search

F5Networks / f5-ansible-bigip

Declarative Ansible collection for managing F5 BIG-IP/BIG-IQ.
37 stars 17 forks source link

Cannot modify SSLO Security Policy condition created by bigip_sslo_config_policy module after creation #81

Open imohmmad opened 7 months ago

imohmmad commented 7 months ago
COMPONENT NAME

bigip_sslo_config_policy

Environment

ANSIBLE VERSION

ansible [core 2.16.2] config file = /python-env/POD-ONBOARDING/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /python-env/ansible-9.1.0/lib/python3.11/site-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /python-env/ansible-9.1.0/bin/ansible python version = 3.11.4 (main, Dec 7 2023, 15:43:41) [GCC 12.3.0] (/python-env/ansible-9.1.0/bin/python3) jinja version = 3.1.3 libyaml = True

BIGIP VERSION

Sys::Version Main Package Product BIG-IP Version 17.1.1.1 Build 0.68.2 Edition Engineering Hotfix Date Mon Feb 5 10:51:42 PST 2024

CONFIGURATION
OS / ENVIRONMENT

OS / ENVIRONMENT Ubuntu 20.04.3

SUMMARY

After creating an sslo security policy via ansible module bigip_sslo_config_policy, define some policy rules, you can no longer make changes to your existing rules via gui.

STEPS TO REPRODUCE

Create the following SSLO security Policy via Ansible (which is successful)

 - name: Create Explicit HTTP Proxy Security_Policy
  bigip_sslo_config_policy:
    name: "Explicit_proxy"
    server_cert_check: false
    default_rule:
      allow_block: "allow"
      tls_intercept: "intercept"
      service_chain: "Explicit_Proxy"

    policy_rules:
      - name: "Pinners_Rule"
        match_type: "match_all"
        policy_action: "allow"
        ssl_action: "bypass"
        conditions:
          - condition_type: "category_lookup_sni"
            condition_option_category:
              - "Pinners"
          - condition_type: "ssl_check"

      - name: "Category_Bypass"
        match_type: "match_all"
        policy_action: "allow"
        ssl_action: "bypass"
        conditions:
          - condition_type: "category_lookup_all"
            condition_option_category:
              - "Financial Data and Services"
              - "General Email"
              - "Health and Medicine"
          - condition_type: "ssl_check"

      - name: "Dest_IP_Bypass"
        match_type: "match_all"
        policy_action: "allow"
        ssl_action: "bypass"
        conditions:
          - condition_type: "server_ip_subnet_match"
            condition_option_subnet:
              - "10.0.0.0/8"
              - "192.168.1.100/32"
              - "192.168.1.200/32"
          - condition_type: "ssl_check"
EXPECTED RESULTS

After Creating Security Policy, should be able to edit the policy and its associated condition from GUI

ACTUAL RESULTS

Unable to Modify Security Policy and its associated condition from GUI

pgouband commented 5 months ago

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1534.