Forum Discussion
iControlREST and Curl to save and download ASM policies
1: Extract policy names and corresponding API IDs
hannes@ubuntuBash$ curl -ku 'admin:admin' -X GET https://172.16.99.91/mgmt/tm/asm/policies | jq '.items[] | "pol_name:" + .name + ";api_id:" + .id'
"pol_name:sp_fake.google.com;api_id:00TT7Lv-Yba2xcEZkjkc3A"
"pol_name:sp_fake.github.com;api_id:cswJ2oCNNqbfdWMVWdzoTw"
2: Export policies natively on the appliance
hannes@ubuntuBash$ curl -ku 'admin:admin' -X POST https://172.16.99.91/mgmt/tm/asm/tasks/export-policy -H 'Content-Type: application/json' -d '{"filename":"sp_fake.google.com.xml","policyReference":{"link":"https://localhost/mgmt/tm/asm/policies/00TT7Lv-Yba2xcEZkjkc3A"}}'
hannes@ubuntuBash$ curl -ku 'admin:admin' -X POST https://172.16.99.91/mgmt/tm/asm/tasks/export-policy -H 'Content-Type: application/json' -d '{"filename":"sp_fake.github.com.xml","policyReference":{"link":"https://localhost/mgmt/tm/asm/policies/cswJ2oCNNqbfdWMVWdzoTw"}}'
3: Exported policies can be found on BigIP at '/var/ts/var/rest'
[hannes@bip-01:Active:In-Sync] config ls /var/ts/var/rest
admin~sp_fake.github.com.xml admin~sp_fake.google.com.xml
4: Download the exports: Issue a cURL to that policy, save output as a local file in your external file system.
hannes@ubuntuBash$ curl -ku 'admin:admin' -X GET https://172.16.99.91/mgmt/tm/asm/file-transfer/downloads/sp_fake.google.com.xml >> sp_fake.google.com.xml
hannes@ubuntuBash$ curl -ku 'admin:admin' -X GET https://172.16.99.91/mgmt/tm/asm/file-transfer/downloads/sp_fake.github.com.xml >> sp_fake.github.com.xml
hannes@ubuntuBash$ ls
sp_fake.google.com.xml sp_fake.github.com.xml
Voila! Note that this was done on 12.1.1. I think all of the above will work on 11.6.x too. On 11.5.x the 4th step will fail (not implemented error).
Hi Hannes,
Great advice again. I have taken what you provided and scripted it up. Just replace username and password and the IPs and off it goes. This script will create a folder with the current AEST date and time and place all the xml backups in that folder.
Since I create 3 files in the script, I also remove them at the end. If I don't remove them they will grow every time the script is executed.
I hope this helps someone else half as much as you helped me.
!/bin/bash
curl -ku 'username:password' -X GET https://x.x.x.x/mgmt/tm/asm/policies | jq '.items[] | "pol_name:" + .name + ";api_id:" + .id' >> asmDetailsLAB.txt
cat asmDetailsLAB.txt |grep pol_name |cut -d":" -f2 |cut -d";" -f1 >> asmPoliciesLAB.txt
cat asmDetailsLAB.txt |grep pol_name |cut -d":" -f3 |cut -d'"' -f1 >> asmIDsLAB.txt
folderName="$(zdump AEST)"
mkdir -p asmLabBackup
mkdir "asmLabBackup/""$folderName"
paste -d'\n' asmPoliciesLAB.txt asmIDsLAB.txt | while read asmPolicy && read asmIDs;do
echo $asmPolicy $asmIDs
curl -ku 'username:password' -X POST https://x.x.x.x/mgmt/tm/asm/tasks/export-policy -H 'Content-Type: application/json' -d '{"filename":"'$asmPolicy'","policyReference":{"link":"https://localhost/mgmt/tm/asm/policies/'$asmIDs'"}}'
curl -ku 'username:password' -X GET https://x.x.x.x/mgmt/tm/asm/file-transfer/downloads/$asmPolicy >> asmLabBackup/"$folderName"/$asmPolicy.xml
done
rm asmDetailsLAB.txt
rm asmPoliciesLAB.txt
rm asmIDsLAB.txt
- WildWeaselMay 12, 2023Cirrus
Thank You for sharing this.. It was a big help and got me halfway there.
Anyway you have a similar script to now IMPORT all those .xml files?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com