cisco_node_utils 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +2 -0
  3. data/.rubocop.yml +3 -0
  4. data/.rubocop_todo.yml +293 -0
  5. data/CHANGELOG.md +5 -0
  6. data/CONTRIBUTING.md +31 -0
  7. data/Gemfile +4 -0
  8. data/LICENSE +201 -0
  9. data/README.md +113 -0
  10. data/Rakefile +4 -0
  11. data/cisco_node_utils.gemspec +30 -0
  12. data/lib/cisco_node_utils.rb +33 -0
  13. data/lib/cisco_node_utils/README_YAML.md +333 -0
  14. data/lib/cisco_node_utils/cisco_cmn_utils.rb +92 -0
  15. data/lib/cisco_node_utils/command_reference.rb +415 -0
  16. data/lib/cisco_node_utils/command_reference_common.yaml +845 -0
  17. data/lib/cisco_node_utils/command_reference_n3064.yaml +13 -0
  18. data/lib/cisco_node_utils/command_reference_n7k.yaml +48 -0
  19. data/lib/cisco_node_utils/command_reference_n9k.yaml +35 -0
  20. data/lib/cisco_node_utils/configparser_lib.rb +196 -0
  21. data/lib/cisco_node_utils/interface.rb +501 -0
  22. data/lib/cisco_node_utils/interface_ospf.rb +241 -0
  23. data/lib/cisco_node_utils/node.rb +673 -0
  24. data/lib/cisco_node_utils/platform.rb +184 -0
  25. data/lib/cisco_node_utils/platform_info.rb +58 -0
  26. data/lib/cisco_node_utils/platform_info.yaml +10 -0
  27. data/lib/cisco_node_utils/router_ospf.rb +96 -0
  28. data/lib/cisco_node_utils/router_ospf_vrf.rb +258 -0
  29. data/lib/cisco_node_utils/snmpcommunity.rb +91 -0
  30. data/lib/cisco_node_utils/snmpgroup.rb +55 -0
  31. data/lib/cisco_node_utils/snmpserver.rb +150 -0
  32. data/lib/cisco_node_utils/snmpuser.rb +342 -0
  33. data/lib/cisco_node_utils/tacacs_server.rb +175 -0
  34. data/lib/cisco_node_utils/tacacs_server_host.rb +128 -0
  35. data/lib/cisco_node_utils/version.rb +17 -0
  36. data/lib/cisco_node_utils/vlan.rb +153 -0
  37. data/lib/cisco_node_utils/vtp.rb +127 -0
  38. data/lib/cisco_node_utils/yum.rb +84 -0
  39. data/tests/basetest.rb +93 -0
  40. data/tests/ciscotest.rb +136 -0
  41. data/tests/cmd_config.yaml +51 -0
  42. data/tests/cmd_config_invalid.yaml +16 -0
  43. data/tests/test_all_cisco.rb +46 -0
  44. data/tests/test_command_config.rb +192 -0
  45. data/tests/test_command_reference.rb +222 -0
  46. data/tests/test_interface.rb +1017 -0
  47. data/tests/test_interface_ospf.rb +763 -0
  48. data/tests/test_interface_svi.rb +267 -0
  49. data/tests/test_interface_switchport.rb +722 -0
  50. data/tests/test_node.rb +108 -0
  51. data/tests/test_node_ext.rb +450 -0
  52. data/tests/test_platform.rb +188 -0
  53. data/tests/test_router_ospf.rb +164 -0
  54. data/tests/test_router_ospf_vrf.rb +753 -0
  55. data/tests/test_snmpcommunity.rb +344 -0
  56. data/tests/test_snmpgroup.rb +71 -0
  57. data/tests/test_snmpserver.rb +443 -0
  58. data/tests/test_snmpuser.rb +803 -0
  59. data/tests/test_tacacs_server.rb +388 -0
  60. data/tests/test_tacacs_server_host.rb +391 -0
  61. data/tests/test_vlan.rb +264 -0
  62. data/tests/test_vtp.rb +319 -0
  63. data/tests/test_yum.rb +106 -0
  64. metadata +188 -0
@@ -0,0 +1,91 @@
1
+ #
2
+ # NXAPI implementation of SnmpCommunity class
3
+ #
4
+ # December 2014, Alex Hunsberger
5
+ #
6
+ # Copyright (c) 2014-2015 Cisco and/or its affiliates.
7
+ #
8
+ # Licensed under the Apache License, Version 2.0 (the "License");
9
+ # you may not use this file except in compliance with the License.
10
+ # You may obtain a copy of the License at
11
+ #
12
+ # http://www.apache.org/licenses/LICENSE-2.0
13
+ #
14
+ # Unless required by applicable law or agreed to in writing, software
15
+ # distributed under the License is distributed on an "AS IS" BASIS,
16
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17
+ # See the License for the specific language governing permissions and
18
+ # limitations under the License.
19
+
20
+ require File.join(File.dirname(__FILE__), 'node')
21
+
22
+ module Cisco
23
+ class SnmpCommunity
24
+ @@communities = nil
25
+ @@node = Cisco::Node.instance
26
+
27
+ def initialize(name, group, instantiate=true)
28
+ raise TypeError unless name.is_a?(String) and group.is_a?(String)
29
+ @name = name
30
+
31
+ if instantiate
32
+ @@node.config_set("snmp_community", "community", "", name, group)
33
+ end
34
+ end
35
+
36
+ def SnmpCommunity.communities
37
+ @@communities = {}
38
+ comms = @@node.config_get("snmp_community", "all_communities")
39
+ unless comms.nil?
40
+ comms.each { |comm|
41
+ @@communities[comm] = SnmpCommunity.new(comm, "", false)
42
+ }
43
+ end
44
+ @@communities
45
+ end
46
+
47
+ def destroy
48
+ # CLI requires specifying a group even for "no" commands
49
+ @@node.config_set("snmp_community", "community", "no", @name, "null")
50
+ @@communities.delete(@name) unless @@communities.nil?
51
+ end
52
+
53
+ # name is read only
54
+ # def name
55
+ # @name
56
+ # end
57
+
58
+ def group
59
+ result = @@node.config_get("snmp_community", "group", @name)
60
+ result.nil? ? SnmpCommunity.default_group : result.first
61
+ end
62
+
63
+ def group=(group)
64
+ raise TypeError unless group.is_a?(String)
65
+ @@node.config_set("snmp_community", "group", @name, group)
66
+ end
67
+
68
+ def SnmpCommunity.default_group
69
+ @@node.config_get_default("snmp_community", "group")
70
+ end
71
+
72
+ def acl
73
+ result = @@node.config_get("snmp_community", "acl", @name)
74
+ result.nil? ? SnmpCommunity.default_acl : result.first
75
+ end
76
+
77
+ def acl=(acl)
78
+ raise TypeError unless acl.is_a?(String)
79
+ if acl.empty?
80
+ acl = self.acl
81
+ @@node.config_set("snmp_community", "acl", "no", @name, acl) unless acl.empty?
82
+ else
83
+ @@node.config_set("snmp_community", "acl", "", @name, acl)
84
+ end
85
+ end
86
+
87
+ def SnmpCommunity.default_acl
88
+ @@node.config_get_default("snmp_community", "acl")
89
+ end
90
+ end
91
+ end
@@ -0,0 +1,55 @@
1
+ #
2
+ # NXAPI implementation of SnmpGroup class
3
+ #
4
+ # February 2015, Chris Van Heuveln
5
+ #
6
+ # Copyright (c) 2015 Cisco and/or its affiliates.
7
+ #
8
+ # Licensed under the Apache License, Version 2.0 (the "License");
9
+ # you may not use this file except in compliance with the License.
