IBM-Security · tombosmansibm · Jan 16, 2026 · Jun 2, 2025 · Jun 2, 2025 · Jun 2, 2025
@@ -2,6 +2,14 @@
 
 ## Latest
 
+## 2026.1.16.0
+
+- fix: base/audit/configuration.py - improved idempotency (#288)
+- feat: base/cluster/configuration.py - dsc TLS settings for v11.0.3
+- fix: base/remote_syslog/forwarder.py - bugfix
+- fix: base/audit_configuration.py - improved idempotency (#288)
+- test: update test for audit configuration
+
 ## 2026.1.14.0
 
 - fix: base/remote_syslog/forwarder.py - improved idempotency and bugfix

@@ -1,5 +1,7 @@
 import logging
+from operator import itemgetter
 from ibmsecurity.utilities import tools
+from ibmsecurity.utilities.tools import json_equals
 
 try:
     basestring
@@ -28,7 +30,7 @@ def get(isamAppliance, id=None, check_mode=False, force=False):
                                         requires_version=requires_version)
 
 
-def set(isamAppliance, id, config, enabled=True, type='Syslog', verbose=True, check_mode=False, force=False, use_json=False, components=None):
+def set(isamAppliance, id, config, enabled=True, type='Syslog', verbose=True, check_mode=False, force=False, use_json=False, useJSONFormat=False, components=None):
     """
     Update Audit Configuration
 
@@ -156,12 +158,15 @@ def set(isamAppliance, id, config, enabled=True, type='Syslog', verbose=True, ch
     type: Syslog
     verbose: false
     """
+    if useJSONFormat or use_json:
+        use_json = True
+
     pol_id, update_required, json_data = _check(isamAppliance, id, config, enabled, type, verbose, use_json, components)
     if pol_id is None:
         from ibmsecurity.appliance.ibmappliance import IBMError
         raise IBMError("999", f"Cannot update data for unknown Audit Configuration ID: {id}")
 
-    if force is True or update_required is True:
+    if force or update_required:
         if check_mode is True:
             return isamAppliance.create_return_object(changed=True)
         else:
@@ -179,6 +184,7 @@ def _check(isamAppliance, id, config, enabled, type, verbose, use_json=False, co
     """
     update_required = False
     pol_id = None
+    aud_cfg = None
     # convert all values into string - any other type causes issues
     for cfg in config:
         if isinstance(cfg['value'], bool):
@@ -203,7 +209,7 @@ def _check(isamAppliance, id, config, enabled, type, verbose, use_json=False, co
             use_json = False
     json_data = {
         "id": id,
-        "config": config,
+        "config": sorted(config, key=itemgetter('key')),
         "enabled": enabled,
         "type": type,
         "verbose": verbose,
@@ -221,15 +227,20 @@ def _check(isamAppliance, id, config, enabled, type, verbose, use_json=False, co
         json_data["components"] = components
         update_required = True
     else:
-        import ibmsecurity.utilities.tools
-        sorted_json_data = ibmsecurity.utilities.tools.json_sort(json_data)
-        logger.debug(f"Sorted input: {sorted_json_data}")
-        sorted_ret_obj = ibmsecurity.utilities.tools.json_sort(aud_cfg)
-        logger.debug(f"Sorted existing data: {sorted_ret_obj}")
-        if sorted_ret_obj != sorted_json_data:
-            logger.info("Changes detected, update needed.")
+        #import ibmsecurity.utilities.tools
+        #sorted_json_data = ibmsecurity.utilities.tools.json_sort(json_data)
+        #logger.debug(f"Sorted input: {sorted_json_data}")
+        #sorted_ret_obj = ibmsecurity.utilities.tools.json_sort(aud_cfg)
+        #logger.debug(f"Sorted existing data: {sorted_ret_obj}")
+        #if sorted_ret_obj != sorted_json_data:
+        #    logger.info("Changes detected, update needed.")
+        #    update_required = True
+        aud_cfg["config"] = sorted(aud_cfg.get("config", []), key=itemgetter('key'))
+        if json_equals(aud_cfg,  json_data):
+            # No updates needed
+            update_required = False
+        else:
             update_required = True
-
     return pol_id, update_required, json_data
 
 

@@ -20,15 +20,26 @@ def get(isamAppliance, check_mode=False, force=False):
     """
     Retrieve audit configuration
     """
-    return isamAppliance.invoke_get("Retrieve audit configuration", uri, requires_modules=requires_modules,
+    return isamAppliance.invoke_get("Retrieve audit configuration", uri,
+                                    requires_modules=requires_modules,
                                     requires_version=requires_version, warnings=warnings)
 
 
 def getComponents(isamAppliance, check_mode=False, force=False):
     """
-    Retrieve audit configuration components
+    Retrieve audit components configurations
     """
-    return isamAppliance.invoke_get("Retrieve audit configuration components", comp_uri, requires_modules=requires_modules,
+    return isamAppliance.invoke_get("Retrieve audit components configurations", comp_uri,
+                                    requires_modules=requires_modules,
+                                    requires_version=requires_version)
+
+def getComponent(isamAppliance, id):
+    """
+    Retrieve audit component configuration
+    """
+    return isamAppliance.invoke_get("Retrieve audit component configuration",
+                                    "{0}/{1}".format(comp_uri, id),
+                                    requires_modules=requires_modules,
                                     requires_version=requires_version)
 
