From ebc2464a9dc148f39f131974912b1cf21838ea61 Mon Sep 17 00:00:00 2001 From: Anthony Galiamov <50815233+anthonygaliamov@users.noreply.github.com> Date: Wed, 11 Jan 2023 09:49:30 +1100 Subject: [PATCH 1/3] 'ignore_if_down' mandatory for Federations --- .../web/runtime/federated_directories/stanza.py | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/ibmsecurity/isam/web/runtime/federated_directories/stanza.py b/ibmsecurity/isam/web/runtime/federated_directories/stanza.py index 145f3cc0..7cd2b9da 100644 --- a/ibmsecurity/isam/web/runtime/federated_directories/stanza.py +++ b/ibmsecurity/isam/web/runtime/federated_directories/stanza.py @@ -25,19 +25,19 @@ def get(isamAppliance, id, check_mode=False, force=False): "/isam/runtime_components/federated_directories/{0}/v1".format(id)) -def set(isamAppliance, id, hostname, port, bind_dn, bind_pwd, suffix, use_ssl=False, client_cert_label=None, +def set(isamAppliance, id, hostname, port, bind_dn, bind_pwd, suffix, use_ssl=False, client_cert_label=None, ignore_if_down=False, check_mode=False, force=False): if _exists(isamAppliance, id) is False: return add(isamAppliance, id=id, hostname=hostname, port=port, bind_dn=bind_dn, bind_pwd=bind_pwd, - suffix=suffix, use_ssl=use_ssl, client_cert_label=client_cert_label, check_mode=check_mode, + suffix=suffix, use_ssl=use_ssl, client_cert_label=client_cert_label, ignore_if_down=ignore_if_down, check_mode=check_mode, force=True) else: return update(isamAppliance, id=id, hostname=hostname, port=port, bind_dn=bind_dn, bind_pwd=bind_pwd, - suffix=suffix, use_ssl=use_ssl, client_cert_label=client_cert_label, check_mode=check_mode, + suffix=suffix, use_ssl=use_ssl, client_cert_label=client_cert_label, ignore_if_down=ignore_if_down, check_mode=check_mode, force=force) -def add(isamAppliance, id, hostname, port, bind_dn, bind_pwd, suffix, use_ssl=False, client_cert_label=None, +def add(isamAppliance, id, hostname, port, bind_dn, bind_pwd, suffix, use_ssl=False, client_cert_label=None, ignore_if_down=False, check_mode=False, force=False): """ Create a new federated directory @@ -57,7 +57,8 @@ def add(isamAppliance, id, hostname, port, bind_dn, bind_pwd, suffix, use_ssl=Fa 'bind_dn': bind_dn, 'bind_pwd': bind_pwd, 'use_ssl': use_ssl, - 'suffix': suffix + 'suffix': suffix, + 'ignore_if_down': ignore_if_down } # Do not pass if there is no value - call fails otherwise if client_cert_label is not None: @@ -69,7 +70,7 @@ def add(isamAppliance, id, hostname, port, bind_dn, bind_pwd, suffix, use_ssl=Fa return isamAppliance.create_return_object() -def update(isamAppliance, id, hostname, port, bind_dn, bind_pwd, suffix, use_ssl=False, client_cert_label=None, +def update(isamAppliance, id, hostname, port, bind_dn, bind_pwd, suffix, use_ssl=False, client_cert_label=None, ignore_if_down=False, check_mode=False, force=False): """ Update an existing federated directory @@ -86,7 +87,8 @@ def update(isamAppliance, id, hostname, port, bind_dn, bind_pwd, suffix, use_ssl 'bind_dn': bind_dn, 'bind_pwd': bind_pwd, 'use_ssl': use_ssl, - 'suffix': suffix + 'suffix': suffix, + 'ignore_if_down': ignore_if_down } # Do not pass if there is no value - call fails otherwise if client_cert_label is not None: From 358b6f50969295a0b4d1f9273b83330ab7d609b0 Mon Sep 17 00:00:00 2001 From: Anthony Galiamov <50815233+anthonygaliamov@users.noreply.github.com> Date: Wed, 11 Jan 2023 10:14:35 +1100 Subject: [PATCH 2/3] Support for 'vhost_aliases' --- .../isam/web/reverse_proxy/junctions.py | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/ibmsecurity/isam/web/reverse_proxy/junctions.py b/ibmsecurity/isam/web/reverse_proxy/junctions.py index b867ffee..10c25c88 100644 --- a/ibmsecurity/isam/web/reverse_proxy/junctions.py +++ b/ibmsecurity/isam/web/reverse_proxy/junctions.py @@ -90,7 +90,7 @@ def add(isamAppliance, reverseproxy_id, junction_point, server_hostname, server_ client_ip_http=None, version_two_cookies=None, ltpa_keyfile=None, authz_rules=None, fsso_config_file=None, username=None, password=None, server_uuid=None, local_ip=None, ltpa_keyfile_password=None, delegation_support=None, scripting_support=None, insert_ltpa_cookies=None, check_mode=False, force=False, - http2_junction=None, http2_proxy=None, sni_name=None, description=None, + http2_junction=None, http2_proxy=None, sni_name=None, vhost_aliases=None, description=None, priority=None, server_cn=None, silent=None, warnings=[]): """ @@ -271,6 +271,13 @@ def add(isamAppliance, reverseproxy_id, junction_point, server_hostname, server_ isamAppliance.facts["version"], sni_name)) else: jct_json['sni_name'] = sni_name + if vhost_aliases is not None and vhost_aliases != '': + if tools.version_compare(isamAppliance.facts["version"], "10.0.4.0") < 0: + warnings.append( + "Appliance at version: {0}, vhost_aliases: {1} is not supported. Needs 10.0.4.0 or higher. Ignoring vhost_aliases for this call.".format( + isamAppliance.facts["version"], vhost_aliases)) + else: + jct_json['vhost_aliases'] = vhost_aliases if description is not None: if