f5-appsvcs-extension
f5-appsvcs-extension copied to clipboard
Published
20 hours ago •
F5Networks
F5Networks
NAT_Policy rule translated source unable to set antomap
Environment
-
Application Services Version: 3.29.0
-
BIG-IP Version: 17.1.1.4 Build 0.0.9 Point Release 4
Summary
First, in f5 web, you can see the "Automap "option.
I tried to write "sourceTranslation": { "use": "automap" } in "class: NAT_Policy" rules, I replaced the "use" field with "bigip", and tried to capitalize the first letter of "automap", but the call failed.
Steps To Reproduce
Steps to reproduce the behavior:
- Submit the following declaration:
{
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json",
"class": "AS3",
"declaration":
{
"Common":
{
"Shared":
{
"class": "Application",
"k8s_afm_hsl_log_profile":
{
"class": "Security_Log_Profile",
"network":
{
"logIpErrors": true,
"logRuleMatchAccepts": true,
"logRuleMatchDrops": true,
"logRuleMatchRejects": true,
"logTcpErrors": true,
"logTcpEvents": true,
"publisher":
{
"use": "/Common/Shared/k8s_firewall_hsl_log_publisher"
},
"storageFormat":
{
"fields":
[
"bigip-hostname",
"acl-rule-name",
"acl-policy-name",
"acl-policy-type",
"protocol",
"action",
"drop-reason",
"context-name",
"context-type",
"date-time",
"src-ip",
"src-port",
"vlan",
"route-domain",
"dest-ip",
"dest-port"
]
}
}
},
"k8s_firewall_hsl_log_publisher":
{
"class": "Log_Publisher",
"destinations":
[
{
"bigip": "/Common/local-db"
}
]
},
"k8s_global_global-policy-dns_ext_dns-for-global_address":
{
"addresses":
[
"223.5.5.5"
],
"class": "Firewall_Address_List"
},
"k8s_global_global-policy-dns_ext_dns-for-global_ports_tcp":
{
"class": "Firewall_Port_List",
"ports":
[
"54",
"6000-7000",
"23456",
"777"
]
},
"k8s_global_global-policy-dns_ext_dns-for-global_ports_udp":
{
"class": "Firewall_Port_List",
"ports":
[
"53",
"8000-9000",
"12345",
"888"
]
},
"k8s_global_global-policy-dns_ext_dns-for-global_rule_list":
{
"class": "Firewall_Rule_List",
"rules":
[
{
"action": "accept-decisively",
"destination":
{
"addressLists":
[
{
"use": "/Common/Shared/k8s_global_global-policy-dns_ext_dns-for-global_address"
}
],
"portLists":
[
{
"use": "/Common/Shared/k8s_global_global-policy-dns_ext_dns-for-global_ports_tcp"
}
]
},
"name": "accept-decisively_dns-for-global_tcp",
"protocol": "tcp",
"source":
{}
},
{
"action": "accept-decisively",
"destination":
{
"addressLists":
[
{
"use": "/Common/Shared/k8s_global_global-policy-dns_ext_dns-for-global_address"
}
],
"portLists":
[
{
"use": "/Common/Shared/k8s_global_global-policy-dns_ext_dns-for-global_ports_udp"
}
]
},
"name": "accept-decisively_dns-for-global_udp",
"protocol": "udp",
"source":
{}
}
]
},
"k8s_gw_pool":
{
"class": "Pool",
"members":
[
{
"enable": true,
"serverAddresses":
[
"192.168.21.254"
],
"servicePort": 0
}
],
"monitors":
[
{
"bigip": "/Common/gateway_icmp"
}
]
},
"k8s_log_pool":
{
"class": "Pool",
"members":
[
{
"enable": true,
"serverAddresses":
[
"1.2.3.4"
],
"servicePort": 514
}
],
"monitors":
[
{
"bigip": "/Common/gateway_icmp"
}
]
},
"k8s_ns_policy_rd":
{
"class": "Firewall_Policy",
"rules":
[]
},
"k8s_ns_policy_rd0":
{
"class": "Firewall_Policy",
"rules":
[]
},
"k8s_outbound_va":
{
"arpEnabled": false,
"class": "Service_Address",
"icmpEcho": "disable",
"virtualAddress": "0.0.0.0"
},
"k8s_outbound_vs":
{
"class": "Service_L4",
"layer4": "any",
"policyFirewallEnforced":
{
"use": "/Common/Shared/k8s_svc_policy_rd"
},
"policyNAT":
{
"use": "k8s_snat_policy"
},
"securityLogProfiles":
[
{
"use": "/Common/Shared/k8s_afm_hsl_log_profile"
}
],
"snat": "none",
"translateServerAddress": false,
"translateServerPort": false,
