Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

AFM - How to add an element to an addresslist with iControlREST

Hi,

I do not find any way to add an element to an existing addresslist with iControlREST.

POST = CREATE

PATCH = MODIFY

Is there a method to ADD an element?

What I have tried is to POST the new element in the existing addresslist with these commands, but both fail:

https://viprion-bell-afm.antwerpen.be/mgmt/tm/security/firewall/address-list/~Common~testadresslist

https://viprion-bell-afm.antwerpen.be/mgmt/tm/security/firewall/address-list/~Common~testadresslist/addressList

with JSON: { "name":"hst_m_test", "partition":"Common" }

Any help is welcome.

Regards,

Ruud.

0
Rate this Question
Comments on this Question
Comment made 02-Feb-2017 by Eric Flores

Ruud, what version of TMOS are you using?

0
Comment made 06-Feb-2017 by rvdvelpe 11

Hi Eric,

Sorry for the late respond. We are running on version 12.1.1.

The question is still actual. I know how to do it with tmsh command, but I do not find any way to do it with iControlREST.

Regards,

Ruud.

0
Comment made 16-Mar-2017 by David Homoney

Ruud,

I don't believe there is a way to add an element, you have to reload the whole thing. I am digging into this though and will let you know for sure very soon.

0
Comment made 21-Mar-2017 by David Homoney

Ruud,

I have confirmed that you can't add something to the list, you have to do a full replace, much like a datagroup. So, you would have to read the address list elements in and append what you want and do a HTTP PATCH to the address list using iControlREST and that should do what you want.

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

As David confirmed above in the comments, this isn't possible without a full replace. There is an enhancement request (ID587457) with product development to make firewall address lists to be subcollections like firewall policies so that full replace is not required. Until then, using a high level language you can accomplish this by:

  1. GET the object (maybe use $select to fetch only the addresses array).
  2. Using the JSON representation- it is a simple array- add, subtract, etc. entries as required.
  3. PATCH the object with the changed payload.
0
Comments on this Answer
Comment made 15-Aug-2017 by JWhitesPro 430

I've ran into a strange issue where if I do a GET request as described above first it fails....if I do the POST first and the exact same get request after it works. Is there something with rest and having to do a post first? When i do the get statement first I just get

Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.

The GET request works when it comes after the POST in the script but the moment I comment out the post request I start getting this error...Obviously none of this helps me because I need to do the get request first to get the list before I post a new list to it.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

@F5 - Are there any plans to implement the "add"-functionality?

For the benefit of others searching for this, the only options that are currently supported are:

  1. Read the current value and use the results to construct the string to replace all values in a subsequent request.
  2. POST a TMSH-command to the API, since TMSH does support "add".

Syntax:

URL:  https://<<hostname>>/mgmt/tm/util/bash

JSON:
{"command":"run","utilCmdArgs":"tmsh <<command string>>"}
0