Ajouter un profil d'accès à plusieurs roles

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Bonjour,

en powershell je voudrais ajouter un profil d’accès a un plusieurs roles avec un script powershell

j’arrive très bien à rapatrier le role avec un get :

$role = Invoke-RestMethod -Method GET -Uri “$tenantUrl/v3/roles/$roleId” -Headers $headers

par contre qd je veux faire un PATCH il me crashe, il me fait :

$patchBody = @(
@{
op = “add”
path = “/accessProfiles/$N”
value = @(
@{
id = $profileId
type = “ACCESS_PROFILE”
}
)
}
) | ConvertTo-Json -Depth 6

$response = Invoke-RestMethod -Method PATCH -Uri "$tenantUrl/v3/roles/$roleId"
-Headers $headers `

et j’ai cette erreur :

Invoke-RestMethod : {“messages”:[{“localeOrigin”:“DEFAULT”,“locale”:“en-US”,“text”:“The request could not be parsed.”},{“localeOrigin”:“REQUEST”,“locale”:“en-US”,“text”:“The request could not be parsed.”}],“detailCode”:“400.0 Bad
request syntax”,“trackingId”:“5e14b7c5d6584651b8116a7944592de6”}
Au caractère D:\vs_code\maj_ajout_profils_dans_role_en_api.ps1:40 : 13

  • $response = Invoke-RestMethod -Method PATCH `
  •         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation : (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    • FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
      -Body $patchBody

auriez vous une idée pour ce pb ?

Merci

2

You’re very close, the main issue looks to be the shape of the PATCH payload.

For PATCH /v3/roles/{id}, SailPoint expects a proper JSON Patch request, which means:

  • the request body must be an array of operations
  • the Content-Type should be application/json-patch+json
  • when adding a single access profile, value should be a single object, not an array

So instead of sending value like this:

value = @(
    @{
        id   = $profileId
        type = "ACCESS_PROFILE"
    }
)

send it as a single object:

$patchBody = @(
    @{
        op   = "add"
        path = "/accessProfiles/-"
        value = @{
            id   = $profileId
            type = "ACCESS_PROFILE"
        }
    }
) | ConvertTo-Json -Depth 5

$response = Invoke-RestMethod `
    -Method PATCH `
    -Uri "$tenantUrl/v3/roles/$roleId" `
    -Headers @{
        Authorization  = "Bearer $token"
        Accept         = "application/json"
        "Content-Type" = "application/json-patch+json"
    } `
    -Body $patchBody

A few notes that may help:

  • "/accessProfiles/-" appends the access profile to the end of the existing list
  • if you use a numeric index like "/accessProfiles/0", it has to match the array position you want to target
  • if the body is not valid JSON Patch, SailPoint will usually return parsing errors like “The request could not be parsed”

I’d also recommend printing $patchBody before making the call, just to confirm the final JSON looks right:

$patchBody
$patchBody | Out-File .\patchRole.json -Encoding utf8

Expected JSON:

[
  {
    "op": "add",
    "path": "/accessProfiles/-",
    "value": {
      "id": "xxxx",
      "type": "ACCESS_PROFILE"
    }
  }
]

So in short: your logic is fine, but the API wants JSON Patch format, and for this add operation, the value needs to be a single access profile object, not an array.

Hope that helps.

3

That’s good.

My Bad.

thanks for this.

4

@f_rey
Si ma solution résout votre problème, pourriez-vous s’il vous plaît marquer ma réponse comme solution ? Cela m’aiderait à contribuer à la communauté.