This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

3.7.3 generic REST fulfillment problem

Hello,

I'm trying to configure a generic REST fulfillment target, where I use python/flask on the other side.

The target is configured and submits the request via REST to the webservice, there the LDAP tasks are executed and the response is sent back.

Problem is that the response is empty when I log it in the transform scripts of eg.. the fulfillemntId and the comment.

I enalbed the logging in the catalina file and what I see does not look so bad from my side:

[FINE] 2023-02-15 12:19:56.565 [com.netiq.daas.common.ManifestInfo] [DAAS] Resource classPath: 'jar:file:/opt/netiq/common/tomcat/webapps/daas/WEB-INF/lib/daas-rest-connector-1.0.0.0200.jar!/com/netiq/daas/restconnector/fulfillerservice/RESTFullfilmentService.class'  
[FINE] 2023-02-15 12:19:56.565 [com.netiq.daas.daaservice.util.Service] [DAAS] ADDING view: fulfillment-configuration to service: RestGenericFulfillmentTemplate-35-78-f93813142c7947a0bb798985394e4610  
[INFO] 2023-02-15 12:19:56.566 [com.netiq.daas.daaservice.util.Service] [DAAS] Service 'RestGenericFulfillmentTemplate-35-78-f93813142c7947a0bb798985394e4610' connector information: JAR: 'opt/netiq/common/tomcat/webapps/daas/WEB-INF/lib/daas-rest-connector-1.0.0.0200.jar', VERSION: 'Not available'  
[FINE] 2023-02-15 12:19:56.713 [com.netiq.daas.restconnector.fulfillerservice.RESTFullfilmentService] [DAAS] In setConfig..  
[FINE] 2023-02-15 12:19:56.713 [com.netiq.daas.restconnector.restauthentication.RestAuthenticationFactory] [DAAS] In getInstance  
[FINE] 2023-02-15 12:19:56.713 [com.netiq.daas.restconnector.restauthentication.BasicAuthentication] [DAAS] In init  
[FINE] 2023-02-15 12:19:56.714 [com.netiq.daas.restconnector.fulfillerservice.RESTFullfilmentService] [DAAS] Authentication Method : basic_auth  
[FINE] 2023-02-15 12:19:56.714 [com.netiq.daas.common.SrvInstance] [DAAS] New service instance.  TTL: 60  
[FINE] 2023-02-15 12:19:56.714 [com.netiq.daas.common.SrvInstance] [DAAS] Reset timeout for service instance 'be24ca441b3a4453b4fce023d4d0d0e1 to TTL: 60 seconds  
[FINE] 2023-02-15 12:19:56.714 [com.netiq.daas.restconnector.fulfillerservice.RESTFullfilmentService] [DAAS] In  executeChangesetRequest   
[FINE] 2023-02-15 12:19:56.714 [com.netiq.daas.restconnector.AbstractConnectorService] [DAAS] In getCredentialArray() method...  
[FINE] 2023-02-15 12:19:56.714 [com.netiq.daas.restconnector.restauthentication.BasicAuthentication] [DAAS] In setCredentialParameters  
[FINE] 2023-02-15 12:19:56.714 [com.netiq.daas.restconnector.fulfillerservice.RESTFullfilmentService] [DAAS] In getSearchKey..  
[FINE] 2023-02-15 12:19:56.714 [com.netiq.daas.restconnector.fulfillerservice.RESTFullfilmentService] [DAAS] In getSearchKey..  
[FINE] 2023-02-15 12:19:56.714 [com.netiq.daas.restconnector.fulfillerservice.RESTFullfilmentService] [DAAS] In getSearchKey..  
[FINE] 2023-02-15 12:19:56.715 [com.netiq.daas.restconnector.fulfillerservice.RESTFullfilmentService] [DAAS] In getSearchKey..  
[FINE] 2023-02-15 12:19:56.715 [com.netiq.daas.restconnector.fulfillerservice.RESTFullfilmentService] [DAAS] In getSearchKey..  
[FINE] 2023-02-15 12:19:56.715 [com.netiq.daas.restconnector.fulfillerservice.RESTChangeRequestFulfiller] [DAAS] In performChangeRequestType method..  
[INFO] 2023-02-15 12:19:56.716 [com.netiq.daas.restconnector.restauthentication.BasicAuthentication] [DAAS] Connection Framework execution info message: 'Adding authorization header from provided Authenticator.'  
[FINE] 2023-02-15 12:19:56.716 [com.netiq.daas.restconnector.restauthentication.BasicAuthentication] [DAAS] Modifying the web service request before execution.  
[INFO] 2023-02-15 12:19:56.716 [com.netiq.daas.restconnector.restauthentication.BasicAuthentication] [DAAS] Connection Framework execution info message: 'Executing the request to: 10.204.255.253:5000/.../myService'  
[FINE] 2023-02-15 12:19:57.323 [com.netiq.daas.restconnector.restauthentication.BasicAuthentication] [DAAS] Response Body: {"fulfillmentId": "F1234", "Fulfillment Id": "F1234", "Fulfillment_Id": "F1234", "status": "sucess", "statusDetails": "TEST2"}  
[FINE] 2023-02-15 12:19:57.323 [com.netiq.daas.restconnector.restauthentication.AbstractHttpsOperation] [DAAS] Http Response Code :200  
[FINE] 2023-02-15 12:19:57.323 [com.netiq.daas.restconnector.restauthentication.AbstractHttpsOperation] [DAAS] Response is a valid JSONObject  

