search

f5devcentral / f5-automation-config-converter

Convert BIG-IP configs to AS3 and DO declarations
https://clouddocs.f5.com/products/extensions/f5-automation-config-converter/latest/
Apache License 2.0
35 stars 14 forks source link

ServerTLS missing from conversion when using RESTAPI vsName filter #86

Closed BarryHaines closed 2 years ago

BarryHaines commented 2 years ago

Environment

Summary

When using the filter --form "vsName=virtualserver" in the curl command on a Virtual server that has a ClientSSL profile the ServiceHTTPS has the serverTLS property missing but the serverTLS profile is included in the AS3 declaration even if it isn't referenced after the conversion. If I don't use the vsName filter and convert all the UCS file the virtual server that are converted to servicehttps have the serverTLS property.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Convert following config: ltm virtual vs_as3mig_443 { creation-time 2022-03-14:09:52:11 destination 10.1.0.50:https ip-protocol tcp last-modified-time 2022-03-14:14:23:16 mask 255.255.255.255 persist { cookie { default yes } } pool pl_as3mig_443 profiles { http { } pr_clissl_test01 { context clientside } serverssl { context serverside } tcp { } } serverssl-use-sni disabled source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vs-index 14 }

Use the command: curl localhost:8080/converter -X POST --form "ucs=@backup_as3_convert.ucs" --form "output=output.json" --form "vsName=/Common/Shared/vs_as3mig_443" --form "verbose=true" |jq >output.json

  1. Observe the following error message: You will see that the Virtual server is missing the serverTLS property and this is mandatory for the class ServiceHTTPS. Please also not that the clientTLS property is include because I assigned a server side SSL profile.

Expected Behavior

If you run the same RESTAPI call without the vsName form you will get the following output for the same virtual server: "vs_as3mig_443": { "layer4": "tcp", "persistenceMethods": [ "cookie" ], "pool": "pl_as3mig_443", "translateServerAddress": true, "translateServerPort": true, "class": "Service_HTTPS", "profileHTTP": { "bigip": "/Common/http" }, "serverTLS": "/Common/Shared/pr_clissl_test01", "clientTLS": { "bigip": "/Common/serverssl" }, "profileTCP": { "bigip": "/Common/tcp" }, "redirect80": false, "virtualAddresses": [ "10.1.0.50" ], "snat": "auto" },

mdditt2000 commented 2 years ago

Jira for PM tracking Charon-623

p-semenov-f5 commented 2 years ago

Could you provide UCS file here for test. Because having only VS is not enough to understand the issue.

And absent of other configs making that vs invalid:

2022-03-21 09:27:30 WARN UNRECOGNIZED LINE: 2022-03-21 09:27:30 WARN Invalid reference dropped: /Common/pr_clissl_test01 2022-03-21 09:27:30 ERROR Error converting: ltm virtual /Common/vs_as3mig_443 2022-03-21 09:27:30 INFO 1 BIG-IP objects detected total 2022-03-21 09:27:30 INFO 1 BIG-IP objects recognized by AS3 2022-03-21 09:27:30 INFO 1 BIG-IP objects supported by ACC 2022-03-21 09:27:30 INFO 0 AS3 stanzas generated

mdditt2000 commented 2 years ago

@BarryHaines please could you provide UCS file here for test. My contact email is m.dittmer@f5.com

p-semenov-f5 commented 2 years ago

I got ucs file. Working with it

p-semenov-f5 commented 2 years ago

Fixed in 1.20