Module netapp_ontap.resources.vscan_on_access

Copyright © 2022 NetApp Inc. All rights reserved.

Overview

Use Vscan On-Access scanning to actively scan file objects for viruses when clients access files over SMB. To control which file operations trigger a vscan, use Vscan File-Operations Profile (vscan-fileop-profile) option in the CIFS share. The Vscan On-Access policy configuration defines the scope and status of On-Access scanning on file objects. Use this API to retrieve and manage Vscan On-Access policy configurations and Vscan On-Access policy statuses for the SVM.

Examples

Retrieving all fields for all policies of an SVM


from netapp_ontap import HostConnection
from netapp_ontap.resources import VscanOnAccess

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    print(list(VscanOnAccess.get_collection("{svm.uuid}", fields="*")))

[
    VscanOnAccess(
        {
            "mandatory": True,
            "name": "default_CIFS",
            "scope": {
                "scan_readonly_volumes": False,
                "include_extensions": ["*"],
                "max_file_size": 2147483648,
                "only_execute_access": False,
                "scan_without_extension": True,
            },
            "enabled": True,
        }
    ),
    VscanOnAccess(
        {
            "mandatory": True,
            "name": "on-access-policy",
            "scope": {
                "scan_readonly_volumes": False,
                "include_extensions": ["mp*", "tx*"],
                "max_file_size": 3221225472,
                "exclude_paths": ["\\vol\\a b\\", "\\vol\\a,b\\"],
                "only_execute_access": True,
                "exclude_extensions": ["mp3", "txt"],
                "scan_without_extension": True,
            },
            "enabled": False,
        }
    ),
]


Retrieving the specific On-Access policy associated with the specified SVM


from netapp_ontap import HostConnection
from netapp_ontap.resources import VscanOnAccess

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = VscanOnAccess(
        "179d3c85-7053-11e8-b9b8-005056b41bd1", name="on-access-policy"
    )
    resource.get()
    print(resource)

VscanOnAccess(
    {
        "mandatory": True,
        "name": "on-access-policy",
        "scope": {
            "scan_readonly_volumes": False,
            "include_extensions": ["mp*", "tx*"],
            "max_file_size": 3221225472,
            "exclude_paths": ["\\vol\\a b\\", "\\vol\\a,b\\"],
            "only_execute_access": True,
            "exclude_extensions": ["mp3", "txt"],
            "scan_without_extension": True,
        },
        "enabled": True,
    }
)


Creating a Vscan On-Access policy

The Vscan On-Access policy POST endpoint creates an On-Access policy for the specified SVM. Set enabled to "true" to enable scanning on the created policy.

from netapp_ontap import HostConnection
from netapp_ontap.resources import VscanOnAccess

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = VscanOnAccess("86fbc414-f140-11e8-8e22-0050568e0945")
    resource.enabled = False
    resource.mandatory = True
    resource.name = "on-access-policy"
    resource.scope = {
        "exclude_extensions": ["txt", "mp3"],
        "exclude_paths": ["\\dir1\\dir2\\ame", "\\vol\\a b"],
        "include_extensions": ["mp*", "txt"],
        "max_file_size": 3221225472,
        "only_execute_access": True,
        "scan_readonly_volumes": False,
        "scan_without_extension": True,
    }
    resource.post(hydrate=True)
    print(resource)

VscanOnAccess(
    {
        "mandatory": True,
        "name": "on-access-policy",
        "scope": {
            "scan_readonly_volumes": False,
            "include_extensions": ["mp*", "txt"],
            "max_file_size": 3221225472,
            "exclude_paths": ["\\dir1\\dir2\\ame", "\\vol\\a b"],
            "only_execute_access": True,
            "exclude_extensions": ["txt", "mp3"],
            "scan_without_extension": True,
        },
        "enabled": False,
    }
)


Creating a Vscan On-Access policy where a number of optional fields are not specified


from netapp_ontap import HostConnection
from netapp_ontap.resources import VscanOnAccess