tools.version_compare(isamAppliance.facts["version"], "9.0.7.0") < 0: warnings.append( @@ -337,7 +344,7 @@ def set(isamAppliance, reverseproxy_id, junction_point, server_hostname, server_ client_ip_http=None, version_two_cookies=None, ltpa_keyfile=None, authz_rules=None, fsso_config_file=None, username=None, password=None, server_uuid=None, local_ip=None, ltpa_keyfile_password=None, delegation_support=None, scripting_support=None, insert_ltpa_cookies=None, check_mode=False, force=False, - http2_junction=None, http2_proxy=None, sni_name=None, description=None, + http2_junction=None, http2_proxy=None, sni_name=None, vhost_aliases=None, description=None, priority=None, server_cn=None, silent=None): """ Setting a standard or virtual junction - compares with existing junction and replaces if changes are detected @@ -577,6 +584,13 @@ def set(isamAppliance, reverseproxy_id, junction_point, server_hostname, server_ sni_name = None else: jct_json['sni_name'] = sni_name + if vhost_aliases is not None and vhost_aliases != '': + if tools.version_compare(isamAppliance.facts["version"], "10.0.4.0") < 0: + warnings.append( + "Appliance at version: {0}, vhost_aliases: {1} is not supported. Needs 10.0.4.0 or higher. Ignoring vhost_aliases for this call.".format( + isamAppliance.facts["version"], vhost_aliases)) + else: + jct_json['vhost_aliases'] = vhost_aliases if description is not None: if tools.version_compare(isamAppliance.facts["version"], "9.0.7.0") < 0: warnings.append( @@ -644,7 +658,7 @@ def set(isamAppliance, reverseproxy_id, junction_point, server_hostname, server_ local_ip=local_ip, ltpa_keyfile_password=ltpa_keyfile_password, delegation_support=delegation_support, scripting_support=scripting_support, insert_ltpa_cookies=insert_ltpa_cookies, check_mode=check_mode, force=True, - http2_junction=http2_junction, http2_proxy=http2_proxy, sni_name=sni_name, description=description, + http2_junction=http2_junction, http2_proxy=http2_proxy, sni_name=sni_name, vhost_aliases=vhost_aliases, description=description, priority=priority, server_cn=server_cn, silent=silent, warnings=warnings) From 6265912730aed38772580cf74e13f0c9b958b0b1 Mon Sep 17 00:00:00 2001 From: Anthony Galiamov Date: Fri, 20 Jan 2023 09:24:26 +1100 Subject: [PATCH 3/3] Moving position of vhost_aliases --- ibmsecurity/isam/web/reverse_proxy/junctions.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ibmsecurity/isam/web/reverse_proxy/junctions.py b/ibmsecurity/isam/web/reverse_proxy/junctions.py index 10c25c88..a89bbff8 100644 --- a/ibmsecurity/isam/web/reverse_proxy/junctions.py +++ b/ibmsecurity/isam/web/reverse_proxy/junctions.py @@ -90,8 +90,8 @@ def add(isamAppliance, reverseproxy_id, junction_point, server_hostname, server_ client_ip_http=None, version_two_cookies=None, ltpa_keyfile=None, authz_rules=None, fsso_config_file=None, username=None, password=None, server_uuid=None, local_ip=None, ltpa_keyfile_password=None, delegation_support=None, scripting_support=None, insert_ltpa_cookies=None, check_mode=False, force=False, - http2_junction=None, http2_proxy=None, sni_name=None, vhost_aliases=None, description=None, - priority=None, server_cn=None, silent=None, + http2_junction=None, http2_proxy=None, sni_name=None, description=None, + priority=None, server_cn=None, silent=None, vhost_aliases=None, warnings=[]): """ Creating a standard or virtual junction @@ -344,8 +344,8 @@ def set(isamAppliance, reverseproxy_id, junction_point, server_hostname, server_ client_ip_http=None, version_two_cookies=None, ltpa_keyfile=None, authz_rules=None, fsso_config_file=None, username=None, password=None, server_uuid=None, local_ip=None, ltpa_keyfile_password=None, delegation_support=None, scripting_support=None, insert_ltpa_cookies=None, check_mode=False, force=False, - http2_junction=None, http2_proxy=None, sni_name=None, vhost_aliases=None, description=None, - priority=None, server_cn=None, silent=None): + http2_junction=None, http2_proxy=None, sni_name=None, description=None, + priority=None, server_cn=None, silent=None, vhost_aliases=None): """ Setting a standard or virtual junction - compares with existing junction and replaces if changes are detected TODO: Compare all the parameters in the function - LTPA, BA are some that are not being compared @@ -658,8 +658,8 @@ def set(isamAppliance, reverseproxy_id, junction_point, server_hostname, server_ local_ip=local_ip, ltpa_keyfile_password=ltpa_keyfile_password, delegation_support=delegation_support, scripting_support=scripting_support, insert_ltpa_cookies=insert_ltpa_cookies, check_mode=check_mode, force=True, - http2_junction=http2_junction, http2_proxy=http2_proxy, sni_name=sni_name, vhost_aliases=vhost_aliases, description=description, - priority=priority, server_cn=server_cn, silent=silent, + http2_junction=http2_junction, http2_proxy=http2_proxy, sni_name=sni_name, description=description, + priority=priority, server_cn=server_cn, silent=silent, vhost_aliases=vhost_aliases, warnings=warnings) return isamAppliance.create_return_object()