Merge remote-tracking branch 'origin/3.46.0'

.gitlab-ci.yml

@@ -103,7 +103,7 @@ schema:
     - npm ci --no-optional
     - npm run build-schema
   artifacts:
-    name: f5-appsvcs-extension-$CI_BUILD_REF
+    name: f5-appsvcs-extension-$CI_COMMIT_SHA
     paths:
       - src/schema/latest/adc-schema.json
       - src/schema/latest/as3-schema.json
@@ -147,51 +147,60 @@ audit:
     - npm audit
 
 node:4.6:
-  image: $DOCKER_URL/node:4.6.2
+  image: $DOCKER_URL/node:12-buster
   stage: test
   needs:
     - schema
   tags:
     - cm-official-docker-executor
   script:
+    # npm install fails for some packages on older versions of node, so use a newer
+    # version just for the install
+    - curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash
+    - export NVM_DIR="$HOME/.nvm"
+    - source "$NVM_DIR/nvm.sh"
+    - nvm install 4
+    - nvm install --latest-npm 12
+    - nvm use 12
     - npm install [email protected] --save-dev
     - npm install --no-optional
+    - nvm use 4
     - npm run test-no-build
 
 node:6:
-  image: $DOCKER_URL/node:6
+  image: $DOCKER_URL/node:12-buster
   stage: test
   needs:
     - schema
   tags:
     - cm-official-docker-executor
   script:
-    - currentDirectory=$(pwd)
-    - mkdir -p /tmp/npm-install-directory
-    - cd /tmp/npm-install-directory
-    - npm install [email protected]
-    - rm -rf /usr/local/lib/node_modules
-    - mv node_modules /usr/local/lib/
-    - ln -s /usr/local/lib/node_modules/npm/bin/npx-cli.js /usr/local/bin/npx
-    - cd $currentDirectory
+    # npm install fails for some packages on older versions of node, so use a newer
+    # version just for the install
+    - curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash
+    - export NVM_DIR="$HOME/.nvm"
+    - source "$NVM_DIR/nvm.sh"
+    - nvm install 6
+    - nvm install --latest-npm 12
+    - nvm use 12
     - npm ci --no-optional
     - npm install [email protected]
+    - nvm use 6
     - npm run test-no-build -- $TEST_REPORTER_OPTIONS
   artifacts:
     when: always
     reports:
       junit: test_report.xml
 
 node:8:
-  image: $DOCKER_URL/node:8.11.1
+  image: $DOCKER_URL/node:8
   stage: test
   needs:
     - schema
   tags:
     - cm-official-docker-executor
   script:
-    - npm install --global [email protected]
-    - npm ci --no-optional
+    - npm ci
     - npm install mocha@7
     - npm run test-no-build -- $TEST_REPORTER_OPTIONS
   artifacts:
@@ -215,7 +224,7 @@ build_rpm:
   tags:
     - cm-official-docker-executor
   artifacts:
-    name: f5-appsvcs-extension-$CI_BUILD_REF
+    name: f5-appsvcs-extension-$CI_COMMIT_SHA
     paths:
       - dist
       - src/schema/latest/adc-schema.json
@@ -237,11 +246,14 @@ create_source:
       - dist/*-examples.tar.gz
 
 build_api_docs:
-  image: $DOCKER_URL/node:12
+  image: $DOCKER_URL/node:16
   stage: build
   needs: []
   script:
     # install packages
+    # package-lock ends up with OS specific info during npm install, so
+    # make sure it is right for the platform we're on
+    - rm package-lock.json
     - npm install
     # generate docs
     - npm run make-api-docs
@@ -490,7 +502,7 @@ test_rpms_in_azure:
     TEST_RESOURCES_URL: "$TEST_RESOURCES_URL_AZURE"
   <<: *test_rpms_common
   artifacts:
-    name: f5-appsvcs-extension-$CI_BUILD_REF
+    name: f5-appsvcs-extension-$CI_COMMIT_SHA
     when: always
     paths:
       - test/logs
@@ -515,7 +527,7 @@ test_rpms_for_this_project:
     - if: '$FORCE_INTEGRATION_TEST =~ /true/i'
   <<: *test_rpms_common
   artifacts:
-    name: f5-appsvcs-extension-$CI_BUILD_REF
+    name: f5-appsvcs-extension-$CI_COMMIT_SHA
     when: always
     paths:
       - test/logs
@@ -537,7 +549,7 @@ test_rpms_for_other_project:
     - if: '$TRIGGER_INTEGRATION_TEST =~ /true/i'
   <<: *test_rpms_common
   artifacts:
-    name: f5-appsvcs-extension-$CI_BUILD_REF
+    name: f5-appsvcs-extension-$CI_COMMIT_SHA
     when: always
     paths:
       - test/logs
@@ -653,15 +665,15 @@ create_docs:
     - make linkcheck
 