10
+ # You may obtain a copy of the License at
11
+ #
12
+ # http://www.apache.org/licenses/LICENSE-2.0
13
+ #
14
+ # Unless required by applicable law or agreed to in writing, software
15
+ # distributed under the License is distributed on an "AS IS" BASIS,
16
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17
+ # See the License for the specific language governing permissions and
18
+ # limitations under the License.
19
+ #
20
+ # "group" is a standard SNMP term but in NXOS "role" is used to serve the
21
+ # purpose of group; thus this provider utility does not create snmp groups
22
+ # and is limited to reporting group (role) existence only.
23
+
24
+ require File.join(File.dirname(__FILE__), 'node')
25
+
26
+ module Cisco
27
+ class SnmpGroup
28
+ attr_reader :name
29
+
30
+ @@node = Cisco::Node.instance
31
+
32
+ def initialize(name)
33
+ raise TypeError unless name.is_a?(String)
34
+ @name = name
35
+ end
36
+
37
+ def self.groups
38
+ group_ids = @@node.config_get("snmp_group", "group")
39
+ return {} if group_ids.nil?
40
+
41
+ hash = {}
42
+ group_ids.each do |name|
43
+ hash[name] = SnmpGroup.new(name)
44
+ end
45
+ hash
46
+ end
47
+
48
+ def self.exists?(group)
49
+ raise ArgumentError if group.empty?
50
+ raise TypeError unless group.is_a? String
51
+ groups = @@node.config_get("snmp_group", "group")
52
+ (!groups.nil? and groups.include? group)
53
+ end
54
+ end
55
+ end
@@ -0,0 +1,150 @@
1
+ #
2
+ # NXAPI implementation of SnmpCommunity class
3
+ #
4
+ # November 2014, Alex Hunsberger
5
+ #
6
+ # Copyright (c) 2014-2015 Cisco and/or its affiliates.
7
+ #
8
+ # Licensed under the Apache License, Version 2.0 (the "License");
9
+ # you may not use this file except in compliance with the License.
10
+ # You may obtain a copy of the License at
11
+ #
12
+ # http://www.apache.org/licenses/LICENSE-2.0
13
+ #
14
+ # Unless required by applicable law or agreed to in writing, software
15
+ # distributed under the License is distributed on an "AS IS" BASIS,
16
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17
+ # See the License for the specific language governing permissions and
18
+ # limitations under the License.
19
+
20
+ require File.join(File.dirname(__FILE__), 'node')
21
+
22
+ module Cisco
23
+ class SnmpServer
24
+ @@node = Cisco::Node.instance
25
+
26
+ def aaa_user_cache_timeout
27
+ match = @@node.config_get("snmp_server", "aaa_user_cache_timeout")
28
+ # regex in yaml returns an array result, use .first to get match
29
+ match.nil? ? default_aaa_user_cache_timeout : match.first.to_i
30
+ end
31
+
32
+ def aaa_user_cache_timeout=(timeout)
33
+ if timeout == default_aaa_user_cache_timeout
34
+ @@node.config_set("snmp_server", "aaa_user_cache_timeout", "no",
35
+ aaa_user_cache_timeout)
36
+ else
37
+ @@node.config_set("snmp_server", "aaa_user_cache_timeout", "", timeout)
38
+ end
39
+ end
40
+
41
+ def default_aaa_user_cache_timeout
42
+ @@node.config_get_default("snmp_server", "aaa_user_cache_timeout")
43
+ end
44
+
45
+ def location
46
+ match = @@node.config_get("snmp_server", "location")
47
+ match.nil? ? default_location : match
48
+ end
49
+
50
+ def location=(location)
51
+ raise TypeError unless location.is_a?(String)
52
+ if location.empty?
53
+ @@node.config_set("snmp_server", "location", "no", "")
54
+ else
55
+ @@node.config_set("snmp_server", "location", "", location)
56
+ end
57
+ end
58
+
59
+ def default_location
60
+ @@node.config_get_default("snmp_server", "location")
61
+ end
62
+
63
+ def contact
64
+ match = @@node.config_get("snmp_server", "contact")
65
+ match.nil? ? default_contact : match
66
+ end
67
+
68
+ def contact=(contact)
69
+ raise TypeError unless contact.is_a?(String)
70
+ if contact.empty?
