Merge branch '1.40.0' into merge_release_1.40.0_to_main

.gitlab-ci.yml

@@ -76,8 +76,12 @@ test_node:4:
         - curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash
         - export NVM_DIR="$HOME/.nvm"
         - source "$NVM_DIR/nvm.sh"
-        - nvm install 4
-        - nvm install --latest-npm 12
+        - n=0
+        - until [ "$n" -ge 3 ]; do
+        -    nvm install 4 && nvm install --latest-npm 12 && break
+        -    n=$((n+1))
+        -    sleep 15
+        - done
         - nvm use 12
         - npm install --no-optional
         - npm install [email protected]
@@ -95,8 +99,12 @@ test_node:6:
         - curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash
         - export NVM_DIR="$HOME/.nvm"
         - source "$NVM_DIR/nvm.sh"
-        - nvm install 6
-        - nvm install --latest-npm 12
+        - n=0
+        - until [ "$n" -ge 3 ]; do
+        -    nvm install 6 && nvm install --latest-npm 12 && break
+        -    n=$((n+1))
+        -    sleep 15
+        - done
         - nvm use 12
         - npm ci --no-optional
         - npm install [email protected]

CHANGELOG.md

@@ -1,6 +1,19 @@
 # Changelog
 Changes to this project are documented in this file. More detail and links can be found in the Declarative Onboarding [Document Revision History](https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/revision-history.html).
 
+## 1.40.0
+### Added
+- AUTOTOOL-3931: ([GitHub Issue 656](https://github.com/F5Networks/f5-appsvcs-extension/issues/656)): Add WAF Settings configuration support on DO
+- AUTOTOOL-3959: Add routeDomain property to RoutingPrefixList
+- AUTOTOOL-1631: ([GitHub Issue 139](https://github.com/F5Networks/f5-declarative-onboarding/issues/139)): Configure username and password prompts
+
+### Fixed
+- AUTOTOOL-3942: Fix documentation output from newlines in guiSecurityBannerText
+
+### Changed
+
+### Removed
+
 ## 1.39.0
 ### Added
 

SUPPORT.md

@@ -14,8 +14,9 @@ Currently supported versions:
 | Software Version | Release Type  | First Customer Ship | End of Support  |
 |------------------|---------------|---------------------|-----------------|
 | DO 1.36.1        | LTS           | 09-Mar-2023         | 09-Mar-2024     |
-| DO 1.38.0        | Feature       | 22-May-2023         | 22-Aug-2023     |
 | DO 1.39.0        | Feature       | 24-Jul-2023         | 24-Oct-2023     |
+| DO 1.39.1        | LTS           | 12-Sep-2023         | 12-Sep-2024     |
+| DO 1.40.0        | Feature       | 12-Sep-2023         | 12-Dec-2023     |
 
 
 \* Fix for Allowed schema version
@@ -66,6 +67,7 @@ Versions no longer supported:
 | DO 1.35.0        | Feature       | 12-Jan-2023         | 12-Apr-2023     |
 | DO 1.36.0        | Feature       | 09-Feb-2023         | 09-May-2023     |
 | DO 1.37.0        | Feature       | 27-Mar-2022         | 27-Jun-2023     |
+| DO 1.38.0        | Feature       | 22-May-2023         | 22-Aug-2023     |
 