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = VscanOnAccess("86fbc414-f140-11e8-8e22-0050568e0945")
    resource.enabled = False
    resource.mandatory = True
    resource.name = "on-access-policy"
    resource.scope = {
        "exclude_paths": ["\\vol\\a b", "\\vol\\a,b\\"],
        "max_file_size": 1073741824,
        "scan_without_extension": True,
    }
    resource.post(hydrate=True)
    print(resource)

VscanOnAccess(
    {
        "mandatory": True,
        "name": "on-access-policy",
        "scope": {
            "max_file_size": 1073741824,
            "exclude_paths": ["\\vol\\a b", "\\vol\\a,b\\"],
            "scan_without_extension": True,
        },
        "enabled": False,
    }
)


Updating a Vscan On-Access policy

The policy being modified is identified by the UUID of the SVM and the policy name.

from netapp_ontap import HostConnection
from netapp_ontap.resources import VscanOnAccess

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = VscanOnAccess(
        "86fbc414-f140-11e8-8e22-0050568e0945", name="on-access-policy"
    )
    resource.scope = {
        "include_extensions": ["txt"],
        "only_execute_access": True,
        "scan_readonly_volumes": False,
        "scan_without_extension": True,
    }
    resource.patch()


Deleting a Vscan On-Access policy

The policy to be deleted is identified by the UUID of the SVM and the policy name.

from netapp_ontap import HostConnection
from netapp_ontap.resources import VscanOnAccess

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = VscanOnAccess(
        "86fbc414-f140-11e8-8e22-0050568e0945", name="on-access-policy"
    )
    resource.delete()


Classes

class VscanOnAccess (*args, **kwargs)

An On-Access policy that defines the scope of an On-Access scan. Use On-Access scanning to check for viruses when clients open, read, rename, or close files over CIFS. By default, ONTAP creates an On-Access policy named "default_CIFS" and enables it for all the SVMs in a cluster.

Initialize the instance of the resource.

Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:

MyResource(name='foo').name == 'foo'

Args

*args
Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.

Ancestors

Static methods

def count_collection(*args, connection: HostConnection = None, **kwargs) -> int

Fetch a count of all objects of this type from the host.

This calls GET on the object to determine the number of records. It is more efficient than calling get_collection() because it will not construct any objects. Query parameters can be passed in as kwargs to determine a count of objects that match some filtered criteria.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the count of bars for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host. These query parameters can affect the count. A return_records query param will be ignored.

Returns

On success, returns an integer count of the objects of this type. On failure, returns -1.

Raises

NetAppRestError: If the API call returned a status code >= 400, or if there is no connection available to use either passed in or on the library.

def delete_collection(*args, records: Iterable[_ForwardRef('VscanOnAccess')] = None, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Union[int, NoneType] = None, poll_timeout: Union[int, NoneType] = None, connection: HostConnection = None, **kwargs) -> NetAppResponse

Deletes the anti-virus On-Access policy configuration.

  • vserver vscan on-access-policy delete

Learn more


Delete all objects in a collection which match the given query.

All records on the host which match the query will be deleted.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to delete the collection of bars for a particular foo, the foo.name value should be passed.
records
Can be provided in place of a query. If so, this list of objects will be deleted from the host.
body
The body of the delete request. This could be a Resource instance or a dictionary object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be deleted.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def find(*args, connection: HostConnection = None, **kwargs) -> Resource

Retrieves the Vscan On-Access policy.

  • vserver vscan on-access-policy show
  • vserver vscan on-access-policy file-ext-to-include show
  • vserver vscan on-access-policy file-ext-to-exclude show
  • vserver vscan on-access-policy paths-to-exclude show

Learn more


Find an instance of an object on the host given a query.

The host will be queried with the provided key/value pairs to find a matching resource. If 0 are found, None will be returned. If more than 1 is found, an error will be raised or returned. If there is exactly 1 matching record, then it will be returned.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to find a bar for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A Resource object containing the details of the object or None if no matches were found.

