Forum Discussion

Cory_O's avatar
Cory_O
Icon for Cirrus rankCirrus
Apr 22, 2023

F5 APM: Deleting domain-groups entries / trim list

Hey everyone,

When I go to remove some domain-groups, I'll use the following CLI command as an example:

 

 

tmsh modify apm profile access MYACCESSPROFILE_LTM-APM_access_profile domain-groups delete { authdomain5 authdomain6 authdomain9 }

 

 

The problem is, running this command leaves "holes" in that it doesn't trim the rest of the list down.  In other words, the above command will leave authdomain6, authdomain6, and authdomain9 objects empty instead of shortening the entire list by 3.

Is there a CLI command to trim down the list and remove the empty objects?

Thanks!

4 Replies

  • At this juncture, unless told otherwise, I would imagine using the replace-all-with command instead of delete would be the only way to "consolidate" the list as the entries appear to remain static.  This can obviously be tedious if you have a significant amount of entries to re-order, but I imagine that would work.  Let me know what everyone thinks and tap "Accept as Solution" if you agree.

    • G-Rob's avatar
      G-Rob
      Icon for Employee rankEmployee

      I would agree with this. I do not believe that TMOS is viewing that as a sequential list, thus replace-all-with may be easier if you want sequential naming.

  • Cory,

    Which version of TMOS are you using? This should be reported via support case, I believe. 

    Thanks

    • Cory_O's avatar
      Cory_O
      Icon for Cirrus rankCirrus

      Good morning!

      I've seen this issue across TMOS versions 12.1.5.3 and 14.1.5.3 thus far.

      If I run this command, three new objects are created in the positions mentioned:

      tmsh modify apm profile access MYACCESSPROFILE_LTM-APM_access_profile domain-groups add { authdomain47 { cookie-domain none cookie-host testapp1.iamaserver.com httponly-cookie false persistent-cookie false secure-cookie true sso-name none } authdomain48 { cookie-domain none cookie-host testapp2.iamaserver.com httponly-cookie false persistent-cookie false secure-cookie true sso-name none } authdomain49 { cookie-domain none cookie-host testapp3.iamaserver.com httponly-cookie false persistent-cookie false secure-cookie true sso-name none } }

      I then run the commands to Apply the Access Policy and save.  Following this, I can run the following command to list the new entries:

      tmsh list apm profile access MYACCESSPROFILE_LTM-APM_access_profile domain-groups

      The end of the results shows up as expected:

              authdomain47 {
                  app-service none
                  cookie-domain none
                  cookie-host testapp1.iamaserver.com
                  httponly-cookie false
                  persistent-cookie false
                  secure-cookie true
                  sso-name none
              }
              authdomain48 {
                  app-service none
                  cookie-domain none
                  cookie-host testapp2.iamaserver.com
                  httponly-cookie false
                  persistent-cookie false
                  secure-cookie true
                  sso-name none
              }
              authdomain49 {
                  app-service none
                  cookie-domain none
                  cookie-host testapp3.iamaserver.com
                  httponly-cookie false
                  persistent-cookie false
                  secure-cookie true
                  sso-name none
              }
          }
      }

      Now I'll try deleting authdomain48:

      tmsh modify apm profile access MYACCESSPROFILE_LTM-APM_access_profile domain-groups delete { authdomain48 }

      I apply the Access Profile, save, and run another list.  This time, you'll see the result is missing authdomain 48 instead of consolidating 49 to position 48:

              authdomain47 {
                  app-service none
                  cookie-domain none
                  cookie-host testapp1.iamaserver.com
                  httponly-cookie false
                  persistent-cookie false
                  secure-cookie true
                  sso-name none
              }
              authdomain49 {
                  app-service none
                  cookie-domain none
                  cookie-host testapp3.iamaserver.com
                  httponly-cookie false
                  persistent-cookie false
                  secure-cookie true
                  sso-name none
              }
          }
      }

      Deleting the entries via the GUI has the same effect.  That's why I was just looking for a command to trim the list down.  I can open a SR if that's what you suggest.