Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

icontrol - policy-diff and merge

JustJozef
Cirrus
Cirrus

Hello,

trying to compare and merge two ASM policies via REST API but with no success.

I called endpoint POST /mgmt/tm/asm/tasks/policy-diff with body:

{"firstPolicyReference": { "link": "http://localhost/mgmt/tm/asm/policies/firstID"}, "secondPolicyReference": {"link": "http://localhost/mgmt/tm/asm/policies/secondID"}}

From response I took selflink and called it as GET request. Follow response was reported:

{"executionStartTime": "2023-02-20T15:36:04Z", "status": "COMPLETED", "lastUpdateMicros": 1676907376000000.0, "kind": "tm:asm:tasks:policy-diff:policy-diff-taskstate", "selfLink": "https://localhost/mgmt/tm/asm/tasks/policy-diff/id?ver=16.1.3", "endTime": "2023-02-20T15:36:17Z", "id": "id", "startTime": "2023-02-20T15:36:04Z", "firstPolicyReference": {"link": "https://localhost/mgmt/tm/asm/policies/id?ver=16.1.3", "fullPath": "/Common/sp_test_firstpolicy"}, "secondPolicyReference": {"link": "https://localhost/mgmt/tm/asm/policies/id?ver=16.1.3", "fullPath": "/Common/sp_test_secondpolicy"}, "result": {"policyDiffReference": {"link": "https://localhost/mgmt/tm/asm/policy-diffs/id?ver=16.1.3", "firstPolicyReference": {"link": "https://localhost/mgmt/tm/asm/policies/id?ver=16.1.3", "fullPath": "/Common/sp_test_firstpolicy"}, "secondPolicyReference": {"link": "https://localhost/mgmt/tm/asm/policies/id?ver=16.1.3", "fullPath": "/Common/sp_test_secondpolicy"}}}}

But in response I do not see details what has been changed. Regarding policies I copied first policy and create new one with different name and added to the policy two additional response codes. No other changes has been added.

I tried to call endpoint /mgmt/tm/asm/tasks/policy-merge just to see if something will change on first policy but no changes has been done. Body in request 

{"policyDiffReference": { "link": "selflink"}, "addMissingEntitiesToFirst": true}

When I compared policies via GUI it was correctly reported. Second policy contains in addition two more response codes. 

Allowed Response Codes: 419, 405.

Did I call it wrong?

Best Regards,

Jozef

6 REPLIES 6

Leslie_Hubertus
Community Manager
Community Manager

Hey @JustJozef - I see nobody has answered you yet. I've called out this post in this week's Community Highlights, Week 9 '23 article to increase visibility, and forwarded it to a colleague to see if they can help. 

A good question that I have been asking myself. If you get the answer, please share it and if I also manage to find it, so will I share it with you 🙂

Unforunately still do not have solution for it. Will return to this topic in next weeks but I am afraid that I will finish with "manual" work when I will want merge two policies.

Still poking around for an answer for you, @JustJozef! I'm sorry for the long delay!

I tried the guide at https://cdn.f5.com/websites/devcentral.f5.com/downloads/icontrol-rest-api-user-guide-16-1-0.pdf but I get the restjavad log error below:

[SEVERE][252][10 Apr 2023 12:51:35 UTC][com.f5.rest.workers.asm.AsmConfigWorker] nanoTime:[3661835037124] threadId:[24] Exception:[ASMConfigException(error_message:Could not parse/validate the Policy Diff Task. Invalid reference for secondPolicyReference ('test-signature'), error_code:UNKNOWN, internal_error:Failed parse/validate for PolicyDiffTask found -- parse/validate aborted : Error message = Invalid reference for secondPolicyReference ('test-signature'), rest_code:REST_INTERNAL_SERVER_ERROR)

 

 

I am not even getting to the merge 🙂 . Still you can try following the GUIDE as my version is 16.1.3 and maybe yours do not have the bug as you need to send "POST" not "GET" Requests and the Content-Type header should be application/json. Other than test with admin credentials in your lab, just as the API user and token may have limited rights or something like that.

 

f5-bug.PNG

At the end I modify policy manually and then trigger script with python library jsondiff to compare my last stored policy with new one. Not perfect but help.