Layer7 API Management

Hi 

When I install bundles through the REST API of the gateway, it is usually no problem to reference an object that is created in the same bundle. 

But the folder predicate seems to be an exception here. I get the following error from the gateway when I try to create a role with a folder predicate that points to a folder that is created in the same bundle. 

<l7:Error xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Type>InvalidResource</l7:Type>
    <l7:TimeStamp>2017-01-13T12:40:56.642+01:00</l7:TimeStamp>
    <l7:Link rel="self" uri="http://entx-svl-a-on-l01.visana.ch:8080/restman/1.0/bundle"/>
    <l7:Detail>Resource validation failed due to 'INVALID_VALUES' Could not find entity: Cannot find folder with id: 50b7b02c9d9c46ca8403b2ea40e72296</l7:Detail>
</l7:Error>

Here is an example bundle that creates a folder and a role that has multiple references to the folder in the same bundle: 

• The first reference (EntityFolderAncestryPredicate) works 
• The second reference (ObjectIdentityPredicate) works
• The third and fourth (FolderPredicate) are resulting in the above error message

<l7:Bundle xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management" xmlns:setup="http://ns.visana.ch/integration/layer7/management">
   <l7:References>
      <l7:Item>
         <l7:Name>testFolder</l7:Name>
         <l7:Id>50b7b02c9d9c46ca8403b2ea40e72296</l7:Id>
         <l7:Type>FOLDER</l7:Type>
         <l7:Resource>
            <l7:Folder folderId="0000000000000000ffffffffffffec76"
                       id="50b7b02c9d9c46ca8403b2ea40e72296">
               <l7:Name>testFolder</l7:Name>
            </l7:Folder>
         </l7:Resource>
      </l7:Item>
      <l7:Item>
         <l7:Name/>
         <l7:Id>d57d96cbd354452fb97687ec395c0e1f</l7:Id>
         <l7:Type>RBAC_ROLE</l7:Type>
         <l7:Resource>
            <l7:Role id="d57d96cbd354452fb97687ec395c0e1f">
               <l7:name>testRole</l7:name>
               <l7:description>Has a reference to a folder</l7:description>
               <l7:userCreated>true</l7:userCreated>
               <l7:permissions>
            <!-- works fine -->
                  <l7:permission id="a1acd531badb40c98326bd7dcccec1b0">
                     <l7:operationType>READ</l7:operationType>
                     <l7:entityType>FOLDER</l7:entityType>
                     <l7:predicates>
                        <l7:predicate id="43931e1b47eb444493c91b7a23204120">
                           <l7:type>EntityFolderAncestryPredicate</l7:type>
                           <l7:Properties>
                              <l7:Property key="entityId">
                                 <l7:StringValue>50b7b02c9d9c46ca8403b2ea40e72296</l7:StringValue>
                              </l7:Property>
                              <l7:Property key="entityType">
                                 <l7:StringValue>FOLDER</l7:StringValue>
                              </l7:Property>
                           </l7:Properties>
                        </l7:predicate>
                     </l7:predicates>
                  </l7:permission>
                      <!-- works fine -->
                  <l7:permission id="a1acd531badb40c98326bd7dcccec1b1">
                     <l7:operationType>READ</l7:operationType>
                     <l7:entityType>FOLDER</l7:entityType>
                     <l7:predicates>
                        <l7:predicate id="43931e1b47eb444493c91b7a23204121">
                           <l7:type>ObjectIdentityPredicate</l7:type>
                           <l7:Properties>
                              <l7:Property key="entityId">
                                 <l7:StringValue>50b7b02c9d9c46ca8403b2ea40e72296</l7:StringValue>
                              </l7:Property>
                           </l7:Properties>
                        </l7:predicate>
                     </l7:predicates>
                  </l7:permission>
                      <!-- does NOT work -->
                  <l7:permission id="a1acd531badb40c98326bd7dcccec1b2">
                     <l7:operationType>READ</l7:operationType>
                     <l7:entityType>FOLDER</l7:entityType>
                     <l7:predicates>
                        <l7:predicate id="43931e1b47eb444493c91b7a23204122">
                           <l7:type>FolderPredicate</l7:type>
                           <l7:Properties>
                              <l7:Property key="folderId">
                                 <l7:StringValue>50b7b02c9d9c46ca8403b2ea40e72296</l7:StringValue>
                              </l7:Property>
                              <l7:Property key="transitive">
                                 <l7:StringValue>true</l7:StringValue>
                              </l7:Property>
                           </l7:Properties>
                        </l7:predicate>
                     </l7:predicates>
                  </l7:permission>
                      <!-- does NOT work -->
                  <l7:permission id="a1acd531badb40c98326bd7dcccec1b3">
                     <l7:operationType>READ</l7:operationType>
                     <l7:entityType>SERVICE</l7:entityType>
                     <l7:predicates>
                        <l7:predicate id="43931e1b47eb444493c91b7a23204123">
                           <l7:type>FolderPredicate</l7:type>
                           <l7:Properties>
                              <l7:Property key="folderId">
                                 <l7:StringValue>50b7b02c9d9c46ca8403b2ea40e72296</l7:StringValue>
                              </l7:Property>
                              <l7:Property key="transitive">
                                 <l7:StringValue>true</l7:StringValue>
                              </l7:Property>
                           </l7:Properties>
                        </l7:predicate>
                     </l7:predicates>
                  </l7:permission>
               </l7:permissions>
            </l7:Role>
         </l7:Resource>
      </l7:Item>
   </l7:References>
   <l7:Mappings>
      <l7:Mapping action="NewOrUpdate"
                  srcId="50b7b02c9d9c46ca8403b2ea40e72296"
                  type="FOLDER">
         <l7:Properties>
            <l7:Property key="MapBy">
               <l7:StringValue>name</l7:StringValue>
            </l7:Property>
         </l7:Properties>
      </l7:Mapping>
      <l7:Mapping action="NewOrUpdate"
                  srcId="d57d96cbd354452fb97687ec395c0e1f"
                  type="RBAC_ROLE">
         <l7:Properties>
            <l7:Property key="MapBy">
               <l7:StringValue>name</l7:StringValue>
            </l7:Property>
         </l7:Properties>
      </l7:Mapping>
   </l7:Mappings>
</l7:Bundle>

Questions: 

• Is this a bug or a feature? I.e. should this work?
• Is there another workaround than creating the folders first and then (in a second bundle) the rest?
• Are there other references that do not work in the same bundle? I.e. that should be created in the first bundle of the workaround?

Thanks 

Stephan

Hi stephan.burkard, 

I've tried this out, unfortunately you've uncovered a bug. I'm working on a fix for this but until it is fixed the workaround is as you thought, do the import in 2 separate requests. I believe this is specific to the FolderPredicate, but as I'm fixing this issue I will double check and if it's not I'll add a comment to this issue.

BTW, this is one of the best post describing an issue I've seen, very clear and well described. Thanks!

Victor

#bug

I spoke too soon, you will also run into this issue with the 'SecurityZonePredicate'

Hi kazvi01

Thanks for your answer. I have already implemented the 2-step-installation and I currently don't use the SecurityZonePredicate. 

And thanks for the compliment regarding the post quality 

Regards

Stephan