AttributeSource missing when updating api_protection definitions

[kalemontes]

When i call ibmsecurity.isam.aac.api_protection.definitions.update and i don't provide the oidc parameter, the attribute sources previously attached are lost.

Here is the ansible role i use to make this call :

---
- name: "Build isamapi request object for OAuth 2.0 Definition"
  set_fact:
    isamapi_request_obj: "{
      'name': '{{update_oauth_definition_name}}',
      '{{update_oauth_definition_param}}': '{{update_oauth_definition_value}}'
      }"
  no_log: true

- name: "Update OAuth 2.0 Definition '{{update_oauth_definition_name}}' parameter '{{update_oauth_definition_param}}'"
  isam:
    appliance: "{{ inventory_hostname }}"
    adminProxyProtocol: "{{ adminProxyProtocol | default(omit) }}"
    adminProxyHostname: "{{ adminProxyHostname | default(omit) }}"
    adminProxyPort: "{{ adminProxyPort | default(omit) }}"
    adminProxyApplianceShortName: "{{ adminProxyApplianceShortName | default(omit) }}"
    omitAdminProxy: "{{ omitAdminProxy | default(omit) }}"
    username: "{{ username }}"
    password: "{{ password }}"
    lmi_port: "{{ port | default(omit) }}"
    log: "{{ log_level | default(omit) }}"
    force: "{{ force | default(omit) }}"
    action: ibmsecurity.isam.aac.api_protection.definitions.update
    isamapi: "{{isamapi_request_obj}}"
  notify:
      - Commit Changes

where update_oauth_definition_param is accessPolicyName for instance. The accessPolicyName update is done as expected but i loose the attribute sources attached to the definition when doing so. Other definition attributes seam ok (their value is untouched by update).
Is it a bug or am i using wrong this function ?

[djorgen-ibm]

Hi,

AttributeSources is part of oidc object and not a parameter by itself. The default value for oidc is None during the update call. So if you only pass in accessPolicyName, then the update will not pass any oidc object and omission would be equivalent to delete. Many of the parameters have default values. So even if you don't pass in anything, the update will still pass the default values during the call so it would appear that those attributes did not change.

[kalemontes]

Hi,
Thanks for you answer. It seems straightforward. I was looking to update just one parameter, but to do that i guess i have to do a ibmsecurity.isam.aac.api_protection.definitions.get then modify the returned objet and finally call the ibmsecurity.isam.aac.api_protection.definitions.update.
I'll close this thread as there is no issue.
Thx again.

[ram-ibm]

Have you considered using the set() function? That will do an add() or an update() as needed. No need to execute a get() before an update in that case.

[djorgen-ibm]

I don't think set() will help in this case as the issue is not about whether to add or to update. The issue is that during update, omission is equivalent of letting update sending in default value. And for the case of oidc, the default value is None which is the equivalent of doing a delete using the update. The way to keep any particular attribute the same as existing values, as it was mentioned, is to do a get() first and then only modify the values that you actually want to change.