Unable to update IP Allowlists if it includes deleted apps

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Highest
    • Component/s: IP Allowlisting
    • None
    • 5
    • Severity 3 - Minor

      Issue Summary

      If an IP allowlist includes deleted apps, you are unable to update it, including deleting the apps, as long as there are multiple deleted apps that the IP Allowlist includes.

      Steps to Reproduce

      1. Create a sandbox that contains at least 2 products
      2. Create an IP Allowlist that applies to both of these products
      3. Delete the sandbox
      4. Try to update the IP Allowlist
      5. Try to delete one of the invalid app entries in the IP Allowlist

      Expected Results

      A message that X entries have been removed from the IP Allowlist as the sites involved have been deleted
      Or an error message stating that the IP Allowlist cannot be updated until the deleted sites (list of sites) have been removed from the IP Allowlist

      Actual Results

      Receive a generic error message:
      We're unable to update the IP allowlist.
      Refresh the page to update the IP allowlist.

      Which critically does not explain WHY you cannot update the IP Allowlist

      Additionally, as you cannot delete multiple app entries at the same time, you cannot fix any entry with 2+ deleted apps, as there will still be at least one invalid entry, preventing the update from taking place

      Workaround

      To edit and remove these entries you need to use the Organizations Update a policy REST API
      The policy ID can be found in the URL when you are editing the existing policy, the URL format is:
      https://admin.atlassian.com/o/OIRG_ID/ip-allowlists/policy/POLICY_ID

      I would recommend first retrieving the policy via https://developer.atlassian.com/cloud/admin/organization/rest/api-group-policies/#api-v1-orgs-orgid-policies-policyid-get

      As you can use that output as the basis of the input data for the update entry.
      To convert from one to the other, you will need to:

      1. Remove the attributes.ownerId field
      2. Remove the attributes.metadata, createdAt, updatedAt and QueryData fields.
      3. Under resources, replace ApplicationStatus, type, createdAt and updatedAt with "meta": {}, "links":{}
      4. Remove the "links": null, "message": null
      5. Finally make sure you remove the entries for the deleted apps

              Assignee:
              Cole Goodman
              Reporter:
              Andrew Delaney
              Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: