chore: resolve merge conflicts

Author: wduongf5

.gitlab-ci.yml

@@ -30,6 +30,7 @@ variables:
     TF_HTTP_RETRY_MAX: 4
     TF_HTTP_RETRY_WAIT_MIN: 3
     DOCS_BUILD_DIR: "docs/_build/html"
+    SECRETS_ANALYZER_VERSION: '6.14.0'
 
 # This inherits all the jobs defined in the parent template
 # Override variables in this project as needed
@@ -178,6 +179,9 @@ build_rpm:
         - pipelines
     script:
         # setup node environment
+        - sed -i 's|http://deb.debian.org/debian|http://archive.debian.org/debian|g' /etc/apt/sources.list
+        - sed -i 's|http://security.debian.org|http://archive.debian.org/debian-security|g' /etc/apt/sources.list
+        - apt-get update -o Acquire::Check-Valid-Until=false
         - apt-get update && apt-get install -y rpm --no-install-recommends
         - scripts/build/buildRpm.sh
     artifacts:
@@ -244,7 +248,7 @@ create_docs:
 .deploy_common: &deploy_common
     image: $INTEGRATION_DEPLOY_IMAGE
     tags:
-      - do-test-docker-executor
+      - cm-official-docker-executor
     stage: deploy
     timeout: 2 hours
     script:
@@ -284,6 +288,8 @@ deploy_for_this_project:
     rules:
       - if: '$RUN_INTEGRATION_TEST =~ /true/i'
     variables:
+      TF_LOG: "DEBUG"  # Add this for detailed Terraform logs
+      TF_LOG_PATH: "/tmp/terraform.log"  # Optional: save logs to file
       TF_ROOT: '$TF_DIRECTORY/plans/openstack'
       TF_VAR_bigip_image: "$BIGIP_IMAGE"
       TF_VAR_nic_count: "$NIC_COUNT"
@@ -308,6 +314,8 @@ deploy_for_other_project:
       - if: '$TRIGGER_INTEGRATION_TEST =~ /true/i'
     variables:
       TF_ROOT: "$TF_DIRECTORY/plans/openstack"
+      TF_LOG: "DEBUG"  # Add this for detailed Terraform logs
+      TF_LOG_PATH: "/tmp/terraform.log"  # Optional: save logs to file
       TF_VAR_bigip_image: "$BIGIP_IMAGE"
       TF_VAR_nic_count: "$NIC_COUNT"
     before_script:
@@ -331,14 +339,16 @@ deploy_for_other_project:
 integration-test:
     image: $DOCKER_URL/node:16
     tags:
-        - do-test-docker-executor
+        - cm-official-docker-executor
     rules:
       - if: '$RUN_INTEGRATION_TEST =~ /true/i'
       - if: '$TRIGGER_INTEGRATION_TEST =~ /true/i'
     stage: integration-test
     timeout: 3 hours
     before_script:
-        - apt-get update
+        - sed -i 's|http://deb.debian.org/debian|http://archive.debian.org/debian|g' /etc/apt/sources.list
+        - sed -i 's|http://security.debian.org/debian-security|http://archive.debian.org/debian-security|g' /etc/apt/sources.list
+        - apt-get update -o Acquire::Check-Valid-Until=false
         - apt-get install -y jq
         - export ESR_TEST_TYPE=integration
         - export ESR_PRODUCT_VERSION=$(node -e "console.log(require('./package.json').version)" | cut -d '-' -f1)
@@ -370,7 +380,7 @@ integration-test:
 .teardown_common: &teardown_common
     image: $INTEGRATION_DEPLOY_IMAGE
     tags:
-      - do-test-docker-executor
+      - cm-official-docker-executor
     stage: teardown
     before_script:
       # terraform doesn't support '.' in backend address.

CHANGELOG.md

@@ -1,9 +1,25 @@
 # Changelog
 Changes to this project are documented in this file. More detail and links can be found in the Declarative Onboarding [Document Revision History](https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/revision-history.html).
 
