I am looking for the best long-term, easiest to support, way to automatically manage SSL certs in Big-IP.
I found f5-sdk, but it is no longer under active development, since May 30, 2021.
I found f5-sdk-python, which seems to be a different sdk. It's under "f5devcentral" instead of "f5networks," so I guess it's community supported rather than officially supported, although both are "copyright F5 Networks, Inc." so it's confusing. It doesn't have a "no longer actively developed" banner on it, but its last commit was Apr 16, 2020. Which makes me think it is actually no longer developed.
I found f5-cli, which is based on the above f5-sdk-python. So I think it's actually no longer developed.
I found lets-encrypt-python, whic is based on BIGREST, which is a wrapper around the `requests` module using the iControl REST API. It's specifically made to address the above problems with the sdk's being unmaintained, but users need to know the API url's. I've been running into difficulties using it, because of incomplete or inaccurate documentation about the API. Specifically, the url's that are used in lets-encrypt-python, and even in the `_connect()` method of BIGREST, don't exist on my Big-IP device, so I had to create an issue, and patch BIGREST, to make BIGREST functional with my device, but then the url's in lets-encrypt-python also don't exist on my device, so I'm left to figure out the API on my own. I'm not sure if the API changed between my version of Big-IP and the author's version of Big-IP, or if we have a different device, or different licensing, or what. The only thing I'm sure about is that some of the URL's they used don't exist for me.
The iControl REST API documentation has a banner at the top, more or less encouraging users not to use it, and instead recommending using AS3. When I ignore this banner and try to use it, I find the API documentation itself has a bunch of missing or inaccurate parts, so maybe it is best to use AS3. Or maybe I should keep working on the API some more, I'm not sure.
One of the requirements for AS3 is the user must have Administrator role, basically root, on the F5. This is contrary to our organization security policy, so if we need it, I'm going to have to raise meetings with management and include our infosec group to make it happen, so I don't want to push that direction unless I know it's the right direction for us to go.
Can anyone offer advice on the best long-term, most well supported path forward?
Following are cons of using AS3
I would use REST API over AS3 anyday!!!