG" --include {{report.*}}",
		"rc": 0
	}
}
Failed Execution
{
	"exit_code": 1,
	"status_description": "Execution Failed: See STDERR for more information.",
	"invocation": {
		"extension": "ue-cloud-dm",
		"version": "2.0.0",
		"fields": {
			"update_credentials": false,
			"configuration_file": "/home/user/data/tmp/2a100d7f-08b5-43c2-b20d-344a2c2d85a9.con",
			"refresh_storage_credentials": null,
			"recursion_depth": 1,
			"tag": "extensions_test",
			"monitor_time_interval": 300,
			"use_filter": "-- None --",
			"additional_options": null,
			"files_only": false,
			"controller_url": null,
			"storage_system": "one_drive",
			"use_storage_modtime": false,
			"trigger_on_existence": true,
			"action": "Monitor On Create",
			"filter": null,
			"storage_filepath": "/user-storage/",
			"log_level": "DEBUG",
			"storage_credentials": {
				"user": "599910b6-1234-1234-abcdef-1234cc63bd0",
				"password": "****",
				"key_location": null,
				"passphrase": "****",
				"token": "****"
			}
		}
	},
	"result": {
		"cmd": "/home/user/data/uag/extensions/.ue-cloud-dm/vendor/rclone lsjson 
               one_drive:/user-storage/ 
               --config=/home/user/data/tmp/2a100d7f-08b5-43c2-20d-344a2c2d85a9.con
               --max-depth=1 --log-level=DEBUG",
		"rc": 1
		"errors": [
			"Failed to create file system for \"one_drive:/user-storage/\": 
			failed to get root: Get \"https://graph.microsoft.com/v1.0/drives/HASH/root\": 
			couldn't fetch token: invalid_client: if you're using your own client id/secret, 
			make sure they're properly set up following the docs"
		]
	}
}

Action: Monitor On Change and Monitor On Delete

The Monitor On Change action monitors if the object's modification time has been updated, while the Monitor On Delete action monitors whether an object has been deleted. These two actions share the same configuration.

Configuration examples

User Scenario:

Monitor On Change with a custom Event Tag and the Use System Storage Modified Time field selected.

User Scenario:

Monitor On Delete using a Filter and the Files Only field. The Filter option is used to select specific files.

Action Output

This extension provides EXTENSION output on Cancel, or on Failure.

OutputTypeDescriptionExamples
EXTENSION

The extension output provides the following information:

  • exit_code, status_description: General info regarding the task execution. For more information, refer to the Exit Codes section.
  • invocation.fields: The task configuration used for this task execution.
  • result.cmd: The executed command line.

  • result.rc: The return code from the executed command line.