+## 1.47.0
+### Added
+- AUTOTOOL-4698: Add support for device DDOS [Example](https://github.com/F5Networks/f5-declarative-onboarding/blob/main/examples/ddos.json)
+- AUTOTOOL-4494: ([GitHub 309](https://github.com/F5Networks/f5-declarative-onboarding/issues/309)) : Unable to set SNMP trap destination to FQDN
+
+### Fixed
+- AUTOTOOL-4399: ([GitHub 378](https://github.com/F5Networks/f5-declarative-onboarding/issues/378)): Add key/value to uncheck 'Disable login' on the root account [Example](https://github.com/F5Networks/f5-declarative-onboarding/blob/main/examples/rootUserWithDisableRootLogin.json)
+- AUTOTOOL-3579: ([GitHub 332](https://github.com/F5Networks/f5-declarative-onboarding/issues/332)): DO reboots device and resets hostname when simple declaration with DeviceCertificate is used
+- AUTOTOOL-4715: DO inspect request failing with "Cannot read property 'map' of undefined"
+- AUTOTOOL-4735: Unable to verify declaration from existing state error when using inspect command in DO
+
+### Changed
+
+### Removed
+
 ## 1.46.0
 ### Added
 - AUTOTOOL-4400: Add Support for GSLB synchronize-zone-files [Example](https://github.com/F5Networks/f5-declarative-onboarding/blob/main/examples/gslbGlobals.json)
+- Updated packages to the latest available versions
 
 ### Fixed
 

README.md

@@ -25,7 +25,7 @@ Be sure to see the [Support page](SUPPORT.md) in this repo for more details and
 
 ## Copyright
 
-Copyright 2014-2024 F5, Inc.
+Copyright 2014-2025 F5, Inc.
 
 ### F5 Networks Contributor License Agreement
 

SUPPORT.md

@@ -2,76 +2,8 @@
 
 Maintenance and F5 Technical Support of the F5 code is provided only if the software is unmodified; and (ii) has been marked as F5 Supported in [K80012344](https://support.f5.com/csp/article/K80012344). Support will only be provided to customers who have an existing BIG-IP support contract associated with a valid BIG-IP serial number. For information about support policies, see http://www.f5.com/about/guidelines-policies/ and http://askf5.com.
 
-Declarative Onboarding Extension (DO) Software Lifecycle:
-* DO releases are intended to be delivered on a 6-week basis
-* There will be 2 stability releases per year (focused on bug-fixing, infra improvements, and so on)
-* Stability (LTS) releases are supported for 1 year
-* Feature releases are supported for 3 months
-* "End of Support" = End of Software Development (EOSD) + End of Technical Support (EOTS)
+**Declarative Onboarding Extension (DO) Release Information:**
 
