Forum Discussion

tatmotiv's avatar
tatmotiv
Icon for Cirrostratus rankCirrostratus
Feb 16, 2017

get only non-default object properties via iControl REST

Hi all.

I'm looking for a way to receive all non-default properties of an object via iControl REST. Basically, I need all those properties that would be listed when running "tmsh list xyz" without "all-properties".

For example, on my test-device, "tmsh list" will return the following individual properties for a client-ssl profile...

 list ltm profile client-ssl /PA999-Test1/test_clientssl
ltm profile client-ssl PA999-Test1/test_clientssl {
    app-service none
    cert Common/default.crt
    cert-key-chain {
        default {
            cert Common/default.crt
            key Common/default.key
        }
    }
    chain none
    defaults-from Common/clientssl
    inherit-certkeychain true
    key Common/default.key
    passphrase none
}

...while querying the same object via ICR will return all properties, including default and inherited settings:

> curl -sk -u admin:xxxxxxxx https://my-bigip/mgmt/tm/ltm/profile/client-ssl/~PA999-Test1~test_clientssl | python -mjson.tool
{
    "alertTimeout": "10",
    "allowNonSsl": "disabled",
    "authenticate": "once",
    "authenticateDepth": 9,
    "cacheSize": 262144,
    "cacheTimeout": 3600,
    "cert": "/Common/default.crt",
    "certExtensionIncludes": [
        "basic-constraints",
        "subject-alternative-name"
    ],
    "certKeyChain": [
        {
            "cert": "/Common/default.crt",
            "key": "/Common/default.key",
            "name": "default"
        }
    ],
    "certLifespan": 30,
    "certLookupByIpaddrPort": "disabled",
    "ciphers": "DEFAULT",
    "defaultsFrom": "/Common/clientssl",
    "forwardProxyBypassDefaultAction": "intercept",
    "fullPath": "/PA999-Test1/test_clientssl",
    "generation": 39,
    "genericAlert": "enabled",
    "handshakeTimeout": "10",
    "inheritCertkeychain": "true",
    "key": "/Common/default.key",
    "kind": "tm:ltm:profile:client-ssl:client-sslstate",
    "maxRenegotiationsPerMinute": 5,
    "modSslMethods": "disabled",
    "mode": "enabled",
    "name": "test_clientssl",
    "partition": "PA999-Test1",
    "peerCertMode": "ignore",
    "peerNoRenegotiateTimeout": "10",
    "proxySsl": "disabled",
    "proxySslPassthrough": "disabled",
    "renegotiateMaxRecordDelay": "indefinite",
    "renegotiatePeriod": "indefinite",
    "renegotiateSize": "indefinite",
    "renegotiation": "enabled",
    "retainCertificate": "true",
    "secureRenegotiation": "require",
    "selfLink": "https://localhost/mgmt/tm/ltm/profile/client-ssl/~PA999-Test1~test_clientssl?ver=11.6.0",
    "sessionMirroring": "disabled",
    "sessionTicket": "disabled",
    "sniDefault": "false",
    "sniRequire": "false",
    "sslForwardProxy": "disabled",
    "sslForwardProxyBypass": "disabled",
    "sslSignHash": "any",
    "strictResume": "disabled",
    "tmOptions": [
        "dont-insert-empty-fragments"
    ],
    "uncleanShutdown": "enabled"
}

Does anybody have a simple solution for this? Is there some option that can be passed with the GET request? I want to avoid polling the "defaults-from" object, too and then determin the difference.

Many thanks in advance

Martin

devops
iControlREST
LTM

1 Reply

Sort By
  • ksuuk's avatar
    ksuuk
    Icon for Nimbostratus rankNimbostratus
    Oct 03, 2017

    Hi,

     

    I had same issue and asked help from support, they found solution, so here it is:

     

    There is an RFE for our Development team to implement the "?options=non-default-properties" as the default output. This RFE currently has number ID674071, however it is only targeted for a future version, for a future release.

     

    You'll have to add "?options=non-default-properties" in front of the object you're querying.

     

    Instead of:

     

    curl -sk -u admin:xxxxxxxx | python -m json.tool

     

    Use:

     

    curl -sk -u admin:xxxxxxxx | python -m json.tool