transform script for the fulfillemntId logs the inputValue, where ['response_code','content_type','content','fulfillmentId','Fulfillment Id','FulfillmentId'] are configured as input fields

[INFO] 2023-02-15 12:19:57.327 [debug] *** REST START FID ***  
[INFO] 2023-02-15 12:19:57.327 [debug] inputValue is: >{"response_code":"","content_type":"","content":"","fulfillmentId":"","FulfillmentId":"","Fulfillment_Id":""}<  
[INFO] 2023-02-15 12:19:57.328 [debug] *** REST END FID ***  

I tested with the name of the fulfillemntId a little bit, that is why it is available in different options in the string.

But what am I missing that the transform script does not get the correct values form the response ?

Rainer

Parents
  • Hello,
        Did you re-map for the actual Fulfillment Content to be included? Meaning in the input transformation script that is there by default, it will not include the values from the Fulfillment Content field. You will have to map them in correctly.


    Here are the values of the field:
    ["changeItemId", "changeRequestType", "userName", "userProfile", "appName", "requesterName","requesterProfile", "reason", "permName", "permissionProfile", "accountName", "accountProfile", "fulfillmentInstructions"]

    Here is what the transformation script is by default:
    var httpbody = {}; // Set Http Request body in JSON format to be sent. Example: { 'userID' : <ID> , 'name' : <name> }
    var httpServiceMethod = 'POST'; // Set Http Service method. Example: 'POST', 'PUT', 'PATCH', DELETE'.
    var output = {};
    output['http_body'] = httpbody;
    output['service_method'] = httpServiceMethod;
    outputValue = JSON.stringify(output);

    As you can see, the actual content is not included.  I have logged a defect about this and it will be fixed in the next version of the product.

    You will need to fix the transformation script to include the actual content. If you start by pressing the setup input link and the update accordingly.  If I find where I fixed this in one of my set-ups, I will post.

    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

  • Hello Steven, thanks for your reply ...

    Fulfillment Response Mapping:

    Fulfilment Id - ['status','fulfillmentId','Fulfillment Id','FulfillmentId']

    and the transform script starts with:

    var logger = org.slf4j.LoggerFactory.getLogger("debug");
    logger.info("*** REST START FID ***");
    logger.info("inputValue is: >" + inputValue + "<");
    logger.info("*** REST END FID ***");

    // parse the inputValue
    var responseValue = JSON.parse(inputValue);
    ...

    and the REST START FID .... is what you see in the catalina.out from above where all values are empty

    I think I have to address the keys of the JSON object for the attribute mapping, is that correct ?

