f5-appsvcs-extension icon indicating copy to clipboard operation
f5-appsvcs-extension copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

AS3 doesn't accept iRules with comments contained brackets: { or }

Open paxan-semenov opened this issue 3 years ago • 2 comments

Environment

  • Application Services Version: 3.31
  • BIG-IP Version: 16.0

Summary

AS3 doesn't accept iRules with comments contained brackets: { or }

That rule is valid:

[root@do:Active:Standalone] config # tmsh list ltm rule test_iRule
ltm rule test_iRule {
# Check if the IP address is within the defined list of addresses to throttle
#fif { [class match [IP::client_addr] equals IP_Throttle_List ] } {

when RULE_INIT {
    set static::timeout 5
}
}
[root@do:Active:Standalone] config #

Steps To Reproduce

Steps to reproduce the behavior:

  1. Submit the following declaration:
{
    "class": "ADC",
    "schemaVersion": "3.33.0",
    "id": "urn:uuid:fa63f5ac-1822-4646-a5cf-7a6a8bd27213",
    "label": "Converted Declaration",
    "remark": "Generated by Automation Config Converter",
    "Common": {
        "class": "Tenant",
        "Shared": {
            "class": "Application",
            "template": "shared",
            "test_iRule": {
                "class": "iRule",
                "iRule": "# Check if the IP address is within the defined list of addresses to throttle\n#fif { [class match [IP::client_addr] equals IP_Throttle_List ] } {\nwhen RULE_INIT {\n    set static::timeout 5\n}"
            }
        }
    }
}
  1. Observe the following error response:
{
            "code": 400,
            "message": "declaration failed",
            "response": "POST http://admin:XXXXXX@localhost:8100/mgmt/tm/sys/config merge cli script response=400 body={\"code\":400,\"message\":\"incomplete command\",\"errorStack\":[],\"apiError\":26214401}",
            "host": "localhost",
            "tenant": "Common",
            "runTime": 3301
}

Expected Behavior

Valid iRule should be accepted

Actual Behavior

Right now we have an error

paxan-semenov avatar Dec 17 '21 23:12 paxan-semenov

Thank you for your feedback. I have confirmed the bug and added it to our internal product backlog as AUTOTOOL-2924.

I also confirmed that this error still occurs when using base64 encoding.

dstokesf5 avatar Jan 07 '22 19:01 dstokesf5

I provided not encoded iRule here just for better visibility. Encoded has the same error

paxan-semenov avatar Jan 07 '22 21:01 paxan-semenov

Update after looking at this issue

We were able to determine that it does look like we could have the option of using iControl REST instead of the cli script. We could do something like "iControl_postFromRemote", which we use for uploading files to the BIG-IP. POSTing a body like the following to the iRule endpoint creates the iRule just fine:

{
    "name": "testiRule",
    "apiAnonymous": "# Check if the IP address is within the defined list of addresses to throttle\n#fif { [class match [IP::client_addr] equals IP_Throttle_List ] } {\nwhen RULE_INIT {\n    set static::timeout 5\n}"
}

We would want to change AS3 to handle iRule's with iControl REST every time, if we were to go with this solution. Making sure that rollback is properly handled is also something that we would want to be careful with. It's likely that we would want to use "rollback" when we create tmsh commands to have a delete command for the iRule in case the cli script fails. Examples of rollback can be found in fetch and map_cli.

At this time I don't insist fix it but documenting that we have a known issue

mdditt2000 avatar Jan 04 '23 19:01 mdditt2000