|
APIs in Category: fpolicy |
API version 1.9 |
fpolicy-create-policy |
This set of APIs enables programmatic control of policy life cycle including: creation, enablement, configuration, monitoring, and deletion. Also, it includes commands for server monitoring and control, as well as notification filtering based on file extension. |
| fpolicy-create-policy | [top] |
Creates a new policy.
Input Name Range Type Description policy-name string
Name of the policy. policy-type string
Type of the policy. Possible values: "screen".
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-destroy-policy | [top] |
Destroys existing policy.
Input Name Range Type Description policy-name string
Name of the policy.
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-disable | [top] |
Sets options fpolicy enable to off.
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-disable-policy | [top] |
Disables a specific named policy.
Input Name Range Type Description policy-name string
Name of the policy.
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-enable | [top] |
Sets options fpolicy enable to on.
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-enable-policy | [top] |
Enables a specific named policy. The operation will fail if the policy doesn't exist.
Input Name Range Type Description policy-name string
Name of the policy.
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-extensions | [top] |
Manipulates with list of extensions in exclude or include set. Exlude set defines extension patterns that won't trigger fpolicy processing.
Input Name Range Type Description command string
Command to be applied on the specified set. Supported values: "add", "remove", "set", "reset". extensions extension-list-info[]
optional
List of extensions. This element is required if the the command input value is "add", "set" or "remove". policy-name string
Name of the policy. set-name string
Defines to which set (exclude or include) a command (add, remove, etc) will be applied to. For instance, command = add, set-name = include will add specified list of extensions to the include set. Possible values: "exclude", "include".
Errno Description EINVALIDINPUTERROR EOPNOTSUPPORTED EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-extensions-list-info | [top] |
Returns information on existing extension sets.
Input Name Range Type Description policy-name string
Name of the policy. Output Name Range Type Description exclude-extensions extension-list-info[]
List of file extensions that are excluded from the file policy. include-extensions extension-list-info[]
List of file extensions that are included in the file policy.
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-get-policy-options | [top] |
Shows value of policy options.
Input Name Range Type Description policy-name string
Name of the policy. Output Name Range Type Description is-ads-monitored boolean
optional
Indicator if the policy monitors the cifs operations on Alternate Data Streams. is-cifs-disconnect-check-enabled boolean
'true' if requests associated with disconnected CIFS sessions must not be screened, 'false' otherwise. is-cifs-setattr-enabled boolean
Indicator whether cifs-setattr support is enabled on this policy or not. If set to true, cifs setattr operations will be screened. is-required boolean
Indicator if the screening with this policy is required, i.e. will it fail if the server is not registered. If set to true, the request will fail if there is no server to evaluate it. If it's false, the request will succeed. reqcancel-timeout integer
Timeout (in secs) for a screen request to be processed by an FPolicy server. Range : [0..2^32-1]. secondary-servers secondary-server-info[]
List of server's IP addresses. Servers registered from these IP will be considered as secondary servers. serverprogress-timeout integer
Timeout (in secs) in which a throttled FPolicy server must complete at least one screen request. Range : [0..2^32-1].
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-get-required-info | [top] |
Shows current options for the policy.
Input Name Range Type Description policy-name string
Name of the policy. Output Name Range Type Description is-required boolean
Indicator if the policy is required, i.e. will it fail if the server is not responding. If set to true, the request will fail if there is no server to evaluate it. If it's false, the request will succeed.
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-get-secondary-servers-info | [top] |
Shows current options for the policy.
Input Name Range Type Description policy-name string
Name of the policy. Output Name Range Type Description secondary-servers secondary-server-info[]
List of servers' IP addresses. Currently maximum of two servers are supported.
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-list-info | [top] |
Returns a list of existing policies.
Input Name Range Type Description policy-name string
optional
Name of the policy. If this parameter is set, policies will have information pertaining to the policy named. If there is no such a policy, policies will be empty. Output Name Range Type Description policies policy-info[]
List of policies.
Errno Description EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-operations-list-set | [top] |
Manipulate a list of operations and network protocols for a policy. This determines which user requests cause the filer to notify fpolicy servers for this policy. The list provided will replace the list currently in place, if any. Note that this can be confusing to a server which has already connected to a policy and provided a list of operations. For example, it may have requested notifications when users open files, but start receiving notifications when users create symlinks. This API is provided in support of "native file blocking" in which there is no server connected to the filer for a policy. Note that it is possible to get the list of operations and protocols currently set for a policy with the fpolicy-list-info API.
