Solved: Where-Used Fails for Access Layers?

Bob_Zimmerman · ‎2024-04-09

Some of my management servers have accumulated a lot of old access layers which I suspect aren't used. I want to clean them up, but just noticed something weird:

[Expert@DallasSA]# layerUuid=$(mgmt_cli -f json -r true show access-layers | jq -c '."access-layers"[0]|.uid')
[Expert@DallasSA]# mgmt_cli -f json -r true show object uid "$layerUuid"
{
  "object" : {
    "uid" : "ccf410ea-85fc-4194-8b8d-7417d3999ac8",
    "name" : "InstalledNowhere Network",
    "type" : "access-layer",
    "domain" : {
      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
      "name" : "SMC User",
      "domain-type" : "domain"
    },
    "icon" : "ApplicationFirewall/rulebase",
    "color" : "black"
  }
}
[Expert@DallasSA]# mgmt_cli -f json -r true where-used uid "$layerUuid"
{
  "code" : "generic_err_object_not_found",
  "message" : "Requested object [ccf410ea-85fc-4194-8b8d-7417d3999ac8] not found"
}

Where Used appears to not support finding where an access layer is used.

When showing access layers, the container structure has an "access-layers" key instead of an "objects" key. I guess access layers don't count as objects? Is this intended, or just something nobody has reported before?

Omer_Kleinstern · ‎2024-04-09

The where-used API does not support layers

View solution in original post

the_rock · ‎2024-04-09

I got same thing on 2 lab mgmt servers, both R81.20 jumbo 53

[Expert@cpazuremgmt:0]# layerUuid=$(mgmt_cli -f json -r true show access-layers | jq -c '."access-layers"[0]|.uid')
[Expert@cpazuremgmt:0]# mgmt_cli -f json -r true show object uid "$layerUuid"
{
"object" : {
"uid" : "30282496-99f7-423a-9e67-f803d267b178",
"name" : "azure-cluster-lab-policy Network",
"type" : "access-layer",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"icon" : "ApplicationFirewall/rulebase",
"color" : "black"
}
}
[Expert@cpazuremgmt:0]# mgmt_cli -f json -r true where-used uid "$layerUuid"
{
"code" : "generic_err_object_not_found",
"message" : "Requested object [30282496-99f7-423a-9e67-f803d267b178] not found"
}
[Expert@cpazuremgmt:0]#

Best,
Andy

PhoneBoy · ‎2024-04-09

@Omer_Kleinstern

Omer_Kleinstern · ‎2024-04-09

The where-used API does not support layers

the_rock · ‎2024-04-10

Thank you for confirming @Omer_Kleinstern

Andy

Best,
Andy

Bob_Zimmerman · ‎2024-04-10

In SmartConsole, when you try to delete a layer and it's used somewhere, it pops up the Where Used dialog, so I started there. Is there any equivalent to be sure an access layer isn't used before I try to delete it?

The only things which can use an access layer are policy packages and access rules, right? I guess worst case I can dump all of the access layers, policy packages, and rules with an inline-layer key, then figure out which layers only show up in the first list.

Are you a member of CheckMates?

Where-Used Fails for Access Layers?