Generated AS3 declaration is invalid when virtualAddress is a reference to serviceAddress

Environment

Application Services Version: 1.12.0
BIG-IP Version: v16

Summary

A clear and concise description of what the bug is. Please also include information about the reproducibility and the severity/impact of the issue.

ACC generated AS3 declaration and attempt to post generated AS3 declaration results with 422 response:

{
    "code": 422,
    "errors": [
        "/waf/http/serviceMain/virtualAddresses/0: should match format \"f5ip\""
    ],
    "declarationFullId": "",
    "message": "declaration is invalid"
}

this validation error is related to the following portion of AS3 config:

    "waf": {
        "class": "Tenant",
        "http": {
            "class": "Application",
            "template": "http",
            "WAF__http": {
                "rules": [
                    {
                        "name": "default",
                        "actions": [
                            {
                                "event": "request",
                                "enabled": true,
                                "type": "http"
                            }
                        ]
                    }
                ],
                "strategy": "first-match",
                "class": "Endpoint_Policy"
            },
            "pool": {
                "members": [
                    {
                        "addressDiscovery": "fqdn",
                        "hostname": "test-hostname.local",
                        "servicePort": 443
                    }
                ],
                "class": "Pool",
                "minimumMonitors": 1,
                "monitors": [
                    {
                        "bigip": "/Common/http"
                    }
                ]
            },
            "serviceMain": {
                "remark": "http",
                "layer4": "tcp",
                "persistenceMethods": [
                    "cookie"
                ],
                "pool": "pool",
                "securityLogProfiles": [
                    {
                        "use": "/Common/Shared/Log_illegal_requests"
                    }
                ],
                "translateServerAddress": true,
                "translateServerPort": true,
                "class": "Service_HTTP",
                "profileTCP": {
                    "bigip": "/Common/f5-tcp-progressive"
                },
                "profileHTTP": {
                    "bigip": "/Common/http"
                },
                "profileBotDefense": {
                    "use": "/waf/Shared/ASM_policyWAF"
                },
                "virtualAddresses": [
                    "serviceAddress/0"
                ],
                "snat": "auto",
                "policyEndpoint": "/waf/http/WAF__http"
            }
        },
        "Shared": {
            "class": "Application",
            "template": "shared",
            "serviceAddress": {
                "virtualAddress": "any/0",
                "icmpEcho": "disable",
                "trafficGroup": "/Common/traffic-group-1",
                "class": "Service_Address"
            }
        }
    }

and after looking at BIGIP configurations, it was discovered that AS3 declaration was generated from the following config:

ltm virtual /waf/http/serviceMain {
    description http
    destination /waf/serviceAddress:80
    ip-protocol tcp
    mask any
    persist {
        /Common/cookie {
            default yes
        }
    }
    policies {
        /waf/http/_WAF__http { }
    }
    pool /waf/http/pool
    profiles {
        /Common/f5-tcp-progressive { }
        /Common/http { }
        /Common/websecurity { }
        /waf/Shared/ASM_policyWAF { }
    }
    security-log-profiles {
        "/Common/Log illegal requests"
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
}
ltm virtual-address /waf/serviceAddress {
    address any
    arp enabled
    icmp-echo disabled
    inherited-traffic-group true
    mask any
    traffic-group /Common/traffic-group-1
}

Steps To Reproduce

Steps to reproduce the behavior:

Convert following config:

ltm virtual /waf/http/serviceMain {
description http
destination /waf/serviceAddress:80
ip-protocol tcp
mask any
persist {
    /Common/cookie {
        default yes
    }
}
policies {
    /waf/http/_WAF__http { }
}
pool /waf/http/pool
profiles {
    /Common/f5-tcp-progressive { }
    /Common/http { }
    /Common/websecurity { }
    /waf/Shared/ASM_policyWAF { }
}
security-log-profiles {
    "/Common/Log illegal requests"
}
source 0.0.0.0/0
source-address-translation {
    type automap
}
translate-address enabled
translate-port enabled
}
ltm virtual-address /waf/serviceAddress {
address any
arp enabled
icmp-echo disabled
inherited-traffic-group true
mask any
traffic-group /Common/traffic-group-1
}

Review generated AS3 declaration:

"waf": {
    "class": "Tenant",
    "http": {
        "class": "Application",
        "template": "http",
        "WAF__http": {
            "rules": [
                {
                    "name": "default",
                    "actions": [
                        {
                            "event": "request",
                            "enabled": true,
                            "type": "http"
                        }
                    ]
                }
            ],
            "strategy": "first-match",
            "class": "Endpoint_Policy"
        },
        "pool": {
            "members": [
                {
                    "addressDiscovery": "fqdn",
                    "hostname": "f5-waf.int.coles-dps-uat.sandbox.rmbspay.net",
                    "servicePort": 443
                }
            ],
            "class": "Pool",
            "minimumMonitors": 1,
            "monitors": [
                {
                    "bigip": "/Common/http"
                }
            ]
        },
        "serviceMain": {
            "remark": "http",
            "layer4": "tcp",
            "persistenceMethods": [
                "cookie"
            ],
            "pool": "pool",
            "securityLogProfiles": [
                {
                    "use": "/Common/Shared/Log_illegal_requests"
                }
            ],
            "translateServerAddress": true,
            "translateServerPort": true,
            "class": "Service_HTTP",
            "profileTCP": {
                "bigip": "/Common/f5-tcp-progressive"
            },
            "profileHTTP": {
                "bigip": "/Common/http"
            },
            "profileBotDefense": {
                "use": "/waf/Shared/ASM_policyWAF"
            },
            "virtualAddresses": [
                "serviceAddress/0"
            ],
            "snat": "auto",
            "policyEndpoint": "/waf/http/WAF__http"
        }
    },
    "Shared": {
        "class": "Application",
        "template": "shared",
        "serviceAddress": {
            "virtualAddress": "any/0",
            "icmpEcho": "disable",
            "trafficGroup": "/Common/traffic-group-1",
            "class": "Service_Address"
        }
    }
}

POST generated AS3 declaration to AS3

Expected Behavior

A clear and concise description of what you expected to happen.

AS3 accepts declaration and creates all needed objects

Actual Behavior

A clear and concise description of what actually happens. Please include any applicable error output.

AS3 throws the following validation exception:

{
    "code": 422,
    "errors": [
        "/waf/http/serviceMain/virtualAddresses/0: should match format \"f5ip\""
    ],
    "declarationFullId": "",
    "message": "declaration is invalid"
}

f5devcentral / f5-automation-config-converter