mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-16 14:47:04 -05:00
[GH-ISSUE #3273] Rule REST API Issues #35776
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @the-kwak on GitHub (Jun 14, 2026).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/3273
Originally assigned to: @oschwartz10612, @Copilot on GitHub.
Describe the Bug
When attempting to modify Rules using the POST request resource ID is not found.
When resource ID it changes when any other rule is created under that resource.
Thought it was a bug after upgrading. deleted everything and started from the install script and after up and running issue persisted.
Environment
To Reproduce
Use GET on resourceId to retrieve ruleId succecceful
eg.
Use POST on resourceId and ruleId returns:
After adding a new rule to the resource all ruleIds change:
rule added:
original ruleId 24 is now changed and still cannot be used in POST request:
Post request after ruleId changed
Expected Behavior
Expected behavior is for ruleId to not change when another rule is added.
as well as being able to update the rule after it is created by resourceId and ruleId.
@durango99 commented on GitHub (Jun 17, 2026):
I am seeing the same issue updating a rule for a resource. This seems to have come up with the update to 1.19 release. Issue occurred with Community edition and then when tested on Enterprise edition.
Testing with the api docs swagger:
List rules for resource 5, shows ruleId 4 exists.
curl -X 'GET'
'https://api.domain.us/v1/resource/5/rules?limit=1000&offset=0'
-H 'accept: application/json'
-H 'Authorization: Bearer xxx'
Response body
{
"data": {
"rules": [
{
"ruleId": 4,
"resourceId": null,
"action": "ACCEPT",
"match": "IP",
"value": "1.1.1.1",
"priority": 1,
"enabled": true
}
],
"pagination": {
"total": 1,
"limit": 1000,
"offset": 0
}
},
"success": true,
"error": false,
"message": "Resource rules retrieved successfully",
"status": 200
}
Update rule 4 for resource 5 gives 404 error:
curl -X 'POST'
'https://api.domain.us/v1/resource/5/rule/4'
-H 'accept: application/json'
-H 'Authorization: Bearer xxx'
-H 'Content-Type: application/json'
-d '{
"action": "ACCEPT",
"match": "IP",
"value": "8.8.8.8",
"priority": 1,
"enabled": true
}'
Response body
Download
{
"data": null,
"success": false,
"error": true,
"message": "Resource rule with ID 4 not found",
"status": 404,
"stack": null
}
@pr0v1d3r commented on GitHub (Jun 18, 2026):
Same issue for me on pangolin v1.19.2
below issue described
POST /resource/{resourceId}/rule/{ruleId}(update rule) returns 404 for any valid ruleIdDescription
The update endpoint for resource rules always returns a 404
"Resource rule with ID X not found"error, even when the rule unquestionably exists and was just created moments before.Steps to reproduce
Response:
201, returns a newruleId(e.g.72).The newly created
ruleIdappears in the response.POST /resource/{resourceId}/rule/{ruleId}, onlypriorityrequired):Response:
404Expected
200with the updated rule.Actual
404, for everyruleIdtested, including ones confirmed to exist via the list endpoint moments earlier. Tried with both the full create-shaped body and the minimal{"priority": ...}body — same result either way, ruling out a request-shape issue.Observation
Every rule returned by
GET /resource/{resourceId}/ruleshas"resourceId": null, while the create response includes aresourcePolicyId(e.g.8) instead. This suggests the update handler may be looking up rules by aresourceIdforeign key that's never populated, rather than joining throughresourcePolicyIdthe way create/list appear to.Environment
Self-hosted Pangolin, API accessed via
/v1per the published OpenAPI spec.