Programmatically access VM Compliance Results


#1

Hi everyone,

I have a use case where I want to programmatically access the compliance results for a specific VM or snapshot, and create a HTML email from the results.

Does anyone know how to access the compliance results for a specific VM or snapshot programmatically?

I’ve tried the following:

  • Checking the MiqAeService model chapter of Peter McGowan’s book for a compliance object
  • Checking the methods available to a VM (methods = $evm.vmdb(:vm).first.methods - Object.methods) for compliance methods
  • Checking the attributes available to a VM ($evm.vmdb(:vm).first.inspect)

I know I can access the results of a compliance report using the REST API, but this isn’t specific to a single VM - I’d have to find the correct results end-point, then filter for a specific VM in the report.

Any assistance is greatly appreciated.


#2

Hi all,

So, from IRB (using cloud-forms-utils), I can do:

vm = $evm.vmdb(:vm).first
Compliance.find_by_resource_id(vm.id)
comp.compliance_details

… which is exactly what I’m after, however the Compliance model isn’t exposed to the Automate Engine. Does anyone know how I can expose it? Maybe with a custom gem?

Shane


#3

If anyone else comes up against this issue, this is my thrifty fix:

  1. Create the file /var/www/miq/vmdb/lib/miq_automation_engine/service_models/miq_ae_service_compliance.rb with the following contents:

    module MiqAeMethodService
    class MiqAeServiceCompliance < MiqAeServiceModelBase
    expose :compliance_details, :association => true
    end
    end

(2) Create the file /var/www/miq/vmdb/lib/miq_automation_engine/service_models/miq_ae_service_compliance_detail.rb with the following contents:

module MiqAeMethodService
  class MiqAeServiceComplianceDetail < MiqAeServiceModelBase
    expose :compliance, :association => true
    expose :condition, :association => true
    expose :miq_policy, :association => true
  end
end

(3) Restart the ManageIQ appliance to reload the constants

(4) Test it out from an automate method:

comp = $evm.vmdb(:compliance).find_by_resource_id("ID of a VM")
comp_details = comp.compliance_details

#4

Thanks for sharing, we don’t need this right now but I bet we will in the not-so-distant future.

Matt


#5

No worries @hyclak. I’ll work up a PR over the next couple of days.