For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

carol's avatar
carol
Icon for Altostratus rankAltostratus
Jul 26, 2019
Solved

TMSH APM policy modify

Hello,

 

I am trying to write a script that will ouput tmsh commands to update an APM policy. What it needs to do is to add a new ACL to LDAP group mapping. So the command I use is something like this:

 

modify apm policy agent resource-assign TEST_POLICY  rules { { acls add { my_acl } } }

 

However instead of appendig it just deletes all existing ACLs. What am I doing wrong? :-)

 

Regards

Carol

application delivery
BIG-IP Access Policy Manager (APM)
TMSH
  • boneyard's avatar
    boneyard
    Jul 28, 2019

    no direct experience, but have you tried "acls add" and then including the old and new ones?

3 Replies

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jul 28, 2019

    no direct experience, but have you tried "acls add" and then including the old and new ones?

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Aug 18, 2019

    i tried this and with adding old a new it works, not what you want exactly but perhaps a workable workaround.

     

    the whole apm policy agent tmsh commands are a bit different, they seem more intented to build something from scratch then modifying elements afterwards

     

    someone else was looking for something similar but didn't get a answer either:

    https://devcentral.f5.com/s/question/0D51T00006i7hpq/adding-new-rules-to-a-resourceassign-using-tmsh

     

    you can always open a support ticket, perhaps they know or there is an RFE for this.

  • carol's avatar
    carol
    Icon for Altostratus rankAltostratus
    Nov 15, 2019

    Thank you! I totally forgot to come back. I will probably have to go with the first option. Thanks again