Forum Discussion
Dominik_312933
Apr 20, 2018Nimbostratus
Yes, you are correct this does not check the "enforcement readiness" state. Thanks for pointing out the respective API calls to achieve this functionality in
https://devcentral.f5.com/d/icontrol-rest-user-guide-version-131-246
. Please let me know once you have an update on your open case.
On the other hand, a workaround I could think of is to check all learning suggestions for a given policy for their status and last occurrence. If a signature does not have any suggestions associated for a specified time range it can be ready for enforcement.
e.g. by issuing the following calls you could conclude that if no learning suggestion associated with a particular signature occurred for more than 7 days, the signature is ready for enforcement:
GET https://f5.intern/mgmt/tm/asm/policies/ABCDEFG123456/?$select=id,enforcementReadinessPeriod
...
"stagingSettings":{
"signatureStaging":true,
"enforcementReadinessPeriod":7
}
...
GET https://f5.intern/mgmt/tm/asm/policies/ABCDEFG123456/suggestions/?$select=id,lastOccurrenceDatetime,signatureReference,status