search

openziti / ziti

The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
https://openziti.io
Apache License 2.0
2.68k stars 153 forks source link

PATCH identity fails with "name is must be unique" #139

Closed qrkourier closed 4 years ago

qrkourier commented 4 years ago

PATCH https://3.211.201.105:443/identities/1b7b2b9c-ea35-49eb-92b9-0371eaaffaf4

{
    "id": "1b7b2b9c-ea35-49eb-92b9-0371eaaffaf4",
    "name": "kenneth_bingham-laptop",
    "roleAttributes": [
        "sandbox"
    ],
    "tags": null
}

responded with status 400 BAD_REQUEST and response body 

{
    "error": {
        "args": {
            "urlVars": {
                "id": "1b7b2b9c-ea35-49eb-92b9-0371eaaffaf4"
            }
        },
        "cause": {
            "message": "name is must be unique",
            "field": "name",
            "value": "kenneth_bingham-laptop"
        },
        "causeMessage": "the value 'kenneth_bingham-laptop' for 'name' is invalid: name is must be unique",
        "code": "INVALID_FIELD",
        "message": "The field contains an invalid value",
        "requestId": "b3e120fc-d673-4746-8955-9025c2f20060"
    },
    "meta": {
        "apiEnrolmentVersion": "0.0.1",
        "apiVersion": "0.0.1"
    }
}
❯ ziti edge list identities
id: 1b7b2b9c-ea35-49eb-92b9-0371eaaffaf4    name: kenneth_bingham-mobile    type: Device    role attributes: ["sandbox"]
id: 7882724c-bd9c-455a-ae59-dddc4f10b16a    name: Default Admin    type: User    role attributes: {}
id: c2b4dcd4-7295-4932-b293-5af06d2e0c14    name: kenneth_bingham-laptop    type: Device    role attributes: ["defaultRouters"]
results: 1-3 of 3

--

dovholuknf commented 4 years ago

Need steps to reproduce, please? There's not quite enough information here. Just looking at this it seems correct, kenneth_bingham-laptop already exists. Seems fine

qrkourier commented 4 years ago

I was attempting to update the role attributes on this identity and sent the same value for the name field as was already assigned. If I don't send the name field the error is "name is required".

qrkourier commented 4 years ago

Before the PATCH request shown, which attempts to replace current attributes with only sandbox, the only role attribute on that identity shown in the list from ziti CLI is defaultRouters.

dovholuknf commented 4 years ago

Try removing the name. I think in a patch you only send what changed

qrkourier commented 4 years ago

If I don't send the name field the error is "name is required".

qrkourier commented 4 years ago

Works with CLI v0.15.1 against the same controller where I observed the error.

❯ ziti edge list identities 'name="kenneth_bingham-laptop"'
id: c2b4dcd4-7295-4932-b293-5af06d2e0c14    name: kenneth_bingham-laptop    type: Device    role attributes: ["defaultRouters"]
results: 1-1 of 1

❯ ziti edge update identity kenneth_bingham-laptop --role-attributes sandbox

❯ ziti edge list identities 'name="kenneth_bingham-laptop"'
id: c2b4dcd4-7295-4932-b293-5af06d2e0c14    name: kenneth_bingham-laptop    type: Device    role attributes: ["sandbox"]
andrewpmartinez commented 4 years ago

Chatted with Paul who tested it on 0.15.1 via the CLI and he reported no issue. I tested it against 0.15.1 via Postman and encountered no issue.

My personal tests were:

  1. create an identity named "a' w/ role attributes
  2. patch identity named "a" with name = "b' - worked, updated name to "b"
  3. patch identity named "b" w/ current name and new role attributes - worked, the name stayed the same, new attributes
  4. patch identity named "b" with only new role attributes - worked, new attributes, the name stayed the same
  5. patched identity name "b" with only name "a" - worked, renamed to "a"

I am inclined to close this issue.

qrkourier commented 4 years ago

The problem was that I was unintentionally renaming the identity to a name that was not unique.