"virtualAddresses":
[
{
"use": "/Common/Shared/k8s_outbound_va"
}
],
"virtualPort": 0
},
"k8s_snat_ces_busybox-snat_ext_busybox-svc_address":
{
"addresses":
[
"223.5.5.5"
],
"class": "Firewall_Address_List"
},
"k8s_snat_ces_busybox-snat_ext_busybox-svc_ports_tcp":
{
"class": "Firewall_Port_List",
"ports":
[
"1-65535"
]
},
"k8s_snat_policy":
{
"class": "NAT_Policy",
"rules":
[
{
"destination":
{
"addressLists":
[
{
"use": "/Common/Shared/k8s_snat_ces_busybox-snat_ext_busybox-svc_address"
}
],
"portLists":
[
{
"use": "/Common/Shared/k8s_snat_ces_busybox-snat_ext_busybox-svc_ports_tcp"
}
]
},
"name": "busybox_snat",
"protocol": "tcp",
"source":
{
"addressLists":
[
{
"use": "/Common/Shared/k8s_snat_ces_busybox-snat_ep_busybox-svc_src_address"
}
]
},
"sourceTranslation":
{
"use": "/Common/Shared/k8s_snat_ces_busybox-snat_source_translation"
}
},
{
"name": "k8s_snat_automap",
"protocol": "any",
"sourceTranslation": {
"use": "automap"
}
}
]
},
"k8s_snat_ces_busybox-snat_ep_busybox-svc_src_address":
{
"addresses":
[
"10.234.178.7"
],
"class": "Firewall_Address_List"
},
"k8s_snat_ces_busybox-snat_source_translation":
{
"addresses":
[
"192.168.21.41"
],
"class": "NAT_Source_Translation",
"type": "static-nat"
},
"k8s_svc_ces_busybox-to-227-ng-web_ep_busybox-svc_src_address":
{
"addresses":
[
"10.234.178.7"
],
"class": "Firewall_Address_List"
},
"k8s_svc_ces_busybox-to-227-ng-web_ext_ng-227-web_address":
{
"addresses":
[
"192.168.21.63",
"101.33.66.162"
],
"class": "Firewall_Address_List",
"fqdns":
[
"www.baidu.com"
]
},
"k8s_svc_ces_busybox-to-227-ng-web_ext_ng-227-web_ports_tcp":
{
"class": "Firewall_Port_List",
"ports":
[
"80-82",
"8080",
"443"
]
},
"k8s_svc_ces_busybox-to-227-ng-web_ext_ng-227-web_rule_list":
{
"class": "Firewall_Rule_List",
"rules":
[
{
"action": "accept-decisively",
"destination":
{
"addressLists":
[
{
"use": "/Common/Shared/k8s_svc_ces_busybox-to-227-ng-web_ext_ng-227-web_address"
}
],
"portLists":
[
{
"use": "/Common/Shared/k8s_svc_ces_busybox-to-227-ng-web_ext_ng-227-web_ports_tcp"
}
]
},
"loggingEnabled": true,
"name": "accept-decisively_ng-227-web_tcp",
"protocol": "tcp",
"source":
{
"addressLists":
[
{
"use": "/Common/Shared/k8s_svc_ces_busybox-to-227-ng-web_ep_busybox-svc_src_address"
}
]
}
}
]
},
"k8s_svc_deny_all_rule_list":
{
"class": "Firewall_Rule_List",
"rules":
[
{
"action": "drop",
"destination":
{},
"name": "deny_all_rule",
"protocol": "any",
"source":
{}
}
]
},
"k8s_svc_policy_rd":
{
"class": "Firewall_Policy",
"rules":
[
{
"use": "/Common/Shared/k8s_svc_ces_busybox-to-227-ng-web_ext_ng-227-web_rule_list"
},
{
"use": "/Common/Shared/k8s_svc_deny_all_rule_list"
}
]
},
"k8s_svc_policy_rd0":
{
"class": "Firewall_Policy",
"rules":
[
{
"use": "/Common/Shared/k8s_svc_deny_all_rule_list"
}
]
},
"k8s_system_global_policy":
{
"class": "Firewall_Policy",
"rules":
[
{
"use": "/Common/Shared/k8s_global_global-policy-dns_ext_dns-for-global_rule_list"
}
]
},
"template": "shared"
},
"class": "Tenant"
},
"class": "ADC",
"id": "k8s-ces-controller",
"schemaVersion": "3.28.0",
"updateMode": "selective"
}
}
- Observe the following error response:
{
"code": 422,
"errors": [
"/Common/Shared/k8s_snat_policy/rules/1/sourceTranslation/use: contains path to non-existent object automap"
],
"declarationFullId": "",
"message": "declaration is invalid"
}
Expected Behavior
POST "https://192.168.31.101/mgmt/shared/appsvcs/declare/Common" return 200 http code. Ability to configure "Automap" in translated source like in f5 web.
Actual Behavior
POST "https://192.168.31.101/mgmt/shared/appsvcs/declare/Common" return 422 http code.
