cisco_node_utils 1.1.0 → 1.2.0

data/lib/cisco_node_utils/yum.rb

@@ -3,7 +3,7 @@
 #
 # April 2015, Alex Hunsberger
 #
-# Copyright (c) 2015 Cisco and/or its affiliates.
+# Copyright (c) 2015-2016 Cisco and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/tests/.rubocop.yml

@@ -9,7 +9,7 @@ Metrics/CyclomaticComplexity:
   Max: 15
 
 Metrics/MethodLength:
-  Max: 86
+  Max: 91
 
 Metrics/PerceivedComplexity:
   Max: 17

data/tests/basetest.rb

@@ -3,7 +3,7 @@
 # Basic unit test case class.
 # December 2014, Glenn F. Matthews
 #
-# Copyright (c) 2014-2015 Cisco and/or its affiliates.
+# Copyright (c) 2014-2016 Cisco and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -27,11 +27,7 @@ require 'rubygems'
 gem 'minitest', '~> 5.0'
 require 'minitest/autorun'
 require 'net/telnet'
-begin
-  require 'cisco_nxapi'
-rescue LoadError
-  require File.expand_path('../../../cisco-nxapi/lib/cisco_nxapi')
-end
+require 'cisco_nxapi'
 
 # rubocop:disable Style/ClassVars
 # We *want* the address/username/password class variables to be shared
@@ -88,7 +84,7 @@ class TestCase < Minitest::Test
     @device.login(username, password)
     CiscoLogger.debug_enable if ARGV[3] == 'debug' || ENV['DEBUG'] == '1'
   rescue Errno::ECONNREFUSED
-    puts 'Connection refused - please check that the IP address is correct'
+    puts 'Telnet login refused - please check that the IP address is correct'
     puts "  and that you have enabled 'feature telnet' on the UUT"
     exit
   end
@@ -98,12 +94,25 @@ class TestCase < Minitest::Test
     GC.start
   end
 
+  # Extend standard Minitest error handling to report UnsupportedError as skip
+  def capture_exceptions
+    super do
+      begin
+        yield
+      rescue Cisco::UnsupportedError => e
+        skip(e.to_s)
+      end
+    end
+  end
+
   def config(*args)
     # Send the entire config as one string but be sure not to return until
     # we are safely back out of config mode, i.e. prompt is
     # 'switch#' not 'switch(config)#' or 'switch(config-if)#' etc.
     @device.cmd('String' => "configure terminal\n" + args.join("\n") + "\nend",
                 'Match'  => /^[^()]+[$%#>] \z/n)
+  rescue Net::ReadTimeout => e
+    raise "Timeout when configuring:\n#{args.join("\n")}\n\n#{e}"
   end
 
   def assert_show_match(pattern: nil, command: nil, msg: nil)

data/tests/ciscotest.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2013-2015 Cisco and/or its affiliates.
+# Copyright (c) 2013-2016 Cisco and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,8 +12,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require 'ipaddr'
+require 'resolv'
 require_relative 'basetest'
 require_relative 'platform_info'
+require_relative '../lib/cisco_node_utils/interface'
 require_relative '../lib/cisco_node_utils/node'
 
 include Cisco
@@ -42,8 +45,9 @@ class CiscoTestCase < TestCase
     end
     @@node
   rescue CiscoNxapi::HTTPUnauthorized
-    puts "Unauthorized to connect as #{username}:#{password}@#{address}"
-    exit
+    abort "Unauthorized to connect as #{username}:#{password}@#{address}"
+  rescue StandardError => e
+    abort "Error in establishing connection: #{e}"
   end
 
   def setup
@@ -61,23 +65,39 @@ class CiscoTestCase < TestCase
     result
   end
 
+  def ip_address?(ip)
+    return IPAddr.new(ip).ipv4?
+  rescue IPAddr::InvalidAddressError
+    false
+  end
+
+  def convert_dns_name(ip)
+    ip_address?(ip) ? ip : Resolv.getaddress(ip)
+  rescue Resolv::ResolvError
+    raise "Unable to resolve name #{ip}. Use static ip to connect instead!"
+  end
+
+  def address_match?(int_ip)
+    # Compare the interface address with the current session address.
+    # and return true if they match.
+    return false if int_ip.nil?
+    int_ip == convert_dns_name(address)
+  end
+
   def interfaces
     unless @@interfaces
       # Build the platform_info, used for interface lookup
       # rubocop:disable Style/ClassVars
-      begin
-        platform_info = PlatformInfo.new(node.host_name)
-        @@interfaces = platform_info.get_value_from_key('interfaces')
-      rescue RuntimeError => e
-        # If there is a problem reading platform_info.yaml,
-        # assign default values
-        default_interfaces = ['Ethernet1/1', 'Ethernet1/2', 'Ethernet1/3']
-        puts "Caught exception: #{e}, assigning interfaces to default " \
-             "- #{default_interfaces}"
-        @@interfaces = default_interfaces
+      @@interfaces = []
+      Interface.interfaces.each do |int, obj|
+        next unless /ethernet/.match(int)
+        next if address_match?(obj.ipv4_address)
+        @@interfaces << int
       end
       # rubocop:enable Style/ClassVars
     end
+    abort "No suitable interfaces found on #{node} for this test" if
+      @@interfaces.empty?
     @@interfaces
   end
 
@@ -93,4 +113,26 @@ class CiscoTestCase < TestCase
     end
     @@interfaces_id
   end
+
+  # Remove all router bgps.
+  def remove_all_bgps
+    require_relative '../lib/cisco_node_utils/bgp'
+    RouterBgp.routers.each do |_asn, vrfs|
+      vrfs.each do |vrf, obj|
+        if vrf == 'default'
+          obj.destroy
+          break
+        end
+      end
+    end
+  end
+
+  # Remove all user vrfs.
+  def remove_all_vrfs
+    require_relative '../lib/cisco_node_utils/vrf'
+    Vrf.vrfs.each do |vrf, obj|
+      next if vrf[/management/]
+      obj.destroy
+    end
+  end
 end

data/tests/cmd_config.yaml

@@ -41,11 +41,11 @@ feature-snmp-comm-acl-rw:
            snmp-server community admincom use-acl SNMP_RW
 
 feature-int-loopback:
-  command: > 
+  command: >
           interface loopback0
             description testloopback
 
 feature-int-portchannel:
-  command: > 
+  command: >
           interface port-channel100
             description test-portchannel

data/tests/platform_info.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2013-2015 Cisco and/or its affiliates.
+# Copyright (c) 2013-2016 Cisco and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -27,7 +27,7 @@ class PlatformInfo
   # @param[in] device_name      hostname of device on which
   #                             UTs are to be run
   #
-  def initialize(device_name)
+  def initialize(device_name, platform)
     if device_name.nil? || device_name.empty?
       fail 'device name must be specified in PlatformInfo constructor.'
     end
@@ -41,6 +41,7 @@ class PlatformInfo
     end
 
     @platform_info_hash = project_info_hash[device_name]
+    @platform_info_hash ||= project_info_hash['default'][platform.to_s]
     fail "Error - could not find #{device_name} device specific information " \
          'in platform_info.yaml' if @platform_info_hash.nil?
   end

data/tests/test_aaa_authentication_login.rb

@@ -0,0 +1,219 @@
+# Copyright (c) 2013-2016 Cisco and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative 'ciscotest'
+require_relative '../lib/cisco_node_utils/aaa_authentication_login'
+
+# Test class for AAA Authentication Login
+class TestAaaAuthenticationLogin < CiscoTestCase
+  # DEFAULT(:ascii_authentication)
+  # => false
+  # rubocop:disable Style/MethodName
+  def DEFAULT(prop_name)
+    cmd_ref.lookup('aaa_authentication_login', prop_name.to_s).default_value
+  end
+  # rubocop:enable Style/MethodName
+
+  def aaaauthenticationlogin_detach(authlogin)
+    # Reset the device to a clean test state. Note that AAA will raise an error
+    # when disabling an authentication method while a different type is present.
+    s = @device.cmd("show run | i 'aaa authentication login'")
+    if s[/aaa authentication login (\S+) enable/]
+      config("no aaa authentication login #{Regexp.last_match(1)} enable")
+    end
+    authlogin.ascii_authentication = DEFAULT(:ascii_authentication)
+    authlogin.error_display = DEFAULT(:error_display)
+  end
+
+  def test_get_ascii_authentication
+    aaaauthlogin = AaaAuthenticationLogin
+
+    config('no aaa authentication login ascii-authentication')
+    refute(aaaauthlogin.ascii_authentication)
+
+    config('aaa authentication login ascii-authentication')
+    assert(aaaauthlogin.ascii_authentication,
+           'Error: AAA authentication login ascii get with preconfig')
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_get_default_ascii_authentication
+    aaaauthlogin = AaaAuthenticationLogin
+    config('no aaa authentication login ascii-authentication')
+    assert_equal(DEFAULT(:ascii_authentication),
+                 aaaauthlogin.default_ascii_authentication,
+                 'Error: AAA authentication login, default ascii incorrect')
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_set_ascii_authentication
+    aaaauthlogin = AaaAuthenticationLogin
+
+    aaaauthlogin.ascii_authentication = true
+    assert_show_match(command: 'show run aaa all | no-more',
+                      pattern: /^aaa authentication login ascii-authentication/)
+
+    aaaauthlogin.ascii_authentication = false
+    refute_show_match(command: 'show run aaa all | no-more',
+                      pattern: /^aaa authentication login ascii-authentication/)
+
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_get_chap
+    aaaauthlogin = AaaAuthenticationLogin
+
+    config('no aaa authentication login chap enable')
+    refute(aaaauthlogin.chap)
+
+    config('aaa authentication login chap enable')
+    assert(aaaauthlogin.chap,
+           "Error: AAA authentication login chap get with preconfig\n")
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_get_default_chap
+    aaaauthlogin = AaaAuthenticationLogin
+
+    config('no aaa authentication login chap enable')
+    assert_equal(DEFAULT(:chap),
+                 aaaauthlogin.default_chap,
+                 'Error: AAA authentication login, default chap incorrect')
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_set_chap
+    aaaauthlogin = AaaAuthenticationLogin
+
+    aaaauthlogin.chap = true
+    assert_show_match(command: 'show run aaa all | no-more',
+                      pattern: /^aaa authentication login chap enable/)
+    aaaauthlogin.chap = false
+    refute_show_match(command: 'show run aaa all | no-more',
+                      pattern: /^aaa authentication login chap enable/)
+
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_get_error_display
+    aaaauthlogin = AaaAuthenticationLogin
+
+    config('no aaa authentication login error-enable')
+    refute(aaaauthlogin.error_display,
+           'Error: AAA authentication login error display get')
+
+    config('aaa authentication login error-enable')
+    assert(aaaauthlogin.error_display,
+           'Error: AAA authentication login error display get with preconfig')
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_get_default_error_display
+    aaaauthlogin = AaaAuthenticationLogin
+
+    config('no aaa authentication login error-enable')
+    assert_equal(DEFAULT(:error_display),
+                 aaaauthlogin.default_error_display,
+                 'Error: default error display incorrect')
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_set_error_display
+    aaaauthlogin = AaaAuthenticationLogin
+
+    aaaauthlogin.error_display = true
+    assert_show_match(command: 'show run aaa all | no-more',
+                      pattern: /^aaa authentication login error-enable/)
+
+    aaaauthlogin.error_display = false
+    refute_show_match(command: 'show run aaa all | no-more',
+                      pattern: /^aaa authentication login error-enable/)
+
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_get_mschap
+    aaaauthlogin = AaaAuthenticationLogin
+
+    config('no aaa authentication login mschap enable')
+    refute(aaaauthlogin.mschap,
+           "Error: AAA authentication login mschap get\n")
+
+    config('aaa authentication login mschap enable')
+    assert(aaaauthlogin.mschap,
+           "Error: AAA authentication login mschap get with preconfig\n")
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_get_default_mschap
+    aaaauthlogin = AaaAuthenticationLogin
+
+    config('no aaa authentication login mschap enable')
+    assert_equal(DEFAULT(:mschap),
+                 aaaauthlogin.default_mschap,
+                 'Error: AAA authentication login, default mschap incorrect')
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_set_mschap
+    aaaauthlogin = AaaAuthenticationLogin
+
+    aaaauthlogin.mschap = true
+    assert_show_match(command: 'show run aaa all | no-more',
+                      pattern: /^aaa authentication login mschap enable/)
+
+    aaaauthlogin.mschap = false
+    refute_show_match(command: 'show run aaa all | no-more',
+                      pattern: /^aaa authentication login mschap enable/)
+
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_get_mschapv2
+    aaaauthlogin = AaaAuthenticationLogin
+
+    config('no aaa authentication login mschapv2 enable')
+    refute(aaaauthlogin.mschapv2,
+           "Error: AAA authentication login mschapv2 get\n")
+
+    config('aaa authentication login mschapv2 enable')
+    assert(aaaauthlogin.mschapv2,
+           "Error: AAA authentication login mschapv2 get with preconfig\n")
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_get_default_mschapv2
+    aaaauthlogin = AaaAuthenticationLogin
+
+    config('no aaa authentication login mschapv2 enable')
+    assert_equal(DEFAULT(:mschapv2),
+                 aaaauthlogin.default_mschapv2,
+                 'Error: AAA authentication login, default mschapv2 incorrect')
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+
+  def test_set_mschapv2
+    aaaauthlogin = AaaAuthenticationLogin
+
+    aaaauthlogin.mschapv2 = true
+    assert_show_match(command: 'show run aaa all | no-more',
+                      pattern: /^aaa authentication login mschapv2 enable/)
+
+    aaaauthlogin.mschapv2 = false
+    refute_show_match(command: 'show run aaa all | no-more',
+                      pattern: /^aaa authentication login mschapv2 enable/)
+
+    aaaauthenticationlogin_detach(aaaauthlogin)
+  end
+end

