search

f5devcentral / f5-automation-config-converter

Convert BIG-IP configs to AS3 and DO declarations
https://clouddocs.f5.com/products/extensions/f5-automation-config-converter/latest/
Apache License 2.0
35 stars 13 forks source link

Do not add reference path to the objects residing in the same tenant #33

Closed azahajkiewicz closed 3 years ago

azahajkiewicz commented 3 years ago

Environment

Summary

When Charon creates tenant/application, certs and iRules have full path references inside the same tenant ("certificate": "tenant_2/application_2/certificate_default"), which causes deployment error.

    "tenant_2": {
        "class": "Tenant",
        "application_2": {
            "class": "Application",
            "template": "generic",
            "certificate_default": {
                "class": "Certificate",
                "certificate": {
                    "bigip": "/Common/default.crt"
                },
                "privateKey": {
                    "bigip": "/Common/default.key"
                }
            },
            "prof-clientssl": {
                "certificates": [
                    {
                        "certificate": "tenant_2/application_2/certificate_default"
                    }
                ],
                "class": "TLS_Server",
                "insertEmptyFragmentsEnabled": true
            },
            "VS-test": {
                "layer4": "tcp",
                "iRules": [
                    {
                        "use": "/tenant_2/application_2/failover-irule"
                    }
                ],
                "translateServerAddress": true,
                "translateServerPort": true,
                "class": "Service_HTTPS",
                "serverTLS": "prof-clientssl",
                "profileHTTP": {
                    "bigip": "/Common/http"
                },
                "profileTCP": {
                    "bigip": "/Common/tcp"
                },
                "redirect80": false,
                "virtualAddresses": [
                    "10.146.146.146"
                ],
                "persistenceMethods": [],
                "snat": "none",
                "allowVlans": [
                    {
                        "bigip": "/Common/vlan-test"
                    }
                ]
            },
            "failover-irule": {
                "class": "iRule",
                "iRule": {
                    "base64": "NotAllowedToBeDisclosed"
                }
            }
        }
    },

(icr_output)\njourneys.errors.AS3DeclarationDeploymentError: iControl REST error: code: 422, message: declaration is invalid, errors: ['/tenant_2/application_2/prof-clientssl/certificates/0/certificate: contains path to non-existent object tenant_2']",

Steps To Reproduce

Steps to reproduce the behavior:

  1. Convert following config:

    ltm virtual /tenant_2/application_2/VS-test {
destination /tenant_2/application_2/10.146.146.146:443
ip-protocol tcp
mask 255.255.255.255
profiles {
    /tenant_2/application_2/prof-clientssl {
        context clientside
    }
    /Common/http { }
    /Common/tcp { }
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
vlans {
    /Common/vlan-test
}
vlans-enabled
}
ltm virtual-address /tenant_2/application_2/10.146.146.146 {
address 10.146.146.146
arp enabled
icmp-echo enabled
mask 255.255.255.255
traffic-group /Common/traffic-group-1
ltm profile client-ssl /tenant_2/application_2/prof-clientssl {
app-service none
cert /Common/default.crt
cert-key-chain {
    default {
        cert /Common/default.crt
        key /Common/default.key
    }
}
chain none
defaults-from /Common/clientssl
inherit-certkeychain true
key /Common/default.key
sni-default true
}

  2. Observe the following error message:

    (icr_output)\njourneys.errors.AS3DeclarationDeploymentError: iControl REST error: code: 422, message: declaration is invalid, errors: ['/tenant_2/application_2/prof-clientssl/certificates/0/certificate: contains path to non-existent object tenant_2']",

Expected Behavior

Declaration should look like this:


    "tenant_2": {
        "class": "Tenant",
        "application_2": {
            "class": "Application",
            "template": "generic",
            "certificate_default": {
                "class": "Certificate",
                "certificate": {
                    "bigip": "/Common/default.crt"
                },
                "privateKey": {
                    "bigip": "/Common/default.key"
                }
            },
            "prof-clientssl": {
                "certificates": [
                    {
                        "certificate": "certificate_default"   # instead of: "certificate": "tenant_2/application_2/certificate_default"
                    }
                ],
                "class": "TLS_Server",
                "insertEmptyFragmentsEnabled": true
            },
            "VS-test": {
                "layer4": "tcp",
                "iRules": [
                    {
                        "use": "failover-irule"    # instead of:  "use": "/tenant_2/application_2/failover-irule"
                    }
                ],
                "translateServerAddress": true,
                "translateServerPort": true,
                "class": "Service_HTTPS",
                "serverTLS": "prof-clientssl",
                "profileHTTP": {
                    "bigip": "/Common/http"
                },
                "profileTCP": {
                    "bigip": "/Common/tcp"
                },
                "redirect80": false,
                "virtualAddresses": [
                    "10.146.146.146"
                ],
                "persistenceMethods": [],
                "snat": "none",
                "allowVlans": [
                    {
                        "bigip": "/Common/vlan-test"
                    }
                ]
            },
            "failover-irule": {
                "class": "iRule",
                "iRule": {
                    "base64": "NotAllowedToBeDisclosed"
                }
            }
        }
    },
mdditt2000 commented 3 years ago

@azahajkiewicz thanks for submitting this issue. Completely agree with the referencing! Creating a PD BUG in Jira.

mdditt2000 commented 3 years ago

Created Jira CHARON-317 for PM tracking

p-semenov-f5 commented 3 years ago

I couldn't reproduce the problem. All that is working with ACC 1.13 and AS3 3.28. You should try update your environment. Such long references in irules are working.

Please confirm. Full configs are in jira task.

mdditt2000 commented 3 years ago

thanks @p-semenov-f5 @azahajkiewicz please validate with ACC 1.13 and AS3 3.28

mdditt2000 commented 3 years ago

Resolved in ACC 1.13. Cannot reproduce this issue. Closing