This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Selective Configuration Import with missing dependencies

FFin 10 months ago

Hi,

i'm preparing some selective configuration bundles for future initial deployment of specific configurations and policies for our customer appliances.

While creating some usage-hints for internal use how to handle import/export feature, i was wondering what would happen if you import a selective configuration file and there's an dependency missing.

Ending up in: there's no error message at all - just success:

Then have a look into imported Webpolicy (with references to not included/existing usr-a- or category-objects, e.g.): missing references were replaced with "All web traffic", making whole policy useless without knowing:

Importing lager amounts of configuration-settings, policys, definitons would end in incomplete results, incomplete configuration, reduced protection level,...

Is this intended? Is there a log file capturing skipped/failed dependencies during import?
I'd expect a warning/error message during import instead "API import successfull" when actually unsuccessfull, so i'd have the chance to investigate what parts might be incomplete.

Especially when editing XML-Files manually there's a high chance to miss 1-2 dependencies or have a typing error.

It's probably unacceptable reviewing large sets of settings one by one manually after every import...

(tested on 19.5MR2)

This thread was automatically locked due to age.

Top Replies

LuCar Toni 10 months ago +2

The Banner for "Import Successful" indicates the upload and acceptance of the .tar file itself. But afterwards the process of import is started in the background (which can take longer). So check the…

0 LuCar Toni 10 months ago

The Banner for "Import Successful" indicates the upload and acceptance of the .tar file itself.

But afterwards the process of import is started in the background (which can take longer).

So check the apiparser.log if there was an error of the import. There you see, when the import actually failed and why.

If you have the matching import error, cross reference the time frame to csc.log and applog.log and you should be able to find the reason for missing objects.

.tar files are worked in sequence. If one object gives a error, the next objects are stopped.

__________________________________________________________________________________________________________________
Cancel
Vote Up +2 Vote Down

Cancel

0 FFin 10 months ago in reply to LuCar Toni

Okay, in apipaser.log there are some entrys, but without any helpful details like line, object-id,...:

INFO      Jun 07 11:55:33Z [27900]: Sanity check not required. And XML file is valid. xml: /sdisk/api-2023-06-07-13-55-33/Entities.xml.
INFO      Jun 07 11:55:33Z [27900]: Start Set Handler,Component : WebFilterPolicy
ERROR     Jun 07 11:55:33Z [27900]: Key:ISCrEntity is not found in RequestMap File for WebFilterPolicy.
WARNING   Jun 07 11:55:33Z [27900]: Can't get the <Add/Update> element from map file, So Mode value is 'Add'.
ERROR     Jun 07 11:55:33Z [27900]: Parser Error: xmlvalue for jsonkey="temppolicyid", xmlelement="/WebFilterPolicy/Template" cannot be found in request file.
ERROR     Jun 07 11:55:34Z [27900]: Flag setting for this opcode is 16.
INFO      Jun 07 11:55:38Z [27900]: Opcode response: status:200
INFO      Jun 07 11:55:38Z [27900]: Import for this component is done sucessfully!!!
INFO      Jun 07 11:55:38Z [27900]: End  SET Handler, Status : Success,  Component : WebFilterPolicy, Transaction : , Operation : NONE.
MESSAGE   Jun 07 11:55:38Z [27900]: ENTITY 'WebFilterPolicy' IMPORT Success
INFO      Jun 07 11:55:38Z [27900]: Start Set Handler,Component : WebFilterPolicy
ERROR     Jun 07 11:55:38Z [27900]: Key:ISCrEntity is not found in RequestMap File for WebFilterPolicy.
WARNING   Jun 07 11:55:38Z [27900]: Can't get the <Add/Update> element from map file, So Mode value is 'Add'.
ERROR     Jun 07 11:55:38Z [27900]: Parser Error: xmlvalue for jsonkey="temppolicyid", xmlelement="/WebFilterPolicy/Template" cannot be found in request file.
ERROR     Jun 07 11:55:40Z [27900]: Flag setting for this opcode is 16.
INFO      Jun 07 11:55:45Z [27900]: Opcode response: status:200
INFO      Jun 07 11:55:45Z [27900]: Import for this component is done sucessfully!!!
INFO      Jun 07 11:55:45Z [27900]: End  SET Handler, Status : Success,  Component : WebFilterPolicy, Transaction : , Operation : NONE.
MESSAGE   Jun 07 11:55:45Z [27900]: ENTITY 'WebFilterPolicy' IMPORT Success

Just "Parser Error: xmlvalue for jsonkey="temppolicyid", xmlelement="/WebFilterPolicy/Template" cannot be found in request file."

In my example, missing object was replaced by "All web traffic" within policy, which makes whole policy useless:

Source-Code for Screenshot - where first Entry/Reference "BC Block Recommendation" is missing:

<WebFilterPolicy transactionid="">
    <Name>Test-Policy 2</Name>
    <DefaultAction>Allow</DefaultAction>
    <EnableReporting>Enable</EnableReporting>
    <DownloadFileSizeRestriction>0</DownloadFileSizeRestriction>
    <DownloadFileSizeRestrictionEnabled>0</DownloadFileSizeRestrictionEnabled>
    <GoogAppDomainList/>
    <GoogAppDomainListEnabled>0</GoogAppDomainListEnabled>
    <YoutubeFilterIsStrict>0</YoutubeFilterIsStrict>
    <YoutubeFilterEnabled>0</YoutubeFilterEnabled>
    <EnforceSafeSearch>0</EnforceSafeSearch>
    <EnforceImageLicensing>0</EnforceImageLicensing>
    <XFFEnabled>0</XFFEnabled>
    <Office365TenantsList/>
    <Office365DirectoryId/>
    <Office365Enabled>0</Office365Enabled>
    <QuotaLimit>60</QuotaLimit>
    <Description></Description>
    <RuleList>
      <Rule>
        <CategoryList>
		  <Category>
			<ID>BC Block Recommendation</ID>
			<type>UserActivity</type>
		  </Category>
		</CategoryList>
        <HTTPAction>Allow</HTTPAction>
        <HTTPSAction>Allow</HTTPSAction>
        <FollowHTTPAction>1</FollowHTTPAction>
        <ExceptionList>
          <FileTypeCategory/>
        </ExceptionList>
        <Schedule>All The Time</Schedule>
        <PolicyRuleEnabled>1</PolicyRuleEnabled>
        <CCLRuleEnabled>0</CCLRuleEnabled>
      </Rule>
	  <Rule>
        <CategoryList>
		  <Category>
			<ID>BC Block Recommendation OLD</ID>
			<type>UserActivity</type>
		  </Category>
		</CategoryList>
        <HTTPAction>Allow</HTTPAction>
        <HTTPSAction>Allow</HTTPSAction>
        <FollowHTTPAction>1</FollowHTTPAction>
        <ExceptionList>
          <FileTypeCategory/>
        </ExceptionList>
        <Schedule>All The Time</Schedule>
        <PolicyRuleEnabled>1</PolicyRuleEnabled>
        <CCLRuleEnabled>0</CCLRuleEnabled>
      </Rule>
    </RuleList>
  </WebFilterPolicy>

I'm sorry - but we're supposed to check apiparser.log manually on console after every import to check for any error-messages?
Just to make sure, import really succeeded... - completely... - sometime...? - any kind of notification if import actually fails or finishes incomplete should be mandatory!

This is misleading and can't be designed this way?

If Import process itself might take longer and run in background there should be a corresponding message, like ".tar upload successfull" and then being redirected to progress-view for actual import-process with details about successfull and failed import-tasks/objects.