Forum Discussion

Veselin's avatar
Icon for Nimbostratus rankNimbostratus
Jan 02, 2024

F5 SDK LTM Policy Listing


I have been working on a script using the SDK to list a VS configuration, so far so good, however I got stuck with the LTM policy. I got to the nested object of the policy and the rules, however the conditions/actions have been done with (**kwargs), example of the dictionary:


{'kind': 'tm:ltm:policy:rules:conditions:conditionsstate', 'name': '0', 'fullPath': '0', 'generation': 125791, 'selfLink': 'https://localhost/mgmt/tm/ltm/policy/~test~policy_test/rules/test/conditions/0?ver=', 'all': True, 'caseInsensitive': True, 'equals': True, 'external': True, 'httpHost': True, 'index': 0, 'present': True, 'remote': True, 'request': True, 'values': ['test'], '_meta_data': {'container': < object at 0x7f8705eb1960>, 'bigip': <f5.bigip.ManagementRoot object at 0x7f870f653bb0>, 'icr_session': <icontrol.session.iControlRESTSession object at 0x7f870f653430>, 'icontrol_version': '', 'minimum_version': '11.5.0', 'allowed_commands': [], 'required_command_parameters': set(), 'exclusive_attributes': [], 'object_has_stats': True, 'minimum_additional_parameters': set(), 'required_creation_parameters': {'name'}, 'required_load_parameters': {'name'}, 'read_only_attributes': [], 'reduction_forcing_pairs': [('enabled', 'disabled'), ('online', 'offline'), ('vlansEnabled', 'vlansDisabled')], 'required_json_kind': 'tm:ltm:policy:rules:conditions:conditionsstate', 'uri': '', 'creation_uri_qargs': {'ver': ['']}, 'creation_uri_frag': '', 'allowed_lazy_attributes': [<class 'f5.bigip.resource.Stats'>]}}


TCL BigIP code:


rules {
        test {
            actions {
                0 {
                    pool /test/test
            conditions {
                0 {
                    values { test }


 Is there a way to get the non-default (**kwargs), the conditions/actions, which are non-default and passed as arguments during the creation? 

Is it possible to extract something like the GUI:

All your help is much appreciated!

1 Reply

  • The GUI rule creator and viewer has those descriptions built into it based on the syntax of the rules, rather than creating the descriptions ad-hoc.

    For example, I define this in the GUI:

    Then, checking /var/log/audit, I can see exactly what happened when I clicked "save":

    Jan 2 13:37:31 west.lab.local notice icrd_child[19130]: 01420002:5: AUDIT - pid=19130 user=admin folder=/Common module=(tmos)# status=[Command OK transaction submitted] cmd_data=modify ltm policy /Common/Drafts/mypolicyname { rules add { myinnerpolicyname { description myinnerpolicydescription ordinal 0 conditions add { 0 { datagroup /Common/sys_APM_MS_Office_OFBA_DG case-insensitive client-ssl protocol equals proxy-connect } } actions add { 0 { write log proxy-response facility local0 priority info message "Sally sells seashells by the seashore" } } } } }

    Here I was modifying the policy rather than creating it but the "modify" and "create" commands use the same parameters.

    This is what this policy looks like in the GUI.


    So, when you create those rules the GUI should automatically describe them accurately. No extra parameters are necessary.