Forum Discussion

g0a_359464's avatar
g0a_359464
Icon for Nimbostratus rankNimbostratus
May 01, 2018

Getting the security policy associated with a VIP.

I am new to the F5 python SDK and I am trying to pull the security policy associated with a VIP. I am unable to find the security policies tied to a specific VIP through the LTM sub package and I cannot see the ASM attribute in the BigIP object.

 

from import BigIP

 

Connect to the BigIP

bigip = BigIP("hostname", "username", "password", token = True)

 

I have seen a lot of examples using the ManagementRoot class. What is the difference between the BigIP and the ManagementRoot classes ?

 

1 Reply

  • Tikka_Nagi_1315's avatar
    Tikka_Nagi_1315
    Historic F5 Account

    Please go through the following links to get a better understanding of the REST API.

     

    https://f5-sdk.readthedocs.io/en/latest/index.html

     

    https://f5-sdk.readthedocs.io/en/latest/userguide/basics.html

     

    As to your question regarding security policy associated with a VIP, there is currently no endpoint for this. However, you could parse policy url from the JSON returned by mgmt.tm.asm.get_collection() and then make a Request to that URL. It should return all policies which you can filter based on VIP. Here is some sample code related to a few ASM objects:

     

    import urllib3
    from f5.bigip import ManagementRoot
    from uuid import uuid4
    import random
    import socket
    import struct
    import requests
    import logging
    from logging.handlers import RotatingFileHandler
    import json
    
    urllib3.disable_warnings()
    _auth = {"_url": "https://admin:admin4@", "_host": "1.1.1.1", "_user": "admin", 
    "_pswd": "admin4"}
    _headers = {'accept': 'application/json', 'content-type': 'application/json'}
    _config = {
                "_partition": "Common",
                "_vs_name": "test_vs_",
                "_vs_desc": "Test Virtual Server",
                "_vs_source": "0.0.0.0/0",
                "_vs_list": ["10.154.148.103:80", "10.154.148.104:8081"],
                "_vs_mask": "255.255.255.255",
                "_vs_st": {'type': 'automap'},
                "_pool_name": "test_pool",
                "_pool_desc": "This is a test pool",
                "_node_name": "Test Node",
                "_node_list": ["10.154.148.101:80", "10.154.148.101:8081"],
              }
    
    def _bigip():
        return ManagementRoot(_auth["_host"], _auth["_user"], _auth["_pswd"])
    
    def _configure():
        _mgmt = _bigip()
        _pool = _mgmt.tm.ltm.pools.pool.create(name=_config['_pool_name'], 
                 partition=_config['_partition'])
        _pool.description = _config['_pool_desc']
        _pool.update()
        for _node in _config['_node_list']:
            _pool.members_s.members.create(partition=_config['_partition'], name=_node)
        _vs_obj = _mgmt.tm.ltm.virtuals.virtual
        for _dest in _config['_vs_list']:
            _vs = _vs_obj.create(name=_config['_vs_name']+str(uuid4()), destination=_dest, 
                  source=_config['_vs_source'], mask=_config["_vs_mask"], 
                  sourceAddressTranslation=_config["_vs_st"], pool=_config["_pool_name"])
            _vspr_obj = _vs.profiles_s.profiles
            _pr1 = _vspr_obj.create(partition=_config['_partition'], name='http')
    
    def _get_virtuals():
        _mgmt = _bigip()
        _vs_collection = _mgmt.tm.ltm.virtuals.get_collection()
        for _vs in _vs_collection:
            _logger.info(_vs.name)
            _logger.info(_vs.destination)
        return _vs_collection
    
    def _get_pools():
        _mgmt = _bigip()
        _pool_collection = _mgmt.tm.ltm.pools.get_collection()
        for _pc in _pool_collection:
            _logger.info(_pc.name)
        return _pool_collection
    
    def _get_url(_url):
        _logger.info("in _get_url")
        return requests.get(_url, headers=_headers, auth=(_auth["_user"], 
                            _auth["_pswd"]),verify=False)
    
    def _get_asm_policies():
        _mgmt = _bigip()
        _asm_collection = _mgmt.tm.asm.get_collection()
        _policy_url = _auth['_url']+_auth['_host']+_asm_collection[0]['reference']['link'][17:]
        _r = _get_url(_policy_url)
        _policies = json.loads(_r.text)
        _logger.info("--- Total available policies: "+str(_policies['totalItems']))
        for _item in _policies['items']:
            _logger.info("--- Policy Name: "+_item['name'])
            _logger.info("--- Policy Description: "+_item['description'])
            _logger.info("--- Policy Active?: "+str(_item['active']))
            _logger.info("--- Created by User: "+str(_item['creatorName']))
            _logger.info("--- Last Policy Change: "+str(_item['creatorName']))
            _logger.info("--- Device Host Name: "+_item['versionDeviceName'])
        return _policies
    
    def _get_whitelisted_ips():
        _policies = _get_asm_policies()
        for _item in _policies['items']:
            _whitelistip_url = _auth['_url']+_auth['_host']+_item['whitelistIpReference']['link'][17:]
            _r = _get_url(_whitelistip_url)
            _whitelisted_ips = json.loads(_r.text)
            _logger.info("Total Whitelisted IP adresses: 
                         "+str(_whitelisted_ips['totalItems']))
            for _item in _whitelisted_ips['items']:
                _logger.info(_item['ipAddress'])
    
    def _get_session_awareness_settings():
        _policies = _get_asm_policies()
        for _item in _policies['items']:
            _sa_url = _auth['_url'] + _auth['_host'] + \
                _item['sessionAwarenessSettingsReference']['link'][17:]
            _r = _get_url(_sa_url)
            _sa_settings = json.loads(_r.text)
            _logger.info(_sa_settings)
            _logger.info(_sa_url)
    
    def _get_signatures():
        _policies = _get_asm_policies()
        for _item in _policies['items']:
            _signatureset_url = _auth['_url']+_auth['_host']+_item['signatureReference'] 
                                ['link'][17:]
            _r = _get_url(_signatureset_url)
            _signatures = json.loads(_r.text)
            _logger.info("Total Signatures: "+str(_signatures['totalItems'])+ " going to 
                         print first 10")
            for _item in _signatures['items'][:10]:
                _signature_url = _auth['_url']+_auth['_host']+_item['signatureReference'] 
                                 ['link'][17:]
                _signature = _get_url(_signature_url)
                _logger.info("Signature Name: "+json.loads(_signature.text)['name'])
    
    if __name__ == "__main__":
        _logger = logging.getLogger("SDK Log")
        _logger.setLevel(logging.INFO)
        _formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s")
        _handler = RotatingFileHandler('sdk.log', maxBytes=100000, backupCount=0)
        _handler.setFormatter(_formatter)
        _logger.addHandler(_handler)
    
         _configure()
         _get_pools()
         _get_virtuals()
        _get_asm_policies()
         _get_whitelisted_ips()
         _get_signatures()
         _get_session_awareness_settings()