Missing allowVlans key

[azahajkiewicz]

Environment

• Application Services Version: f5devcentral/f5-as3-config-converter:1.14.0
• BIG-IP Version: 14.1.3

Summary

If virtual is enabled on a vlan: vlans { /Common/vlan_internal }, Charon does not convert the property allowVlans, instead it uses it's value as a key:

            "vlans": {
                "/Common/vlan_internal": ""
            },

Steps To Reproduce

Steps to reproduce the behavior:

1. Convert following config:

   
   ltm profile server-ssl /tenant_1/application_1/server_ssl_test {
   app-service none
   cert /Common/custom_ssl_cert_key
   defaults-from /Common/serverssl
   key /Common/custom_ssl_cert_key
   options { dont-insert-empty-fragments passive-close no-tlsv1.3 }
   passphrase $M$I4$Ftgl+XHx+VhP9W2VCi/97Q==
   }
   ltm profile client-ssl /tenant_1/application_1/client_ssl_test {
   app-service none
   cert-key-chain {
       custom_ssl_cert_key_0 {
           cert /Common/custom_ssl_cert_key
           key /Common/custom_ssl_cert_key
           passphrase $M$3e$P98aLvQuJRUt116g32xh5Q==
       }
   }
   defaults-from /Common/clientssl
   inherit-ca-certkeychain true
   inherit-certkeychain false
   options { dont-insert-empty-fragments no-tlsv1.3 tls-rollback-bug }
   }
   ltm virtual-address /tenant_1/application_1/10.144.18.33 {
   address 10.144.18.33
   arp enabled
   mask 255.255.255.255
   traffic-group /Common/traffic-group-1
   }
   ltm node /tenant_1/application_1/node_10.10.10.3 {
   address 10.10.10.3
   }
   ltm node /Common/node_10.10.10.5 {
   address 10.10.10.5
   }
   sys file ssl-cert /Common/custom_ssl_cert_key {
   cache-path /config/filestore/files_d/Common_d/certificate_d/:Common:custom_ssl_cert_key_253744_1
   revision 1
   source-path /var/run/key_mgmt/5xTWQ0/ssl.crt/custom_ssl_cert_key
   }
   ltm virtual /tenant_1/application_1/VS_https {
   creation-time 2021-08-12:06:48:20
   description "Standard Virtual enabled on 443 with ssl profiles and custom cert/key"
   destination /tenant_1/application_1/10.144.18.33:443
   ip-protocol tcp
   last-modified-time 2021-08-12:06:48:20
   mask 255.255.255.255
   pool /tenant_1/application_1/https_pool
   profiles {
       /tenant_1/application_1/client_ssl_test {
           context clientside
       }
       /Common/http { }
       /Common/httpcompression { }
       /tenant_1/application_1/server_ssl_test {
           context serverside
       }
       /Common/tcp { }
   }
   source 0.0.0.0/24
   translate-address enabled
   translate-port enabled
   vlans {
       /Common/vlan_internal
   }
   }
   ltm node /tenant_1/application_1/node_10.10.10.2 {
   address 10.10.10.2
   }
   sys file ssl-key /Common/custom_ssl_cert_key {
   cache-path /config/filestore/files_d/Common_d/certificate_key_d/:Common:custom_ssl_cert_key_253741_1
   revision 1
   source-path /var/run/key_mgmt/SvhNPi/ssl.key/custom_ssl_cert_key
   }
   ltm pool /tenant_1/application_1/https_pool {
   members {
       /tenant_1/application_1/node_10.10.10.2:443 {
           address 10.10.10.2
       }
       /tenant_1/application_1/node_10.10.10.3:443 {
           address 10.10.10.3
       }
       /Common/node_10.10.10.4:443 {
           address 10.10.10.4
       }
       /Common/node_10.10.10.5:443 {
           address 10.10.10.5
       }
   }
   monitor /Common/https
   }
   ltm node /Common/node_10.10.10.4 {
   address 10.10.10.4
   }

2. Observe the following error message:
```out
{
    "code": 422,
    "message": "Invalid data property: /Common/vlan_internal"
}

Expected Behavior

Use allowVlans key with vlan name as a value.

[azahajkiewicz]

To clarify: Virtual can be configured in three ways:

1. Enabled on all vlans (no property in VS):

   ltm virtual /Common/vs {
   creation-time 2021-08-20:07:45:22
   destination /Common/10.144.18.33:0
   ip-protocol tcp
   last-modified-time 2021-08-20:07:48:29
   mask 255.255.255.255
   profiles {
       /Common/tcp { }
   }
   source 0.0.0.0/24
   translate-address enabled
   translate-port disabled
   }

   -------> no vlan related property in AS3 declaration

2. Enabled on a vlan(s):

   ltm virtual /Common/vs {
   creation-time 2021-08-20:07:45:22
   destination /Common/10.144.18.33:0
   ip-protocol tcp
   last-modified-time 2021-08-20:07:48:29
   mask 255.255.255.255
   profiles {
       /Common/tcp { }
   }
   source 0.0.0.0/24
   translate-address enabled
   translate-port disabled
   vlans {
       /Common/vlan_internal
   }
   vlans-enabled
   }

or

ltm virtual /Common/vs {
    creation-time 2021-08-20:07:45:22
    destination /Common/10.144.18.33:0
    ip-protocol tcp
    last-modified-time 2021-08-20:07:48:29
    mask 255.255.255.255
    profiles {
        /Common/tcp { }
    }
    source 0.0.0.0/24
    translate-address enabled
    translate-port disabled
    vlans-enabled
}

-------> allowVlans property in AS3 declaration (either list or empty list): See https://github.com/f5devcentral/f5-as3-config-converter/issues/34#issuecomment-857196796 - I am not sure if Charon should not support it, BIG-IP accepts such configuration.

                "allowVlans": [
                    "/Common/vlan_internal"
                ],

or

                "allowVlans": [],

3. Disabled on a vlan(s):

   ltm virtual /Common/VS_http {
   creation-time 2021-08-12:06:09:23
   description "Performance HTTP Virtual"
   destination /Common/10.144.18.33:80
   ip-protocol tcp
   last-modified-time 2021-08-20:11:16:00
   mask 255.255.255.255
   pool /Common/http_pool
   profiles {
       /Common/fasthttp { }
   }
   source 0.0.0.0/24
   translate-address enabled
   translate-port enabled
   vlans {
       /Common/vlan_internal
   }
   }

   (vlans-disabled property is the default one, so not necessary needs to be listed explicitly)

or:

ltm virtual /Common/VS_http {
    creation-time 2021-08-12:06:09:23
    description "Performance HTTP Virtual"
    destination /Common/10.144.18.33:80
    ip-protocol tcp
    last-modified-time 2021-08-20:11:16:00
    mask 255.255.255.255
    pool /Common/http_pool
    profiles {
        /Common/fasthttp { }
    }
    source 0.0.0.0/24
    translate-address enabled
    translate-port enabled
    vlans-disabled
    vlans {
        /Common/vlan_internal
    }
}

-------> rejectVlans property in AS3 declaration (either list or empty list):

                "rejectVlans": [
                    "/Common/vlan_internal"
                ],

or

                "rejectVlans": [ ],

[mdditt2000]

Created Jira CHARON-445 for PM tracking

[mdditt2000]

Merge branch 'CHARON-445-allow-vlans' into 'develop' --- Closing