Forum Discussion

Alex_Nimo_26616's avatar
Alex_Nimo_26616
Icon for Altocumulus rankAltocumulus
Mar 22, 2018

Activate ASM policy via REST API

Hi,

 

I'm in a process of creating an automation process when deploying ASM policies. I'm stuck in one of the final steps which is activating a new ASM policy which was previously created(inactive). I've looked around in all of the documentation but it seems to be that it's not accurate at all. I'm running version 12.1.2 and just to make sure I've also tested it on version 13.1.0.3.

 

On version 13.1.0.3 it just works flawlessly with the api call:

 

PATCH

 

{ "command": "publish"}

 

Trying the same on 12.1.2 results in an rest api error: "unknown field command" In the documentation it says to specify the path: /mgmt/tm/asm/policy , which doesn't exists. Tried it also with the tasks collection and then apply-policy but it only applies the policy and doesn't activates it. I will appropriate some assistance, what am I missing or doing wrong...

 

Thanks, Alex

 

ASM Advanced WAF
devops
iControl
Super-NetOps

3 Replies

Sort By
  • Alex_Nimo_26616's avatar
    Alex_Nimo_26616
    Icon for Altocumulus rankAltocumulus
    Mar 25, 2018

    After playing around a bit more I somehow managed to use the apply-policy subcollection. Although I've tried it numerous time before without any luck, this time it worked and published my policy:

     

    POST

     

    { "policyReference": { "link": "; } }

     

  • suttonsc's avatar
    suttonsc
    Icon for Employee rankEmployee
    Jun 05, 2018

    In v12 you will need to run this as a task.

    Find the status and the self link of the target policy:

    $ curl -sku admin:admin https://155.121.lab.es.f5net.com/mgmt/tm/asm/policies/Fqpvw5rn1SzYqgrCR9CA1Q | jq  '.active, .selfLink'
false
"https://localhost/mgmt/tm/asm/policies/Fqpvw5rn1SzYqgrCR9CA1Q?ver=12.1.3"

    Using the selfLink from the previous step start the task:

    $ curl -sku admin:admin -X POST -d '{"policyReference": { "link": "https://155.121.lab.es.f5net.com/mgmt/tm/asm/policies/Fqpvw5rn1SzYqgrCR9CA1Q?ver=12.1.3"}}' https://155.121.lab.es.f5net.com/mgmt/tm/asm/tasks/apply-policy | jq .
{
  "kind": "tm:asm:tasks:apply-policy:apply-policy-taskstate",
  "selfLink": "https://localhost/mgmt/tm/asm/tasks/apply-policy/42ZU2wkHI2BLOCx6VYNsVA?ver=12.1.3",
  "policyReference": {
    "link": "https://localhost/mgmt/tm/asm/policies/Fqpvw5rn1SzYqgrCR9CA1Q?ver=12.1.3"
  },
  "status": "NEW",
  "id": "42ZU2wkHI2BLOCx6VYNsVA",
  "startTime": "2018-06-05T15:22:25Z",
  "lastUpdateMicros": 1528212145000000
}

    Validate the task has completed:

    $ curl -sku admin:admin https://155.121.lab.es.f5net.com/mgmt/tm/asm/tasks/apply-policy?\$filter=id%20eq%20\'42ZU2wkHI2BLOCx6VYNsVA\' | jq .
{
  "kind": "tm:asm:tasks:apply-policy:apply-policy-taskcollectionstate",
  "selfLink": "https://localhost/mgmt/tm/asm/tasks/apply-policy?ver=12.1.3&$filter=id%20eq%20'42ZU2wkHI2BLOCx6VYNsVA'",
  "totalItems": 1,
  "items": [
    {
      "status": "COMPLETED",
      "lastUpdateMicros": 1528212157000000,
      "selfLink": "https://localhost/mgmt/tm/asm/tasks/apply-policy/42ZU2wkHI2BLOCx6VYNsVA?ver=12.1.3",
      "kind": "tm:asm:tasks:apply-policy:apply-policy-taskstate",
      "policyReference": {
        "link": "https://localhost/mgmt/tm/asm/policies/Fqpvw5rn1SzYqgrCR9CA1Q?ver=12.1.3"
      },
      "endTime": "2018-06-05T15:22:38Z",
      "startTime": "2018-06-05T15:22:25Z",
      "id": "42ZU2wkHI2BLOCx6VYNsVA"
    }
  ]
}

    Validate the policy has been activated:

    $ curl -sku admin:admin https://155.121.lab.es.f5net.com/mgmt/tm/asm/policies/Fqpvw5rn1SzYqgrCR9CA1Q | jq  '.active, .selfLink'
true
"https://localhost/mgmt/tm/asm/policies/Fqpvw5rn1SzYqgrCR9CA1Q?ver=12.1.3"

    Please let me know if this addresses your question.