     # build developer documentation (optional)
-    - if [ "$CI_COMMIT_REF_NAME" = "master" ]; then
+    - if [ "$CI_COMMIT_REF_NAME" = "main" ]; then
     -   npm install --registry $NPM_REGISTRY_URL -g jsdoc
     -   jsdoc src/nodejs/* -d contributing
     - fi
   tags:
     - cm-official-docker-executor
   artifacts:
     expire_in: 1 week
-    name: sphinx-docs_$CI_BUILD_REF
+    name: sphinx-docs_$CI_COMMIT_SHA
     paths:
       - docs/_build/html
       - contributing

CHANGELOG.md

@@ -1,6 +1,32 @@
 # Changelog
 Changes to this project are documented in this file. More detail (including information on releases before 3.4) and links can be found in the AS3 [Document Revision History](https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/revision-history.html).
 
+## 3.46.0
+
+### Added
+- AUTOTOOL-3881: ([GitHub Issue 269](https://github.com/F5Networks/f5-appsvcs-extension/issues/269)): Add support for net port-lists
+- AUTOTOOL-3821: ([GitHub Issue 269](https://github.com/F5Networks/f5-appsvcs-extension/issues/269)): Add support for port and address lists in virtuals
+- AUTOTOOL-3704: Expose metadata property for pools and pool members
+- AUTOTOOL-3876: Support for performing AS3 string expansion inside declarative WAF policy
+- AUTOTOOL-3866: Add support of route domain as a string for SOCKS profile
+- AUTOTOOL-3768: ([GitHub Issue 696](https://github.com/F5Networks/f5-appsvcs-extension/issues/696)): Add support for enable/disable BotDefense profile in Endpoint_Policy
+
+### Fixed
+- AUTOTOOL-3842: Updated list of services for Protocol_Inspection_Profile
+- AUTOTOOL-3718: ([GitHub Issue 704](https://github.com/F5Networks/f5-appsvcs-extension/issues/704)): Handling of line continuation character in iRule
+- AUTOTOOL-3831: Fix issue with running a DELETE after a dry-run on BIG-IQ
+- AUTOTOOL-3880: ([GitHub Issue 727](https://github.com/F5Networks/f5-appsvcs-extension/issues/727)): SNAT_Pool handling in /Common/Shared
+- AUTOTOOL-3884: Fix idempotency issue with a Pool's minimumMonitors
+- AUTOTOOL-3810:  ([GitHub Issue 715](https://github.com/F5Networks/f5-appsvcs-extension/issues/715)): GSLB_Prober_Pool members referred to with "use": "/Common/Shared/[name]"
+- AUTOTOOL-3879: AS3 declaration fails on save config from v3.35.0 onwards
+
+### Changed
+- Updated to Service Discovery 1.14.0-1
+  - Update packages to latest available versions
+
+### Removed
+- AUTOTOOL-3871 Remove express package and app.js
+
 ## 3.45.0
 
 ### Added

README.md

@@ -24,9 +24,6 @@ Because BIG-IP AS3 has been created and fully tested by F5 Networks, it is fully
 
 Be sure to see the [Support page](SUPPORT.md) in this repo for more details and supported versions of BIG-IP AS3.  
 