  • result.errors: List of errors that might have occurred during Universal Task Execution.
Successful Execution
{
	"exit_code": 0,
	"status_description": "Task executed successfully",
	"invocation": {
		"extension": "ue-cloud-dm",
		"version": "2.0.0",
		"fields": {
			"action": "Monitor On Change",
			"trigger_on_existence": false,
			"configuration_file": "/home/user/data/tmp/6e9d8fd1-167c-4e74-b210-898d1eaaebef.con",
			"storage_system": "local_ua",
			"storage_filepath": "/home/ue-dev/USERS/user/cloud-dm/",
			"files_only": false,
			"storage_credentials": {
				"user": "599910b6-1234-1234-abcdef-1234cc63bd0",
				"password": "****",
				"token": "****",
				"key_location": null,
				"passphrase": "****"
			},
			"update_credentials": false,
			"controller_url": null,
			"controller_credentials": null,
			"refresh_storage_credentials": null,
			"monitor_time_interval": 10,
			"use_storage_modtime": false,
			"recursion_depth": 1,
			"use_filter": "Include",
			"filter": "{{report.*}}",
			"additional_options": null,
			"tag": null,
			"correlation_id": null,
			"log_level": "DEBUG",
			"configuration_file_name": "rclone.conf",
			"storage_credentials_user": null,
			"storage_credentials_password": null,
			"storage_credentials_token": null,
			"storage_credentials_name": "local_credentials",
			"controller_credentials_user": null,
			"controller_credentials_password": null,
			"controller_credentials_name": null
			}
		},
	"result": {
		"cmd": "/home/user/data/uag/extensions/.ue-cloud-dm/vendor/rclone lsjson
        one_drive:/user-storage/ 
        --config=/home/user/data/tmp/2a100d7f-08b5-43c2-20d-344a2c2d85a9.con
        --max-depth=1 --log-level=DEBUG",
		"rc": 0
	}
}
Failed Execution
{
	"exit_code": 1,
	"status_description": ""Execution Failed: See STDERR for more information.",
	"invocation": {
		"extension": "ue-cloud-dm",
		"version": "2.0.0",
		"fields": {
		"update_credentials": true,
		"configuration_file": "/home/user/data/tmp/fa02639e-e7c4-4f26-90db-78a7b09acce8.con",
		"refresh_storage_credentials": null,
		"recursion_depth": 1,
		"tag": "extensions_test",
		"monitor_time_interval": 300,
		"use_filter": "-- None --",
		"additional_options": null,
		"files_only": false,
		"controller_url": "http://controller.stonebranch.org:8080/uc/",
		"storage_system": "one_drive",
		"use_storage_modtime": false,
		"trigger_on_existence": false,
		"action": "Monitor On Delete",
		"filter": null,
		"storage_filepath": "/invalid_directory/",
		"log_level": "DEBUG",
		"controller_credentials": {
			"user": "ops.****",
			"password": "****",
			"key_location": null,
			"passphrase": "****",
			"token": "****"
		},
		"storage_credentials": {
			"user": "12342de-1234-1234-abcdef-1234cc6fff",
			"password": "****",
			"key_location": null,
			"passphrase": "****",
			"token": "****"
			}
		}
	},
	"result": {
		"cmd": "/home/user/data/uag/extensions/.ue-cloud-dm/vendor/rclone lsjson 
               one_drive:/invalid_directory/
               --config=/home/user/data/tmp/fa02639e-e7c4-4f26-90db-78a7b09acce8.con
               --max-depth=1 --log-level=DEBUG",
		"rc": 3
 		"errors": [
			"error listing: directory not found",
			"Failed to lsjson with 2 errors: last error was: 
            error in ListJSON: directory not found"
		]
	}
}

Input Fields

The input fields for this Universal Extension are described below.

FieldInput typeDefault valueTypeDescriptionVersion Information
ActionRequiredMonitor On CreateChoiceAction to be performed.

Available actions:
  • Monitor On Create
  • Monitor On Change
  • Monitor On Delete

This field is included as an Event Attribute.

Introduced in 1.0.0
Trigger On ExistenceOptionalFalseBooleanWhen this flag is enabled and objects already exist on the given storage, an event will be published. Otherwise, the Universal Task will keep monitoring for new object creation.

Optional when Action "Monitor on Create" is selected.
Introduced in 1.0.0
Configuration FileRequired-Script

This integration depends on Rclone. This field models the Rclone Configuration file, which contains all the required parameters to connect to the Storage System. The filename should have the ".conf" suffix.

Example: rclone.conf

Introduced in 1.0.0
Storage SystemRequired-Dynamic Choice Field

The remote or Local storage to execute the selected Action. The magnifier button next to the field can be used to retrieve all available Storage Systems from the Configuration File.

This field is included as an Event Attribute.

Introduced in 1.0.0
Storage CredentialsOptional-Credential

Credentials needed to connect to the selected Storage System.
For Storage System of type "local", the standard Agent's Credentials field should be provided.

From Universal Controller 7.6 onwards, a variable that holds the Credential Name can be used when the related checkbox is selected. In this case, the content of this field should be ${variable_name}

Introduced in 1.0.0
Storage FilepathOptional-Text

The path to monitor objects for the selected Action.

This field is included as an Event Attribute.

Introduced in 1.0.0
Update CredentialsOptionalFalseBoolean

If the remote storage uses OAuth for its authorization, Rclone can be adjusted to refresh the respective token in its Configuration File during execution time. Enabling this field will ensure that the runtime-updated token from Rclone will be provisioned to the respective Credential Field on the Universal Controller.

