IBM Security Verify

 View Only
  • 1.  ISVG VA RESTAPI v1/property endpoint

    IBM Champion
    Posted Wed September 21, 2022 12:09 PM
    Edited by Sylvain Gilbert Wed September 21, 2022 12:11 PM

    Hi 

    I am doing my first baby steps with the IBM Security Verify Governance Management VA RESTAPI (10.0.1.0), and I am encountering 2 odd behaviors:


    a) Trying to fetch the value of a specific property but obtaining the full list of all properties/values instead for the given property file (ui.properties).

    curl -k --user admin:password -H "Content-Type:application/json" -H "Accept: application/json" -X GET
    https://appliance/v1/property?PropertyFile=ui.properties&PropertyName=enrole.ui.errorPage.verbosity
    [
      {
         "PropertyName":"enrole.ui.errorPage.verbosity",
         "PropertyValue":"0"
      },
    ...
      {
         "PropertyName":"enrole.java.entWflowHeightIE",
         "PropertyValue":"600"
      }
    ]

     

    b) Trying to delete an existing property (newly added) but will fail with access_denied
    curl -k --user admin:password -H "Content-Type:application/json" -H "Accept: application/json" -X DELETE
    https://appliance/v1/property?PropertyFile=ui.properties&PropertyName=enrole.java.new

    {"result":"access_denied"}

    I understand I would get this error if I had tried to delete an OOTB property, but this is not the case here.

    I am able however to update successfully value for an existing property or add a new property and value as can be demonstrated below (no error).

     c) Update existing property value (OK)

    curl -k --user admin:password -H "Content-Type:application/json" -H "Accept: application/json" -X PUT https://appliance/v1/property -d "{PropertyFile: "ui.properties",PropertyName: "enrole.java.entWflowWidthMZ",PropertyValue: "700"}"

     d) Add new property/value (OK)

    curl -k --user admin: password -H "Content-Type:application/json" -H "Accept: application/json" -X POST https://appliance/v1/property -d "{PropertyFile: "ui.properties",PropertyName: "enrole.java.new",PropertyValue: "700"}"

     
    Any help appreciated.

     



    ------------------------------
    Sylvain Gilbert
    ------------------------------


  • 2.  RE: ISVG VA RESTAPI v1/property endpoint

    Posted Tue September 27, 2022 03:15 AM
    This smells like a bug in the REST APIs - can you please (if not done already) raise a case on this ?

    I assume the admin:password is the LMI admin credentials so that it should work ? Have you tried the same operations directly in the LMI - the REST APIs should be the same so if it works in the LMI it should work directly with the APIs but there may be some lack of documentation of the actual calls. It should be possible to track that down in the browser development tools (I am not the greatest web developer so I am not able to give you exact guidelines on this - sorry)

    ------------------------------
    Franz Wolfhagen
    IAM Technical Architect for Europe - Certified Consulting IT Specialist
    IBM Security Expert Labs
    ------------------------------



  • 3.  RE: ISVG VA RESTAPI v1/property endpoint

    Posted Thu September 29, 2022 01:14 PM
    Your GET query looks correct to me and should only have returned the enrole.ui.errorPage.verbosity attribute and value. As Franz suggested, you might need to open a Support Case.  For the DELETE property, the doc has a very odd comment that only recently added properties can be deleted. But he doc does not define how long of a time in "recent".

    ------------------------------
    David Kuehr-McLaren
    ------------------------------



  • 4.  RE: ISVG VA RESTAPI v1/property endpoint

    IBM Champion
    Posted Thu September 29, 2022 06:20 PM

    Hi

    Following your suggestion, I have opened a case to clear out the ambiguity and hopefully as a result obtain improved RESTAPI endpoint implementations, or improved documentation.

    Thanks



    ------------------------------
    Sylvain Gilbert
    ------------------------------



  • 5.  RE: ISVG VA RESTAPI v1/property endpoint

    IBM Champion
    Posted Fri September 30, 2022 12:52 PM

    Hi

    The case open with IBM led to the resolution.

    I needed to add "" around the URL in the case of the HTTP GET and DELETE because the "&" broke the URL line in my shell when testing with curl.


    Here are the adjusted URLs now returning the expected results:

     

    curl -k --user admin:password -H "Content-Type:application/json" -H "Accept: application/json" -X GET "https://someserver/v1/property?PropertyFile=ui.properties&PropertyName=enrole.ui.errorPage.verbosity"

    {"PropertyName":"enrole.ui.errorPage.verbosity","PropertyValue":"0"}


    curl -k --user admin:password -H "Content-Type:application/json" -H "Accept: application/json" -X DELETE "https://someserver/v1/property?PropertyFile=ui.properties&PropertyName=enrole.java.new"


    Cheers



    ------------------------------
    Sylvain Gilbert
    ------------------------------



  • 6.  RE: ISVG VA RESTAPI v1/property endpoint

    Posted Fri September 30, 2022 04:16 PM
    Just adding on this post that it looks like all the issue with the different SVG IM appliance rest api call results being reported is that have to put quotes around the entire https://appliance... URL, since it is breaking at the & in the value and not seeing parameters after the & in the URL.

    ------------------------------
    Chris Weber
    ------------------------------