20-Feb-2023 08:11
Hello,
trying to compare and merge two ASM policies via REST API but with no success.
I called endpoint POST /mgmt/tm/asm/tasks/policy-diff with body:
{"firstPolicyReference": { "link": "http://localhost/mgmt/tm/asm/policies/firstID"}, "secondPolicyReference": {"link": "http://localhost/mgmt/tm/asm/policies/secondID"}}
From response I took selflink and called it as GET request. Follow response was reported:
{"executionStartTime": "2023-02-20T15:36:04Z", "status": "COMPLETED", "lastUpdateMicros": 1676907376000000.0, "kind": "tm:asm:tasks:policy-diff:policy-diff-taskstate", "selfLink": "https://localhost/mgmt/tm/asm/tasks/policy-diff/id?ver=16.1.3", "endTime": "2023-02-20T15:36:17Z", "id": "id", "startTime": "2023-02-20T15:36:04Z", "firstPolicyReference": {"link": "https://localhost/mgmt/tm/asm/policies/id?ver=16.1.3", "fullPath": "/Common/sp_test_firstpolicy"}, "secondPolicyReference": {"link": "https://localhost/mgmt/tm/asm/policies/id?ver=16.1.3", "fullPath": "/Common/sp_test_secondpolicy"}, "result": {"policyDiffReference": {"link": "https://localhost/mgmt/tm/asm/policy-diffs/id?ver=16.1.3", "firstPolicyReference": {"link": "https://localhost/mgmt/tm/asm/policies/id?ver=16.1.3", "fullPath": "/Common/sp_test_firstpolicy"}, "secondPolicyReference": {"link": "https://localhost/mgmt/tm/asm/policies/id?ver=16.1.3", "fullPath": "/Common/sp_test_secondpolicy"}}}}
But in response I do not see details what has been changed. Regarding policies I copied first policy and create new one with different name and added to the policy two additional response codes. No other changes has been added.
I tried to call endpoint /mgmt/tm/asm/tasks/policy-merge just to see if something will change on first policy but no changes has been done. Body in request
{"policyDiffReference": { "link": "selflink"}, "addMissingEntitiesToFirst": true}
When I compared policies via GUI it was correctly reported. Second policy contains in addition two more response codes.
Allowed Response Codes: 419, 405.
Did I call it wrong?
Best Regards,
Jozef
28-Feb-2023 09:16
Hey @JustJozef - I see nobody has answered you yet. I've called out this post in this week's Community Highlights, Week 9 '23 article to increase visibility, and forwarded it to a colleague to see if they can help.
22-Mar-2023 04:34
A good question that I have been asking myself. If you get the answer, please share it and if I also manage to find it, so will I share it with you 🙂
22-Mar-2023 04:57
Unforunately still do not have solution for it. Will return to this topic in next weeks but I am afraid that I will finish with "manual" work when I will want merge two policies.
27-Mar-2023 14:30
Still poking around for an answer for you, @JustJozef! I'm sorry for the long delay!
10-Apr-2023 03:00 - edited 10-Apr-2023 03:32
I tried the guide at https://cdn.f5.com/websites/devcentral.f5.com/downloads/icontrol-rest-api-user-guide-16-1-0.pdf but I get the restjavad log error below:
[SEVERE][252][10 Apr 2023 12:51:35 UTC][com.f5.rest.workers.asm.AsmConfigWorker] nanoTime:[3661835037124] threadId:[24] Exception:[ASMConfigException(error_message:Could not parse/validate the Policy Diff Task. Invalid reference for secondPolicyReference ('test-signature'), error_code:UNKNOWN, internal_error:Failed parse/validate for PolicyDiffTask found -- parse/validate aborted : Error message = Invalid reference for secondPolicyReference ('test-signature'), rest_code:REST_INTERNAL_SERVER_ERROR)
I am not even getting to the merge 🙂 . Still you can try following the GUIDE as my version is 16.1.3 and maybe yours do not have the bug as you need to send "POST" not "GET" Requests and the Content-Type header should be application/json. Other than test with admin credentials in your lab, just as the API user and token may have limited rights or something like that.
03-May-2023 05:33
At the end I modify policy manually and then trigger script with python library jsondiff to compare my last stored policy with new one. Not perfect but help.