search

IBM-Security / ibmsecurity

Idempotent functions for IBM Security Appliance REST APIs. Currently covering ISAM and ISDS Appliances.
Apache License 2.0
47 stars 73 forks source link

Multiple junctions fail during creation with "The format of the request was not valid. The operation cannot be completed." #235

Open paulwinters-cenitex opened 4 years ago

paulwinters-cenitex commented 4 years ago

We have a reverse proxy instance that is being created with two junctions. This is failing with a "The format of the request was not valid. The operation cannot be completed" error message when using ibmsecurity v2020.2.13.0.

We have it working correctly for a single junction.

The entrypoint of the playbook has this:

- name: Setup instances {{ inst_name }} for  {{ app_name }} application in {{ env }} environment
  hosts: "{{app_name}}_ws_{{env}}"
  connection: local
  #no_log: true
  tags: ["create-instance"]  
  tasks:
    - name: Retrieve instances list from the appliance    
      include_role:
        name: get_reverseproxies
    - name: Set Fact for current appliance instances
      set_fact: instance_item="{{ item.id }}" 
      with_items: "{{ reverseproxy_ret_obj.data }}"
      register: instances_result
    - name: Make a current instances list
      set_fact: current_instances_list="{{ instances_result.results | map(attribute='ansible_facts.instance_item') | list }}" 
    - name:  
      include_tasks: lib/set_instance.yml inst="{{ inst_name }}" inst_config={{ item }}
      when: inst_name | string not in current_instances_list and item.id == 0
      with_items: "{{ instances_list }}" 
    - name:  
      include_tasks: lib/set_instance.yml inst="{{ inst_name }}_{{ item.id }}" inst_config={{ item }}
      when: inst_name+"_"+item.id | string not in current_instances_list and item.id > 0
      with_items: "{{ instances_list }}"

Which then calls 'lib/set_instance.yml':

- name: Search junctions files for "{{ inst_name }}" instance
  find:
     paths: "{{ config_path }}/application/{{ app_name }}/junction"
     patterns: "*_{{ inst_name }}.yml"
  register: junctions_path
- name: Set Fact for junction
  set_fact: junction_item="{{ jctfilesvar.path | basename | regex_replace('_'+inst_name+'.yml') }}" 
  with_items: "{{junctions_path.files}}"
  loop_control:
    loop_var: jctfilesvar
  register: junctions_result
- name: Make a junctions list
  set_fact: inventory_junctions_list="{{ junctions_result.results | map(attribute='ansible_facts.junction_item') | list }}"
- name: Set set_junctions_list to current
  set_fact: set_junctions_list="{{inventory_junctions_list}}"
- name: Configure junctions on {{ inst_id }}
  include_tasks: lib/set_junction.yml jct_name={{jctinputvar}}
  with_items: "{{ set_junctions_list }}"
  loop_control:
    loop_var: jctinputvar

Which then calls 'lib/set_junction.yml':

  set_fact: instance_id="{{inst_name}}"
  when: inst_id is not defined
- name: Set instance id
  set_fact: instance_id="{{inst_id}}"
  when: inst_id is defined  

- name: Verify WebSEAL generic config in inventory
  stat:
    path: "{{ config_path }}/application/{{ app_name }}/webseal/{{ inst_name }}.yml"
  register: check_webseal_config

- name: Include WebSEAL generic config file
  include_vars:
    dir: "{{ config_path }}/application/{{ app_name }}/webseal"
    files_matching: "{{ inst_name }}.yml"
  when: check_webseal_config.stat.exists

- name: Verify Junction generic config in inventory
  stat:
    path: "{{ config_path }}/application/{{ app_name }}/junction/{{ jct_name }}_{{ inst_name }}.yml"
  register: check_junction_config

- name: Verify Junction environment specific config in inventory
  stat:
    path: "{{ config_path }}/environment/application/{{ app_name }}/junction/{{ env }}/{{ jct_name }}_{{ inst_name }}.yml"
  register: check_junction_env_config

- name: Verify Junction common environment config in inventory
  stat:
    path: "{{ config_path }}/environment/application/{{ app_name }}/junction/{{ cenv }}/{{ jct_name }}_{{ inst_name }}.yml"
  register: check_junction_cenv_config

