Merge remote-tracking branch 'origin/3.48.0'

F5Networks · Nov 13, 2023 · 55c689b · 55c689b
2 parents 8cb99e0 + 1c5a44e
commit 55c689b
Show file tree

Hide file tree

Showing 358 changed files with 96,221 additions and 16,411 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,13 +1,10 @@
-# AS3 parser is pre-compiled using nodejs and
-# requires node 4.8.0 for compatibility with BIG-IP.
-image: $DOCKER_URL/node:4.8.0
+image: $DOCKER_URL/node:20
 
 stages:
   - update
   - commands
-  - atg-shared-checks
   - schema
-  - lint
+  - atg-shared-checks
   - test
   - build
   - deploy
@@ -74,14 +71,25 @@ include:
 # adds atg-shared-checks stage and jobs
 # adds atg_shared_checks_result job to test stage
   - project: automation-toolchain/atg-shared-templates
-    file: security/base.gitlab-ci.yml
+    file:
+      - compliance/base.gitlab-ci.yml
+      - security/base.gitlab-ci.yml
+
+# Override compliance template job
+check_copyrights:
+  allow_failure: false
+
+# Override compliance template job
+lint:
+  needs:
+    - schema
+  allow_failure: false
 
 update_autotool_deps:
   stage: update
   rules:
     - if: '$UPDATE_DEPS =~ /true/i'
   needs: []
-  image: $DOCKER_URL/node:14
   variables:
     UPDATE_BRANCH_NAME: update_autotool_deps
   script:
@@ -108,17 +116,6 @@ schema:
       - src/schema/latest/adc-schema.json
       - src/schema/latest/as3-schema.json
 
-lint:
-  image: $DOCKER_URL/node:10
-  stage: lint
-  needs:
-    - schema
-  tags:
-    - cm-official-docker-executor
-  script:
-    - npm ci
-    - npm run lint
-
 coverage:
   image: $DOCKER_URL/node:16
   stage: test
@@ -134,18 +131,6 @@ coverage:
       - coverage
   coverage: /All files[^|]*\|[^|]*\s+([\d\.]+)/
 
-audit:
-  image: $DOCKER_URL/node:lts
-  stage: test
-  needs: []
-  variables:
-    NODE_OPTIONS: "--dns-result-order=ipv4first"
-  allow_failure: true
-  tags:
-    - cm-official-docker-executor
-  script:
-    - npm audit
-
 node:4.6:
   image: $DOCKER_URL/node:12-buster
   stage: test
@@ -229,8 +214,6 @@ build_rpm:
     - npm ci --no-optional
     # build installation package
     - scripts/build/buildRpm.sh "cloud"
-    # ensure latest copyrights
-    - node node_modules/@f5devcentral/atg-shared-utilities-dev/scripts/dev/write-copyright.js -c -p scripts/dev/copyright.txt
   tags:
     - cm-official-docker-executor
   artifacts:
@@ -241,7 +224,6 @@ build_rpm:
       - src/schema/latest/as3-schema.json
 
 create_source:
-  image: $DOCKER_URL/node:10
   stage: post build
   needs:
     - build_rpm
@@ -256,7 +238,6 @@ create_source:
       - dist/*-examples.tar.gz
 
 build_api_docs:
-  image: $DOCKER_URL/node:16
   stage: build
   needs: []
   script:

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,9 +1,35 @@
 # Changelog
 Changes to this project are documented in this file. More detail (including information on releases before 3.4) and links can be found in the AS3 [Document Revision History](https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/revision-history.html).
 
