Module netapp_ontap.resources.vscan_on_access
Copyright © 2019 NetApp Inc. All rights reserved.
Overview
Vscan On-Access scanning is used to actively scan file objects for viruses when clients access files over SMB. To control which file operations trigger a vscan, use Vscan File-Operations Profile (vscan-fileop-profile) option in CIFS share. The Vscan On-Access policy configuration defines the scope and status of On-Access scanning on file objects. This API is used to retrieve and manage Vscan On-Access policy configurations and Vscan On-Access policy statuses for the SVM.
Examples
Retrieving all fields for all policies of an SVM
# The API:
/api/protocols/vscan/{svm.uuid}/on_access_policies/
# The call:
curl -X GET "https://<mgmt-ip>/api/protocols/vscan/{svm.uuid}/on_access_policies?fields=*" -H "accept: application/hal+json"
# The response:
{
"records": [
{
"svm": {
"uuid": "179d3c85-7053-11e8-b9b8-005056b41bd1",
"name": "vs1"
"_links": {
"self": {
"href": "/api/svm/svms/179d3c85-7053-11e8-b9b8-005056b41bd1"
}
}
},
"name": "default_CIFS",
"enabled": true,
"mandatory": true,
"scope": {
"max_file_size": 2147483648,
"include_extensions": [
"*"
],
"scan_without_extension": true,
"scan_readonly_volumes": false,
"only_execute_access": false
},
"_links": {
"self": {
"href": "/api/protocols/vscan/179d3c85-7053-11e8-b9b8-005056b41bd1/on_access_policies/default_CIFS"
}
}
},
{
"svm": {
"uuid": "179d3c85-7053-11e8-b9b8-005056b41bd1",
"name": "vs1"
"_links": {
"self": {
"href": "/api/svm/svms/179d3c85-7053-11e8-b9b8-005056b41bd1"
}
}
},
"name": "on-access-policy",
"enabled": false,
"mandatory": true,
"scope": {
"max_file_size": 3221225472,
"exclude_paths": [
"\\vol\\a b\\",
"\\vol\\a,b\\"
],
"include_extensions": [
"mp*",
"tx*"
],
"exclude_extensions": [
"mp3",
"txt"
],
"scan_without_extension": true,
"scan_readonly_volumes": false,
"only_execute_access": true
}
"_links": {
"self": {
"href": "/api/protocols/vscan/179d3c85-7053-11e8-b9b8-005056b41bd1/on_access_policies/on-access-policy"
}
}
}
],
"num_records": 2,
"_links": {
"self": {
"href": "/api/protocols/vscan/179d3c85-7053-11e8-b9b8-005056b41bd1/on_access_policies?fields=*"
}
}
}
Retrieving the specific On-Access policy associated with the specified SVM
# The API:
/api/protocols/vscan/{svm.uuid}/on_access_policies/{name}
# The call:
curl -X GET "https://<mgmt-ip>/api/protocols/vscan/179d3c85-7053-11e8-b9b8-005056b41bd1/on_access_policies/on-access-policy" -H "accept: application/json"
# The response:
{
"svm": {
"uuid": "179d3c85-7053-11e8-b9b8-005056b41bd1",
"name": "vs1"
"_links": {
"self": {
"href": "/api/svm/svms/179d3c85-7053-11e8-b9b8-005056b41bd1"
}
}
},
"name": "on-access-policy",
"enabled": true,
"mandatory": true,
"scope": {
"max_file_size": 3221225472,
"exclude_paths": [
"\\vol\\a b\\",
"\\vol\\a,b\\"
],
"include_extensions": [
"mp*",
"tx*"
],
"exclude_extensions": [
"mp3",
"txt"
],
"scan_without_extension": true,
"scan_readonly_volumes": false,
"only_execute_access": true
}
"_links": {
"self": {
"href": "/api/protocols/vscan/179d3c85-7053-11e8-b9b8-005056b41bd1/on_access_policies/task1"
}
}
}
Creating a Vscan On-Access policy
The Vscan On-Access policy POST endpoint creates an On-Access policy for the specified SVM. Set enabled to "true" to enable scanning on the created policy.
