Open F5Rob opened 2 weeks ago
When using the vscode ACC plugin to convert BIG-IP Firewall configuration to AS3, address and ports are converted to lists instead of inline values.
Steps to reproduce the behavior:
Convert following config:
security firewall rule-list /Common/Blacklist { description "Rules that limit traffic into the RCS" rules { Country_Blacklist { action drop ip-protocol any log yes source { address-lists { /Common/shared/Country_Blacklist } geo { AP { } } } } SOC_IP_Blacklist { action drop ip-protocol any log yes source { address-lists { /Common/shared/SOC_Blacklist } addresses { 79.110.62.8 { } 80.94.95.115 { } 83.222.190.218 { } 146.19.125.11 { } 179.43.168.146 { } } } } } }
Observe the following error message:
{ "class": "ADC", "schemaVersion": "3.37.0", "id": "urn:uuid:58b9915d-4bf9-4719-9b63-7bfb138facc4", "label": "Converted Declaration", "remark": "Generated by Automation Config Converter", "Common": { "class": "Tenant", "Shared": { "class": "Application", "template": "shared", "autogen_4f121279_72a2_4b9f_a137_2531e3dbda5f": { "class": "Firewall_Address_List", "addresses": [ "79.110.62.8", "80.94.95.115", "83.222.190.218", "146.19.125.11", "179.43.168.146" ] }, "Blacklist": { "remark": "Rules that limit traffic into the RCS", "rules": [ { "action": "drop", "source": { "geo": { "AP": {} }, "addressLists": [ { "use": "/Common/shared/Country_Blacklist" } ] }, "protocol": "any", "name": "Country_Blacklist" }, { "action": "drop", "source": { "addressLists": [ { "use": "/Common/shared/SOC_Blacklist" }, { "use": "autogen_4f121279_72a2_4b9f_a137_2531e3dbda5f" } ] }, "protocol": "any", "name": "SOC_IP_Blacklist" } ], "class": "Firewall_Rule_List" } } } }
{ "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/refs/heads/main/schema/latest/as3-schema-3.53.0-7.json", "class": "ADC", "schemaVersion": "3.53.0", "id": "Firewall_Rule_List", "Common": { "class": "Tenant", "Shared": { "class": "Application", "template": "shared", "SOC_Blacklist": { "class": "Firewall_Address_List", "addresses": [ "172.30.2.0/24" ] }, "Country_Blacklist": { "class": "Firewall_Address_List", "geo": [ "AU", "CA", "GB", "NZ", "US" ] }, "Blacklist": { "class": "Firewall_Rule_List", "remark": "Rules that limit traffic into the RCS", "rules": [ { "action": "drop", "protocol": "any", "source": { "addressLists": [ { "use": "Country_Blacklist" } ] }, "name": "Country_Blacklist_rule" }, { "action": "drop", "protocol": "any", "source": { "addressLists": [ { "use": "SOC_Blacklist" } ], "addresses": [ "79.110.62.8", "80.94.95.115", "83.222.190.218", "146.19.125.11", "179.43.168.146" ] }, "name": "SOC_IP_Blacklist_rule" } ] } } } }
This: SOC_IP_Blacklist { action drop ip-protocol any log yes source { address-lists { /Common/shared/SOC_Blacklist } addresses { 79.110.62.8 { } 80.94.95.115 { } 83.222.190.218 { } 146.19.125.11 { } 179.43.168.146 { } } } } should not be converted to this: "autogen_4f121279_72a2_4b9f_a137_2531e3dbda5f": { "class": "Firewall_Address_List", "addresses": [ "79.110.62.8", "80.94.95.115", "83.222.190.218", "146.19.125.11", "179.43.168.146" ] }, { "action": "drop", "source": { "addressLists": [ { "use": "/Common/shared/SOC_Blacklist" }, { "use": "autogen_4f121279_72a2_4b9f_a137_2531e3dbda5f" } ] }, "protocol": "any", "name": "SOC_IP_Blacklist" }
Environment
Summary
When using the vscode ACC plugin to convert BIG-IP Firewall configuration to AS3, address and ports are converted to lists instead of inline values.
Steps To Reproduce
Steps to reproduce the behavior:
Convert following config:
Observe the following error message:
Expected Behavior
{ "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/refs/heads/main/schema/latest/as3-schema-3.53.0-7.json", "class": "ADC", "schemaVersion": "3.53.0", "id": "Firewall_Rule_List", "Common": { "class": "Tenant", "Shared": { "class": "Application", "template": "shared", "SOC_Blacklist": { "class": "Firewall_Address_List", "addresses": [ "172.30.2.0/24" ] }, "Country_Blacklist": {
"class": "Firewall_Address_List", "geo": [ "AU", "CA", "GB", "NZ", "US" ] }, "Blacklist": { "class": "Firewall_Rule_List", "remark": "Rules that limit traffic into the RCS", "rules": [ { "action": "drop", "protocol": "any", "source": { "addressLists": [ { "use": "Country_Blacklist" } ] }, "name": "Country_Blacklist_rule"
}, { "action": "drop", "protocol": "any", "source": { "addressLists": [ { "use": "SOC_Blacklist" } ], "addresses": [ "79.110.62.8", "80.94.95.115", "83.222.190.218", "146.19.125.11", "179.43.168.146" ] }, "name": "SOC_IP_Blacklist_rule" } ]
} } } }
Actual Behavior
This: SOC_IP_Blacklist { action drop ip-protocol any log yes source { address-lists { /Common/shared/SOC_Blacklist } addresses { 79.110.62.8 { } 80.94.95.115 { } 83.222.190.218 { } 146.19.125.11 { } 179.43.168.146 { } } } } should not be converted to this: "autogen_4f121279_72a2_4b9f_a137_2531e3dbda5f": { "class": "Firewall_Address_List", "addresses": [ "79.110.62.8", "80.94.95.115", "83.222.190.218", "146.19.125.11", "179.43.168.146" ] }, { "action": "drop", "source": { "addressLists": [ { "use": "/Common/shared/SOC_Blacklist" }, { "use": "autogen_4f121279_72a2_4b9f_a137_2531e3dbda5f" } ] }, "protocol": "any", "name": "SOC_IP_Blacklist" }