Raises

NetAppRestError: If the API call returned more than 1 matching resource.

def get_collection(*args, connection: HostConnection = None, max_records: int = None, **kwargs) -> Iterable[Resource]

Retrieves the Vscan On-Access policy.

  • vserver vscan on-access-policy show
  • vserver vscan on-access-policy file-ext-to-include show
  • vserver vscan on-access-policy file-ext-to-exclude show
  • vserver vscan on-access-policy paths-to-exclude show

Learn more


Fetch a list of all objects of this type from the host.

This is a lazy fetch, making API calls only as necessary when the result of this call is iterated over. For instance, if max_records is set to 5, then iterating over the collection causes an API call to be sent to the server once for every 5 records. If the client stops iterating before getting to the 6th record, then no additional API calls are made.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the collection of bars for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
max_records
The maximum number of records to return per call
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A list of Resource objects

Raises

NetAppRestError: If there is no connection available to use either passed in or on the library. This would be not be raised when get_collection() is called, but rather when the result is iterated.

def patch_collection(body: dict, *args, records: Iterable[_ForwardRef('VscanOnAccess')] = None, poll: bool = True, poll_interval: Union[int, NoneType] = None, poll_timeout: Union[int, NoneType] = None, connection: HostConnection = None, **kwargs) -> NetAppResponse

Updates the Vscan On-Access policy configuration and/or enables/disables the Vscan On-Access policy of an SVM. You cannot modify the configurations for an On-Access policy associated with an administrative SVM, although you can encable and disable the policy associated with an administrative SVM.

  • vserver vscan on-access-policy modify
  • vserver vscan on-access-policy enable
  • vserver vscan on-access-policy disable
  • vserver vscan on-access-policy file-ext-to-include add
  • vserver vscan on-access-policy file-ext-to-exclude add
  • vserver vscan on-access-policy paths-to-exclude add
  • vserver vscan on-access-policy file-ext-to-include remove
  • vserver vscan on-access-policy file-ext-to-exclude remove
  • vserver vscan on-access-policy paths-to-exclude remove

Learn more


Patch all objects in a collection which match the given query.

All records on the host which match the query will be patched with the provided body.

Args

body
A dictionary of name/value pairs to set on all matching members of the collection. The body argument will be ignored if records is provided.
*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to patch the collection of bars for a particular foo, the foo.name value should be passed.
records
Can be provided in place of a query. If so, this list of objects will be patched on the host.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def post_collection(records: Iterable[_ForwardRef('VscanOnAccess')], *args, hydrate: bool = False, poll: bool = True, poll_interval: Union[int, NoneType] = None, poll_timeout: Union[int, NoneType] = None, connection: HostConnection = None, **kwargs) -> Union[List[VscanOnAccess], NetAppResponse]

Creates a Vscan On-Access policy. Created only on a data SVM. Important notes: * You must enable the policy on an SVM before its files can be scanned. * You can enable only one On-Access policy at a time on an SVM. By default, the policy is enabled on creation. * If the Vscan On-Access policy has been created successfully on an SVM but cannot be enabled due to an error, the Vscan On-Access policy configurations are saved. The Vscan On-Access policy is then enabled using the PATCH operation.

Required properties

  • svm.uuid - Existing SVM in which to create the Vscan On-Access policy.
  • name - Name of the Vscan On-Access policy. Maximum length is 256 characters.

Default property values

If not specified in POST, the following default property values are assigned: * enabled - true * mandatory - true * include_extensions - * * max_file_size - 2147483648 * only_execute_access - false * scan_readonly_volumes - false * scan_without_extension - true

  • vserver vscan on-access-policy create
  • vserver vscan on-access-policy enable
  • vserver vscan on-access-policy disable
  • vserver vscan on-access-policy file-ext-to-include add
  • vserver vscan on-access-policy file-ext-to-exclude add
  • vserver vscan on-access-policy paths-to-exclude add

Learn more


Send this collection of objects to the host as a creation request.

Args

records
A list of Resource objects to send to the server to be created.
*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to create a bar for a particular foo, the foo.name value should be passed.
hydrate
If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of each object. When hydrate is set to True, poll must also be set to True.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.