71
+ @@node.config_set("snmp_server", "contact", "no", "")
72
+ else
73
+ @@node.config_set("snmp_server", "contact", "", contact)
74
+ end
75
+ end
76
+
77
+ def default_contact
78
+ @@node.config_get_default("snmp_server", "contact")
79
+ end
80
+
81
+ def packet_size
82
+ match = @@node.config_get("snmp_server", "packet_size")
83
+ # regex in yaml returns an array result, use .first to get match
84
+ match.nil? ? default_packet_size : match.first.to_i
85
+ end
86
+
87
+ def packet_size=(size)
88
+ if size == 0
89
+ ps = packet_size
90
+ @@node.config_set("snmp_server", "packet_size", "no", ps) unless ps == 0
91
+ else
92
+ @@node.config_set("snmp_server", "packet_size", "", size)
93
+ end
94
+ end
95
+
96
+ def default_packet_size
97
+ @@node.config_get_default("snmp_server", "packet_size")
98
+ end
99
+
100
+ def global_enforce_priv?
101
+ not @@node.config_get("snmp_server", "global_enforce_priv").nil?
102
+ end
103
+
104
+ def global_enforce_priv=(enforce)
105
+ if enforce
106
+ @@node.config_set("snmp_server", "global_enforce_priv", "")
107
+ else
108
+ @@node.config_set("snmp_server", "global_enforce_priv", "no")
109
+ end
110
+ end
111
+
112
+ def default_global_enforce_priv
113
+ @@node.config_get_default("snmp_server", "global_enforce_priv")
114
+ end
115
+
116
+ def protocol?
117
+ match = @@node.config_get("snmp_server", "protocol")
118
+ not match.nil? and match.include?("Enable")
119
+ end
120
+
121
+ def protocol=(enable)
122
+ if enable
123
+ @@node.config_set("snmp_server", "protocol", "")
124
+ else
125
+ @@node.config_set("snmp_server", "protocol", "no")
126
+ end
127
+ end
128
+
129
+ def default_protocol
130
+ @@node.config_get_default("snmp_server", "protocol")
131
+ end
132
+
133
+ def tcp_session_auth?
134
+ match = @@node.config_get("snmp_server", "tcp_session_auth")
135
+ not match.nil? and match.include?("Enabled")
136
+ end
137
+
138
+ def tcp_session_auth=(enable)
139
+ if enable
140
+ @@node.config_set("snmp_server", "tcp_session_auth", "", "auth")
141
+ else
142
+ @@node.config_set("snmp_server", "tcp_session_auth", "no", "")
143
+ end
144
+ end
145
+
146
+ def default_tcp_session_auth
147
+ @@node.config_get_default("snmp_server", "tcp_session_auth")
148
+ end
149
+ end
150
+ end
@@ -0,0 +1,342 @@
1
+ # Copyright (c) 2014-2015 Cisco and/or its affiliates.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require File.join(File.dirname(__FILE__), 'node')
16
+
17
+ module Cisco
18
+ SNMP_USER_NAME_KEY = "user"
19
+ SNMP_USER_GROUP_KEY = "group"
20
+ SNMP_USER_AUTH_KEY = "auth"
21
+ SNMP_USER_PRIV_KEY = "priv"
22
+ SNMP_USER_ENGINE_ID = "engineID"
23
+ SNMP_USER_ENGINE_ID_PATTERN = /([0-9]{1,3}(:[0-9]{1,3}){4,31})/
24
+
25
+ class SnmpUser
26
+ @@users = {}
27
+ @@node = Cisco::Node.instance
28
+
29
+ def initialize(name, groups, authproto, authpass, privproto,
30
+ privpass, localizedkey, engineid, instantiate=true)
31
+ raise TypeError unless name.is_a?(String)
32
+ raise ArgumentError if name.empty?
