Compliance rules
Required Roles | n/a |
Required Rights (by category) |
Compliance Rules |
Perspective | Configuration Management |
Access | DROPS Server → Compliance |
Execute Compliance rules to check that target environments comply to given requirements. The requirements are specific to your needs and can change from one rule to the next. Users with the rights to do so can create or import compliance rules according to the properties to be tested and group compliance rules into rule sets. Rule sets are an ensemble of related compliance rules aimed to be used together for an environment.
Execute the set of rules on an environment, or one or more infrastructure items before carrying out the deployment process. See the results of the tests in the compliance reports and make the necessary changes to the properties of the target environment if needed.
The Compliance Rule Repository search view is accessed from the Compliance node in the Configuration Explorer.
There are two ways to create compliance rules:
- Create a new compliance rule using the Create a new compliance rule wizard.
- Duplicate an existing compliance rule to quickly create a copy of the rule that can be modified.
Follow the subsequent steps to create a new compliance rule.
Step 1 Click the create icon in the Compliance Rule Repository search view or right-click anywhere in the view and select Create a new compliance rule to open the Create a new compliance rule wizard.
Step 2 Define the Rule Code and Rule Name. The Technical Platform and Infrastructure Item Type are not mandatory but highly recommended. These values can be edited later.
Click Next > to continue.
Step 3 Selected the Ant project file from an external source. The Ant project file constitutes the content of the compliance rule and can be edited later.
Click Finish.
Result The new rules are displayed in the Compliance Rule Repository search view.
You can Duplicate a compliance rule to quickly create a copy of the rule that can be modified. Select a rule in the list and click the duplicate icon.
Compliance rules have two editors. The main editor is where the properties and definitions of the rule can be added or modified. The other editor view is used to write or modify the rule’s script content.
Follow the subsequent steps to edit a compliance rule's properties.
Step 1 Select a compliance rule and click the edit icon in the Compliance Rule Repository search view.
Step 2 Edit the compliance rule's identification properties if needed.
- Rule Code
- A unique string that identifies the rule. This label is used throughout DROPS to select the entity.
- Rule Name
- A label used to give a descriptive name the rule. This label is used throughout DROPS to select the entity.
- Technical Platform
-
[Optional] Select the technical platform type if the rule should or can only be used on a certain OS.
Technical platforms refer to the service to which an infrastructure item points. They are defined by an administrator in the Preferences menu.
ReferenceFor more information about technical platforms, refer to Defining technical platforms.
- Infrastructure Item Type
-
[Optional] Select the type of infrastructure item targeted by this rule. Infrastructure item types are defined by the administrator in the Preferences menu.
ReferenceFor more information about types, refer to Entity types.
- Rule Description
- [Optional] Enter a descriptive text for the compliance rule.
Step 3 Define the compliance rule's functional properties.
- Rule Validation
-
Expected Value: Define a value that is expected when the rule is executed.
Property Name: Define a target property that is expected when the rule is executed. If the element tested complies to the rule’s requirements, it is marked as succeeded, otherwise it is marked as failed.
- Update infrastructure item property
-
[Optional] If active, this option will update the infrastructure item's properties with those defined in the compliance rule.
Important!This option will act on the infrastructure item's properties and must be used with care.
Save the changes (, Ctrl+S
or File > Save).
Editing the content of a compliance rule can be done directly in the DROPS Studio. DROPS uses Eclipse's Ant Editor which offers shortcuts (Ctrl+space) to provide easy access to all of the Ant project templates, tasks, parameters and variables available.
Select a rule and click the edit content icon or right-click on a rule in the Compliance Rules Repository search view and select Edit Content. The rule content editor can also be reached by clicking the edit content icon in the Compliance Rule editor.
The Ant Editor is opened where you can write or edit the content of any rule.
If a new compliance rule is created without content (no Ant project uploaded), a template is automatically added to the content editor.
Save the changes (, Ctrl+S
or File > Save).
Exporting and importing compliance rules is useful when sharing rules between multiple DROPS servers or users.
Compliance rules are exported as (*.xml) files that contain all the rule’s properties and content.
