Module netapp_ontap.resources.fpolicy_policy

Copyright © 2019 NetApp Inc. All rights reserved.

Overview

The FPolicy policy acts as a container for different constituents of the FPolicy such as FPolicy events and the FPolicy engine. It also provides a platform for policy management functions, such as policy enabling and disabling. As part of FPolicy policy configuration, you can specifiy the name of policy, the SVM to which it belongs, the FPolicy events to monitor, the FPolicy engine to which the generated notifications are sent and the policy priority. FPolicy policy configuration also allows to you to configure the file access behaviour when the primary and secondary servers are down. Under such circumstances, if the "mandatory" field is set to true, file access is denied.
Each FPolicy policy is associated with a scope which allows you to restrain the scope of the policy to specified storage objects such as volume, shares and export or to a set of file extensions such as .txt, .jpeg. An FPolicy policy can be configured to send notifications, to the FPolicy server or for native file blocking which uses the file extension specified in the policy scope. An SVM can have multiple FPolicy policies which can be enabled or disabled independently of each other.

Examples

Creating an FPolicy policy

Use the following API to create an FPolicy policy configuration. Note that the return_records=true query parameter used to obtain the newly created entry in the response.


# The API:
POST /protocols/fpolicy/{svm.uuid}/policies
# The call:
curl -X POST "https://<mgmt-ip>/api/protocols/fpolicy/a00fac5d-0164-11e9-b64a-0050568eeb34/polices?return_records=true" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"engine\": { \"name\": \"engine1\" }, \"events\": [ \"cifs\", \"nfs\" ], \"mandatory\": true, \"name\": \"FPolicy_policy_0\", \"scope\": { \"exclude_export_policies\": [ \"export_pol1\" ], \"exclude_extension\": [ \"txt\", \"png\" ], \"exclude_shares\": [ \"sh1\" ], \"exclude_volumes\": [ \"vol0\" ], \"include_export_policies\": [ \"export_pol10\" ], \"include_extension\": [ \"pdf\" ], \"include_shares\": [ \"sh2\", \"sh3\" ], \"include_volumes\": [ \"vol1\", \"vol2\" ] }}"
# The response:
{
  "num_records": 1,
  "records": [
    {
      "name": "FPolicy_policy_0",
      "events": [
        {
          "name": "cifs"
        },
        {
          "name": "nfs"
        }
        ],
      "engine": {
        "name": "engine1"
      },
      "scope": {
        "include_shares": [
          "sh2",
          "sh3"
        ],
        "exclude_shares": [
          "sh1"
        ],
        "include_volumes": [
          "vol1",
          "vol2"
        ],
        "exclude_volumes": [
          "vol0"
        ],
        "include_export_policies": [
          "export_pol10"
        ],
        "exclude_export_policies": [
          "export_pol1"
        ],
        "include_extension": [
          "pdf"
        ],
        "exclude_extension": [
          "txt",
          "png"
        ]
      },
      "mandatory": true
    }
  ]
}

Creating and enable an FPolicy policy


# The API:
POST /protocols/fpolicy/{svm.uuid}/policies
# The call:
curl -X POST "https://<mgmt-ip>/api/protocols/fpolicy/a00fac5d-0164-11e9-b64a-0050568eeb34/polices?return_records=true" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"priority\": 1, \"engine\": { \"name\": \"engine1\" }, \"events\": [ \"cifs\", \"nfs\" ], \"mandatory\": true, \"name\": \"FPolicy_policy_on\", \"scope\": { \"exclude_export_policies\": [ \"export_pol1\" ], \"exclude_extension\": [ \"txt\", \"png\" ], \"exclude_shares\": [ \"sh1\" ], \"exclude_volumes\": [ \"vol0\" ], \"include_export_policies\": [ \"export_pol10\" ], \"include_extension\": [ \"pdf\" ], \"include_shares\": [ \"sh2\", \"sh3\" ], \"include_volumes\": [ \"vol1\", \"vol2\" ] }}"
# The response:
{
  "num_records": 1,
  "records": [
    {
     "name": "FPolicy_policy_0",
     "priority": 1,
     "events": [
       {
         "name": "cifs"
       },
       {
         "name": "nfs"
       }
     ],
     "engine": {
       "name": "engine1"
     },
     "scope": {
       "include_shares": [
         "sh2",
         "sh3"
       ],
       "exclude_shares": [
         "sh1"
       ],
       "include_volumes": [
         "vol1",
         "vol2"
       ],
       "exclude_volumes": [
         "vol0"
       ],
       "include_export_policies": [
         "export_pol10"
       ],
       "exclude_export_policies": [
         "export_pol1"
       ],
       "include_extension": [
         "pdf"
       ],
       "exclude_extension": [
         "txt",
         "png"
       ]
     },
     "mandatory": true
   }
 ]
}

Creating an FPolicy policy with the minimum required fields and a native engine


# The API:
POST /protocols/fpolicy/{svm.uuid}/policies
# The call:
curl -X POST"https://<mgmt-ip>/api/protocols/fpolicy/a00fac5d-0164-11e9-b64a-0050568eeb34/polices?return_records=true" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"events\": [ \"cifs\", \"nfs\" ], \"name\": \"pol_minimum_fields\", \"scope\": { \"include_volumes\": [ \"vol1\", \"vol2\" ] }}"
# The response:
{
  "num_records": 1,
  "records": [
    {
      "name": "pol_minimum_fields",
      "events": [
        {
          "name": "cifs"
        },
        {
          "name": "nfs"
        }
      ],
      "scope": {
        "include_volumes": [
          "vol1",
          "vol2"
        ]
      }
    }
  ]
}

Retrieving all the FPolicy policy configurations for an SVM


# The API:
GET /protocols/fpolicy/{svm.uuid}/policies
# The call:
curl -X GET "https://<mgmt-ip>/api/protocols/fpolicy/a00fac5d-0164-11e9-b64a-0050568eeb34/policis?fields=*&return_records=true&return_timeout=15" -H "accept: application/json"
# The response:
{
  "records": [
    {
      "svm": {
        "uuid": "a00fac5d-0164-11e9-b64a-0050568eeb34"
      },
      "name": "pol0",
      "enabled": false,
      "events": [
        {
          "name": "cifs"
        },
        {
          "name": "nfs"
        }
      ],
      "engine": {
        "name": "engine1"
      },
      "scope": {
        "include_shares": [
          "sh2",
          "sh3"
        ],
        "exclude_shares": [
          "sh1"
        ],
        "include_volumes": [
          "vol1",
          "vol2"
        ],
        "exclude_volumes": [
          "vol0"
        ],
        "include_export_policies": [
          "export_pol10"
        ],
        "exclude_export_policies": [
          "export_pol1"
        ],
        "include_extension": [
          "pdf"
        ],
        "exclude_extension": [
          "txt",
          "png"
        ]
      },
      "mandatory": true
    },
    {
      "svm": {
        "uuid": "a00fac5d-0164-11e9-b64a-0050568eeb34"
      },
      "name": "FPolicy_policy_on",
      "enabled": true,
      "priority": 1,
      "events": [
        {
          "name": "cifs"
        },
        {
          "name": "nfs"
        }
      ],
      "engine": {
        "name": "engine1"
      },
       "scope": {
        "include_shares": [
          "sh2",
          "sh3"
        ],
        "exclude_shares": [
          "sh1"
        ],
        "include_volumes": [
          "vol1",
          "vol2"
        ],
        "exclude_volumes": [
          "vol0"
        ],
        "include_export_policies": [
          "export_pol10"
        ],
        "exclude_export_policies": [
          "export_pol1"
        ],
        "include_extension": [
          "pdf"
        ],
        "exclude_extension": [
          "txt",
          "png"
        ]
      },
      "mandatory": true
    },
    {
      "svm": {
        "uuid": "a00fac5d-0164-11e9-b64a-0050568eeb34"
      },
      "name": "cluster_pol",
      "enabled": false,
      "events": [
        {
          "name": "cluster"
        }
      ],
      "engine": {
        "name": "native"
      },
      "mandatory": true
    },
    {
      "svm": {
        "uuid": "a00fac5d-0164-11e9-b64a-0050568eeb34"
      },
      "name": "pol_minimum_fields",
      "enabled": false,
      "events": [
        {
          "name": "cifs"
        },
        {
          "name": "nfs"
        }
      ],
      "engine": {
        "name": "native"
      },
      "scope": {
        "include_volumes": [
          "vol1",
          "vol2"
        ]
      },
      "mandatory": true
    }
  ],
  "num_records": 4
}

Retrieving all of the FPolicy policy configurations for the FPolicy engine "engine1" for an SVM


# The API:
GET /protocols/fpolicy/{svm.uuid}/policies/{name}
# The call:
curl -X GET "https://<mgmt-ip>/api/protocols/fpolicy/a00fac5d-0164-11e9-b64a-0050568eeb34/policis?engine.name=engine1&fields=*&return_records=true&return_timeout=15" -H "accept: application/json"
# The response:
{
  "records": [
    {
      "svm": {
        "uuid": "a00fac5d-0164-11e9-b64a-0050568eeb34"
      },
      "name": "pol0",
      "enabled": false,
      "events": [
        {
          "name": "cifs"
        },
        {
          "name": "nfs"
        }
      ],
      "engine": {
        "name": "engine1"
      },
      "scope": {
        "include_export_policies": [
          "export_pol10"
        ],
        "exclude_export_policies": [
          "export_pol1"
        ],
        "include_extension": [
          "pdf"
        ],
        "exclude_extension": [
          "txt",
          "png"
        ]
      },
      "mandatory": true
    },
    {
      "svm": {
        "uuid": "a00fac5d-0164-11e9-b64a-0050568eeb34"
      },
      "name": "FPolicy_policy_on",
      "enabled": true,
      "priority": 1,
      "events": [
        {
          "name": "cifs"
        },
        {
          "name": "nfs"
        }
      ],
      "engine": {
        "name": "engine1"
      },
      "scope": {
        "include_shares": [
          "sh2",
          "sh3"
        ],
        "exclude_shares": [
          "sh1"
        ],
        "include_volumes": [
          "vol1",
          "vol2"
        ],
        "exclude_volumes": [
          "vol0"
        ],
        "include_export_policies": [
          "export_pol10"
        ],
        "exclude_export_policies": [
          "export_pol1"
        ],
        "include_extension": [
          "pdf"
        ],
        "exclude_extension": [
          "txt",
          "png"
        ]
      },
      "mandatory": true
    }
  ],
  "num_records": 2
}

Retrieving a particular FPolicy policy configuration for an SVM


# The API:
GET /protocols/fpolicy/{svm.uuid}/policies/{name}
# The call:
curl -X GET "https://<mgmt-ip>/api/protocols/fpolicy/a00fac5d-0164-11e9-b64a-0050568eeb34/policies/pol0" -H "accept: application/json"
# The response:
{
  "svm": {
    "uuid": "a00fac5d-0164-11e9-b64a-0050568eeb34"
  },
  "name": "pol0",
  "enabled": false,
  "events": [
    {
      "name": "cifs"
    },
    {
      "name": "nfs"
    }
  ],
  "engine": {
    "name": "engine1"
  },
  "scope": {
    "include_shares": [
      "sh2",
      "sh3"
    ],
    "exclude_shares": [
      "sh1"
    ],
    "include_volumes": [
      "vol1",
      "vol2"
    ],
    "exclude_volumes": [
      "vol0"
    ],
    "include_export_policies": [
      "export_pol10"
    ],
    "exclude_export_policies": [
      "export_pol1"
    ],
    "include_extension": [
      "pdf"
    ],
    "exclude_extension": [
      "txt",
      "png"
    ]
  },
  "mandatory": true
}

Updating a particular FPolicy policy


# The API:
PATCH /protocols/fpolicy/{svm.uuid}/policies/{name}
# The call:
curl -X PATCH "https://<mgmt-ip>/api/protocols/fpolicy/a00fac5d-0164-11e9-b64a-0050568eeb34/policies/pol0" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"engine\": { \"name\": \"native\" }, \"events\": [ \"cifs\" ], \"mandatory\": false, \"scope\": { \"include_volumes\": [ \"*\" ] }}"

Enabling a particular FPolicy policy


# The API:
PATCH /protocols/fpolicy/{svm.uuid}/policies/{name}
# The call:
curl -X PATCH "https://<mgmt-ip>/api/protocols/fpolicy/a00fac5d-0164-11e9-b64a-0050568eeb34/poliies/pol0" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"enabled\": true, \"priority\": 3}"

Disabling a particular FPolicy policy


# The API:
PATCH /protocols/fpolicy/{svm.uuid}/policies/{name}
# The call:
curl -X PATCH "https://<mgmt-ip>/api/protocols/fpolicy/a00fac5d-0164-11e9-b64a-0050568eeb34/poliies/pol0" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"enabled\": true }"

Classes

class FpolicyPolicy (*args, **kwargs)

Allows interaction with FpolicyPolicy objects on the host

Initialize the instance of the resource.

Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:

MyResource(name='foo').name == 'foo'

Args

*args
Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.

Ancestors

Static methods

def delete_collection(*args, connection: HostConnection = None, **kwargs) -> NetAppResponse

Deletes a particular FPolicy policy configuration for a specified SVM. To delete a policy, you must first disable the policy.

  • fpolicy policy scope delete
  • fpolicy policy delete

Learn more


Delete all objects in a collection which match the given query.

All records on the host which match the query will be deleted.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to delete the collection of bars for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def find(*args, connection: HostConnection = None, **kwargs) -> Resource

Retrieves the FPolicy policy configuration of an SVM. ONTAP allows the creation of a cluster level FPolicy policy that acts as a template for all the data SVMs belonging to the cluster. This cluster level FPolicy policy is also retrieved for the specified SVM.

  • fpolicy policy show
  • fpolicy policy scope show

Learn more


Find an instance of an object on the host given a query.

The host will be queried with the provided key/value pairs to find a matching resource. If 0 are found or if more than 1 is found, an error will be raised or returned. If there is exactly 1 matching record, then it will be returned.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to find a bar for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A Resource object containing the details of the object.

Raises

NetAppRestError: If the API call did not return exactly 1 matching resource.

def get_collection(*args, connection: HostConnection = None, max_records: int = None, **kwargs) -> typing.Iterable

Retrieves the FPolicy policy configuration of an SVM. ONTAP allows the creation of a cluster level FPolicy policy that acts as a template for all the data SVMs belonging to the cluster. This cluster level FPolicy policy is also retrieved for the specified SVM.

  • fpolicy policy show
  • fpolicy policy scope show

Learn more


Fetch a list of all objects of this type from the host.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the collection of bars for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
max_records
The maximum number of records to return per call
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A list of Resource objects

Raises

NetAppRestError: If there is no connection available to use either passed in or on the library.

def patch_collection(body: dict, *args, connection: HostConnection = None, **kwargs) -> NetAppResponse

Updates a particular FPolicy policy configuration for a specified SVM. PATCH can be used to enable or disable the policy. When enabling a policy, you must specify the policy priority. The policy priority of the policy is not required when disabling the policy. If the policy is enabled, the FPolicy policy engine cannot be modified.

  • fpolicy policy modify
  • fpolicy policy scope modify
  • fpolicy enable
  • fpolicy disable

Learn more


Patch all objects in a collection which match the given query.

All records on the host which match the query will be patched with the provided body.

Args

body
A dictionary of name/value pairs to set on all matching members of the collection.
*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to patch the collection of bars for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

Methods

def delete(self, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse

Deletes a particular FPolicy policy configuration for a specified SVM. To delete a policy, you must first disable the policy.

  • fpolicy policy scope delete
  • fpolicy policy delete

Learn more


Send a deletion request to the host for this object.

Args

poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def get(self, **kwargs) -> NetAppResponse

Retrieves a particular FPolicy policy configuration for a specified SVM. Cluster-level FPolicy policy configuration details cannot be retrieved for a data SVM.

  • fpolicy policy show
  • fpolicy policy scope show
  • fpolicy show

Learn more


Fetch the details of the object from the host.

Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def patch(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse

Updates a particular FPolicy policy configuration for a specified SVM. PATCH can be used to enable or disable the policy. When enabling a policy, you must specify the policy priority. The policy priority of the policy is not required when disabling the policy. If the policy is enabled, the FPolicy policy engine cannot be modified.

  • fpolicy policy modify
  • fpolicy policy scope modify
  • fpolicy enable
  • fpolicy disable

Learn more


Send the difference in the object's state to the host as a modification request.

Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.

Args

hydrate
If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def post(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse

Creates an FPolicy policy configuration for the specified SVM. To create an FPolicy policy, you must specify the policy scope and the FPolicy events to be monitored.
Important notes: * A single policy can monitor multiple events. * An FPolicy engine is an optional field whose default value is set to native. A native engine can be used to simply block the file access based on the file extensions specified in the policy scope. * To enable a policy, the policy priority must be specified. If the priority is not specified, the policy is created but it is not enabled. * The "mandatory" field, if set to true, blocks the file access when the primary or secondary FPolicy servers are down.

Required properties

  • svm.uuid - Existing SVM in which to create the FPolicy policy.
  • events - Name of the events to monitior.
  • name - Name of the FPolicy policy.
  • scope - Scope of the policy. Can be limited to exports, volumes, shares or file extensions.
  • priority- Priority of the policy (ranging from 1 to 10).

Default property values

  • mandatory - true
  • engine - native
  • fpolicy policy scope create
  • fpolicy policy create
  • fpolicy enable

Learn more


Send this object to the host as a creation request.

Args

hydrate
If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

Inherited members

class FpolicyPolicySchema (only=None, exclude=(), many=False, context=None, load_only=(), dump_only=(), partial=False, unknown=None)

The fields of the FpolicyPolicy object

Ancestors

  • netapp_ontap.resource.ResourceSchema
  • marshmallow.schema.Schema
  • marshmallow.schema.BaseSchema
  • marshmallow.base.SchemaABC

Class variables

var enabled

Specifies if the policy is enabled on the SVM or not. If no value is mentioned for this field but priority is set, then this policy will be enabled.

var engine

The engine field of the fpolicy_policy.

var events

The events field of the fpolicy_policy.

Example: ["event_nfs_close","event_open"]

var mandatory

Specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to true, file access events will be denied under these circumstances.

var name

Specifies the name of the policy.

Example: fp_policy_1

var opts
var priority

Specifies the priority that is assigned to this policy.

var scope

The scope field of the fpolicy_policy.