Open f5u opened 2 years ago
When attempting to disable terminal access for remote user groups using DO, DO returns with a 400 server error "bad declaration".
Steps to reproduce the behavior:
check the current value for "console"
# curl -sku 'admin:admin' -H "Content-Type: application/json" https://localhost/mgmt/tm/auth/remote-role?expandSubcollections=true | jq . | grep console "console": "tmsh",
Submit the following declaration to set "disable":
{ "schemaVersion": "1.30.0", "class": "Device", "async": true, "label": "BIG-IP Onboarding", "Common": { "class": "Tenant", "guest_no_tmsh": { "class": "RemoteAuthRole", "attribute": "F5-LTM-User-Info-1=guest_no_tmsh", "console": "disable", "lineOrder": 4000, "role": "guest", "remoteAccess": false, "userPartition": "all" } } }
Observe the following error response:
{ "id": "610b6362-0d0e-4976-a57f-46f524d1cefd", "selfLink": "https://localhost/mgmt/shared/declarative-onboarding/task/610b6362-0d0e-4976-a57f-46f524d1cefd", "code": 400, "status": "ERROR", "message": "bad declaration", "errors": [ { "keyword": "enum", "dataPath": ".declaration.Common['guest_no_tmsh'].console", "schemaPath": "#/properties/console/oneOf/0/enum", "params": { "allowedValues": [ "disabled", "tmsh" ] }, "message": "should be equal to one of the allowed values" },
confirm that value for "console" was not changed.
Submit the following declaration to set "disabled":
{ "schemaVersion": "1.30.0", "class": "Device", "async": true, "label": "BIG-IP Onboarding", "Common": { "class": "Tenant", "guest_no_tmsh": { "class": "RemoteAuthRole", "attribute": "F5-LTM-User-Info-1=guest_no_tmsh", "console": "disabled", "lineOrder": 4000, "role": "guest", "remoteAccess": false, "userPartition": "all" } } }
confirm that value for "console" was changed.
# curl -sku 'admin:admin' -H "Content-Type: application/json" https://localhost/mgmt/tm/auth/remote-role?expandSubcollections=true | jq . | grep console "console": "disabled",
confirm in GUI that current value is shown as "Terminal Access: Other: disabled" instead of "Terminal Access: Disabled".
Setting "console": "disabled" is allowed and it is shown as "Terminal Access: Disabled" in GUI.
Setting "console": "disable" is not allowed. Setting "console": "disabled" is allowed but it is shown as "Terminal Access: Other: disabled" in GUI.
Cannot set the value via DO equivalent to "Terminal Access: Disabled" in GUI.
Thank you for your feedback. I have added this to our internal product backlog as AUTOTOOL-3346. It looks like we need to be mapping the value of "disabled" to "disable".
Environment
Summary
When attempting to disable terminal access for remote user groups using DO, DO returns with a 400 server error "bad declaration".
Steps To Reproduce
Steps to reproduce the behavior:
check the current value for "console"
Submit the following declaration to set "disable":
Observe the following error response:
confirm that value for "console" was not changed.
Submit the following declaration to set "disabled":
confirm that value for "console" was changed.
confirm in GUI that current value is shown as "Terminal Access: Other: disabled" instead of "Terminal Access: Disabled".
Expected Behavior
Setting "console": "disabled" is allowed and it is shown as "Terminal Access: Disabled" in GUI.
Actual Behavior
Setting "console": "disable" is not allowed. Setting "console": "disabled" is allowed but it is shown as "Terminal Access: Other: disabled" in GUI.
Cannot set the value via DO equivalent to "Terminal Access: Disabled" in GUI.