cisco_node_utils 1.1.0 → 1.2.0

data/lib/cisco_node_utils/snmpserver.rb

@@ -1,6 +1,6 @@
 # November 2014, Alex Hunsberger
 #
-# Copyright (c) 2014-2015 Cisco and/or its affiliates.
+# Copyright (c) 2014-2016 Cisco and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,9 +20,7 @@ module Cisco
   # SnmpServer - node utility class for SNMP server management
   class SnmpServer < NodeUtil
     def aaa_user_cache_timeout
-      match = config_get('snmp_server', 'aaa_user_cache_timeout')
-      # regex in yaml returns an array result, use .first to get match
-      match.nil? ? default_aaa_user_cache_timeout : match.first.to_i
+      config_get('snmp_server', 'aaa_user_cache_timeout')
     end
 
     def aaa_user_cache_timeout=(timeout)
@@ -75,9 +73,7 @@ module Cisco
     end
 
     def packet_size
-      match = config_get('snmp_server', 'packet_size')
-      # regex in yaml returns an array result, use .first to get match
-      match.nil? ? default_packet_size : match.first.to_i
+      config_get('snmp_server', 'packet_size')
     end
 
     def packet_size=(size)
@@ -94,7 +90,7 @@ module Cisco
     end
 
     def global_enforce_priv?
-      !config_get('snmp_server', 'global_enforce_priv').nil?
+      config_get('snmp_server', 'global_enforce_priv')
     end
 
     def global_enforce_priv=(enforce)
@@ -110,16 +106,12 @@ module Cisco
     end
 
     def protocol?
-      match = config_get('snmp_server', 'protocol')
-      !match.nil? && match.include?('Enable')
+      config_get('snmp_server', 'protocol')
     end
 
     def protocol=(enable)
-      if enable
-        config_set('snmp_server', 'protocol', '')
-      else
-        config_set('snmp_server', 'protocol', 'no')
-      end
+      no_cmd = (enable ? '' : 'no')
+      config_set('snmp_server', 'protocol', no_cmd)
     end
 
     def default_protocol
@@ -127,8 +119,7 @@ module Cisco
     end
 
     def tcp_session_auth?
-      match = config_get('snmp_server', 'tcp_session_auth')
-      !match.nil? && match.include?('Enabled')
+      config_get('snmp_server', 'tcp_session_auth')
     end
 
     def tcp_session_auth=(enable)

data/lib/cisco_node_utils/snmpuser.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2014-2015 Cisco and/or its affiliates.
+# Copyright (c) 2014-2016 Cisco and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -74,32 +74,39 @@ module Cisco
       end
     end
 
-    ENGINE_ID_PATTERN = /([0-9]{1,3}(:[0-9]{1,3}){4,31})/
     def self.users
       users_hash = {}
       # config_get returns hash if 1 user, array if multiple, nil if none
       users = config_get('snmp_user', 'user')
       return users_hash if users.nil?
-      users = [users] if users.is_a?(Hash)
       users.each do |user|
-        name = user['user']
-        engineid = user['engineID']
-        if engineid.nil?
+        # n7k has enforcepriv, use-ipv*acl, avoid them
+        next if user[/(enforcePriv|use-ipv4acl|use-ipv6acl)/]
+        user_var_hash = _get_snmp_user_parse(user)
+        name = user_var_hash[:name]
+        engineid = user_var_hash[:engineid]
+        if engineid.empty?
           index = name
         else
-          engineid_str = engineid.match(ENGINE_ID_PATTERN)[1]
-          index = name + ' ' + engineid_str
+          index = name + ' ' + engineid
         end
-        auth = _auth_str_to_sym(user['auth'])
-        priv = _priv_str_to_sym(user['priv'])
-
+        auth = user_var_hash[:auth]
+        priv = user_var_hash[:priv]
         groups_arr = []
-        groups = _user_to_groups(user)
-        groups.each { |group| groups_arr << group['group'].strip }
+        # take care of multiple groups here
+        # if the name already exists in hash
+        # get all the previous properties
+        if users_hash.key?(index)
+          groups_arr = users_hash[index].groups
+          auth = users_hash[index].auth_protocol
+          priv = users_hash[index].priv_protocol
+        end
 