- name: Include Junction generic config file
  include_vars:
    file: "{{ config_path }}/application/{{ app_name }}/junction/{{ jct_name }}_{{ inst_name }}.yml"
  when: check_junction_config.stat.exists and ( check_junction_env_config.stat.exists or check_junction_cenv_config.stat.exists )

- name: Include Junction environment specific config file
  include_vars:
    file: "{{ config_path }}/environment/application/{{ app_name }}/junction/{{ env }}/{{ jct_name }}_{{ inst_name }}.yml"
  when: check_junction_config.stat.exists and check_junction_env_config.stat.exists

- name: Include Junction common environment config file
  include_vars:
    file: "{{ config_path }}/environment/application/{{ app_name }}/junction/{{ cenv }}/{{ jct_name }}_{{ inst_name }}.yml"
  when: check_junction_config.stat.exists and check_junction_cenv_config.stat.exists and check_junction_env_config.stat.exists == false

- name: Create junctions
  include_role:
    name: set_junction
  vars:
    set_junction_junction_point                   : "{{ junction_point }}"
    set_junction_junction_type                    : "{{ junction_type }}"
    set_junction_reverseproxy_id                  : "{{ inst_id }}"
    set_junction_server_hostname                  : "{{ server_hostname }}"
    set_junction_server_port                      : "{{ server_port }}"
    set_junction_remote_http_header               : "{{ remote_http_header | default([]) }}"
    set_junction_scripting_support                : "{{ scripting_support | default('no') }}"
    set_junction_insert_session_cookies           : "{{ insert_session_cookies | default('no') }}"
    set_junction_junction_cookie_javascript_block : "{{ junction_cookie_javascript_block | default('inhead') }}"
    set_junction_basic_auth_mode                  : "{{ basic_auth_mode | default('filter') }}"
    set_junction_client_ip_http                   : "{{ client_ip_http | default('no') }}"
    set_junction_stateful_junction                : "{{ stateful_junction | default('no') }}"
    set_junction_virtual_hostname                 : "{{ virtual_hostname | default(None) }}"
    set_junction_server_dn                        : "{{ server_dn | default(None) }}"
    set_junction_query_contents                   : "{{ query_contents | default(None) }}"
    set_junction_case_sensitive_url               : "{{ case_sensitive_url | default('no') }}"
    set_junction_windows_style_url                : "{{ windows_style_url | default('no') }}"
    set_junction_https_port                       : "{{ https_port | default(None) }}"
    set_junction_http_port                        : "{{ http_port | default(None) }}"
    set_junction_proxy_hostname                   : "{{ proxy_hostname | default(None) }}"
    set_junction_proxy_port                       : "{{ proxy_port | default(None) }}"
    set_junction_sms_environment                  : "{{ sms_environment | default(None) }}"
    set_junction_transparent_path_junction        : "{{ transparent_path_junction | default('no') }}"
    set_junction_request_encoding                 : "{{ request_encoding | default('utf8_bin') }}"
    set_junction_username                         : "{{ jct_username | default(None) }}"
    set_junction_password                         : "{{ jct_password | default(None) }}"
    set_junction_server_uuid                      : "{{ server_uuid | default(None) }}"
    set_junction_vhost_label                      : "{{ vhost_label | default(None) }}"
    set_junction_junction_hard_limit              : "{{ (junction_hard_limit | default(None)) }}"
    set_junction_junction_soft_limit              : "{{ (junction_soft_limit | default(None)) }}"
    set_junction_tfim_sso                         : "{{ tfim_sso | default('no') }}"
    set_junction_preserve_cookie                  : "{{ preserve_cookie | default('no') }}"
    set_junction_cookie_include_path              : "{{ cookie_include_path | default('no') }}"
    set_junction_mutual_auth                      : "{{ mutual_auth | default('no') }}"
    set_junction_enable_basic_auth                : "{{ enable_basic_auth | default('no') }}"
    set_junction_key_label                        : "{{ key_label | default(None) }}"
    set_junction_gso_resource_group               : "{{ gso_resource_group | default(None) }}"
    set_junction_version_two_cookies              : "{{ version_two_cookies | default(None) }}"
    set_junction_ltpa_keyfile                     : "{{ ltpa_keyfile | default(None) }}"
    set_junction_authz_rules                      : "{{ authz_rules | default('no') }}"
    set_junction_fsso_config_file                 : "{{ fsso_config_file | default(None) }}"
    set_junction_local_ip                         : "{{ local_ip | default(None) }}" 
    set_junction_ltpa_keyfile_password            : "{{ ltpa_keyfile_password | default(None) }}"
    set_junction_delegation_support               : "{{ delegation_support | default(None) }}"
    set_juncation_insert_ltpa_cookies             : "{{ insert_ltpa_cookies | default('no') }}"
    force                                         : "True"
  when: check_junction_config.stat.exists and ( check_junction_env_config.stat.exists or check_junction_cenv_config.stat.exists )

- name: Configure {{ junction_point }} with backend servers
  include_role:
    name: add_junction_servers
  vars:
    tags: ["junction", "create"]
    add_junction_servers_junction_point           : "{{ junction_point }}"
    add_junction_servers_junction_type            : "{{ junction_type }}"
    add_junction_servers_reverseproxy_id          : "{{ inst_id }}"
    add_junction_servers_stateful_junction        : "{{ stateful_junction | default('no') }}"
    add_junction_servers_server_dn                : "{{ server_dn  | default(None) }}"
    add_junction_servers_virtual_https_hostname     : "{{ virtual_https_hostname | default(None) }}"
    #add_junction_servers_virtual_hostname      : "{{ jctsrvvar.server_virtual_hostname | default(virtual_hostname) }}"
    add_junction_servers_query_contents           : "{{ query_contents | default(None) }}"
    add_junction_servers_case_sensitive_url       : "{{ case_sensitive_url | default('no') }}"
    add_junction_servers_windows_style_url        : "{{ windows_style_url | default('no') }}"
    add_junction_servers_https_port               : "{{ https_port | default(None) }}"
    add_junction_servers_http_port                : "{{ http_port | default(None) }}"
    add_junction_servers_proxy_hostname           : "{{ proxy_hostname | default(None) }}"
    add_junction_servers_proxy_port               : "{{ proxy_port | default(None) }}"
    add_junction_servers_sms_environment          : "{{ sms_environment | default(None) }}"
    add_junction_servers_vhost_label              : "{{ vhost_label | default(None) }}"
    add_junction_servers:
        - server            : "{{ jctsrvvar.server_hostname }}"
          port              : "{{ jctsrvvar.server_port }}"
          server_uuid       : "{{ jctsrvvar.server_uuid }}"
          virtual_hostname  : "{{ jctsrvvar.server_virtual_hostname  | default(virtual_hostname) | default(None) }}"
  with_items: "{{ junction_servers_config }}"
  loop_control:
     loop_var: jctsrvvar
  when: check_junction_config.stat.exists and ( check_junction_env_config.stat.exists or check_junction_cenv_config.stat.exists ) and junction_servers_config is defined

- name: Configure {{ junction_point }} security
  include_role:
    name: execute_pdadmin
  vars:
    execute_pdadmin_isamuser                    : "{{ sec_master_id }}"
    execute_pdadmin_isampwd                     : "{{ sec_master_pwd }}"
    execute_pdadmin_domain                      : "{{ isam_domain }}"
    execute_pdadmin_commands                    : "{{ junction_security_config }}"
  when: check_junction_config.stat.exists and ( check_junction_env_config.stat.exists or check_junction_cenv_config.stat.exists ) and junction_security_config is defined

- name: Unset force
  set_fact: force="False"

- name: Reset variables
  include_vars:
    dir: "{{ repository_path }}/application/common/webseal"
    files_matching: "junctions_template.yml"
  when: check_junction_config.stat.exists and ( check_junction_env_config.stat.exists or check_junction_cenv_config.stat.exists )

- name: Print error
  debug: 
     msg: "Junction configuration {{ jct_name }} for instance {{ inst_name }} in environment {{ env }} is wrong or not exists. Skipping update ..."
  when: check_junction_config.stat.exists == False or ( check_junction_env_config.stat.exists == False and check_junction_cenv_config.stat.exists == False )

