Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Network Change & Configuration Management

Reply

Policy Design Center - Rules XML - PolicyRuleCall

New Member
Posts: 1
5730     0

Hello all,

 

I am new to using NetMRI, but I have an extensive network automation background leveraging PERL, Python, and Expect. I am a big fan of the Policy Compliance aspect of NetMRI as it allows us to monitor thousands of devices with little to no effort.

 

We have began changing our current manual drift detection process into a more automated process. In doing so, we are expecting the project to have great longevity, and we want to design it with that in mind. One thing that I believe we can utilize to do so is the XMLScript based rules. Most specifically, I really like the PolicyRuleCall element as it allows us to design the NetMRI Policies like an external application - meaning compartmentalized components.

 

However, I cannot figure out how to access the attributes of the return object from the PolicyRuleCall. Take following code:

 

<PolicyRuleLogic editor="raw-xml" xmlns='http://www.infoblox.com/NetworkAutomation/1.0/ScriptXml'>
  <PolicyRuleCall output='test' short-name='AD-ATM-ACL'/>
  <PolicyRulePass>
    <Expr field=':status' object='test'/>
  </PolicyRulePass>
</PolicyRuleLogic>

It produces this debug info:

<PolicyRuleLogic editor='raw-xml' xmlns='http://www.infoblox.com/NetworkAutomation/1.0/ScriptXml'>
  <PolicyRuleCall output='test' short-name='AD-ATM-ACL'>
  </PolicyRuleCall> set $test to result value <{:status=>"error", :message=>"object-group network ATM contains an element that is not in the baseline standard", :lineno=>nil, :context=>nil}>
  <PolicyRulePass>
    <Expr field=':status' object='test'>
    </Expr> result value <>
  </PolicyRulePass> result value <{:status=>"pass", :message=>nil}>
</PolicyRuleLogic> result value <{:status=>"pass", :message=>nil}>

I've tried all sorts of various notations and variations of the attribute names to try to access them, but everything comes back as a value of <>.

 

Any help in accessing these attributes would be appreciated!

 

Thanks!

Re: Policy Design Center - Rules XML - PolicyRuleCall

Expert
Posts: 16
5731     0

Has anyone come up with a solution to this yet?  I am not much of an xml user at this point, or I would be glad to help out.

 

-Lon.

Re: Policy Design Center - Rules XML - PolicyRuleCall

Adviser
Posts: 65
5731     0

We have found there is a defect that is causing this behavior, it will be fixed in the next release. If you would like a hotfix for the issue please work with support.

 

Root Cause:

Policy execution returns hash object with symbol keys, when next constr asks for a value, the key is forced to string, so value can not be found.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You