Merge remote-tracking branch 'origin/3.49.0' into main

CHANGELOG.md

@@ -1,6 +1,32 @@
 # Changelog
 Changes to this project are documented in this file. More detail (including information on releases before 3.4) and links can be found in the AS3 [Document Revision History](https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/revision-history.html).
 
+## 3.49.0
+
+### Added
+- AUTOTOOL-4031: GSLB_Pool with resource record type NAPTR. Only supports flags value of 'a' for members.
+- AUTOTOOL-4059: ([GitHub Issue 756](https://github.com/F5Networks/f5-appsvcs-extension/issues/756)): Add handshakeTimeout to TLS_Server and TLS_Client.
+- AUTOTOOL-4056: GSLB_Domain with resource record type NAPTR.
+- AUTOTOOL-4078: ([GitHub Issue 772](https://github.com/F5Networks/f5-appsvcs-extension/issues/772)): GSLB_Domain load-balancing decision log property
+- AUTOTOOL-4050: ([GitHub Issue 512](https://github.com/F5Networks/f5-appsvcs-extension/issues/512)): Invalid default setting for request/response chunking (sustain) in HTTP_Profile on TMOS v15.0+
+- AUTOTOOL-4087: ([GitHub Issue 778](https://github.com/F5Networks/f5-appsvcs-extension/issues/778)): Expose SNI for GSLB HTTPS monitor
+- AUTOTOOL-4094: Add the declaration id to the restnoded log output upon success and include it in the rest response
+- AUTOTOOL-4092: Expose failureRcode properties for GSLB WideIP
+- AUTOTOOL-4117: ([GitHub Issue 779](https://github.com/F5Networks/f5-appsvcs-extension/issues/779)): GSLB_Monitor HTTP/HTTPS receiveStatusCodes property
+- AUTOTOOL-4111: ([GitHub Issue 321](https://github.com/F5Networks/f5-declarative-onboarding/issues/321)): Add routeDomainEnforcement to Firewall_Policy to allow enforcing the Firewall_Policy on the specified Route Domain's
+
+### Fixed
+- AUTOTOOL-4017: All pool member statuses reset to unknown when new member is added to the pool
+- AUTOTOOL-4060: Certain AS3 declarations result in "declaration has duplicate values" errors
+- AUTOTOOL-4088: Schema validation failure when declaring ICMP Monitor with targetPort or any Monitor with additional properties
+
+### Changed
+- Updated to Service Discovery 1.17.0-2
+  - Package updates
+- AUTOTOOL-3645: ([GitHub 677](https://github.com/F5Networks/f5-appsvcs-extension/issues/677)): Can't use x.x.1 schemaVersion accepted by schema that is x.x.1 codified
+
+### Removed
+
 ## 3.48.0
 
 ### Added
@@ -329,7 +355,7 @@ Changes to this project are documented in this file. More detail (including info
 - AUTOTOOL-2725: ([GitHub Issue 506](https://github.com/F5Networks/f5-appsvcs-extension/issues/506)): URL fetch of certificates results in corrupted files
 - AUTOTOOL-2878: ([GitHub Issue 530](https://github.com/F5Networks/f5-appsvcs-extension/issues/530)): AS3 Schema issue where it applies incorrect restriction if serverType is undefined
 - AUTOTOOL-3036: Service Discovery secrets are not encrypted on BIG-IQ
-- AUTOTOOL-2980: ([GitHub Issue](https://github.com/F5Networks/f5-appsvcs-extension/issues/553)): AS3 fails with unspecific error when an external data group externalFilePath has an invalid HTTP response code
+- AUTOTOOL-2980: ([GitHub Issue 553](https://github.com/F5Networks/f5-appsvcs-extension/issues/553)): AS3 fails with unspecific error when an external data group externalFilePath has an invalid HTTP response code
 
 ### Changed
 - Updated to Service Discovery 1.10.8-1

README.md

@@ -27,7 +27,7 @@ Be sure to see the [Support page](SUPPORT.md) in this repo for more details and
 
 ## Copyright
 
-Copyright 2014-2023 F5, Inc.
+Copyright 2014-2024 F5, Inc.
 
