cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
492
Views
1
Helpful
3
Replies

ISE 3.1 ERS DELETE ers/config/sgacl/ 500 Internal Server Error

Andreas Falk
Beginner
Beginner
When updating pyise-ers to ISE 3.1 compability I found a regression in ers/config/sgacl/ ERSResponse

DELETE ers/config/sgacl/does_not_exist
Response:

 

{
  "ERSResponse": {
    "operation": "DELETE-delete-sgacl",
    "messages": [
      {
        "type": "ERROR",
        "code": "Conversion exception"
      }
    ],
    "link": {
      "rel": "related",
      "href": "https://ip:9060/ers/config/sgacl/not_found",
      "type": "application/xml"
    }
  }
}
Status: 500 Internal Server Error

 

Expected response:

 

{
  "ERSResponse": {
    "operation": "DELETE-delete-sgacl",
    "messages": [
      {
        "title": "The specified resource does not exist",
        "type": "ERROR",
        "code": "Resource not found exception"
      }
    ],
    "link": {
      "rel": "related",
      "href": "https://ip:9060/ers/config/sgacl/not_found",
      "type": "application/xml"
    }
  }
}
Status: 404 Not Found

 

ISE information:

 

Version: 3.1.0.518
Patch Information: 6

 

Any ideas, I think that it is a bug?

--
Kind Regards Falk

1 Accepted Solution

Accepted Solutions

OK, it was not obvious that you were trying to delete a non-existent SGACL.

The string value "does_not_exist" is incorrect syntax. That value must be a UUID which has the format
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

When I try the DELETE with a non-existent SGACL using a proper UUID with ISE 3.2 Patch 1, I get the 500, too:

curl  --include  --insecure  --location \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --user $ISE_REST_USERNAME:$ISE_REST_PASSWORD  \
  --request DELETE https://$ISE_HOSTNAME/ers/config/sgacl/39386e70-ecec-11ed-986a-0660a5c2db64

HTTP/1.1 500

{
  "ERSResponse" : {
    "operation" : "DELETE-delete-sgacl",
    "messages" : [ {
      "type" : "ERROR",
      "code" : "Conversion exception"
    } ],
    "link" : {
      "rel" : "related",
      "href" : "https://ise.securitydemo.net/ers/config/sgacl/39386e70-ecec-11ed-986a-0660a5c2db64",
      "type" : "application/xml"
    }
  }
}

You are welcome to submit a bug via TAC.

View solution in original post

3 Replies 3

thomas
Cisco Employee
Cisco Employee

ISE APIs are documented @ https://cs.co/ise-api"DELETE ers/config/sgacl/does_not_exist" is not a valid endpoint.

Specifically, the sgacl endpoint is documented @ https://developer.cisco.com/docs/identity-services-engine/latest/#!sgacl

You did not include your actual URL so it is impossible to know why you received a 500 or a 404. Always include your original request URL.

It works great for me on ISE 3.2 + Patch 1:

curl  --include  --insecure  --location \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --user $ISE_REST_USERNAME:$ISE_REST_PASSWORD  \
  --request POST https://$ISE_HOSTNAME/ers/config/sgacl \
  --data '
{
    "Sgacl": {
        "name": "Falk",
        "description": "Falk",
        "ipVersion": "IPV4",
        "readOnly": false,
        "aclcontent": "Permit IP"
    }
}'

HTTP/1.1 201
Location: https://ise.securitydemo.net/ers/config/sgacl/39386e70-ecec-11ed-986a-0660a5c2db64


curl  --include  --insecure  --location \
  --header 'Accept: application/json' \
  --user $ISE_REST_USERNAME:$ISE_REST_PASSWORD \
  --request GET https://$ISE_HOSTNAME/ers/config/sgacl/39386e70-ecec-11ed-986a-0660a5c2db64

HTTP/1.1 200

{
  "Sgacl" : {
    "id" : "39386e70-ecec-11ed-986a-0660a5c2db64",
    "name" : "Falk",
    "description" : "Falk",
    "generationId" : "0",
    "ipVersion" : "IPV4",
    "aclcontent" : "Permit IP",
    "link" : {
      "rel" : "self",
      "href" : "https://ise.securitydemo.net/ers/config/sgacl/39386e70-ecec-11ed-986a-0660a5c2db64",
      "type" : "application/json"
    }
  }
}


curl  --include  --insecure  --location \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --user $ISE_REST_USERNAME:$ISE_REST_PASSWORD  \
  --request DELETE https://$ISE_HOSTNAME/ers/config/sgacl/39386e70-ecec-11ed-986a-0660a5c2db64

HTTP/1.1 204

 

Hi,

Sorry, the error on my end are when doing a delete on a sgacl that does not exist.

curl  --include  --insecure  --location \
 --header 'Accept: application/json' \
 --header 'Content-Type: application/json' \
 --user $ISE_REST_USERNAME:$ISE_REST_PASSWORD \
 --request DELETE https://$ISE_HOSTNAME/ers/config/sgacl/does_not_exist

HTTP/1.1 500 
{
  "ERSResponse" : {
    "operation" : "DELETE-delete-sgacl",
    "messages" : [ {
      "type" : "ERROR",
      "code" : "Conversion exception"
    } ],
    "link" : {
      "rel" : "related",
      "href" : "https://ip/ers/config/sgacl/does_not_exist",
      "type" : "application/xml"
    }
  }
}

It should be a HTTP/1.1 404 and and the message should be:

    "messages" : [ {
      "title" : "The specified resource does not exist",
      "type" : "ERROR",
      "code" : "Resource not found exception"
    } ],

It looks like an regression from 3.0.x?

--
Kind Regards Falk

 

OK, it was not obvious that you were trying to delete a non-existent SGACL.

The string value "does_not_exist" is incorrect syntax. That value must be a UUID which has the format
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

When I try the DELETE with a non-existent SGACL using a proper UUID with ISE 3.2 Patch 1, I get the 500, too:

curl  --include  --insecure  --location \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --user $ISE_REST_USERNAME:$ISE_REST_PASSWORD  \
  --request DELETE https://$ISE_HOSTNAME/ers/config/sgacl/39386e70-ecec-11ed-986a-0660a5c2db64

HTTP/1.1 500

{
  "ERSResponse" : {
    "operation" : "DELETE-delete-sgacl",
    "messages" : [ {
      "type" : "ERROR",
      "code" : "Conversion exception"
    } ],
    "link" : {
      "rel" : "related",
      "href" : "https://ise.securitydemo.net/ers/config/sgacl/39386e70-ecec-11ed-986a-0660a5c2db64",
      "type" : "application/xml"
    }
  }
}

You are welcome to submit a bug via TAC.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: