ninja,
the cleanest way would be to clone the certified command step and add your own reservation code. If you're comfortable with invoking SQL statements from within the command text, this should not be overly complicated.
I've looked at this before, and the problem I found was with the rule index. When no rule index is specified, the powershell version of the command will insert the new rule as the first in the policy, and the perl version as the last. That made it a bit difficult to predict the correct rule index for the reservation. That and the fact that Ontap will allow multiple rules for the same clientmatch makes it difficult to guarantee that the reservation will create a correct entry, and in turn that the verification will match it up with a table record during OCUM aquisition. You'll have to set some ground rules in your environment to ensure that the WFA database will not go out of sync with the cluster, e.g. no rules updates through system manager or the command line, always specify a rule index etc.
If you want to go down that route, here's some SQL that implements the always-last semantics:
INSERT
INTO
cm_storage.export_rule
SELECT
NULL AS id,
'${ClientMatch}' AS clientmatch,
export_policy.id AS policy_id,
'${Protocol}' AS protocol,
'${RoRule}' AS ro_rule,
IF ('${RuleIndex}' <>'',
'${RuleIndex}',
IF ( (
SELECT
COUNT(id)
FROM
cm_storage.export_rule
WHERE
export_rule.policy_id = export_policy.id) > 0,
(
SELECT
MAX(rule_index) + 1
FROM
cm_storage.export_rule
WHERE
export_rule.policy_id = export_policy.id),
1 ) ) AS rule_index,
'${RwRule}' AS rw_rule,
'${Superuser}' AS super_user
FROM
cm_storage.export_policy,
cm_storage.vserver,
cm_storage.cluster
WHERE
export_policy.name = '${PolicyName}'
AND export_policy.vserver_id = vserver.id
AND vserver.name = '${VserverName}'
AND vserver.cluster_id = cluster.id
AND (
cluster.name = '${Cluster}'
OR cluster.primary_address = '${Cluster}'
);
Hope this helps,
Christian