I’m issuing cloud-plugin action scripts to add new AWS IAM roles to a AWS plugin where pluginSettings is a URL encoded json key:value where the key is Credentials_Roles_MyLable_samplearn123789
plugin store "AWSAssetDiscoveryPlugin" multiple set "{pluginSettings}" on "{{parameter "action issue date" of action}}"
The action completes successfully and I see the new IAM Role added when I view the plugin management in the WebUI, however when I want to manually delete the newly added role via the WebUI, I click the X to delete it, the actionscript runs, but the WebUI continues to show the role. Is there a log in the cloud-plugin server to see if changes are not being made for a reason?
I have restarted the Windows BES Plugin service with no change.
The data that you are seeing in webui comes from an analysis that returns the current configuration of the plugin. Every time you update it(add/delete) roles the agent executes and action but the change won’t be reflected until the agent re-fresh the data returned by the analysis.
You could restart the BESClient service on the server where you have the BigFix Portal service installed and that would speed up the refresh.
I missed including that I also run this at the end of the actionscript so I believe that is forcing a refresh like restarting the client. I can see the client evaluating the sites after updating the plugin store actionscript.
That’s interesting. After the action completes are you able to see a report sent to the relay or bigfix server and that the last report time actually changes in the console/webui for the plugin server?
This is the result of me deleting IAM roles from it via the WebUI Plugin Management interface. You can see it did the action, issued a client refresh, evaluated the sites and then posted the report:
Successful Synchronization with site 'mailboxsite' (version 163) - 'http://xxxxxxxx:52311/cgi-bin/bfgather.exe/mailboxsite1627210372'
Processing action site.
At 13:36:58 +0000 - mailboxsite (http://xxxxxxxx:52311/cgi-bin/bfgather.exe/mailboxsite1627210372)
Relevant - Edit Plugin for AWS (fixlet:7889)
At 13:36:58 +0000 -
ActionLogMessage: (action:7889) Action signature verified for Execution
ActionLogMessage: (action:7889) starting action
At 13:36:58 +0000 - actionsite (http://xxxxxxxx:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded plugin store (action:7889)
Command succeeded plugin store (action:7889)
Command succeeded plugin store (action:7889)
Command succeeded plugin store (action:7889)
Command succeeded plugin store (action:7889)
Command succeeded plugin store (action:7889)
Command succeeded plugin store (action:7889)
Command succeeded notify client (action:7889)
At 13:36:58 +0000 -
ActionLogMessage: (action:7889) ending action
At 13:36:58 +0000 - mailboxsite (http://xxxxxxxx:52311/cgi-bin/bfgather.exe/mailboxsite1627210372)
Not Relevant - Edit Plugin for AWS (fixlet:7889)
At 13:36:58 +0000 -
Report posted successfully
At 13:36:59 +0000 -
ForceRefresh command received. Version up to date, gather skipped
Gathering all operator/mailbox sites.
Successful Synchronization with site 'mailboxsite' (version 163) - 'http://xxxxxxxx:52311/cgi-bin/bfgather.exe/mailboxsite1627210372'
Successful Synchronization with site 'opsite100' (version 107) - 'http://xxxxxxxx:52311/cgi-bin/bfgather.exe/opsite100'
Successful Synchronization with site 'opsite105' (version 14355) - 'http://xxxxxxxx:52311/cgi-bin/bfgather.exe/opsite105'
Successful Synchronization with site 'opsite3' (version 62) - 'http://xxxxxxxx:52311/cgi-bin/bfgather.exe/opsite3'
Successful Synchronization with site 'opsite7' (version 111) - 'http://xxxxxxxx:52311/cgi-bin/bfgather.exe/opsite7'
Report posted successfully
At 13:37:19 +0000 -
Full Report posted successfully
@fermt - Is this the Analysis 4515: Amazon Web Services Plugin Settings?
If so, the properties are set to refresh every 30 minutes.
I’m not sure that the client refresh causes properties to be reevaluated early. However, deactivating/activating an analysis resets the clock on the properties, triggering the client to reevaluate them.
When making changings to the plugins via the WebUI, an action is automatically created to do that work. That action has "notify client ForceRefresh" at the end of it so that is what I’m including. But even after 30min or 180min, my analysis are still returning plugin settings that I’ve deleted. So I have to wonder if they really were deleted or not. My guess is not.