-**Community Help**  
-We encourage you to use our [Slack channel](https://f5cloudsolutions.herokuapp.com) for discussion and assistance on AS3 templates (click the **f5-appsvcs-extension** channel). There are F5 employees who are members of this community who typically monitor the channel Monday-Friday 9-5 PST and will offer best-effort assistance. This slack channel community support should **not** be considered a substitute for F5 Technical Support. See the [Slack Channel Statement](slack-channel-statement.md) for guidelines on using this channel.
-
 ## Copyright
 
 Copyright 2014-2023 F5 Networks Inc.

SUPPORT.md

@@ -20,9 +20,9 @@ Currently supported versions:
 | Software Version | Release Type  | First Customer Ship | End of Support  |
 |------------------|---------------|---------------------|-----------------|
 | AS 3.36.1        | LTS           |  31-May-2022        | 31-Aug-2023     |
-| AS 3.43.0        | Feature       |  09-Feb-2023        | 09-May-2023     |
-| AS 3.44.0        | Feature       |  27-Mar-2022        | 27-Jun-2023     |
 | AS 3.45.0        | Feature       |  22-May-2023        | 22-Aug-2023     |
+| AS 3.46.0        | Feature       |  24-Jul-2023        | 24-Oct-2023     |
+
 
 Versions no longer supported:
 
@@ -81,6 +81,8 @@ Versions no longer supported:
 | AS 3.40.0        | Feature       |  04-Oct-2022        | 04-Jan-2023     |
 | AS 3.41.0        | Feature       |  14-Nov-2022        | 14-Feb-2023     |
 | AS 3.42.0        | Feature       |  12-Jan-2023        | 12-Apr-2023     |
+| AS 3.43.0        | Feature       |  09-Feb-2023        | 09-May-2023     |
+| AS 3.44.0        | Feature       |  27-Mar-2022        | 27-Jun-2023     |
 
 \* Fix for updated Docker Container packaging only  
 \*\* Update for the schema description for Pool minimumMonitors

contributing/process_release.md

@@ -41,7 +41,7 @@
   * git commit -m 'Update schema files for release'
   * git push
 * Prepare the develop branch for the next development cycle
-  * Create a new branch off of develop like any other development task
+  * Create a new branch off of `develop` like any other development task
   * Update version changes to `package.json` and `package-lock.json`.  The release number of the new version should start at 0 (e.g. 3.10.0-4 would become 3.11.0-0).
   * Update the `info.version` property in `docs/openapi.yaml` to the new AS3 version (e.g. 3.27.0).
   * Add a new version to the beginning of the schemaVersion enum in `src/schema/latest/core-schema.js` using the preexisting format.
@@ -61,30 +61,30 @@
   * Create a merge request like for any other development task and announce on Teams `AS3-DO General`.
 
 ### Perform actions after go ahead from Go/No-Go meeting
-Merge the release branch into develop and master following the steps below for each merge.
+Merge the release branch into `develop` and `main` following the steps below for each merge.
 * Navigate to the `Merge Requests` page and click on `New merge request` in the upper right corner.
 * Select the release branch as the `source branch`.
   * If merging into `develop` select `develop` as the `target branch`.
-  * If merging into `master` select `master` as the `target branch`.
+  * If merging into `main` select `main` as the `target branch`.
 * Click on `Compare branches and continue`.
 * On the next page do NOT select `Delete source branch` or `Squash commits`.  The release branch needs to be preserved in case a `.1` release is needed in the future.
 * Click on `Submit merge request`.
 * Note: If the GUI suggests a rebase, do a merge locally instead. DO NOT TRUST the GUI rebase tool.
   * Make sure that the version numbers in `package.json`, `package-lock.json`, `CHANGELOG.md`, etc... is correct. Rebase can sometimes rebase `develop` into the release branch.
   * Even though the MR was created via the GUI, pushing a local should be reflected in the MR
-* Self approve the merge request and merge. It is not uncommon when attempting to merge into `develop` for there to be no changes in the merge request. If this happens close the merge request (optionally commenting that there were no changes to merge) and move on to the merge into `master` merge request.
-* In the f5-appsvcs-schema repository add a new version to the beginning of the schemaVersion enum in `schemas/core-schema.js` using the preexisting format. Also, be sure to run `npm run compile-schema` after adding the new version.
+* Self approve the merge request and merge. It is not uncommon when attempting to merge into `develop` for there to be no changes in the merge request. If this happens close the merge request (optionally commenting that there were no changes to merge) and move on to the merge into `main` merge request.
+* In the f5-appsvcs-schema repository add the current release version to the beginning of the schemaVersion enum in `schemas/core-schema.json` using the preexisting format. Also, be sure to run `npm run compile-schema` after adding the new version. If you don't have the typescript compiler (tsc) installed, you will need to run `npm install -g typescript`. Also be sure to run `npm ci`.
 * Follow the process for release for f5-service-discovery to prep SD for the next release cycle.
 