data/tests/test_aaa_authentication_login_service.rb

@@ -0,0 +1,759 @@
+# Copyright (c) 2014-2016 Cisco and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative 'ciscotest'
+require_relative '../lib/cisco_node_utils/aaa_authentication_login_service'
+
+AAA_AUTH_LOGIN_SERVICE_METHOD_NONE = :none
+AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL = :local
+AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED = :unselected
+
+# Test class for AAA Authentication Login Service
+class TestAaaAuthenticationLoginService < CiscoTestCase
+  def unconfig_tacacs
+    config('no feature tacacs+')
+  end
+
+  def unconfig_aaa
+    # configure defaults = unconfigure
+    config('aaa authentication login default local')
+    config('aaa authentication login console local')
+  end
+
+  def config_tacacs_servers(servers)
+    config('feature tacacs+')
+    servers.each do |server|
+      config("aaa group server tacacs+ #{server}")
+    end
+  end
+
+  def aaaauthloginservices_default
+    config('aaa authentication login default local')
+    config('aaa authentication login console local')
+  end
+
+  def aaaauthloginservice_detach(authloginservice, revert=true)
+    aaaauthloginservices_default if revert != false
+    authloginservice.destroy
+  end
+
+  def test_create_empty_service
+    assert_raises(ArgumentError) do
+      AaaAuthenticationLoginService.new('')
+    end
+  end
+
+  def test_create_invalid_service
+    assert_raises(TypeError) do
+      AaaAuthenticationLoginService.new(:test)
+    end
+  end
+
+  def test_create_service_default
+    aaaauthloginservice = AaaAuthenticationLoginService.new('default')
+    refute_nil(aaaauthloginservice,
+               'Error: login service default create')
+    aaaauthloginservice_detach(aaaauthloginservice) unless
+      aaaauthloginservice.nil?
+  end
+
+  def test_create_service_console
+    aaaauthloginservice = AaaAuthenticationLoginService.new('console')
+    refute_nil(aaaauthloginservice,
+               'Error: login service console create')
+    aaaauthloginservice_detach(aaaauthloginservice) unless
+      aaaauthloginservice.nil?
+  end
+
+  def test_collection_with_service_default
+    unconfig_aaa
+    aaaauthloginservice_list = AaaAuthenticationLoginService.services
+    refute_empty(aaaauthloginservice_list,
+                 'Error: service collection is not filled')
+    assert_equal(1, aaaauthloginservice_list.size,
+                 'Error:  collection not reporting correct ')
+    assert(aaaauthloginservice_list.key?('default'),
+           'Error:  collection does contain default')
+    aaaauthloginservice_list.each do |name, aaaauthloginservice|
+      assert_equal(name, aaaauthloginservice.name,
+                   "Error: Invalid name #{name} in collection")
+      assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL,
+                   aaaauthloginservice.method,
+                   'Error: Invalid method for defaultin collection')
+      assert_empty(aaaauthloginservice.groups,
+                   'Error: Invalid groups for default in collection')
+      aaaauthloginservice_detach(aaaauthloginservice, false)
+    end
+    aaaauthloginservices_default
+  end
+
+  def test_collection_with_service_default_and_console
+    unconfig_aaa
+    # preconfig console
+    config('aaa authentication login console none')
+
+    aaaauthloginservice_list = AaaAuthenticationLoginService.services
+    refute_empty(aaaauthloginservice_list,
+                 'Error: service collection is not filled')
+    assert_equal(2, aaaauthloginservice_list.size,
+                 'Error:  collection not reporting correct size')
+    assert(aaaauthloginservice_list.key?('default'),
+           'Error:  collection does contain default')
+    assert(aaaauthloginservice_list.key?('console'),
+           'Error:  collection does contain console')
+    aaaauthloginservice_list.each do |name, aaaauthloginservice|
+      assert_equal(name, aaaauthloginservice.name,
+                   "Error: Invalid name #{name} in collection")
+      if name == 'default'
+        assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL,
+                     aaaauthloginservice.method,
+                     'Error: Invalid method for default in collection')
+      end
+
+      if name == 'console'
+        assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                     aaaauthloginservice.method,
+                     'Error: Invalid method for console in collection')
+      end
+
+      assert_equal([], aaaauthloginservice.groups,
+                   'Error: Invalid groups for default in collection')
+      aaaauthloginservice_detach(aaaauthloginservice, false)
+    end
+    aaaauthloginservices_default
+  end
+
+  def test_collection_with_service_default_and_console_with_group
+    # preconfig servers
+    servers = %w(group1 group2)
+    config_tacacs_servers(servers)
+
+    # preconfig console
+    # we need in some specific order
+    config('aaa authentication login default group group2 group1 none',
+           'aaa authentication login console group group1')
+
+    aaaauthloginservice_list = AaaAuthenticationLoginService.services
+    refute_empty(aaaauthloginservice_list,
+                 'Error: service collection is not filled')
+    assert_equal(2, aaaauthloginservice_list.size,
+                 'Error: Login collection not reporting correct size')
+    assert(aaaauthloginservice_list.key?('default'),
+           'Error:  collection does contain default')
+    assert(aaaauthloginservice_list.key?('console'),
+           'Error:  collection does contain console')
+    aaaauthloginservice_list.each do |name, aaaauthloginservice|
+      assert_equal(name, aaaauthloginservice.name,
+                   "Error: Invalid name #{name} in collection")