Returns

A list of Resource objects matching the provided
type which have been created by the host and returned. This is _not_
 
the same list that was provided, so to continue using the object, you
 

should save this list. If poll is set to False, then a NetAppResponse object is returned instead.

Raises

NetAppRestError: If the API call returned a status code >= 400

Methods

def delete(self, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Union[int, NoneType] = None, poll_timeout: Union[int, NoneType] = None, **kwargs) -> NetAppResponse

Deletes the anti-virus On-Access policy configuration.

  • vserver vscan on-access-policy delete

Learn more


Send a deletion request to the host for this object.

Args

body
The body of the delete request. This could be a Resource instance or a dictionary object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def get(self, **kwargs) -> NetAppResponse

Retrieves the Vscan On-Access policy configuration of an SVM.

  • vserver vscan on-access-policy show
  • vserver vscan on-access-policy file-ext-to-include show
  • vserver vscan on-access-policy file-ext-to-exclude show
  • vserver vscan on-access-policy paths-to-exclude show

Learn more


Fetch the details of the object from the host.

Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def patch(self, hydrate: bool = False, poll: bool = True, poll_interval: Union[int, NoneType] = None, poll_timeout: Union[int, NoneType] = None, **kwargs) -> NetAppResponse

Updates the Vscan On-Access policy configuration and/or enables/disables the Vscan On-Access policy of an SVM. You cannot modify the configurations for an On-Access policy associated with an administrative SVM, although you can encable and disable the policy associated with an administrative SVM.

  • vserver vscan on-access-policy modify
  • vserver vscan on-access-policy enable
  • vserver vscan on-access-policy disable
  • vserver vscan on-access-policy file-ext-to-include add
  • vserver vscan on-access-policy file-ext-to-exclude add
  • vserver vscan on-access-policy paths-to-exclude add
  • vserver vscan on-access-policy file-ext-to-include remove
  • vserver vscan on-access-policy file-ext-to-exclude remove
  • vserver vscan on-access-policy paths-to-exclude remove

Learn more


Send the difference in the object's state to the host as a modification request.

Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.

Args

hydrate
If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def post(self, hydrate: bool = False, poll: bool = True, poll_interval: Union[int, NoneType] = None, poll_timeout: Union[int, NoneType] = None, **kwargs) -> NetAppResponse

Creates a Vscan On-Access policy. Created only on a data SVM. Important notes: * You must enable the policy on an SVM before its files can be scanned. * You can enable only one On-Access policy at a time on an SVM. By default, the policy is enabled on creation. * If the Vscan On-Access policy has been created successfully on an SVM but cannot be enabled due to an error, the Vscan On-Access policy configurations are saved. The Vscan On-Access policy is then enabled using the PATCH operation.

Required properties

  • svm.uuid - Existing SVM in which to create the Vscan On-Access policy.
  • name - Name of the Vscan On-Access policy. Maximum length is 256 characters.

Default property values

If not specified in POST, the following default property values are assigned: * enabled - true * mandatory - true * include_extensions - * * max_file_size - 2147483648 * only_execute_access - false * scan_readonly_volumes - false * scan_without_extension - true

  • vserver vscan on-access-policy create
  • vserver vscan on-access-policy enable
  • vserver vscan on-access-policy disable
  • vserver vscan on-access-policy file-ext-to-include add
  • vserver vscan on-access-policy file-ext-to-exclude add
  • vserver vscan on-access-policy paths-to-exclude add

Learn more


Send this object to the host as a creation request.

Args

hydrate
If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

Inherited members

class VscanOnAccessSchema (*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

The fields of the VscanOnAccess object

Ancestors

  • netapp_ontap.resource.ResourceSchema
  • marshmallow.schema.Schema
  • marshmallow.base.SchemaABC

Class variables

enabled GET POST PATCH

Status of the On-Access Vscan policy

mandatory GET POST PATCH

Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning.

name GET POST

On-Access policy ame

Example: on-access-test

scope GET POST PATCH

The scope field of the vscan_on_access.