 
@@ -177,6 +188,18 @@ def set(isamAppliance, id, config, enabled=True, type='Syslog', verbose=True, ch
     return isamAppliance.create_return_object()
 
 
+def setComponent(isamAppliance, id, enabled):
+    """
+    Update audit component configuration
+    """
+    json_data = {'enabled': enabled}
+    return isamAppliance.invoke_put(
+        "Update Audit Configuration",
+        "{0}/{1}".format(comp_uri, id),
+        json_data,
+        requires_modules=requires_modules, requires_version=requires_version)
+
+
 def _check(isamAppliance, id, config, enabled, type, verbose, use_json=False, components=None):
     """
     Check and return True if update needed
@@ -225,10 +248,10 @@ def _check(isamAppliance, id, config, enabled, type, verbose, use_json=False, co
         json_data["components"] = components
         update_required = True
     else:
-        import ibmsecurity.utilities.tools
-        sorted_json_data = ibmsecurity.utilities.tools.json_sort(json_data)
+        aud_cfg["config"] = sorted(aud_cfg.get("config", []), key=itemgetter('key'))
+        sorted_json_data = tools.json_sort(json_data)
         logger.debug(f"Sorted input: {sorted_json_data}")
-        sorted_ret_obj = ibmsecurity.utilities.tools.json_sort(aud_cfg)
+        sorted_ret_obj = tools.json_sort(aud_cfg)
         logger.debug(f"Sorted existing data: {sorted_ret_obj}")
         if sorted_ret_obj != sorted_json_data:
             logger.info("Changes detected, update needed.")

@@ -29,7 +29,8 @@ def get(isamAppliance, check_mode=False, force=False):
 
 def set(isamAppliance, primary_master='127.0.0.1', secondary_master=None, master_ere=None, tertiary_master=None,
        quaternary_master=None, dsc_external_clients=False, dsc_port=None, dsc_use_ssl=None, dsc_ssl_keyfile=None,
-       dsc_ssl_label=None, dsc_worker_threads=64, dsc_maximum_session_lifetime=3600, dsc_client_grace_period=600,
+       dsc_ssl_label=None, dsc_ssl_ciphers=None, dsc_tls12_cipher_specs=None, dsc_tls13_cipher_specs=None,
+       dsc_worker_threads=64, dsc_maximum_session_lifetime=3600, dsc_client_grace_period=600,
        hvdb_embedded=True, hvdb_max_size=None, hvdb_db_type=None, hvdb_address=None, hvdb_port=None, hvdb_user=None,
        hvdb_password=None, hvdb_db2_alt_address=None, hvdb_db2_alt_port=None, hvdb_db_name=None, hvdb_db_secure=None,
        hvdb_driver_type=None, hvdb_solid_tc=None, cfgdb_embedded=True, cfgdb_db_type=None, cfgdb_address=None,
@@ -42,7 +43,6 @@ def set(isamAppliance, primary_master='127.0.0.1', secondary_master=None, master
     """
     Set cluster configuration
     """
-
     warnings = []
     # Create a simple json with just the main client attributes
     cluster_json = {
@@ -162,13 +162,35 @@ def set(isamAppliance, primary_master='127.0.0.1', secondary_master=None, master
         else:
             # The default limit for a session query is 1024
             cluster_json["dsc_maximum_session_list"] = dsc_maximum_session_list
+    # 11.0.3.0 Configurable DSC Ciphers
+    if dsc_ssl_ciphers is not None:
+        if ibmsecurity.utilities.tools.version_compare(isamAppliance.facts["version"], "11.0.3.0") < 0:
+            warnings.append(
+                "Appliance at version: {0}, dsc_ssl_ciphers: {1} is not supported. Needs 11.0.3.0 or higher. Ignoring dsc_ssl_ciphers for this call.".format(
+                    isamAppliance.facts["version"], dsc_ssl_ciphers))
+        else:
+            cluster_json["dsc_ssl_ciphers"] = dsc_ssl_ciphers
+    if dsc_tls12_cipher_specs is not None:
+        if ibmsecurity.utilities.tools.version_compare(isamAppliance.facts["version"], "11.0.3.0") < 0:
+            warnings.append(
+                "Appliance at version: {0}, dsc_tls12_cipher_specs: {1} is not supported. Needs 11.0.3.0 or higher. Ignoring dsc_tls12_cipher_specs for this call.".format(
+                    isamAppliance.facts["version"], dsc_tls12_cipher_specs))
+        else:
+            cluster_json["dsc_tls12_cipher_specs"] = dsc_tls12_cipher_specs
+    if dsc_tls13_cipher_specs is not None:
+        if ibmsecurity.utilities.tools.version_compare(isamAppliance.facts["version"], "11.0.3.0") < 0:
+            warnings.append(
+                "Appliance at version: {0}, dsc_tls13_cipher_specs: {1} is not supported. Needs 11.0.3.0 or higher. Ignoring dsc_tls13_cipher_specs for this call.".format(
+                    isamAppliance.facts["version"], dsc_tls13_cipher_specs))
+        else:
+            cluster_json["dsc_tls13_cipher_specs"] = dsc_tls13_cipher_specs
 
     check_obj =  _check(isamAppliance, cluster_json, ignore_password_for_idempotency)
     if check_obj['warnings'] != []:
         warnings.append(check_obj['warnings'][0])
 
-    if force is True or check_obj['value'] is False:
-        if check_mode is True:
+    if force or not check_obj['value']:
+        if check_mode:
             return isamAppliance.create_return_object(changed=True, warnings=warnings)
         else:
             return isamAppliance.invoke_post("Set cluster configuration", uri, cluster_json,

@@ -47,12 +47,12 @@ def get(isamAppliance, server=None, port=None, protocol=None, id=None, check_mod
     needs server/port/protocol OR id
     id takes precedence (so server/port/protocol is ignored if id is passed)
     """
+    if port and isinstance(port, basestring):
+        port = int(port)
+
     if id is None:
         ret_obj = get_all(isamAppliance, check_mode, force)
 
-        if isinstance(port, basestring):
-            port = int(port)
-
         return_obj = isamAppliance.create_return_object()
         return_obj['data'], i = _find_forwarder(ret_obj, server, port, protocol)
         warnings = []
@@ -76,12 +76,12 @@ def delete(isamAppliance, server=None, port=None, protocol=None, id=None, check_
     """
     Remove a specific remote syslog forwarder
     """
+    if port and isinstance(port, basestring):
+        port = int(port)
+
     if id is None:
         ret_obj = get_all(isamAppliance, check_mode, force)
 
-        if isinstance(port, basestring):
-            port = int(port)
-
         existing_forwarder, i = _find_forwarder(ret_obj, server, port, protocol)
 
         json_to_post = ret_obj['data']
@@ -215,7 +215,7 @@ def set(isamAppliance, server=None, port=None, protocol='udp', id=None, debug=Fa
                 else:
                     return isamAppliance.invoke_put(
                             "Update the current remote syslog forwarding policy", f"{uri}/{id}",
-                            json_to_post, requires_modules=requires_modules,
+                            json_data, requires_modules=requires_modules,
                             requires_version='11.0.2.0', warnings=warnings)
 
 

@@ -87,6 +87,7 @@ def create(isamAppliance, kdb_name, type='kdb',
         if check_mode:
             return isamAppliance.create_return_object(changed=True)
         else:
+
             json_data = {
                     "kdb_name": kdb_name,
                     "type": type,

@@ -223,8 +223,6 @@ def _check(isamAppliance, name, role, protocol, configuration, templateName=None
             json_data['configuration'] = configuration
             # Check to see if configuration data contains mapping rule reference id
             # So special logic to see if mapping rule has changed
-            # TODO: WHY ????
-            new_map_rule_id, new_map_rule = None, None
             exist_map_rule_id, exist_map_rule = None, None
 
             new_map_rule_id = configuration['identityMapping']['properties'].get('identityMappingRuleReference', None)
@@ -335,7 +333,7 @@ def _check(isamAppliance, name, role, protocol, configuration, templateName=None
         logger.debug(f"\nSorted Desired:\n\n {sorted_json_data}\n")
         if sorted_ret_obj != sorted_json_data:
             # parameters that are necessary for compare, but not for update
-            json_data.pop('protocol')
+            json_data.pop('protocol', None)
             isamAppliance.logger.info("Changes detected, update needed.")
             update_required = True
 

@@ -7,7 +7,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "ibmsecurity"
-version = "2026.1.14.0"
+version = "2026.1.16.0"
 authors = [
   { name="IBM", email="secorch@wwpdl.vnet.ibm.com" },
 ]

@@ -5,7 +5,7 @@
     packages=find_packages(exclude=["test.*","test"]),
     # Date of release used for version - please be sure to use YYYY.MM.DD.seq#, MM and DD should be two digits e.g. 2017.02.05.0
     # seq# will be zero unless there are multiple release on a given day - then increment by one for additional release for that date
-    version="2026.1.14.0",
+    version="2026.1.16.0",
     description="Idempotent functions for IBM Verify Appliance REST APIs",
     author="IBM",
     author_email="secorch@wwpdl.vnet.ibm.com",