Seems that the “Patch” is not working. We have an AD source that has the full descriptions and display names maintained by an external application. We attempted to use the “Patch” using PostMan to identify what elements needed to be represented and to test the actual update process.
Each time that we attempted to use the “Patch” through PostMan, we received the error, “RESTEASY003650: No resource method found for PATCH, return 405 with Allow header” - we updated the API’s, had others try, to no avail.
Our second choice was to use the upload method in the Entitlements UI… this also proved itself with limitations. Subsequently, I put in a Support Case, and received the following:
Okay, so I have done some research into large file uploads and have some details to report. To answer your initial question ‘Is this a known limitation and/or is there any method to fix this limitation?’, while there is not a hard-and-fast file size limit to flat file processing by IDN, depending on what is being updated folks can often run into issues like what you are experiencing. There is an effort logged with the Engineering team to increase throughput and standardize this process but I don’t have a specific timeline that you can expect updates to processing on. At the moment, the API is probably the best bet for making the kind of changes you need, on the scale that you need. You can of course also break the CSV down into more manageable chunks, but if need to update these descriptions regularly you should consider interfacing with our API.
Has the “Patch” been deprecated or are there other methods? The source that we are working with has nearly 50k entitlements… to break this down into individual records would take days to upload.
I have verified in my tenant that PATCH /beta/entitlements/{id} works. The most likely reason for the 405 error you are seeing is because you haven’t set the Content-Type header to be application/json-patch+json. See the last header in the below screenshot for an example.
There’s two problems here. First, you need to specify the ID the of the entitlement you want to update in the path. For example: PATCH https://devrel.api.identitynow.com/beta/entitlements/2c9180867dfe694b017e21f3f56b4fd8. Double check that your baseUrl includes the beta, and that you also add the entitlement ID to the end.
The other issue is that you don’t have a request body specified. You need to have one that looks like this:
yea, the postman collection is autogenerated from the spec. Because of that bug in the spec that I referenced above, this endpoint wasn’t generated properly. Ignore the path variables and try adding the ID directly in the url.
You can only modify requestable , privileged , and segments. Modifying the description is not allowed.
If you want to update the description, I believe you have to update the description on the source, and it will get updated on the next entitlement aggregation.
I am running into issues in utilizing the powershell sdk to update entitlements. Ive tried this a number of different ways and I continue to recieve 400.1 errors. Any help or advice would be greatly appreciated.
Here is the sdk:
Patch a specified Entitlement
This API updates an existing Entitlement using JSON Patch syntax. The following fields are patchable: requestable, privileged, segments A token with ORG_ADMIN or SOURCE_ADMIN authority is required to call this API.
Example
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-Configuration
# Configure OAuth2 access token for authorization: oauth2
$Configuration.AccessToken = "YOUR_ACCESS_TOKEN"
# Configure OAuth2 access token for authorization: oauth2
$Configuration.AccessToken = "YOUR_ACCESS_TOKEN"
$Id = "2c91808a7813090a017814121e121518" # String | ID of the Entitlement to patch
$JsonPatchOperationValue = Initialize-JsonPatchOperationValue
$JsonPatchOperation = Initialize-JsonPatchOperation -Op "add" -Path "/description" -Value $JsonPatchOperationValue # JsonPatchOperation[] | (optional)
# Patch a specified Entitlement
try {
$Result = Update-BetaEntitlement -Id $Id -JsonPatchOperation $JsonPatchOperation
} catch {
Write-Host ("Exception occurred when calling Update-BetaEntitlement: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}
I forgot to ask what version of the SDK you are using?
This was a bug in a previous version of the SDK and no matter how you provided the object you would get a 400 error. It was fixed in version 1.0.3 of the SDK. PowerShell Gallery | PSSailpoint 1.0.3