 
 ### F5 Networks Contributor License Agreement

contributing/process_release.md

@@ -44,7 +44,7 @@
   * Create a new branch off of `develop` like any other development task
   * Update version changes to `package.json` and `package-lock.json`.  The release number of the new version should start at 0 (e.g. 3.10.0-4 would become 3.11.0-0).
   * Update the `info.version` property in `docs/openapi.yaml` to the new AS3 version (e.g. 3.27.0).
-  * Add a new version to the beginning of the schemaVersion enum in `src/schema/latest/core-schema.js` using the preexisting format.
+  * Update the `schemaVersion.anyOf[1].const` property in `src/schema/latest/core-schema.js` using the preexisting format. The `pattern` property should also be updated to allow the new version (e.g. if going from 3.49.0 to 3.50.0, we'll add `|5[0]`).
   * Add a new block to `CHANGELOG.md` with the following content
     ```
     ## <new_version>
@@ -84,7 +84,7 @@ Merge the release branch into `develop` and `main` following the steps below for
 * Update f5-appsvcs-schema with the new AS3 version.
   * Navigate to the f5-appsvcs-schema repository.
   * Create a new branch off of `main`.
-  * Add the current release version to the beginning of the schemaVersion enum in `schemas/core-schema.json` using the preexisting format.
+  * Update the `schemaVersion.anyOf[1].const` property in `schemas/core-schema.json` using the preexisting format. The `pattern` property should also be updated to allow the new version (e.g. if going from 3.49.0 to 3.50.0, we'll add `|5[0]`).
   * Run `npm ci`.
   * Run `npm run compile-schema`. If you don't have the typescript compiler (tsc) installed, you will need to run `npm install -g typescript`.
   * Add and commit your changes, then push your branch.

docs/conf.py

@@ -73,7 +73,7 @@
 
 # General information about the project.
 project = u'F5 BIG-IP AS3'
-copyright = u'2023, F5 Networks'
+copyright = u'2024, F5 Networks'
 author = u'F5 Networks'
 
 # The version info for the project you're documenting, acts as replacement for
@@ -83,7 +83,7 @@
 # The short X.Y version.
 version = u''
 # The full version, including alpha/beta/rc tags.
-release = u'3.47.0'
+release = u'3.48.0'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

docs/declarations/application-security.rst

@@ -910,7 +910,7 @@ This declaration creates the following objects on the BIG-IP:
 - Partition (tenant) named **AS3_Tenant**.
 - An Application named **AS3_Application**.
 - A virtual server named **service** that references an endpoint policy
-- Three Data Groupa named **allDataGroup**, **textDataGroup**, and **codeDataGroup**
+- Three Data Groups named **allDataGroup**, **textDataGroup**, and **codeDataGroup**
 - An Endpoint policy named **test_EP** that contains a rule that includes a number of  **httpStatus** condition examples.
 
 .. literalinclude:: ../../examples/declarations/example-endpoint-policy-http-status-code-condition.json

docs/openapi.yaml

@@ -1,6 +1,6 @@
 openapi: '3.0.0'
 info:
-  version: 3.48.0
+  version: 3.49.0
   title: F5 BIG-IP AS3
   description: This reference describes the BIG-IP AS3 API and available endpoints.
 externalDocs:
@@ -316,54 +316,6 @@ paths:
         503:
           $ref: '#/components/responses/503'
   /declare/{tenant}/applications/{application}:
-    put:
-      summary: UNDER DEVELOPMENT - Apply BIG-IP AS3 configuration on a per-application basis
-      tags:
-        - Configuration
-      description: |
-        Use POST to deploy a configuration to a target ADC, or for certain other actions, including *retrieve*.
-        You must supply a request document with each POST.
-        The request document may be a proper request or a ADC-only declaration
-      parameters:
-        - $ref: '#/components/parameters/async'
-        - $ref: '#/components/parameters/controlsDryRun'
-        - $ref: '#/components/parameters/controlsLogLevel'
-        - $ref: '#/components/parameters/controlsTrace'
-        - $ref: '#/components/parameters/controlsTraceResponse'
-        - $ref: '#/components/parameters/controlsUserAgent'
-        - $ref: '#/components/parameters/show'
-        - $ref: '#/components/parameters/showHash'
-        - $ref: '#/components/parameters/tenantForApplication'
-        - $ref: '#/components/parameters/application'
-      requestBody:
-          content:
-            application/json:
-              schema:
-                type: object
-                properties:
-                  body:
-                    $ref: '#/components/schemas/declaration'
-              examples:
-                singleApplication:
-                  $ref: '#/components/examples/declarationApplicationPayloadSingle'
-      responses:
-        200:
-          description: Successful response
-          content:
-            application/json:
-              schema:
-                type: object
-                properties:
-                  results:
-                    type: array
-                    description: The results of the task
-                    items:
-                      $ref: '#/components/schemas/result'
-                  declaration:
-                    $ref: '#/components/schemas/declaration'
-              examples:
-                successResponse:
-                  $ref: '#/components/examples/declarationApplicationResponse'
     get:
       summary: UNDER DEVELOPMENT - Read current BIG-IP AS3 application configuration
       tags:

docs/refguide/revision-history.rst

@@ -12,7 +12,7 @@ Document Revision History
         - Date
 
       * - 3.48
-        - Updated the documentation for AS3 v3.48.0. This release contains the following changes: |br| * |br| |br| Issues Resolved: |br| * Existing SNAT pools and SNAT translations in /Common cause error *SNAT translation address /Common/\<address\> is still referenced by a SNAT pool.* |br| * Deleting a Service with a virtual address containing a reference to a name containing the string '0.0.0.0' fails to delete on the first attempt |br| * Escaping for data-group records |br| * OCSP validator doesn't work with chainCA, `GitHub Issue 749 <https://github.com/F5Networks/f5-appsvcs-extension/issues/749>`_ |br| * The destination property of a service in a tenant with a name containing the string **0.0.0.0** is incorrectly set |br| * Ephemeral node not deleted when using batched transaction to delete FQDN template node and LTM pool |br| * Allow spaces in Security Log Profile network storageFormat, `GitHub Issue 747 <https://github.com/F5Networks/f5-appsvcs-extension/issues/747>`_
+        - Updated the documentation for AS3 v3.48.0. This release contains the following changes: |br| * Added support for using HTTP Status condition in an Endpoint policy rule (see :ref:`HTTP Status Condition<httpstatus>`) |br| |br| Issues Resolved: |br| * Existing SNAT pools and SNAT translations in /Common cause error *SNAT translation address /Common/\<address\> is still referenced by a SNAT pool.* |br| * Deleting a Service with a virtual address containing a reference to a name containing the string '0.0.0.0' fails to delete on the first attempt |br| * Escaping for data-group records |br| * OCSP validator doesn't work with chainCA, `GitHub Issue 749 <https://github.com/F5Networks/f5-appsvcs-extension/issues/749>`_ |br| * The destination property of a service in a tenant with a name containing the string **0.0.0.0** is incorrectly set |br| * Ephemeral node not deleted when using batched transaction to delete FQDN template node and LTM pool |br| * Allow spaces in Security Log Profile network storageFormat, `GitHub Issue 747 <https://github.com/F5Networks/f5-appsvcs-extension/issues/747>`_ |br| * Improve filtering for per-app requests so that apps not in the declaration are not considered in the diffs |br| * Service_Forwarding documentation in the Schema Reference did not reflect valid options, `GitHub Issue 458 <https://github.com/F5Networks/f5-appsvcs-extension/issues/458>`_ |br| * Set sniDefault property to true for the first certificate by default |br| * Can't create FQDN pool with shareNodes: true, `GitHub Issue 754 <https://github.com/F5Networks/f5-appsvcs-extension/issues/754>`_ |br| * Support adminState for discovered pool members, `GitHub Issue 759 <https://github.com/F5Networks/f5-appsvcs-extension/issues/759>`_
         - 11-14-23
 
       * - 3.46.2

examples/declarations/example-firewall-policy-route-domain-enforcement.json

@@ -0,0 +1,67 @@
+{
+    "class": "ADC",
+    "schemaVersion": "3.49.0",
+    "id": "declaration",
+    "Common": {
+        "class": "Tenant",
+        "Shared": {
+            "class": "Application",
+            "template": "shared",
+            "firewallPolicy": {
+                "class": "Firewall_Policy",
+                "routeDomainEnforcement": [
+                    {
+                        "bigip": "/Common/100"
+                    }
+                ],
+                "rules": [
+                    {
+                        "use": "fwRuleList"
+                    }
+                ]
+            },
+            "fwRuleList": {
+                "class": "Firewall_Rule_List",
+                "rules": [
+                    {
+                        "remark": "description",
+                        "name": "rule1",
+                        "action": "accept-decisively",
+                        "protocol": "tcp",
+                        "loggingEnabled": true
+                    },
+                    {
+                        "remark": "description",
+                        "name": "rule2",
+                        "action": "reject",
+                        "protocol": "tcp",
+                        "loggingEnabled": true,
+                        "source": {
+                            "vlans": [
+                                {
+                                    "bigip": "/Common/external"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            }
+        }
+    },
+    "tenant": {
+        "class": "Tenant",
+        "app": {
+            "class": "Application",
+            "service": {
+                "class": "Service_HTTP",
+                "virtualAddresses": [
+                    "192.0.2.0"
+                ],
+                "virtualPort": 443,
+                "policyFirewallEnforced": {
+                    "use": "/Common/Shared/firewallPolicy"
+                }
+            }
+        }
+    }
+}

