Forum Discussion
justintime123
Nimbostratus
Nimbostratusupdate list of policy items using restAPI
Tring to maintain an access policy using restAPI APM. Need to add or remove a policy item from the list of policy items. Tried this:
json_payload=$(cat <<EOF
{"name":"test",
"items":[
{"name":"test_act_full_resource_assign-2","partition":"Common","priority":0,"nameReference":{"link":"https://localhost/mgmt/tm/apm/policy/policy-item/~Common~test_act_full_resource_assign-1?ver=15.1.7"}}
]}
EOF
)
$(curl -sk -X PATCH -u $username:${password} -H "X-F5-REST-Coordination-Id:${ID}" -H "Content-Type: application/json" https://${bigip_ip_address}/mgmt/tm/apm/policy/access-policy/test?ver=15.1.7 -d "$json_payload" | jq -M .)
But this actually is to replace the whole list of items with the one in the json body.
Is that a way to just simply add or remove one single item instead of replacing the whole list?
Thanks.
- whisperer
MVP
I have run into the same issue with pretty much all lists on the F5. For instance, maintaining iRules. Usually just load the existing list into memory with a GET request, manipulate this list, and then repost via API to make changes. This is much easier if you use Python and built in capabilities for data types rather than command line and curl. Since you may eventually look at automation with tools like Ansible, you may want to make that conversion sooner than later 🙂
justintime123It is quite frustrating that in the Doc they have /items as an array property while trying to access it there is "403, Operation is not allowed on this level" error message.
I dont know why it is not accessible. Life would be so much easier not having to get all items first, then comparison, add and removal finally replacing the whole list.
- whisperer
I agree. Sadly, these are the cards we have been dealt.
Another way is declarative FAST templates. Maintain a golden JSON config in github. Making a change? Modify the JSON config, save, and check out the new version, loading it into the F5 via FAST templating. This may be easier than multiple API calls... perform heavy lifting off F5 unit, and then take the desired config and push it once.
