Would like to see NCM have IF/THEN/ELSE logic added to the compliance rules as well as the ability to test global configuration while testing config blocks.
Example use case: Needing to check all layer 3 interfaces for IP PIM and IGMPv3
IF
must contain regex: (ip multicast-routing.*|router.*) // device must be an IOS router or layer 3 switch that's capable of running multicast routing (global config check)
THEN
CONFIG BLOCK START: ^interface.*
IF
must contain regex: ip address ([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})
THEN
must contain string: ip pim spare-mode
AND
must contain string: ip igmp version 3
CONFIG BLOCK END: ^interface.*|^\!
Furthermore, for each condition within the rule, permit the following:
1. Allow to delete the first condition. Currently this isn't a way to remove the very first entry.
2. Allow to insert new conditions (above or below)
3. Allow to re-order the conditions.
It's very frustrating when you want to insert a condition in the middle of your rule, but you're only allowed to add a new condition to the bottom with no way of moving it up in the order once it's added. Also, I've found myself needing to delete the very first condition in the rule; however, there isn't a way to remove it (only subsequent conditions).