Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Using the API to map an Access Layer to a Policy Package

Jump to solution

Hi friends-

I'm looking to use the API  to add a rule to a layer and then install policy on the appropriate package (or packages for a shared layer).  In SmartConsole, when I view layers (Manage policies and layers...), it shows me the package(s) the layer is used on, but I can't seem to find that mapping in the API.  I've tried both show access-layer and show access-layers, but neither give me the packages.  I tried doing a where-used on my layer UID, but that just gives me an error.  I've noticed that showing all my packages lists the layers that are used, but what about the other way around?  How do find which policy(ies) my access layer is a part of?

I'm on v1.5.

Thanks!

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Employee
Employee

Hey Brian,

Thank you for your question.

As @PhoneBoy mentioned, there's currently no API that corresponds with the SmartConsole view you mentioned.

Indeed, the current way to achieve that would be iterating on the policy packages access layers' and check on which packages the changed layer is in use.

If you need help with implementing such logic, feel free to consult with us here. 

Regardless, we'll look into the possibility of adding such field to the "access-layer" reply in future versions.

 

Best Regards,

Nir

 

 

View solution in original post

0 Kudos
8 Replies
Highlighted
Admin
Admin

Pretty sure this is not part of the API. Sounds like a good RFE. @Nir_Amara 

Highlighted
Employee
Employee

Hey Brian,

Thank you for your question.

As @PhoneBoy mentioned, there's currently no API that corresponds with the SmartConsole view you mentioned.

Indeed, the current way to achieve that would be iterating on the policy packages access layers' and check on which packages the changed layer is in use.

If you need help with implementing such logic, feel free to consult with us here. 

Regardless, we'll look into the possibility of adding such field to the "access-layer" reply in future versions.

 

Best Regards,

Nir

 

 

View solution in original post

0 Kudos
Highlighted

Thanks, Nir.

Adding a "packages : []" output or something like that to the access-layer would be awesome.  It would make it really easy to walk up the chain from adding a rule to installation.  

I'll put my friend JQ to work and start dumping my packages until said enhancement arrives.  Let me know if you want an official RFE.

0 Kudos
Highlighted

@Nir_Amara  - I'm noticing that the show-package API does not show inline access layers in the output.  I've even tried with full details.  Would you agree? How do I map an inline layer to a package?

0 Kudos
Highlighted
Admin
Admin
If it's not a shared inline layer, you can assume it's part of the same policy package.
If the inline layer is shared, it could easily be part of multiple policy packages.
0 Kudos
Highlighted

I'm going back to my original question.  I know my layer name (which may be an inline layer), but how do I find the package my layer is used on for installation?  If it's not an inline layer, show-package does the trick, but inline...not so much.

0 Kudos
Highlighted
Employee
Employee

Hi Brian,

As Nir mentioned, we'll look into the possibility of adding such field to the "access-layer" reply in future versions.

In the mean time you can find the packages which are using a specific inline layer by using the following steps:

  1. Use “show access-layers” to get all the access-layers.
  2. For each layer use “show access-rulebase” with “use-object-dictionary” set to false.
    If the inline layer is part of this access-layer you will find it in the output under “rulebase”-> “inline-layer”.
  3. To find the package use Nir’s explanation with the layer you found in step 2.

Notice: the layers you will find in step 2 can be also inline-layers.

0 Kudos
Highlighted
OK. I'll give that a try. Thanks!
0 Kudos