This field is used in conjunction with fields Controller URL, Controller Credentials, and optionally Refresh Storage Credentials. See the respective examples in the Refresh Storage Credentials chapter.

The default setting is unchecked.

Introduced in 1.0.0
SSL Certificate VerificationOptionalTrueBoolean

When this flag is disabled, SSL Verification is skipped when connecting to Universal Controllers using HTTPS, and a CA Bundle is not required.

To provide a CA Bundle, consult the SSL Verification section.


Optional when Update Credentials is checked.

Introduced in 2.0.0
Controller URLOptional-TextController URL where Storage Credentials are stored.

Required when Update Credentials is checked.
Introduced in 1.0.0
Controller CredentialsOptional-CredentialsController user's credentials, used for logging and updating Storage Credentials. The Credentials definition should be as follows:
  • User as "Runtime User".
  • User Password as "Runtime Password".
Note: The user should have sufficient Credential permissions.

Required when Update Credentials is checked.
Introduced in 1.0.0
Refresh Storage CredentialsOptional-Array

Note: This Array is not required to be configured if the configuration (storage) is of type "onedrive".

This Array field is available when Update Credentials is checked. It is used as a mapping table between the Configuration File locator that Rclone has updated during execution, and its corresponding Universal Controller Credential field.

Populate this array with the following format:

  • Configuration File Details: "<Storage System name>"."<Configuration File's field to be refreshed by Rclone>"
  • Storage Credentials Details: "<Storage Credentials name>"."<Storage Credentials field to be updated>"

This option copies the Configuration file's field value to the provided Storage Credential field. Each line of this Array is evaluated, and related mapping is performed. See Refresh Storage Credentials for other remotes.


Note: Refresh of Storage Credentials is performed via the Controller's REST API. See Network and Connectivity Requirements

Introduced in 1.0.0
Monitor Time IntervalOptional300IntegerThe interval period in seconds used to monitor the given Storage Filepath.Introduced in 1.0.0
Use FilterOptional-- None --ChoiceThe filter type that is applied to the Action.

Available options:
  • -- None --
  • Include
  • Exclude
Introduced in 1.0.0
FilterOptional-TextFilter based on Rclone filtering rules that is applied to the Action.

Required when Use Filter is checked.
Introduced in 1.0.0
Files OnlyOptionalFalseBooleanWhen enabled, directories will be ignored and only files will be monitored.Introduced in 1.0.0
Use Storage System Modified TimeOptionalTrueBoolean

When enabled, the modified time of the Storage System will be used for the object's modification time, rather than the original object's modified time metadata.

Introduced in 1.0.0
Recursion DepthOptional1IntegerRecursion depth that is applied. Default value 1 means that no recursion will be applied.Introduced in 1.0.0
Additional OptionsOptional-TextSpace-separated Rclone options that applied to the selected Action.Introduced in 1.0.0
Event TagOptional-Text

This field allows task authors to define a 'tag' attribute for the generated universal events, enabling more filtering capabilities at the Universal Monitor level.

This field is included as an Event Attribute.

Introduced in 1.0.0. Renamed to Event Tag in 2.0.0

Cloud Data Monitor Events

This monitor publishes Universal Events when objects are monitored successfully, based on the selected Action. The suggested implementation to accomplish this behavior is to associate a Cloud Data Monitor Task (event publisher) with a Universal Monitor Task (event consumer).

The Universal Event for this Universal Extension is described below.

Event Template: Event Monitor

AttributeDescriptionType
Storage SystemThe Storage System where the monitored object is stored. This is the input field Storage System.Text
Storage FilepathThe Storage System where the monitored object is stored. This is the input field Storage Filepath.Text
FilenameThe name of the monitored object.Text
FilesizeThe size of the monitored object.Integer
File Modified TimeThe modification time of the monitored object.Text
Event TagAllows task authors to define a 'tag' attribute for the generated Universal Events, enabling more filtering capabilities at the Universal Monitor level. This is the Event Tag field.Text
Event TypeThe name of the Action that initiated the Universal Event. This is the Action field.Text
DirectoryA flag that is true when the monitored object is a directory.Boolean
Agent NameThe name of the agent the task instance is running on.Text

Task Examples

Two scenarios of the association between a Cloud Data Monitor Task (event publisher) with a Universal Monitor Task (event consumer) are described below. For both scenarios, a Cloud Data Monitor Task (Publisher) and a Universal Monitor Task (Consumer) should be configured properly.

