Merge remote-tracking branch 'origin/3.43.0'

Author: tpitkinf5

.gitlab-ci.yml

@@ -420,7 +420,7 @@ test_rpms_in_azure:
       artifacts: true
 
 test_rpms_for_this_project:
-  timeout: 7 hours
+  timeout: 8 hours
   rules:
     - if: '$TEST_IN_AZURE =~ /true/i'
       when: never
@@ -621,7 +621,7 @@ docs_to_production:
   only:
   # Currently will only deploy to clouddocs.f5.com on commits to docs-latest
   # fill in desired release branch name and uncomment to add deployment from a branch
-    - docs-latest@automation-toolchain/f5-appsvcs
+    - docs-latest
   tags:
     - cm-official-docker-executor
   needs:

CHANGELOG.md

@@ -1,6 +1,27 @@
 # Changelog
 Changes to this project are documented in this file. More detail (including information on releases before 3.4) and links can be found in the AS3 [Document Revision History](https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/revision-history.html).
 
+## 3.43.0
+
+### Added
+- AUTOTOOL-3490: ([GitHub Issue 533](https://github.com/F5Networks/f5-appsvcs-extension/issues/533)): Added lsn-legacy-mode & destination address/port properties in Security_Log_Profile_Nat
+- AUTOTOOL-3491: ([GitHub Issue 619](https://github.com/F5Networks/f5-appsvcs-extension/issues/619)): ALG_Log_Profile. Currently requires CGNAT to be provisioned and BIGIP version to be 15.1 or higher
+- AUTOTOOL-3492: ([GitHub Issue 575](https://github.com/F5Networks/f5-appsvcs-extension/issues/575)): RTSP_Profile. algLogProfile and logPublisher properties require CGNAT to be provisioned and BIGIP version to be 15.1 or higher
+- AUTOTOOL-3494: ([GitHub Issue 576](https://github.com/F5Networks/f5-appsvcs-extension/issues/576)): TFTP_Profile. algLogProfile and logPublisher properties require CGNAT to be provisioned and BIGIP version to be 15.1 or higher
+- AUTOTOOL-3493: ([GitHub Issue 570](https://github.com/F5Networks/f5-appsvcs-extension/issues/570)): Add algLogProfile and logPublisher properties to FTP_Profile which requires CGNAT to be provisioned and BIGIP version to be 15.1 or higher
+- AUTOTOOL-3615: SOCKS_profile (ltm profile socks) which can be attached to a Service_TCP with profileSOCKS
+
+### Fixed
+- AUTOTOOL-2966: GSLB topology records update order fails in unchecked mode
+- AUTOTOOL-3517: Shared virtual addresses are not removed when no longer in use
+- AUTOTOOL-2489: Unchecked mode fails when URLs have authentication
+
+### Changed
+- Updated to Service Discovery 1.12.0-1
+  - AUTOTOOL-3640: support for credential objects
+
+### Removed
+
 ## 3.42.0
 
 ### Added
@@ -17,6 +38,7 @@ Changes to this project are documented in this file. More detail (including info
 - Updated to Service Discovery 1.11.2-1
   - AUTOTOOL-3335: ([GitHub Issue 610](https://github.com/F5Networks/f5-appsvcs-extension/issues/610)): Service Discovery / Consul and jmespathquery to configure priorityGroup for pool members
   - AUTOTOOL-3534: Update packages to latest available versions
+- AUTOTOOL-3439: Merge f5-appsvcs-schema into AS3, specifically: Analytics_Profile, Analytics_TCP_Profile, Basic_Auth, Bearer_Token, CA_Bundle, Capture_Filter, Certificate, Certificate_Validator_OCSP, Enum_Country_Analytics, F5_String, JWE, Log_Publisher
 
 ### Removed
 

SUPPORT.md

@@ -22,6 +22,7 @@ Currently supported versions:
 | AS 3.36.1        | LTS           |  31-May-2022        | 31-Aug-2023     |
 | AS 3.41.0        | Feature       |  14-Nov-2022        | 14-Feb-2023     |
 | AS 3.42.0        | Feature       |  12-Jan-2023        | 12-Apr-2023     |
+| AS 3.43.0        | Feature       |  09-Feb-2023        | 09-May-2023     |
 
 Versions no longer supported:
 

docs/declarations/application-security.rst

@@ -758,6 +758,42 @@ This declaration creates the following objects on the BIG-IP:
 
 |
 
+.. _slnat:
+
+Configuring Security Log Profile NAT settings
+`````````````````````````````````````````````
+.. sidebar:: :fonticon:`fa fa-info-circle fa-lg` Version Notice:
+
+    Support for lsnLegacyMode, logStartOutboundSessionDestination, and logEndOutboundSessionDestination in the Security Log Profile NAT class is available in BIG-IP AS3 v3.43 and later. 
+
+In this example, we show how you can configure Security Log Profile NAT settings in an AS3 declaration. These settings determine how the system logs firewall NAT events.
+
+While the Security Log Profile with NAT settings has long been supported, AS3 3.43 introduced three new properties for the NAT object, related to LSN legacy mode: 
+
+- **lsnLegacyMode**: specifies whether translation events and other NAT events are logged in existing CGNAT/LSN formats (for backward compatibility with LSN events). The following options are applicable only if lsnLegacyMode is enabled (**true**).
+
+  - **logStartOutboundSessionDestination**: includes the destination address and port with the log entry for the *start* of the translation event for a NAT client. 
+  - **logEndOutboundSessionDestination**:  includes the destination address and port with log entry for the *end* of the translation event for a NAT client. 
+
+.. IMPORTANT:: If **lsnLegacyMode** is enabled, you cannot set the **rateLimitStartInboundSession**, **rateLimitEndInboundSession**, **rateLimitStartOutboundSession**, or **rateLimitEndOutboundSession** properties.
+
+For more information on the Security Log Profile, see |seclog|. For details on all of the available NAT settings, see |slpnat|.
+
+This declaration creates the following objects on the BIG-IP (if you try to use the following declaration on an AS3 version prior to 3.43, it will fail. On previous versions, remove the new settings, highlighted in yellow):
+
+- Partition (tenant) named **Sample_sec_log_profile_nat**.
+- An Application named **A1**.
+- A Security Log Profile named **secLogNAT** with a number of settings, including **lsnLegacyMode**, **logStartOutboundSessionDestination**, and **logEndOutboundSessionDestination** introduced in AS3 3.43.
+
+.. literalinclude:: ../../examples/declarations/example-security-log-profile-nat.json
+    :language: json
+    :emphasize-lines: 22, 24, 25
+    
+
+:ref:`Back to top<app-sec-examples>`
+
+|
+
 
 
 .. |asm| raw:: html
@@ -892,4 +928,8 @@ This declaration creates the following objects on the BIG-IP:
 
 .. |geoip| raw:: html
 
-   <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#policy-condition-geoip" target="_blank">Policy_Condition_GeoIP</a>
+   <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#policy-condition-geoip" target="_blank">Policy_Condition_GeoIP</a>
+
+.. |slpnat| raw:: html
+
+   <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#security-log-profile-nat-object" target="_blank">Security_Log_Profile.nat</a>

docs/declarations/network-security.rst

@@ -359,12 +359,52 @@ This declaration creates the following objects on the BIG-IP:
 