-Tag master with the release version, for example: `v3.27.0` (Note: if you are tagging/re-tagging older releases that may trigger the publish, make sure to cancel the job as it will try to reupload the artifacts).
+Tag `main` with the release version, for example: `v3.27.0` (Note: if you are tagging/re-tagging older releases that may trigger the publish, make sure to cancel the job as it will try to reupload the artifacts).
 * Navigate to the `Repository -> Tags` page.
 * Click on `New Tag`.
 * Name the version tag with the release version but without the build number.  For example `v3.27.0`.
-* Choose the `master` branch from the `Create from` list.
+* Choose the `main` branch from the `Create from` list.
 * Click on `Create Tag`.
 
 ### Release Manager tasks
-* Artifacts are copied from master to GitHub and Docker Hub by release management
+* Artifacts are copied from `main` to GitHub and Docker Hub by release management
 * Add a `released` property with a value of `true` to the released RPM in Artifactory
 
 ## Process for LTS release
@@ -110,14 +110,14 @@ Tag master with the release version, for example: `v3.27.0` (Note: if you are ta
 * Go to the atg-build project in GitLab
   * Edit the AS3 schedule to set the `gitBranch` variable to the LTS branch.
   * Run the AS3 schedule.
-  * After the build completes, edit the AS3 schedule to set the `gitBranch` variable back to develop.
+  * After the build completes, edit the AS3 schedule to set the `gitBranch` variable back to `develop`.
 * Using the GUI create a tag off the LTS branch (e.g. 3.36.1)
   * In the GUI go to `Repository -> Tags -> New tag`.
   * The name of the tag should be the LTS version with a 'v' at the front (e.g. v3.36.1).
   * Update the `createFrom` to point at the LTS branch.
   * Set the message to: `LTS release v<LTS version>` (e.g. "LTS release v3.36.1")
-* Merge the LTS branch (without updating the package version) into develop and create an MR for this.
-* Merge the LTS branch (only update package version if LTS is latest) into master and create an MR for this.
+* Merge the LTS branch (without updating the package version) into `develop` and create an MR for this.
+* Merge the LTS branch (only update package version if LTS is latest) into `main` and create an MR for this.
 
 ## Documentation Release process
 * After the third sprint is finished and the release branch has been created, checkout out the dev release branch and then merge it into **doc-release-branch**.

docs/declarations/all-properties.rst

@@ -4,7 +4,7 @@ Declaration using all BIG-IP AS3 Properties
 ===========================================
 This is an example declaration which includes all current properties available using BIG-IP AS3.  This can be useful to see how to use a particular property.  
 
-This declaration is over 3000 lines, so we recommend you use your browser's search functionality to find a particular property.
+This declaration is over 3000 lines, so we recommend using your browser's search functionality to find a particular property.
 
 
 

docs/declarations/miscellaneous.rst

@@ -215,7 +215,7 @@ If you do not use shareNodes or have shareNodes set to **false** (the default),
 
 .. NOTE:: You must have the **shareNodes** property set to **true** in your original declaration.  If you did not, add it to the original declaration and re-POST before attempting to post a new declaration with the node.
 
