Federated Registries ignore_if_down check

IBM-Security / ibmsecurity

Idempotent functions for IBM Security Appliance REST APIs. Currently covering ISAM and ISDS Appliances.

Apache License 2.0

47 stars 73 forks source link

Federated Registries ignore_if_down check #410

Open lecuongau opened 6 months ago

lecuongau commented 6 months ago

The version check in the federated registries are written as: if ignore_if_down and tools.version_compare(isamAppliance.facts["version"], "10.0.4") >= 0:

This means this ignore_if_down is false (either intentionally, or by default), then the attribute ignore_if_down is not added to the REST request. Which results in a HTTP 500 error as that attribute is required.

tombosmansibm commented 6 months ago

That attribute is not required , according to the documentation (see https://ibm-security.github.io/apidocs/verifyaccess/10.0.7.0/ISVA-mgmt-rest-api/index.html)

Are you certain the http 500 error is coming from that particular missing parameter?

But you are correct, the current code does not allow you to explicitely set ignore_if_down to 'false' , so it needs a little rewrite.

tombosmansibm commented 6 months ago

I'll change it to :

        if tools.version_compare(isamAppliance.facts["version"], "10.0.4") >= 0:
            json_data['ignore_if_down'] = ignore_if_down

lecuongau commented 6 months ago

Thanks. It might not be intended behaviour - but I have confirmed what happens using Postman (against 10.0.6). If we include the ignore_if_down attribute, then the API works fine. If it is omitted, then the API returns HTTP 500 and the federated directory configuration is only half complete (SSL configuration not set, suffix list not fully populated).