Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RamiShahar
Contributor
Jump to solution

set-access-rule -error "message" : "Add Any is not allowed"

HI to all

Since api version 1.7 we cant use this api as we get this error 

{
  "code" : "generic_err_invalid_parameter",
  "message" : "Add Any is not allowed"
}

How We Send the API:
https://<HOST>/web_api/v1.8/set-access-rule
{
    "uid":"B71F2D99-4F3E-4568-93CC-6388D022CA36",
    "layer":"6a5b4108-a94e-4f5d-974b-8d8c431fdd5f",
    "service":
    {        "add":["Any"]
    }
}

Added here photo of the request and response

 

In version under 1.7 it works on the same api and request

Any idea what I might be missing?

1 Solution

Accepted Solutions
Omer_Kleinstern
Employee
Employee

@PhoneBoy is correct. 

You cannot add "Any" to an existing collection of services.

You can set the entire collection to "Any":

 

https://<CP_IP>/web_api/v1.7/set-access-rule

Body: 

{

  "name" : "88c36229-e60d-4590-a5d9-387344dba9f1",

  "layer" : "8a994dd3-993e-4c0c-92a1-a8630b153f4c",

  "service: ["Any"]

}

 

View solution in original post

10 Replies
the_rock
Legend
Legend

I cant open photo you attached, would you mind send the command you did? I can try it in my lab on R81.20

Andy

RamiShahar
Contributor

Sure 

This is the request's "url"

https://<CP_IP>/web_api/v1.7/set-access-rule

Body: 

{

  "name" : "88c36229-e60d-4590-a5d9-387344dba9f1",

  "layer" : "8a994dd3-993e-4c0c-92a1-a8630b153f4c",

"service":

    {

        "add":["Any"]

    } 

}

 

name= ruleUID

layer=NetowrkLayerUID

 

Result

{

    "code": "generic_err_invalid_parameter",

    "message": "Add Any is not allowed"

}

the_rock
Legend
Legend

Will test soon.

Andy

the_rock
Legend
Legend

All I get is below...

{
  "code" : "generic_err_missing_session_id",
  "message" : "No query parameters are found"
}
PhoneBoy
Admin
Admin

@Omer_Kleinstern correct me if I’m wrong, but I don’t think you can add “Any” to a rule?
You certainly can’t do it without removing what’s already in the cell first.
Depending on your version and preference setting, removing all items from a source/destination should result in either an Any or a None (the rule default).

YakovKoren
Explorer

Hi,

When trying to remove the last object from the rule, we get the following:

{
"code" : "err_validation_failed",
"message" : "Validation failed with 1 warning",
"warnings" : [ {
"message" : "Access Rule contains an object of type 'None' in the Service & Applications column. This rule will never be matched."
} ]
}.

 

We know it worked up until Api version 1.6.

Is there a way to add flag or something so we can successfully remove all objects and make the rule to have 'Any'?

PhoneBoy
Admin
Admin

While you clearly have an answer, I feel it's worth explaining this difference in behavior.
In R81.10, we added "None" as a possible entry for the Source/Destination/Service field.
If a rule contains "none" in the Source/Destination/Service field, no traffic will match it.
You can change the default behavior for the Source/Destination/Service field when:

  • New rules are added (previously this was always any any any drop)
  • When the last item in the cell is removed (i.e. does it become Any or None)

Refer to the following screenshot:

image.png

If you're wanting to explicitly set the field to Any, it should be done as @Omer_Kleinstern advised.

Omer_Kleinstern
Employee
Employee

@PhoneBoy is correct. 

You cannot add "Any" to an existing collection of services.

You can set the entire collection to "Any":

 

https://<CP_IP>/web_api/v1.7/set-access-rule

Body: 

{

  "name" : "88c36229-e60d-4590-a5d9-387344dba9f1",

  "layer" : "8a994dd3-993e-4c0c-92a1-a8630b153f4c",

  "service: ["Any"]

}

 

YakovKoren
Explorer

Works!

Thank you for the fast response!

RamiShahar
Contributor

Thx for your time and help  

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events