The working junction create:

task path: /data/ansible/isam-ansible-roles/set_junction/tasks/main.yml:1
Using module file /data/ansible/isam-ansible-roles/start_config/library/isam.py
<...omitted...> ESTABLISH LOCAL CONNECTION FOR USER: ansible
<...omitted...> EXEC /bin/sh -c 'echo ~ && sleep 0'
<...omitted...> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/ansible/.ansible/tmp/ansible-tmp-1589180718.6-223660756329070 `" && echo ansible-tmp-1589180718.6-223660756329070="` echo /home/ansible/.ansible/tmp/ansible-tmp-1589180718.6-223660756329070 `" ) && sleep 0'
<...omitted...> PUT /tmp/tmp_aqmmr TO /home/ansible/.ansible/tmp/ansible-tmp-1589180718.6-223660756329070/isam.py
<...omitted...> EXEC /bin/sh -c 'chmod u+x /home/ansible/.ansible/tmp/ansible-tmp-1589180718.6-223660756329070/ /home/ansible/.ansible/tmp/ansible-tmp-1589180718.6-223660756329070/isam.py && sleep 0'
<...omitted...> EXEC /bin/sh -c '/usr/bin/python /home/ansible/.ansible/tmp/ansible-tmp-1589180718.6-223660756329070/isam.py; rm -rf "/home/ansible/.ansible/tmp/ansible-tmp-1589180718.6-223660756329070/" > /dev/null 2>&1 && sleep 0'
changed: [...omitted...] => {
    "ansible_facts": {
        "activations": [
            "wga"
        ],
        "firmware_build": "20171201-2325",
        "firmware_label": "isam_9.0.4.0_20171201-2325",
        "model": "Appliance",
        "product_description": "IBM Security Access Manager",
        "product_name": "isam",
        "version": "9.0.4.0"
    },
    "changed": true,
    "cmd": "ibmsecurity.isam.web.reverse_proxy.junctions.set(isamAppliance=isam_server, force=True, server_hostname=\"...omitted...\", junction_point=\"/devdhssap\", proxy_hostname=\"\", key_label=\"\", https_port=\"\", delegation_support=\"\", query_contents=\"\", gso_resource_group=\"\", ltpa_keyfile=\"\", server_uuid=\"91acff98-b572-11e8-95ac-11505688035a\", cookie_include_path=\"no\", fsso_config_file=\"\", ltpa_keyfile_password=\"\", sms_environment=\"\", http_port=\"\", windows_style_url=\"yes\", authz_rules=\"no\", junction_soft_limit=\"\", case_sensitive_url=\"no\", tfim_sso=\"no\", junction_type=\"tcp\", server_port=\"...omitted...\", insert_session_cookies=\"yes\", username=\"\", remote_http_header=['iv-user'], http2_junction=None, enable_basic_auth=\"no\", junction_hard_limit=\"\", mutual_auth=\"no\", stateful_junction=\"no\", proxy_port=\"\", password=\"\", virtual_hostname=\"...omitted...:...omitted...\", insert_ltpa_cookies=None, junction_cookie_javascript_block=\"inhead\", sni_name=None, local_ip=\"\", client_ip_http=\"no\", version_two_cookies=\"\", scripting_support=\"no\", vhost_label=\"\", reverseproxy_id=\"sap-ros-gspint\", basic_auth_mode=\"filter\", request_encoding=\"utf8_bin\", preserve_cookie=\"no\", http2_proxy=None, transparent_path_junction=\"no\", server_dn=\"\")",
    "data": {
        "id": "/devdhssap",
        "message": "Created junction at /devdhssap\n"
    },
    "delta": "0:00:07.766004",
    "end": "2020-05-11 17:05:27.943249",
    "invocation": {
        "module_args": {
            "action": "ibmsecurity.isam.web.reverse_proxy.junctions.set",
            "adminProxyApplianceShortName": false,
            "adminProxyHostname": null,
            "adminProxyPort": 443,
            "adminProxyProtocol": "https",
            "appliance": "...omitted...",
            "force": true,
            "isamapi": {
                "authz_rules": "no",
                "basic_auth_mode": "filter",
                "case_sensitive_url": "no",
                "client_ip_http": "no",
                "cookie_include_path": "no",
                "delegation_support": "",
                "enable_basic_auth": "no",
                "fsso_config_file": "",
                "gso_resource_group": "",
                "http2_junction": null,
                "http2_proxy": null,
                "http_port": "",
                "https_port": "",
                "insert_ltpa_cookies": null,
                "insert_session_cookies": "yes",
                "junction_cookie_javascript_block": "inhead",
                "junction_hard_limit": "",
                "junction_point": "/devdhssap",