Workflow Scenario
Trigger Scenario

Universal Monitor Task Example

Universal Monitor can be configured in different ways:

Monitor configurationDescription
Universal Monitor is attached to a specific Publisher task

The Cloud Data Monitor Task is automatically started when the related Universal Monitor is started (either standalone or through a trigger).

That creates a tight relationship between the Universal Monitor (Consumer) and Cloud Data Monitor Task (publisher) where the events that get published are always processed. This configuration option is the most common one, especially when a monitor is attached to a trigger.

Universal Monitor is not attached to a specific Publisher task

In this case, the Universal Monitor (Consumer) and the Cloud Data Monitor Task(s) (Publisher) are started separately.

The Universal Monitor will be consuming events from any Task Instance of type Cloud Data Monitor. If the monitor is not running while the Cloud Data Monitor Task (Publisher) is emitting events, those events will not be processed. Operationally the Universal Monitor must be running before the related Cloud Data Monitor Task(s) are started. 


In a Universal Monitor Task, the Event Type should always be "Local". The Universal Monitor Criteria of a Universal Monitor Task are the Attributes of the Event Template.


Workflow Example

Within a Workflow, only the Universal Monitor Task is configured and is a direct workflow child. The Cloud Data Monitor Task is directly associated with the Universal Monitor Task but is not in the scope of a Workflow.

Upon a successful monitor, the Monitor will go into Success status and the underlying Cloud Data Monitor will go into Finished status.

Trigger Example

This Use Case is when we want to monitor changes continuously and for each event to trigger a task or a workflow. 

Output Fields

NameTypeDescriptionVersion Information
Total Event CountIntegerThe number of events the task instance has published.Introduced in 1.0.0
Last Event TimestampTextThe timestamp (in UTC) of the most recent published event.Introduced in 1.0.0

Environment Variables

Environment Variables can be set in the Environment Variables task definition table.

SSL Verification

When attempting to Refresh Storage Credentials using HTTPS, it might be necessary to provide a CA Bundle. To do so, set the REQUESTS_CA_BUNDLE environment variable to the path of the desired CA Bundle.

Exit Codes

The exit codes for this Universal Extension are described below.

Exit CodeStatusStatus Description
0SuccessTask executed successfully.
1FailedExecution Failed: "<Error Description>"
20FailedData Validation Error: "<Error Description>"
22FailedExecution Failed: Task executed successfully, but updating Credentials failed.

STDOUT and STDERR

STDOUT and STDERR provide additional information to the User. The populated content can be changed in future versions of this extension without notice. Backward compatibility is not guaranteed.

Observability

Metrics are generated and exported by this integration, related to the generated Cloud Data Monitor Events.

Metric: ue.cdm.events

NameInstrument Type

Unit (UCUM)

Attributes

Instrumented By

Description
ue.cdm.eventsCounter

{event}

As defined on Metric Attributes.Universal Controller (Through Universal Event Templates)Counts published events.

Metric Attributes

The following attributes are applicable for ue.cdm.events.

Attribute NameEnabledDescription
typeBy DefaultThe selected action name of the Universal Task.
storageBy DefaultThe storage system that the Universal Task monitors.
filepathBy DefaultThe monitored file path.

Other Observability Configuration Options

Administrators can update the Universal Event Template to control additional attributes sent out for Universal Event-based Metrics. However, this configuration should be approached with caution. When the possible distinct values of those attributes are high, that might lead to high cardinality issues.

Administrators can activate them with caution as follows:

  1. Go to Administration → Universal Templates.

  2. Select the Universal Template.

  3. Click the “Event Templates” Tab.

  4. Select the Name of the Event Template you want to update, which represents the metric you are interested in.

  5. Update the “Optional Metric Labels” list of required Metric Labels.

Grafana Dashboard

A ready-to-use Grafana dashboard can be imported that enables enhanced visibility and understanding of the behavior for Task Instances.  It uses the above published metrics.


