Forum Discussion
NimbostratusAS3 for ASM Policy Creation
I'm trying to use AS3 for being able to automate just the security policy creation, I've managed to get a declarative statment to do it all with creating a VIP and Tenant but I don't want to create all that, I want to just be creating the ASM Security Policy based on a template in the tenant I specify.
{
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "transparent_waf_policy_only_declaration",
"label": "Transparent WAF Policy Only Deployment",
"remark": "Deploys only a transparent WAF policy object within a new tenant and application.",
"Common": {
"class": "Tenant",
"MyWAFPolicyApplication": {
"class": "Application",
"template": "generic",
"Transparent_Security_Policy": {
"class": "WAF_Policy",
"enforcementMode": "transparent",
"template": {
"use": "POLICY_TEMPLATE_FUNDAMENTAL"
},
"description": "A standalone transparent WAF policy for monitoring purposes."
}
}
}
}
}
response is {
"code": 422,
"message": "Invalid data property: [object Object]"
}
Greetings,
I validated your declaration using the instructions in
https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/userguide/validate.html
and found a few issues.
It appears that you cannot create a custom application with the "Common" tenant so I changed that to "MyTenant. Also the "template" and "description" properties are not valid for the WAF_Policy object. Instead I used the "policy" property with a "text" reference to create a policy. I got this declaration to work in our lab environment here at F5:
{ "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/refs/heads/main/schema/latest/as3-schema.json", "class": "AS3", "action": "deploy", "persist": true, "declaration": { "class": "ADC", "schemaVersion": "3.0.0", "id": "transparent_waf_policy_only_declaration", "label": "Transparent WAF Policy Only Deployment", "remark": "Deploys only a transparent WAF...", "MyTenant": { "class": "Tenant", "MyWAFPolicyApplication": { "class": "Application", "template": "generic", "Transparent_Security_Policy": { "class": "WAF_Policy", "policy": { "text": "{\n \"policy\": {\n \"name\":\"AppPolicy01\",\n \"description\":\"embedded WAF Policy\",\n \"enforcementMode\":\"transparent\",\n \"template\": {\n \"name\":\"POLICY_TEMPLATE_FUNDAMENTAL\"\n }\n }\n }" } } } } } }These docs were helpful with composing the above declaration:
2 Replies
Aaron_BookerEmployee
Greetings,
I validated your declaration using the instructions in
https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/userguide/validate.html
and found a few issues.
It appears that you cannot create a custom application with the "Common" tenant so I changed that to "MyTenant. Also the "template" and "description" properties are not valid for the WAF_Policy object. Instead I used the "policy" property with a "text" reference to create a policy. I got this declaration to work in our lab environment here at F5:
{ "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/refs/heads/main/schema/latest/as3-schema.json", "class": "AS3", "action": "deploy", "persist": true, "declaration": { "class": "ADC", "schemaVersion": "3.0.0", "id": "transparent_waf_policy_only_declaration", "label": "Transparent WAF Policy Only Deployment", "remark": "Deploys only a transparent WAF...", "MyTenant": { "class": "Tenant", "MyWAFPolicyApplication": { "class": "Application", "template": "generic", "Transparent_Security_Policy": { "class": "WAF_Policy", "policy": { "text": "{\n \"policy\": {\n \"name\":\"AppPolicy01\",\n \"description\":\"embedded WAF Policy\",\n \"enforcementMode\":\"transparent\",\n \"template\": {\n \"name\":\"POLICY_TEMPLATE_FUNDAMENTAL\"\n }\n }\n }" } } } } } }These docs were helpful with composing the above declaration:
- LiefZimmerman
Admin
Oberschmidt - if this solved your problem please consider Marking As Solution - it helps others find answers that are solutions down the road! Thanks!