Input Name Range Type Description force boolean
optional
If a server is connected to the filer and has already set the list of operations, should this API override the server's setting? If "force" is "true", the policy's set of operations will be dropped and replaced with the values provided by this API. Default value is false. monitored-operations monitored-operation-info[]
List of operations related values. monitored-protocols monitored-protocol-info[]
List of protocol related values. offline-only boolean
optional
Sets the state of offline filtering. If offline filtering is set, then only user requests for files which are marked "offline" cause notifications. Default value is false. policy-name string
Name of the policy.
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-server-list-info | [top] |
Shows a list of primary servers serving the policy.
Input Name Range Type Description policy-name string
Name of the policy. Output Name Range Type Description servers server-info[]
List of the servers' IP addresses.
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-server-stop | [top] |
Stops specific primary server serving the policy. Effectively, this will unregister the fpolicy server.
Input Name Range Type Description policy-name string
Name of the policy. server-ip ip-address
The ip address, in dotted-decimal format, of the server.
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-set-policy-options | [top] |
Sets policy's options to on/off.
Input Name Range Type Description is-ads-monitored boolean
optional
Indicates if the policy monitors the cifs operations on Alternate Data Streams. Default is false. is-cifs-disconnect-check-enabled boolean
optional
'true' if requests associated with disconnected CIFS sessions must not be screened, 'false' otherwise. is-cifs-setattr-enabled boolean
optional
Indicator whether cifs-setattr support is enabled on this policy or not. If set to true, cifs setattr operations will be screened. Default is false. is-required boolean
optional
Indicator if the screening with this policy is required, i.e. will it fail if the server is not registered. If set to true, the request will fail if there is no server to evaluate it. If it's false, the request will succeed. Default is false. policy-name string
Name of the policy. reqcancel-timeout integer
optional
Timeout (in secs) for a screen request to be processed by an FPolicy server. Range : [0..2^32-1]. secondary-servers secondary-server-info[]
optional
List of server's IP addresses. Servers registered from these IP will be considered as secondary servers. serverprogress-timeout integer
optional
Timeout (in secs) in which a throttled FPolicy server must complete at least one screen request. Range : [0..2^32-1].
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-set-required | [top] |
Sets policy's "required" option to on/off.
Input Name Range Type Description policy-name string
Name of the policy. required boolean
Indicator if the policy is required. If set to true, the request will fail if there is no server to evaluate it. If it's false, the request will succeed.
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-set-secondary-servers | [top] |
Sets secondary servers information in a form of a list of ip addresses. These servers will be used if all primary servers are not available, thus increasing system availabilty.
Input Name Range Type Description policy-name string
Name of the policy. secondary-servers secondary-server-info[]
List of servers' IP addresses. Currently maximum of two servers are supported.
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-status | [top] |
Returns status of options fpolicy enable.
Output Name Range Type Description is-enabled boolean
Shows if the fpolicy mechanism is enabled or not.
Errno Description EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-volume-list-info | [top] |
Returns a volume-regular-expression list for an exclude or include set. The list describes limits to the set of volumes for which client requests trigger (include) or suppress (exclude) fpolicy processing for the provided policy.
Input Name Range Type Description policy-name string
Name of the policy. Output Name Range Type Description exclude-volumes fpolicy-volumes-list-info[]
List of volumes that are inactive for the file policy. The list can include items which are regular expressions, such as "vol*" or "user?". Note that if a policy has both an exclude list and an include list, the include list is ignored by the filer when processing user requests. include-volumes fpolicy-volumes-list-info[]
List of volumes that are active for the file policy. The list can include items which are regular expressions, such as "vol*" or "user?".
Errno Description EINVALIDINPUTERROR EINTERNALERROR
Vfiler-enabled Yes
| fpolicy-volume-list-set | [top] |
Manipulate a list of volumes in an exclude or include set. This limits the set of volumes for which client requests trigger (include) or suppress (exclude) fpolicy processing for the provided policy. The list provided will replace the list currently in place, if any. Note that if a policy has both an exclude list and an include list, the include list is ignored by the filer.
Input Name Range Type Description list-type string
Defines to which set (exclude or include) a list will be applied. Possible values: "exclude", "include". policy-name string
Name of the policy. volumes fpolicy-volumes-list-info[]
List of volume specifications.
Errno Description EINVALIDINPUTERROR EOPNOTSUPPORTED EINTERNALERROR
Vfiler-enabled Yes
| Element definition: extension-list-info | [top] |
Structure containing extension information.
Name Range Type Description name-spec string
Extension specification (including wild cards). Allowed are only DOS like, three character long extensions. The extensions are case insensitive. Supported wild card values: "???" to match any extension and "?" to match any character. Examples of allowed extension specifications: EXE ??? ?XT P??
| Element definition: fpolicy-volumes-list-info | [top] |
Structure containing volumes information.