-        users_hash[index] = SnmpUser.new(name, groups_arr, auth,
+        # add the group to the array
+        groups_arr << _get_group_arr(user_var_hash)
+        users_hash[index] = SnmpUser.new(name, groups_arr.flatten, auth,
                                          '', priv, '', false,
-                                         engineid.nil? ? '' : engineid_str,
+                                         engineid,
                                          false)
       end
       users_hash
@@ -147,11 +154,11 @@ module Cisco
     def self.auth_password(name, engine_id)
       if engine_id.empty?
         users = config_get('snmp_user', 'auth_password')
-        return nil if users.nil?
+        return nil if users.nil? || users.empty?
         users.each_entry { |user| return user[1] if user[0] == name }
       else
         users = config_get('snmp_user', 'auth_password_with_engine_id')
-        return nil if users.nil?
+        return nil if users.nil? || users.empty?
         users.each_entry do |user|
           return user[1] if user[0] == name && user[2] == engine_id
         end
@@ -170,12 +177,12 @@ module Cisco
     def self.priv_password(name, engine_id)
       if engine_id.empty?
         users = config_get('snmp_user', 'priv_password')
-        unless users.nil?
+        unless users.nil? || users.empty?
           users.each_entry { |user| return user[1] if user[0] == name }
         end
       else
         users = config_get('snmp_user', 'priv_password_with_engine_id')
-        unless users.nil?
+        unless users.nil? || users.empty?
           users.each_entry do |user|
             return user[1] if user[0] == name && user[2] == engine_id
           end
@@ -297,6 +304,47 @@ module Cisco
 
     private
 
+    def self._get_snmp_user_parse(user)
+      user_var = {}
+      lparams = user.split
+      name = lparams[0]
+      engineid_index = lparams.index('engineID')
+      auth_index = lparams.index('auth')
+      priv_index = lparams.index('priv')
+      # engineID always comes after engineid_index
+      engineid = engineid_index.nil? ? '' : lparams[engineid_index + 1]
+      # authproto always comes after auth_index
+      aut = auth_index.nil? ? '' : lparams[auth_index + 1]
+      # privproto always comes after priv_index if priv exists
+      pri = priv_index.nil? ? '' : lparams[priv_index + 1]
+      # for the empty priv protocol default
+      pri = 'des' unless pri.empty? || pri == 'aes-128'
+      auth = _auth_str_to_sym(aut)
+      priv = _priv_str_to_sym(pri)
+      user_var[:name] = name
+      user_var[:engineid] = engineid
+      user_var[:auth] = auth
+      user_var[:priv] = priv
+      user_var[:auth_index] = auth_index
+      user_var[:engineid_index] = engineid_index
+      # group may or may not exist but it is always after name
+      # lparams[1] can be group, it is not known here,
+      # but will be determined in the _get_group_arr method
+      user_var[:group] = lparams[1]
+      user_var
+    end
+
+    def self._get_group_arr(user_var_hash)
+      user_groups = []
+      auth_index = user_var_hash[:auth_index]
+      engineid_index = user_var_hash[:engineid_index]
+      # after the name it can be group or auth or engineID
+      # so filter it properly
+      user_groups << user_var_hash[:group] unless auth_index == 1 ||
+                                                  engineid_index == 1
+      user_groups
+    end
+
     def _auth_sym_to_str(sym)
       case sym
       when :sha
@@ -349,14 +397,5 @@ module Cisco
         return :none
       end
     end
-
-    def self._user_to_groups(user_hash)
-      return [] if user_hash.nil?
-      groups = user_hash['TABLE_groups']['ROW_groups'] unless
-        user_hash['TABLE_groups'].nil?
-      return [] if groups.nil?
-      groups = [groups] if groups.is_a?(Hash)
-      groups
-    end
   end
 end

data/lib/cisco_node_utils/syslog_server.rb

@@ -2,7 +2,7 @@
 #
 # Jonathan Tripathy et al., September 2015
 #
-# Copyright (c) 2014-2015 Cisco and/or its affiliates.
+# Copyright (c) 2014-2016 Cisco and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -31,10 +31,10 @@ module Cisco
       fail TypeError unless name.length > 0
       @name = name
 
