For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Joel_Newton's avatar
Joel_Newton
Icon for Cirrus rankCirrus
Aug 10, 2016

Additional info about iControlREST and OData filtering

I'm interested in finding out more about using the OData $filter keyword to filter iControlREST API results. Jason's article on iControl query params was a good starting point, but I'm getting errors when I try to filter on anything other than partition.

 

I'm running 11.6.0 Build 4.0.420 Hotfix HF4, and I realize that I might need to upgrade to get the features I want. However, according to the release notes for 12.0 (Fix ID 465197) this is a known issue and only filtering on partitioning is supported. This severely limits $filter's usefulness. Anyone know of plans to expand $filter's use?

 

Also, I'm wondering if any of the OData operators that would allow inexact/wildcard matches (startswith,endswith,substringof) have been implemented. For example, I'd really like to be able to filter all pool names that start with a certain sequence.

 

Thanks, Joel

 

devops
iControlREST

5 Replies

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Aug 12, 2016

    Only the ASM module fully supports filter at this time.

     

  • Zdenda's avatar
    Zdenda
    Icon for Cirrus rankCirrus
    Jun 11, 2018

    Hello, if ASM fully supports $filter and I assume F5 API Rest supports ODATA, what can be the reason of behavior bellow?

     

    Using v12.1.2 VE

     

    This works fine:

     

    [root@f5asmlab:Active:Standalone] config  curl -sku admin:admin https://127.0.0.1/mgmt/tm/asm/policies/3ou-5JUctJaKuV1CWZP3pg/blocking-settings/violations?\$filter=contains\(id,\'jXNwalzUiR5DNVbW2Fia7g\'\) | jq .
{
  "kind": "tm:asm:policies:blocking-settings:violations:violationcollectionstate",
  "selfLink": "https://localhost/mgmt/tm/asm/policies/3ou-5JUctJaKuV1CWZP3pg/blocking-settings/violations?ver=12.1.2&$filter=contains(id%2C'jXNwalzUiR5DNVbW2Fia7g')",
  "totalItems": 1,
  "items": [
    {
      "lastUpdateMicros": 1516542355000000,
      "description": "Access from disallowed Geolocation",
      "selfLink": "https://localhost/mgmt/tm/asm/policies/3ou-5JUctJaKuV1CWZP3pg/blocking-settings/violations/jXNwalzUiR5DNVbW2Fia7g?ver=12.1.2",
      "kind": "tm:asm:policies:blocking-settings:violations:violationstate",
      "violationReference": {
        "link": "https://localhost/mgmt/tm/asm/violations/GRBzLnLpxuzm2dcWZQr76A?ver=12.1.2"
      },
      "id": "jXNwalzUiR5DNVbW2Fia7g",
      "alarm": true,
      "block": true,
      "learn": true
    }
  ]
}

    But this not and result message about some DB issues is strange:

     

    `[root@f5asmlab:Active:Standalone] config  curl -sku admin:admin https://127.0.0.1/mgmt/tm/asm/policies/3ou-5JUctJaKuV1CWZP3pg/blocking-settings/violations?\$filter=contains\(description,\'Geolocation\'\) | jq .
{
  "code": 500,
  "message": "DBD::mysql::st execute failed: Unknown column 'policy_id' in 'group statement' at /usr/local/share/perl5/F5/ASMConfig/Entity/Base.pm line 1296.",
  "referer": "127.0.0.1",
  "restOperationId": 55423489,
  "kind": ":resterrorresponse"
}
`

    /var/log/Restjavad.0.log:

     

    `[SEVERE][12150][11 Jun 2018 09:56:22 UTC][com.f5.rest.workers.asm.AsmConfigWorker] nanoTime:[18666043711136120] threadId:[20]  Exception:[ASMConfigException(error_message:DBD::mysql::st execute failed: Unknown column 'policy_id' in 'group statement' at /usr/local/share/perl5/F5/ASMConfig/Entity/Base.pm line 1296., internal_error:DBD::mysql::st execute failed: Unknown column 'policy_id' in 'group statement' at /usr/local/share/perl5/F5/ASMConfig/Entity/Base.pm line 1296., rest_code:REST_INTERNAL_SERVER_ERROR)
        at com.f5.asmconfig.ASMConfig$rest_call_result$rest_call_resultStandardScheme.read(ASMConfig.java:12388)
        at com.f5.asmconfig.ASMConfig$rest_call_result$rest_call_resultStandardScheme.read(ASMConfig.java:12366)
        at com.f5.asmconfig.ASMConfig$rest_call_result.read(ASMConfig.java:12308)
        at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
        at com.f5.asmconfig.ASMConfig$Client.recv_rest_call(ASMConfig.java:458)
        at com.f5.asmconfig.ASMConfig$Client.rest_call(ASMConfig.java:443)
        at com.f5.asmconfig.client.AsmClient.rest_call(AsmClient.java:61)
        at com.f5.rest.workers.asm.AsmConfigWorker.restCallWithRetry(AsmConfigWorker.java:155)
        at com.f5.rest.workers.asm.AsmConfigWorker.forwardCall(AsmConfigWorker.java:178)
        at com.f5.rest.workers.asm.AsmConfigWorker$1.run(AsmConfigWorker.java:135)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
]client:[30938884]
    • Zdenda's avatar
      Zdenda
      Icon for Cirrus rankCirrus
      Jun 14, 2018

      The issue above is due to incompatibility with v12. OData for those cases seems fully supported since v13.1 - info from F5 support

       

  • Zdenda_101923's avatar
    Zdenda_101923
    Icon for Altocumulus rankAltocumulus
    Jun 11, 2018

    Hello, if ASM fully supports $filter and I assume F5 API Rest supports ODATA, what can be the reason of behavior bellow?

     

    Using v12.1.2 VE

     

    This works fine:

     

    [root@f5asmlab:Active:Standalone] config  curl -sku admin:admin https://127.0.0.1/mgmt/tm/asm/policies/3ou-5JUctJaKuV1CWZP3pg/blocking-settings/violations?\$filter=contains\(id,\'jXNwalzUiR5DNVbW2Fia7g\'\) | jq .
{
  "kind": "tm:asm:policies:blocking-settings:violations:violationcollectionstate",
  "selfLink": "https://localhost/mgmt/tm/asm/policies/3ou-5JUctJaKuV1CWZP3pg/blocking-settings/violations?ver=12.1.2&$filter=contains(id%2C'jXNwalzUiR5DNVbW2Fia7g')",
  "totalItems": 1,
  "items": [
    {
      "lastUpdateMicros": 1516542355000000,
      "description": "Access from disallowed Geolocation",
      "selfLink": "https://localhost/mgmt/tm/asm/policies/3ou-5JUctJaKuV1CWZP3pg/blocking-settings/violations/jXNwalzUiR5DNVbW2Fia7g?ver=12.1.2",
      "kind": "tm:asm:policies:blocking-settings:violations:violationstate",
      "violationReference": {
        "link": "https://localhost/mgmt/tm/asm/violations/GRBzLnLpxuzm2dcWZQr76A?ver=12.1.2"
      },
      "id": "jXNwalzUiR5DNVbW2Fia7g",
      "alarm": true,
      "block": true,
      "learn": true
    }
  ]
}

    But this not and result message about some DB issues is strange:

     

    `[root@f5asmlab:Active:Standalone] config  curl -sku admin:admin https://127.0.0.1/mgmt/tm/asm/policies/3ou-5JUctJaKuV1CWZP3pg/blocking-settings/violations?\$filter=contains\(description,\'Geolocation\'\) | jq .
{
  "code": 500,
  "message": "DBD::mysql::st execute failed: Unknown column 'policy_id' in 'group statement' at /usr/local/share/perl5/F5/ASMConfig/Entity/Base.pm line 1296.",
  "referer": "127.0.0.1",
  "restOperationId": 55423489,
  "kind": ":resterrorresponse"
}
`

    /var/log/Restjavad.0.log:

     

    `[SEVERE][12150][11 Jun 2018 09:56:22 UTC][com.f5.rest.workers.asm.AsmConfigWorker] nanoTime:[18666043711136120] threadId:[20]  Exception:[ASMConfigException(error_message:DBD::mysql::st execute failed: Unknown column 'policy_id' in 'group statement' at /usr/local/share/perl5/F5/ASMConfig/Entity/Base.pm line 1296., internal_error:DBD::mysql::st execute failed: Unknown column 'policy_id' in 'group statement' at /usr/local/share/perl5/F5/ASMConfig/Entity/Base.pm line 1296., rest_code:REST_INTERNAL_SERVER_ERROR)
        at com.f5.asmconfig.ASMConfig$rest_call_result$rest_call_resultStandardScheme.read(ASMConfig.java:12388)
        at com.f5.asmconfig.ASMConfig$rest_call_result$rest_call_resultStandardScheme.read(ASMConfig.java:12366)
        at com.f5.asmconfig.ASMConfig$rest_call_result.read(ASMConfig.java:12308)
        at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
        at com.f5.asmconfig.ASMConfig$Client.recv_rest_call(ASMConfig.java:458)
        at com.f5.asmconfig.ASMConfig$Client.rest_call(ASMConfig.java:443)
        at com.f5.asmconfig.client.AsmClient.rest_call(AsmClient.java:61)
        at com.f5.rest.workers.asm.AsmConfigWorker.restCallWithRetry(AsmConfigWorker.java:155)
        at com.f5.rest.workers.asm.AsmConfigWorker.forwardCall(AsmConfigWorker.java:178)
        at com.f5.rest.workers.asm.AsmConfigWorker$1.run(AsmConfigWorker.java:135)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
]client:[30938884]
    • Zdenda_101923's avatar
      Zdenda_101923
      Icon for Altocumulus rankAltocumulus
      Jun 14, 2018

      The issue above is due to incompatibility with v12. OData for those cases seems fully supported since v13.1 - info from F5 support