Forum Discussion
AltostratusIs it possibe to update entries on an iRule data-group from an iRule
Scenario is, I'm using GFA in APM with irule data-groups as the look up source for the GFA secret keys per user.
However, I'd like to allow users to enroll but I'm unsure if I can allow update of entries from an iRule.
Is it possible?
Many thanks,
JD
Hello.
iRules are executed in data plane scope and to modify data-groups is part of the control-plane scope.
It's not the best choice to run control-plane tasks from a data-plane because of the performance (many data-plane tasks could be executing at the same time as only one control-plane task).
That said, you can trigger an iCall from an iRule to modify the data-group configuration. Some examples:
https://devcentral.f5.com/s/articles/icall-triggers-invalidating-cache-from-irules
https://devcentral.f5.com/s/question/0D51T00006i7cO2/execute-icall-from-irule
KR,
Dario.
2 Replies
Dario_GarridoNoctilucent
Hello.
iRules are executed in data plane scope and to modify data-groups is part of the control-plane scope.
It's not the best choice to run control-plane tasks from a data-plane because of the performance (many data-plane tasks could be executing at the same time as only one control-plane task).
That said, you can trigger an iCall from an iRule to modify the data-group configuration. Some examples:
https://devcentral.f5.com/s/articles/icall-triggers-invalidating-cache-from-irules
https://devcentral.f5.com/s/question/0D51T00006i7cO2/execute-icall-from-irule
KR,
Dario.
JD1Thanks for the answer.
To be honest, I'd rather not modify the data-groups from irule, I just wondered if it was possible.
This answers that perfectly and with good reason not to (performance hits).
I can also think it'd be discouraged for security concerns as well.