-      fail TypeError unless level.is_a?(Integer) unless level.nil?
+      fail TypeError unless level.is_a?(Integer) || level.nil?
       @level = level
 
-      fail TypeError unless vrf.is_a?(String) unless vrf.nil?
+      fail TypeError unless vrf.is_a?(String) || vrf.nil?
       @vrf = vrf
 
       create if instantiate
@@ -48,14 +48,8 @@ module Cisco
 
       syslogservers_list.each do |id|
         level = config_get('syslog_server', 'level', id)
-        level = level[0].to_i unless level.nil?
 
         vrf = config_get('syslog_server', 'vrf', id)
-        if vrf.nil?
-          vrf = 'default'
-        else
-          vrf = vrf[0]
-        end
 
         hash[id] = SyslogServer.new(id, level, vrf, false)
       end

data/lib/cisco_node_utils/syslog_settings.rb

@@ -2,7 +2,7 @@
 #
 # Jonathan Tripathy et al., September 2015
 #
-# Copyright (c) 2014-2015 Cisco and/or its affiliates.
+# Copyright (c) 2014-2016 Cisco and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -43,15 +43,7 @@ module Cisco
     end
 
     def timestamp
-      timestamp = config_get('syslog_settings', 'timestamp')
-      if timestamp.nil?
-        # NXOS doesn't show if timestamp units is set to seconds, so we assume
-        # that no config displayed means that the parameter is set to seconds.
-        timestamp = config_get_default('syslog_settings', 'timestamp')
-      else
-        timestamp = config_get('syslog_settings', 'timestamp')[0]
-      end
-      timestamp
+      config_get('syslog_settings', 'timestamp')
     end
 
     def timestamp=(val)

data/lib/cisco_node_utils/tacacs_server.rb

@@ -1,6 +1,6 @@
 # Mike Wiebe, January 2015
 #
-# Copyright (c) 2015 Cisco and/or its affiliates.
+# Copyright (c) 2015-2016 Cisco and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -30,8 +30,7 @@ module Cisco
 
     # Check feature enablement
     def self.enabled
-      feat = config_get('tacacs_server', 'feature')
-      return !(feat.nil? || feat.empty?)
+      config_get('tacacs_server', 'feature')
     rescue Cisco::CliError => e
       # cmd will syntax reject when feature is not enabled
       raise unless e.clierror =~ /Syntax error/
@@ -61,8 +60,7 @@ module Cisco
 
     # Get timeout
     def timeout
-      match = config_get('tacacs_server', 'timeout')
-      match.nil? ? TacacsServer.default_timeout : match.first.to_i
+      config_get('tacacs_server', 'timeout')
     end
 
     # Get default timeout
@@ -79,8 +77,7 @@ module Cisco
 
     # Get deadtime
     def deadtime
-      match = config_get('tacacs_server', 'deadtime')
-      match.nil? ? TacacsServer.default_deadtime : match.first.to_i
+      config_get('tacacs_server', 'deadtime')
     end
 
     # Get default deadtime
@@ -100,9 +97,7 @@ module Cisco
 
     # Check if directed request is enabled
     def directed_request?
-      match = config_get('tacacs_server', 'directed_request')
-      return TacacsServer.default_directed_request if match.nil?
-      match.first[/^no/] ? false : true
+      config_get('tacacs_server', 'directed_request')
     end
 
     # Get default directed_request
@@ -126,10 +121,10 @@ module Cisco
       # ip tacacs source-interface Ethernet1/1
       # no tacacs source-interface
       match = config_get('tacacs_server', 'source_interface')
-      return TacacsServer.default_source_interface if match.nil?
+      return TacacsServer.default_source_interface if match.empty?
       # match_data will contain one of the following
       # [nil, " Ethernet1/1"] or ["no", nil]
-      match[0][0] == 'no' ? TacacsServer.default_source_interface : match[0][1]
+      match[0] == 'no' ? TacacsServer.default_source_interface : match[1]
     end
 
     # Get default source interface
@@ -140,7 +135,7 @@ module Cisco
     # Get encryption type used for the key
     def encryption_type
       match = config_get('tacacs_server', 'encryption_type')
-      match.nil? ? TACACS_SERVER_ENC_UNKNOWN : match[0][0].to_i
+      match.nil? ? TACACS_SERVER_ENC_UNKNOWN : match[0].to_i
     end
 
