cli-to-semp is not working for adding access-level-exception.
I'm trying to use a SEMP v1 command to change the access level exception for a user in a specific message VPN, but I'm encountering a schema validation error.
Here is the command I used:
I tried cli-to-semp command but it's giving me the following error :
Unexpected parameter(s): access-level-exception at /usr/sw/loads/currentload/scripts/cli-to-semp line 82.
Could someone help me understand why this command is not valid or how I could correct it to comply with the SEMP v1 schema? Any guidance or examples would be greatly appreciated.
Thank you in advance!
Answers
-
Hi @techrahul95 . Ok… couple things:
There isn't an exact 1-to-1 mapping between CLI and SEMPv1… for example, there's no XML tag called "configure" in the SEMPv1 RPC schema. You can find the schema inside the broker directory
/usr/sw/loads/currentload/schema/
But it's kind of hard to read at first.cli-to-semp
utility is great for "show" commands, and easy one-liners. It's harder for configuration commands because sometimes you need to use multiple RPC POSTs to configure an object. For what you're trying to do, you actually need two SEMPv1 commands: one to create the VPN exception, and then one to define/specify it. Here, I have an existing CLI user calledaaron-ro
that's a global read-only user, and I'm going to add a exception for VPNgw
with "read-write" permissions:<rpc> <username> <name>aaron-ro</name> <message-vpn> <create> <access-level-exception> <vpn-name>gw</vpn-name> </access-level-exception> </create> </message-vpn> </username> </rpc> <rpc> <username> <name>aaron-ro</name> <message-vpn> <access-level-exception> <vpn-name>gw</vpn-name> <access-level> <access-level>read-write</access-level> </access-level> </access-level-exception> </message-vpn> </username> </rpc>
Hope that helps! Let me know.
0