Forum Discussion

justintime123's avatar
justintime123
Icon for Nimbostratus rankNimbostratus
Jul 04, 2023

update list of policy items using restAPI

Tring to maintain an access policy using restAPI APM.  Need to add or remove a policy item from the list of policy items. Tried this:

json_payload=$(cat <<EOF
{"name":"test",
"items":[
{"name":"test_act_full_resource_assign-2","partition":"Common","priority":0,"nameReference":{"link":"https://localhost/mgmt/tm/apm/policy/policy-item/~Common~test_act_full_resource_assign-1?ver=15.1.7"}}

]}
EOF

)

 

$(curl -sk -X PATCH -u $username:${password} -H "X-F5-REST-Coordination-Id:${ID}" -H "Content-Type: application/json" https://${bigip_ip_address}/mgmt/tm/apm/policy/access-policy/test?ver=15.1.7 -d  "$json_payload" | jq -M .)
 
But this actually is to replace the whole list of items with the one in the json body. 
 
Is that a way to just simply add or remove one single item instead of replacing the whole list?
 
Thanks.

3 Replies

  • I have run into the same issue with pretty much all lists on the F5. For instance, maintaining iRules. Usually just load the existing list into memory with a GET request, manipulate this list, and then repost via API to make changes. This is much easier if you use Python and built in capabilities for data types rather than command line and curl. Since you may eventually look at automation with tools like Ansible, you may want to make that conversion sooner than later 🙂

     

    • justintime123's avatar
      justintime123
      Icon for Nimbostratus rankNimbostratus

      It is quite frustrating that in the Doc they have /items as an array property while trying to access it there is  "403, Operation is not allowed on this level" error message. 

      I dont know why it is not accessible. Life would be so much easier not having to get all items first, then comparison, add and removal finally replacing the whole list.

      • whisperer's avatar
        whisperer
        Icon for MVP rankMVP

        I agree. Sadly, these are the cards we have been dealt.

        Another way is declarative FAST templates. Maintain a golden JSON config in github. Making a change? Modify the JSON config, save, and check out the new version, loading it into the F5 via FAST templating. This may be easier than multiple API calls... perform heavy lifting off F5 unit, and then take the desired config and push it once.