search

IBM-Security / ibmsecurity

Idempotent functions for IBM Security Appliance REST APIs. Currently covering ISAM and ISDS Appliances.
Apache License 2.0
47 stars 73 forks source link

Idempotency in management_ssl not always works as intended #393

Open tombosmansibm opened 1 year ago

tombosmansibm commented 1 year ago

For certificates that contain EMAIL, the issuer and subject in the original certificate contains an OID, but in ISVA this is translated. There's also a number of additional quotes popping up (I assume because of the translation).

This causes the compare to see that the certificates are different (although they're the same).

Sorted Current  Management Cert:
 {"issuer": "\"EMAIL=tom.bosmans@be.ibm.com,CN=cloudinit.verifyaccess.local,O=Default Company Ltd,L=Default City,C=BE\"", "notafter": "2024-07-03", "notbefore": "2023-07-04", "subject": "\"EMAIL=tom.bosmans@be.ibm.com,CN=cloudinit.verifyaccess.local,O=Default Company Ltd,L=Default City,C=BE\""}

[2023-07-04 16:28:14,599] [PID:279482 TID:139808360093504] [DEBUG] [ibmsecurity.isam.base.management_ssl_certificate] [_check():93] 
Sorted Desired  Management Cert:
 {"issuer": "1.2.840.113549.1.9.1=tom.bosmans@be.ibm.com,CN=cloudinit.verifyaccess.local,O=Default Company Ltd,L=Default City,C=BE", "notafter": "2024-07-03", "notbefore": "2023-07-04", "subject": "1.2.840.113549.1.9.1=tom.bosmans@be.ibm.com,CN=cloudinit.verifyaccess.local,O=Default Company Ltd,L=Default City,C=BE"}