Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Brian_Deutmeyer
Collaborator

Using the API to map an Access Layer to a Policy Package

Jump to solution

Hi friends-

I'm looking to use the API  to add a rule to a layer and then install policy on the appropriate package (or packages for a shared layer).  In SmartConsole, when I view layers (Manage policies and layers...), it shows me the package(s) the layer is used on, but I can't seem to find that mapping in the API.  I've tried both show access-layer and show access-layers, but neither give me the packages.  I tried doing a where-used on my layer UID, but that just gives me an error.  I've noticed that showing all my packages lists the layers that are used, but what about the other way around?  How do find which policy(ies) my access layer is a part of?

I'm on v1.5.

Thanks!

0 Kudos
1 Solution

Accepted Solutions
Nir_Amara
Employee Alumnus
Employee Alumnus

Hey Brian,

Thank you for your question.

As @PhoneBoy mentioned, there's currently no API that corresponds with the SmartConsole view you mentioned.

Indeed, the current way to achieve that would be iterating on the policy packages access layers' and check on which packages the changed layer is in use.

If you need help with implementing such logic, feel free to consult with us here. 

Regardless, we'll look into the possibility of adding such field to the "access-layer" reply in future versions.

 

Best Regards,

Nir

 

 

View solution in original post

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

Pretty sure this is not part of the API. Sounds like a good RFE. @Nir_Amara 

Nir_Amara
Employee Alumnus
Employee Alumnus

Hey Brian,

Thank you for your question.

As @PhoneBoy mentioned, there's currently no API that corresponds with the SmartConsole view you mentioned.

Indeed, the current way to achieve that would be iterating on the policy packages access layers' and check on which packages the changed layer is in use.

If you need help with implementing such logic, feel free to consult with us here. 

Regardless, we'll look into the possibility of adding such field to the "access-layer" reply in future versions.

 

Best Regards,

Nir

 

 

View solution in original post

0 Kudos
Brian_Deutmeyer
Collaborator

Thanks, Nir.

Adding a "packages : []" output or something like that to the access-layer would be awesome.  It would make it really easy to walk up the chain from adding a rule to installation.  

I'll put my friend JQ to work and start dumping my packages until said enhancement arrives.  Let me know if you want an official RFE.

0 Kudos
Brian_Deutmeyer
Collaborator

@Nir_Amara  - I'm noticing that the show-package API does not show inline access layers in the output.  I've even tried with full details.  Would you agree? How do I map an inline layer to a package?

0 Kudos
PhoneBoy
Admin
Admin
If it's not a shared inline layer, you can assume it's part of the same policy package.
If the inline layer is shared, it could easily be part of multiple policy packages.
0 Kudos
Brian_Deutmeyer
Collaborator

I'm going back to my original question.  I know my layer name (which may be an inline layer), but how do I find the package my layer is used on for installation?  If it's not an inline layer, show-package does the trick, but inline...not so much.

0 Kudos
Yael_G
Employee
Employee

Hi Brian,

As Nir mentioned, we'll look into the possibility of adding such field to the "access-layer" reply in future versions.

In the mean time you can find the packages which are using a specific inline layer by using the following steps:

  1. Use “show access-layers” to get all the access-layers.
  2. For each layer use “show access-rulebase” with “use-object-dictionary” set to false.
    If the inline layer is part of this access-layer you will find it in the output under “rulebase”-> “inline-layer”.
  3. To find the package use Nir’s explanation with the layer you found in step 2.

Notice: the layers you will find in step 2 can be also inline-layers.

0 Kudos
Brian_Deutmeyer
Collaborator
OK. I'll give that a try. Thanks!
0 Kudos