NAT_Policy rule translated source unable to set antomap #894
Comments
solid-wang
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
solid-wang
added
bug
Environment
Application Services Version: 3.29.0
BIG-IP Version: 17.1.1.4 Build 0.0.9 Point Release 4
Summary
First, in f5 web, you can see the "Automap "option.
I tried to write "sourceTranslation": { "use": "automap" } in "class: NAT_Policy" rules, I replaced the "use" field with "bigip", and tried to capitalize the first letter of "automap", but the call failed.
Steps To Reproduce
Steps to reproduce the behavior:
{ "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json", "class": "AS3", "declaration": { "Common": { "Shared": { "class": "Application", "k8s_afm_hsl_log_profile": { "class": "Security_Log_Profile", "network": { "logIpErrors": true, "logRuleMatchAccepts": true, "logRuleMatchDrops": true, "logRuleMatchRejects": true, "logTcpErrors": true, "logTcpEvents": true, "publisher": { "use": "/Common/Shared/k8s_firewall_hsl_log_publisher" }, "storageFormat": { "fields": [ "bigip-hostname", "acl-rule-name", "acl-policy-name", "acl-policy-type", "protocol", "action", "drop-reason", "context-name", "context-type", "date-time", "src-ip", "src-port", "vlan", "route-domain", "dest-ip", "dest-port" ] } } }, "k8s_firewall_hsl_log_publisher": { "class": "Log_Publisher", "destinations": [ { "bigip": "/Common/local-db" } ] }, "k8s_global_global-policy-dns_ext_dns-for-global_address": { "addresses": [ "223.5.5.5" ], "class": "Firewall_Address_List" }, "k8s_global_global-policy-dns_ext_dns-for-global_ports_tcp": { "class": "Firewall_Port_List", "ports": [ "54", "6000-7000", "23456", "777" ] }, "k8s_global_global-policy-dns_ext_dns-for-global_ports_udp": { "class": "Firewall_Port_List", "ports": [ "53", "8000-9000", "12345", "888" ] }, "k8s_global_global-policy-dns_ext_dns-for-global_rule_list": { "class": "Firewall_Rule_List", "rules": [ { "action": "accept-decisively", "destination": { "addressLists": [ { "use": "/Common/Shared/k8s_global_global-policy-dns_ext_dns-for-global_address" } ], "portLists": [ { "use": "/Common/Shared/k8s_global_global-policy-dns_ext_dns-for-global_ports_tcp" } ] }, "name": "accept-decisively_dns-for-global_tcp", "protocol": "tcp", "source": {} }, { "action": "accept-decisively", "destination": { "addressLists": [ { "use": "/Common/Shared/k8s_global_global-policy-dns_ext_dns-for-global_address" } ], "portLists": [ { "use": "/Common/Shared/k8s_global_global-policy-dns_ext_dns-for-global_ports_udp" } ] }, "name": "accept-decisively_dns-for-global_udp", "protocol": "udp", "source": {} } ] }, "k8s_gw_pool": { "class": "Pool", "members": [ { "enable": true, "serverAddresses": [ "192.168.21.254" ], "servicePort": 0 } ], "monitors": [ { "bigip": "/Common/gateway_icmp" } ] }, "k8s_log_pool": { "class": "Pool", "members": [ { "enable": true, "serverAddresses": [ "1.2.3.4" ], "servicePort": 514 } ], "monitors": [ { "bigip": "/Common/gateway_icmp" } ] }, "k8s_ns_policy_rd": { "class": "Firewall_Policy", "rules": [] }, "k8s_ns_policy_rd0": { "class": "Firewall_Policy", "rules": [] }, "k8s_outbound_va": { "arpEnabled": false, "class": "Service_Address", "icmpEcho": "disable", "virtualAddress": "0.0.0.0" }, "k8s_outbound_vs": { "class": "Service_L4", "layer4": "any", "policyFirewallEnforced": { "use": "/Common/Shared/k8s_svc_policy_rd" }, "policyNAT": { "use": "k8s_snat_policy" }, "securityLogProfiles": [ { "use": "/Common/Shared/k8s_afm_hsl_log_profile" } ], "snat": "none", "translateServerAddress": false, "translateServerPort": false, "virtualAddresses": [ { "use": "/Common/Shared/k8s_outbound_va" } ], "virtualPort": 0 }, "k8s_snat_ces_busybox-snat_ext_busybox-svc_address": { "addresses": [ "223.5.5.5" ], "class": "Firewall_Address_List" }, "k8s_snat_ces_busybox-snat_ext_busybox-svc_ports_tcp": { "class": "Firewall_Port_List", "ports": [ "1-65535" ] }, "k8s_snat_policy": { "class": "NAT_Policy", "rules": [ { "destination": { "addressLists": [ { "use": "/Common/Shared/k8s_snat_ces_busybox-snat_ext_busybox-svc_address" } ], "portLists": [ { "use": "/Common/Shared/k8s_snat_ces_busybox-snat_ext_busybox-svc_ports_tcp" } ] }, "name": "busybox_snat", "protocol": "tcp", "source": { "addressLists": [ { "use": "/Common/Shared/k8s_snat_ces_busybox-snat_ep_busybox-svc_src_address" } ] }, "sourceTranslation": { "use": "/Common/Shared/k8s_snat_ces_busybox-snat_source_translation" } }, { "name": "k8s_snat_automap", "protocol": "any", "sourceTranslation": { "use": "automap" } } ] }, "k8s_snat_ces_busybox-snat_ep_busybox-svc_src_address": { "addresses": [ "10.234.178.7" ], "class": "Firewall_Address_List" }, "k8s_snat_ces_busybox-snat_source_translation": { "addresses": [ "192.168.21.41" ], "class": "NAT_Source_Translation", "type": "static-nat" }, "k8s_svc_ces_busybox-to-227-ng-web_ep_busybox-svc_src_address": { "addresses": [ "10.234.178.7" ], "class": "Firewall_Address_List" }, "k8s_svc_ces_busybox-to-227-ng-web_ext_ng-227-web_address": { "addresses": [ "192.168.21.63", "101.33.66.162" ], "class": "Firewall_Address_List", "fqdns": [ "www.baidu.com" ] }, "k8s_svc_ces_busybox-to-227-ng-web_ext_ng-227-web_ports_tcp": { "class": "Firewall_Port_List", "ports": [ "80-82", "8080", "443" ] }, "k8s_svc_ces_busybox-to-227-ng-web_ext_ng-227-web_rule_list": { "class": "Firewall_Rule_List", "rules": [ { "action": "accept-decisively", "destination": { "addressLists": [ { "use": "/Common/Shared/k8s_svc_ces_busybox-to-227-ng-web_ext_ng-227-web_address" } ], "portLists": [ { "use": "/Common/Shared/k8s_svc_ces_busybox-to-227-ng-web_ext_ng-227-web_ports_tcp" } ] }, "loggingEnabled": true, "name": "accept-decisively_ng-227-web_tcp", "protocol": "tcp", "source": { "addressLists": [ { "use": "/Common/Shared/k8s_svc_ces_busybox-to-227-ng-web_ep_busybox-svc_src_address" } ] } } ] }, "k8s_svc_deny_all_rule_list": { "class": "Firewall_Rule_List", "rules": [ { "action": "drop", "destination": {}, "name": "deny_all_rule", "protocol": "any", "source": {} } ] }, "k8s_svc_policy_rd": { "class": "Firewall_Policy", "rules": [ { "use": "/Common/Shared/k8s_svc_ces_busybox-to-227-ng-web_ext_ng-227-web_rule_list" }, { "use": "/Common/Shared/k8s_svc_deny_all_rule_list" } ] }, "k8s_svc_policy_rd0": { "class": "Firewall_Policy", "rules": [ { "use": "/Common/Shared/k8s_svc_deny_all_rule_list" } ] }, "k8s_system_global_policy": { "class": "Firewall_Policy", "rules": [ { "use": "/Common/Shared/k8s_global_global-policy-dns_ext_dns-for-global_rule_list" } ] }, "template": "shared" }, "class": "Tenant" }, "class": "ADC", "id": "k8s-ces-controller", "schemaVersion": "3.28.0", "updateMode": "selective" } }{ "code": 422, "errors": [ "/Common/Shared/k8s_snat_policy/rules/1/sourceTranslation/use: contains path to non-existent object automap" ], "declarationFullId": "", "message": "declaration is invalid" }Expected Behavior
POST "https://192.168.31.101/mgmt/shared/appsvcs/declare/Common" return 200 http code.
Ability to configure "Automap" in translated source like in f5 web.
Actual Behavior
POST "https://192.168.31.101/mgmt/shared/appsvcs/declare/Common" return 422 http code.
The text was updated successfully, but these errors were encountered: