Getting The JSON property [alg] received an invalid type of [type] from API when using ibmsecurity.isam.aac.api_protection.definitions.update

[kalemontes]

Hi, When using the method ibmsecurity.isam.aac.api_protection.definitions.update am getting the following error from ISAM API :

HTTP Return code: 400', u'{\"result\":\"FBTRBA241E The JSON property [enc] received an invalid type of [type]. The expected type was [[string]].
FBTRBA241E The JSON property [alg] received an invalid type of [type]. The expected type was [[string]].\"}

This arrises when the oidc parameter contains enc object with null/None properties :

"enc": {
    "alg": null,
    "enabled": false,
    "enc": null
},

The issue is that when calling ibmsecurity.isam.aac.api_protection.definitions.get we get this structure when encryption on OIDC definition is disabled, for instance https://gist.github.com/kalemontes/ea196b5200bd75c67c52c71aa6f425bc

I was hoping to be able to update some properties of the Definition by getting the current Definition object, and modifying just the properties i need to update. Am using this ansible role if it helps to reproduce https://gist.github.com/kalemontes/61b9fbe34f44a14b6ec2da5320f9306b

[ram-ibm]

I highly recommend using set() function - that will make your life simpler. I have passed the following for "enc":

        enc:
          alg: "null"
          enabled: False
          enc: "null"

You may want to use get() for the mapping rules - so you can find the actual id values.

[kalemontes]

Hi, Thanks for answering. It would be the same as set calls update when the api definition exists, wouldn't it ? (also i tried with set and i get the same error see https://gist.github.com/kalemontes/8da33b60fbdced05843cd2e6ee415228). As @djorgen-ibm stated in https://github.com/IBM-Security/ibmsecurity/issues/281#issuecomment-705159451 what am trying to do is to update only one property of the definition.

Here it's my use case :

• The definitions were created by an operator using the web-interface (a long time ago) so i don't own the state of the definitions in order to do a set.
• All our API Definition didn't had access policies attached and we need to attach access policies depending on the definition names.
• I don't want to risk messing up with any other property of the definition as i don't have a backup of their current state (and i don't intend to make one as this is a one time update).