Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

icontrol - policy-diff and merge

JustJozef
Cirrus
Cirrus

‎20-Feb-2023 08:11

Hello,

trying to compare and merge two ASM policies via REST API but with no success.

I called endpoint POST /mgmt/tm/asm/tasks/policy-diff with body:

{"firstPolicyReference": { "link": "http://localhost/mgmt/tm/asm/policies/firstID"}, "secondPolicyReference": {"link": "http://localhost/mgmt/tm/asm/policies/secondID"}}

From response I took selflink and called it as GET request. Follow response was reported:

{"executionStartTime": "2023-02-20T15:36:04Z", "status": "COMPLETED", "lastUpdateMicros": 1676907376000000.0, "kind": "tm:asm:tasks:policy-diff:policy-diff-taskstate", "selfLink": "https://localhost/mgmt/tm/asm/tasks/policy-diff/id?ver=16.1.3", "endTime": "2023-02-20T15:36:17Z", "id": "id", "startTime": "2023-02-20T15:36:04Z", "firstPolicyReference": {"link": "https://localhost/mgmt/tm/asm/policies/id?ver=16.1.3", "fullPath": "/Common/sp_test_firstpolicy"}, "secondPolicyReference": {"link": "https://localhost/mgmt/tm/asm/policies/id?ver=16.1.3", "fullPath": "/Common/sp_test_secondpolicy"}, "result": {"policyDiffReference": {"link": "https://localhost/mgmt/tm/asm/policy-diffs/id?ver=16.1.3", "firstPolicyReference": {"link": "https://localhost/mgmt/tm/asm/policies/id?ver=16.1.3", "fullPath": "/Common/sp_test_firstpolicy"}, "secondPolicyReference": {"link": "https://localhost/mgmt/tm/asm/policies/id?ver=16.1.3", "fullPath": "/Common/sp_test_secondpolicy"}}}}

But in response I do not see details what has been changed. Regarding policies I copied first policy and create new one with different name and added to the policy two additional response codes. No other changes has been added.

I tried to call endpoint /mgmt/tm/asm/tasks/policy-merge just to see if something will change on first policy but no changes has been done. Body in request 

{"policyDiffReference": { "link": "selflink"}, "addMissingEntitiesToFirst": true}

When I compared policies via GUI it was correctly reported. Second policy contains in addition two more response codes. 

Allowed Response Codes: 419, 405.

Did I call it wrong?

Best Regards,

Jozef

Labels:
6 REPLIES 6

Leslie_Hubertus
Community Manager
Community Manager

‎28-Feb-2023 09:16

Hey @JustJozef - I see nobody has answered you yet. I've called out this post in this week's Community Highlights, Week 9 '23 article to increase visibility, and forwarded it to a colleague to see if they can help. 

Nikoolayy1
MVP
MVP

‎22-Mar-2023 04:34

A good question that I have been asking myself. If you get the answer, please share it and if I also manage to find it, so will I share it with you 🙂

0 Kudos

JustJozef
Cirrus
Cirrus
In response to Nikoolayy1

‎22-Mar-2023 04:57

Unforunately still do not have solution for it. Will return to this topic in next weeks but I am afraid that I will finish with "manual" work when I will want merge two policies.

Leslie_Hubertus
Community Manager
Community Manager
In response to JustJozef

‎27-Mar-2023 14:30

Still poking around for an answer for you, @JustJozef! I'm sorry for the long delay!

0 Kudos

Nikoolayy1
MVP
MVP

‎10-Apr-2023 03:00 - edited ‎10-Apr-2023 03:32

I tried the guide at https://cdn.f5.com/websites/devcentral.f5.com/downloads/icontrol-rest-api-user-guide-16-1-0.pdf but I get the restjavad log error below:

[SEVERE][252][10 Apr 2023 12:51:35 UTC][com.f5.rest.workers.asm.AsmConfigWorker] nanoTime:[3661835037124] threadId:[24] Exception:[ASMConfigException(error_message:Could not parse/validate the Policy Diff Task. Invalid reference for secondPolicyReference ('test-signature'), error_code:UNKNOWN, internal_error:Failed parse/validate for PolicyDiffTask found -- parse/validate aborted : Error message = Invalid reference for secondPolicyReference ('test-signature'), rest_code:REST_INTERNAL_SERVER_ERROR)

 

 

I am not even getting to the merge 🙂 . Still you can try following the GUIDE as my version is 16.1.3 and maybe yours do not have the bug as you need to send "POST" not "GET" Requests and the Content-Type header should be application/json. Other than test with admin credentials in your lab, just as the API user and token may have limited rights or something like that.

 

f5-bug.PNG

JustJozef
Cirrus
Cirrus
In response to Nikoolayy1

‎03-May-2023 05:33

At the end I modify policy manually and then trigger script with python library jsondiff to compare my last stored policy with new one. Not perfect but help.

Copyright © 2023 Khoros, LLC