appendix 3 update

f5devcentral · Jan 30, 2024 · 7f42a60 · 7f42a60
1 parent 9951fc4
commit 7f42a60
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 7 deletions.
diff --git a/docs/class5/appendix/appendix3.rst b/docs/class5/appendix/appendix3.rst
@@ -1,6 +1,9 @@
 Appendix 3 - Additional API reference
 ================================================================================
 
+This appendix contains additional details about the API requests used for SSL Orchestrator configuration deployment and modification.
+
+
 Inspection Service - Step 1
 --------------------------------------------------------------------------------
 
@@ -316,7 +319,7 @@ Let us now walk through some of the parts of this request to get a better unders
 
 An Application is constructed based on the following schema:
 
-.. image:: ./images/application-service-schema.png
+.. image:: ./images/schema-application-service.png
 
 
 
@@ -358,4 +361,48 @@ The individual blocks in the AS3 declaration may also reference other objects in
          "target": "{{Next}}"
       }
 
-The ``{{app_id}}`` value is the JSON id returned from the application creation. The ``{{Next}}`` value is the IP address of the target BIG-IP Next instance.
+The ``{{app_id}}`` value is the JSON id returned from the application creation. The ``{{Next}}`` value is the IP address of the target BIG-IP Next instance.
+
+
+
+Modifying the SSL Orchestrator Security Policy
+--------------------------------------------------------------------------------
+
+So far, you have focused on API-based configuration which is mostly useful in cloud and other orchestrated environments where programmability is critically important. But now that traffic is flowing and SSL Orchestrator is doing its job, you might need to **tune** the security policy to adjust for different traffic demands. 
+
+In this section, you will use the security policy API to apply real time updates 
+to the active policy and observe the changes in policy behavior. Fortunately, modifying an existing deployed policy is fairly straightforward.
+
+First get the policy **id** values for all of the defined SSL Orchestrator policies. You can then make your changes to the JSON. In the next API call, you will reference the target policy by its **id**.
+
+#. Send the following API call to GET the SSL Orchestrator policies:
+
+   .. code-block:: text
+
+      GET https://{{CM}}/api/v1/spaces/default/security/policies?select=name,id
+
+#. Record the **id** value of your intended policy.
+
+
+#. GET the original policy contents via the BIG-IP CM API, specifying the **policy id** {{policy-id}} in the request URL:
+
+   .. code-block:: text
+
+      GET https://{{CM}}/api/v1/spaces/default/security/policies/{{policy-id}}
+
+
+#. Edit the original policy contents as required and POST it back to the BIG-IP CM API, specifying the **policy id** {{policy-id}} in the API URL:
+
+   .. code-block:: text
+
+      POST https://{{CM}}/api/v1/spaces/default/security/policies/{{policy-id}}
+
+   The updated policy is now stored on BIG-IP CM and needs to be pushed to each BIG-IP Next instance that references it.
+
+
+#. Deploy the updated policy to the associated BIG-IP Next instances:
+
+   .. code-block:: text
+
+      POST https://{{CM}}/api/v1/spaces/default/security/ssl-orchestrator-policies/{{policy-id}}/deploy
+
diff --git a/...le6/images/schema-application-service.png → ...dix/images/schema-application-service.png b/...le6/images/schema-application-service.png → ...dix/images/schema-application-service.png
diff --git a/...e6/images/schema-sslo-security-policy.png → ...ix/images/schema-sslo-security-policy.png b/...e6/images/schema-sslo-security-policy.png → ...ix/images/schema-sslo-security-policy.png
diff --git a/docs/class5/conclusion.rst b/docs/class5/conclusion.rst
@@ -1,7 +1,7 @@
 Conclusion
 ================================================================================
 
-Congratulations! You made it to the end of the **SSL Orchestrator on BIG-IP Next** lab.
+Congratulations! You made it to the end of the **Diving into SSL Orchestrator on BIG-IP Next** lab.
 
 Please click on the **Leave and Delete** button to exit the UDF lab.
 

diff --git a/docs/class5/module6/lab7.rst b/docs/class5/module6/lab7.rst
@@ -22,16 +22,20 @@ The following order of operations is prescribed below:
 - Un-deploy the Inspection Service from the BIG-IP Next instances
 - Delete the Inspection Service
 
-
 API requests matching the above tasks are saved in the **Delete SSLO Deployment** Collections folder.
 
+
+.. note::
+   The above **GET** API requests can return multiple objects in the response.
+
+   The **test scripts** in these API requests populate variables using the object **id** retrieved from the first element (index 0) in the response. However, the objects created via the API might not appear as the first element in the response. In that case, you will need to modify the **test scripts** to pick the correct object **id** based on its position in the response and re-send the API call to update the environment variable.
+
+
 .. image:: ./images/delete-1.png
 
 
-#. **Send** each API request in the order listed to remove the previously deployed SSL Orchestrator deployment.
+#. **Send** each API request in the order listed to remove the previously deployed SSL Orchestrator deployment. Don't forget to update the **test script** (in the relevant **GET** API calls).
 
-  .. note::
-     The *test scripts* populate variables using the object **id** retrieved from the first element (index 0) in the responses to the **GET** API requests. The objects created via the API might not appear as the first element in the responses. In that case, you need to modify the *test scripts* to pick the correct object **id** based on the position in the response.
 
 
 |