search

IBM-Security / ibmsecurity

Idempotent functions for IBM Security Appliance REST APIs. Currently covering ISAM and ISDS Appliances.
Apache License 2.0
47 stars 73 forks source link

Idempotency not working for reverse proxy configuration set #215

Open elijah-chan opened 4 years ago

elijah-chan commented 4 years ago

it seems that the reverse proxy configuration set function keeps inserting a new entry instead of not making any changes for eai-trigger-urls stanza

this is a snippet of my code

setEntries = [['trigger', '/pwd/testing']]
p(ibmsecurity.isam.web.reverse_proxy.configuration.entry.set(isamAppliance=isam_server, reverseproxy_id="sp-saml", stanza_id="eai-trigger-urls", entries=setEntries))

this is shown in the logs:

Entry found in rp:sp-saml, stanza:eai-trigger-urls, entryid:trigger, value:['/FIM/sps/auth*', '/FIM/sps/IDPFed/saml20/soap*', '/FIM/sps/IDPFed/saml20/slo*', '/FIM/sps/IDPFed/saml20/login*', '/mga/sps/oauth/oauth20/session*', '/mga/sps/auth*', '/mga/sps/authservice/authentication*', '/pwd/testing']
[2020-02-16 22:57:00,489] [PID:91475 TID:4527084992] [DEBUG] [ibmsecurity.isam.web.reverse_proxy.configuration.entry] [_check():251] Existing Value(s): ['/FIM/sps/auth*', '/FIM/sps/IDPFed/saml20/soap*', '/FIM/sps/IDPFed/saml20/slo*', '/FIM/sps/IDPFed/saml20/login*', '/mga/sps/oauth/oauth20/session*', '/mga/sps/auth*', '/mga/sps/authservice/authentication*', '/pwd/testing']
[2020-02-16 22:57:00,489] [PID:91475 TID:4527084992] [DEBUG] [ibmsecurity.isam.web.reverse_proxy.configuration.entry] [_check():252] Value to update  : ['/pwd/testing']
[2020-02-16 22:57:00,489] [PID:91475 TID:4527084992] [DEBUG] [ibmsecurity.isam.web.reverse_proxy.configuration.entry] [_check():256] Value arrays do not match!

the result is this

[2020-02-16 22:57:21,834] [PID:92328 TID:4514801088] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_log_response():609] Response: 0
{ 'changed': False,
  'data': { 'trigger': [ '/FIM/sps/auth*',
                         '/FIM/sps/IDPFed/saml20/soap*',
                         '/FIM/sps/IDPFed/saml20/slo*',
                         '/FIM/sps/IDPFed/saml20/login*',
                         '/mga/sps/oauth/oauth20/session*',
                         '/mga/sps/auth*',
                         '/mga/sps/authservice/authentication*',
                         '/pwd/testing',
                         '/pwd/testing']}

since the entry is already inside the list, why is the code adding it the entry again ?

ram-ibm commented 4 years ago

I suspect it may the format of the input - will investigate this further.

djorgen-ibm commented 4 years ago

The set is replacing the old list with the new list if the two lists are not the same. It is not adding a new value to the old list.