Compliance rules that were previously exported from DROPS can be imported into DROPS again and all of the details that come from the original exported rule are retrieved. DROPS interprets the rule's properties and content, as well as any other, additional information, and populates the corresponding fields in the editor automatically.
Later modifications to the rule's properties or content applied to the imported rule will override the properties retrieved from the import.
Follow the subsequent steps to export compliance rules.
Step 1 Select the rule in the Compliance Rules Repository search view then click the export icon, or right-click on the rule then select Export rule.
Step 2 Select the location in which to save the rule and change the File name if needed. By default, rules are exported with the File name <RuleName>.xml.
Do not change the extension type (.xml) that is automatically included in the rule’s file name.
Click Save.
Result The rules are available externally and can be imported as such for other DROPS servers or users.
Follow the subsequent steps to import a compliance rule into DROPS.
Step 1 Click the import icon in the Compliance Rule Repository search view, or right-click anywhere in the view and select Import rule.
Step 2 Click the browse button and select the rule .xml file. Click Finish.
Result Imported rules are displayed in the Compliance Rule Repository search view. Refresh the list view if necessary by clicking the Search button.
Even if only one compliance rule will be executed on an environment or an infrastructure item, the rule must be placed into a rule set to launch the execution. Individual rules cannot be executed outside sets. Rule sets are an ensemble of related compliance rules that aimed to be used together in an environment.
Execute the set of rules on an environment's infrastructure items or on an individual infrastructure item.
Follow the subsequent steps to group rules into a compliance rule set.
Step 1 Create a compliance rule set. Click the create icon in the Compliance Rule Sets search view or right-click anywhere in the view and select Create a new compliance rule set to open the wizard.
Step 2 Define the rule set’s code and name. These values can be edited later. Click Finish.
Step 3 Add compliance rules to the rule set. In the editor, click the Add Rule button and select from the list of rules. Ctrl+click to add multiple rules to the set.
Result Rule sets are displayed in the Compliance Rule Sets search view.
Compliance rule sets can be executed on all of the infrastructure items that belong to an environment or on individual infrastructure items.
Select an environment or infrastructure item in their respective search views and click on the execute rule set icon or right-click on one and select Execute rule set. Choose the rule set to run from the dialog. Click OK.
For each infrastructure item, the compliance rule's Execution Start Date and End Date is specified. Each compliance rule in a set are executed consecutively, one after the other.
When executing a set of rules on an environment, all the rules of the set are applied to all the infrastructure items defined in the environment.
When executing a set of rules on an infrastructure item, all the rules in the set are applied to the item.
Logs report the details of what happened when testing an infrastructure item against the rule’s requirements.
Reports summarize the execution results of a compliance rule set for each infrastructure item in an environment.
The report displays all the details of the compliance rule’s execution. Each entry is a link to the execution’s log file. Double clicking on an entry opens the log file.
Succeeded | The infrastructure item that complied with the rule's requirement. |
Failed | The infrastructure item that failed to comply with the rule's requirement. |
Not Available | The result is not known yet. The compliance rule’s execution is not completed. |
Not Compatible | The compliance rule is not compatible with the infrastructure item type. |
All the compliance reports for any environment are managed in the Compliance Report search view. Reports are also available from the Compliance tabs in the individual Environment.
Follow the subsequent steps to search for compliance reports.
Step 1 Select Compliance Reports from the Compliance node in the Configuration Explorer.
Step 2 When the search view is opened, the list of compliance reports may be empty. Use the search criteria sections to filter the search.
- To search for a report by its environment or rule set, enter all or part of the information in the corresponding field.
- To search for a report by the Execution Start Date or End Date, tick the corresponding box and select the date from the calendar.
Enter any combination of the above search criteria, then click the Search button to display the results. To display the complete list, click the Search button without entering any search criteria.
To display all of the items by default each time the search view is opened, select the auto search icon.
Result The Compliance Report search view displays all of the reports that meet the search criteria.
Deleted compliance rules cannot be accessed or recovered. They are no longer available for any rule set in which they may have been included.
Deleting a rule set does not delete the individual rules that are included but it can no longer be accessed or used to test.
Select the compliance rule or rule set in its corresponding search view and either click the delete icon or right-click on it and select Delete. Click OK to confirm or click Cancel to keep the compliance rule/set.