[ BUG ] deleting final rule from a rule group with Edit-FalconFirewallGroup requires rule_id of a previously deleted rule #511
Description
Describe the bug
When using PSFaclson's Edit-FalconFirewallGroup to delete the final rule from a rule group you must provide the RuleId from a previously deleted rule or the command will not complete
To Reproduce
Case 1: Delete all rules
Create a rule group with 2 rules.
Create array of diff-opps and an empty array for RuleId
Edit-FalconFirewallGroup -Id $RuleGroup.id -DiffOperation $diffOpps -RuleId $RuleIDSWill return 400 "the provided rule_ids do not match the operations (order difference is ok), expected=[], actual=[list, of, current, rule_ids]"
Case 2: Delete only rule in a rule group
Create a rule group with 1 rule or delete all but one rule from existing group
Create array of diff-opps and an empty array for RuleId
Edit-FalconFirewallGroup -Id $RuleGroup.id -DiffOperation $diffOpps -RuleId $RuleIDSWill return 400 "the provided rule_ids do not match the operations (order difference is ok), expected=[], actual=[current rule_id]"
Expected behavior
API docs state that when deleting all rules from a rule group or the only remaining rule, RuleId should be an empty array. CrowdStrike support confirmed. Using swagger to interact directly with the api also confirms.
I would expect to be able to pass a collection of diff-ops that includes all array positions of existing rules (weather one or many) and an empty array for RuleId and have the command complete.
As it stands you cannot delete the final rule without providing a previously delted rule's rule_id
Environment (please complete the following information):
- OS: Windows 11
- PowerShell: 5.1.26100.1591
- PSFalcon: 2.2.9
Additional context
Not sure how this would work at all if a rule group were created with just a single rule