Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] 'Update SOD policy by ID' (set-sod-policy) shouldn't require policyQuery parameter on Conflicting Access Based Policies #401

Open
liisball opened this issue Oct 31, 2023 · 1 comment
Open

[Bug] 'Update SOD policy by ID' (set-sod-policy) shouldn't require policyQuery parameter on Conflicting Access Based Policies #401

liisball opened this issue Oct 31, 2023 · 1 comment

Comments

@liisball
Copy link

Describe the bug

When updating SoD policies via the PUT /sod-policies/:id endpoint, it returns 400.1 Bad request content, although as per API documentation all fields are correct. In particular, the policies we're trying to update have "type": "CONFLICTING_ACCESS_BASED" and conflictingAccessCriteria present, but no policyQuery field (because it shouldn't be necessary for that type of policy). The error goes away if policyQuery is added, and it needs to be equal to the current (not updated) policy query. This seems like a bug, these requests should pass without policyQuery being set.

To Reproduce

Here is an example request that returns 400.1 in our sandbox environment:

PUT https://<domain>/v3/sod-policies/<id>
{
    "name": "<policy_name>",
    "description": "<policy_description>",
    "type": "CONFLICTING_ACCESS_BASED",
    "ownerRef": {
        "type": "IDENTITY",
        "id": "<identity_id>"
    },
    "state": "ENFORCED",
    "conflictingAccessCriteria": {
        "leftCriteria": {
            "name": "<left_criteria_name>",
            "criteriaList": [
                {
                    "type": "ENTITLEMENT",
                    "id": "<entitlement_id1>"
                }
            ]
        },
        "rightCriteria": {
            "name": "<right_criteria_name>",
            "criteriaList": [
                {
                    "type": "ENTITLEMENT",
                    "id": "<entitlement_id2>"
                }
            ]
        }
    }        
}

When adding policyQuery to this same request, it returns 200.
Other than logical considerations, the problem with adding policyQuery to this request is that sometimes the query is very long (we have a lot of criteria in these lists, and quite a few policies), and this results in a 500 response due to some sort of processing error.

Expected behavior: For the request to pass without setting policyQuery when the type is CONFLICTING_ACCESS_BASED

Actual behavior: A 400.1 Bad request content response
@codey-bot
Copy link

codey-bot bot commented Oct 31, 2023

🎉 Thanks for opening your first issue here! Be sure to follow the issue template, and welcome to the community! 🙌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@liisball