Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Joshua_Boerum
Participant
Jump to solution

Policy Install Error - API

Below done VIA API


If I create a rule:

Source: 1.1.1.1 Desination: 2.2.2.2 Port: tcp_80 Action: Drop

Then create a rule:

Source: 1.1.1.1 Desination: 2.2.2.2 Port: tcp_80 Action: Accept

Then publish and install policy through the API it is successful.

When I goto the GUI it says policy install failed. Is it possible to have this error defined through the API response with a clear description as to why it failed?

0 Kudos
1 Solution

Accepted Solutions
Uri_Bialik

Hi Joshua,

When you call the install-policy API and the server responds with "200 OK", it means that the server has accepted the request to install policy. The actual status of the policy installation is still unknown at this point as the policy installation process may take a few minutes.

Have a look at the server response, you'll see that the response payload contains a "task-id".

You can use this "task-id" token to check on the policy installation progress, final status and list or errors/warnings.

To do that, call the "show-task" API and provide the task-id that you got from the "install-policy" API as an argument.

I recommend calling the "show-task" API with the parameter "details-level" set to "full".

Uri

View solution in original post

4 Replies
Uri_Bialik

Hi Joshua,

When you call the install-policy API and the server responds with "200 OK", it means that the server has accepted the request to install policy. The actual status of the policy installation is still unknown at this point as the policy installation process may take a few minutes.

Have a look at the server response, you'll see that the response payload contains a "task-id".

You can use this "task-id" token to check on the policy installation progress, final status and list or errors/warnings.

To do that, call the "show-task" API and provide the task-id that you got from the "install-policy" API as an argument.

I recommend calling the "show-task" API with the parameter "details-level" set to "full".

Uri

Joshua_Boerum
Participant

Thanks for the information.

This makes things difficult when installing policy VIA the API. Mainly due to the fact that I have to rely on another API to check if the latest policy installed was successful or not and also knowing if the response is from the latest policy install.

0 Kudos
Uri_Bialik

Every install-policy request generates a new task-id token, so when you call the show-task API there's no question which status you get.

The task-id / show-task mechanism is our way of dealing with a-synchronous operations.

Waiting for the policy install operation to complete before sending the response, may trigger HTTP timeout errors.

More on that in this thread:

Using a-synchronous commands (e.g. publish, install-policy and run-script)  

0 Kudos
Uri_Bialik

Having said that, we're open for suggestions that can improve the install-policy API and other APIs with potentially long processing time.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events