Policy Definition Files New Format

2 mins V7 Pro V6 Core

The new format for Policy and CIC Definitions in rConfig has been simplified for ease of use and readability. This replaces the old verbose JSON format with a more streamlined approach. This documentation will guide you through the new format, its benefits, and usage tips.

This format is new as of V7.2.0. When upgrading from a previous version, the old format will be need to be manually converted to the new format.

For CIC Definitions, go to the CLI and run the following command to convert the old format to the new format:

cd /var/www/html/rconfig7/current && php artisan rconfig:transform-eoc-definitions

For Policy Definitions, go to the CLI and run the following command to convert the old format to the new format:

cd /var/www/html/rconfig7/current && php artisan rconfig:transform-policy-definitions

Benefits

Simplified Format: The new format is less verbose and easier to write and understand.
Efficiency: Reduces the complexity of writing policy definitions and CIC definitions.
Ease of Use: Includes auto-complete features in the editor, making it easier to use predefined methods.

Format Description

The new format uses a combination of comments and method annotations to define policies. Each policy is described with a comment followed by a method annotation and the command it applies to.

How to write a policy definition:

Blocks must be seperated by a line blank line i.e. // Some described policy followed by a method annotation
Each block must start with a comment describing the policy followed by a method annotation
The method annotation must be enclosed in square brackets prefaced by a # symbol i.e. #[method_annotation]
The text following the method annotation is the command the policy applies to or will be evaluated
Blocks that have a STRING (#[must_match_single_string]) method annotation must have a single string value following the method annotation i.e. #[method_annotation] single_string_value
Blocks that have a ARRAY (#[must_match_all_from_array]) method annotation must have a list of strings following the method annotation i.e. #[method_annotation] string1, string2, string3
Blocks that have a REGEX (#[must_match_regex]) method annotation must have one of many regex patterns following the method annotation i.e. #[method_annotation] /regex_pattern/

// Description: must_match_single_string SNMP Policy
#[must_match_single_string]
snmp-server host 1.1.1.1 TESTCOMMUNITY

// Description: must_match_single_string Disable CDP
#[must_match_single_string]
no cdp run

// Description: must_match_single_string Disable HTTP Server
#[must_match_single_string]
no ip http server

// Description: must_match_all_from_array AAA Authentication
#[must_match_all_from_array]
aaa authentication login default local
aaa authentication enable default none

// Description: must_match_all_from_array Auxiliary Line Configuration
#[must_match_regex]
/.* vty 0 4.*/

The example below is a multi line regex pattern. The regex pattern must be enclosed in / characters. Note the use of the m flag to match multiple lines. The m flag allows the regex to match the beginning and end of each line in the input string. The g flag is used to match all occurrences of the pattern in the input string.

// Description: must_match_all_from_array Auxiliary Line Configuration
#[must_match_regex]
/^set protocols rstp interface (ge|xe|et)-\d+\/\d+\/\d+\.\d+ edge$/gm

The code below is an example output for the above regex pattern. The regex pattern will match the following lines:

set protocols rstp interface ge-0/0/1.0 edge
set protocols rstp interface ge-0/0/2.0 edge
set protocols rstp interface ge-0/0/3.0 edge
set protocols rstp interface xe-0/0/3.0 edge
set protocols rstp interface xe-0/0/2.0 edge
set protocols rstp interface xe-0/0/1.0 edge
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols rstp interface xe-0/0/2.0 edge
some other configuration line
set system services ssh
set protocols rstp interface et-0/0/3.0 edge
another non-matching line
set protocols bgp group EXTERNAL-PEERS type external
set protocols rstp interface et-0/0/4.10 edge
set protocols rstp interface et-0/0/1.0 edge
set protocols rstp interface et-0/0/2.0 edge
set protocols rstp interface et-0/0/3.0 edge

All lines that match the regex pattern will be returned as a result. The regex pattern must be enclosed in / characters.

Usage Tips

Ctrl+S to Save: Use Ctrl+S to save the definition file in the editor.
Auto-complete: The editor provides auto-complete for method annotations when typing #.
Detailed Instructions: For detailed instructions on methods, refer to the UI under the respective Create form for each feature in rConfig.