Importing an empty file in Management-root folder is reporting an incorrect state

IBM-Security / ibmsecurity

Idempotent functions for IBM Security Appliance REST APIs. Currently covering ISAM and ISDS Appliances.

Apache License 2.0

47 stars 73 forks source link

Importing an empty file in Management-root folder is reporting an incorrect state #249

Open Warkdev opened 4 years ago

Warkdev commented 4 years ago

Hello,

I'm encountering a weird behavior with this function. When using it to import a file inside, let's say, 'junction-root', this works well and I've the expected result.

Now, I want to import a file called 'public.json' inside 'junction-root/C', looking at the API documentation, it appears that I've to provide the following input: id: junction-root/C filename: <path>/public.json

And here's the problem, my Tower job says the file is being imported properly:

However, on ISAM, I can't find this file:

I tried many configurations, playing with ID's, using force flag, .. none of them seemed to work for sub-directories.

We run on an ISAM cluster, these are screenshots from a restricted node running ISAM 9.0.7.1 IF5 Cédric S.

Warkdev commented 4 years ago

Hello, I've found the root cause, the file that I was trying to import was empty, however, in such case, I propose that the framework either creates the file, either reports a state "ok", instead of "changed".

What do you think ? @ram-ibm

Cédric S.

ram-ibm commented 4 years ago

I believe the framework is indicating that it made the REST API call as it was designed to do - the actual change in the appliance is not something that is fed back. There is an assumption that a change was required and the REST API call was made. If that was successful then a change is implied.

Here the REST API call to the appliance decided there was nothing to do since the file was empty. The framework was designed to delegate proper data input to the user - there is minimal validation checks. Also it is not clear when the REST API will decide to treat an empty file one way or the other.

Open to further thoughts.

Warkdev commented 4 years ago

Hello @ram-ibm and thanks for the feedback.

Indeed, the REST API decides that there's nothing to do which is inconsistent with the fact that, when you import a ZIP file, empty files are being imported as well (I guess this is a standard unzip).

I've found, performance-wise and development-wise, that the best combination was to have expanded folders inside your local configuration and create an archive which will then be compared with an exported archive from the appliance (with a file by file comparison like you can find here: https://github.com/IBM-Security/ibmsecurity/pull/179), this is taking seconds for hundred of files while importing manually every files via the import_file method can takes up to 12 minutes.