+
+      if name == 'default'
+        assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                     aaaauthloginservice.method,
+                     'Error: Invalid method for default in collection')
+        groups = %w(group2 group1)
+        assert_equal(groups, aaaauthloginservice.groups,
+                     'Error: Invalid groups for default in collection')
+      end
+
+      if name == 'console'
+        assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED,
+                     aaaauthloginservice.method,
+                     'Error: Invalid method for console in collection')
+        groups = ['group1']
+        assert_equal(groups, aaaauthloginservice.groups,
+                     'Error: Invalid groups for default in collection')
+      end
+      aaaauthloginservice_detach(aaaauthloginservice, false)
+    end
+    aaaauthloginservices_default
+    unconfig_tacacs
+  end
+
+  def test_service_default_get_method
+    aaaauthloginservice =
+      AaaAuthenticationLoginService.new('default')
+
+    # default case
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL,
+                 aaaauthloginservice.method,
+                 'Error: login service default get method for local')
+
+    # preconfig default
+    config('aaa authentication login default none')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice.method,
+                 'Error: login service default get method for none')
+
+    # preconfig servers
+    servers = %w(bxb100 bxb200)
+    config_tacacs_servers(servers)
+
+    # preconfig default
+    config('aaa authentication login default group bxb100 bxb200')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED,
+                 aaaauthloginservice.method,
+                 'Error: login service group or method incorrect')
+
+    # preconfig default
+    config('aaa authentication login default group bxb200 none')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice.method,
+                 "Error: login service group incorrect or method not 'none'")
+
+    # cleanup
+    aaaauthloginservice_detach(aaaauthloginservice)
+    unconfig_tacacs
+  end
+
+  def test_service_console_get_method
+    aaaauthloginservice = AaaAuthenticationLoginService.new('console')
+
+    # default case
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL,
+                 aaaauthloginservice.method,
+                 "Error: login service method not 'local'")
+
+    # preconfig console
+    config('aaa authentication login console none')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice.method,
+                 "Error: login service method not 'none'")
+
+    # preconfig servers
+    servers = %w(bxb100 bxb200)
+    config_tacacs_servers(servers)
+
+    # preconfig console
+    config('aaa authentication login console group bxb100 bxb200')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED,
+                 aaaauthloginservice.method,
+                 "Error: login service method not 'unselected'")
+
+    # preconfig console
+    config('aaa authentication login console group bxb200 none')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice.method,
+                 "Error: login service group incorrect or method not 'none'")
+
+    # cleanup
+    aaaauthloginservice_detach(aaaauthloginservice)
+    unconfig_tacacs
+  end
+
+  def test_get_default_method
+    # service default
+    aaaauthloginservice =
+      AaaAuthenticationLoginService.new('default')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL,
+                 aaaauthloginservice.default_method,
+                 'Error: login service default,  default method')
+    aaaauthloginservice_detach(aaaauthloginservice)
+
+    # service console
+    aaaauthloginservice =
+      AaaAuthenticationLoginService.new('console')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL,
+                 aaaauthloginservice.default_method,
+                 'Error: login service console,  default method')
+    aaaauthloginservice_detach(aaaauthloginservice, false)
+  end
+
+  def test_service_default_get_groups
+    aaaauthloginservice =
+      AaaAuthenticationLoginService.new('default')
+
+    # default case
+    assert_equal(aaaauthloginservice.default_groups, aaaauthloginservice.groups,
+                 'Error: login service default get groups for default')
+
+    # preconfig servers
+    servers = %w(bxb100 sjc200 rtp10)
+    config_tacacs_servers(servers)
+
+    # preconfig default
+    config('aaa authentication login default group bxb100 sjc200')
+    groups = %w(bxb100 sjc200)
+    assert_equal(groups, aaaauthloginservice.groups,
+                 'Error: login service default get groups')
+
+    # preconfig default
+    config('aaa authentication login default group sjc200 bxb100 rtp10 none')
+    groups = %w(sjc200 bxb100 rtp10)
+    assert_equal(groups, aaaauthloginservice.groups,
+                 'Error: login service default get groups')
+
+    # cleanup
+    aaaauthloginservice_detach(aaaauthloginservice)
+    unconfig_tacacs
+  end
+
+  def test_service_console_get_groups
+    aaaauthloginservice =
+      AaaAuthenticationLoginService.new('console')
+
+    # default case
+    assert_equal(aaaauthloginservice.default_groups, aaaauthloginservice.groups,
+                 'Error: login service console get groups for default')
+
+    # preconfig servers
+    servers = %w(bxb100 sjc200 rtp10)
+    config_tacacs_servers(servers)
+
+    # preconfig console
+    config('aaa authentication login console group bxb100 sjc200')
+    groups = %w(bxb100 sjc200)
+    assert_equal(groups, aaaauthloginservice.groups,
+                 "Error: login service console get groups #{groups}")
+
+    # preconfig console
+    config('aaa authentication login console group rtp10 bxb100 none')