See the related How To section on how to install it.

How To

Import Universal Template

To use the Universal Template, you first should perform the following steps.

  1. This Universal Task requires the Resolvable Credentials feature. Check that the Resolvable Credentials Permitted system property has been set to true.

  2. To import the Universal Template into your Controller, follow the instructions from the official documentation: Import An Integration.

  3. When the files have been imported successfully, refresh the Universal Templates list; the Universal Template will appear on the list.

Modifications of this integration, applied by users or customers, before or after import, might affect the supportability of this integration. For more information refer to Integration Modifications.

Configure Universal Task

To configure a new Universal Task, there are three steps required:

  • Create required Resolvable Credentials. Required as Input Fields on the Universal Task Configuration.
  • Create a new Script of type Data, for the Configuration File and populate it according to the following section of Setup Rclone Configuration File as UAC Script.
  • Create a new task, and enter the task-specific details that were created in the Universal Template.


Setup Rclone Configuration File as UAC Script

This integration depends on the Rclone binary which needs a configuration file to locate the required information for the involved storage system(s). This file is passed from the Universal Controller to the Universal Agent as UAC Script through the Configuration File Input Field. The Universal Controller Script should be of type Data, and option Resolve UAC Variables should be enabled.

Integrated Storage Systems & Sample Configurations

Rclone is integrated with multiple storage systems. This Universal Extension has been tested against the following Storage Systems.

  • Amazon S3
  • Google Cloud Storage
  • Microsoft OneDrive Business
  • Local file system (Linux, Windows)


This integration should work properly against other Storage Systems, as long as the integration interface (see the Configure Universal Task chapter) and functionalities listed in this document fulfill the needs of the Storage System.


For functionalities required for specific Storage Systems, users and customers are encouraged to open a Feature Request in our Customer Support Portal.


The indicative Rclone configuration examples below contain the basic connection parameters.

SystemRclone Configuration Documentation LinkExample
AWS S3AWS S3 Rclone Configuration Guide
Example with Credentials as UAC Functions
[aws_s3]
type = s3
provider = AWS
access_key_id = ${_credentialUser('${ops_ue_cloud_storage_credentials}')}
secret_access_key = ${_credentialPwd('${ops_ue_cloud_storage_credentials}')}
region = us-east-2
Google Cloud Storage (Google Drive)Google Drive Rclone Configuration Guide
Example with Credentials as UAC Functions
[google_cloud_storage]
type = google cloud storage
service_account_file = ${_credentialPwd('${ops_ue_cloud_storage_credentials}')}
object_acl = bucketOwnerFullControl
project_number = johnprojectno
location = europe-west3
Microsoft OneDrive/Sharepoint (Using Microsoft Graph Delegated Permissions model)

Microsoft OneDrive/Sharepoint Configuration Guide


For OneDrive/Sharepoint Monitoring, refer also to the Refresh Storage Credentials section.

Example (OneDrive) with Credentials as UAC Functions
[one_drive]
type = onedrive
token = ${_credentialToken('${ops_ue_cloud_storage_credentials}')}
client_id = ${_credentialUser('${ops_ue_cloud_storage_credentials}')}
client_secret = ${_credentialPwd('${ops_ue_cloud_storage_credentials}')}
drive_id = b!reXzf-NsJk-SAMPLE-DRIVE-ID-dfA_bM-DrjNN_hR5pD0u13Fvhi
tenant = a23424587-SAMPLE-TENANT-ID-cd34248adc
client_credentials = true
drive_type = business

Microsoft OneDrive/Sharepoint

(OAuth Client Credential flow, using Microsoft Graph Application Permissions model)

OAuth Client Credential Flow Configuration Guide


For OneDrive/Sharepoint Monitoring, refer also to the Refresh Storage Credentials section.

