cisco_node_utils 1.0.1 → 1.1.0

data/lib/cisco_node_utils/snmpcommunity.rb

@@ -1,6 +1,3 @@
-#
-# NXAPI implementation of SnmpCommunity class
-#
 # December 2014, Alex Hunsberger
 #
 # Copyright (c) 2014-2015 Cisco and/or its affiliates.
@@ -17,75 +14,72 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require File.join(File.dirname(__FILE__), 'node')
+require_relative 'node_util'
 
 module Cisco
-class SnmpCommunity
-  @@communities = nil
-  @@node = Cisco::Node.instance
-
-  def initialize(name, group, instantiate=true)
-    raise TypeError unless name.is_a?(String) and group.is_a?(String)
-    @name = name
+  # SnmpCommunity - node utility class for SNMP community config management
+  class SnmpCommunity < NodeUtil
+    @communities = nil
 
-    if instantiate
-      @@node.config_set("snmp_community", "community", "", name, group)
+    def initialize(name, group, instantiate=true)
+      fail TypeError unless name.is_a?(String) && group.is_a?(String)
+      @name = name
+      return unless instantiate
+      config_set('snmp_community', 'community', '', name, group)
     end
-  end
 
-  def SnmpCommunity.communities
-    @@communities = {}
-    comms = @@node.config_get("snmp_community", "all_communities")
-    unless comms.nil?
-      comms.each { |comm|
-        @@communities[comm] = SnmpCommunity.new(comm, "", false)
-      }
+    def self.communities
+      @communities = {}
+      comms = config_get('snmp_community', 'all_communities')
+      unless comms.nil?
+        comms.each do |comm|
+          @communities[comm] = SnmpCommunity.new(comm, '', false)
+        end
+      end
+      @communities
     end
-    @@communities
-  end
 
-  def destroy
-    # CLI requires specifying a group even for "no" commands
-    @@node.config_set("snmp_community", "community", "no", @name, "null")
-    @@communities.delete(@name) unless @@communities.nil?
-  end
+    def destroy
+      # CLI requires specifying a group even for "no" commands
+      config_set('snmp_community', 'community', 'no', @name, 'null')
+    end
 
-  # name is read only
-  #  def name
-  #    @name
-  #  end
+    # name is read only
+    #  def name
+    #    @name
+    #  end
 
-  def group
-    result = @@node.config_get("snmp_community", "group", @name)
-    result.nil? ? SnmpCommunity.default_group : result.first
-  end
+    def group
+      result = config_get('snmp_community', 'group', @name)
+      result.nil? ? SnmpCommunity.default_group : result.first
+    end
 
-  def group=(group)
-    raise TypeError unless group.is_a?(String)
-    @@node.config_set("snmp_community", "group", @name, group)
-  end
+    def group=(group)
+      fail TypeError unless group.is_a?(String)
+      config_set('snmp_community', 'group', @name, group)
+    end
 
-  def SnmpCommunity.default_group
-    @@node.config_get_default("snmp_community", "group")
-  end
+    def self.default_group
+      config_get_default('snmp_community', 'group')
+    end
 
-  def acl
-    result = @@node.config_get("snmp_community", "acl", @name)
-    result.nil? ? SnmpCommunity.default_acl : result.first
-  end
+    def acl
+      result = config_get('snmp_community', 'acl', @name)
+      result.nil? ? SnmpCommunity.default_acl : result.first
+    end
 
-  def acl=(acl)
-    raise TypeError unless acl.is_a?(String)
-    if acl.empty?
-      acl = self.acl
-      @@node.config_set("snmp_community", "acl", "no", @name, acl) unless acl.empty?
-    else
-      @@node.config_set("snmp_community", "acl", "", @name, acl)
+    def acl=(acl)
+      fail TypeError unless acl.is_a?(String)
+      if acl.empty?
+        acl = self.acl
+        config_set('snmp_community', 'acl', 'no', @name, acl) unless acl.empty?
+      else
+        config_set('snmp_community', 'acl', '', @name, acl)
+      end
     end
-  end
 
-  def SnmpCommunity.default_acl
-    @@node.config_get_default("snmp_community", "acl")
+    def self.default_acl
+      config_get_default('snmp_community', 'acl')
+    end
   end
 end
-end

data/lib/cisco_node_utils/snmpgroup.rb

@@ -21,35 +21,34 @@
 # purpose of group; thus this provider utility does not create snmp groups
 # and is limited to reporting group (role) existence only.
 
-require File.join(File.dirname(__FILE__), 'node')
+require_relative 'node_util'
 
 module Cisco
-class SnmpGroup
-  attr_reader :name
+  # SnmpGroup - node utility class for SNMP group configuration management
+  class SnmpGroup < NodeUtil
+    attr_reader :name
 
-  @@node = Cisco::Node.instance
-
-  def initialize(name)
-    raise TypeError unless name.is_a?(String)
-    @name = name
-  end
+    def initialize(name)
+      fail TypeError unless name.is_a?(String)
+      @name = name
+    end
 
-  def self.groups
-    group_ids = @@node.config_get("snmp_group", "group")
-    return {} if group_ids.nil?
+    def self.groups
+      group_ids = config_get('snmp_group', 'group')
+      return {} if group_ids.nil?
 
-    hash = {}
-    group_ids.each do |name|
-      hash[name] = SnmpGroup.new(name)
+      hash = {}
+      group_ids.each do |name|
+        hash[name] = SnmpGroup.new(name)
+      end
+      hash
     end
-    hash
-  end
 
-  def self.exists?(group)
-    raise ArgumentError if group.empty?
-    raise TypeError unless group.is_a? String
-    groups = @@node.config_get("snmp_group", "group")
-    (!groups.nil? and groups.include? group)
+    def self.exists?(group)
+      fail ArgumentError if group.empty?
+      fail TypeError unless group.is_a? String
+      groups = config_get('snmp_group', 'group')
+      (!groups.nil? && groups.include?(group))
+    end
   end
 end
-end

data/lib/cisco_node_utils/snmpserver.rb

@@ -1,6 +1,3 @@
-#
-# NXAPI implementation of SnmpCommunity class
-#
 # November 2014, Alex Hunsberger
 #
 # Copyright (c) 2014-2015 Cisco and/or its affiliates.
@@ -17,134 +14,133 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require File.join(File.dirname(__FILE__), 'node')
+require_relative 'node_util'
 
 module Cisco
-class SnmpServer
-  @@node = Cisco::Node.instance
-
-  def aaa_user_cache_timeout
-    match = @@node.config_get("snmp_server", "aaa_user_cache_timeout")
-    # regex in yaml returns an array result, use .first to get match
-    match.nil? ? default_aaa_user_cache_timeout : match.first.to_i
-  end
+  # SnmpServer - node utility class for SNMP server management
+  class SnmpServer < NodeUtil
+    def aaa_user_cache_timeout
+      match = config_get('snmp_server', 'aaa_user_cache_timeout')
+      # regex in yaml returns an array result, use .first to get match
+      match.nil? ? default_aaa_user_cache_timeout : match.first.to_i
+    end
 
-  def aaa_user_cache_timeout=(timeout)
-    if timeout == default_aaa_user_cache_timeout
-      @@node.config_set("snmp_server", "aaa_user_cache_timeout", "no",
-                        aaa_user_cache_timeout)
-    else
-      @@node.config_set("snmp_server", "aaa_user_cache_timeout", "", timeout)
+    def aaa_user_cache_timeout=(timeout)
+      if timeout == default_aaa_user_cache_timeout
+        config_set('snmp_server', 'aaa_user_cache_timeout', 'no',
+                   aaa_user_cache_timeout)
+      else
+        config_set('snmp_server', 'aaa_user_cache_timeout', '', timeout)
+      end
     end
-  end
 
-  def default_aaa_user_cache_timeout
-    @@node.config_get_default("snmp_server", "aaa_user_cache_timeout")
-  end
+    def default_aaa_user_cache_timeout
+      config_get_default('snmp_server', 'aaa_user_cache_timeout')
+    end
 
-  def location
-    match = @@node.config_get("snmp_server", "location")
-    match.nil? ? default_location : match
-  end
+    def location
+      match = config_get('snmp_server', 'location')
+      match.nil? ? default_location : match
+    end
 
-  def location=(location)
-    raise TypeError unless location.is_a?(String)
-    if location.empty?
-      @@node.config_set("snmp_server", "location", "no", "")
-    else
-      @@node.config_set("snmp_server", "location", "", location)
+    def location=(location)
+      fail TypeError unless location.is_a?(String)
+      if location.empty?
+        config_set('snmp_server', 'location', 'no', '')
+      else
+        config_set('snmp_server', 'location', '', location)
+      end
     end
-  end
 
-  def default_location
-    @@node.config_get_default("snmp_server", "location")
-  end
+    def default_location
+      config_get_default('snmp_server', 'location')
+    end
 
-  def contact
-    match = @@node.config_get("snmp_server", "contact")
-    match.nil? ? default_contact : match
-  end
+    def contact
+      match = config_get('snmp_server', 'contact')
+      match.nil? ? default_contact : match
+    end
 
-  def contact=(contact)
-    raise TypeError unless contact.is_a?(String)
-    if contact.empty?
-      @@node.config_set("snmp_server", "contact", "no", "")
-    else
-      @@node.config_set("snmp_server", "contact", "", contact)
+    def contact=(contact)
+      fail TypeError unless contact.is_a?(String)
+      if contact.empty?
+        config_set('snmp_server', 'contact', 'no', '')
+      else
+        config_set('snmp_server', 'contact', '', contact)
+      end
     end
-  end
 
-  def default_contact
-    @@node.config_get_default("snmp_server", "contact")
-  end
+    def default_contact
+      config_get_default('snmp_server', 'contact')
+    end
 
-  def packet_size
-    match = @@node.config_get("snmp_server", "packet_size")
-    # regex in yaml returns an array result, use .first to get match
-    match.nil? ? default_packet_size : match.first.to_i
-  end
+    def packet_size
+      match = config_get('snmp_server', 'packet_size')
+      # regex in yaml returns an array result, use .first to get match
+      match.nil? ? default_packet_size : match.first.to_i
+    end
 
-  def packet_size=(size)
-    if size == 0
-      ps = packet_size
-      @@node.config_set("snmp_server", "packet_size", "no", ps) unless ps == 0
-    else
-      @@node.config_set("snmp_server", "packet_size", "", size)
+    def packet_size=(size)
+      if size == 0
+        ps = packet_size
+        config_set('snmp_server', 'packet_size', 'no', ps) unless ps == 0
+      else
+        config_set('snmp_server', 'packet_size', '', size)
+      end
     end
-  end
 
-  def default_packet_size
-    @@node.config_get_default("snmp_server", "packet_size")
-  end
+    def default_packet_size
+      config_get_default('snmp_server', 'packet_size')
+    end
 
-  def global_enforce_priv?
-    not @@node.config_get("snmp_server", "global_enforce_priv").nil?
-  end
+    def global_enforce_priv?
+      !config_get('snmp_server', 'global_enforce_priv').nil?
+    end
 
-  def global_enforce_priv=(enforce)
-    if enforce
-      @@node.config_set("snmp_server", "global_enforce_priv", "")
-    else
-      @@node.config_set("snmp_server", "global_enforce_priv", "no")
+    def global_enforce_priv=(enforce)
+      if enforce
+        config_set('snmp_server', 'global_enforce_priv', '')
+      else
+        config_set('snmp_server', 'global_enforce_priv', 'no')
+      end
     end
-  end
 
-  def default_global_enforce_priv
-    @@node.config_get_default("snmp_server", "global_enforce_priv")
-  end
+    def default_global_enforce_priv
+      config_get_default('snmp_server', 'global_enforce_priv')
+    end
 
-  def protocol?
-    match = @@node.config_get("snmp_server", "protocol")
-    not match.nil? and match.include?("Enable")
-  end
+    def protocol?
+      match = config_get('snmp_server', 'protocol')
+      !match.nil? && match.include?('Enable')
+    end
 
-  def protocol=(enable)
-    if enable
-      @@node.config_set("snmp_server", "protocol", "")
-    else
-      @@node.config_set("snmp_server", "protocol", "no")
+    def protocol=(enable)
+      if enable
+        config_set('snmp_server', 'protocol', '')
+      else
+        config_set('snmp_server', 'protocol', 'no')
+      end
     end
-  end
 
-  def default_protocol
-    @@node.config_get_default("snmp_server", "protocol")
-  end
+    def default_protocol
+      config_get_default('snmp_server', 'protocol')
+    end
 
-  def tcp_session_auth?
-    match = @@node.config_get("snmp_server", "tcp_session_auth")
-    not match.nil? and match.include?("Enabled")
-  end
+    def tcp_session_auth?
+      match = config_get('snmp_server', 'tcp_session_auth')
+      !match.nil? && match.include?('Enabled')
+    end
 
-  def tcp_session_auth=(enable)
-    if enable
-      @@node.config_set("snmp_server", "tcp_session_auth", "", "auth")
-    else
-      @@node.config_set("snmp_server", "tcp_session_auth", "no", "")
+    def tcp_session_auth=(enable)
+      if enable
+        config_set('snmp_server', 'tcp_session_auth', '', 'auth')
+      else
+        config_set('snmp_server', 'tcp_session_auth', 'no', '')
+      end
     end
-  end
 
-  def default_tcp_session_auth
-    @@node.config_get_default("snmp_server", "tcp_session_auth")
+    def default_tcp_session_auth
+      config_get_default('snmp_server', 'tcp_session_auth')
+    end
   end
 end
-end

data/lib/cisco_node_utils/snmpuser.rb

@@ -12,331 +12,351 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require File.join(File.dirname(__FILE__), 'node')
+require_relative 'node_util'
 
 module Cisco
-SNMP_USER_NAME_KEY = "user"
-SNMP_USER_GROUP_KEY = "group"
-SNMP_USER_AUTH_KEY = "auth"
-SNMP_USER_PRIV_KEY = "priv"
-SNMP_USER_ENGINE_ID = "engineID"
-SNMP_USER_ENGINE_ID_PATTERN = /([0-9]{1,3}(:[0-9]{1,3}){4,31})/
-
-class SnmpUser
-  @@users = {}
-  @@node = Cisco::Node.instance
-
-  def initialize(name, groups, authproto, authpass, privproto,
-                 privpass, localizedkey, engineid, instantiate=true)
-    raise TypeError unless name.is_a?(String)
-    raise ArgumentError if name.empty?
-    raise TypeError unless groups.is_a?(Array)
-    raise TypeError unless authproto.is_a?(Symbol)
-    raise TypeError unless authpass.is_a?(String)
-    # empty password but protocol provided = bad
-    # non-empty password and no protocol provided = bad
-    raise ArgumentError if authpass.empty? and [:sha, :md5].include?(authproto) and instantiate
-    raise ArgumentError if not authpass.empty? and not [:sha, :md5].include?(authproto)
-    raise TypeError unless privproto.is_a?(Symbol)
-    raise TypeError unless privpass.is_a?(String)
-    raise ArgumentError if privpass.empty? and [:des, :aes128].include?(privproto) and instantiate
-    raise ArgumentError if not privpass.empty? and not [:des, :aes128].include?(privproto)
-    raise TypeError unless !!localizedkey == localizedkey # bool check
-    raise TypeError unless engineid.is_a?(String)
-
-    @name = name
-    @engine_id = engineid
-
-    @authproto = authproto
-    @privproto = privproto
-    @groups_arr = groups
-
-    authprotostr = _auth_sym_to_str(authproto)
-    privprotostr = _priv_sym_to_str(privproto)
-
-    # Config string syntax:
-    # [no] snmp-server user <user> [group] [auth {md5|sha} <passwd1> [priv [aes-128] <passwd2>] [localizedkey] [engineID <id>]]
-    if instantiate
-      # assume if multiple groups, apply all config to each
-      groups = [""] if groups.empty?
-      groups.each { |group|
-        @@node.config_set("snmp_user", "user", "",
-                          name,
-                          group,
-                          authpass.empty? ? "" : "auth #{authprotostr} #{authpass}",
-                          privpass.empty? ? "" : "priv #{privprotostr} #{privpass}",
-                          localizedkey ? "localizedkey" : "",
-                          engineid.empty? ? "" : "engineID #{engineid}")
-      }
+  # SnmpUser - node utility class for SNMP user configuration management
+  class SnmpUser < NodeUtil
+    def initialize(name, groups, authproto, authpass, privproto,
+                   privpass, localizedkey, engineid, instantiate=true)
+      initialize_validator(name, groups, authproto, authpass, privproto,
+                           privpass, engineid, instantiate)
+      @name = name
+      @engine_id = engineid
+
+      @authproto = authproto
+      @privproto = privproto
+      @groups_arr = groups
+
+      authprotostr = _auth_sym_to_str(authproto)
+      privprotostr = _priv_sym_to_str(privproto)
+
+      return unless instantiate
+      # Config string syntax:
+      # [no] snmp-server user <user> [group] ...
+      #      [auth {md5|sha} <passwd1>
+      #       [priv [aes-128] <passwd2>] [localizedkey] [engineID <id>]
+      #      ]
+      # Assume if multiple groups, apply all config to each
+      groups = [''] if groups.empty?
+      groups.each do |group|
+        config_set('snmp_user', 'user', '',
+                   name,
+                   group,
+                   authpass.empty? ? '' : "auth #{authprotostr} #{authpass}",
+                   privpass.empty? ? '' : "priv #{privprotostr} #{privpass}",
+                   localizedkey ? 'localizedkey' : '',
+                   engineid.empty? ? '' : "engineID #{engineid}")
+      end
     end
-  end
 
-  def SnmpUser.users
-    @@users = {}
-    # config_get returns hash if 1 user, array if multiple, nil if none
-    users = @@node.config_get("snmp_user", "user")
-    unless users.nil?
+    def initialize_validator(name, groups, authproto, authpass, privproto,
+                             privpass, engineid, instantiate)
+      fail TypeError unless name.is_a?(String) &&
+                            groups.is_a?(Array) &&
+                            authproto.is_a?(Symbol) &&
+                            authpass.is_a?(String) &&
+                            privproto.is_a?(Symbol) &&
+                            privpass.is_a?(String) &&
+                            engineid.is_a?(String)
+      fail ArgumentError if name.empty?
+      # empty password but protocol provided = bad
+      # non-empty password and no protocol provided = bad
+      if authpass.empty?
+        fail ArgumentError if [:sha, :md5].include?(authproto) && instantiate
+      else
+        fail ArgumentError unless [:sha, :md5].include?(authproto)
+      end
+      if privpass.empty?
+        fail ArgumentError if [:des, :aes128].include?(privproto) && instantiate
+      else
+        fail ArgumentError unless [:des, :aes128].include?(privproto)
+      end
+    end
+
+    ENGINE_ID_PATTERN = /([0-9]{1,3}(:[0-9]{1,3}){4,31})/
+    def self.users
+      users_hash = {}
+      # config_get returns hash if 1 user, array if multiple, nil if none
+      users = config_get('snmp_user', 'user')
+      return users_hash if users.nil?
       users = [users] if users.is_a?(Hash)
-      users.each { |user|
-        name = user[SNMP_USER_NAME_KEY]
-        engineid = user[SNMP_USER_ENGINE_ID]
+      users.each do |user|
+        name = user['user']
+        engineid = user['engineID']
         if engineid.nil?
-            index = name
+          index = name
         else
-            engineid_str = engineid.match(SNMP_USER_ENGINE_ID_PATTERN)[1]
-            index = name + " " + engineid_str
+          engineid_str = engineid.match(ENGINE_ID_PATTERN)[1]
+          index = name + ' ' + engineid_str
         end
-        auth = _auth_str_to_sym(user[SNMP_USER_AUTH_KEY])
-        priv = _priv_str_to_sym(user[SNMP_USER_PRIV_KEY])
+        auth = _auth_str_to_sym(user['auth'])
+        priv = _priv_str_to_sym(user['priv'])
 
         groups_arr = []
         groups = _user_to_groups(user)
-        groups.each { |group| groups_arr << group[SNMP_USER_GROUP_KEY].strip }
+        groups.each { |group| groups_arr << group['group'].strip }
 
-        @@users[index] = SnmpUser.new(name, groups_arr, auth,
-          "", priv, "", false, engineid.nil? ? "": engineid_str, false)
-      }
+        users_hash[index] = SnmpUser.new(name, groups_arr, auth,
+                                         '', priv, '', false,
+                                         engineid.nil? ? '' : engineid_str,
+                                         false)
+      end
+      users_hash
     end
-    @@users
-  end
 
-  def destroy
-    # the parser doesn't care what the real value is but need to come to the
-    # end of the parser chain. Hence we just pass in some fake values for
-    # auth method and password
-    @@node.config_set("snmp_user", "user", "no",
-                      @name, "",
-                      (auth_password.nil? or auth_password.empty?) ?
-                      "": "auth #{_auth_sym_to_str(auth_protocol)} #{auth_password}",
-                      (priv_password.nil? or priv_password.empty?) ?
-                      "": "priv #{_priv_sym_to_str(priv_protocol)} #{priv_password}",
-                      (auth_password.nil? or auth_password.empty?) ?
-                      "" : "localizedkey",
-                      @engine_id.empty? ? "" : "engineID #{@engine_id}")
-    @@users.delete(@name + " " + @engine_id)
-  end
+    def destroy
+      # The parser doesn't care what the real value is but need to come to the
+      # end of the parser chain. Hence we just pass in some fake values for
+      # auth method and password
+      unless auth_password.nil? || auth_password.empty?
+        auth_str = "auth #{_auth_sym_to_str(auth_protocol)} #{auth_password}"
+        local_str = 'localizedkey'
+      end
+      unless priv_password.nil? || priv_password.empty?
+        priv_str = "priv #{_priv_sym_to_str(priv_protocol)} #{priv_password}"
+      end
+      config_set('snmp_user', 'user', 'no',
+                 @name, '', auth_str, priv_str, local_str,
+                 @engine_id.empty? ? '' : "engineID #{@engine_id}")
+      SnmpUser.users.delete(@name + ' ' + @engine_id)
+    end
 
-  attr_reader :name
+    attr_reader :name
 
-  def groups
-    @groups_arr
-  end
+    def groups
+      @groups_arr
+    end
 
-  def SnmpUser.default_groups
-    [@@node.config_get_default("snmp_user", "group")]
-  end
+    def self.default_groups
+      [config_get_default('snmp_user', 'group')]
+    end
 
-  def auth_protocol
-    @authproto
-  end
+    def auth_protocol
+      @authproto
+    end
 
-  def SnmpUser.default_auth_protocol
-    _auth_str_to_sym(@@node.config_get_default("snmp_user", "auth_protocol"))
-  end
+    def self.default_auth_protocol
+      _auth_str_to_sym(config_get_default('snmp_user', 'auth_protocol'))
+    end
 
-  def SnmpUser.default_auth_password
-    @@node.config_get_default("snmp_user", "auth_password")
-  end
+    def self.default_auth_password
+      config_get_default('snmp_user', 'auth_password')
+    end
 
-  def SnmpUser.auth_password(name, engine_id)
-    if engine_id.empty?
-        users = @@node.config_get("snmp_user", "auth_password")
+    def self.auth_password(name, engine_id)
+      if engine_id.empty?
+        users = config_get('snmp_user', 'auth_password')
         return nil if users.nil?
-        users.each_entry { |user|
-            return user[1] if user[0] == name
-        }
-    else
-        users = @@node.config_get("snmp_user", "auth_password_with_engine_id")
+        users.each_entry { |user| return user[1] if user[0] == name }
+      else
+        users = config_get('snmp_user', 'auth_password_with_engine_id')
         return nil if users.nil?
-        users.each_entry { |user|
-            return user[1] if user[0] == name and user[2] == engine_id
-        }
+        users.each_entry do |user|
+          return user[1] if user[0] == name && user[2] == engine_id
+        end
+      end
+      nil
     end
-    nil
-  end
 
-  def auth_password
-    SnmpUser.auth_password(@name, @engine_id)
-  end
+    def auth_password
+      SnmpUser.auth_password(@name, @engine_id)
+    end
 
-  def priv_protocol
-    @privproto
-  end
+    def priv_protocol
+      @privproto
+    end
 
-  def SnmpUser.priv_password(name, engine_id)
-    if engine_id.empty?
-      users = @@node.config_get("snmp_user", "priv_password")
-      unless users.nil?
-        users.each_entry { |user|
-          return user[1] if user[0] == name
-        }
-      end
-    else
-      users = @@node.config_get("snmp_user", "priv_password_with_engine_id")
-      unless users.nil?
-        users.each_entry { |user|
-            return user[1] if user[0] == name and user[2] == engine_id
-        }
+    def self.priv_password(name, engine_id)
+      if engine_id.empty?
+        users = config_get('snmp_user', 'priv_password')
+        unless users.nil?
+          users.each_entry { |user| return user[1] if user[0] == name }
+        end
+      else
+        users = config_get('snmp_user', 'priv_password_with_engine_id')
+        unless users.nil?
+          users.each_entry do |user|
+            return user[1] if user[0] == name && user[2] == engine_id
+          end
+        end
       end
+      nil
     end
-    nil
-  end
 
-  def priv_password
-    SnmpUser.priv_password(@name, @engine_id)
-  end
+    def priv_password
+      SnmpUser.priv_password(@name, @engine_id)
+    end
 
-  def SnmpUser.default_priv_protocol
-    _priv_str_to_sym(@@node.config_get_default("snmp_user", "priv_protocol"))
-  end
+    def self.default_priv_protocol
+      _priv_str_to_sym(config_get_default('snmp_user', 'priv_protocol'))
+    end
 
-  def SnmpUser.default_priv_password
-    @@node.config_get_default("snmp_user", "priv_password")
-  end
+    def self.default_priv_password
+      config_get_default('snmp_user', 'priv_password')
+    end
 
-  attr_reader :engine_id
+    attr_reader :engine_id
 
-  def SnmpUser.default_engine_id
-    @@node.config_get_default("snmp_user", "engine_id")
-  end
+    def self.default_engine_id
+      config_get_default('snmp_user', 'engine_id')
+    end
+
+    # Passwords are hashed and so cannot be retrieved directly, but can be
+    # checked for equality. This is done by creating a fake user with the
+    # password and then comparing the hashes
+    def auth_password_equal?(input_pw, is_localized=false)
+      input_pw = input_pw.to_s unless input_pw.is_a?(String)
+      # If we provide no password, and no password present, it's a match!
+      return true if input_pw.empty? && auth_protocol == :none
+      # If we provide no password, but a password is present, or vice versa...
+      return false if input_pw.empty? || auth_protocol == :none
+      # OK, we have an input password, and a password is configured
+      current_pw = auth_password
+      if current_pw.nil?
+        fail "SNMP user #{@name} #{@engine_id} has auth #{auth_protocol} " \
+             "but no password?\n" + @@node.show('show run snmp all')
+      end
 
-  # passwords are hashed and so cannot be retrieved directly, but can be
-  # checked for equality. this is done by creating a fake user with the
-  # password and then comparing the hashes
-  def auth_password_equal?(passwd, is_localized=false)
-    throw TypeError unless passwd.is_a?(String)
-    return false if passwd.empty? or _auth_sym_to_str(auth_protocol).empty?
-    dummypw = passwd
-    pw = nil
-
-    if is_localized
-        # In this case, the password is hashed. We only need to get current
-        # running config to compare
-        pw = auth_password
-    else
+      if is_localized
+        # In this case, the password is already hashed.
+        hashed_pw = input_pw
+      else
         # In this case passed in password is clear text while the running
-        # config is hashed value. We need to hash the
-        # passed in clear text to hash
-
-        # create dummy user
-        @@node.config_set("snmp_user", "user", "", "dummy_user", "",
-                          "auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
-                          "", "",
-                          @engine_id.empty? ? "" : "engineID #{@engine_id}")
-
-        # retrieve password hashes
-        dummypw = SnmpUser.auth_password("dummy_user", @engine_id)
-        pw = auth_password
-
-        # delete dummy user
-        @@node.config_set("snmp_user", "user", "no", "dummy_user", "",
-                          "auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
-                          "", "localizedkey",
-                          @engine_id.empty? ? "" : "engineID #{@engine_id}")
+        # config is hashed value. We need to hash the passed in clear text.
+
+        # Create dummy user
+        config_set('snmp_user', 'user', '', 'dummy_user', '',
+                   "auth #{_auth_sym_to_str(auth_protocol)} #{input_pw}",
+                   '', '',
+                   @engine_id.empty? ? '' : "engineID #{@engine_id}")
+
+        # Retrieve password hashes
+        hashed_pw = SnmpUser.auth_password('dummy_user', @engine_id)
+        if hashed_pw.nil?
+          fail "SNMP dummy user #{dummy_user} #{@engine_id} was configured " \
+               "but password is missing?\n" + @@node.show('show run snmp all')
+        end
+
+        # Delete dummy user
+        config_set('snmp_user', 'user', 'no', 'dummy_user', '',
+                   "auth #{_auth_sym_to_str(auth_protocol)} #{hashed_pw}",
+                   '', 'localizedkey',
+                   @engine_id.empty? ? '' : "engineID #{@engine_id}")
+      end
+      hashed_pw == current_pw
     end
-    return false if pw.nil? or dummypw.nil?
-    pw == dummypw
-  end
 
-  def priv_password_equal?(passwd, is_localized=false)
-    throw TypeError unless passwd.is_a?(String)
-    return false if passwd.empty? or _auth_sym_to_str(auth_protocol).empty?
-    dummypw = passwd
-    pw = nil
-
-    if is_localized
-        # In this case, the password is hashed. We only need to get current
-        # and compare directly
-        pw = priv_password
-    else
+    # Passwords are hashed and so cannot be retrieved directly, but can be
+    # checked for equality. This is done by creating a fake user with the
+    # password and then comparing the hashes
+    def priv_password_equal?(input_pw, is_localized=false)
+      input_pw = input_pw.to_s unless input_pw.is_a?(String)
+      # If no input password, and no password present, true!
+      return true if input_pw.empty? && priv_protocol == :none
+      # Otherwise, if either one is missing, false!
+      return false if input_pw.empty? || priv_protocol == :none
+      # Otherwise, we have both input and configured passwords to compare
+      current_pw = priv_password
+      if current_pw.nil?
+        fail "SNMP user #{@name} #{@engine_id} has priv #{priv_protocol} " \
+             "but no password?\n" + @@node.show('show run snmp all')
+      end
+
+      if is_localized
+        # In this case, the password is already hashed.
+        hashed_pw = input_pw
+      else
         # In this case passed in password is clear text while the running
-        # config is hashed value. We need to hash the
-        # passed in clear text to hash
-
-        # create dummy user
-        @@node.config_set("snmp_user", "user", "", "dummy_user", "",
-                          "auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
-                          "priv #{_priv_sym_to_str(priv_protocol)} #{dummypw}",
-                          "",
-                          @engine_id.empty? ? "" : "engineID #{@engine_id}")
-
-        # retrieve password hashes
-        dummypw = SnmpUser.priv_password("dummy_user", @engine_id)
-        pw = priv_password
-
-        # delete dummy user
-        @@node.config_set("snmp_user", "user", "no", "dummy_user", "",
-                          "auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
-                          "priv #{_priv_sym_to_str(priv_protocol)} #{dummypw}",
-                          "localizedkey",
-                          @engine_id.empty? ? "" : "engineID #{@engine_id}")
+        # config is hashed value. We need to hash the passed in clear text.
+
+        # Create dummy user
+        config_set('snmp_user', 'user', '', 'dummy_user', '',
+                   "auth #{_auth_sym_to_str(auth_protocol)} #{input_pw}",
+                   "priv #{_priv_sym_to_str(priv_protocol)} #{input_pw}",
+                   '',
+                   @engine_id.empty? ? '' : "engineID #{@engine_id}")
+
+        # Retrieve password hashes
+        dummyau = SnmpUser.auth_password('dummy_user', @engine_id)
+        hashed_pw = SnmpUser.priv_password('dummy_user', @engine_id)
+        if hashed_pw.nil?
+          fail "SNMP dummy user #{dummy_user} #{@engine_id} was configured " \
+               "but password is missing?\n" + @@node.show('show run snmp all')
+        end
+
+        # Delete dummy user
+        config_set('snmp_user', 'user', 'no', 'dummy_user', '',
+                   "auth #{_auth_sym_to_str(auth_protocol)} #{dummyau}",
+                   "priv #{_priv_sym_to_str(priv_protocol)} #{hashed_pw}",
+                   'localizedkey',
+                   @engine_id.empty? ? '' : "engineID #{@engine_id}")
+      end
+      hashed_pw == current_pw
     end
-    return false if pw.nil? or dummypw.nil?
-    pw == dummypw
-  end
 
-  private
+    private
 
-  def _auth_sym_to_str(sym)
-    case sym
-    when :sha
-      return "sha"
-    when :md5
-      return "md5"
-    else
-      return ""
+    def _auth_sym_to_str(sym)
+      case sym
+      when :sha
+        return 'sha'
+      when :md5
+        return 'md5'
+      else
+        return ''
+      end
     end
-  end
 
-  def _priv_sym_to_str(sym)
-    case sym
-    when :des
-      return "" # no protocol specified defaults to DES
-    when :aes128
-      return "aes-128"
-    else
-      return ""
+    def _priv_sym_to_str(sym)
+      case sym
+      when :des
+        return '' # no protocol specified defaults to DES
+      when :aes128
+        return 'aes-128'
+      else
+        return ''
+      end
     end
-  end
 
-  def _auth_str_to_sym(str)
-    SnmpUser._auth_str_to_sym(str)
-  end
+    def _auth_str_to_sym(str)
+      SnmpUser._auth_str_to_sym(str)
+    end
 
-  # must be class method b/c it's used by default methods
-  def SnmpUser._auth_str_to_sym(str)
-    case str
-    when /sha/i
-      return :sha
-    when /md5/i
-      return :md5
-    else
-      return :none
+    # must be class method b/c it's used by default methods
+    def self._auth_str_to_sym(str)
+      case str
+      when /sha/i
+        return :sha
+      when /md5/i
+        return :md5
+      else
+        return :none
+      end
     end
-  end
 
-  def _priv_str_to_sym(str)
-    SnmpUser._priv_str_to_sym(str)
-  end
+    def _priv_str_to_sym(str)
+      SnmpUser._priv_str_to_sym(str)
+    end
 
-  def SnmpUser._priv_str_to_sym(str)
-    case str
-    when /des/i
-      return :des
-    when /aes/i
-      return :aes128
-    else
-      return :none
+    def self._priv_str_to_sym(str)
+      case str
+      when /des/i
+        return :des
+      when /aes/i
+        return :aes128
+      else
+        return :none
+      end
     end
-  end
 
-  def SnmpUser._user_to_groups(user_hash)
-    return [] if user_hash.nil?
-    groups = user_hash["TABLE_groups"]["ROW_groups"] unless
-      user_hash["TABLE_groups"].nil?
-    return [] if groups.nil?
-    groups = [groups] if groups.is_a?(Hash)
-    groups
+    def self._user_to_groups(user_hash)
+      return [] if user_hash.nil?
+      groups = user_hash['TABLE_groups']['ROW_groups'] unless
+        user_hash['TABLE_groups'].nil?
+      return [] if groups.nil?
+      groups = [groups] if groups.is_a?(Hash)
+      groups
+    end
   end
 end
-end