JacobAx-OCD
commented
4 weeks ago If i remove a firewall policy rule with irule reference and remove that irule in the same update, this works. so delete this: { "name": "rule1", "action": "accept", "protocol": "tcp", "iRule": { "use": "rule1_iRule" } and this: "rule1_iRule": { "class": "iRule", "iRule": "\nwhen HTTP_REQUEST {\n\nlog local0. \"hi from irule\"\n\n}" }
and send the update to F5 , this works seems like only deletion of full Firewall_Policy containing irule references is an issue
Environment
Summary
A clear and concise description of what the bug is. Please also include information about the reproducibility and the severity/impact of the issue.
Steps To Reproduce
Steps to reproduce the behavior:
Submit the following declaration:
Observe the following error response: This is succesfull the declaration is valid
Now i try to delete with sending DELETE /mgmt/shared/appsvcs/declare/production { "results": [ { "code": 422, "message": "declaration failed", "response": "01070830:3: The iRule (/production/myapplication/rule1_iRule) cannot be deleted because it is in use by a fw_rule (rule1) in Policy (/production/myapplication/myapplication_firewall_policy).", "host": "localhost", "tenant": "production", "runTime": 1453, "declarationId": "1729751105984" } ], "declaration": { "production": { "class": "Tenant", "myapplication": { "class": "Application", "myapplication_vs": { "class": "Service_HTTPS", "virtualAddresses": [ "10.0.0.1" ], "virtualPort": 443, "serverTLS": { "bigip": "/Common/clientssl" } }, "psp_dg": { "keyDataType": "string", "records": [ { "key": "lol", "value": "hi" } ], "class": "Data_Group" }, "rule1_iRule": { "class": "iRule", "iRule": "\nwhen HTTP_REQUEST {\n\nlog local0. \"hi from irule\"\n\n}" }, "rule1_source_address_list": { "class": "Firewall_Address_List", "addresses": [ "127.0.0.1" ] }, "rule2_destination_address_list": { "class": "Firewall_Address_List", "addresses": [ "10.0.0.1" ] }, "rule2_destination_port_list": { "class": "Firewall_Port_List", "ports": [ 443 ] }, "rule3_destination_address_list": { "class": "Firewall_Address_List", "addresses": [ "10.0.0.1" ] }, "rule3_destination_port_list": { "class": "Firewall_Port_List", "ports": [ 443 ] }, "myapplication_firewall_policy": { "class": "Firewall_Policy", "rules": [ { "name": "rule1", "action": "accept", "protocol": "tcp", "iRule": { "use": "rule1_iRule" }, "source": { "addressLists": [ { "use": "rule1_source_address_list" } ] } }, { "name": "rule2", "action": "drop", "protocol": "tcp", "destination": { "addressLists": [ { "use": "rule2_destination_address_list" } ], "portLists": [ { "use": "rule2_destination_port_list" } ] } }, { "name": "rule3", "action": "drop", "protocol": "tcp", "destination": { "addressLists": [ { "use": "rule3_destination_address_list" } ], "portLists": [ { "use": "rule3_destination_port_list" } ] } }, { "name": "default_reject", "action": "drop" } ] } } }, "class": "ADC", "schemaVersion": "3.52.0", "id": "1729751105984", "updateMode": "selective", "controls": { "archiveTimestamp": "2024-10-24T06:25:07.673Z" } }, "code": 422 }