F5Networks / f5-appsvcs-extension

F5 BIG-IP Application Services 3 Extension
Apache License 2.0
167 stars 54 forks source link

Wrong traffic policy rule for the declared one to insert X-Forwarded-Proto header with "http" value #859

Open mikorshunov opened 3 months ago

mikorshunov commented 3 months ago

Environment

Summary

When I deploy the declaration below I get enabled HTTP in the first traffic rule instead of rule to insert X-Forwarded-Proto: http header and its value in request

Steps To Reproduce

Steps to reproduce the behavior:

  1. Submit the following declaration:

    {
    "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/latest/as3-schema.json",
    "class": "AS3",
    "action": "deploy",
    "persist": true,
    "declaration": {
        "class": "ADC",
        "schemaVersion": "3.51.0",
        "AS3Tenant": {
            "class": "Tenant",
            "AS3-virtuals": {
                "class": "Application",
                "http_headers_policy": {
                    "class": "Endpoint_Policy",
                    "rules": [
                        {
                            "name": "headers_add",
                            "conditions": [
                                {
                                    "type": "httpUri",
                                    "path": {
                                        "values": [
                                            "/"
                                        ],
                                        "operand": "starts-with"
                                    }
                                }
                            ],
                            "actions": [
                                {
                                    "event": "request",
                                    "type": "httpHeader",
                                    "insert": {
                                        "name": "X-Forwarded-Proto",
                                        "value": "http"
                                    }
                                },
                                {
                                    "event": "request",
                                    "type": "httpHeader",
                                    "insert": {
                                        "name": "X-Forwarded-Host",
                                        "value": "tcl: [HTTP::host]"
                                    }
                                },
                                {
                                    "event": "request",
                                    "type": "httpHeader",
                                    "insert": {
                                        "name": "X-Forwarded-Prefix",
                                        "value": "tcl: [HTTP::uri]"
                                    }
                                }
                            ]
                        }
                    ],
                    "strategy": "all-match"
                }
            }
        }
    }
    }
  2. Observe the following output

    {
    "id": "7aad83f8-9f90-4b56-bf38-54ebe630a6ab",
    "results": [
        {
            "code": 200,
            "message": "success",
            "lineCount": 19,
            "host": "localhost",
            "tenant": "AS3Tenant",
            "runTime": 3533,
            "declarationId": "autogen_4cb71b81-2795-436e-8334-944ea3d6fb8e"
        }
    ],
    "declaration": {
        "AS3Tenant": {
            "class": "Tenant",
            "AS3-virtuals": {
                "class": "Application",
                "http_headers_policy": {
                    "class": "Endpoint_Policy",
                    "rules": [
                        {
                            "name": "headers_add",
                            "conditions": [
                                {
                                    "type": "httpUri",
                                    "path": {
                                        "values": [
                                            "/"
                                        ],
                                        "operand": "starts-with"
                                    }
                                }
                            ],
                            "actions": [
                                {
                                    "event": "request",
                                    "type": "httpHeader",
                                    "insert": {
                                        "name": "X-Forwarded-Proto",
                                        "value": "http"
                                    }
                                },
                                {
                                    "event": "request",
                                    "type": "httpHeader",
                                    "insert": {
                                        "name": "X-Forwarded-Host",
                                        "value": "tcl: [HTTP::host]"
                                    }
                                },
                                {
                                    "event": "request",
                                    "type": "httpHeader",
                                    "insert": {
                                        "name": "X-Forwarded-Prefix",
                                        "value": "tcl: [HTTP::uri]"
                                    }
                                }
                            ]
                        }
                    ],
                    "strategy": "all-match"
                }
            }
        },
        "class": "ADC",
        "schemaVersion": "3.51.0",
        "controls": {
            "class": "Controls",
            "userAgent": "vscode-f5/3.16.1",
            "archiveTimestamp": "2024-07-24T15:37:07.989Z"
        },
        "id": "autogen_4cb71b81-2795-436e-8334-944ea3d6fb8e",
        "updateMode": "selective"
    }
    }

Expected Behavior

I would like to get the following traffic policy configuration: ltm policy /AS3Tenant/AS3-virtuals/http_headers_policy { partition AS3Tenant requires { http } rules { headers_add { actions { 0 { http-header insert name X-Forwarded-Proto value "http" } 1 { http-header insert name X-Forwarded-Host value "tcl: [HTTP::host]" } 2 { http-header insert name X-Forwarded-Prefix value "tcl: [HTTP::uri]" } } conditions { 0 { http-uri path starts-with values { / } } } } } status published strategy all-match }

Actual Behavior

First traffic policy rule comes up with HTTP enablement instead of header insertion: ltm policy /AS3Tenant/AS3-virtuals/http_headers_policy { last-modified 2024-07-24:18:31:25 partition AS3Tenant requires { http } rules { headers_add { actions { 0 { http enable } 1 { http-header insert name X-Forwarded-Host value "tcl: [HTTP::host]" } 2 { http-header insert name X-Forwarded-Prefix value "tcl: [HTTP::uri]" } } conditions { 0 { http-uri path starts-with values { / } } } } } status legacy strategy all-match }

sunitharonan commented 3 months ago

Thank you for reaching out. We have created a internal product backlog AUTOTOOL-4454 for this item, in order for us to prioritize please reach out to us at automation_toolchain_pm@f5.com