-Currently supported versions:
-
-| Software Version | Release Type  | First Customer Ship | End of Support  |
-|------------------|---------------|---------------------|-----------------|
-| DO 1.36.1        | LTS           | 09-Mar-2023         | 09-Mar-2024     |
-| DO 1.39.1        | LTS           | 12-Sep-2023         | 12-Sep-2024     |
-| DO 1.42.0        | Feature       | 16-Jan-2024         | 16-Apr-2024     |
-| DO 1.43.0        | Feature       | 11-Mar-2024         | 11-Jun-2024     |
-| DO 1.44.0        | Feature       | 04-Jun-2024         | 11-Aug-2024     |
-
-\* Fix for Allowed schema version
-
-Versions no longer supported:
-
-| Software Version | Release Type  | First Customer Ship | End of  Support |
-|------------------|---------------|---------------------|-----------------|
-| DO 1.1.0         | Feature       | 20-Dec-2018         | 20-Mar-2019     |
-| DO 1.2.0         | Feature       | 16-Jan-2019         | 16-Apr-2019     |
-| DO 1.3.0         | Feature       | 27-Feb-2019         | 27-May-2019     |
-| DO 1.3.1         | Feature       | 07-May-2019         | 07-Aug-2019     |
-| DO 1.4.0         | Feature       | 08-May-2019         | 08-Aug-2019     |
-| DO 1.4.1         | Fix*          | 21-May-2019         | 08-Aug-2019     |
-| DO 1.5.0         | Feature       | 18-Jun-2019         | 18-Sep-2019     |
-| DO 1.6.0         | Feature       | 30-Jul-2019         | 30-Oct-2019     |
-| DO 1.7.0         | Feature       | 10-Sep-2019         | 10-Dec-2019     |
-| DO 1.8.0         | Feature       | 22-Oct-2019         | 22-Jan-2020     |
-| DO 1.9.0         | Feature       | 03-Dec-2019         | 03-Mar-2020     |
-| DO 1.10.0        | Feature       | 27-Jan-2020         | 27-Apr-2020     |
-| DO 1.11.0        | Feature       | 10-Mar-2020         | 10-Jun-2020     |
-| DO 1.11.1        | Fix*          | 30-Mar-2020         | 10-Jun-2020     |
-| DO 1.12.0        | Feature       | 21-Apr-2020         | 21-Jul-2020     |
-| DO 1.13.0        | Feature       | 02-Jun-2020         | 02-Sep-2020     |
-| DO 1.14.0        | Feature       | 21-Jul-2020         | 21-Oct-2020     |
-| DO 1.15.0        | Feature       | 01-Sep-2020         | 01-Dec-2020     |
-| DO 1.16.0        | Feature       | 13-Oct-2020         | 13-Jan-2021     |
-| DO 1.17.0        | Feature       | 20-Nov-2020         | 20-Feb-2021     |
-| DO 1.18.0        | Feature       | 12-Jan-2021         | 12-Apr-2021     |
-| DO 1.19.0        | Feature       | 23-Feb-2021         | 23-May-2021     |
-| DO 1.20.0        | Feature       | 06-Apr-2021         | 06-Jul-2021     |
-| DO 1.21.0        | Feature       | 18-May-2021         | 18-Aug-2021     |
-| DO 1.22.0        | Feature       | 29-Jun-2021         | 29-Sep-2021     |
-| DO 1.23.0        | Feature       | 09-Aug-2021         | 09-Nov-2021     |
-| DO 1.24.0        | Feature       | 21-Sep-2021         | 21-Dec-2021     |
-| DO 1.25.0        | Feature       | 02-Nov-2021         | 02-Feb-2022     |
-| DO 1.26.0        | Feature       | 14-Dec-2021         | 14-Mar-2022     |
-| DO 1.27.0        | Feature       | 25-Jan-2022         | 25-Apr-2022     |
-| DO 1.28.0        | Feature       | 08-Mar-2022         | 02-Jun-2022     |
-| DO 1.21.1        | LTS           | 23-Jun-2021         | 23-Jun-2022     |
-| DO 1.29.0        | Feature       | 19-Apr-2022         | 19-Jul-2022     |
-| DO 1.30.0        | Feature       | 31-May-2022         | 31-Aug-2022     |
-| DO 1.31.0        | Feature       | 15-Jul-2022         | 15-Oct-2022     |
-| DO 1.32.0        | Feature       | 23-Aug-2022         | 23-Nov-2022     |
-| DO 1.33.0        | Feature       | 04-Oct-2022         | 04-Jan-2023     |
-| DO 1.27.1        | LTS           | 08-Mar-2022         | 08-Mar-2023     |
-| DO 1.34.0        | Feature       | 15-Nov-2022         | 15-Feb-2023     |
-| DO 1.35.0        | Feature       | 12-Jan-2023         | 12-Apr-2023     |
-| DO 1.36.0        | Feature       | 09-Feb-2023         | 09-May-2023     |
-| DO 1.37.0        | Feature       | 27-Mar-2022         | 27-Jun-2023     |
-| DO 1.38.0        | Feature       | 22-May-2023         | 22-Aug-2023     |
-| DO 1.39.0        | Feature       | 24-Jul-2023         | 24-Oct-2023     |
-| DO 1.40.0        | Feature       | 12-Sep-2023         | 12-Dec-2023     |
-| DO 1.41.0        | Feature       | 13-Nov-2023         | 13-Feb-2024     |
-
-\* Fix for updated Docker Container packaging only
+Please refer KB article [Long Term Support for AS3 and DO confirmation](https://my.f5.com/manage/s/article/K000151239) for DO release information.
 