+    groups = %w(rtp10 bxb100)
+    assert_equal(groups, aaaauthloginservice.groups,
+                 "Error: login service console get groups #{groups}")
+
+    # preconfig console
+    config('aaa authentication login console group sjc200 bxb100 rtp10')
+    groups = %w(sjc200 bxb100 rtp10)
+    assert_equal(groups, aaaauthloginservice.groups,
+                 "Error: login service console get groups #{groups}")
+
+    # cleanup
+    aaaauthloginservice_detach(aaaauthloginservice)
+    unconfig_tacacs
+  end
+
+  # rubocop:disable Metrics/MethodLength
+  # TODO: Consider refactoring this method
+  def test_service_default_and_console_mix
+    aaaauthloginservice_default =
+      AaaAuthenticationLoginService.new('default')
+    aaaauthloginservice_console =
+      AaaAuthenticationLoginService.new('console')
+
+    # default cases
+    assert_equal(aaaauthloginservice_default.default_groups,
+                 aaaauthloginservice_default.groups,
+                 'Error: login default, get groups default')
+    assert_equal(aaaauthloginservice_console.default_groups,
+                 aaaauthloginservice_console.groups,
+                 'Error: login console, get groups default')
+    assert_equal(aaaauthloginservice_default.default_method,
+                 aaaauthloginservice_default.method,
+                 'Error: login default, get method default')
+    assert_equal(aaaauthloginservice_console.default_method,
+                 aaaauthloginservice_console.method,
+                 'Error: login console, get method default')
+
+    # preconfig servers
+    servers = %w(bxb100 sjc200 rtp10)
+    config_tacacs_servers(servers)
+
+    groups = %w(bxb100 sjc200)
+    aaaauthloginservice_default.groups_method_set(
+      groups, AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED)
+
+    assert_equal(groups, aaaauthloginservice_default.groups,
+                 "Error: login default, get groups #{groups}")
+    assert_empty(aaaauthloginservice_console.groups,
+                 'Error: login console, get groups non empty')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED,
+                 aaaauthloginservice_default.method,
+                 'Error: login default, get method')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL,
+                 aaaauthloginservice_console.method,
+                 'Error: login console, get method')
+
+    # set groups
+    aaaauthloginservice_default.groups_method_set(
+      [], AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+    aaaauthloginservice_console.groups_method_set(
+      [], AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+
+    # get
+    assert(aaaauthloginservice_default.groups.empty?,
+           'Error: login default ,get groups non empty')
+    assert_empty(aaaauthloginservice_console.groups,
+                 'Error: login console, get groups empty')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice_default.method,
+                 'Error: login default, get method none')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice_console.method,
+                 'Error: login console, get method none')
+
+    # set groups
+    aaaauthloginservice_default.groups_method_set(
+      [], AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL)
+    aaaauthloginservice_console.groups_method_set(
+      [], AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL)
+
+    # get
+    assert_empty(aaaauthloginservice_default.groups,
+                 'Error: login default, get groups non-empty')
+    assert_empty(aaaauthloginservice_console.groups,
+                 'Error: login console, get groups non-empty')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL,
+                 aaaauthloginservice_default.method,
+                 'Error: login default, get method local')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL,
+                 aaaauthloginservice_console.method,
+                 'Error: login console, get method local')
+
+    # set groups
+    aaaauthloginservice_default.groups_method_set(
+      [], AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+    aaaauthloginservice_console.groups_method_set(
+      [], AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL)
+
+    # get
+    assert_empty(aaaauthloginservice_default.groups,
+                 'Error: login default, get groups non-empty')
+    assert_empty(aaaauthloginservice_console.groups,
+                 'Error: login console, get groups non-empty')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice_default.method,
+                 'Error: login default, get method none')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL,
+                 aaaauthloginservice_console.method,
+                 'Error: login console, get method local')
+
+    # set groups
+    aaaauthloginservice_default.groups_method_set(
+      [], AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL)
+    aaaauthloginservice_console.groups_method_set(
+      [], AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+
+    # get
+    assert_empty(aaaauthloginservice_default.groups,
+                 'Error: login default, get groups non-empty')
+    assert_empty(aaaauthloginservice_console.groups,
+                 'Error: login console, get groups non-empty')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL,
+                 aaaauthloginservice_default.method,
+                 'Error: login default, get method local')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice_console.method,
+                 'Error: login console, get method none')
+
+    # set groups
+    groups_default = ['bxb100']
+    groups_console = %w(bxb100 sjc200)
+    aaaauthloginservice_default.groups_method_set(
+      groups_default, AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED)
