audit_network_drift
audit_network_drift
Section titled “audit_network_drift”Compare current controller state to a declared YAML spec.
Read-only — never mutates the controller. Returns a structured diff showing fields that drifted, resources missing from the controller, and resources present on the controller that the spec did not declare.
Side effects:
- None (read-only). Lists networks, WLANs, and firewall rules.
Spec format (YAML, all sections optional):
networks: - name: "IoT" vlan: 50 subnet: "10.50.0.0/24"wlans: - name: "Cameras-IoT" network: "IoT" # references a network by name security: "wpapsk"firewall_rules: - name: "Block IoT to LAN" action: "drop" src: "10.50.0.0/24" dst: "192.168.86.0/24"Resources are matched by name (case-insensitive). Sections you omit
are not audited; sections you include audit BOTH directions (missing
and extra). To audit a section as “exactly these resources”, include it
explicitly. To audit as “at least these resources”, omit the section
and use audit_open_ports or other read-only tools instead.
Returns {"in_sync": bool, "controller": str, "summary": str, "drifts": [...]}. Each drift is {"resource_type", "name", "field", "expected", "actual"}. The synthetic field _resource
flags presence/absence of an entire resource (expected=null =
extra; actual=null = missing).
Example
Section titled “Example”audit_network_drift(spec_yaml="networks:\n - name: iot\n vlan: 50\n")Parameters
Section titled “Parameters”| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
spec_yaml | string | yes | — | The spec document, as a YAML string. |
controller | string | no | ”default” | Name of the UniFi controller to target. Defaults to "default". |