F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

rvdvelpe_80134's avatar
rvdvelpe_80134
Icon for Nimbostratus rankNimbostratus
Feb 01, 2017

AFM - How to add an element to an addresslist with iControlREST

Hi,

 

I do not find any way to add an element to an existing addresslist with iControlREST.

 

POST = CREATE

 

PATCH = MODIFY

 

Is there a method to ADD an element?

 

What I have tried is to POST the new element in the existing addresslist with these commands, but both fail:

 

https://viprion-bell-afm.antwerpen.be/mgmt/tm/security/firewall/address-list/~Common~testadresslist

 

https://viprion-bell-afm.antwerpen.be/mgmt/tm/security/firewall/address-list/~Common~testadresslist/addressList

 

with JSON: { "name":"hst_m_test", "partition":"Common" }

 

Any help is welcome.

 

Regards,

 

Ruud.

 

AFM
iControlREST
security

7 Replies

  • rvdvelpe_80134's avatar
    rvdvelpe_80134
    Icon for Nimbostratus rankNimbostratus
    Feb 06, 2017

    Hi Eric,

     

    Sorry for the late respond. We are running on version 12.1.1.

     

    The question is still actual. I know how to do it with tmsh command, but I do not find any way to do it with iControlREST.

     

    Regards,

     

    Ruud.

     

  • David_Homoney's avatar
    David_Homoney
    Icon for Nimbostratus rankNimbostratus
    Mar 16, 2017

    Ruud,

     

    I don't believe there is a way to add an element, you have to reload the whole thing. I am digging into this though and will let you know for sure very soon.

     

  • David_Homoney's avatar
    David_Homoney
    Icon for Nimbostratus rankNimbostratus
    Mar 21, 2017

    Ruud,

     

    I have confirmed that you can't add something to the list, you have to do a full replace, much like a datagroup. So, you would have to read the address list elements in and append what you want and do a HTTP PATCH to the address list using iControlREST and that should do what you want.

     

  • Tikka_Nagi_1315's avatar
    Tikka_Nagi_1315
    Historic F5 Account
    Mar 22, 2017

    As David confirmed above in the comments, this isn't possible without a full replace. There is an enhancement request (ID587457) with product development to make firewall address lists to be subcollections like firewall policies so that full replace is not required. Until then, using a high level language you can accomplish this by:

     

    1. GET the object (maybe use $select to fetch only the addresses array).
    2. Using the JSON representation- it is a simple array- add, subtract, etc. entries as required.
    3. PATCH the object with the changed payload.
    • JWhitesPro_1928's avatar
      JWhitesPro_1928
      Icon for Cirrostratus rankCirrostratus
      Aug 15, 2017

      I've ran into a strange issue where if I do a GET request as described above first it fails....if I do the POST first and the exact same get request after it works. Is there something with rest and having to do a post first? When i do the get statement first I just get

       

      Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.

       

      The GET request works when it comes after the POST in the script but the moment I comment out the post request I start getting this error...Obviously none of this helps me because I need to do the get request first to get the list before I post a new list to it.

       

  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus
    Nov 27, 2017

    @F5 - Are there any plans to implement the "add"-functionality?

    For the benefit of others searching for this, the only options that are currently supported are:

    1. Read the current value and use the results to construct the string to replace all values in a subsequent request.
    2. POST a TMSH-command to the API, since TMSH does support "add".

    Syntax:

    URL:  https://<>/mgmt/tm/util/bash

JSON:
{"command":"run","utilCmdArgs":"tmsh <>"}