diff --git a/docs/changelog.md b/docs/changelog.md index 66111714..334ddddd 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -2,6 +2,11 @@ ## Latest +## 2026.1.19.0 + +- fix: base/remote_syslog/forwarder.py - bugfix for v11.0.2 +- fix: base/remote_syslog/forwarder.py - correct usage of id + ## 2026.1.16.0 - fix: base/audit/configuration.py - improved idempotency (#288) diff --git a/ibmsecurity/isam/base/remote_syslog/forwarder.py b/ibmsecurity/isam/base/remote_syslog/forwarder.py index d829c7bb..f1ffa7a4 100644 --- a/ibmsecurity/isam/base/remote_syslog/forwarder.py +++ b/ibmsecurity/isam/base/remote_syslog/forwarder.py @@ -49,17 +49,16 @@ def get(isamAppliance, server=None, port=None, protocol=None, id=None, check_mod """ if port and isinstance(port, basestring): port = int(port) + warnings = [] if id is None: ret_obj = get_all(isamAppliance, check_mode, force) return_obj = isamAppliance.create_return_object() return_obj['data'], i = _find_forwarder(ret_obj, server, port, protocol) - warnings = [] if return_obj['data'] is None: warnings.append(f"No entry found for server {server} port {port} and protocol {protocol}.") return_obj['warnings'] = warnings - return return_obj else: ret_obj = isamAppliance.invoke_get("Retrieve the current remote syslog forwarding policy based on id", f"{uri}/{id}", @@ -168,6 +167,8 @@ def set(isamAppliance, server=None, port=None, protocol='udp', id=None, debug=Fa if tools.json_equals(existing_forwarder, json_data, ignore_keys_not_in_new=True, skipkeys=True, sort_keys=True): update_required = False else: + ret_obj['data'][i] = json_data + json_to_post = ret_obj['data'] update_required = True if update_required: @@ -175,48 +176,48 @@ def set(isamAppliance, server=None, port=None, protocol='udp', id=None, debug=Fa return isamAppliance.create_return_object(changed=True, warnings=warnings) else: return _update_forwarder_policy(isamAppliance, json_to_post, warnings=warnings) - - return isamAppliance.create_return_object(warnings=warnings) else: existing_forwarder = get(isamAppliance, id=id) - if existing_forwarder is None or not existing_forwarder['data']: - # new ... not sure this is valid - return set(isamAppliance, server=server, port=port, protocol=protocol, id=None, debug=debug, - keyfile=keyfile, - ca_certificate=ca_certificate, - client_certificate=client_certificate, - permitted_peers=permitted_peers, sources=sources, format=format, check_mode=check_mode, force=force) + existing_forwarder = existing_forwarder.get('data', {}) + if existing_forwarder is not None and sources == [] and existing_forwarder.get('sources', 'none') != sources: + sources = existing_forwarder.get('sources', []) + warnings.append("No sources provided, using existing sources to set forwarder.") + if keyfile is not None and keyfile != '': + json_data['keyfile'] = keyfile + if ca_certificate is not None and ca_certificate != '': + json_data['ca_certificate'] = ca_certificate + if client_certificate is not None and client_certificate != '': + json_data['client_certificate'] = client_certificate + if permitted_peers is not None and permitted_peers != '': + json_data['permitted_peers'] = permitted_peers + if format is not None: + json_data["format"] = format + json_data["sources"] = sources + json_data["id"] = id + if existing_forwarder == {}: + ret_obj = get_all(isamAppliance, check_mode, force) + json_to_post = ret_obj['data'] + json_to_post.append(json_data) + if check_mode: + return isamAppliance.create_return_object(changed=True, warnings=warnings) + else: + return _update_forwarder_policy(isamAppliance, json_to_post, warnings=warnings) + + if tools.json_equals(existing_forwarder, json_data, ignore_keys_not_in_new=True, skipkeys=True, sort_keys=True): + update_required = False else: - existing_forwarder = existing_forwarder['data'] - if existing_forwarder is not None and sources == [] and existing_forwarder['sources'] != sources: - sources = existing_forwarder['sources'] - warnings.append("No sources provided, using existing sources to set forwarder.") - if keyfile is not None and keyfile != '': - json_data['keyfile'] = keyfile - if ca_certificate is not None and ca_certificate != '': - json_data['ca_certificate'] = ca_certificate - if client_certificate is not None and client_certificate != '': - json_data['client_certificate'] = client_certificate - if permitted_peers is not None and permitted_peers != '': - json_data['permitted_peers'] = permitted_peers - if format is not None: - json_data["format"] = format - json_data["id"] = id - json_data["sources"] = sources + json_data.pop("id") + update_required = True - if tools.json_equals(existing_forwarder, json_data, ignore_keys_not_in_new=True, skipkeys=True, sort_keys=True): - update_required = False + if update_required: + if check_mode: + return isamAppliance.create_return_object(changed=True, warnings=warnings) else: - update_required = True - - if update_required: - if check_mode: - return isamAppliance.create_return_object(changed=True, warnings=warnings) - else: - return isamAppliance.invoke_put( - "Update the current remote syslog forwarding policy", f"{uri}/{id}", - json_data, requires_modules=requires_modules, - requires_version='11.0.2.0', warnings=warnings) + return isamAppliance.invoke_put( + "Update the current remote syslog forwarding policy", f"{uri}/{id}", + json_data, requires_modules=requires_modules, + requires_version='11.0.2.0', warnings=warnings) + return isamAppliance.create_return_object(warnings=warnings) def _update_forwarder_policy(isamAppliance, json_to_post, warnings=[]): diff --git a/pyproject.toml b/pyproject.toml index 82810440..28c050b4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -7,7 +7,7 @@ build-backend = "setuptools.build_meta" [project] name = "ibmsecurity" -version = "2026.1.16.0" +version = "2026.1.19.0" authors = [ { name="IBM", email="secorch@wwpdl.vnet.ibm.com" }, ] diff --git a/setup.py b/setup.py index ea942e18..b73a4b11 100644 --- a/setup.py +++ b/setup.py @@ -5,7 +5,7 @@ packages=find_packages(exclude=["test.*","test"]), # Date of release used for version - please be sure to use YYYY.MM.DD.seq#, MM and DD should be two digits e.g. 2017.02.05.0 # seq# will be zero unless there are multiple release on a given day - then increment by one for additional release for that date - version="2026.1.16.0", + version="2026.1.19.0", description="Idempotent functions for IBM Verify Appliance REST APIs", author="IBM", author_email="secorch@wwpdl.vnet.ibm.com", diff --git a/test/test_0_base_X_rsyslog_forwarding.py b/test/test_0_base_X_rsyslog_forwarding.py index a7a7e348..e2468885 100644 --- a/test/test_0_base_X_rsyslog_forwarding.py +++ b/test/test_0_base_X_rsyslog_forwarding.py @@ -8,8 +8,9 @@ def getTestData(): testdata = [ { "port": "514", + "id": "f1cbfee0-f548-11f0-8acc-901057f8428d", "protocol": "tcp", - "server": "rsyslog", + "server": "rsyslog.server.local", "sources": [ {"facility": "local0", "name": "WebSEAL:default:msg__webseald-default.log", @@ -51,6 +52,6 @@ def test_set_remote_syslog_forwarder(iviaServer, caplog, items) -> None: returnValue = ibmsecurity.isam.base.remote_syslog.forwarder.set(iviaServer, **arg ) - logging.log(logging.INFO, returnValue) + logging.log(logging.INFO, f"TOMMIE {returnValue}") assert not returnValue.failed()