module 6 update

docs/class5/module6/lab1.rst

@@ -19,9 +19,7 @@ There are two main drivers for programmability:
    various events. Administrators can programmatically adjust the
    policy to reflect real-time traffic conditions.
 
-This module explores some basic programmability aspects of the BIG-IP Next SSL
-Orchestrator, both to control configuration, and to manipulate the
-policy. 
+This module explores some basic programmability aspects of the BIG-IP Next SSL Orchestrator to control configuration. Policy manipulation content may be added in the future.
 
 |
 

docs/class5/module6/lab2.rst

@@ -43,7 +43,7 @@ You will now set up the **Thunder Client** extension in **VS Code**.
 
 
    .. caution::
-      **VS Code** might notify you that a software update is available. Do NOT install the update because a newer version might break this lab.
+      **VS Code** might display a notification (bottom-right corner) that a newer version is available for download. Do **NOT** install the update because it might break this lab. Just ignore the notification pop-up and it will close automatically.
 
 
 #. In **VS Code** , click on the **Thunder Client** icon in the left side bar to see the extension's interface.
@@ -56,32 +56,38 @@ About Thunder Client Environment Variables
 
 **Environment** variables provide shortcuts by substituting stored values into API requests when they are sent. Several variables are provided in the included SSL Orchestrator **Environment** file.
 
-#. To view these Environment values, click on the **Env** tab in the Thunder Client top menu bar (under the **New Request** button), and then click on **sslo-environment**. The list will contain both user-defined variables, and variables captured dynamically from API responses.
+#. To view these Environment values, click on the **Env** tab in the Thunder Client top menu bar (under the **New Request** button), and then click on **sslo-environment**.
 
    .. image:: ./images/thunder-env.png
 
 
-.. note:: 
-   All of the API calls in the SSL Orchestrator **Collection** will minimally include a **{{CM}}** variable that contains the management IP address of the BIG-IP CM.
+The list will contain both user-defined variable with static values, and variables whose values are captured/updated dynamically when certain API requests (from the SSL Orchestrator Collection) are sent.
+
+The **{{CM}}** static variable contains the management IP address of the BIG-IP CM. All of the API calls in the Collection use this variable in the request URL.
+
+The dynamic variables in the Collection are referenced by subsequent API requests that depend on data returned from a previous API request. For example, the **{{authToken}}** variable is updated by the **CM Login** API request and then used in the access token header of other API requests.
+
 
 
 About Thunder Client API Collections
 --------------------------------------------------------------------------------
 
-#. Click on the **Collections** tab in the Thunber Client top menu bar. You will see a pre-loaded collection called **sslo-api-collection-v1**.
+#. Click on the **Collections** tab in the Thunber Client top menu bar, and then click on the pre-loaded collection called **sslo-api-collection-v1** to expand it.
 
-#. There are several folders within this collection. Click on the **Create SSLO Deployment** collection to expand it.
+#. There are several folders within this collection. Click on the **Create SSLO Deployment** folder to expand it.
 
    .. image:: ./images/vscode-5.png
 
+   These are all of the API requests that need to be sent to the BIG-IP CM API in order create an **Inbound Application Mode** deployment.
 
-The **Thunder Client** vscode extension is now configured for the remaining steps of the lab.
+
+The **Thunder Client** VS Code extension is now configured for the remaining steps of the lab.
 
 
 Additional Files (For Reference)
 --------------------------------------------------------------------------------
 
-The **API** folder (**/home/student/Documents/API**) contains the **Thunder Client** SSL Orchestrator API collection and related environment variables files. cURL scripts are also provided as a command-line alternative to the GUI-based **Thunder Client** tool. 
+The **API** folder (**/home/student/Documents/API**) on the **Client VM** contains the **Thunder Client** SSL Orchestrator API Collection and related Environment files.
 
    .. list-table::
       :header-rows: 1
@@ -93,10 +99,4 @@ The **API** folder (**/home/student/Documents/API**) contains the **Thunder Clie
         - Thunder Client API environment
       * - thunder-collection_sslo-collection-v1.json
         - Thunder Client API collection 
-      * - api-curl-scripts-basic-application.txt
-        - cURL scripts to create a basic BIG-IP Next application through CM
-
-   |
-
-   .. image:: ./images/vscode-6.png
 

docs/class5/module6/lab3.rst

@@ -1,31 +1,12 @@
 Accessing the BIG-IP Central Manager API
 ================================================================================
 
-
-Log into Central Manager (CM) GUI
---------------------------------------------------------------------------------
-
-In a purely programmatic sense, it not required to log into the BIG-IP Central
-Manager UI. However, you will use it in in this lab to provide visual feedback
-on successful API deployment. You will be able to see and interact with the
-application created from the API.
-
-.. note::
-   Skip this section if you are still logged into the BIG-IP CM GUI from the previous lab module.
-
-#. Refer to section 3.1 of this Lab Guide to access and log into the BIG-IP CM GUI.
-
-#. On the home screen, click the **Manage Applications** button.
-
-You will come back to the BIG-IP CM GUI later. Let's now move on to using the BIG-IP CM API.
-
-
 Log into Central Manager via API Request
 --------------------------------------------------------------------------------
 
-API requests to BIG-IP CM require an **Authorization: Bearer** token. To get that token you first need to make a login POST request to BIG-IP CM with your username and password.
+API requests to BIG-IP CM require an access token, which you can obtain by sending an HTTP POST request to the BIG-IP CM's **login** API endpoint. You must authenticate with your username and password.
 
-Here is the what that API request looks like:
+Here is the what that API call looks like:
 
 .. code-block:: text
 
@@ -47,11 +28,31 @@ A similar API request has already been created for you and is stored in the SSL
 #. Click on the **Send** button to submit the request to the BIG-IP CM API. 
 
 
-   This request returns a JSON payload with an **access_token** value that you will use for subsequent **Authorization: Bearer** token requests. 
+   This request returns a JSON payload with an **access_token** value that you will be used for subsequent **Authorization: Bearer** token requests. 
 
    .. image:: ./images/login-2.png
 
 
+#. Click on the **Tests** tab and then click on the **Scripting** tab.
+
+   .. image:: ./images/login-3.png
+
+   This script extracts the **access_token** attribute value and stores it in the **authToken** variable. Recall that the **authToken** value was present in the Environment variables list.
+
+
    .. important::
-      The token will expire after a few minutes, so it will be necessary to resend this request periodically to fetch a new bearer token for subsequent API calls.
+      The token will expire after a few minutes, so it will be necessary to resend this request periodically to fetch a new access token for subsequent API calls.
+
+      You will receive an HTTP **401 Unauthorized** status and a message stating that your **access token expired**.
+
+      .. image:: ./images/login-expired.png
+
+
+#. In the **Create SSLO Deployment** folder, click on the **Get BIG-IP Instances** request to select it.
+
+#. Click on the **Headers** tab (below the request URL).
+
+   .. image:: ./images/login-4.png
+
+   Notice that the **Authorization** header contains a value of **Bearer {{authToken}}**. API calls containing valid access tokens are accepted by the BIG-IP CM API without having to provide login credentials again. The **Authorization** header contains the **access_token** that was returned when you previously logged in using the **CM Login** API call.