# The API:
/api/protocols/vscan/{svm.uuid}/on_access_policies
# The call:
curl -X POST "https://<mgmt-ip>/api/protocols/vscan/86fbc414-f140-11e8-8e22-0050568e0945/on_access_policies?return_records=true" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"enabled\": false, \"mandatory\": true, \"name\": \"on-access-policy\", \"scope\": { \"exclude_extensions\": [ \"txt\", \"mp3\" ], \"exclude_paths\": [ \"\\\\dir1\\\\dir2\\\\ame\", \"\\\\vol\\\\a b\" ], \"include_extensions\": [ \"mp*\", \"txt\" ], \"max_file_size\": 3221225472, \"only_execute_access\": true, \"scan_readonly_volumes\": false, \"scan_without_extension\": true }}"
# The response:
{
"num_records": 1,
"records": [
{
"svm": {
"name": "vs1"
},
"name": "on-access-policy",
"enabled": false,
"mandatory": true,
"scope": {
"max_file_size": 3221225472,
"exclude_paths": [
"\\dir1\\dir2\\ame",
"\\vol\\a b"
],
"include_extensions": [
"mp*",
"txt"
],
"exclude_extensions": [
"txt",
"mp3"
],
"scan_without_extension": true,
"scan_readonly_volumes": false,
"only_execute_access": true
}
}
]
}
Creating a Vscan On-Access policy where a number of optional fields are not specified
# The API:
/api/protocols/vscan/{svm.uuid}/on_access_policies
# The call:
curl -X POST "https://<mgmt-ip>/api/protocols/vscan/86fbc414-f140-11e8-8e22-0050568e0945/on_access_policies?return_records=true" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"enabled\": false, \"mandatory\": true, \"name\": \"on-access-policy\", \"scope\": { \"exclude_paths\": [ \"\\\\vol\\\\a b\", \"\\\\vol\\\\a,b\\\\\" ], \"max_file_size\": 1073741824, \"scan_without_extension\": true }}"
# The response:
{
"num_records": 1,
"records": [
{
"svm": {
"name": "vs1"
},
"name": "on-access-policy",
"enabled": false,
"mandatory": true,
"scope": {
"max_file_size": 1073741824,
"exclude_paths": [
"\\vol\\a b",
"\\vol\\a,b\\"
],
"scan_without_extension": true
}
}
]
}
Updating a Vscan On-Access policy
The policy being modified is identified by the UUID of the SVM and the policy name.
# The API:
/api/protocols/vscan/{svm.uuid}/on_access_policies/{name}
# The call:
curl -X PATCH "https://<mgmt-ip>/api/protocols/vscan/86fbc414-f140-11e8-8e22-0050568e0945/on_access_policies/on-access-policy" -H "accept: application/hal+json" -H "Content-Type: application/json" -d "{ \"scope\": { \"include_extensions\": [ \"txt\" ], \"only_execute_access\": true, \"scan_readonly_volumes\": false, \"scan_without_extension\": true }}"
Deleting a Vscan On-Access policy
The policy to be deleted is identified by the UUID of the SVM and the policy name.
# The API:
/api/protocols/vscan/{svm.uuid}/on_access_policies/{name}
# The call:
curl -X DELETE "https://<mgmt-ip>/api/protocols/vscan/86fbc414-f140-11e8-8e22-0050568e0945/on_access_policies/on-access-policy" -H "accept: application/hal+json"
Classes
class VscanOnAccess (*args, **kwargs)
-
An On-Access policy that defines the scope of an On-Access scan. Use On-Access scanning to check for viruses when clients open, read, rename, or close files over CIFS. By default, ONTAP creates an On-Access policy named "default_CIFS" and enables it for all the SVMs in a cluster.
Initialize the instance of the resource.
Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:
MyResource(name='foo').name == 'foo'
Args
*args
- Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
- each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.
Ancestors
Static methods
def delete_collection(*args, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Deletes the anti-virus On-Access policy configuration.
Related ONTAP commands
vserver vscan on-access-policy delete
Learn more
Delete all objects in a collection which match the given query.
All records on the host which match the query will be deleted.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to delete the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def find(*args, connection: HostConnection = None, **kwargs) -> Resource
-
Retrieves the Vscan On-Access policy.
Related ONTAP commands
vserver vscan on-access-policy show
vserver vscan on-access-policy file-ext-to-include show
vserver vscan on-access-policy file-ext-to-exclude show
vserver vscan on-access-policy paths-to-exclude show
Learn more
Find an instance of an object on the host given a query.
The host will be queried with the provided key/value pairs to find a matching resource. If 0 are found or if more than 1 is found, an error will be raised or returned. If there is exactly 1 matching record, then it will be returned.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to find a bar for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
Resource
object containing the details of the object.Raises
NetAppRestError
: If the API call did not return exactly 1 matching resource. def get_collection(*args, connection: HostConnection = None, max_records: int = None, **kwargs) -> typing.Iterable
-
Retrieves the Vscan On-Access policy.