 See the [Release notes](https://github.com/F5Networks/f5-declarative-onboarding/releases) and [Declarative Onboarding documentation](https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/) for new features and issues resolved for each release.

contributing/process_release.md

@@ -86,9 +86,11 @@
 * Perform the "Actions after confirming GO for release".
 
 ### Actions after confirming GO for release:
+* Clone release branch to `<releaseBranch>`-main eg: 1.46.0-main
+* Clone release branch to `<releaseBranch>`-docs eg: 1.46.0-docs
 * Using the GUI, create 2 MRs
-  * 1 MR to merge release branch to `main`.
-  * 1 MR to merge release branch to `develop`.
+  * 1 MR to merge release branch(`<releaseBranch>`-main) to `main`.
+  * 1 MR to merge release branch(`<releaseBranch>`) to `develop`.
   * Do not squash commits.
   * Do not delete branch.
   * You can self-approve and merge these MRs.

docs/conf.py

@@ -75,7 +75,7 @@
 
 # General information about the project.
 project = u'F5 Declarative Onboarding'
-copyright = u'2024, F5 Networks'
+copyright = u'2025, F5 Networks'
 author = u'F5 Networks'
 
 # The version info for the project you're documenting, acts as replacement for

docs/revision-history.rst

@@ -100,7 +100,7 @@ Document Revision History
         - 12-14-21
 
       * - 1.25
-        - Updated the documentation for BIG-IP Declarative Onboarding v1.25.0.  This release contains the following changes: |br| * Added support for VXLAN tunnels (see :ref:`VXLAN tunnels<vxlan>`)  |br| * The **timezone** property of the NTP class now uses **UTC** as the default |br| |br| Issues Resolved: |br| * SnmpTrapDestination, SnmpUser, and SnmpCommunity objects cannot be removed once created |br| * Firewall policies managed by AS3 are not ignored, `GitHub Issue 255 <https://github.com/F5Networks/f5-declarative-onboarding/issues/255>`_ |br| * Unable to use remote auth user on BIG-IQ to deploy BIG-IP DO declaration, `GitHub Issue 264 <https://github.com/F5Networks/f5-declarative-onboarding/issues/264>`_ |br| * BIG-IP DO fails when there is pre-existing route configuration with an interface type, `GitHub Issue 265 <https://github.com/F5Networks/f5-declarative-onboarding/issues/265>`_ |br| * BIG-IP DO always enables DHCP on the management interface after POSTing a declaration, `GitHub Issue 261 <https://github.com/F5Networks/f5-declarative-onboarding/issues/261>`_ |br| * Unable to specify gw and target in Route class, `GitHub Issue 274 <https://github.com/F5Networks/f5-declarative-onboarding/issues/274>`_ |br| * BIG-IP DO 1.24.0 doesn't honor Remote Role Groups "remoteAccess": true setting. Was previously working on 1.21.1, `GitHub Issue 268 <https://github.com/F5Networks/f5-declarative-onboarding/issues/268>`_ |br| * RouteDomain example references objects that do not exist, `GitHub Issue 263 <https://github.com/F5Networks/f5-declarative-onboarding/issues/263>`_
+        - Updated the documentation for BIG-IP Declarative Onboarding v1.25.0.  This release contains the following changes: |br| * Added support for VXLAN tunnels (see :ref:`VXLAN tunnels<vxlan>`)  |br| * The **timezone** property of the NTP class now uses **UTC** as the default |br| |br| Issues Resolved: |br| * SnmpTrapDestination, SnmpUser, and SnmpCommunity objects cannot be removed once created |br| * Firewall policies managed by AS3 are not ignored, `GitHub Issue 255 <https://github.com/F5Networks/f5-declarative-onboarding/issues/255>`_ |br| * BIG-IP DO fails when there is pre-existing route configuration with an interface type, `GitHub Issue 265 <https://github.com/F5Networks/f5-declarative-onboarding/issues/265>`_ |br| * BIG-IP DO always enables DHCP on the management interface after POSTing a declaration, `GitHub Issue 261 <https://github.com/F5Networks/f5-declarative-onboarding/issues/261>`_ |br| * Unable to specify gw and target in Route class, `GitHub Issue 274 <https://github.com/F5Networks/f5-declarative-onboarding/issues/274>`_ |br| * BIG-IP DO 1.24.0 doesn't honor Remote Role Groups "remoteAccess": true setting. Was previously working on 1.21.1, `GitHub Issue 268 <https://github.com/F5Networks/f5-declarative-onboarding/issues/268>`_ |br| * RouteDomain example references objects that do not exist, `GitHub Issue 263 <https://github.com/F5Networks/f5-declarative-onboarding/issues/263>`_
         - 11-2-21
 
