Forum Discussion
cathy_123
Cirrostratus
CirrostratusPython script to get the SSL profile of a VIP
Hello guys I am creating an SSL automation and I am trying to get the ssl profile from inputted VIP.. I am using F5 rest api and I am not seeing much differences on the contents when I use this url
url = f"https://{f5_hostname}/mgmt/tm/ltm/virtual/~Common~{vip_name}"
and filter using profilesReference it gave me all profiles sample below. From below contents, I dont know how to filter further to get the sslprofile as you see almost all of them has the same content, I cannot differentiate the ssl profile from others. any other way how to get the sslprofile from a VIP using python script?
{
"kind": "tm:ltm:virtual:profiles:profilesstate",
"name": "myssslprofile.com", ->>>> this is the ssl profile
"partition": "Common",
"fullPath": "/Common/myssslprofile.com",
"generation": 1,
"selfLink": "https://localhost/mgmt/tm/ltm/virtual/exampleVIP.com/profiles/~Common~myssslprofile.com?ver=16.x.x.x",
"context": "clientside"
},
{
"kind": "tm:ltm:virtual:profiles:profilesstate",
"name": "tcp-lan-optimized",
"partition": "Common",
"fullPath": "/Common/tcp-lan-optimized",
"generation": 1,
"selfLink": "https://localhost/mgmt/tm/ltm/virtual/exampleVIP.com/profiles/~Common~tcp-lan-optimized?ver=16.x.x.x",
"context": "serverside"
},
{
"kind": "tm:ltm:virtual:profiles:profilesstate",
"name": "tcp-wan-optimized",
"partition": "Common",
"fullPath": "/Common/tcp-wan-optimized",
"generation": 1,
"selfLink": "https://localhost/mgmt/tm/ltm/virtual/exampleVIP.com/profiles/~Common~tcp-wan-optimized?ver=16.x.x.x",
"context": "clientside"
},
{
"kind": "tm:ltm:virtual:profiles:profilesstate",
"name": "anotheprofile",
"partition": "Common",
"fullPath": "/Common/anotheprofile",
"generation": 1,
"selfLink": "https://localhost/mgmt/tm/ltm/virtual/exampleVIP.com/profiles/~Common~anotheprofile?ver=16.x.x.x",
"context": "serverside"
},
- zamroni777
Nacreous
as the response is in json format, then you can use example below to fetch specific object.
ensure that there is "[" prefix and "]" suffix so that it is processed as array of json object.https://www.w3schools.com/python/python_json.asp
https://www.w3schools.com/python/trypython.asp?filename=demo_json_from_python
cathy_123Hi alexjames I am using REST API to get the virtual IP details https://{f5_hostname}/mgmt/tm/ltm/virtual/~Common~{vip_name} then further filter it using profilesReference. the result was above.. the problem is the content all looks the same..
- LiefZimmerman
Admin
cathy_123 - sorry but the previous member was a GPT spammer. Hence the "technically close" but "contextually dumb" reply.
The reply has been removed.Have you found a way around this yet?
If not, I'll elevate this to get more eyeballs on it. Sorry for missing that prev poster.
- cathy_123
hello Team, thank you for the response, I just added a script on to check all the profiles and see if that if the profile has certs on it.. it does take time though I wasnt able to get any solution aside from this.
- JRahm
Hi cathy_123 here’s how I have handled that for comparison (from https://github.com/f5-rahm/pcap_utils/blob/main/capndecrypt.py#L175-L185)
Note that this is using bigrest library, you can extract out the endpoints and logic for your own purposes.def get_cssl_profile(bigip, vip_name): vip_profiles = bigip.load(f'/mgmt/tm/ltm/virtual/{vip_name}/profiles') cssl_profile = '' for profile in vip_profiles: if bigip.exist(f'/mgmt/tm/ltm/profile/client-ssl/{profile.properties.get("name")}'): cssl_profile = profile.properties.get('name') if cssl_profile != '': print(f'\tVirtual {vip_name} has associated client-ssl profile {cssl_profile}...continuing.') return cssl_profile else: sys.exit(f'\tVirtual {vip_name} has no associated client-ssl profile...exiting.')- cathy_123
Thank you Jrahm! I will check on it
