Firewall rules automation

Hello everybody.

We are evaluating ManageIQ in our company, and the product seems to be a good solution.

However, I’m trying to build a custom workflow to automate custom services, not necessarily related to VMs, Containers or custom stacks. I want to be able to create a custom form with an array of multiple input elements so that I can manage some custom service. You can imagine things like DNS records manager or firewall rules. Let’s focus on firewall rules since is more easy to explain.

Process:

  • User select a VLAN from an input drop menu, automatic filled with VLAN IDs that the user has permission.

  • After the user select this VLAN ID, the form page is updated with a multiple text input fields (array of input text box) containing firewall rules for this VLAN: Rule ID, Source IP/net, Destination IP/net, port, protocol. One rule by line.

  • The user can: Erase one or more lines (rules); Edit one or more lines; Create one or more lines.

  • The user make the modifications and submit the form.

  • The underlying workflow update the rules using ansible.

I can see how to make some steps of this process, but can’t figure out how to create this custom form with an array of input box. Is this possible in ManageIQ? How can I accomplish this task?

Already searched in this forum, and have read the docs and couldn’t find a solution. What I found:

Example just to ilustrate the “array of input box” (found on google. Not fully what I want): https://documentation.meraki.com/@api/deki/files/6188/2017-07-24_09_05_40-Traffic_Shaping_-_Meraki_Dashboard.png?revision=1&size=bestfit&width=642&height=456

Hi Livio,

The way I have seen this done in the past is to use dynamic text boxes to automatically hide / show the elements. The dynamic text boxes can be triggered based on a drop down of the number of text boxes you want or some other logic. They would start as not visible, and when triggered by the chose dialog element, can be set to visible.

In automate, you can have a single method and multiple instances pointed at the method to to define the array element number and set it visible or not based on that criteria. Below is a sample method for hiding / showing text boxes that could be modified for your purpose:

#
# Method: hide_show_text_box.rb
#
# Description: Dynamically hide / show a text or check box.
#

def bail_out(value=nil, visible=true)
  set_values_and_exit(value, visible)
  exit MIQ_OK
end

def set_values_and_exit(value=nil, visible=true)
  $evm.object['visible'] = visible
  $evm.object['required'] = visible
  $evm.object['required'] = false if $evm.object['override_required'] == 'false'
  $evm.object['value'] = $evm.object['default_value'] if $evm.object['default_value'].present?
  $evm.object['value'] = value if value.present?
end

@debug = true
$evm.root.attributes.sort.each { |k, v| $evm.log(:info, "root: #{k}: #{v}") } if @debug
$evm.object.attributes.sort.each { |k, v| $evm.log(:info, "object: #{k}: #{v}") } if @debug

field_name = 'dialog_' + $evm.object['hide_show_field_name']
field_value = $evm.object['hide_show_field_value']
value = $evm.object[field_name]

$evm.log(:info, "field_name: #{field_name}") if @debug
$evm.log(:info, "field_value: #{field_value}") if @debug
$evm.log(:info, "value: #{value}") if @debug

bail_out($evm.object['false_value'], false) unless value == field_value

set_values_and_exit($evm.object['true_value'])

This won’t give you results in array format. If that is what you need, I would recommend naming the dialog elements sequentially and walking them to put the results into an array, probably as part of the pre states in the service request state machine.

-Jeff

Same here. Just keep in mind, that dynamic elements refreshes take time.
If a User wants to create 50 entries and has to wait a few moments for the next element to appear, it might be a worse experience than presenting him with all textboxes at once

Another approach we sometimes use is, to require the user to write the data in a specific format (e.g. comma separated) using a big textarea. Pretty ugly, but effective. Espacially if you can assume the user can copy/paste it from somewhere

Multi-Select dropdown work pretty good too, if you can anticipate the possible values