33
+ raise TypeError unless groups.is_a?(Array)
34
+ raise TypeError unless authproto.is_a?(Symbol)
35
+ raise TypeError unless authpass.is_a?(String)
36
+ # empty password but protocol provided = bad
37
+ # non-empty password and no protocol provided = bad
38
+ raise ArgumentError if authpass.empty? and [:sha, :md5].include?(authproto) and instantiate
39
+ raise ArgumentError if not authpass.empty? and not [:sha, :md5].include?(authproto)
40
+ raise TypeError unless privproto.is_a?(Symbol)
41
+ raise TypeError unless privpass.is_a?(String)
42
+ raise ArgumentError if privpass.empty? and [:des, :aes128].include?(privproto) and instantiate
43
+ raise ArgumentError if not privpass.empty? and not [:des, :aes128].include?(privproto)
44
+ raise TypeError unless !!localizedkey == localizedkey # bool check
45
+ raise TypeError unless engineid.is_a?(String)
46
+
47
+ @name = name
48
+ @engine_id = engineid
49
+
50
+ @authproto = authproto
51
+ @privproto = privproto
52
+ @groups_arr = groups
53
+
54
+ authprotostr = _auth_sym_to_str(authproto)
55
+ privprotostr = _priv_sym_to_str(privproto)
56
+
57
+ # Config string syntax:
58
+ # [no] snmp-server user <user> [group] [auth {md5|sha} <passwd1> [priv [aes-128] <passwd2>] [localizedkey] [engineID <id>]]
59
+ if instantiate
60
+ # assume if multiple groups, apply all config to each
61
+ groups = [""] if groups.empty?
62
+ groups.each { |group|
63
+ @@node.config_set("snmp_user", "user", "",
64
+ name,
65
+ group,
66
+ authpass.empty? ? "" : "auth #{authprotostr} #{authpass}",
67
+ privpass.empty? ? "" : "priv #{privprotostr} #{privpass}",
68
+ localizedkey ? "localizedkey" : "",
69
+ engineid.empty? ? "" : "engineID #{engineid}")
70
+ }
71
+ end
72
+ end
73
+
74
+ def SnmpUser.users
75
+ @@users = {}
76
+ # config_get returns hash if 1 user, array if multiple, nil if none
77
+ users = @@node.config_get("snmp_user", "user")
78
+ unless users.nil?
79
+ users = [users] if users.is_a?(Hash)
80
+ users.each { |user|
81
+ name = user[SNMP_USER_NAME_KEY]
82
+ engineid = user[SNMP_USER_ENGINE_ID]
83
+ if engineid.nil?
84
+ index = name
85
+ else
86
+ engineid_str = engineid.match(SNMP_USER_ENGINE_ID_PATTERN)[1]
87
+ index = name + " " + engineid_str
88
+ end
89
+ auth = _auth_str_to_sym(user[SNMP_USER_AUTH_KEY])
90
+ priv = _priv_str_to_sym(user[SNMP_USER_PRIV_KEY])
91
+
92
+ groups_arr = []
93
+ groups = _user_to_groups(user)
94
+ groups.each { |group| groups_arr << group[SNMP_USER_GROUP_KEY].strip }
95
+
96
+ @@users[index] = SnmpUser.new(name, groups_arr, auth,
97
+ "", priv, "", false, engineid.nil? ? "": engineid_str, false)
98
+ }
99
+ end
100
+ @@users
101
+ end
102
+
103
+ def destroy
104
+ # the parser doesn't care what the real value is but need to come to the
105
+ # end of the parser chain. Hence we just pass in some fake values for
106
+ # auth method and password
107
+ @@node.config_set("snmp_user", "user", "no",
108
+ @name, "",
109
+ (auth_password.nil? or auth_password.empty?) ?
110
+ "": "auth #{_auth_sym_to_str(auth_protocol)} #{auth_password}",
111
+ (priv_password.nil? or priv_password.empty?) ?
