BIG-IP ASM Automation with Ansible
Thanks Matt. I am currently using ipaddr via a jinja2 template to try to build the list dynamically every time based on the existing list plus the additional entries submitted by the user.
It's a two part question I suppose. The ipaddr function solves the part where it's determining whether or not the IP entered is a valid IP and is NOT already in say a range that's already defined, so thanks for that. I'll have to get netaddr installed in our production environment to support this function.
The second part to that is maintaining an up to date version of the list in csv format for the AFM IPI function to pull in and parse. I'm attempting to do this all within jinja because of the "advanced" logic but it's becoming unwieldy(as jinja can do) and I was hoping that there was either a different approach to IPI whitelisting / blacklisting based on IP address, or some magical solution via the playbook itself where it might be cleaner. An example might be something like using a data-group on the F5 for the list of whitelisted IP addresses instead of a feedlist(or as the list itself). I think though, because I'm trying to handle file management plus error checking it's getting out of hand. Maybe I have to bust out python and do some pre-processing or something like that. I think I may have taken us down a rabbit hole and for that, I apologize.
Thanks!