{"id":20334178,"url":"https://github.com/dumpysquare/trustedasmpolicies","last_synced_at":"2026-03-05T23:06:21.380Z","repository":{"id":124034860,"uuid":"283832926","full_name":"DumpySquare/TrustedASMPolicies","owner":"DumpySquare","description":"iControl LX extension to export and import ASM policies between trusted devices","archived":false,"fork":false,"pushed_at":"2019-07-24T14:42:31.000Z","size":63,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-04T13:30:37.463Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DumpySquare.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-30T17:09:39.000Z","updated_at":"2022-02-14T22:34:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"050befa3-9e5e-4643-983c-36300cf9b55c","html_url":"https://github.com/DumpySquare/TrustedASMPolicies","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/DumpySquare/TrustedASMPolicies","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DumpySquare%2FTrustedASMPolicies","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DumpySquare%2FTrustedASMPolicies/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DumpySquare%2FTrustedASMPolicies/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DumpySquare%2FTrustedASMPolicies/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DumpySquare","download_url":"https://codeload.github.com/DumpySquare/TrustedASMPolicies/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DumpySquare%2FTrustedASMPolicies/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30154318,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T22:39:40.138Z","status":"ssl_error","status_checked_at":"2026-03-05T22:39:24.771Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T20:36:14.748Z","updated_at":"2026-03-05T23:06:21.365Z","avatar_url":"https://github.com/DumpySquare.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# TrustedASMPolicies\n**iControlLX extension to export ASM policies from and import onto trusted devices**\n\nThe process of exporting ASM policies from BIG-IPs where they are authored and then importing them on enforcement devices has multiple steps and is complex. This extension provides a simplified user experience for querying, exporting, importing, and deleting ASM policies on trusted devices.\n\n## Building the Extension ##\n\nThe repository includes the ability to simply run \n\n`npm run-script build` \n\nin the repository root folder. In order for this run-script to work, you will need to be on a linux workstation with the `rpmbuild` utility installed.\n\nAlternatively rpm builds can be downloaded from the releases tab on github.\n\n## Installing the Extension ##\n\nThe installation instructions for iControlLX rpm packages are found here:\n\n[Installing iControlLX Extensions](https://clouddocs.f5.com/products/iapp/iapp-lx/docker-1_0_4/icontrollx_pacakges/working_with_icontrollx_packages.html)\n\nThis extension has been tested on TMOS version 13.1.1 and the [API Service Gateway](https://hub.docker.com/r/f5devcentral/f5-api-services-gateway/) container.\n\n## General Control Parameters ##\n\nThis extension extends the iControl REST URI namespace at:\n\n`/mgmt/shared/TrustedASMPolicies`\n\n\nThere are three main operations available.\n\n### GET Requests ###\n\nGET requests follow the common TrustedDevice syntax and take the following parameters:\n\n\n| Parameter | Value |\n| --------- | ------ |\n|`targetHost`| The trusted device host or if not supplied the local device.\n|`targetUUID`| The trusted device UUID or if not supplied the local device.\n|`policyName` | The name of the ASM policy you want to query.\n|`policyUUID` | The UUID of the ASM policy you want to query.\n\nYou can supply `targetHost` or `targetUUID`. If you supply `targetUUID` the `targetHost` and `targetPort` will be resolved for you.\n\nIn addition you can specify the `targetUUID` as a path parameter to keep the user experience the same as the TrustProxy extension.\n\n`/mgmt/shared/TrustedASMPolicies/7390b3b8-7682-4554-83e5-764e4f26703c`\n\nIf supplied as a path variable, the `targetUUD` does not need to send as a query variable.\n\nThe `policyName` query variable is optional and will filter the results to the first policy with name starting with the supplied `policyName` value.\n\nThe `policyUUID` query variable is optional and will filter the results to the policy with UUID matching the supplied `policyUUID` value.\n\nIn addition ou can specify the `policyUUID` as a path variable after the `targetUUID` in the path.\n\n`/mgmt/shared/TrustedASMPolicies/7390b3b8-7682-4554-83e5-764e4f26703c/DkhEogaI2u5fwK_kKo5Ctw`\n\n#### Query for all ASM policies on a trusted Device ####\n\n\n```\nGET https://172.13.1.103/mgmt/shared/TrustedASMPolicies?targetHost=172.13.1.106\n\n```\n\n#### Response ####\n\n```\n[\n    {\n        \"id\": \"DkhEogaI2u5fwK_kKo5Ctw\",\n        \"name\": \"linux-high\",\n        \"enforcementMode\": \"blocking\",\n        \"lastChanged\": \"2018-12-26T16:55:52Z\",\n        \"lastChange:\": \"Security Policy /Common/linux-high [update]: Enforcement Mode was set to Blocking. { audit: policy = /Common/linux-high, username = admin, client IP = 192.168.0.65 }\",\n        \"state\": \"AVAILABLE\",\n        \"path\": \"/Common/linux-high\"\n    },\n    {\n        \"id\": \"HjoMjahFu2fw2_hft6toj\",\n        \"name\": \"linux-medium\",\n        \"enforcementMode\": \"blocking\",\n        \"lastChanged\": \"2018-12-26T16:55:52Z\",\n        \"lastChange:\": \"Security Policy /Common/linux-medium [update]: Enforcement Mode was set to Blocking. { audit: policy = /Common/linux-medium, username = admin, client IP = 192.168.0.65 }\",\n        \"state\": \"AVAILABLE\",\n        \"path\": \"/Common/linux-medium\"\n    }\n]\n```\n\n```\nGET https://172.13.1.103/mgmt/shared/TrustedASMPolicies/8c79ab99-fa76-4e6e-a03a-5610620e4fee\n\n```\n\n#### Response ####\n\n```\n[\n    {\n        \"id\": \"DkhEogaI2u5fwK_kKo5Ctw\",\n        \"name\": \"linux-high\",\n        \"enforcementMode\": \"blocking\",\n        \"lastChanged\": \"2018-12-26T16:55:52Z\",\n        \"lastChange:\": \"Security Policy /Common/linux-high [update]: Enforcement Mode was set to Blocking. { audit: policy = /Common/linux-high, username = admin, client IP = 192.168.0.65 }\",\n        \"state\": \"AVAILABLE\",\n        \"path\": \"/Common/linux-high\"\n    },\n    {\n        \"id\": \"HjoMjahFu2fw2_hft6toj\",\n        \"name\": \"linux-medium\",\n        \"enforcementMode\": \"blocking\",\n        \"lastChanged\": \"2018-12-26T16:55:52Z\",\n        \"lastChange:\": \"Security Policy /Common/linux-medium [update]: Enforcement Mode was set to Blocking. { audit: policy = /Common/linux-medium, username = admin, client IP = 192.168.0.65 }\",\n        \"state\": \"AVAILABLE\",\n        \"path\": \"/Common/linux-medium\"\n    }\n]\n```\n\n#### Query for an ASM by name or id on a trusted device ####\n\n```\nGET https://172.13.1.103/mgmt/shared/TrustedASMPolicies?targetHost=172.13.1.106\u0026policyName=linux-high\n```\n\n#### Response ####\n\n```\n{\n    \"id\": \"DkhEogaI2u5fwK_kKo5Ctw\",\n    \"name\": \"linux-high\",\n    \"enforcementMode\": \"blocking\",\n    \"lastChanged\": \"2018-12-26T16:55:52Z\",\n    \"lastChange:\": \"Security Policy /Common/linux-high [update]: Enforcement Mode was set to Blocking. { audit: policy = /Common/linux-high, username = admin, client IP = 192.168.0.65 }\",\n    \"state\": \"AVAILABLE\",\n    \"path\": \"/Common/linux-high\"\n}\n```\n\n```\nGET https://172.13.1.103/mgmt/shared/TrustedASMPolicies/8c79ab99-fa76-4e6e-a03a-5610620e4fee/DkhEogaI2u5fwK_kKo5Ctw\n```\n\n#### Response ####\n\n```\n{\n    \"id\": \"DkhEogaI2u5fwK_kKo5Ctw\",\n    \"name\": \"linux-high\",\n    \"enforcementMode\": \"blocking\",\n    \"lastChanged\": \"2018-12-26T16:55:52Z\",\n    \"lastChange:\": \"Security Policy /Common/linux-high [update]: Enforcement Mode was set to Blocking. { audit: policy = /Common/linux-high, username = admin, client IP = 192.168.0.65 }\",\n    \"state\": \"AVAILABLE\",\n    \"path\": \"/Common/linux-high\"\n}\n```\n\n### Retrieving an ASM XLM policy file from a trsuted source device ###\n\nThe `GET` method can also be used to retrieve an exported ASM policy as an XML file. To retrieve the exported ASM policy as an XML file you must supply the following variables:\n\n| Parameter | Value |\n| --------- | ------ |\n|`sourceHost`| The trusted device host to export the ASM policy.\n|`sourceUUID`| The trusted device UUID to export the ASM policy.\n|`policyId` | The ID of the ASM policy you want to delete from the target host.\n|`policyName` | The name of the ASM policy you want to delete from the target host.\n\n\nYou can supply either the `sourceHost` or `sourceUUID`. \n\nYou can supply either the `policyId` or `policyName`.\n\nYou MUST not supply a `targetHost` or `targetUUID`, as these will trigger a query for ASM policies on a device.\n\n```\nGET https://172.13.1.103/mgmt/shared/TrustedASMPolicies?sourceHost=172.13.1.106\u0026policyName=linux-high\n```\n\n```\nGET https://172.13.1.103/mgmt/shared/TrustedASMPolicies?sourceUUID=8c79ab99-fa76-4e6e-a03a-5610620e4fee\u0026policyId=DkhEogaI2u5fwK_kKo5Ctw\n```\n\n### DELETE Requests ###\n\nDELETE requests follow the common TrustedDevice syntax and take the following parameters:\n\n\n| Parameter | Value |\n| --------- | ------ |\n|`targetHost`| The trusted device host or if not supplied the local device.\n|`targetUUID`| The trusted device UUID or if not supplied the local device.\n|`policyId` | The ID of the ASM policy you want to delete from the target host.\n|`policyName` | The name of the ASM policy you want to delete from the target host.\n\nYou can supply `targetHost` or `targetUUID`. If you supply `targetUUID` the `targetHost` and `targetPort` will be resolved for you.\n\nIn addition you can specify the `targetUUID` as a path parameter to keep the user experience the same as the TrustProxy extension.\n\n`/mgmt/shared/TrustedASMPolicies/7390b3b8-7682-4554-83e5-764e4f26703c`\n\nIf supplied as a path variable, the `targetUUD` does not need to send as a query variable.\n\nYou can supply either the `policyId` or the `policyName` query variable, but you must supply at least one fo these to specify policy to delete on the target device.\n\n```\nDELETE https://172.13.1.103/mgmt/shared/TrustedASMPolicies/8c79ab99-fa76-4e6e-a03a-5610620e4fee?policyId=DkhEogaI2u5fwK_kKo5Ctw\n\n```\n\n#### Response ####\n\n```\n{\n    \"msg\": \"policy removed on target 172.13.1.106:443\"\n}\n```\n\nAdditionally, in keeping with the TrustedProxy model, policies can also be deleted using only the URI path variables for both the trusted device UUID and the policy ID.\n\n```\nDELETE https://172.13.1.103/mgmt/shared/TrustedASMPolicies/8c79ab99-fa76-4e6e-a03a-5610620e4fee/DkhEogaI2u5fwK_kKo5Ctw\n\n```\n\nOf course, policies can be deleted using `targetHost` IP address and `policyName` query variables.\n\n\n```\nDELETE https://172.13.1.103/mgmt/shared/TrustedASMPolicies?targetHost=172.13.1.106\u0026policyName=linux-high\n\n```\n\n#### Response ####\n\n```\n{\n    \"msg\": \"policy removed on target 172.13.1.106:443\"\n}\n```\n\n#### Response ####\n\n```\n{\n    \"msg\": \"policy removed on target 172.13.1.106:443\"\n}\n```\n\n### POST Requests ###\n\nPOST requests import ASM policies on a target trusted device. The source of the policy can either be exported from a different trusted device, or can be downloaded from a non-BIG-IP URL.\n\n#### Exporting from a BIG-IP device ####\n\nThe source policy to be exported from a trusted device is specified us the following parameters:\n\n| Parameter | Value |\n| --------- | ------ |\n|`sourceHost`| The trusted device which currently has the policy to export.\n|`sourceUUID`| The trusted device UUID which currently has the policy to export.\n|`policyId` | The ID of the ASM policy you want to export from a source trusted device.\n|`policyName` | The name of the ASM policy you want to export from the source trusted device.\n\nYou can specify either the `sourceHost` or the `sourceUUID` to identify the source trusted device.\n\nYou can specify either the `policyId` or the `policyName` to identify the ASM policy to export.\n\nThe target device to import the policy is specified using the following parameters:\n\n| Parameter | Value |\n| --------- | ------ |\n|`targetHost`| The trusted device host or if not supplied the local device.\n|`targetUUID`| The trusted device UUID or if not supplied the local device.\n|`targetPolicyName` | Optional alternative name for the policy on the target device.\n\nThese variables can be defined as either query variables or part of the `POST` body.\n\n```\nPOST https://172.13.1.103/mgmt/shared/TrustedASMPolicies?sourceHost=172.13.1.101\u0026targetHost=172.13.1.106\u0026policyName=linux-high\u0026targetPolicyName=imported-linux-high\n```\n\n```\nPOST https://172.13.1.103/mgmt/shared/TrustedASMPolicies\n\n{\n    \"sourceHost\": \"172.13.1.101\",\n    \"targetHost\": \"172.13.1.106\",\n    \"policyName\": \"linux-high\",\n    \"targetPolicyName\": \"imported-linux-high\"\n}\n```\n\n```\nPOST https://172.13.1.103/mgmt/shared/TrustedASMPolicies\n\n{\n    \"sourceUUID\": \"b80652cb-20bd-4e81-a6a6-c306fd643af7\",\n    \"targetUUID\": \"8c79ab99-fa76-4e6e-a03a-5610620e4fee\",\n    \"policyId\": \"DkhEogaI2u5fwK_kKo5Ctw\",\n    \"targetPolicyName\": \"imported-linux-high\"\n}\n```\n\nWhen the request is submitted, a returned policy status matching the `GET` request format is returned immediately. The process is asynchronous. There is a `state` attribute which can be quried using `GET` requests which should transition through the following states:\n\n| `state` Value | Meaning |\n| --------- | ------ |\n|`REQUESTED`| The process has been requested, but not initialized\n|`EXPORTING`| The policy is being exported from the source device\n|`DOWNLOADING`| The exported policy is being downloaded from the source device\n|`UPLOADING`| The exported policy is being uploaded to the target device\n|`IMPORTING` | The policy is being imported on the target device\n|`AVAILABLE` | The policy has been applied on the target device\n|`ERROR` | An error has occurred during the process and the `restnoded` log should be checked for details\n\n#### Response ####\n\n```\n{\n    \"id\": \"DkhEogaI2u5fwK_kKo5Ctw\",\n    \"name\": \"linux-high\",\n    \"enforcementMode\": \"blocking\",\n    \"state\": \"EXPORTING\"\n}\n```\n\nQuery the current state\n\n```\nGET https://172.13.1.103/mgmt/shared/TrustedASMPolicies?targetHost=173.13.1.106\u0026policyName=linux-high\n```\n\n#### Response ####\n\n```\n[\n    {\n        \"id\": \"DkhEogaI2u5fwK_kKo5Ctw\",\n        \"name\": \"linux-high\",\n        \"enforcementMode\": \"blocking\",\n        \"lastChanged\": \"2018-12-26T16:55:52Z\",\n        \"lastChange:\": \"Security Policy /Common/linux-high [update]: Enforcement Mode was set to Blocking. { audit: policy = /Common/linux-high, username = admin, client IP = 192.168.0.65 }\",\n        \"state\": \"UPLOADING\",\n        \"path\": \"/Common/linux-high\"\n    }\n]\n```\n\n#### Downloading from a non-BIG-IP URL ####\n \nThe source of the ASM policy can be downloaded from a non-BIG-IP URL using the following parameters:\n\n| Parameter | Value |\n| --------- | ------ |\n|`url`| The non-BIG-UP HTTP/HTTPS/FILE URL to download the previously exported ASM policy XML file.\n\nThe target device to import the policy is specified using the following parameters:\n\n| Parameter | Value |\n| --------- | ------ |\n|`targetHost`| The trusted device host or if not supplied the local device.\n|`targetUUID`| The trusted device UUID or if not supplied the local device.\n|`targetPolicyName` | The required name for the policy on the target device.\n\nThese variables can be defined as either query variables or part of the `POST` body.\n\nThe following requests are equivalent.\n\n```\nPOST https://172.13.1.103/mgmt/shared/TrustedASMPolicies?url=https://raw.githubusercontent.com/f5devcentral/f5-asm-policy-template-v13/master/application_ready_template_v13/Drupal_8/Drupal_8_Ready_Template_6.1.2_v13.xml\u0026targetHost=172.13.1.101\u0026targetPolicyName=Drupal_8_Ready_Template\n```\n\n```\nPOST https://172.13.1.103/mgmt/shared/TrustedASMPolicies\n\n{\n    \"url\": \"https://raw.githubusercontent.com/f5devcentral/f5-asm-policy-template-v13/master/application_ready_template_v13/Drupal_8/Drupal_8_Ready_Template_6.1.2_v13.xml\"\n    \"targetHost\": \"172.13.1.106\",\n    \"targetPolicyName\": \"Drupal_8_Ready_Template\"\n}\n```\n\nThe response is given in the same `GET` format, following the following states:\n\n| `state` Value | Meaning |\n| --------- | ------ |\n|`REQUESTED`| The process has been requested, but not initialized\n|`DOWNLOADING`| The exported policy is being downloaded from the source device\n|`UPLOADING`| The exported policy is being uploaded to the target device\n|`IMPORTING` | The policy is being imported on the target device\n|`AVAILABLE` | The policy has been applied on the target device\n|`ERROR` | An error has occurred during the process and the `restnoded` log should be checked for details\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdumpysquare%2Ftrustedasmpolicies","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdumpysquare%2Ftrustedasmpolicies","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdumpysquare%2Ftrustedasmpolicies/lists"}