+## 3.48.0
+
+### Added
+- AUTOTOOL-4024: ([GitHub Issue 755](https://github.com/F5Networks/f5-appsvcs-extension/issues/755)): Support for http-status policy condition in Endpoint_Policy
+
+### Fixed
+- AUTOTOOL-4051: Failure when modifying pools with similar monitor names.
+- AUTOTOOL-4000: Existing snatpools and snat-translations in /Common cause error 'Snat translation address /Common/\<address\> is still referenced by a snat pool.'
+- AUTOTOOL-3990: Deleting a Service with a virtual address containing a reference to a name containing the string '0.0.0.0' fails to delete on the first attempt
+- Escaping for data-group records
+- AUTOTOOL-3975: ([GitHub Issue 749](https://github.com/F5Networks/f5-appsvcs-extension/issues/749)): OCSP validator doesn't work with chainCA
+- AUTOTOOL-4029: The destination property of a service in a tenant with a name containing the string '0.0.0.0' is incorrectly set
+- AUTOTOOL-3995: Ephemeral node not deleted when using batched transaction to delete FQDN template node and LTM pool
+- AUTOTOOL-3968: ([GitHub Issue 747](https://github.com/F5Networks/f5-appsvcs-extension/issues/747)): Allow spaces in Security Log Profile network storageFormat
+- AUTOTOOL-3985: Improve filtering for per-app requests so that apps not in the declaration are not considered in the diffs.
+- AUTOTOOL-1779: ([GitHub Issue 458](https://github.com/F5Networks/f5-appsvcs-extension/issues/458)): Service_Forwarding documentation to reflect valid options
+- AUTOTOOL-4057: Set sniDefault property to true for the first certificate by default
+- AUTOTOOL-4003: ([GitHub Issue 754](https://github.com/F5Networks/f5-appsvcs-extension/issues/754)): Can't create FQDN pool with shareNodes: true
+
+### Changed
+- Updated to Service Discovery 1.16.0-2
+  - AUTOTOOL-4052: ([GitHub Issue 759](https://github.com/F5Networks/f5-appsvcs-extension/issues/759)): Support adminState for discovered pool members
+
+### Removed
+
 ## 3.47.0
 
 ### Added
+- AUTOTOOL-3850: Added option for 'controls' in per-app declarations
 - AUTOTOOL-3971: Added option to serialize file uploads for dealing with lots of certificates in a declaration
 - AUTOTOOL-3728: Add functionality for per-app deployments (beta)
 - AUTOTOOL-3915: ([GitHub Issue 701](https://github.com/F5Networks/f5-appsvcs-extension/issues/701)): configuration of "SSL sign hash" parameter in TLS_server and TLS_Client

diff --git a/README.md b/README.md
@@ -27,12 +27,12 @@ Be sure to see the [Support page](SUPPORT.md) in this repo for more details and
 
 ## Copyright
 
-Copyright 2014-2023 F5 Networks Inc.
+Copyright 2014-2023 F5, Inc.
 
 
 ### F5 Networks Contributor License Agreement
 
-Before you start contributing to any project sponsored by F5 Networks, Inc. (F5) on GitHub, you will need to sign a Contributor License Agreement (CLA).  
+Before you start contributing to any project sponsored by F5, Inc. on GitHub, you will need to sign a Contributor License Agreement (CLA).
 
 If you are signing as an individual, we recommend that you talk to your employer (if applicable) before signing the CLA since some employment agreements may have restrictions on your contributions to other projects. Otherwise by submitting a CLA you represent that you are legally entitled to grant the licenses recited therein.  
 

diff --git a/SUPPORT.md b/SUPPORT.md
@@ -19,10 +19,11 @@ Currently supported versions (the next LTS release, 3.46.1, will release on 9/12
 
 | Software Version | Release Type  | First Customer Ship | End of Support  |
 |------------------|---------------|---------------------|-----------------|
-| AS 3.46.0        | Feature       |  24-Jul-2023        | 24-Oct-2023     |
 | AS 3.46.1        | LTS           |  12-Sep-2023        | 12-Sep-2024     |
-| AS 3.46.2        | LTS           |  18-Oct-2023        | 12-Sep-2024     |
+| AS 3.46.2        | LTS           |  14-Nov-2023        | 12-Sep-2024     |
 | AS 3.47.0        | Feature       |  12-Sep-2023        | 12-Dec-2023     |
+| AS 3.48.0        | Feature       |  14-Nov-2023        | 14-Feb-2024     |
+
 
