Deleting application containing Firewall policy with irule issue #886
Comments
JacobAx-OCD
added
bug
|
If i remove a firewall policy rule with irule reference and remove that irule in the same update, this works. and send the update to F5 , this works seems like only deletion of full Firewall_Policy containing irule references is an issue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Environment
Summary
A clear and concise description of what the bug is.
Please also include information about the reproducibility and the severity/impact of the issue.
Steps To Reproduce
Steps to reproduce the behavior:
{ "production": { "class": "Tenant", "myapplication": { "class": "Application", "myapplication_vs": { "class": "Service_HTTPS", "virtualAddresses": [ "10.0.0.1" ], "virtualPort": 443, "serverTLS": { "bigip": "/Common/clientssl" } }, "psp_dg": { "keyDataType": "string", "records": [ { "key": "lol", "value": "hi" } ], "class": "Data_Group" }, "rule1_iRule": { "class": "iRule", "iRule": "\nwhen HTTP_REQUEST {\n\nlog local0. \"hi from irule\"\n\n}" }, "rule1_source_address_list": { "class": "Firewall_Address_List", "addresses": [ "127.0.0.1" ] }, "rule2_destination_address_list": { "class": "Firewall_Address_List", "addresses": [ "10.0.0.1" ] }, "rule2_destination_port_list": { "class": "Firewall_Port_List", "ports": [ 443 ] }, "rule3_destination_address_list": { "class": "Firewall_Address_List", "addresses": [ "10.0.0.1" ] }, "rule3_destination_port_list": { "class": "Firewall_Port_List", "ports": [ 443 ] }, "myapplication_firewall_policy": { "class": "Firewall_Policy", "rules": [ { "name": "rule1", "action": "accept", "protocol": "tcp", "iRule": { "use": "rule1_iRule" }, "source": { "addressLists": [ { "use": "rule1_source_address_list" } ] } }, { "name": "rule2", "action": "drop", "protocol": "tcp", "destination": { "addressLists": [ { "use": "rule2_destination_address_list" } ], "portLists": [ { "use": "rule2_destination_port_list" } ] } }, { "name": "rule3", "action": "drop", "protocol": "tcp", "destination": { "addressLists": [ { "use": "rule3_destination_address_list" } ], "portLists": [ { "use": "rule3_destination_port_list" } ] } }, { "name": "default_reject", "action": "drop" } ] } } }, "class": "ADC", "schemaVersion": "3.52.0", "id": "1729751105984", "updateMode": "selective", "controls": { "archiveTimestamp": "2024-10-24T06:25:07.673Z" } }Observe the following error response:
This is succesfull the declaration is valid
Now i try to delete with sending DELETE /mgmt/shared/appsvcs/declare/production
{
"results": [
{
"code": 422,
"message": "declaration failed",
"response": "01070830:3: The iRule (/production/myapplication/rule1_iRule) cannot be deleted because it is in use by a fw_rule (rule1) in Policy (/production/myapplication/myapplication_firewall_policy).",
"host": "localhost",
"tenant": "production",
"runTime": 1453,
"declarationId": "1729751105984"
}
],
"declaration": {
"production": {
"class": "Tenant",
"myapplication": {
"class": "Application",
"myapplication_vs": {
"class": "Service_HTTPS",
"virtualAddresses": [
"10.0.0.1"
],
"virtualPort": 443,
"serverTLS": {
"bigip": "/Common/clientssl"
}
},
"psp_dg": {
"keyDataType": "string",
"records": [
{
"key": "lol",
"value": "hi"
}
],
"class": "Data_Group"
},
"rule1_iRule": {
"class": "iRule",
"iRule": "\nwhen HTTP_REQUEST {\n\nlog local0. "hi from irule"\n\n}"
},
"rule1_source_address_list": {
"class": "Firewall_Address_List",
"addresses": [
"127.0.0.1"
]
},
"rule2_destination_address_list": {
"class": "Firewall_Address_List",
"addresses": [
"10.0.0.1"
]
},
"rule2_destination_port_list": {
"class": "Firewall_Port_List",
"ports": [
443
]
},
"rule3_destination_address_list": {
"class": "Firewall_Address_List",
"addresses": [
"10.0.0.1"
]
},
"rule3_destination_port_list": {
"class": "Firewall_Port_List",
"ports": [
443
]
},
"myapplication_firewall_policy": {
"class": "Firewall_Policy",
"rules": [
{
"name": "rule1",
"action": "accept",
"protocol": "tcp",
"iRule": {
"use": "rule1_iRule"
},
"source": {
"addressLists": [
{
"use": "rule1_source_address_list"
}
]
}
},
{
"name": "rule2",
"action": "drop",
"protocol": "tcp",
"destination": {
"addressLists": [
{
"use": "rule2_destination_address_list"
}
],
"portLists": [
{
"use": "rule2_destination_port_list"
}
]
}
},
{
"name": "rule3",
"action": "drop",
"protocol": "tcp",
"destination": {
"addressLists": [
{
"use": "rule3_destination_address_list"
}
],
"portLists": [
{
"use": "rule3_destination_port_list"
}
]
}
},
{
"name": "default_reject",
"action": "drop"
}
]
}
}
},
"class": "ADC",
"schemaVersion": "3.52.0",
"id": "1729751105984",
"updateMode": "selective",
"controls": {
"archiveTimestamp": "2024-10-24T06:25:07.673Z"
}
},
"code": 422
}
The text was updated successfully, but these errors were encountered: