Configure change request creation from file
This section explains how to configure change request creation from file.
Change request from file process
Requestors can create new change requests from files attached to change requests. The process is as follows:
-
Note: In order to support creating change requests from a file, a request template's Create change requests from file field must be set to Yes, and the Request Type field must be set to Generic Change.
-
The requestor submits the change request.
-
FireFlow runs a parsing script that converts the attached file to XML format.
If the parsing script is configured for single change request creation, then all traffic lines in the file are interpreted as multiple traffic lines in a single change request. If the script is configured for multiple change request creation, each traffic line in the file is interpreted as a separate change request, and the change requests will all be linked to each other via their Depends On field.
-
FireFlow converts the XML file to one or more change requests.
By default, FireFlow uses an out-of-the-box parsing script, /usr/share/fireflow/local/bin/parse_excel_example.pl, which supports creating multiple change requests from a file, where all of the change request data is on a single worksheet, and the file format is one of the following:
- xls (Microsoft Excel up to 2003)
- xlsx (Microsoft Excel 2007 and up)
- sxc (OpenOffice 1.0 Spreadsheet)
- ods (OpenOffice Spreadsheet)
- csv (Coma-separated text values)
If desired, you can customize change request creation from a file in the following ways:
- Enable the creation of change requests from files in additional formats.
- Configure whether multiple or single change requests are created from each file.
-
Enable/disable file validity enforcement.
By default, FireFlow automatically checks uploaded files for errors. If an error is detected in a file, FireFlow alerts the requestor and halts change request creation for this file, until the error has been fixed. If desired, you can disable validity enforcement, in which case change requests will be created only from valid lines in the file.
-
Enable/disable automatic change request creation.
By default, FireFlow automatically creates change requests from uploaded files. If desired, you can require change request creation to be triggered manually later in the change request workflow, when a certain button is clicked. For information on how to perform this customization, contact AlgoSec Support.
-
Disable change request creation from a file (both automatic and manual).
To view a sample worksheet filled with data that is expected by the out-of-the-box parsing script, see /usr/share/fireflow/local/extras/Firewall Rules Request example.xls.
Configure change request creation from file
Note: If you are using multiple parsing scripts, you must perform this procedure for each script.
Do the following:
-
To enable the creation of change requests from files in a format that is not supported by the default parsing script, obtain a custom parsing script from AlgoSec Professional Services.
-
Log in to the FireFlow server using the username "root" and the related password.
-
Do one of the following:
- To work with the default parsing script, copy parse_excel_example.pl from /usr/share/fireflow/local/bin/ to /usr/share/fireflow/local/etc/site/bin/.
- To work with a custom parsing script, save the custom script under /usr/share/fireflow/local/etc/site/bin.
-
Give the parsing script execute permissions, by running the following command:
chmod a+x [script-name]
Where script-name is the name of the parsing script.
-
Use the generic procedure to set the configuration parameters described below. For details, see Override FireFlow system defaults.
Configuration Parameter Name Description Value AttachmentParsingScripts Setting this parameter is required to configure change request creation from a file.
The path of the parsing script.
For example, "/usr/share/fireflow/local/etc/site/bin/custom_parsing_script1.pl" => ["xls", "xlsx", "sxc", "ods", "csv"]
Seperate multiple parsing script paths with commas
AutoCreateTicketsFromAttachments Enables/disables automatic creation of change requests from files.
1. To enable automatic creation of change requests from uploaded files. (Default)
0. To require manual triggering of change request creation from uploaded files.
ForceValidAttachmentsBeforeCreateTickets Enables/disables validity enforcement for uploaded files.
1. To enable validity enforcement for uploaded files. (Default)
0. To disable validity enforcement for uploaded files.
-
To configure whether multiple change requests or a single change request is created from a file, do the following:
- Under /usr/share/fireflow/local/etc/site/bin/, open the parsing script.
-
Locate the following lines:
# In this example: Multiple tickets modemy $mode = $MULTIPLE_TICKETS_MODE;# Set mode to $SINGLE_TICKETS_MODE if you wish to work in single ticket mode# my $mode = $SINGLE_TICKETS_MODE;
-
Uncomment the my $mode line that reflects the mode you want to use, and comment the my $mode line that reflects the mode you do not want to use.
-
For example, to create a single change request from file, modify the lines as follows:
# In this example: Multiple tickets mode# my $mode = $MULTIPLE_TICKETS_MODE;# Set mode to $SINGLE_TICKETS_MODE if you wish to work in single ticket modemy $mode = $SINGLE_TICKETS_MODE;
-
Save the script.
-
Restart FireFlow.
Disable change request creation from file
Using the generic procedure for overriding system defaults, disable the configuration parameter AttachmentParsingScripts. For details, see Override FireFlow system defaults.
Note: After disabling this parameter, you must restart FireFlow for the change to take affect. For details, see Restart FireFlow.
Yes 
No 