Example (OneDrive) with Credentials as UAC Functions Using OAuth Client Flow
[one_drive]
type = onedrive
token = ${_credentialToken('${ops_ue_cloud_storage_credentials}')}
client_id = ${_credentialUser('${ops_ue_cloud_storage_credentials}')}
client_secret = ${_credentialPwd('${ops_ue_cloud_storage_credentials}')}
drive_id = b!reXzf-NsJk-THISISASAMPLEDRIVEIDdfA_bM-DrjNN_hR5pD0u13Fvhi
drive_type = business
Local FilesystemLocal Filesystem Configuration Guide
Example
[linux]
type = local

[windows]
type = local

Using Credentials

Storage system configuration embodies the related credentials for authentication and authorization. It is advised that account credentials, tokens, or any other essential information inside the Rclone Configuration File be passed as Universal Controller Credentials, through Credential functions to be kept safe. 

Task authors should be aware of Credential Attributes length limitations. For example, the 'Runtime Password' attribute of a Universal Controller Credential supports strings with up to 512 characters, so it should not be used to store information larger than this value. 

There are several ways that Credential Functions can be used. To make the Configuration File immune to changes in credential names used in the task definition, it is recommended to follow the Configuration through Credential Field Variables approach. Another benefit of this approach is that it is compatible with all the Universal Controller versions supported by this integration. However, alternative approaches are Configuration through Credential Name and Configuration through Credential as Variable, which rely on changes performed on the Configuration File itself, rather than the task definition. The next chapters provide more information on them. 

For local filesystem storage, no credentials are required in the Configuration File. In this case, the credentials that are provided in the Agent Details of the Universal Task are used. If not, the selected action is executed with the permissions of the user that runs the ubroker daemon.

Configuration through Credential Field Variables

The table below lists the variables that can be used for the respective input Credential Field and an example of a function that can be used in the Configuration File definition.

Field NameField VariableCredential Function Example
Storage Credentialsops_ue_cloud_storage_credentials${_credentialUser('${ops_ue_cloud_storage_credentials}')}

Example of a Configuration File for AWS S3 Storage

[aws_s3]
type = s3
provider = AWS
access_key_id = ${_credentialUser('${ops_ue_cloud_storage_credentials}')}
secret_access_key = ${_credentialPwd('${ops_ue_cloud_storage_credentials}')}
region = us-east-2

Configuration through Credential Name

In this case, the Credential Name is used directly inside the Configuration File.

Example of a Configuration File for AWS S3 Storage, using a Credential Function with the Credential Name

[aws_s3]
type = s3
provider = AWS
access_key_id = ${_credentialUser('ue-aws-s3')}
secret_access_key = ${_credentialPwd('ue-aws-s3')}
region = us-east-2

When using this approach, always have in mind that:

  1. Any update on the Storage Credential attributes will not affect the Configuration File. However, if different Credential Names are used on the Task definition, then the configuration file needs to be updated as well to refer to the new Credential names
  2. A single change in the Configuration File will affect all the Cloud Data Monitor Tasks that are utilizing this Script. 

Configuration through Credential as Variable

Starting from Universal Controller 7.6, Credentials can be provided as UAC Variables:

The above approach requires no custom changes in the Configuration File contents.

[aws_s3]
type = s3
provider = AWS
access_key_id = ${_credentialUser('${ops_ue_cloud_storage_credentials}')}
secret_access_key = ${_credentialPwd('${ops_ue_cloud_storage_credentials}')}
region = us-east-2

Refresh Storage Credentials

Refresh token for Microsoft OneDrive

Remote storages of type Microsoft OneDrive & Sharepoint use an OAuth2 token ({"access_token": ..., "token_type": ... , "refresh_token": ... , "expiry": .... }) to authorize users or applications. In this case, and only when the access token has expired, Rclone exchanges the existing refresh token for a new access token and then establishes a connection with the remote storage. This integration provides the capability to save the new value of the token on the selected Universal Controller Credential, so it can be used and configured as a Credential Function.

This integration provides an automatic update of the token when the identified Storage System is of type "onedrive" and it is enabled, and when the task input fields Update Credentials, Controller URL, Controller Credentials are selected.   

An example of such a configuration can be found below:

For more information, refer to OneDrive token refresh.

Refresh authorization fields for other remotes

Some remote storages might have the functionality of refreshing an authorization field. This integration provides the capability to save the new value of the authorization field on a selected Universal Controller Credential, so it can be used and configured as a Credential Function.