 \* Fix for updated Docker Container packaging only
 

docs/composing-a-declaration.rst

@@ -164,7 +164,7 @@ System class
 ````````````
 The next lines of the declaration set the system-level options. This includes inactivity timeouts for CLI and Console sessions, and the ability to disable the phonehome property (see the table for details) in BIG-IP DO 1.10.0 and later. 
 
-For more information, see |systemclass| in the Schema Reference. Also see :ref:`The System Class example<systemex>` for an example declaration.
+For more information and new properties, see |systemclass| in the Schema Reference. Also see :ref:`The System Class example<systemex>` for an example declaration.
 
 .. IMPORTANT:: If you set a hostname in the Common class, you cannot use the hostname property in the System class. We recommend using the System class for hostname
 

docs/conf.py

@@ -85,7 +85,7 @@
 # The short X.Y version.
 version = u''
 # The full version, including alpha/beta/rc tags.
-release = u'1.39.0'
+release = u'1.40.0'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

docs/declarations/miscellaneous.rst

@@ -38,14 +38,16 @@ BIG-IP DO 1.13 introduced the ability to disable the automatic update check feat
 
 BIG-IP DO 1.32 introduced the ability to modify the default security banner on the logon screen of the user interface using the **guiSecurityBanner** and **guiSecurityBannerText** properties. When **guiSecurityBanner** is set to **true**, you specify the text you want to display in the **guiSecurityBannerText** property.  If you set **guiSecurityBanner** to **false**, the system presents an empty frame in the right portion of the login screen.
 
+BIG-IP DO 1.40 introduced the ability to configure the username and password prompts (see the  :ref:`specific example<unpw>`) on this page.
+
 In the following declaration, we show only the System class (including autoCheck introduced in 1.13, and the GUI security banner options in 1.32).  You can use this class as a part of a larger BIG-IP Declarative Onboarding declaration. 
 
-**Important**: If you try to use this declaration with a BIG-IP DO version prior to 1.32, it will fail.  Either upgrade BIG-IP DO to 1.32, or remove the guiSecurityBanner lines (highlighted in yellow).
+**Important**: If you try to use this declaration with a BIG-IP DO version prior to 1.40, it will fail.  Either upgrade BIG-IP DO to 1.40, or remove the lines (highlighted in yellow) and the comma at the end of the previous line.
 
 
 .. literalinclude:: ../../examples/system.json
    :language: json
-   :emphasize-lines: 15, 16
+   :emphasize-lines: 17, 18
 
 :ref:`Back to top<misc-examples>`
 
@@ -200,12 +202,61 @@ See |license| in the Schema Reference and the :ref:`Composing a Declaration <lic
 :ref:`Back to top<misc-examples>`
 
 
+|
+
+.. _asmdo:
+
+Configuring BIG-IP ASM options
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+.. sidebar:: :fonticon:`fa fa-info-circle fa-lg` Version Notice:
+
+   Support for configuring BIG-IP ASM options is available in BIG-IP DO v1.40 and later.
+
+In this example, we show how you can use BIG-IP DO to configure BIG-IP Application Security Manager (ASM) options in a declaration using DO 1.40 and later.  This includes settings like anti-virus protection and advanced configuration such as setting system variables.  For general information on F5 application security, see https://www.f5.com/solutions/web-app-and-api-protection.
+
+See |secwaf| in the Schema Reference for more information and DO usage.
+
+
+.. literalinclude:: ../../examples/securityWaf.json
+   :language: json
+
+:ref:`Back to top<misc-examples>`
+
+
+|
+
+.. _unpw:
+
+Configuring username and password prompts
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+.. sidebar:: :fonticon:`fa fa-info-circle fa-lg` Version Notice:
+
+   Support for configuring username and password prompts is available in BIG-IP DO v1.40 and later.
+
+In this example, we show how BIG-IP DO can configure unique values for the BIG-IP username and password prompts. This means you can specify the text to present above the user name and password fields on the BIG-IP system login screen.
+
+You set these values as a part of the System class using the new properties **usernamePrompt** and **passwordPrompt**.
+