 
 Versions no longer supported:

diff --git a/contributing/process_release.md b/contributing/process_release.md
@@ -73,15 +73,23 @@ Merge the release branch into `develop` and `main` following the steps below for
   * Make sure that the version numbers in `package.json`, `package-lock.json`, `CHANGELOG.md`, etc... is correct. Rebase can sometimes rebase `develop` into the release branch.
   * Even though the MR was created via the GUI, pushing a local should be reflected in the MR
 * Self approve the merge request and merge. It is not uncommon when attempting to merge into `develop` for there to be no changes in the merge request. If this happens close the merge request (optionally commenting that there were no changes to merge) and move on to the merge into `main` merge request.
-* In the f5-appsvcs-schema repository add the current release version to the beginning of the schemaVersion enum in `schemas/core-schema.json` using the preexisting format. Also, be sure to run `npm run compile-schema` after adding the new version. If you don't have the typescript compiler (tsc) installed, you will need to run `npm install -g typescript`. Also be sure to run `npm ci`.
-* Follow the process for release for f5-service-discovery to prep SD for the next release cycle.
 
-Tag `main` with the release version, for example: `v3.27.0` (Note: if you are tagging/re-tagging older releases that may trigger the publish, make sure to cancel the job as it will try to reupload the artifacts).
-* Navigate to the `Repository -> Tags` page.
-* Click on `New Tag`.
-* Name the version tag with the release version but without the build number.  For example `v3.27.0`.
-* Choose the `main` branch from the `Create from` list.
-* Click on `Create Tag`.
+* Tag `main` with the release version, for example: `v3.27.0` (Note: if you are tagging/re-tagging older releases that may trigger the publish, make sure to cancel the job as it will try to reupload the artifacts).
+  * Navigate to the `Repository -> Tags` page.
+  * Click on `New Tag`.
+  * Name the version tag with the release version but without the build number.  For example `v3.27.0`.
+  * Choose the `main` branch from the `Create from` list.
+  * Click on `Create Tag`.
+
+* Update f5-appsvcs-schema with the new AS3 version.
+  * Navigate to the f5-appsvcs-schema repository.
+  * Create a new branch off of `main`.
+  * Add the current release version to the beginning of the schemaVersion enum in `schemas/core-schema.json` using the preexisting format.
+  * Run `npm ci`.
+  * Run `npm run compile-schema`. If you don't have the typescript compiler (tsc) installed, you will need to run `npm install -g typescript`.
+  * Add and commit your changes, then push your branch.
+  * Publish an MR and ask for approval in the `AppSvcs Schema` channel.
+* Follow the process for release for f5-service-discovery to prep SD for the next release cycle.
 
 ### Release Manager tasks
 * Artifacts are copied from `main` to GitHub and Docker Hub by release management

diff --git a/docs/conf.py b/docs/conf.py
@@ -83,7 +83,7 @@
 # The short X.Y version.
 version = u''
 # The full version, including alpha/beta/rc tags.
-release = u'3.46.0'
+release = u'3.47.0'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

diff --git a/docs/declarations/application-security.rst b/docs/declarations/application-security.rst
@@ -545,21 +545,16 @@ Using the HTTP method condition in an Endpoint policy
 `````````````````````````````````````````````````````
 .. sidebar:: :fonticon:`fa fa-info-circle fa-lg` Version Notice:
 
-    Support for the data group condition is available in 3.32 and later.
+    You must be using AS3 3.32 and later for this example.
 
 In this example, we show how you can use the **httpMethod** condition in your Endpoint policy rules. This allows you to match against any HTTP method.  
 
 For more information on LTM Endpoint Policies, see |ltmpol| in the BIG-IP documentation.
 
 When using **httpMethod**, you must also decide when to evaluate this condition in the request-response cycle. You can specify **request** or **proxy-request**.
 
-**New in BIG-IP AS3 3.32** |br|
-BIG-IP AS3 3.32 introduced support for using data groups, allowing you to reference a data group as the match value for an **httpUri** condition.
-
 See |policycond| and |httpmethod| in the schema reference for more information and BIG-IP AS3 usage.  
 
-.. IMPORTANT:: The example declaration has been updated with the BIG-IP AS3 3.32 release to include the data group HTTP URI condition. If you attempt to use this declaration on a previous version, it will fail. If you are using a version prior to 3.32, remove the lines highlighted in yellow (and the comma in line 44).
-
 This declaration creates the following objects on the BIG-IP:
 
 - Partition (tenant) named **AS3_Tenant**.
@@ -568,7 +563,7 @@ This declaration creates the following objects on the BIG-IP:
 
 .. literalinclude:: ../../examples/declarations/example-endpoint-policy-http-method-condition.json
     :language: json
-    :emphasize-lines: 45-54
+
 
 :ref:`Back to top<app-sec-examples>`
 
@@ -896,13 +891,40 @@ This declaration creates the following objects on the BIG-IP:
 
 |
 
+.. _httpstatus:
+
+Using HTTP Status condition in an Endpoint policy rule
+``````````````````````````````````````````````````````
+.. sidebar:: :fonticon:`fa fa-info-circle fa-lg` Version Notice:
+
+    Support for http-status conditions is available in 3.48 and later.
+
+In this example, we show how you can use the **httpStatus** condition in your Endpoint policy rules. This allows you to match the HTTP status code of an HTTP request and configure the appropriate action.
+
+For more information on LTM Endpoint Policies, see |ltmpol| in the BIG-IP documentation.
+
+Also see |policycond| **Type** in the Schema Reference.
 
+This declaration creates the following objects on the BIG-IP:
+
+- Partition (tenant) named **AS3_Tenant**.
+- An Application named **AS3_Application**.
+- A virtual server named **service** that references an endpoint policy
+- Three Data Groupa named **allDataGroup**, **textDataGroup**, and **codeDataGroup**
+- An Endpoint policy named **test_EP** that contains a rule that includes a number of  **httpStatus** condition examples.
+
+.. literalinclude:: ../../examples/declarations/example-endpoint-policy-http-status-code-condition.json
+    :language: json
+
+:ref:`Back to top<app-sec-examples>`
+
+|
 
 
 
 .. |hhost| raw:: html
 
-   <a href="https://automation-toolchain.pages.gitswarm.f5net.com/f5-appsvcs-extension/public-docs/refguide/declaration-purpose-function.html#policy-condition-http-host" target="_blank">Policy_Condition_HTTP_Host</a>
+   <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#policy-condition-http-host" target="_blank">Policy_Condition_HTTP_Host</a>
 
 .. |stringexpand| raw:: html
 

diff --git a/docs/openapi.yaml b/docs/openapi.yaml
@@ -1,6 +1,6 @@
 openapi: '3.0.0'
 info:
-  version: 3.47.0
+  version: 3.48.0
   title: F5 BIG-IP AS3
   description: This reference describes the BIG-IP AS3 API and available endpoints.
 externalDocs:
@@ -899,6 +899,11 @@ components:
               serverAddresses:
               - 192.0.2.10
               - 192.0.2.20
+        controls:
+          class: Controls
+          logLevel: debug
+          trace: true
+          traceResponse: true
     declarationApplicationPayloadMulti:
       value:
         application1:
@@ -929,6 +934,11 @@ components:
               serverAddresses:
               - 192.0.2.30
               - 192.0.2.40
+        controls:
+          class: Controls
+          logLevel: debug
+          trace: true
+          traceResponse: true
     declarationApplicationResponse:
       value:
         application1:
@@ -945,6 +955,11 @@ components:
               serverAddresses:
               - 192.0.2.1
               - 192.0.2.2
+        controls:
+          class: Controls
+          logLevel: debug
+          trace: true
+          traceResponse: true
         id: 'autogen_1d77bb4f-cd46-453b-917f-897bd2c278f7'
     declarationApplicationResponseMulti:
       value:
@@ -976,6 +991,11 @@ components:
               serverAddresses:
               - 192.0.2.30
               - 192.0.2.40
+        controls:
+          class: Controls
+          logLevel: debug
+          trace: true
+          traceResponse: true
     settingsDefault:
       value:
         burstHandlingEnabled: false