       * - 1.24

examples/ddos.json

@@ -0,0 +1,65 @@
+{
+    "class": "Device",
+    "schemaVersion": "1.47.0",
+    "async": true,
+    "controls": {
+        "class": "Controls",
+        "trace": true,
+        "logLevel": "debug",
+        "traceResponse": true
+    },
+    "Common": {
+        "class": "Tenant",
+        "DeviceDos": {
+            "class": "DeviceDOS",
+            "networkDosMitigationPercentage": 600,
+            "sipDosMitigationPercentage": 600,
+            "synCookieDsrFlowResetBy": "bigip",
+            "autoThresholdSensitivity": 60,
+            "logPublisher": "local-db-publisher",
+            "thresholdSensitivity": "low",
+            "synCookieWhitelist": "enabled",
+            "dynamicSignatures": {
+                "dns": {
+                    "detection": "enabled",
+                    "mitigation": "medium"
+                },
+                "network": {
+                    "detection": "enabled",
+                    "mitigation": "medium",
+                    "scrubberAdvertisementPeriod": 500,
+                    "scrubberEnable": "yes"
+                }
+            },
+            "dosDeviceVector": [
+                {
+                    "name": "arp-flood",
+                    "allowAdvertisement": "enabled",
+                    "allowUpstreamScrubbing": "disabled",
+                    "attackedDst": "disabled",
+                    "autoBlacklisting": "disabled",
+                    "autoScrubbing": "disabled",
+                    "autoThreshold": "disabled",
+                    "badActor": "disabled",
+                    "blacklistDetectionSeconds": 61,
+                    "blacklistDuration": 14401,
+                    "detectionThresholdPercent": "500",
+                    "detectionThresholdPps": "10000",
+                    "enforce": "enabled",
+                    "floor": "5000",
+                    "multiplierMitigationPercentage": "inherited-default",
+                    "perDstIpDetectionPps": "infinite",
+                    "perDstIpLimitPps": "infinite",
+                    "perSourceIpDetectionPps": "infinite",
+                    "perSourceIpLimitPps": "infinite",
+                    "scrubbingDetectionSeconds": "10",
+                    "scrubbingDuration": "900",
+                    "simulateAutoThreshold": "disabled",
+                    "state": "mitigate",
+                    "suspicious": "false",
+                    "thresholdMode": "manual"
+                }
+            ]
+        }
+    }
+}

examples/rootUserWithDisableRootLogin.json

@@ -0,0 +1,15 @@
+{
+    "schemaVersion": "1.0.0",
+    "class": "Device",
+    "async": true,
+    "webhook": "https://example.com/myHook",
+    "label": "user class",
+    "Common": {
+        "class": "Tenant",
+        "root": {
+            "class": "User",
+            "userType": "root",
+            "disableRootLogin": true
+        }
+    }
+}

examples/snmp.json

@@ -61,6 +61,14 @@
             "port": 80,
             "network": "other"
         },
+        "myV2SnmpDestinationHostname": {
+            "class": "SnmpTrapDestination",
+            "version": "2c",
+            "community": "my_snmp_community",
+            "destination": "myhost.example.com",
+            "port": 80,
+            "network": "other"
+        },
         "myV3SnmpDestination": {
             "class": "SnmpTrapDestination",
             "version": "3",