112
+ "": "priv #{_priv_sym_to_str(priv_protocol)} #{priv_password}",
113
+ (auth_password.nil? or auth_password.empty?) ?
114
+ "" : "localizedkey",
115
+ @engine_id.empty? ? "" : "engineID #{@engine_id}")
116
+ @@users.delete(@name + " " + @engine_id)
117
+ end
118
+
119
+ attr_reader :name
120
+
121
+ def groups
122
+ @groups_arr
123
+ end
124
+
125
+ def SnmpUser.default_groups
126
+ [@@node.config_get_default("snmp_user", "group")]
127
+ end
128
+
129
+ def auth_protocol
130
+ @authproto
131
+ end
132
+
133
+ def SnmpUser.default_auth_protocol
134
+ _auth_str_to_sym(@@node.config_get_default("snmp_user", "auth_protocol"))
135
+ end
136
+
137
+ def SnmpUser.default_auth_password
138
+ @@node.config_get_default("snmp_user", "auth_password")
139
+ end
140
+
141
+ def SnmpUser.auth_password(name, engine_id)
142
+ if engine_id.empty?
143
+ users = @@node.config_get("snmp_user", "auth_password")
144
+ return nil if users.nil?
145
+ users.each_entry { |user|
146
+ return user[1] if user[0] == name
147
+ }
148
+ else
149
+ users = @@node.config_get("snmp_user", "auth_password_with_engine_id")
150
+ return nil if users.nil?
151
+ users.each_entry { |user|
152
+ return user[1] if user[0] == name and user[2] == engine_id
153
+ }
154
+ end
155
+ nil
156
+ end
157
+
158
+ def auth_password
159
+ SnmpUser.auth_password(@name, @engine_id)
160
+ end
161
+
162
+ def priv_protocol
163
+ @privproto
164
+ end
165
+
166
+ def SnmpUser.priv_password(name, engine_id)
167
+ if engine_id.empty?
168
+ users = @@node.config_get("snmp_user", "priv_password")
169
+ unless users.nil?
170
+ users.each_entry { |user|
171
+ return user[1] if user[0] == name
172
+ }
173
+ end
174
+ else
175
+ users = @@node.config_get("snmp_user", "priv_password_with_engine_id")
176
+ unless users.nil?
177
+ users.each_entry { |user|
178
+ return user[1] if user[0] == name and user[2] == engine_id
179
+ }
180
+ end
181
+ end
182
+ nil
183
+ end
184
+
185
+ def priv_password
186
+ SnmpUser.priv_password(@name, @engine_id)
187
+ end
188
+
189
+ def SnmpUser.default_priv_protocol
190
+ _priv_str_to_sym(@@node.config_get_default("snmp_user", "priv_protocol"))
191
+ end
192
+
193
+ def SnmpUser.default_priv_password
194
+ @@node.config_get_default("snmp_user", "priv_password")
195
+ end
196
+
197
+ attr_reader :engine_id
198
+
199
+ def SnmpUser.default_engine_id
200
+ @@node.config_get_default("snmp_user", "engine_id")
201
+ end
202
+
203
+ # passwords are hashed and so cannot be retrieved directly, but can be
204
+ # checked for equality. this is done by creating a fake user with the
205
+ # password and then comparing the hashes
206
+ def auth_password_equal?(passwd, is_localized=false)
207
+ throw TypeError unless passwd.is_a?(String)
208
+ return false if passwd.empty? or _auth_sym_to_str(auth_protocol).empty?
