Hey,
I'm using the CPPM API in order to push role mapping into ClearPass.
I've come across 2 issues with the role mappings pushing API:
1. Pusing multiple rules into the same role mapping only pushes the last rule:
NAME = 'testest'
DESCRIPTION = 'Test111'
DEFAULT_ROLE_NAME = '[Guest]'
RULE_COMBINE_ALGO = 'evaluate-all'
rules = [{'match_type': 'OR',
'role_name': '[Employee]',
'condition': [{'type': 'Authorization:[Endpoints Repository]',
'name': 'MAC Vendor',
'oper': 'EQUALS',
'value': 'Intel Corporate',
'value_disp_name': 'Intel Corporate'},
{'type': 'Authorization:[Endpoints Repository]',
'name': 'MAC Vendor',
'oper': 'EQUALS',
'value': 'HP Inc.',
'value_disp_name': 'HP Inc.'}]}]
role_mapping_data = {
'name': NAME,
'description': DESCRIPTION,
'default_role_name': DEFAULT_ROLE_NAME,
'ruleCombineAlgo': RULE_COMBINE_ALGO,
'rules': rules
}
requests.post(BASE_URL + '/api/role-mapping', headers = {'Accept': 'application/json',
'Content-Type': 'application/json' ,'Authorization': 'Bearer {}'.format(token)},
data=json.dumps(role_mapping_data), verify = False).json()
This is the result:
{'id': 3008,
'name': 'testest',
'description': 'Test111',
'default_role_name': '[Guest]',
'ruleCombineAlgo': 'evaluate-all',
'rules': [{'match_type': 'OR',
'role_name': '[Employee]',
'condition': [{'type': 'Authorization:[Endpoints Repository]',
'name': 'MAC Vendor',
'oper': 'EQUALS',
'value': 'HP Inc.',
'value_disp_name': 'HP Inc.'}]}],
'_links': {'self': {'href': 'https://test/api/role-mapping/3008'}}}
2. I noticed when trying to push attributes that weren't populated yet I get an error, for example -
[{'match_type': 'OR',
'role_name': '[Employee]',
'condition': [
{'type': 'Endpoint',
'name': 'Manufacturer',
'oper': 'EQUALS',
'value': 'abcde',
'value_disp_name': 'abcde'}]}]
Results in:
{'validation_messages': ['Invalid Value display name specified'],
'type': 'http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html',
'title': 'Unprocessable Entity',
'status': 422,
'detail': 'Invalid Value display name specified'}
please tell me if there's something I'm not doing correctly or there's another possibility to achieve my goal.
Thank you in advance,
Dolev
------------------------------
Dolev Hasid
------------------------------