                "junction_soft_limit": "",
                "junction_type": "tcp",
                "key_label": "",
                "local_ip": "",
                "ltpa_keyfile": "",
                "ltpa_keyfile_password": "",
                "mutual_auth": "no",
                "password": "",
                "preserve_cookie": "no",
                "proxy_hostname": "",
                "proxy_port": "",
                "query_contents": "",
                "remote_http_header": [
                    "iv-user"
                ],
                "request_encoding": "utf8_bin",
                "reverseproxy_id": "sap-ros-gspint",
                "scripting_support": "no",
                "server_dn": "",
                "server_hostname": "...omitted...",
                "server_port": "...omitted...",
                "server_uuid": "91acff98-b572-11e8-95ac-11505688035a",
                "sms_environment": "",
                "sni_name": null,
                "stateful_junction": "no",
                "tfim_sso": "no",
                "transparent_path_junction": "no",
                "username": "",
                "version_two_cookies": "",
                "vhost_label": "",
                "virtual_hostname": "...omitted...:...omitted...",
                "windows_style_url": "yes"
            },
            "lmi_port": 443,
            "log": "DEBUG",
            "omitAdminProxy": false,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "username": "admin@local"
        }
    },
    "rc": 0,
    "start": "2020-05-11 17:05:20.177245",
    "status_code": 0,
    "stdout": "[2020-05-11 17:05:19,833] [PID:29358 TID:140498237667136] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():83] Text: {\"firmware_label\":\"isam_9.0.4.0_20171201-2325\",\"firmware_build\":\"20171201-2325\",\"firmware_version\":\"9.0.4.0\",\"product_description\":\"IBM Security Access Manager\",\"deployment_model\":\"Appliance\",\"product_name\":\"isam\"}\n[2020-05-11 17:05:20,022] [PID:29358 TID:140498237667136] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():83] Text: { \"configured\": true}\n[2020-05-11 17:05:20,174] [PID:29358 TID:140498237667136] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():83] Text: [{\"name\":\"ISAM Base Appliance\",\"description\":\"IBM Security Access Manager Base Appliance\",\"id\":\"wga\",\"enabled\":\"True\"}]\n[2020-05-11 17:05:27,942] [PID:29358 TID:140498237667136] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():83] Text: {\"id\":\"/devdhssap\",\"message\":\"Created junction at /devdhssap\\n\"}\n",
    "stdout_lines": [
        "[2020-05-11",
        "17:05:19,833]",
        "[PID:29358",
        "TID:140498237667136]",
        "[DEBUG]",
        "[ibmsecurity.appliance.ibmappliance]",
        "[_process_response():83]",
        "Text:",
        "{\"firmware_label\":\"isam_9.0.4.0_20171201-2325\",\"firmware_build\":\"20171201-2325\",\"firmware_version\":\"9.0.4.0\",\"product_description\":\"IBM",
        "Security",
        "Access",
        "Manager\",\"deployment_model\":\"Appliance\",\"product_name\":\"isam\"}",
        "[2020-05-11",
        "17:05:20,022]",
        "[PID:29358",
        "TID:140498237667136]",
        "[DEBUG]",
        "[ibmsecurity.appliance.ibmappliance]",
        "[_process_response():83]",
        "Text:",
        "{",
        "\"configured\":",
        "true}",
        "[2020-05-11",
        "17:05:20,174]",
        "[PID:29358",
        "TID:140498237667136]",
        "[DEBUG]",
        "[ibmsecurity.appliance.ibmappliance]",
        "[_process_response():83]",
        "Text:",
        "[{\"name\":\"ISAM",
        "Base",
        "Appliance\",\"description\":\"IBM",
        "Security",
        "Access",
        "Manager",
        "Base",
        "Appliance\",\"id\":\"wga\",\"enabled\":\"True\"}]",
        "[2020-05-11",
        "17:05:27,942]",
        "[PID:29358",
        "TID:140498237667136]",
        "[DEBUG]",
        "[ibmsecurity.appliance.ibmappliance]",
        "[_process_response():83]",
        "Text:",
        "{\"id\":\"/devdhssap\",\"message\":\"Created",
        "junction",
        "at",
        "/devdhssap\\n\"}"
    ]
}

The failing creation:

task path: /data/ansible/isam-ansible-roles/set_junction/tasks/main.yml:1
Using module file /data/ansible/isam-ansible-roles/start_config/library/isam.py
<...omitted...> ESTABLISH LOCAL CONNECTION FOR USER: ansible
<...omitted...> EXEC /bin/sh -c 'echo ~ && sleep 0'
<...omitted...> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/ansible/.ansible/tmp/ansible-tmp-1589180734.8-95167834102490 `" && echo ansible-tmp-1589180734.8-95167834102490="` echo /home/ansible/.ansible/tmp/ansible-tmp-1589180734.8-95167834102490 `" ) && sleep 0'
<...omitted...> PUT /tmp/tmpvMNeWU TO /home/ansible/.ansible/tmp/ansible-tmp-1589180734.8-95167834102490/isam.py
<...omitted...> EXEC /bin/sh -c 'chmod u+x /home/ansible/.ansible/tmp/ansible-tmp-1589180734.8-95167834102490/ /home/ansible/.ansible/tmp/ansible-tmp-1589180734.8-95167834102490/isam.py && sleep 0'
<...omitted...> EXEC /bin/sh -c '/usr/bin/python /home/ansible/.ansible/tmp/ansible-tmp-1589180734.8-95167834102490/isam.py; rm -rf "/home/ansible/.ansible/tmp/ansible-tmp-1589180734.8-95167834102490/" > /dev/null 2>&1 && sleep 0'
The full traceback is:
  File "/tmp/ansible_9vXtLh/ansible_module_isam.py", line 131, in main
    ret_obj = eval(func_call)
  File "<string>", line 1, in <module>
  File "/home/ansible/.local/lib/python2.7/site-packages/ibmsecurity/isam/web/reverse_proxy/junctions.py", line 563, in set
    http2_junction=http2_junction, http2_proxy=http2_proxy, sni_name=sni_name, description=description, warnings=warnings)
  File "/home/ansible/.local/lib/python2.7/site-packages/ibmsecurity/isam/web/reverse_proxy/junctions.py", line 278, in add
    requires_version=requires_version, warnings=warnings)
  File "/home/ansible/.local/lib/python2.7/site-packages/ibmsecurity/appliance/isamappliance.py", line 379, in invoke_post
    warnings=warnings)
  File "/home/ansible/.local/lib/python2.7/site-packages/ibmsecurity/appliance/isamappliance.py", line 349, in _invoke_request
    self._process_response(return_obj=return_obj, http_response=r, ignore_error=ignore_error)
  File "/home/ansible/.local/lib/python2.7/site-packages/ibmsecurity/appliance/isamappliance.py", line 69, in _process_response
    raise IBMError("HTTP Return code: {0}".format(http_response.status_code), http_response.text)

fatal: [...omitted...]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "action": "ibmsecurity.isam.web.reverse_proxy.junctions.set",
            "adminProxyApplianceShortName": false,
            "adminProxyHostname": null,
            "adminProxyPort": 443,
            "adminProxyProtocol": "https",
            "appliance": "...omitted...",
            "force": true,
            "isamapi": {
                "authz_rules": "",
                "basic_auth_mode": "filter",
                "case_sensitive_url": "",
                "client_ip_http": "",
                "cookie_include_path": "",
                "delegation_support": "",
                "enable_basic_auth": "",
                "fsso_config_file": "",
                "gso_resource_group": "",
                "http2_junction": null,
                "http2_proxy": null,
                "http_port": "",
                "https_port": "",
                "insert_ltpa_cookies": null,
                "insert_session_cookies": "yes",
                "junction_cookie_javascript_block": "",
                "junction_hard_limit": "",
                "junction_point": "/devdhswd",
                "junction_soft_limit": "",
                "junction_type": "tcp",
                "key_label": "",
                "local_ip": "",
                "ltpa_keyfile": "",
                "ltpa_keyfile_password": "",
                "mutual_auth": "",
                "password": "",
                "preserve_cookie": "",
                "proxy_hostname": "",
                "proxy_port": "",
                "query_contents": "",
                "remote_http_header": [
                    "iv-user"
                ],
                "request_encoding": "",
                "reverseproxy_id": "sap-ros-gspint",
                "scripting_support": "",
                "server_dn": "",
                "server_hostname": "...omitted...",
                "server_port": "...omitted...",
                "server_uuid": "58fe3b5a-1706-11ea-bf07-005056880c99",
                "sms_environment": "",
                "sni_name": null,
                "stateful_junction": "no",
                "tfim_sso": "",
                "transparent_path_junction": "",
                "username": "",
                "version_two_cookies": "",
                "vhost_label": "",
                "virtual_hostname": "...omitted...:...omitted...",
                "windows_style_url": "yes"
            },
            "lmi_port": 443,
            "log": "DEBUG",
            "omitAdminProxy": false,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "username": "admin@local"
        }
    },
    "log": "[2020-05-11 17:05:35,960] [PID:29502 TID:139847924909888] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():83] Text: {\"firmware_label\":\"isam_9.0.4.0_20171201-2325\",\"firmware_build\":\"20171201-2325\",\"firmware_version\":\"9.0.4.0\",\"product_description\":\"IBM Security Access Manager\",\"deployment_model\":\"Appliance\",\"product_name\":\"isam\"}\n[2020-05-11 17:05:36,148] [PID:29502 TID:139847924909888] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():83] Text: { \"configured\": true}\n[2020-05-11 17:05:36,331] [PID:29502 TID:139847924909888] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():83] Text: [{\"name\":\"ISAM Base Appliance\",\"description\":\"IBM Security Access Manager Base Appliance\",\"id\":\"wga\",\"enabled\":\"True\"}]\n[2020-05-11 17:05:36,747] [PID:29502 TID:139847924909888] [ERROR] [ibmsecurity.appliance.ibmappliance] [_process_response():67]      text: {\"message\":\"The format of the request was not valid. The operation cannot be completed.\"}\n",
    "msg": "('HTTP Return code: 400', u'{\"message\":\"The format of the request was not valid. The operation cannot be completed.\"}')",
    "name": "ibmsecurity.isam.web.reverse_proxy.junctions.set"
}
        to retry, use: --limit @/data/ansible/playbooks/retry/dhhs_set_instance.retry

Versions are as follows:

Python 2.7.17
$ ansible --version
ansible 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/ansible/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.17 (default, Nov 15 2019, 19:24:58) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
$ uname -a
Linux ...omitted... 3.10.0-1062.9.1.el7.x86_64 #1 SMP Mon Dec 2 08:31:54 EST 2019 x86_64 x86_64 x86_64 GNU/Linux
$ pip list
Babel (0.9.6)
certifi (2018.8.13)
chardet (3.0.4)
docutils (0.11)
ibmsecurity (2020.2.13.0)
idna (2.7)
importlib (1.0.4)
Jinja2 (2.6)
MarkupSafe (0.11)
nose (1.3.0)
pip (8.1.2)
Pygments (1.5)
requests (2.19.1)
setuptools (0.9.8)
simplejson (3.2.0)
Sphinx (1.1.3)
SQLAlchemy (0.7.9)
urllib3 (1.23)
virtualenv (13.1.0)
Werkzeug (0.8.3)
wheel (0.24.0)
ram-ibm commented 4 years ago

I see the first call to ibmsecurity.isam.web.reverse_proxy.junctions.set() succee (interesting that force=True?). The second call to ibmsecurity.isam.web.reverse_proxy.junctions.set() has a number of values being passed as empty strings - default values are not kicking in? Why is that please?