The task input fields related to this configuration are Update Credentials, Controller URL, Controller Credentials, and Refresh Storage Credentials.


An example of such a configuration can be found below:

Import Grafana Dashboard

Users can benefit from a ready-to-use sample dashboard that this downloadable integration offers when observability features are used. It is located under the /observability/grafana/ directory inside the downloadable zip file from the Stonebranch Integration Hub. Administrators should refer to the official Grafana User Guide on how to import a Grafana Dashboard.

Dashboard’s Prometheus data source is configured as a variable and thus needs to be mapped to an existing Data Source configured on the target Grafana instance.

Integration Modifications

Modifications applied by users or customers, before or after import, might affect the supportability of this integration. The following modifications are discouraged to retain the support level as applied for this integration.

  • Python code modifications should not be done.
  • Template Modifications
    • General Section

      • "Name", "Extension", "Variable Prefix", and "Icon" should not be changed.
    • Universal Template Details Section

      • "Template Type", "Agent Type", "Send Extension Variables", and "Always Cancel on Force Finish" should not be changed.
    • Result Processing Defaults Section

      • Success and Failure Exit codes should not be changed.
      • Success and Failure Output processing should not be changed.
    • Fields Restriction Section
      The setup of the template does not impose any restrictions, however, concerning the "Exit Code Processing Fields" section.

      1. Success/Failure exit codes need to be respected.
      2. In principle, as STDERR and STDOUT outputs can change in follow-up releases of this integration, they should not be considered reliable sources for determining the success or failure of a task.
      3. In Event Templates fields "Name", "Time To Live", "Unmapped Attribute Policy", "Attribute Name", and "Attribute Type", should not be changed.

      The suggested configuration for this Universal Extension does not require any updates on Time To Live. However, this field can be tuned for troubleshooting purposes, affecting immediately the time (in minutes) that events are stored in the Controller's Event Queue. Configure a low Time To Live value (for example 1 minute) if it is required to review the published Events.

      Use the Server Operation Inspect Universal Events to view all Universal Events in the Controller's event queue.

Users and customers are encouraged to report defects, or feature requests at Stonebranch Support Desk.

Known Limitations

  • To properly monitor object renaming, the users have to use Action "Monitor On Create" instead of "Monitor on Change".
  • In version 1, only the agent user (the user running the Universal Agent) could run this integration on Linux OS. In version 2.0.0, a workaround is available for Agents running without defect D-13034 resolved (updated prior to December 2024). To allow users other than the agent user to run a Cloud Data Monitor Task, follow these steps:

    1. Identify the Linux Agents on which the Cloud Data Monitor Task needs to run.

    2. Import the latest version of ue-cloud-dm (currently 2.0.0) on the desired Universal Controller.
    3. Initiate a test Cloud Data Monitor task on the agents identified in step (1), using the agent user (by leaving the Agent Details → Credentials field empty). This task ensures the integration installs correctly on each agent, enabling future tasks to run smoothly under various user accounts.

On version 2.0.0 using Universal Agent versions that have D-13034 resolved, it is possible to execute tasks with any user without issues.


Migration Guide

Upgrading from version 1.0 to 2.0

When upgrading major versions, the following actions should be performed to migrate task definitions properly, due to the breaking changes:

  • Rclone does not need to be installed on the agent system. It is bundled with the extension.
  • The Correlation ID field has been renamed to Event Tag, no change is required.
  • Tasks that refer to Cloud Data Monitor Task Instance Variables (for example sibling tasks within a Workflow), should be updated to ${ops_ue_cloud_<field_name>}. (the "_dm" part existing on version 1 has been removed)
  • Configuration File should be updated when Credential Fields variables are referenced, as the variable names do not include "_dm" on version 2. 
Cloud Data Monitor 1.0.0Cloud Data Monitor 2.0.0
Example with variable prefix ue_cloud_dm
[aws_s3]
type = s3
provider = AWS
access_key_id = ${_credentialUser('${ops_ue_cloud_dm_storage_credentials}')}
secret_access_key = ${_credentialPwd('${ops_ue_cloud_dm_storage_credentials}')}
region = us-east-2
Example with variable prefix ue_cloud
[aws_s3]
type = s3
provider = AWS
access_key_id = ${_credentialUser('${ops_ue_cloud_storage_credentials}')}
secret_access_key = ${_credentialPwd('${ops_ue_cloud_storage_credentials}')}
region = us-east-2
  • Event Template Changes - The Event Templates of Cloud Data Monitor version 1 have been merged into a single template to improve user experience. To migrate to version 2, only the Event Monitor event template is required:
Cloud Data Monitor 1.0.0Cloud Data Monitor 2.0.0