examples/declarations/example-gslb-features.json

@@ -1,6 +1,6 @@
 {
     "class": "ADC",
-    "schemaVersion": "3.37.0",
+    "schemaVersion": "3.49.0",
     "id": "GSLB_Sample",
     "Sample_non_http_05": {
         "class": "Tenant",
@@ -12,6 +12,12 @@
                 "aliases": [
                     "another.example*" ],
                 "resourceRecordType": "A",
+                "loadBalancingDecisionLogVerbosity": [
+                    "pool-selection",
+                    "pool-traversal",
+                    "pool-member-selection",
+                    "pool-member-traversal"
+                  ],
                 "poolLbMode": "ratio",
                 "pools": [
                     {

examples/declarations/example-gslb-monitor-https.json

@@ -0,0 +1,33 @@
+{
+    "class": "ADC",
+    "schemaVersion": "3.49.0",
+    "id": "GSLB_HTTPS_Monitor_Sample",
+    "Sample_HTTPS_GSLB_Monitor": {
+        "class": "Tenant",
+        "Application": {
+            "class": "Application",
+            "https_example": {
+                "class": "GSLB_Monitor",
+                "monitorType": "https",
+                "ciphers": "DEFAULT:TLS1.2:!SSLv3",
+                "clientCertificate": "webcert",
+                "ignoreDownResponseEnabled": false,
+                "interval": 30,
+                "probeTimeout": 5,
+                "receive": "HTTP/1.",
+                "receiveStatusCodes": [ 200, 302 ],
+                "reverseEnabled": false,
+                "send": "GET /",
+                "sniServerName": "test.example.com",
+                "target": "10.10.0.1:443",
+                "timeout": 120,
+                "transparent": false
+            },
+            "webcert": {
+                "class": "Certificate",
+                "certificate": {"bigip":"/Common/default.crt"},
+                "privateKey":{"bigip":"/Common/default.key"}
+            }
+        }
+    }
+}

examples/declarations/example-gslb-pool-naptr.json

@@ -0,0 +1,63 @@
+{
+    "class": "ADC",
+    "schemaVersion": "3.49.0",
+    "id": "GSLB_Pool_NAPTR_Sample",
+    "Common": {
+        "class": "Tenant",
+        "Shared": {
+            "class": "Application",
+            "template": "shared",
+            "testDomain": {
+                "class": "GSLB_Domain",
+                "domainName": "example.com",
+                "resourceRecordType": "A"
+            },
+            "testDomain2": {
+                "class": "GSLB_Domain",
+                "domainName": "example2.com",
+                "resourceRecordType": "AAAA"
+            }
+        }
+    },
+    "Tenant": {
+        "class": "Tenant",
+        "Application": {
+            "class": "Application",
+            "testPool": {
+                "class": "GSLB_Pool",
+                "resourceRecordType": "NAPTR",
+                "enabled": false,
+                "manualResumeEnabled": true,
+                "ttl": 31,
+                "dynamicRatioEnabled": true,
+                "maxAnswersReturned": 2,
+                "verifyMemberEnabled": false,
+                "lbModePreferred": "ratio",
+                "lbModeAlternate": "topology",
+                "lbModeFallback": "static-persistence",
+                "members": [
+                    {
+                        "domainName": {
+                            "use": "/Common/Shared/testDomain"
+                        },
+                        "enabled": true,
+                        "service": "sip+d2u",
+                        "preference": 1,
+                        "order": 10,
+                        "ratio": 1
+                    },
+                    {
+                        "domainName": {
+                            "use": "/Common/Shared/testDomain2"
+                        },
+                        "enabled": false,
+                        "service": "sip",
+                        "preference": 2,
+                        "order": 11,
+                        "ratio": 2
+                    }
+                ]
+            }
+        }
+    }
+}

examples/declarations/example-gslb-pools.json

@@ -110,7 +110,7 @@
                 "resourceRecordType": "CNAME",
                 "members": [
                     {
-                        "domainName": "example.edu",
+                        "domainName": "OTHER.edu",
                         "enabled": false
                     }
                 ]