-.. WARNING:: If you POST a declaration with **shareNodes** set to **true**, and then later update the same declaration with **shareNodes** set to **false**, the declaration returns Success, however BIG-IP AS3 does not move the nodes, and they remain in /Common. To change this behavior, first DELETE the original declaration, and then re-POST the declaration with shareNodes set to **false**.
+.. WARNING:: If you POST a declaration with **shareNodes** set to **true**, and then later update the same declaration with **shareNodes** set to **false**, the declaration returns Success, however BIG-IP AS3 does not move the nodes, and they remain in /Common. To change this behavior, first DELETE the original declaration, and then re-POST the declaration with shareNodes set to **false**. |br| **Shared FQDN nodes MUST be deleted manually.**
 
 
 There are two declarations in this example, the original declaration and a new declaration.

docs/declarations/network-security.rst

@@ -142,6 +142,8 @@ Creating Protocol Inspection profiles
 
    You **must** have AFM licensed and provisioned AND an Intrusion Prevention System (IPS) subscription add-on license on your BIG-IP to use these features.
 
+.. IMPORTANT:: Because the Protocol Inspection profile was designed around an experience that is better suited to using the BIG-IP web-based Configuration utility, we strongly recommend you configure, modify, or change Protocol Inspection profiles using the BIG-IP Configuration utility, and reference the profile in the AS3 declaration. Future releases of BIG-IP AS3 will not include any improvements to  Protocol Inspection profiles. |br| The following example has been updated with an example of referencing a Protocol Inspection profile on the BIG-IP.
+
 This example shows how you can create BIG-IP AFM Protocol Inspection profiles in a BIG-IP AS3 declaration.  A protocol inspection profile collects rules for protocol inspection using pre-installed signatures defined by the Snort project, or custom signatures defined using the Snort syntax.
 
 For detailed information, see |pipdoc|, as well as |pipkb| on AskF5. For BIG-IP AS3 usage options, see |pipref| in the Schema Reference.

docs/declarations/non-http-services.rst

@@ -347,6 +347,39 @@ This declaration creates the following objects on the BIG-IP:
 
 :ref:`Back to top<tcp-examples>`
 
+
+|
+
+.. _portlist:
+
+Creating port and address lists for a service
+`````````````````````````````````````````````
+.. sidebar:: :fonticon:`fa fa-info-circle fa-lg` Version Notice:
+
+   Support for creating port lists for a virtual service is available in BIG-IP AS3 3.46 and later. |br| You must have BIG-IP v14.1 or later with the AFM module licensed and provisioned.
+
+In this example, we show how you can create address and port lists for a virtual service in AS3 3.46 and later. These objects were already supported in AS3, but not directly on a virtual service. Using address and port lists allows you to define multiple addresses and ports for a single virtual service.
+
+When you include a Firewall_Port_List in the declaration, BIG-IP AS3 creates a traffic-matching-criteria object in the background which defines how traffic is steered towards the virtual service.
+
+Although this example uses both address and port lists, it is not a requirement and either can be used alone. 
+
+For additional details and BIG-IP AS3 usage, see |fwal|, |fwpl|, and |servicetcp| in the Schema Reference.
+
+This declaration creates the following objects on the BIG-IP:
+
+- Partition (tenant) named **Tenant**.
+- An Application named **Application**.
+- Multiple firewall address lists. One is used for source addresses, and the others for destination addresses.
+- A firewall port list named **portList** that includes port 8080 and a range of ports from 1-999.
+- A virtual server named **service** using the Service_TCP class that references the address lists defined for source and destination, and the port list. 
+
+
+.. literalinclude:: ../../examples/declarations/example-service-tcp-with-source-destination-lists.json
+   :language: json
+
+:ref:`Back to top<tcp-examples>`
+
 
 
 .. |stateless| raw:: html
@@ -424,7 +457,17 @@ This declaration creates the following objects on the BIG-IP:
 
    <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#service-udp" target="_blank">Service_UDP</a>
 
+.. |fwpl| raw:: html
+
+   <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#firewall-port-list" target="_blank">Firewall_Port_List</a>
+
+.. |fwal| raw:: html
+
+   <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#firewall-address-list" target="_blank">Firewall_Address_List</a>
+
+
 
+#firewall-port-list