How to: Create an application that refers to the access policy using AS3¶
Create an application using AS3¶
Use AS3 directly to create and manage applications on a BIG-IP Next instance. Refer to the How to: Manage applications on a BIG-IP Next instance using AS3 for more details.
When sending an AS3 declaration, use the bigip property to indicate the component pathname to an existing Access object that was created outside of AS3 (typically in /Common). To reference this Access object/policy, include the following in your declaration:
"policyIAM": {
"bigip": "{{psp_name_1}}"
},
To deploy a new application that refers to the Access objects using AS3:
POST https://{{bigip_next_mgmt_floating_ip}}:5443/mgmt/shared/appsvcs/declare
Request sample:
{
"class": "AS3",
"action": "deploy",
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "openapi-spec",
"https-vip-access": {
"class": "Tenant",
"https_demo_app_direct": {
"class": "Application",
"https_demo_app_direct-virtual": {
"class": "Service_HTTPS",
"virtualPort": 80,
"virtualAddresses": [
"10.1.10.100"
],
"policyIAM": {
"bigip": "{{psp_name_1}}"
},
"pool": "https_demo_app-pool",
"serverTLS": "https_demo_app_direct-tls_server"
},
"https_demo_app-pool": {
"class": "Pool",
"members": [
{
"serverAddresses": [
"10.1.20.100",
"10.1.20.101"
],
"servicePort": 8080
}
],
"monitors": [
"http"
]
},
"https_demo_app_direct-tls_server": {
"class": "TLS_Server",
"certificates": [
{
"certificate": "https_demo_app_direct-certificate"
}
]
},
"https_demo_app_direct-certificate": {
"class": "Certificate",
"certificate": "cert",
"privateKey": "key"
}
}
}
}
}
The policyIAM property provides the policy references in key-value format. The key is bigip and the value is the policy name (the value of the name parameter of the already created policy).
Create an application with stack¶
An application refers to the collection of stacks and the associated policies, profiles, endpoints, and rules that work to deliver the application. A stack is equivalent to a virtual server that processes client traffic to the destination. For an unmanaged instance, use the BIG-IP Next API to create an application with stack objects.
Refer to Create new application for the OpenAPI specification document.
To create an application with a stack:
Send a PUT request to the
/api/v1/applicationsendpoint.PUT https://{{bigip_next_mgmt_floating_ip}}:5443/api/v1/applications
For the API body, use the following, substituting appropriate values for the application you want to create.
{ "name": "app2", "description": "Web server", "domainName": "www.example.com", "stacks": [ { "stackType": "HttpRevProxy", "name": "stack1", "enabled": true, "clientSide" : { "l4ClientSide": "l4-clientside-name", "tls": { "cipherstring": "DEFAULT", "template": "CLIENTSIDE_TLS_CLIENT_AUTH_TEMPLATE", "trustedCa": "client_ca_bundle", "enable": true, "keyCertificatePairs": [ { "keyCertificateContent": { "keyFile": "key-file-name", "certificateFile": "certificate-file-name" } }, { "keyCertificateContent": { "key": "-----EXAMPLE KEY BEGIN PRIVATE KEY----- MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCeX0IrLZcy1dI+vY4d -----END PRIVATE KEY-----", "passphrase": "PASSPHRASE", "certificate": "-----BEGIN CERTIFICATE----- MIICTDCCAdGgAwIBAgIEE6mlhDAKBggqhkjOPQQDAjCBjjELMAkGA1UEBhMCVVMx -----END CERTIFICATE-----" } } ], "tlsVersions": { "enableTLS1.1": false, "enableTLS1.2": true, "enableTLS1.3": true } } }, "serverSide" : { "l4ServerSide": "l4-servside-name", }, "policies": [ { "perSessionAccessPolicy": "per-session-1" }, { "perRequestAccessPolicy": "per-request-1" } ] } ] }