DELETE method with AS3 is too powerful !

Question

Am I the only one totally freaking out about the fact that with AS3, you just have to send a DELETE method to mgmt/shared/appsvcs/declare and everything is gone ?? All your production system could be wiped off that easily ...From my understanding it's mandatory to have the administrator privilege to use AS3, and administrators can access all the partitions ; so you cannot even create users that would be allowed to manage only specific partitions ... It's all or nothing.In my opinion the least you should do is to get rid of this dangerous default behavior, and instead use the keyword "ALL" to remove all tenants ...==========================Extract from the doc : Use DELETE to remove configurations for one or more declared Tenants from the target ADC. If you do not specify any Tenants, DELETE removes all of them, which is to say, it removes the entire declared configuration. Indicate the target device and Tenants to remove by appending elements to the main AS3 URL path (/mgmt/shared/appsvcs/declare). By default (just main URL) DELETE removes all Tenants from target localhost.DELETE examples:DELETE&nbsp;https://192.0.2.10/mgmt/shared/appsvcs/declare
removes all tenants
DELETE&nbsp;https://192.0.2.10/mgmt/shared/appsvcs/declare/T1,T2,T5
removes Tenants T1, T2, and T5 leaving the rest of the most recent declared configuration for localhost in place
==========================Does anyone agree, or have a suggestion to add some security ?

chase_abbott · Answer

Using AS3 in conjunction with BIG-IQ does allow RBAC control over REST cmds. You can use prebuilt roles or create granular custom sets and select individual commands or command sets.

But yea, since AS3 is declarative and not iterative, it doesn't have the same order of operation that regular DELETE commands would limit damage with. It's up there with sending backups to /dev/null. You CAN do it, but should you? 😃

More here: https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/userguide/big-iq.html

Right Jason?

jrahm · Answer

Chase is correct. This is the expected behavior for a declarative interface. With great power comes great responsibility, right? :)

If that's too much power given the access controls that make sense in your environment, the imperative interfaces are still available.

cyril_m · Answer

Well first of all I'm not using BigIQ :) But I get the point

Don't get me wrong I'm not saying that it is too much power to be allowed to delete everything ; I'm saying that it's too easy to make a mistake, and it could totally happen by accident ... If you just miss the argument, because you used a variable that has not been populated for instance ... I totally see that coming from miles away :)

tenant=$1

DELETE https://192.0.2.10/mgmt/shared/appsvcs/declare/$tenant

How are you sure that it will not delete everything while you just wanted to delete the TEST tenant ? :)

I'm really afraid of a collateral damage, due to a totally honest mistake in code management or postman misuse ...

And that's why I'm saying that I would feel a little bit more confident if a parameter was mandatory associated with the DELETE command

You could argue that it like the "rm /." when you wanted to "rm ./" but at least there is the -f to save your sorry ass :)

chase_abbott · Answer

Really the better answer would be RBAC within BIG-IP native to allow a basic subset of roles that BIG-IQ uses. But that's my opinion only. 😐

Update: I think we'll follow up internally on this to see if there's an interesting discussion around your question and idea.

Forum Discussion

DELETE method with AS3 is too powerful !

4 Replies

Recent Discussions

MAC address not showing up in LLDP packet

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Related Content

The Power of IP Intelligence (IPI)

Power of tmsh commands using Ansible

Deleting an AS3 Tenant

AI Safety: Navigating Deception, Emergent Goals, and Power-seeking Behaviors

Delete VS