cli-to-semp is not working for adding access-level-exception.

techrahul95
techrahul95 Member Posts: 20 ✭✭

I'm trying to use a SEMP v1 command to change the access level exception for a user in a specific message VPN, but I'm encountering a schema validation error.

Here is the command I used:

I tried cli-to-semp command but it's giving me the following error :
Unexpected parameter(s): access-level-exception at /usr/sw/loads/currentload/scripts/cli-to-semp line 82.

Could someone help me understand why this command is not valid or how I could correct it to comply with the SEMP v1 schema? Any guidance or examples would be greatly appreciated.

Thank you in advance!

Answers

  • Aaron
    Aaron Member, Administrator, Moderator, Employee Posts: 634 admin

    Hi @techrahul95 . Ok… couple things:

    There isn't an exact 1-to-1 mapping between CLI and SEMPv1… for example, there's no XML tag called "configure" in the SEMPv1 RPC schema. You can find the schema inside the broker directory /usr/sw/loads/currentload/schema/ But it's kind of hard to read at first.

    cli-to-semp utility is great for "show" commands, and easy one-liners. It's harder for configuration commands because sometimes you need to use multiple RPC POSTs to configure an object. For what you're trying to do, you actually need two SEMPv1 commands: one to create the VPN exception, and then one to define/specify it. Here, I have an existing CLI user called aaron-ro that's a global read-only user, and I'm going to add a exception for VPN gw with "read-write" permissions:

    <rpc>
      <username>
        <name>aaron-ro</name>
        <message-vpn>
          <create>
            <access-level-exception>
              <vpn-name>gw</vpn-name>
            </access-level-exception>
          </create>
        </message-vpn>
      </username>
    </rpc>
    
    <rpc>
      <username>
        <name>aaron-ro</name>
        <message-vpn>
          <access-level-exception>
            <vpn-name>gw</vpn-name>
            <access-level>
              <access-level>read-write</access-level>
            </access-level>
          </access-level-exception>
        </message-vpn>
      </username>
    </rpc>
    

    Hope that helps! Let me know.