Sinan_WANG
Dec 01, 2016Nimbostratus
How to create a active asm policy use rest api in v11.6.1?
Hi everyone,
I want to create a active asm policy use rest api, but it didn't work.
{u'code': 401, u'restOperationId': 52707, u'originalRequestBody': u'{"templateReference": {"link": ";}, "name": "rapid-4_asm_policy", "policyBuilderEnabled": false, "active": true, "applicationLanguage": "utf-8", "enforcementMode": "blocking"', u'referer': u'10.10.0.1', u'errorStack': [u'ASMConfigException(error_message:Policy must be applied and/or activated by a Task, error_code:ACTION_NOT_ALLOWED, internal_error:Failed set_active : Error message = Policy must be applied and/or activated by a Task, rest_code:REST_UNAUTHORIZED)'
here is my code:
!/usr/bin/env python
-*- coding=utf-8 -*-
import requests
import json
requests.packages.urllib3.disable_warnings()
创建LTM Policy
def create_ltm_policy_asm(bigip, ltm_policy_name, asm_policy_name):
"""create ltm policy with asm policy"""
policy_payload = {}
policy_payload['name'] = ltm_policy_name
policy_payload['strategy'] = 'first-match'
policy_payload['controls'] = ['asm']
policy_payload['rules'] = [{'name': ltm_policy_name + '_rules',
'actions': [{'name': '0',
'enable': True,
'asm': True,
'request': True,
'policy': asm_policy_name}
]}
]
return bigip.post('%s/ltm/policy' % BIGIP_BASE_URL, data=json.dumps(policy_payload)).json()
给VIP关联POLICY
def modify_vip_add_ltm_policy(bigip, ltm_policy_name, vip_name):
"""modify vip to add ltm policy to enable asm policy"""
payload = {}
payload['policies'] = [{'name': ltm_policy_name}]
payload['profiles'] = [{'name': 'websecurity'}, {'name': 'http'}]
return bigip.put('%s/ltm/virtual/~Common~%s' % (BIGIP_BASE_URL, vip_name), data=json.dumps(payload)).json()
创建ASM Policy
def create_asm_policy(bigip, asm_policy_name):
"""create active asm policy"""
payload = {}
payload['name'] = asm_policy_name + '_asm_policy'
payload['applicationLanguage'] = 'utf-8'
payload['enforcementMode'] = 'blocking'
payload['active'] = True
payload['templateReference'] = {'link': 'https://localhost/mgmt/tm/asm/policy-templates/EY4J-L6HK0AXUYXIc0VjDQ'}
payload['policyBuilderEnabled'] = False
return bigip.post('%s/asm/policies' % BIGIP_BASE_URL, data=json.dumps(payload)).json()
policy_url = bigip.get('%s/asm/policies?select=name+eq+%s' % (BIGIP_BASE_URL, asm_policy_name)).json()['items'][0]['selfLink']
print policy_url
policy_payload={}
policy_payload['policyReference'] = {'link': policy_url}
return bigip.post('%s/asm/tasks/apply-policy/' % BIGIP_BASE_URL, data=json.dumps(policy_payload)).json()
active = {}
active['active'] = True
return bigip.put('%s%s' % (BIGIP_BASE_URL, policy_url[25:]), data=json.dumps(active)).json()
bigip = requests.session()
bigip.auth = ('admin', 'admin')
bigip.verify = False
bigip.headers.update({'Content-Type': 'application/json'})
BIGIP_ADDRESS = '10.10.0.21'
BIGIP_BASE_URL = 'https://%s/mgmt/tm' % BIGIP_ADDRESS
print create_asm_policy(bigip, 'rapid1')