search

IBM-Security / isam-ansible-roles

Ansible Custom Modules, Handlers and Tasks for ISAM. Requires "ibmsecurity" python package.
Apache License 2.0
24 stars 43 forks source link

mapping rule questions #56

Open ramraj241 opened 6 years ago

ramraj241 commented 6 years ago

Hello, i have questions around upload_mapping_rule, set_mapping_rule

  1. upload_mapping_rule - so this process works for the first time, say i named test, OAUTH and test.js mapping rule js file . If i try to upload another mapping rule with test2,OAUTH and same test.js mapping rule js file it doesnt work.
  2. set_mapping_rule - do you have any template available to make this role work? i tried but not able to update any of the existing mapping rule. if you have any templates which can show how to update existing mapping rules it would be great.
ram-ibm commented 6 years ago

upload() function idempotency simply checks to see if existing rule has been uploaded, whereas set() will upload if missing and if already uploaded will compare values to see if a replace is required. Here is a sample call to set_mapping_rule:

    - role: set_mapping_rule
      tags: ["mapping", "rule", "set"]
      set_mapping_rule_category       : "OAuth"
      set_mapping_rule_name           : "SamplePostTokenGeneration"
      set_mapping_rule_filename       : "{{sample_post_rule}}"
      set_mapping_rule_upload_filename: "{{rules_dir}}/{{sample_post_rule}}"
ramraj241 commented 6 years ago

Thanks, i will try to use set_mapping_rule

ramraj241 commented 6 years ago

so i tried above example

The full traceback is: Traceback (most recent call last): File "/tmp/ansible_GcETN4/ansible_module_isam.py", line 143, in main() File "/tmp/ansible_GcETN4/ansible_module_isam.py", line 110, in main ret_obj = eval(func_call) File "", line 1, in File "/usr/local/lib/python2.7/site-packages/ibmsecurity/isam/aac/mapping_rules.py", line 86, in set return update(isamAppliance, name=name, content=content, check_mode=check_mode, force=force) File "/usr/local/lib/python2.7/site-packages/ibmsecurity/isam/aac/mapping_rules.py", line 150, in update "/iam/access/v8/mapping-rules/{0}".format(id), UnboundLocalError: local variable 'id' referenced before assignment fatal: [***.com]: FAILED! => { "changed": false, "failed": true, "module_stderr": "Traceback (most recent call last): File \"/tmp/ansible_GcETN4/ansible_module_isam.py\", line 143, in main() File \"/tmp/ansible_GcETN4/ansible_module_isam.py\", line 110, in main ret_obj = eval(func_call) File \"\", line 1, in File \"/usr/local/lib/python2.7/site-packages/ibmsecurity/isam/aac/mapping_rules.py\", line 86, in set return update(isamAppliance, name=name, content=content, check_mode=check_mode, force=force) File \"/usr/local/lib/python2.7/site-packages/ibmsecurity/isam/aac/mapping_rules.py\", line 150, in update \"/iam/access/v8/mapping-rules/{0}\".format(id), UnboundLocalError: local variable 'id' referenced before assignment ", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 0 } to retry, use: --limit @/opt/scm/udeploy/agent/var/work/wd.atm.1.webseal-devops-tar/wd.atm.1.webseal-devops-tar/scripts/isam9_ansible/@general/set_mapping_rule_1.retry

PLAY RECAP ** ***com : ok=1 changed=0 unreachable=0 failed=1

ram-ibm commented 6 years ago

Looks like the role is using the function update(isamAppliance, name=name, content=content, check_mode=check_mode, force=force). It should be using the set() function. Not sure why that is the case for you?

ramraj241 commented 6 years ago

we have latest role refresh and code refresh as well, no clue what can be done here, is this role working for you guys?

ramraj241 commented 6 years ago

so this role working as expected for you guys at your lab?

ram-ibm commented 6 years ago

Please check that the role in your directory is using the right set() function. The roles git refresh does not always work - might need to double check.

Yes this was working when posted.