    Rainer

Reply
  • Hello Steven, thanks for your reply ...

    Fulfillment Response Mapping:

    Fulfilment Id - ['status','fulfillmentId','Fulfillment Id','FulfillmentId']

    and the transform script starts with:

    var logger = org.slf4j.LoggerFactory.getLogger("debug");
    logger.info("*** REST START FID ***");
    logger.info("inputValue is: >" + inputValue + "<");
    logger.info("*** REST END FID ***");

    // parse the inputValue
    var responseValue = JSON.parse(inputValue);
    ...

    and the REST START FID .... is what you see in the catalina.out from above where all values are empty

    I think I have to address the keys of the JSON object for the attribute mapping, is that correct ?

    Rainer

Children
  • Maybe not written exactly, the REST request sent to the python/flask service contains only four attributes:

    Fulfillment Item Configuration and Mapping:

    Contend:   ["changeItemId","changeRequestType","account","permProvId"]

    and on the python/flask server I extract it:

    --- parameters extracted ---------
    changeItemId:      32417
    changeRequestType: ADD_PERMISSION_TO_USER
    account:           cn=USER01,dc=users,dc=auth,o=AAA,dc=DATA
    permProvId:        cn=Fileshare-Group-01,dc=hgrfolder,dc=groups,dc=auth,o=AAA,dc=DATA
    ----------------------------------

    but on the REST response from flask back I miss the values then in the response mapping section

  • Hello,
    Sorry, I thought your issue was on the submit and not the response. Why did you not stay with the default transformation script in this area:

    var responseValue = JSON.parse(inputValue);


    if ((responseValue.response_code === '200') || (responseValue.response_code === '201')) {
    if (responseValue.content_type === 'application/json') {
    var rawContent = JSON.parse(responseValue.content);
    // TODO: create fulfillment id here by extracting values from the rawContent variable, example:
    outputValue = rawContent.fulfillmentId;
    } else {
    outputValue = 'Unexpected content type: ' + responseValue.content_type;
    }
    } else {
    outputValue = 'Expected response code 200, received ' + responseValue.response_code;
    }

    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

  • because the responseValue.response_code value is empty and then only that generic message "Expected response code 200, received" was logged and I wanted to have a correct status from the fulfillment response there in.

  • Hello,
    I will look at the response you outlined in the log

    [FINE] 2023-02-15 12:19:57.323 [com.netiq.daas.restconnector.restauthentication.BasicAuthentication] [DAAS] Response Body: {"fulfillmentId": "F1234", "Fulfillment Id": "F1234", "Fulfillment_Id": "F1234", "status": "sucess", "statusDetails": "TEST2"}  

    and do some testing.

    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

  • We found out that this happens with a newly created target based on the REST Generic Fulfiller template 3.7.2. If we use the old REST Service Fulfiller template 3.6.2, that works.

    Whereas the JSON structure in the REST request has changed a little bit.

    In the new GENERIC it does not contain the http_body key, which exists in the old SERVICE template. But that is no problem.

    Once we have configured the old SERVICE template, we see correct in the catalina.out the response_code, content_type and so on.

    So customers having their targets configured before they upgrade to 3.7.2 might not notice the problem, whereas customers creating their targets after the upgrade might have problems.

  • Hello,
    In this new fulfiller, the http_body is not a parameter. But rather it is defined in the starting transformation script in the content field. This is seen in the my 1st response to this thread:

    var httpbody = {}; // Set Http Request body in JSON format to be sent. Example: { 'userID' : <ID> , 'name' : <name> }
    var httpServiceMethod = 'POST'; // Set Http Service method. Example: 'POST', 'PUT', 'PATCH', DELETE'.
    var output = {};
    output['http_body'] = httpbody;
    output['service_method'] = httpServiceMethod;
    outputValue = JSON.stringify(output);

    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity