# # Copyright (c) 2001-2011 NetApp, Inc., All Rights Reserved # Any use, modification, or distribution is prohibited # without prior written consent from NetApp, Inc. # ## @summary Fpolicy Task Module ## @author dl-nacl-dev@netapp.com, sshaik@netapp.com ## @status shared ## @pod here =head1 NAME NACL::MTask::Fpolicy =head1 DESCRIPTION C provides a number of well-defined but potentially complex or multi-step methods related to Fpolicy in ONTAP. The MTask will mainly be concerned with setting up of Vserver Fpolicy using the parameters that are given below. =head1 ATTRIBUTES =head2 policy_event An array ref containing hashes with the vserver name and event name indicating the events to be created =head2 policy_engine An hash ref with the vserver name, engine name, primary address and port indicating the external-engine to be created =head2 policy An hash ref with the vserver name, policy name, events and engine name indicating the policy to be created =head2 policy_scope An hash ref with the vserver name, policy name indicating the policy scope to be created =head2 policy_enable An hash ref with the vserver name, policy name indicating the policy to be enabled =head1 METHODS =head2 setup # Example usage for fpolicy setup my $fpolicy_obj = NACL::MTask::Fpolicy->setup( command_interface => $command_interface, policy_event => [ { vserver => $vserver_name, 'event-name' => $event1, 'nacltask_if_exists' => $action, %other_options, }, { vserver => $vserver_name, 'event-name' => $event2, 'nacltask_if_exists' => $action, %other_options, }, { vserver => $vserver_name, 'event-name' => $event3, 'nacltask_if_exists' => $action, %other_options, }, ] policy_engine => { vserver => $vserver_name, 'engine-name' => $engine, 'port' => $port, 'primary-servers' => [$Ip_Address], 'nacltask_if_exists' => $action, %other_options, }, policy => { vserver => $vserver_name, 'policy-name' => $policy_name, 'events' => [qw ( $event_name )], 'engine' => $engine_name, 'nacltask_if_exists' => $action, %other_options, }, policy_scope => { vserver => $vserver_name, 'policy-name' => $policy_name, 'export-policies-to-include' => [qw ( read ) ], 'file-extensions-to-exclude' => [qw ( txt ) ], 'nacltask_if_exists' => $action, %other_options, }, policy_enable => { vserver => $vserver_name, 'policy-name' => $policy_name, 'sequence-number' => $sequence_number, 'nacltask_if_enabled' => $action, %other_options, }, nacltask_verify => $boolean #default 1 ); (Class method) This method performs the setup for the Fpolicy command in CMode: Step 1: Create the policy event on the vserver using "vserver fpolicy policy event create". Step 2: Creates an external-engine using "vserver fpolicy policy external-engine" Step 3: Creates the policy using events specified and external-engine which was created in the above steps using "vserver fpolicy policy". It also creates multiple events using "vserver fpolicy policy event" multiple times. Step 4: Creates the policy scope to the policy created in the above step using "vserver fpolicy policy scope" Step 5: Enables the Fpolicy using "vserver fpolicy enable" =over =item Options =over =item C<< policy_event => $policy_event >> (Required) An array ref containing hashes with the vserver name and event name indicating the events to be created =item C<< policy_engine => $policy_engine >> (Required) An hash ref with the vserver name, engine name, primary address and port indicating the external-engine to be created =item C<< policy => $policy >> (Required) An hash ref with the vserver name, policy name, events and engine name indicating the parameters used to create policy =item C<< policy_scope => $policy_scope >> (Required) An hash ref with the vserver name, policy name indicating the parameters used to create policy scope =item C<< policy_enable => $policy_enable >> (Required) An hash ref with the vserver name, policy name indicating the parameters used to enable fpolicy =back =item apiset_must, apiset_should, method-timeout, all the other options supported by NACL::STask::VserverFpolicy->enable, NACL::STask::VserverFpolicyPolicyEvent->create, NACL::STask::VserverFpolicyPolicyExternalEngine->create NACL::STask::VserverFpolicyPolicy->create NACL::STask::VserverFpolicyPolicyScope->create are supported by NACL::MTask::Fpolicy->setup as well. =back =cut package NACL::MTask::Fpolicy; use strict; use warnings; use base qw(NACL::MTask::MTask NACL::STask::STask ); use NATE::Log qw(log_global); my $Log = log_global(); my $may_enter = $Log->may_enter(); my $may_exit = $Log->may_exit(); use NACL::STask::VserverFpolicy; use NACL::STask::VserverFpolicyPolicy; use NACL::STask::VserverFpolicyPolicyScope; use NACL::STask::VserverFpolicyPolicyEvent; use NACL::STask::VserverFpolicyPolicyExternalEngine; use NACL::STask::STask; use NATE::Exceptions::Argument qw(:try); use NACL::APISet::Exceptions::ResponseException; use NACL::APISet::Exceptions::CommandFailedException qw(:try); use Params::Validate qw/validate_with SCALAR ARRAYREF BOOLEAN HASHREF/; use NACL::ComponentUtils qw(_optional_scalars Dumper); use Class::MethodMaker [ new => [ '-hash', 'new' ], array => [ { -type => 'NACL::STask::VserverFpolicyPolicyEvent' }, 'policy_event' ], scalar => [ { -type => 'NACL::STask::VserverFpolicyPolicyExternalEngine' }, 'policy_engine' ], scalar => [ { -type => 'NACL::STask::VserverFpolicyPolicyScope' }, 'policy_scope' ], scalar => [ { -type => 'NACL::STask::VserverFpolicyPolicy' }, 'policy' ], scalar => [ { -type => 'NACL::STask::VserverFpolicy' }, 'policy_enable' ], scalar => [ { -type => 'NACL::C::CommandInterface::ONTAP' }, 'command_interface', ], scalar => '_policy_enabled', scalar => '_policy_scope_created', scalar => '_policy_created', ]; ############################################################################################################ # Name : setup # Description : Actual task function to be invoked by test scripts. POD above has complete details # Create policy events, external-engine, policy, policy-scope, and then enabling the fpolicy ############################################################################################################ sub setup { $Log->enter() if $may_enter; my $pkg = shift; NATE::BaseException->throw( "Setup can only be invoked with a proper package call") if ref $pkg; my %opts = validate_with( params => \@_, spec => { %{ NACL::C::Component->_common_validate_spec() }, nacltask_verify => { type => BOOLEAN, default => 0 }, policy_event => [ type => ARRAYREF, ], policy_engine => { type => HASHREF, }, policy => { type => HASHREF, }, policy_scope => { type => HASHREF, }, policy_enable => { type => HASHREF, }, }, allow_extra => 1, ); my %common_args; $pkg->_copy_common_component_params_with_ci( source => \%opts, target => \%common_args, ); # extract necessary details from the object my $command_interface = $opts{command_interface}; my $vserver = $opts{vserver}; my %policy_scope = %{ $opts{policy_scope} }; my %policy_engine = %{ $opts{policy_engine} }; my %policy = %{ $opts{policy} }; my %policy_enable = %{ $opts{policy_enable} }; my @policy_events = @{ $opts{policy_event} }; NATE::BaseException->throw("This method should be called only for CMode") if $command_interface->mode() ne 'CMode'; my $obj = $pkg->new( command_interface => $command_interface ); my @event_objs; #Create multiple events foreach my $event (@policy_events) { my $event_obj = NACL::STask::VserverFpolicyPolicyEvent->create( %common_args, %{$event}, ); push( @event_objs, $event_obj ); } $obj->policy_event(@event_objs); # create vserver fpolicy policy external engine my $temp = NACL::STask::VserverFpolicyPolicyExternalEngine->create( %common_args, %policy_engine, ); $obj->policy_engine($temp); # create vserver fpolicy policy $temp = NACL::STask::VserverFpolicyPolicy->create( %common_args, %policy, ); $obj->policy($temp); $obj->_policy_created(1) if ( $policy{'_was_created'} ); # Create vserver fpolicy policy scope $temp = NACL::STask::VserverFpolicyPolicyScope->create( %common_args, %policy_scope, ); $obj->policy_scope($temp); $obj->_policy_scope_created(1) if ( $policy_scope{'_was_created'} ); # Enable the vserver fpolicy $temp = NACL::STask::VserverFpolicy->enable( %common_args, %policy_enable, ); $obj->policy_enable($temp); $obj->_policy_enabled(1) if ( $policy_enable{'_was_enabled'} ); $Log->exit() if $may_exit; return $obj; } ## end sub setup =head2 purge my $fpolicy_obj = NACL::MTask::Fpolicy->purge( command_interface => $command_interface, nacltask_verify => $boolean # default 1 policy_disable_args => { vserver => $vserver_name, 'policy-name' => $policy_name, 'sequence-number' => $sequence_number, }, policy_scope_delete_args => { vserver => $vserver_name, 'policy-name' => $policy_name, }, policy_delete_args => { vserver => $vserver_name, 'policy-name' => $policy_name, }, ); (or) $fpolicy_obj->purge(); (Class or Instance Method) Performs the cleanup operation for the Fpolicy setup Step 1: Disables the Policy. Step 2: Deletes the policy Scope. Step 3: Deletes the Policy. Uses a CMode CLI. =over =item Options =over =item C<< command_interface => $ci >> (Required) A component object that represents the host which to send commands. See NACL::C::Component::command_interface =item C<< policy_delete_args => $policy_delete >> (Optional) An hash ref with the vserver name, policy name, events and engine name indicating the parameters used to delete policy =item C<< policy_scope_delete => $policy_scope_delete >> (Optional) An hash ref with the vserver name, policy name indicating the parameters used to delete policy scope =item C<< policy_disable => $policy_disable >> (Optional) An hash ref with the vserver name, policy name indicating the parameters used to disable fpolicy =item C<< nacltask_verify => $nacltask_verify >> (Optional) If '0' (default), verification will not be performed. If '1', verification will be performed to ensure that the deletion did happen successfully. =item C<< nacltask_if_purged=>$nacltask_if_purged >> (Optional) If "pass" (default), exits quietly ignoring the already exists/disabled error messages If "die", throws the exceptions =back =back =cut ############################################################################################################ # Name : purge # Description : Actual task function to be invoked by test scripts. POD above has complete details # Disables the fpolicy, deletes the policy scope , deletes the policy ############################################################################################################ sub purge { $Log->enter() if $may_enter; my $pkg_or_obj = shift; my %opts = @_; my $additional_spec = { nacltask_verify => { type => BOOLEAN, default => 0 }, policy_delete_args => { type => HASHREF, optional => 1 }, policy_scope_delete_args => { type => HASHREF, optional => 1 }, policy_disable_args => { type => HASHREF, optional => 1 }, nacltask_if_purged => { type => SCALAR, default => 'PASS' }, }; my $verify = delete $opts{nacltask_verify}; my $if_purged = $opts{nacltask_if_purged}; # Throw away options specific to the task $pkg_or_obj->_hash_move( source => \%opts, target => {}, move => [ keys %{$additional_spec} ] ); %opts = $pkg_or_obj->_common_validate_with( params => \@_, additional_spec => $additional_spec, ); my ( %common_opts, %disable_args, %scope_args, %policy_args ); $pkg_or_obj->_copy_common_component_params_with_ci( source => \%opts, target => \%common_opts ); try { if ( ref($pkg_or_obj) ) { if ( $pkg_or_obj->_policy_enabled() && $pkg_or_obj->policy_enable_isset() ) { $pkg_or_obj->policy_enable() ->purge( nacltask_verify => $verify ); } if ( $pkg_or_obj->_policy_scope_created() && $pkg_or_obj->policy_scope_isset() ) { $pkg_or_obj->policy_scope() ->purge( nacltask_verify => $verify ); } if ( $pkg_or_obj->_policy_created() && $pkg_or_obj->policy_isset() ) { $pkg_or_obj->policy()->purge( nacltask_verify => $verify ); } } else { if ( $opts{'policy_disable_args'} ) { NACL::STask::VserverFpolicy->purge( %{ $opts{'policy_disable_args'} }, %common_opts, nacltask_verify => $verify ); } if ( $opts{'policy_scope_delete_args'} ) { NACL::STask::VserverFpolicyPolicyScope->purge( %{ $opts{'policy_scope_delete_args'} }, %common_opts, nacltask_verify => $verify ); } if ( $opts{'policy_delete_args'} ) { NACL::STask::VserverFpolicyPolicy->purge( %{ $opts{'policy_delete_args'} }, %common_opts, nacltask_verify => $verify ); } } } catch NACL::APISet::Exceptions::ResponseException with { my $e = shift; if ( $e->text =~ /.*already\sdisabled.*/i || $e->text =~ /.*There are no entries matching your query.*/i || $e->text =~ /.*policy.*doesn't\s+exist/i ) { # Check if the command failed because the policy scope # does not exist if ( $if_purged !~ /pass/i ) { $Log->exit() if $may_exit; $e->throw(); } } else { $Log->exit() if $may_exit; $e->throw(); } }; } ## end sub purge 1;