209
+ dummypw = passwd
210
+ pw = nil
211
+
212
+ if is_localized
213
+ # In this case, the password is hashed. We only need to get current
214
+ # running config to compare
215
+ pw = auth_password
216
+ else
217
+ # In this case passed in password is clear text while the running
218
+ # config is hashed value. We need to hash the
219
+ # passed in clear text to hash
220
+
221
+ # create dummy user
222
+ @@node.config_set("snmp_user", "user", "", "dummy_user", "",
223
+ "auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
224
+ "", "",
225
+ @engine_id.empty? ? "" : "engineID #{@engine_id}")
226
+
227
+ # retrieve password hashes
228
+ dummypw = SnmpUser.auth_password("dummy_user", @engine_id)
229
+ pw = auth_password
230
+
231
+ # delete dummy user
232
+ @@node.config_set("snmp_user", "user", "no", "dummy_user", "",
233
+ "auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
234
+ "", "localizedkey",
235
+ @engine_id.empty? ? "" : "engineID #{@engine_id}")
236
+ end
237
+ return false if pw.nil? or dummypw.nil?
238
+ pw == dummypw
239
+ end
240
+
241
+ def priv_password_equal?(passwd, is_localized=false)
242
+ throw TypeError unless passwd.is_a?(String)
243
+ return false if passwd.empty? or _auth_sym_to_str(auth_protocol).empty?
244
+ dummypw = passwd
245
+ pw = nil
246
+
247
+ if is_localized
248
+ # In this case, the password is hashed. We only need to get current
249
+ # and compare directly
250
+ pw = priv_password
251
+ else
252
+ # In this case passed in password is clear text while the running
253
+ # config is hashed value. We need to hash the
254
+ # passed in clear text to hash
255
+
256
+ # create dummy user
257
+ @@node.config_set("snmp_user", "user", "", "dummy_user", "",
258
+ "auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
259
+ "priv #{_priv_sym_to_str(priv_protocol)} #{dummypw}",
260
+ "",
261
+ @engine_id.empty? ? "" : "engineID #{@engine_id}")
262
+
263
+ # retrieve password hashes
264
+ dummypw = SnmpUser.priv_password("dummy_user", @engine_id)
265
+ pw = priv_password
266
+
267
+ # delete dummy user
268
+ @@node.config_set("snmp_user", "user", "no", "dummy_user", "",
269
+ "auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
270
+ "priv #{_priv_sym_to_str(priv_protocol)} #{dummypw}",
271
+ "localizedkey",
272
+ @engine_id.empty? ? "" : "engineID #{@engine_id}")
273
+ end
274
+ return false if pw.nil? or dummypw.nil?
275
+ pw == dummypw
276
+ end
277
+
278
+ private
279
+
280
+ def _auth_sym_to_str(sym)
281
+ case sym
282
+ when :sha
283
+ return "sha"
284
+ when :md5
285
+ return "md5"
286
+ else
287
+ return ""
288
+ end
289
+ end
290
+
291
+ def _priv_sym_to_str(sym)
292
+ case sym
293
+ when :des
294
+ return "" # no protocol specified defaults to DES
295
+ when :aes128
296
+ return "aes-128"
297
+ else
298
+ return ""
299
+ end
300
+ end
301
+
302
+ def _auth_str_to_sym(str)
303
+ SnmpUser._auth_str_to_sym(str)
304
+ end
305
+
306
+ # must be class method b/c it's used by default methods
307
+ def SnmpUser._auth_str_to_sym(str)
308
+ case str
309
+ when /sha/i
310
+ return :sha
311
+ when /md5/i
312
+ return :md5
313
+ else
314
+ return :none
315
+ end
316
+ end
317
+
318
+ def _priv_str_to_sym(str)
319
+ SnmpUser._priv_str_to_sym(str)
320
+ end
321
+
322
+ def SnmpUser._priv_str_to_sym(str)
323
+ case str
324
+ when /des/i
325
+ return :des
326
+ when /aes/i
327
+ return :aes128
328
+ else
329
+ return :none
330
+ end
331
+ end
332
+
333
+ def SnmpUser._user_to_groups(user_hash)
334
+ return [] if user_hash.nil?
335
+ groups = user_hash["TABLE_groups"]["ROW_groups"] unless
336
+ user_hash["TABLE_groups"].nil?
337
+ return [] if groups.nil?
338
+ groups = [groups] if groups.is_a?(Hash)
339
+ groups
340
+ end
341
+ end
342
+ end