Related ONTAP commands
vserver vscan on-access-policy show
vserver vscan on-access-policy file-ext-to-include show
vserver vscan on-access-policy file-ext-to-exclude show
vserver vscan on-access-policy paths-to-exclude show
Learn more
Fetch a list of all objects of this type from the host.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. max_records
- The maximum number of records to return per call
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A list of
Resource
objectsRaises
NetAppRestError
: If there is no connection available to use either passed in or on the library. def patch_collection(body: dict, *args, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Updates the Vscan On-Access policy configuration and/or enables/disables the Vscan On-Access policy of an SVM. Configurations for an On-Access policy associated with an administrative SVM cannot be modified, although the policy associated with an administrative SVM can be enabled or disabled.
Related ONTAP commands
vserver vscan on-access-policy modify
vserver vscan on-access-policy enable
vserver vscan on-access-policy disable
vserver vscan on-access-policy file-ext-to-include add
vserver vscan on-access-policy file-ext-to-exclude add
vserver vscan on-access-policy paths-to-exclude add
vserver vscan on-access-policy file-ext-to-include remove
vserver vscan on-access-policy file-ext-to-exclude remove
vserver vscan on-access-policy paths-to-exclude remove
Learn more
Patch all objects in a collection which match the given query.
All records on the host which match the query will be patched with the provided body.
Args
body
- A dictionary of name/value pairs to set on all matching members of the collection.
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to patch the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Methods
def delete(self, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Deletes the anti-virus On-Access policy configuration.
Related ONTAP commands
vserver vscan on-access-policy delete
Learn more
Send a deletion request to the host for this object.
Args
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def get(self, **kwargs) -> NetAppResponse
-
Retrieves the Vscan On-Access policy configuration of an SVM.
Related ONTAP commands
vserver vscan on-access-policy show
vserver vscan on-access-policy file-ext-to-include show
vserver vscan on-access-policy file-ext-to-exclude show
vserver vscan on-access-policy paths-to-exclude show
Learn more
Fetch the details of the object from the host.
Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def patch(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Updates the Vscan On-Access policy configuration and/or enables/disables the Vscan On-Access policy of an SVM. Configurations for an On-Access policy associated with an administrative SVM cannot be modified, although the policy associated with an administrative SVM can be enabled or disabled.
Related ONTAP commands
vserver vscan on-access-policy modify
vserver vscan on-access-policy enable
vserver vscan on-access-policy disable
vserver vscan on-access-policy file-ext-to-include add
vserver vscan on-access-policy file-ext-to-exclude add
vserver vscan on-access-policy paths-to-exclude add
vserver vscan on-access-policy file-ext-to-include remove
vserver vscan on-access-policy file-ext-to-exclude remove
vserver vscan on-access-policy paths-to-exclude remove
Learn more
Send the difference in the object's state to the host as a modification request.
Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def post(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Creates a Vscan On-Access policy. Created only on a data SVM. Important notes: * The policy needs to be enabled on an SVM before its files can be scanned. * Only one On-Access policy can be enabled on an SVM at a time. By default, the policy is enabled on creation. * If the Vscan On-Access policy has been created successfully on an SVM but cannot be enabled due to an error, the Vscan On-Access policy configurations are saved. The Vscan On-Access policy is then enabled using the PATCH operation.
Required properties
svm.uuid
- Existing SVM in which to create the Vscan On-Access policy.name
- Name of the Vscan On-Access policy. Maximum length is 256 characters.
Default property values
If not specified in POST, the following default property values are assigned: *
enabled
- true *mandatory
- true *include_extensions
- * *max_file_size
- 2147483648 *only_execute_access
- false *scan_readonly_volumes
- false *scan_without_extension
- trueRelated ONTAP commands
vserver vscan on-access-policy create
vserver vscan on-access-policy enable
vserver vscan on-access-policy disable
vserver vscan on-access-policy file-ext-to-include add
vserver vscan on-access-policy file-ext-to-exclude add
vserver vscan on-access-policy paths-to-exclude add
Learn more
Send this object to the host as a creation request.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Inherited members
class VscanOnAccessSchema (only=None, exclude=(), many=False, context=None, load_only=(), dump_only=(), partial=False, unknown=None)
-
The fields of the VscanOnAccess object
Ancestors
- netapp_ontap.resource.ResourceSchema
- marshmallow.schema.Schema
- marshmallow.schema.BaseSchema
- marshmallow.base.SchemaABC
Class variables
var enabled
-
Status of the On-Access Vscan policy
var mandatory
-
Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning.
var name
-
On-Access policy ame
Example: on-access-test
var opts
var scope
-
The scope field of the vscan_on_access.