+See |sysclass| in the Schema Reference for more information and DO usage.
+
+.. IMPORTANT:: If you attempt to use the following declaration on a version prior to 1.40, it will fail.  You can either upgrade BIG-IP DO, or remove lines 17 and 18 (and the comma at the end of line 16). 
+
+
+.. literalinclude:: ../../examples/system.json
+   :language: json
+
+:ref:`Back to top<misc-examples>`
+
 |
 
 .. |br| raw:: html
 
    <br />
 
+.. |secwaf| raw:: html
+
+   <a href="https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/schema-reference.html#securitywaf" target="_blank">SecurityWaf</a>
+
 .. |rddoc| raw:: html
 
    <a href="https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/big-ip-tmos-routing-administration-14-1-0/09.html" target="_blank">Route Domain documentation</a>
@@ -218,6 +269,10 @@ See |license| in the Schema Reference and the :ref:`Composing a Declaration <lic
 
    <a href="https://techdocs.f5.com/en-us/bigip-14-0-0/external-monitoring-of-big-ip-systems-implementations-14-0-0/monitoring-big-ip-system-traffic-with-snmp.html" target="_blank">Monitoring BIG-IP System Traffic with SNMP</a>
 
+.. |sysclass| raw:: html
+
+   <a href="https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/schema-reference.html#system" target="_blank">System Class</a>
+
 .. |license| raw:: html
 
    <a href="https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/schema-reference.html#license" target="_blank">License Class</a>

docs/revision-history.rst

@@ -11,6 +11,14 @@ Document Revision History
         - Description
         - Date
 
+      * - 1.40
+        - Updated the documentation for Declarative Onboarding v1.40.0.  This release contains the following changes: |br| * Added support for configuring BIG-IP ASM options in a declaration (see :ref:`AS3 options <asmdo>`), `GitHub Issue 656 <https://github.com/F5Networks/f5-appsvcs-extension/issues/656>`_ |br| * Support for configuring username and password prompts (see :ref:`Configuring username and password prompts<unpw>`) |br| |br| Issues Resolved: |br| * Fix documentation output in the Schema Reference for the |system|.
+        - 9-12-23
+
+      * - 1.39
+        - Updated the documentation for Declarative Onboarding v1.39.0.  This release contains the following issues resolved: |br| * Failure to configure BIG-IP when built-in admin account is disabled |br| * DeviceCertificate hangs on BIG-IQ with no error response to user |br| * Empty object defaults can cause upgrade failures |br| * Renamed the primary branch in the GitHub repository for DO **main**
+        - 7-24-23
+
       * - 1.38
         - Updated the documentation for Declarative Onboarding v1.38.0.  This release contains the following changes: |br| * Added support for revoking a license on a BIG-IP, allowing revoking and relicensing in a declaration (see :ref:`Revoke and relicense <relic>`) |br| * Added support for referencing a URL in the **sslCaCert** property of LDAP authentication (see :ref:`Referencing a URL in the sslCaCert property<ldap-ssl>`) |br| |br| Issues Resolved: |br| * Added missing protocol values for **SnmpUser_authentication** and **SnmpUser_privacy**
         - 5-22-23

examples/bgp.json

@@ -1,5 +1,5 @@
 {
-    "schemaVersion": "1.20.0",
+    "schemaVersion": "1.40.0",
     "class": "Device",
     "async": true,
     "Common": {
@@ -20,7 +20,6 @@
             "id": 102,
             "connectionLimit": 5432991,
             "flowEvictionPolicy": "default-eviction-policy",
-            "ipIntelligencePolicy": "ip-intelligence",
             "strict": false,
             "vlans": [
                 "exampleVlan"
@@ -53,7 +52,8 @@
                     "prefix": "192.0.2.0/24",
                     "prefixLengthRange": 30
                 }
-            ]
+            ],
+            "routeDomain": "exampleRouteDomain"
         },
         "exampleRoutingPrefixList2": {
             "class": "RoutingPrefixList",
@@ -64,7 +64,8 @@
                     "prefix": "192.0.2.0/24",
                     "prefixLengthRange": 25
                 }
-            ]
+            ],
+            "routeDomain": "exampleRouteDomain"
         },
         "exampleRouteMap1": {
             "class": "RouteMap",

examples/routeMap.json

@@ -1,5 +1,5 @@
 {
-    "schemaVersion": "1.19.0",
+    "schemaVersion": "1.40.0",
