Configuration Rules
A Rule is a set of conditions and actions that define how to create or update dynamic attributes. Each rule can have its own filters, attribute mappings, and value transformations. Rules are processed in order, and the first matching rule will be applied to the device.
There must be at least one rule defined for the integration to run.
A Configuration Rule is a rule that searches either the current or startup configuration of a device to set the value
of a dynamic attribute. Rules are defined in the rules
section of the configuration file. Each rule must have a
unique name
and have an attribute
and value
set (attribute
can be set globally in the default_config
section).
rules:
- name: HTTP Server
filters: []
filter_string: null
attribute: IP_HTTP_SERVER
delete_attribute: null
merge_default_filters: true # Defaults to true, can be set to false to not merge default filters
value:
static: DISABLED
regex:
pattern: ^no ip http server
group: 1
flags:
- IGNORECASE
- MULTILINE
transform: null
mapping: {}
null_value: ENABLED
config: current
no_config_value: IPF Unsupported
Default Configuration Rule
A Default Configuration Rule is applied to all devices unless overridden by a specific configuration rule or disabled
using the merge_default_filters
variable.
default_config: # Applies to all rules except inventory unless overridden or flagged not to merge
attribute: null # The Attribute to set in all rules
delete_attribute: null # Defaults to None, can be set to true to delete the attribute if not matched
filters: # Further filtering of the Inventory > Devices; cannot be used with filter_string
# Disable by setting merge_default_filters to false in rules
- column: primaryIp
value: false
operator: empty
filter_string: null # Further filtering of the Inventory > Devices; cannot be used with filters
# Disable by setting merge_default_filters to false in rules
Merging Rules with Default
Printing the merged rule can be accomplished by using the sync.config.model_dump_merged()
method:
import yaml
from ipf_dynamic_attributes import AttributeSync
sync = AttributeSync(config="http_server.yml")
print(yaml.dump(sync.config.model_dump_merged(), default_flow_style=False))
The resulting merged rule will now be:
rules:
- name: HTTP Server
filters:
- value: cisco
operator: eq
column: vendor
filter_string: null
attribute: IP_HTTP_SERVER
delete_attribute: null
merge_default_filters: true
value:
static: DISABLED
regex:
pattern: ^no ip http server
group: 0
flags:
- IGNORECASE
- MULTILINE
transform: null
mapping: {}
null_value: ENABLED
config: current
no_config_value: IPF Unsupported
Filtering
Unlike Table Rule Filters, Configuration Rule Filters will apply an additional limit of the device inventory. This uses the Inventory > Devices table to collect a list of Serial Numbers of the devices.
Using the Table Description it is also possible to find the available columns and their supported operators (i.e. eq
,
reg
, etc.).
Use Case:
Instead of creating multiple Dynamic Attribute Configurations you can have a single file with multiple rules. This allows you to have a global list of device inventory and then apply certain rules to a subset of that inventory:
- Run Rule 1 on Cisco devices
- Run Rule 2 on Juniper devices
- Run Rule 3 on a specific site
The below example will have 0 inventory devices since the cisco
vendor is filtered out in the global inventory.
inventory:
filters:
- value: cisco
operator: neq
column: vendor
rules:
- filters:
- value: cisco
operator: eq
column: vendor
Attribute Value
The Rule Value is the value that will be set for the attribute. This either comes a regex match, a static value, or a null value.
Configuration Type and No Configuration Value
This is only applicable to Configuration Rules not Table Rules.
rules:
- name: Configuration Type Example
value:
config: current # Default is current, can be set to startup
no_config_value: IPF Unsupported
The config
key is used to specify the type of configuration to use for search and accepts current
or startup
.
To verify IP Fabric collects the configuration for your device, you can check the Management > Saved Config Consistency table.
If a device does not have a config, please see our Vendor Support Matrix and
verify the Current config
or Startup config
tasks are supported for your device’s vendor and family.
The no_config_value
are hard coded values assigned to attributes when IP Fabric does not have the device config.
Use Case: Set IPF Unsupported
if the device does not have a configuration available in IP Fabric.
Regex
The regex
key is required and is used to search the device configuration. The pattern
key is the
regular expression pattern to match and the group
key is the group number to extract. The transform
key is used
to transform the value before regex processing.
Static Example
rules:
- filters:
- value: cisco
operator: eq
column: vendor
filter_string: null
attribute: IP_HTTP_SERVER
delete_attribute: null
name: HTTP Server
value:
static: DISABLED
regex:
pattern: ^no ip http server
group: 0
flags:
- IGNORECASE
- MULTILINE
transform: null
mapping: {}
null_value: ENABLED
config: current
no_config_value: IPF Unsupported
- Apply additional filter on the inventory (only process Cisco devices).
- Try to download the current config from IP Fabric.
- If the config is not found then the
no_config_value
is used to set the attribute toIPF Unsupported
.
- If the config is not found then the
- If a transformation was specified then apply it.
- Search for the regex pattern with
IGNORECASE
andMULTILINE
flag for^no ip http server
in the config.- If no match is found then the
null_value
is used to set the attribute toENABLED
. - If a match is found then the
static
value is used to set the attribute toDISABLED
.
- If no match is found then the
Regex Group Example
rules:
- name: SSH Version
attribute: SSH_VERSION
value:
regex:
pattern: ip ssh version (\d)
group: 1
flags:
- IGNORECASE
null_value: Unsupported
config: current
no_config_value: IPF Unsupported
Repeat steps as above but since no static
value is defined, the regex group is used to set the attribute value.
For example if ip ssh version 2
is found in the config, then the attribute SSH_VERSION
will be set to 2
if it is
not found then Unsupported
will be used.