+    aaaauthloginservice_console.groups_method_set(
+      groups_console, AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+
+    # get
+    assert_equal(groups_default,
+                 aaaauthloginservice_default.groups,
+                 "Error: login default, get groups #{groups}")
+    assert_equal(groups_console,
+                 aaaauthloginservice_console.groups,
+                 "Error: login console, get groups #{groups}")
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED,
+                 aaaauthloginservice_default.method,
+                 'Error: login default, get method local')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice_console.method,
+                 'Error: login console, get method none')
+
+    # set same groups and method
+    groups = ['bxb100']
+    aaaauthloginservice_default.groups_method_set(
+      groups, AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+    aaaauthloginservice_console.groups_method_set(
+      groups, AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+    # get
+    assert_equal(groups,
+                 aaaauthloginservice_default.groups,
+                 "Error: login default, get groups #{groups}")
+    assert_equal(groups,
+                 aaaauthloginservice_console.groups,
+                 "Error: login console, get groups #{groups}")
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice_default.method,
+                 'Error: login default, get method none')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice_console.method,
+                 'Error: login console, get method none')
+
+    # set group for console and empty for default
+    groups = %w(bxb100 rtp10)
+    aaaauthloginservice_default.groups_method_set(
+      [], AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL)
+    aaaauthloginservice_console.groups_method_set(
+      groups, AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+
+    # get
+    assert_empty(aaaauthloginservice_default.groups,
+                 'Error: login default, get groups non empty')
+    assert_equal(groups,
+                 aaaauthloginservice_console.groups,
+                 "Error: login console, get groups #{groups}")
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL,
+                 aaaauthloginservice_default.method,
+                 'Error: login default, get method local')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice_console.method,
+                 'Error: login console, get method none')
+
+    # set groups for default and empty for console
+    groups = %w(bxb100 rtp10)
+    aaaauthloginservice_default.groups_method_set(
+      groups, AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+    aaaauthloginservice_console.groups_method_set(
+      [], AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL)
+
+    # get
+    assert_equal(groups,
+                 aaaauthloginservice_default.groups,
+                 "Error: login default, get groups #{groups}")
+    assert_empty(aaaauthloginservice_console.groups,
+                 'Error: login console, get groups non-empty')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice_default.method,
+                 'Error: login default, get method none')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL,
+                 aaaauthloginservice_console.method,
+                 'Error: login console, get method local')
+
+    # set group for default and empty for console, same methos none
+    groups = %w(bxb100 rtp10)
+    aaaauthloginservice_default.groups_method_set(
+      groups, AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+    aaaauthloginservice_console.groups_method_set(
+      [], AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+
+    # get
+    assert_equal(groups,
+                 aaaauthloginservice_default.groups,
+                 "Error: login default, get groups #{groups}")
+    assert_empty(aaaauthloginservice_console.groups,
+                 'Error: login console, get groups non-empty')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice_default.method,
+                 'Error: login default, get method none')
+    assert_equal(AAA_AUTH_LOGIN_SERVICE_METHOD_NONE,
+                 aaaauthloginservice_console.method,
+                 'Error: login console, get method none')
+
+    # cleanup
+    aaaauthloginservice_detach(aaaauthloginservice_default)
+    aaaauthloginservice_detach(aaaauthloginservice_console)
+    unconfig_tacacs
+  end
+  # rubocop:enable Metrics/MethodLength,Metrics/AbcSize
+
+  def test_get_default_groups
+    # service default
+    aaaauthloginservice =
+      AaaAuthenticationLoginService.new('default')
+    assert_empty(aaaauthloginservice.default_groups,
+                 'Error: login default, default groups')
+    aaaauthloginservice_detach(aaaauthloginservice)
+
+    # service console
+    aaaauthloginservice =
+      AaaAuthenticationLoginService.new('console')
+    assert_empty(aaaauthloginservice.default_groups,
+                 'Error: login console, default groups')
+    aaaauthloginservice_detach(aaaauthloginservice)
+  end
+
+  def test_service_default_set_groups
+    # preconfig servers
+    prefix = '^aaa authentication login default group '
+    servers = %w(bxb100 sjc200 rtp10)
+    config_tacacs_servers(servers)
+
+    # service default
+    service = 'default'
+    aaaauthloginservice =
+      AaaAuthenticationLoginService.new(service)
+
+    # one group and method is unselected
+    method = AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED
+    groups = ['bxb100']
+    aaaauthloginservice.groups_method_set(groups, method)
+    assert_show_match(command: 'show run aaa all | no-more',
+                      pattern: Regexp.new(prefix + groups.join(' ')))
