PS Toolkit fpolicy create stuck on scope option

MWargelWTW · ‎2024-04-12

Trying to use PS Toolkit to create FPolicy on several svms across multiple clusters.

Stuck on new-NcFpolicyPolicy -Name ransomwarePolicy -Event cifsEvent, nfsV3Event, nfsV4Event -EngineName native -VserverContext svm_1

new-NcFpolicyPolicy : [400]: Failed to create policy "ransomwarePolicy". Reason: scope is a required field.
At line:1 char:1
+ new-NcFpolicyPolicy -Name ransomwarePolicy -Event cifsEvent, nfsV3Eve ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [New-NcFpolicyPolicy], Exception
+ FullyQualifiedErrorId : 400,DataONTAP.C.PowerShell.SDK.Cmdlets.Fpolicy.NewNcFpolicyPolicy

I can use the new-NC-FpolicyScope to create a scope, but it fails as the noted 'ransomwarePolicy' has not been created yet.

Does anyone know what the -scope parameter is used for? Cannot find any examples and it's not shown in the help for the command. Powershell says it's not a required parameter.

Using 9.14.1 PS Toolkit

Powershell 7.4.1.0

connecting to a cluster running 9.10.1p10

saharsh

In Rest call scope is the required property

Scope of the policy. Can be limited to exports, volumes, shares or file extensions.

To use scope please create New-Object DataONTAP.C.Types.Fpolicy.Scope

Sample:
$Scope= New-Object DataONTAP.C.Types.Fpolicy.Scope
$Scope.ExcludeExportPolicies = "export"
New-NcFpolicyPolicy -Name $Name -Event $EventName -EngineName native -NonMandatory -VserverContext $fpolicyVserver -Scope $Scope

Please find the description of scope:

scope

{

check_extensions_on_directories (9.11)	boolean default: false x-nullable: true Specifies whether the file name extension checks also apply to directory objects. If this parameter is set to true, the directory objects are subjected to the same extension checks as regular files. If this parameter is set to false, the directory names are not matched for extensions and notifications are sent for directories even if their name extensions do not match. Default is false.
exclude_export_policies	[ string x-nullable: true Specifies a list of export_policies to exclude from file access monitoring. The possible values can contain regular expressions and can include metacharacters such as "?" and "*". ]
exclude_extension	[ string x-nullable: true Specifies a list of file extensions to exclude from file access monitoring. It can contain regular expressions and can also include metacharacters such as "?". ]
exclude_shares	[ string x-nullable: true Specifies a list of shares to exclude from file access monitoring. The possible values can contain regular expressions and can include metacharacters such as "?" and "*". ]
exclude_volumes	[ example: List [ "vol1", "vol_svm1", "" ] string x-nullable: true Specifies a list of volumes to exclude from file access monitoring. The possible values can contain regular expressions and can include metacharacters such as "?" and "". ]
include_export_policies	[ string x-nullable: true Specifies a list of export_policies or file access monitoring. The possible values can contain regular expressions and can include metacharacters such as "?" and "*". ]
include_extension	[ string x-nullable: true Specifies a list of file extensions for file access monitoring. It can contain regular expressions and can also include metacharacters such as "?". ]
include_shares	[ example: List [ "sh1", "share_cifs" ] string x-nullable: true Specifies a list of shares for file access monitoring. The possible values can contain regular expressions and can include metacharacters such as "?" and "*". ]
include_volumes	[ example: List [ "vol1", "vol_svm1" ] string x-nullable: true Specifies a list of volumes for file access monitoring. The possible values can contain regular expressions and can include metacharacters such as "?" and "*". ]
object_monitoring_with_no_extension (9.11)	boolean default: false x-nullable: true Specifies whether the extension checks also apply to objects with no extension. If this parameter is set to true, all objects with or without extensions are monitored. Default is false.