Solved: show-membership attribute - REST API

KonstantinS · ‎2019-07-03

Hi all!

We just upgraded one test system to R80.20 which brought us the API version 1.3.

In the past (v1.1 and v.1.2) we were also getting the memberships while executing "show-hosts".

Since v1.3 there is no members array in the response anymore.

Only if we put "show-membership" : true in the request body, we are getting them...

The documentation is saying that the default value for the attribute "show-membership" is true in all versions since v1.1.

Was there a change in v1.3? Is the documentation wrong in this case?

Regards,

Konstantin

Amiad_Stern · ‎2019-07-04

@KonstantinS , we did change the defaults in v1.3 due to performance impact and the fact that this data is redundant most of the times (you will get it if you query all groups or do it for specific object if needed) . Documentation should be fixed.

View solution in original post

PhoneBoy · ‎2019-07-03

When I issue these commands on the CLI at least, I don't see anything that indicates membership at all, with or without show-membership true.
Example output of "working" and "not working" would be helpful.

KonstantinS · ‎2019-07-04

@PhoneBoy,

I can confirm that the CLI will not show any membership.

The command I used: show-hosts show-membership true

But what is the expected behavior? I would expect that is shows the memberships.

Using the REST API on the v1.3 machine:

Request-Body (offset set to 31 to squeeze out the other hosts I don't need here):

{
"limit" : 50,
"offset" : 31,
"details-level" : "full"
}

Output:

{
"objects": [
{
"uid": "886f7de8-04a1-45f6-9c35-3b6b5984373c",
"name": "test.OWE.Memberships",
"type": "host",
"domain": {
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name": "SMC User",
"domain-type": "domain"
},
"ipv4-address": "127.0.0.15",
"interfaces": [],
"nat-settings": {
"auto-rule": false
},
"comments": "test.OWE.Memberships",
"color": "black",
"icon": "Objects/host",
"tags": [],
"meta-info": {
"lock": "unlocked",
"validation-state": "ok",
"last-modify-time": {
"posix": 1561570479439,
"iso-8601": "2019-06-26T19:34+0200"
},
"last-modifier": "api-user",
"creation-time": {
"posix": 1561570479439,
"iso-8601": "2019-06-26T19:34+0200"
},
"creator": "api-user"
},
"read-only": false
}
],
"from": 32,
"to": 32,
"total": 32
}

Request-Body with show-membership:

{
"show-membership" : true,
"limit" : 50,
"offset" : 31,
"details-level" : "full"
}

Output:

{
"objects": [
{
"uid": "886f7de8-04a1-45f6-9c35-3b6b5984373c",
"name": "test.OWE.Memberships",
"type": "host",
"domain": {
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name": "SMC User",
"domain-type": "domain"
},
"ipv4-address": "127.0.0.15",
"interfaces": [],
"nat-settings": {
"auto-rule": false
},
"groups": [
{
"uid": "3ad66a53-6e1b-44af-ae86-9768b2575938",
"name": "Grp_OWE_TestMembership",
"type": "group",
"domain": {
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name": "SMC User",
"domain-type": "domain"
},
"members": [
"886f7de8-04a1-45f6-9c35-3b6b5984373c"
],
"groups": [],
"comments": "Grp_OWE_TestMembership",
"color": "black",
"icon": "General/group",
"tags": [],
"meta-info": {
"lock": "unlocked",
"validation-state": "ok",
"last-modify-time": {
"posix": 1561572003951,
"iso-8601": "2019-06-26T20:00+0200"
},
"last-modifier": "api-user",
"creation-time": {
"posix": 1561570389669,
"iso-8601": "2019-06-26T19:33+0200"
},
"creator": "api-user"
},
"read-only": false
}
],
"comments": "test.OWE.Memberships",
"color": "black",
"icon": "Objects/host",
"tags": [],
"meta-info": {
"lock": "unlocked",
"validation-state": "ok",
"last-modify-time": {
"posix": 1561570479439,
"iso-8601": "2019-06-26T19:34+0200"
},
"last-modifier": "api-user",
"creation-time": {
"posix": 1561570479439,
"iso-8601": "2019-06-26T19:34+0200"
},
"creator": "api-user"
},
"read-only": false
}
],
"from": 32,
"to": 32,
"total": 32
}

If I run it against a v1.1 or v1.2 machine it always gives me the memberships, regardless I use the "show-membership" parameter or not.

Any idea?

PhoneBoy · ‎2019-07-04

I would open a TAC case.
That said, am curious, if you call the v1.2 or v1.1 version of the API from R80.20 if you get the previous result?

https://<management server>:<port>/web_api/v1.2/show-membership

KonstantinS · ‎2019-07-04

Yes, if I call /web_api/v1.1/show-hosts or /web_api/v1.2/show-hosts on R80.20 I'm getting the previous result.

If I call explicitly /web_api/v1.3/show-hosts I'm not getting the memberships.

Are you or someone else able to reproduce this?

PhoneBoy · ‎2019-07-04

Personally, I haven't tried this with the API (versus using mgmt_cli).
Like I suggested before, a TAC case will help move this forward.
Also tagging @Amiad_Stern in case his team can provide any insight on this issue.

Amiad_Stern · ‎2019-07-04

@KonstantinS , we did change the defaults in v1.3 due to performance impact and the fact that this data is redundant most of the times (you will get it if you query all groups or do it for specific object if needed) . Documentation should be fixed.

View solution in original post

KonstantinS · ‎2019-07-04

@Amiad_Stern

Thank you!

Then the documentation for v1.4 and v1.5 is also wrong?

Any idea why the CLI is not returning any membership? Is this a bug?

Amiad_Stern · ‎2019-07-06

From v1.3 and above the default is false.

Can you elaborate what do you mean CLI not returning any membership?

PhoneBoy · ‎2019-07-07

It means that even when you explicitly specify show-membership true as an argument to show-hosts, no group memberships are shown.

Amiad_Stern · ‎2019-07-07

While i used CLI (v1.5) i did get it. See images with and without show-membership

KonstantinS · ‎2019-07-07

@Amiad_Sternoh sorry, I see my mistake. I forgot to set the details-level to full when using the CLI.

@PhoneBoyMaybe you did the same mistake? 😉

KonstantinS · ‎2019-07-07

@Amiad_Stern

As @PhoneBoy already mentioned, if you use the CLI with the command e.g. "show-hosts show-membership true" no memberships are returned.