     "class": "Device",
     "async": true,
     "Common": {
@@ -20,7 +20,6 @@
             "id": 102,
             "connectionLimit": 5432991,
             "flowEvictionPolicy": "default-eviction-policy",
-            "ipIntelligencePolicy": "ip-intelligence",
             "strict": false,
             "vlans": [
                 "exampleVlan"
@@ -44,7 +43,8 @@
                     "prefix": "2001:db8::/127",
                     "prefixLengthRange": 128
                 }
-            ]
+            ],
+            "routeDomain": "exampleRouteDomain"
         },
         "exampleRoutingPrefixList2": {
             "class": "RoutingPrefixList",
@@ -55,7 +55,8 @@
                     "prefix": "2001:db8::/64",
                     "prefixLengthRange": 80
                 }
-            ]
+            ],
+            "routeDomain": "exampleRouteDomain"
         },
         "exampleRoutingPrefixList3": {
             "class": "RoutingPrefixList",
@@ -66,7 +67,8 @@
                     "prefix": "192.0.2.0/24",
                     "prefixLengthRange": 30
                 }
-            ]
+            ],
+            "routeDomain": "exampleRouteDomain"
         },
         "exampleRoutingPrefixList4": {
             "class": "RoutingPrefixList",
@@ -77,7 +79,8 @@
                     "prefix": "192.0.2.1/24",
                     "prefixLengthRange": 25
                 }
-            ]
+            ],
+            "routeDomain": "exampleRouteDomain"
         },
         "exampleRouteMap": {
             "class": "RouteMap",

examples/routingPrefixList.json

@@ -1,10 +1,30 @@
 {
-    "schemaVersion": "1.23.0",
+    "schemaVersion": "1.40.0",
     "class": "Device",
     "async": true,
     "Common": {
         "class": "Tenant",
         "hostname": "bigip.example.com",
+        "exampleVlan": {
+            "class": "VLAN",
+            "tag": 100,
+            "interfaces": [
+                {
+                    "name": "1.1",
+                    "tagged": true
+                }
+            ]
+        },
+        "exampleRouteDomain": {
+            "class": "RouteDomain",
+            "id": 102,
+            "connectionLimit": 5432991,
+            "flowEvictionPolicy": "default-eviction-policy",
+            "strict": false,
+            "vlans": [
+                "exampleVlan"
+            ]
+        },
         "exampleRoutingPrefixList1": {
             "class": "RoutingPrefixList",
             "entries": [
@@ -20,7 +40,8 @@
                     "prefix": "2001:db8::/64",
                     "prefixLengthRange": "80:"
                 }
-            ]
+            ],
+            "routeDomain": "0"
         },
         "exampleRoutingPrefixList2": {
             "class": "RoutingPrefixList",
@@ -37,7 +58,8 @@
                     "prefix": "192.0.2.1/24",
                     "prefixLengthRange": "25:27"
                 }
-            ]
+            ],
+            "routeDomain": "exampleRouteDomain"
         }
     }
 }

examples/securityWaf.json

@@ -0,0 +1,30 @@
+{
+    "async": true,
+    "schemaVersion": "1.40.0",
+    "class": "Device",
+    "Common": {
+        "class": "Tenant",
+        "securityWaf": {
+            "class": "SecurityWaf",
+            "antiVirusProtection": {
+                "guaranteeEnforcementEnabled": true,
+                "hostname": "test.hostname",
+                "port": 123
+            },
+            "advancedSettings": [
+                {
+                    "name": "max_json_policy_size",
+                    "value": 5000
+                },
+                {
+                    "name": "send_content_events",
+                    "value": 1
+                },
+                {
+                    "name": "WhiteHatIP1",
+                    "value": "192.0.2.10/8"
+                }
+            ]
+        }
+    }
+}

examples/system.json

@@ -13,7 +13,9 @@
             "autoCheck": false,
             "autoPhonehome": true,
             "guiSecurityBanner": true,
-            "guiSecurityBannerText": "Authorized access only\n\nLogin on the left"
+            "guiSecurityBannerText": "Authorized access only\n\nLogin on the left",
+            "usernamePrompt": "Your username:",
+            "passwordPrompt": "Your password:"
         }
     }
-}
+}