     # Get default encryption type
@@ -151,7 +146,7 @@ module Cisco
     # Get encryption password
     def encryption_password
       match = config_get('tacacs_server', 'encryption_password')
-      match.nil? ? TacacsServer.default_encryption_password : match[0][1]
+      match.empty? ? TacacsServer.default_encryption_password : match[1]
     end
 
     # Get default encryption password

data/lib/cisco_node_utils/tacacs_server_group.rb

@@ -0,0 +1,145 @@
+#
+# NXAPI implementation of TacacsServerGroup class
+#
+# April 2015, Alex Hunsberger
+#
+# Copyright (c) 2015-2016 Cisco and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative 'node_util'
+require_relative 'tacacs_server'
+
+module Cisco
+  # NXAPI implementation of AAA Server Group class
+  class TacacsServerGroup < NodeUtil
+    attr_reader :name
+
+    def initialize(name, create=true)
+      fail TypeError unless name.is_a? String
+      @name = name
+
+      return unless create
+
+      TacacsServer.new.enable unless TacacsServer.enabled
+      config_set('tacacs_server_group', 'group', state: '', name: name)
+    end
+
+    def destroy
+      config_set('tacacs_server_group', 'group', state: 'no', name: @name)
+    end
+
+    def servers
+      config_get('tacacs_server_group', 'servers', @name)
+    end
+
+    def servers=(new_servs)
+      fail TypeError unless new_servs.is_a? Array
+      current_servs = servers
+      new_servs.each do |s|
+        # add any servers not yet configured
+        next if current_servs.include? s
+        config_set('tacacs_server_group',
+                   'servers',
+                   name:   @name,
+                   state:  '',
+                   server: s)
+      end
+      current_servs.each do |s|
+        # remove any undesired existing servers
+        next if new_servs.include? s
+        config_set('tacacs_server_group',
+                   'servers',
+                   name:   @name,
+                   state:  'no',
+                   server: s)
+      end
+    end
+
+    def default_servers
+      config_get_default('tacacs_server_group', 'servers')
+    end
+
+    def ==(other)
+      name == other.name
+    end
+
+    # for netdev compatibility
+    def self.tacacs_server_groups
+      groups
+    end
+
+    def self.groups
+      grps = {}
+      tacgroups = config_get('tacacs_server_group', 'group') if
+        TacacsServer.enabled
+      unless tacgroups.nil?
+        tacgroups.each { |s| grps[s] = TacacsServerGroup.new(s, false) }
+      end
+      grps
+    end
+
+    def vrf
+      # vrf is always present in running config
+      v = config_get('tacacs_server_group', 'vrf', @name)
+      v.nil? ? default_vrf : v
+    end
+
+    def vrf=(v)
+      fail TypeError unless v.is_a? String
+      # vrf = "default" is equivalent to unconfiguring vrf
+      config_set('tacacs_server_group', 'vrf', name: @name, state: '', vrf: v)
+    end
+
+    def default_vrf
+      config_get_default('tacacs_server_group', 'vrf')
+    end
+
+    def deadtime
+      d = config_get('tacacs_server_group', 'deadtime', @name)
+      d.nil? ? default_deadtime : d.to_i
+    end
+
+    def deadtime=(t)
+      no_cmd = t == default_deadtime ? 'no' : ''
+      config_set('tacacs_server_group',
+                 'deadtime',
+                 name:     @name,
+                 state:    no_cmd,
+                 deadtime: t)
+    end
+
+    def default_deadtime
+      config_get_default('tacacs_server_group', 'deadtime')
+    end
+
+    def source_interface
+      i = config_get('tacacs_server_group', 'source_interface', @name)
+      i.nil? ? default_source_interface : i
+    end
+
+    def source_interface=(s)
+      fail TypeError unless s.is_a? String
+      no_cmd = s == default_source_interface ? 'no' : ''
+      config_set('tacacs_server_group',
+                 'source_interface',
+                 name:      @name,
+                 state:     no_cmd,
+                 interface: s)
+    end
+
+    def default_source_interface
+      config_get_default('tacacs_server_group', 'source_interface')
+    end
+  end
+end