cisco_node_utils 0.9.0

data/lib/cisco_node_utils/tacacs_server.rb

@@ -0,0 +1,175 @@
+# TacacsServer provider class
+#
+# Mike Wiebe, January 2015
+#
+# Copyright (c) 2015 Cisco and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require File.join(File.dirname(__FILE__), 'node')
+
+module Cisco
+TACACS_SERVER_ENC_NONE = 0
+TACACS_SERVER_ENC_CISCO_TYPE_7 = 7
+TACACS_SERVER_ENC_UNKNOWN = 8
+
+class TacacsServer
+  @@node = Cisco::Node.instance
+
+  def initialize(instantiate=true)
+    enable if instantiate and not TacacsServer.enabled
+  end
+
+  # Check feature enablement
+  def TacacsServer.enabled
+    feat = @@node.config_get("tacacs_server", "feature")
+    return (!feat.nil? and !feat.empty?)
+  rescue Cisco::CliError => e
+    # cmd will syntax reject when feature is not enabled
+    raise unless e.clierror =~ /Syntax error/
+    return false
+  end
+
+  # Enable tacacs_server feature
+  def enable
+    @@node.config_set("tacacs_server", "feature", "")
+  end
+
+  # Disable tacacs_server feature
+  def destroy
+    @@node.config_set("tacacs_server", "feature", "no")
+  end
+
+  # --------------------
+  # Getters and Setters
+  # --------------------
+
+  # Set timeout
+  def timeout=(timeout)
+    # 'no tacacs timeout' will fail, just set it to the requested timeout value.
+    @@node.config_set("tacacs_server", "timeout", "", timeout)
+  end
+
+  # Get timeout
+  def timeout
+    match = @@node.config_get("tacacs_server", "timeout")
+    match.nil? ? TacacsServer.default_timeout : match.first.to_i
+  end
+
+  # Get default timeout
+  def TacacsServer.default_timeout
+    @@node.config_get_default("tacacs_server", "timeout")
+  end
+
+  # Set deadtime
+  def deadtime=(deadtime)
+    # 'no tacacs deadtime' will fail, just set it to the requested timeout value.
+    @@node.config_set("tacacs_server", "deadtime", "", deadtime)
+  end
+
+  # Get deadtime
+  def deadtime
+    match = @@node.config_get("tacacs_server", "deadtime")
+    match.nil? ? TacacsServer.default_deadtime : match.first.to_i
+  end
+
+  # Get default deadtime
+  def TacacsServer.default_deadtime
+    @@node.config_get_default("tacacs_server", "deadtime")
+  end
+
+  # Set directed_request
+  def directed_request=(state)
+    raise TypeError unless state == true || state == false
+    state == TacacsServer.default_directed_request ?
+      @@node.config_set("tacacs_server", "directed_request", "no") :
+      @@node.config_set("tacacs_server", "directed_request", "")
+  end
+
+  # Check if directed request is enabled
+  def directed_request?
+    match = @@node.config_get("tacacs_server", "directed_request")
+    return TacacsServer.default_directed_request if match.nil?
+    match.first[/^no/] ? false : true
+  end
+
+  # Get default directed_request
+  def TacacsServer.default_directed_request
+    @@node.config_get_default("tacacs_server", "directed_request")
+  end
+
+  # Set source interface
+  def source_interface=(name)
+    raise TypeError unless name.is_a? String
+    name.empty? ?
+      @@node.config_set("tacacs_server", "source_interface", "no", "") :
+      @@node.config_set("tacacs_server", "source_interface", "", name)
+  end
+
+  # Get source interface
+  def source_interface
+    # Sample output
+    # ip tacacs source-interface Ethernet1/1
+    # no tacacs source-interface
+    match = @@node.config_get("tacacs_server", "source_interface")
+    return TacacsServer.default_source_interface if match.nil?
+    # match_data will contain one of the following
+    # [nil, " Ethernet1/1"] or ["no", nil]
+    match[0][0] == "no" ? TacacsServer.default_source_interface : match[0][1]
+  end
+
+  # Get default source interface
+  def TacacsServer.default_source_interface
+    @@node.config_get_default("tacacs_server", "source_interface")
+  end
+
+  # Get encryption type used for the key
+  def encryption_type
+    match = @@node.config_get("tacacs_server", "encryption_type")
+    match.nil? ? TACACS_SERVER_ENC_UNKNOWN : match[0][0].to_i
+  end
+
+  # Get default encryption type
+  def TacacsServer.default_encryption_type
+    @@node.config_get_default("tacacs_server", "encryption_type")
+  end
+
+  # Get encryption password
+  def encryption_password
+    match = @@node.config_get("tacacs_server", "encryption_password")
+    match.nil? ? TacacsServer.default_encryption_password : match[0][1]
+  end
+
+  # Get default encryption password
+  def TacacsServer.default_encryption_password
+    @@node.config_get_default("tacacs_server", "encryption_password")
+  end
+
+  # Set encryption type and password
+  def encryption_key_set(enctype, password)
+    # if enctype is TACACS_SERVER_ENC_UNKNOWN, we will unset the key
+    if enctype == TACACS_SERVER_ENC_UNKNOWN
+       # if current encryption type is not TACACS_SERVER_ENC_UNKNOWN, we
+       # need to unset it. Otherwise the box is not configured with key, we
+       # don't need to do anything
+       if encryption_type != TACACS_SERVER_ENC_UNKNOWN
+          @@node.config_set("tacacs_server", "encryption", "no",
+                      encryption_type,
+                      encryption_password)
+       end
+    else
+       @@node.config_set("tacacs_server", "encryption", "", enctype, password)
+    end
+  end
+end
+end

data/lib/cisco_node_utils/tacacs_server_host.rb

@@ -0,0 +1,128 @@
+# TacacsServerHost class
+#
+# Alex Hunsberger, March 2015
+#
+# Copyright (c) 2015 Cisco and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require File.join(File.dirname(__FILE__), 'node')
+require File.join(File.dirname(__FILE__), 'tacacs_server')
+
+module Cisco
+class TacacsServerHost
+  attr_reader :name
+  @@node = Cisco::Node.instance
+  @@hosts = {}
+
+  def initialize(name, create=true)
+    raise TypeError unless name.is_a? String
+    raise ArgumentError if name.empty?
+    @name = name
+
+    if create
+      # feature Tacacs+ must be enabled to create a host
+      TacacsServer.new.enable unless TacacsServer.enabled
+      @@node.config_set("tacacs_server_host", "host", "", name)
+    end
+  end
+
+  def TacacsServerHost.hosts
+    @@hosts = {}
+
+    return @@hosts unless TacacsServer.enabled
+
+    hosts = @@node.config_get("tacacs_server_host", "hosts")
+    unless hosts.nil?
+      hosts = [hosts] if hosts.is_a?(Hash)
+      hosts.each { |name|
+        @@hosts[name] = TacacsServerHost.new(name, false) if @@hosts[name].nil?
+      }
+    end
+    @@hosts
+  end
+
+  def destroy
+    @@node.config_set("tacacs_server_host", "host", "no", @name)
+    @@hosts.delete(@name) unless @@hosts.nil?
+  end
+
+  def port
+    p = @@node.config_get("tacacs_server_host", "port", @name)
+    raise "unable to retrieve port information for #{@name}" if p.nil?
+    p.first.to_i
+  end
+
+  def port=(n)
+    @@node.config_set("tacacs_server_host", "port", @name, n.to_i)
+  end
+
+  def TacacsServerHost.default_port
+    @@node.config_get_default("tacacs_server_host", "port")
+  end
+
+  def encryption_type
+    type = @@node.config_get("tacacs_server_host", "encryption_type", @name)
+    type.nil? ? TACACS_SERVER_ENC_UNKNOWN : type.first.to_i
+  end
+
+  def TacacsServerHost.default_encryption_type
+    TacacsServer.default_encryption_type
+  end
+
+  def encryption_password
+    pass = @@node.config_get("tacacs_server_host", "encryption_password", @name)
+    pass.nil? ? TacacsServerHost.default_encryption_password : pass.first
+  end
+
+  def TacacsServerHost.default_encryption_password
+    @@node.config_get_default("tacacs_server_host", "encryption_password")
+  end
+
+  def encryption_key_set(enctype, password)
+    raise TypeError unless enctype.is_a? Fixnum
+    raise ArgumentError if password and not [TACACS_SERVER_ENC_NONE,
+                                             TACACS_SERVER_ENC_CISCO_TYPE_7,
+                                             TACACS_SERVER_ENC_UNKNOWN].include? enctype
+    # if enctype is TACACS_SERVER_ENC_UNKNOWN, we'll unset the key
+    if enctype == TACACS_SERVER_ENC_UNKNOWN
+      # if current encryption type is not TACACS_SERVER_ENC_UNKNOWN, we need
+      # to unset the key value. Otherwise, the box is not configured with key,
+      # thus we don't need to do anything
+      if encryption_type != TACACS_SERVER_ENC_UNKNOWN
+         @@node.config_set("tacacs_server_host", "encryption", "no", @name,
+                        encryption_type,
+                        encryption_password)
+      end
+    else
+      @@node.config_set("tacacs_server_host", "encryption", "", @name, enctype, password)
+    end
+  end
+
+  def timeout
+    t = @@node.config_get("tacacs_server_host", "timeout", @name)
+    t.nil? ? TacacsServerHost.default_timeout : t.first.to_i
+  end
+
+  def timeout=(t)
+    raise TypeError unless t.is_a? Fixnum
+    return if t == timeout
+
+    @@node.config_set("tacacs_server_host", "timeout", "", @name, t)
+  end
+
+  def TacacsServerHost.default_timeout
+    @@node.config_get_default("tacacs_server_host", "timeout")
+  end
+end
+end

data/lib/cisco_node_utils/version.rb

@@ -0,0 +1,17 @@
+# Copyright (c) 2015 Cisco and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module CiscoNodeUtils
+  VERSION = "0.9.0"
+end

data/lib/cisco_node_utils/vlan.rb

@@ -0,0 +1,153 @@
+# VLAN provider class
+#
+# Jie Yang, November 2014
+#
+# Copyright (c) 2014-2015 Cisco and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require File.join(File.dirname(__FILE__), 'node')
+require File.join(File.dirname(__FILE__), 'interface')
+
+module Cisco
+  VLAN_NAME_SIZE = 33
+
+  class Vlan
+    attr_reader :name, :vlan_id
+
+    @@node = Node.instance
+    raise TypeError if @@node.nil?
+
+    def initialize(vlan_id, instantiate=true)
+      @vlan_id = vlan_id.to_s
+      raise ArgumentError,
+        "Invalid value(non-numeric Vlan id)" unless @vlan_id[/^\d+$/]
+
+      create if instantiate
+    end
+
+    def Vlan.vlans
+      hash = {}
+      vlan_list = @@node.config_get("vlan", "all_vlans")
+      return hash if vlan_list.nil?
+
+      vlan_list.each do |id|
+        hash[id] = Vlan.new(id, false)
+      end
+      hash
+    end
+
+    def create
+      @@node.config_set("vlan", "create", @vlan_id)
+    end
+
+    def destroy
+      @@node.config_set("vlan", "destroy", @vlan_id)
+    end
+
+    def cli_error_check(result)
+      # The NXOS vlan cli does not raise an exception in some conditions and
+      # instead just displays a STDOUT error message; thus NXAPI does not detect
+      # the failure and we must catch it by inspecting the "body" hash entry
+      # returned by NXAPI. This vlan cli behavior is unlikely to change.
+      raise result[2]["body"] unless result[2]["body"].empty?
+    end
+
+    def vlan_name
+      result = @@node.config_get("vlan", "name", @vlan_id)
+      return default_vlan_name if result.nil?
+      result.shift
+    end
+
+    def vlan_name=(str)
+      raise TypeError unless str.is_a?(String)
+      if str.empty?
+        result = @@node.config_set("vlan", "name", @vlan_id, "no", "")
+      else
+        result = @@node.config_set("vlan", "name", @vlan_id, "", str)
+      end
+      cli_error_check(result)
+    rescue CliError => e
+      raise "[vlan #{@vlan_id}] '#{e.command}' : #{e.clierror}"
+    end
+
+    def default_vlan_name
+      "VLAN%04d" % @vlan_id
+    end
+
+    def state
+      result = @@node.config_get("vlan", "state", @vlan_id)
+      return default_state if result.nil?
+      case result.first
+      when /act/
+        return "active"
+      when /sus/
+        return "suspend"
+      end
+    end
+
+    def state=(str)
+      str = str.to_s
+      if str.empty?
+        result = @@node.config_set("vlan", "state", @vlan_id, "no", "")
+      else
+        result = @@node.config_set("vlan", "state", @vlan_id, "", str)
+      end
+      cli_error_check(result)
+    rescue CliError => e
+      raise "[vlan #{@vlan_id}] '#{e.command}' : #{e.clierror}"
+    end
+
+    def default_state
+      @@node.config_get_default("vlan", "state")
+    end
+
+    def shutdown
+      result = @@node.config_get("vlan", "shutdown", @vlan_id)
+      return default_shutdown if result.nil?
+      # valid result is either: "active"(aka no shutdown) or "shutdown"
+      result.first[/shut/] ? true : false
+    end
+
+    def shutdown=(val)
+      no_cmd = (val) ? "" : "no"
+      result = @@node.config_set("vlan", "shutdown", @vlan_id, no_cmd)
+      cli_error_check(result)
+    rescue CliError => e
+      raise "[vlan #{@vlan_id}] '#{e.command}' : #{e.clierror}"
+    end
+
+    def default_shutdown
+      @@node.config_get_default("vlan", "shutdown")
+    end
+
+    def add_interface(interface)
+      interface.access_vlan = @vlan_id
+    end
+
+    def remove_interface(interface)
+      interface.access_vlan = interface.default_access_vlan
+    end
+
+    def interfaces
+      all_interfaces = Interface.interfaces
+      interfaces = {}
+      all_interfaces.each do |name, i|
+        next unless i.switchport_mode == :access
+        next unless i.access_vlan == @vlan_id
+        interfaces[name] = i
+      end
+      interfaces
+    end
+  end # class
+end # module