 |
 
+.. _alglog:
+
+
+Creating an ALG log profile in a declaration
+````````````````````````````````````````````
+.. sidebar:: :fonticon:`fa fa-info-circle fa-lg` Version Notice:
+
+   Support for ALG logging profiles is available in BIG-IP AS3 3.43.  |br| You must have the CGNAT module licensed and provisioned on BIG-IP 15.1 or later.
+
+This example shows how you can create an ALG (Application Layer Gateway) logging profile in an AS3 declaration in version 3.43 and later.  
+
+An ALG log profile allows fine grain control of the logging for ALG events.  When attached to a supported ALG profile (NAT, FTP, RTSP, SIP, and PPTP), you can control the events, to log as well as optional elements in the log entry. For more information on ALG profiles, see |algp| in the BIG-IP documentation.
+
+For AS3 options and usage, see |alg|.
+
+.. NOTE:: The following example only creates the ALG logging profile, you need to configure additional objects to be able to use this profile.
+
+This declaration creates only the following objects on the BIG-IP:
+
+- A partition (tenant) named **Tenant**
+- An Application named **Application**
+- An ALG log profile named **myProfile** with a number of properties.
+
+
+.. literalinclude:: ../../examples/declarations/example-alg-log-profile.json
+   :language: json
+
+
+:ref:`Back to top<net-sec-examples>`
+
+|
 
 
 .. |br| raw:: html
 
    <br />
 
+.. |algp| raw:: html
+
+   <a href="https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-cgnat-implementations/using-alg-profiles.html" target="_blank">Using ALG profiles</a>
+
+.. |alg| raw:: html
+
+   <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#alg-log-profile" target="_blank">ALG_Log_Profile</a>
+
+
 .. |pipkb| raw:: html
 
    <a href="https://support.f5.com/csp/article/K44080215" target="_blank">Configuring protocol inspection profiles</a>

docs/declarations/non-http-services.rst

@@ -112,12 +112,25 @@ This declaration creates the following objects on the BIG-IP:
 
 Creating an FTP profile in a declaration
 ````````````````````````````````````````
-This example shows how you can create an FTP profile in a declaration (example 9 showed how to use an existing FTP profile).   See |ftpprofile| in the Schema Reference for more usage options and information.  
+.. sidebar:: :fonticon:`fa fa-info-circle fa-lg` Version Notice:
 
-This declaration creates the following objects on the BIG-IP:
+   Support for including an ALG logging profile and log publisher in an FTP profile is available in BIG-IP AS3 3.43 and later. 
+   
+This example shows how you can create an FTP profile in a declaration (the previous example showed how to use an existing FTP profile).   
+
+See |ftpprofile| in the Schema Reference for more usage options and information.
+
+**New in BIG-IP AS3 3.43** |br|
+BIG-IP AS3 3.43 adds the ability to include an :ref:`ALG Log Profile<alglog>` and log publisher to an FTP profile, allowing flexibility when setting logging parameters.
+
+.. IMPORTANT:: In the following example, the **algLogProfile** and **logPublisher** properties require the CGNAT module to be provisioned and BIG-IP version to be 15.1 or higher.
+
+This declaration creates the following objects on the BIG-IP (**NOTE** If you attempt to use this declaration on an AS3 version prior to 3.43, it will fail.  Remove the ALG profile and log publisher for previous versions):
 
 - Partition (tenant) named **TEST_FTP_Profile**.
-- A FTP profile named **sampleFTPprofile**
+- An Application named **Application**
+- A virtual server named **service** that references the FTP profile
+- A FTP profile named **sampleFTPprofile** which includes an ALG Log profile and log publisher.
 
 .. literalinclude:: ../../examples/declarations/example-ftp-profile.json
    :language: json
@@ -130,16 +143,27 @@ This declaration creates the following objects on the BIG-IP:
 .. _tftpprof:
 
 
-Using an existing TFTP profile in a declaration
-```````````````````````````````````````````````
-This example shows how can use TFTP (Trivial File Transfer Protocol) profiles that already exist on your BIG-IP system in a BIG-IP AS3 declaration.  The TFTP profile enables you to configure the BIG-IP system to read and write files from or to a remote server. See the |tftpdoc| chapter of the BIG-IP documentation for detailed information.
+Creating a TFTP profile in a declaration
+````````````````````````````````````````
+.. sidebar:: :fonticon:`fa fa-info-circle fa-lg` Version Notice:
+
+   Support for creating a TFTP profile is available in BIG-IP AS3 3.43 and later. 
+
+This updated example shows how you can create a TFTP (Trivial File Transfer Protocol) profile in a declaration using BIG-IP AS3 3.43 and later.  In previous versions of BIG-IP AS3, you could reference an existing profile, but not create one.
 
-See |tftppoint| in the :ref:`Schema Reference<schema-reference>` for usage options.
+The TFTP profile allows you to configure the BIG-IP system to read and write files from or to a remote server. See the |tftpdoc| chapter of the BIG-IP documentation for detailed information.
+
+See |tftpp| in the Schema Reference for information on available properties and AS3 usage options.
+
+.. IMPORTANT:: In the following example, the **algLogProfile** and **logPublisher** properties require the CGNAT module to be provisioned and BIG-IP version to be 15.1 or higher.
 
 This declaration creates the following objects on the BIG-IP:
 
-- Partition (tenant) named **Exampe_Service_UDP**. 
-- A virtual service named **service** that references an existing TFTP profile on the BIG-IP system.
+- Partition (tenant) named **Example_Service_UDP**. 
+- An Application named **Application**.
+- A virtual service named **service** that references the TFTP profile
+- A TFTP profile named **TFTP_profile** with a number of configured properties.
+- An :ref:`ALG Log Profile<alglog>` named **ALG_Log_profile** with a number of configured properties.
 
 .. literalinclude:: ../../examples/declarations/example-tftp-profile.json
    :language: json
@@ -329,9 +353,9 @@ This declaration creates the following objects on the BIG-IP:
 
    <a href="https://support.f5.com/csp/article/K13675" target="_blank">Overview of the stateless virtual server</a>
 
-.. |tftppoint| raw:: html
+.. |tftpp| raw:: html
 
-   <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#pointer-tftp-profile" target="_blank">Pointer_TFTP</a>
+   <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#tftp-profile" target="_blank">TFTP_Profile</a>
 
 .. |tftpdoc| raw:: html
 

docs/declarations/profiles.rst

@@ -396,14 +396,25 @@ This declaration creates the following objects on the BIG-IP:
 
 .. _rtsp-ex:
 
-Referencing an existing RTSP profile in a declaration
-`````````````````````````````````````````````````````
-This example shows how you can reference an RTSP profile that exists on the BIG-IP system in your declarations. For information on RTSP, see |rtspref|; for information on the RTSP profile, see the |rtspdoc|.  You can also see |rtsppt| and |servtcp| in the Schema Reference for usage.
+Creating an RTSP profile in a declaration
+`````````````````````````````````````````
+.. sidebar:: :fonticon:`fa fa-info-circle fa-lg` Version Notice:
 
-This declaration creates the following objects on the BIG-IP:
+   Support for creating RSTP profiles in a declaration is available in AS3 3.43 and later. 
+
+This updated example shows how you can create an RTSP profile in a declaration using BIG-IP AS3 3.43 and later.  In previous versions of BIG-IP AS3, you could reference an existing profile, but not create one. For information on RTSP, see |rtspref|; for information on the RTSP profile, see the |rtspdoc|.  
+
+See |rtsp| in the Schema Reference for AS3 options and usage.
+
+.. IMPORTANT:: In the following example, the **algLogProfile** and **logPublisher** properties require the CGNAT module to be provisioned and BIG-IP version to be 15.1 or higher.
+
+This declaration creates the following objects on the BIG-IP (**NOTE** If you attempt to use this declaration on an AS3 version prior to 3.43, it will fail.  Remove the ALG profile and log publisher for previous versions):
 
 - Partition (tenant) named **example_RTSP**.
-- A virtual service named **RTSP_vs** which includes the **profileRTSP** property referencing an existing RTSP profile on the target BIG-IP.
+- An Application named **App1**.
+- A virtual service named **RTSP_vs** which references the RTSP profile
+- An RTSP profile named **RTSP_profile** with a number of configured properties.
+- An :ref:`ALG Log Profile<alglog>` named **ALG_Log_profile** with a number of configured properties.
 
 .. literalinclude:: ../../examples/declarations/example-rtsp-profile.json
    :language: json
@@ -803,7 +814,7 @@ Configuring a Statistics profile in a declaration
 
    Support for Statistics profiles is available in BIG-IP AS3 v3.41 and later. 
 
-This example shows how you can configure a Statistics profile to the TLS_Server class in a declaration using the new **Statistics_Profile** class.
+This example shows how you can configure a Statistics profile to the TLS_Server class in a declaration using the **Statistics_Profile** class introduced in AS3 3.43.
 
 The Statistics profile provides user-defined statistical counters. Each profile contains 32 settings (Field1 through Field32), which define named counters. Using a Tcl-based iRule command, you can use the names to manipulate the counters while processing traffic.  For more information, see |stats1| in the BIG-IP documentation and |stats2| in the TMSH reference.
 
@@ -824,11 +835,49 @@ This declaration creates the following objects on the BIG-IP:
 
 :ref:`Back to top<profile-examples>`
 
+|
+
+.. _socks:
+
+Configuring a SOCKS profile in a declaration
+````````````````````````````````````````````
+.. sidebar:: :fonticon:`fa fa-info-circle fa-lg` Version Notice:
+
+   Support for SOCKS profiles is available in BIG-IP AS3 v3.43 and later. 
+
+This example shows how you can configure a SOCKS (Socket Secure) profile in a declaration using the **SOCKS_Profile** class introduced in AS3 3.43.
+
+You can use the SOCKS profile to configure the BIG-IP system to handle proxy requests and function as a gateway. By configuring browser traffic to use the proxy, you can control whether to allow or deny a requested connection. For more information on the SOCKS profile, see |socksdocs| in the BIG-IP documentation.
+
+See |socksref| in the Schema Reference for options and BIG-IP AS3 usage.
+
+This declaration creates the following objects on the BIG-IP:
+
+- Partition (tenant) named **Tenant**.
+- An Application named **Application**.
+- A virtual server named **TCP** that references a SOCKS profile.
+- A SOCKS profile named **socksProfile** with a number of properties configured.
+
+
+.. literalinclude:: ../../examples/declarations/example-using-socks-profile.json
+   :language: json
+
+
+:ref:`Back to top<profile-examples>`
+
+
+
+.. |socksdocs| raw:: html
+
+   <a href="https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-local-traffic-management-profiles-reference/services-profiles.html#GUID-54B29220-772F-4D3B-9352-AB70922DA41C" target="_blank">SOCKS Profile</a>
+
+.. |socksref| raw:: html
 
+   <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#socks-profile" target="_blank">SOCKS Profile</a>
 
 .. |streamprof| raw:: html
 
-   < a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#stream-profile" target="_blank">Stream Profile</a>
+   <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#stream-profile" target="_blank">Stream Profile</a>
 
 .. |streamprofile| raw:: html
 
@@ -921,11 +970,11 @@ This declaration creates the following objects on the BIG-IP:
 
 .. |rtspdoc| raw:: html
 
-   <a href="https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/big-ip-local-traffic-management-profiles-reference-14-1-0/02.html#GUID-2C8C75A0-1A12-417D-8C92-6943C345403F" target="_blank">RTSP documentation</a>
+   <a href="https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-local-traffic-management-profiles-reference/services-profiles.html#GUID-2C8C75A0-1A12-417D-8C92-6943C345403F" target="_blank">RTSP documentation</a>
 
-.. |rtsppt| raw:: html
+.. |rtsp| raw:: html
 
-   <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#pointer-rtsp-profile" target="_blank">Pointer_RTSP_Profile</a>
+   <a href="https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#rtsp-profile" target="_blank">RTSP_Profile</a>
 
 .. |servtcp| raw:: html
 

docs/openapi.yaml

@@ -1,6 +1,6 @@
 openapi: '3.0.0'
 info:
-  version: 3.42.0
+  version: 3.43.0
   title: F5 BIG-IP AS3
   description: This reference describes the BIG-IP AS3 API and available endpoints. For more details, see https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/as3-api.html
 basePath: /mgmt/shared/appsvcs