+
+    # multiple group and method is unselected
+    method = AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED
+    groups = %w(bxb100 sjc200)
+    aaaauthloginservice.groups_method_set(groups, method)
+    assert_show_match(command: 'show run aaa all | no-more',
+                      pattern: Regexp.new(prefix + groups.join(' ')))
+
+    # multi group and method is none
+    method = AAA_AUTH_LOGIN_SERVICE_METHOD_NONE
+    groups = %w(rtp10 bxb100 sjc200)
+    aaaauthloginservice.groups_method_set(groups, method)
+    assert_show_match(command: 'show run aaa all | no-more',
+                      pattern: Regexp.new(prefix + groups.join(' ')))
+
+    # default group and method
+    method = aaaauthloginservice.default_method
+    groups = aaaauthloginservice.default_groups
+    aaaauthloginservice.groups_method_set(groups, method)
+    assert_show_match(command: 'show run aaa all | no-more',
+                      pattern: /^aaa authentication login default local/)
+
+    aaaauthloginservice_detach(aaaauthloginservice)
+    unconfig_tacacs
+  end
+
+  def test_service_console_set_groups
+    # preconfig servers
+    prefix = '^aaa authentication login console group '
+    servers = %w(bxb100 sjc200 rtp10)
+    config_tacacs_servers(servers)
+
+    # service console
+    service = 'console'
+    aaaauthloginservice =
+      AaaAuthenticationLoginService.new(service)
+
+    # one group and method is unselected
+    method = AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED
+    groups = ['bxb100']
+    aaaauthloginservice.groups_method_set(groups, method)
+    assert_show_match(command: 'show run aaa all | no-more',
+                      pattern: Regexp.new(prefix + groups.join(' ')))
+
+    # multi group and method is unselected
+    method = AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED
+    groups = %w(bxb100 sjc200)
+    aaaauthloginservice.groups_method_set(groups, method)
+    assert_show_match(command: 'show run aaa all | no-more',
+                      pattern: Regexp.new(prefix + groups.join(' ')))
+
+    # multi group and method is none
+    method = AAA_AUTH_LOGIN_SERVICE_METHOD_NONE
+    groups = %w(rtp10 bxb100 sjc200)
+    aaaauthloginservice.groups_method_set(groups, method)
+    assert_show_match(command: 'show run aaa all | no-more',
+                      pattern: Regexp.new(prefix + groups.join(' ')))
+
+    # default group and method
+    method = aaaauthloginservice.default_method
+    groups = aaaauthloginservice.default_groups
+    aaaauthloginservice.groups_method_set(groups, method)
+    refute_show_match(command: 'show run aaa all | no-more',
+                      pattern: /^aaa authentication login console local/)
+
+    aaaauthloginservice_detach(aaaauthloginservice)
+    unconfig_tacacs
+  end
+
+  def test_service_set_groups_invalid_groups
+    # preconfig servers
+    servers = %w(bxb100 sjc200 rtp10)
+    config_tacacs_servers(servers)
+
+    # service default
+    service = 'default'
+    aaaauthloginservice =
+      AaaAuthenticationLoginService.new(service)
+
+    # one invalid group
+    groups = ['test1']
+    assert_raises(RuntimeError) do
+      aaaauthloginservice.groups_method_set(
+        groups, AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL)
+    end
+
+    # multiple groups with invalid group
+    groups = %w(rtp10 test2 bxb100)
+    assert_raises(CliError) do
+      aaaauthloginservice.groups_method_set(
+        groups, AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+    end
+
+    # multiple groups with invalid group
+    groups = %w(test4 test2 bxb100)
+    assert_raises(CliError) do
+      aaaauthloginservice.groups_method_set(
+        groups, AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+    end
+
+    # invalid array
+    groups = ['bxb100', 100, 'bxb100']
+    assert_raises(TypeError) do
+      aaaauthloginservice.groups_method_set(
+        groups, AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+    end
+    aaaauthloginservice_detach(aaaauthloginservice)
+
+    # repeat the test for service 'console'
+    service = 'console'
+    aaaauthloginservice =
+      AaaAuthenticationLoginService.new(service)
+
+    # one invalid group
+    groups = ['test1']
+    assert_raises(CliError) do
+      aaaauthloginservice.groups_method_set(
+        groups, AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED)
+    end
+
+    # multiple group with invalid group
+    groups = %w(rtp1 test1 bxb100)
+    assert_raises(RuntimeError) do
+      aaaauthloginservice.groups_method_set(
+        groups, AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL)
+    end
+
+    # multiple group with invalid group
+    groups = %w(rtp10 test1 bxb100)
+    assert_raises(CliError) do
+      aaaauthloginservice.groups_method_set(
+        groups, AAA_AUTH_LOGIN_SERVICE_METHOD_NONE)
+    end
+    aaaauthloginservice_detach(aaaauthloginservice)
+    unconfig_tacacs
+  end
+
+  def test_service_set_groups_invalid_method
+    # service default
+    service = 'default'
+    aaaauthloginservice =
+      AaaAuthenticationLoginService.new(service)
+
+    assert_raises(TypeError) do
+      aaaauthloginservice.groups_method_set([], 'bxb100')
+    end
+
+    assert_raises(ArgumentError) do
+      aaaauthloginservice.groups_method_set([], :invalid)
+    end
+
+    aaaauthloginservice_detach(aaaauthloginservice)
+
+    # service console
+    service = 'console'
+    aaaauthloginservice =
+      AaaAuthenticationLoginService.new(service)
+
+    assert_raises(TypeError) do
+      aaaauthloginservice.groups_method_set([], 'test')
+    end
+
+    assert_raises(TypeError) do
+      aaaauthloginservice.groups_method_set([], 15)
+    end
+
+    aaaauthloginservice_detach(aaaauthloginservice)
+  end
+end