Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot modify SSLO Security Policy condition created by bigip_sslo_config_policy module after creation #81

Open
imohmmad opened this issue Feb 29, 2024 · 1 comment
Open

Cannot modify SSLO Security Policy condition created by bigip_sslo_config_policy module after creation #81

imohmmad opened this issue Feb 29, 2024 · 1 comment
Labels
Backlog Added to JIRA board bug Something isn't working

Comments

@imohmmad
Copy link

COMPONENT NAME

bigip_sslo_config_policy

Environment

ANSIBLE VERSION

ansible [core 2.16.2]
config file = /python-env/POD-ONBOARDING/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /python-env/ansible-9.1.0/lib/python3.11/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /python-env/ansible-9.1.0/bin/ansible
python version = 3.11.4 (main, Dec 7 2023, 15:43:41) [GCC 12.3.0] (/python-env/ansible-9.1.0/bin/python3)
jinja version = 3.1.3
libyaml = True

BIGIP VERSION

Sys::Version
Main Package
Product BIG-IP
Version 17.1.1.1
Build 0.68.2
Edition Engineering Hotfix
Date Mon Feb 5 10:51:42 PST 2024

CONFIGURATION
OS / ENVIRONMENT

OS / ENVIRONMENT
Ubuntu 20.04.3

SUMMARY

After creating an sslo security policy via ansible module bigip_sslo_config_policy, define some policy rules, you can no longer make changes to your existing rules via gui.

STEPS TO REPRODUCE

Create the following SSLO security Policy via Ansible (which is successful)

 - name: Create Explicit HTTP Proxy Security_Policy
  bigip_sslo_config_policy:
    name: "Explicit_proxy"
    server_cert_check: false
    default_rule:
      allow_block: "allow"
      tls_intercept: "intercept"
      service_chain: "Explicit_Proxy"

    policy_rules:
      - name: "Pinners_Rule"
        match_type: "match_all"
        policy_action: "allow"
        ssl_action: "bypass"
        conditions:
          - condition_type: "category_lookup_sni"
            condition_option_category:
              - "Pinners"
          - condition_type: "ssl_check"
      
      - name: "Category_Bypass"
        match_type: "match_all"
        policy_action: "allow"
        ssl_action: "bypass"
        conditions:
          - condition_type: "category_lookup_all"
            condition_option_category:
              - "Financial Data and Services"
              - "General Email"
              - "Health and Medicine"
          - condition_type: "ssl_check"

      - name: "Dest_IP_Bypass"
        match_type: "match_all"
        policy_action: "allow"
        ssl_action: "bypass"
        conditions:
          - condition_type: "server_ip_subnet_match"
            condition_option_subnet:
              - "10.0.0.0/8"
              - "192.168.1.100/32"
              - "192.168.1.200/32"
          - condition_type: "ssl_check"
EXPECTED RESULTS

After Creating Security Policy, should be able to edit the policy and its associated condition from GUI

ACTUAL RESULTS

Unable to Modify Security Policy and its associated condition from GUI
@imohmmad imohmmad added the bug Something isn't working label Feb 29, 2024
@pgouband
Copy link

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1534.

@pgouband pgouband added the Backlog Added to JIRA board label Apr 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Backlog Added to JIRA board bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pgouband @imohmmad