Reply

How to use list values in a policy rule

jslabaugh
Techie
Posts: 15
4113     0

Are there any examples on how to reference list values in a policy rule?  I'd like to have a list with two columns- username and password.  I would like the policy rule to check the username and password on devices.  If the policy rule fails then it would trigger a script to fix the username and/or password.  I'd like to have the username and password values in a list so that I don't have to update the policy rule and the script when the usernames or passwords change.

Use of lists within policy

Adviser
Posts: 357
4114     0

Use of lists within policy rules is not supported. There is an existing request for this; you may want to contact your rep so they can help get it prioritized.

Use of lists within policy

Expert
Posts: 185
4114     0

Hi Jeremy -

How is this different than the in the device viewer -> Settings & Status -> CLI Credentials?  I would imagine you could create a Perl or maybe a CSS script to find out which ones were failing and go from there.

If the devices have local authentication and a encrypted password you can create a policy that checks these.  The policy would need to contain the encrypted password (in encrypted form) to compare against.  Using this method requires that when you create the config of the device you cut/paste the encrypted password rather than having the device generate the encryption each time, which makes it different each time.

It also might not be a good best practice to keep passwords in clear text in a List.

I want to have a policy that

jslabaugh
Techie
Posts: 15
4114     0

I want to have a policy that checks that only permitted usernames are in use and that the encrypted passwords are correct.  If a device is not compliant I have a trigger that runs a script to remove invalid usernames or update the passwords.  I already have it set up and working, but I'd like to have the username and password values in a list so that I don't have to update the policy rule and the script when the usernames or passwords change.  All I would have to do is update the values in the list.

Got it.  So, I guess you are

Expert
Posts: 185
4114     0

Got it.  So, I guess you are left with what John said, you'd need to submit a new feature request.

Why not just modify the

JCook
Techie
Posts: 19
4114     0
Why not just modify the script to make an issue for each account removed. Then schedule the script to run every day. You get automatic clean up, reporting and only need to update the list in one spot.

This is now supported in

Adviser
Posts: 357
4114     0

This is now supported in NetMRI 6.9 - you can now read from lists in policy rules.

How to use lists in rules

CCash_1
Techie
Posts: 5
4114     0
I have the same request. I would like to have a rule search a list and if any, or all(depending on the rules I am looking to create) match, I want the rule to pass or fail. Are there any examples of this? The help feature gives examples, but they do not work for me in xml.

I have uploaded some examples

Adviser
Posts: 357
4114     0

I have uploaded some examples at the link below. One for the list, and another for using the ConfigBlockCheck which breaks a configuration file in to blocks and performs checks on each block.

https://infoblox.box.com/s/fx1eti6j1rmpcf69z2rfoor837k5crek

I also uploaded the XSD file that describes the XML language (this is also available in the product directly).

I'm also going to add to it

Adviser
Posts: 427
4114     0

I'm also going to add to it as well Smiley Happy

 

Sif

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh
Showing results for 
Search instead for 
Do you mean 

Recommended for You