IBM Security Verify

 View Only
  • 1.  ISVG VA RESTAPI v1/property endpoint

    IBM Champion
    Posted 8 days ago
    Edited by Sylvain Gilbert 8 days ago

    Hi 

    I am doing my first baby steps with the IBM Security Verify Governance Management VA RESTAPI (10.0.1.0), and I am encountering 2 odd behaviors:


    a) Trying to fetch the value of a specific property but obtaining the full list of all properties/values instead for the given property file (ui.properties).

    curl -k --user admin:password -H "Content-Type:application/json" -H "Accept: application/json" -X GET
    https://appliance/v1/property?PropertyFile=ui.properties&PropertyName=enrole.ui.errorPage.verbosity
    [
      {
         "PropertyName":"enrole.ui.errorPage.verbosity",
         "PropertyValue":"0"
      },
    ...
      {
         "PropertyName":"enrole.java.entWflowHeightIE",
         "PropertyValue":"600"
      }
    ]

     

    b) Trying to delete an existing property (newly added) but will fail with access_denied
    curl -k --user admin:password -H "Content-Type:application/json" -H "Accept: application/json" -X DELETE
    https://appliance/v1/property?PropertyFile=ui.properties&PropertyName=enrole.java.new

    {"result":"access_denied"}

    I understand I would get this error if I had tried to delete an OOTB property, but this is not the case here.

    I am able however to update successfully value for an existing property or add a new property and value as can be demonstrated below (no error).

     c) Update existing property value (OK)

    curl -k --user admin:password -H "Content-Type:application/json" -H "Accept: application/json" -X PUT https://appliance/v1/property -d "{PropertyFile: "ui.properties",PropertyName: "enrole.java.entWflowWidthMZ",PropertyValue: "700"}"

     d) Add new property/value (OK)

    curl -k --user admin: password -H "Content-Type:application/json" -H "Accept: application/json" -X POST https://appliance/v1/property -d "{PropertyFile: "ui.properties",PropertyName: "enrole.java.new",PropertyValue: "700"}"

     
    Any help appreciated.

     



    ------------------------------
    Sylvain Gilbert
    ------------------------------


  • 2.  RE: ISVG VA RESTAPI v1/property endpoint

    Posted 3 days ago
    This smells like a bug in the REST APIs - can you please (if not done already) raise a case on this ?

    I assume the admin:password is the LMI admin credentials so that it should work ? Have you tried the same operations directly in the LMI - the REST APIs should be the same so if it works in the LMI it should work directly with the APIs but there may be some lack of documentation of the actual calls. It should be possible to track that down in the browser development tools (I am not the greatest web developer so I am not able to give you exact guidelines on this - sorry)

    ------------------------------
    Franz Wolfhagen
    IAM Technical Architect for Europe - Certified Consulting IT Specialist
    IBM Security Expert Labs
    ------------------------------



  • 3.  RE: ISVG VA RESTAPI v1/property endpoint

    Posted 19 hours ago
    Your GET query looks correct to me and should only have returned the enrole.ui.errorPage.verbosity attribute and value. As Franz suggested, you might need to open a Support Case.  For the DELETE property, the doc has a very odd comment that only recently added properties can be deleted. But he doc does not define how long of a time in "recent".

    ------------------------------
    David Kuehr-McLaren
    ------------------------------



  • 4.  RE: ISVG VA RESTAPI v1/property endpoint

    IBM Champion
    Posted 14 hours ago

    Hi

    Following your suggestion, I have opened a case to clear out the ambiguity and hopefully as a result obtain improved RESTAPI endpoint implementations, or improved documentation.

    Thanks



    ------------------------------
    Sylvain Gilbert
    ------------------------------