Event Monitor On Create



Event Monitor

Event Monitor On Create Exists

Event Monitor On Change
Event Monitor On Delete

With this change, Universal Events should be filtered by Action name using the new "event_type" attribute. To see what this looks like, refer to the Universal Monitor Task Example.

Document References

This document references the following documents.

Document LinkDescription
Universal TemplatesUser documentation for creating Universal Templates in the Universal Controller user interface.
Universal TasksUser documentation for creating Universal Tasks in the Universal Controller user interface.
Universal Event TemplatesUser documentation for Universal Event Template fields definition.
Universal Monitor TasksUser documentation for creating Universal Monitor Tasks in the Universal Controller user interface.
RcloneRclone official documentation.
Rclone Storage Systems configurationConfiguration file details.
Rclone Exit CodesRclone exit codes list.

Changelog

ue-cloud-dm-2.0.0 (2025-02-06)

Deprecations and Breaking Changes 

  • Breaking Change: Replaced multiple event templates (1 per action) with one template having the "event_type" attribute. (#41506)
  • Breaking Change: Changed extension prefix to ue_cloud, offering the ability to use the same configuration with Cloud Data Transfer. (#36364)

Enhancements

  • Rclone is now bundled with the extension. (#36181)
  • Automatically attempt to refresh OneDrive Credentials when the field Update Credentials is set. (#40914)
  • The directory attribute was included in the Universal Event Template to indicate whether a monitored object is a directory. (#42435)
  • Introduced Observability metrics enabling enhanced visibility and understanding of behavior for Task Instances. (#42806)
  • The option to skip SSL Certificate Verification when selecting the Update Credentials field. (#43388)
  • Update Credentials on UC will be performed only when there is new information to Update. (#43708)
  • Changed the label of the "Correlation ID" field to "Event Tag". (#41738)

Fixes

  • Monitor On Change Index Error on file creation. (#41944)
  • Issue with setting Recursion Depth value greater than 1 when files in different directories have the same name. (#42434)
  • Extension Failure when the Use Storage Modtime field is not checked. (#42670)
  • Permission issue on Linux OS which occurs when a task is executed with a user different than the agent user. (#42955)
  • Key Location field is not retained when updating Universal Controller Credentials. (#43411)
  • Task failure when using Windows paths with whitespace. (#43610)

ue-cloud-dm-1.0.1 (2024-08-14)

Fixes

  • Events were not published with the Action "Monitor On Create" when Trigger on Existence was enabled. (#41688)
  • Warnings appeared at the beginning of the extension execution on later versions of the Universal Controller. (#36812)
  • Issue when Updating Credentials. (#36117)

ue-cloud-dm-1.0.0 (2022-10-26)

Enhancements

  • Initial version (#29658)

Related content

Inter-Cloud Data Transfer
Inter-Cloud Data Transfer
More like this
Amazon S3: Cloud Storage Bucket File Transfer
Amazon S3: Cloud Storage Bucket File Transfer
Read with this
Inter-Cloud Data Transfer - Obsolete
Inter-Cloud Data Transfer - Obsolete
More like this
UAC Utility: Run a Command/Script on a Remote SSH Server
UAC Utility: Run a Command/Script on a Remote SSH Server
Read with this
UAC Solution Pack: Dynamic Container File Monitoring and File Transfer
UAC Solution Pack: Dynamic Container File Monitoring and File Transfer
More like this
Platform Support for Universal Controller 7.4.x and Universal Agent 7.4.x
Platform Support for Universal Controller 7.4.x and Universal Agent 7.4.x
Read with this