tatmotiv
Feb 16, 2017Cirrostratus
get only non-default object properties via iControl REST
Hi all.
I'm looking for a way to receive all non-default properties of an object via iControl REST. Basically, I need all those properties that would be listed when running "tmsh list xyz" without "all-properties".
For example, on my test-device, "tmsh list" will return the following individual properties for a client-ssl profile...
list ltm profile client-ssl /PA999-Test1/test_clientssl
ltm profile client-ssl PA999-Test1/test_clientssl {
app-service none
cert Common/default.crt
cert-key-chain {
default {
cert Common/default.crt
key Common/default.key
}
}
chain none
defaults-from Common/clientssl
inherit-certkeychain true
key Common/default.key
passphrase none
}
...while querying the same object via ICR will return all properties, including default and inherited settings:
> curl -sk -u admin:xxxxxxxx https://my-bigip/mgmt/tm/ltm/profile/client-ssl/~PA999-Test1~test_clientssl | python -mjson.tool
{
"alertTimeout": "10",
"allowNonSsl": "disabled",
"authenticate": "once",
"authenticateDepth": 9,
"cacheSize": 262144,
"cacheTimeout": 3600,
"cert": "/Common/default.crt",
"certExtensionIncludes": [
"basic-constraints",
"subject-alternative-name"
],
"certKeyChain": [
{
"cert": "/Common/default.crt",
"key": "/Common/default.key",
"name": "default"
}
],
"certLifespan": 30,
"certLookupByIpaddrPort": "disabled",
"ciphers": "DEFAULT",
"defaultsFrom": "/Common/clientssl",
"forwardProxyBypassDefaultAction": "intercept",
"fullPath": "/PA999-Test1/test_clientssl",
"generation": 39,
"genericAlert": "enabled",
"handshakeTimeout": "10",
"inheritCertkeychain": "true",
"key": "/Common/default.key",
"kind": "tm:ltm:profile:client-ssl:client-sslstate",
"maxRenegotiationsPerMinute": 5,
"modSslMethods": "disabled",
"mode": "enabled",
"name": "test_clientssl",
"partition": "PA999-Test1",
"peerCertMode": "ignore",
"peerNoRenegotiateTimeout": "10",
"proxySsl": "disabled",
"proxySslPassthrough": "disabled",
"renegotiateMaxRecordDelay": "indefinite",
"renegotiatePeriod": "indefinite",
"renegotiateSize": "indefinite",
"renegotiation": "enabled",
"retainCertificate": "true",
"secureRenegotiation": "require",
"selfLink": "https://localhost/mgmt/tm/ltm/profile/client-ssl/~PA999-Test1~test_clientssl?ver=11.6.0",
"sessionMirroring": "disabled",
"sessionTicket": "disabled",
"sniDefault": "false",
"sniRequire": "false",
"sslForwardProxy": "disabled",
"sslForwardProxyBypass": "disabled",
"sslSignHash": "any",
"strictResume": "disabled",
"tmOptions": [
"dont-insert-empty-fragments"
],
"uncleanShutdown": "enabled"
}
Does anybody have a simple solution for this? Is there some option that can be passed with the GET request? I want to avoid polling the "defaults-from" object, too and then determin the difference.
Many thanks in advance
Martin