Skip to content

Configuration Rules

A Rule is a set of conditions and actions that define how to create or update dynamic attributes. Each rule can have its own filters, attribute mappings, and value transformations. Rules are processed in order, and the first matching rule will be applied to the device.

There must be at least one rule defined for the integration to run.

A Configuration Rule is a rule that searches either the current or startup configuration of a device to set the value of a dynamic attribute. Rules are defined in the rules section of the configuration file. Each rule must have a unique name and have an attribute and value set (attribute can be set globally in the default_config section).

Configuration Rule Example
rules:
  - name: HTTP Server
    filters: []
    filter_string: null
    attribute: IP_HTTP_SERVER
    delete_attribute: null
    merge_default_filters: true  # Defaults to true, can be set to false to not merge default filters
    value:
      static: DISABLED
      regex:
        pattern: ^no ip http server
        group: 1
        flags:
          - IGNORECASE
          - MULTILINE
      transform: null
      mapping: {}
      null_value: ENABLED
      config: current
      no_config_value: IPF Unsupported

Default Configuration Rule

A Default Configuration Rule is applied to all devices unless overridden by a specific configuration rule or disabled using the merge_default_filters variable.

Default Configuration Rule Example
default_config:  # Applies to all rules except inventory unless overridden or flagged not to merge
  attribute: null  # The Attribute to set in all rules
  delete_attribute: null  # Defaults to None, can be set to true to delete the attribute if not matched
  filters:  # Further filtering of the Inventory > Devices; cannot be used with filter_string
  # Disable by setting merge_default_filters to false in rules
    - column: primaryIp
      value: false
      operator: empty
  filter_string: null  # Further filtering of the Inventory > Devices; cannot be used with filters
  # Disable by setting merge_default_filters to false in rules

Merging Rules with Default

Printing the merged rule can be accomplished by using the sync.config.model_dump_merged() method:

Exporting Merged Rule Example
import yaml
from ipf_dynamic_attributes import AttributeSync

sync = AttributeSync(config="http_server.yml")
print(yaml.dump(sync.config.model_dump_merged(), default_flow_style=False))

The resulting merged rule will now be:

Merged Configuration Rule Example
rules:
  - name: HTTP Server
    filters:
      - value: cisco
        operator: eq
        column: vendor
    filter_string: null
    attribute: IP_HTTP_SERVER
    delete_attribute: null
    merge_default_filters: true
    value:
      static: DISABLED
      regex:
        pattern: ^no ip http server
        group: 0
        flags:
          - IGNORECASE
          - MULTILINE
      transform: null
      mapping: {}
      null_value: ENABLED
      config: current
      no_config_value: IPF Unsupported

Filtering

Unlike Table Rule Filters, Configuration Rule Filters will apply an additional limit of the device inventory. This uses the Inventory > Devices table to collect a list of Serial Numbers of the devices.

Table Description Example

Using the Table Description it is also possible to find the available columns and their supported operators (i.e. eq, reg, etc.).

Use Case:

Instead of creating multiple Dynamic Attribute Configurations you can have a single file with multiple rules. This allows you to have a global list of device inventory and then apply certain rules to a subset of that inventory:

  • Run Rule 1 on Cisco devices
  • Run Rule 2 on Juniper devices
  • Run Rule 3 on a specific site

The below example will have 0 inventory devices since the cisco vendor is filtered out in the global inventory.

Bad Filters Example
inventory:
  filters:
    - value: cisco
      operator: neq
      column: vendor
rules:
  - filters:
      - value: cisco
        operator: eq
        column: vendor

Attribute Value

The Rule Value is the value that will be set for the attribute. This either comes a regex match, a static value, or a null value.

Configuration Type and No Configuration Value

This is only applicable to Configuration Rules not Table Rules.

Configuration Not Supported Example
rules:
  - name: Configuration Type Example
    value:
      config: current  # Default is current, can be set to startup
      no_config_value: IPF Unsupported

The config key is used to specify the type of configuration to use for search and accepts current or startup. To verify IP Fabric collects the configuration for your device, you can check the Management > Saved Config Consistency table.

If a device does not have a config, please see our Vendor Support Matrix and verify the Current config or Startup config tasks are supported for your device’s vendor and family.

The no_config_value are hard coded values assigned to attributes when IP Fabric does not have the device config.

Use Case: Set IPF Unsupported if the device does not have a configuration available in IP Fabric.

Regex

The regex key is required and is used to search the device configuration. The pattern key is the regular expression pattern to match and the group key is the group number to extract. The transform key is used to transform the value before regex processing.

Static Example
Static Value Example
rules:
  - filters:
      - value: cisco
        operator: eq
        column: vendor
    filter_string: null
    attribute: IP_HTTP_SERVER
    delete_attribute: null
    name: HTTP Server
    value:
      static: DISABLED
      regex:
        pattern: ^no ip http server
        group: 0
        flags:
          - IGNORECASE
          - MULTILINE
      transform: null
      mapping: {}
      null_value: ENABLED
      config: current
      no_config_value: IPF Unsupported
  1. Apply additional filter on the inventory (only process Cisco devices).
  2. Try to download the current config from IP Fabric.
    1. If the config is not found then the no_config_value is used to set the attribute to IPF Unsupported.
  3. If a transformation was specified then apply it.
  4. Search for the regex pattern with IGNORECASE and MULTILINE flag for ^no ip http server in the config.
    1. If no match is found then the null_value is used to set the attribute to ENABLED.
    2. If a match is found then the static value is used to set the attribute to DISABLED.
Regex Group Example
Regex Group Example
rules:
  - name: SSH Version
    attribute: SSH_VERSION
    value:
      regex:
        pattern: ip ssh version (\d)
        group: 1
        flags:
          - IGNORECASE
      null_value: Unsupported
      config: current
      no_config_value: IPF Unsupported

Repeat steps as above but since no static value is defined, the regex group is used to set the attribute value. For example if ip ssh version 2 is found in the config, then the attribute SSH_VERSION will be set to 2 if it is not found then Unsupported will be used.