Name Range Type Description volume-spec string
Volume specification (including wild cards). The volumes are case insensitive. If no volume-spec is provided, then the list will be reset to an empty list. Supported wild card values: "?" to match any character and "*" to match any number of characters. Example specifications: vol0 vol? users*
| Element definition: ip-address | [top] |
One ip address, in dotted-decimal format (for example, "192.168.11.12").
[none]
| Element definition: monitored-operation-info | [top] |
Structure containing information pertaining to monitored operations.
Name Range Type Description operation string
Supported values: "file-create", "file-delete", "file-open", "file-close", "file-rename", "directory-create", "directory-delete", "directory-rename", "getattr", "setattr", "lookup", "read", "write", "link", "symlink"
| Element definition: monitored-protocol-info | [top] |
Structure containing information pertaining to monitored operations' protocols.
Name Range Type Description protocol string
Supported values: "nfs", "cifs".
| Element definition: policy-info | [top] |
Structure containing information pertaining to policy.
Name Range Type Description is-ads-monitored boolean
True if the policy monitors the cifs operations on Alternate Data Streams. is-enabled boolean
True if the policy is enabled. No matter whether the policy is enabled or disabled, values returned in other elements for the policy are always valid. is-i2p-enabled boolean
True if inode to pathname translation for NFS requests is supported and enabled.If enabled fpolicy requests to fpolicy server will carry full file path for NFS requests. The fields which will carry full file path are AccessPath and RenamePath for FP_ScreenRequest RPC call and sr_accesspath for FP_ScreenRequest2 RPC call. is-offline-files-only boolean
optional
True if the file policy monitors only offlines files. Default is false. monitored-operations monitored-operation-info[]
List of monitored operations. monitored-protocols monitored-protocol-info[]
List of monitored protocols. name string
Policy name. number-of-requests-blocked-locally integer
Number of locally blocked(denied) screen requests. This value is reset each time the filer is rebooted or the policy is disabled. Range : [0..2^32-1]. number-of-screen-failures integer
Number of failed (denied) screen requests. This value is reset each time the filer is rebooted or the policy is disabled. Range : [0..2^32-1]. number-of-screened-files integer
Number of screened files since policy has been enabled. This value is reset each time the filer is rebooted or the policy is disabled. Range : [0..2^32-1].
| Element definition: secondary-server-info | [top] |
Structure containing information pertaining to secondary servers.
Name Range Type Description server-ip ip-address
The ip address, in dotted-decimal format, of the server.
| Element definition: server-info | [top] |
Structure containing information pertaining to servers.
Name Range Type Description idl-version integer
Version of the Interface Definition Language(IDL) used by the Fpolicy server. Range : [0..2^32-1]. is-asynchronous boolean
optional
Shows if the server is registered as asynchronous, i.e. doesn't send reply to the filer. is-size-and-owner-required boolean
optional
True if the server is registered to receive file size and file owner information with every Fpolicy request. is-snapid-required boolean
optional
True if the server is registered to receive file snapshot ID with every Fpolicy request. is-version2 boolean
optional
True if the server is registered with version2 support enabled. version2 refers to the version of the FP_ScreenRequest(). When version2 is true the fpolicy server is enabled to receive FP_ScreenRequest2() RPC. number-of-screen-failures integer
Number of failed (denied) screens since server registrations. Range : [0..2^32-1]. number-of-screened-files integer
Number of screened files since server registration. Range : [0..2^32-1]. offline-filter-bit string
optional
Shows the setting of offline filter. Supported values: "none", "on-set". server-id integer
The unique server ID assigned to the Fpolicy server at the time of Fpolicy server registration. Range : [0..2^32-1]. server-ip ip-address
The ip address, in dotted-decimal format, of the server. smb-req-pipe-name string
The name of the FPolicy request pipe name on which FPolicy server is recieving the screen requests from the storage system. This name is sent by the FPolicy server at the time of the FPolicy server registration.
| Element definition: ip-address | [top] |
One ip address, in dotted-decimal format (for example, "192.168.11.12").
[none]
| Element definition: monitored-operation-info | [top] |
Structure containing information pertaining to monitored operations.
Name Range Type Description operation string
Supported values: "file-create", "file-delete", "file-open", "file-close", "file-rename", "directory-create", "directory-delete", "directory-rename", "getattr", "setattr", "lookup", "read", "write", "link", "symlink"
| Element definition: monitored-protocol-info | [top] |
Structure containing information pertaining to monitored operations' protocols.
Name Range Type Description protocol string
Supported values: "nfs", "cifs".