cisco_node_utils 1.1.0 → 1.2.0

data/tests/test_snmpuser.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2013-2015 Cisco and/or its affiliates.
+# Copyright (c) 2013-2016 Cisco and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -111,7 +111,7 @@ class TestSnmpUser < CiscoTestCase
   end
 
   def test_engine_id_valid_and_none
-    create_user('tester', 'auth sha password engineID 22:22:22:22:23:22')
+    create_user('tester', 'auth sha XXWWPass0wrf engineID 22:22:22:22:23:22')
     create_user('tester2')
 
     snmpusers = SnmpUser.users
@@ -175,14 +175,16 @@ class TestSnmpUser < CiscoTestCase
     # destroy the user
     destroy_user(snmpuser)
     # check user got removed.
+    sleep(5)
+    node.cache_flush
     refute_show_match(command: 'show run snmp all | no-more',
                       pattern: user_pat(name, group))
     assert_nil(SnmpUser.users[name])
   end
 
   def test_snmpuser_auth_password_equal_invalid_param
-    name = 'testV3PwEqualInvalid'
-    auth_pw = 'test1234567'
+    name = 'testV3PwEqualInvalid2'
+    auth_pw = 'TeSt297534'
     create_user(name, "network-admin auth md5 #{auth_pw}")
 
     # get users
@@ -191,7 +193,7 @@ class TestSnmpUser < CiscoTestCase
 
   def test_snmpuser_auth_priv_password_equal_invalid_param
     name = 'testV3PwEqualInvalid'
-    auth_pw = 'test1234567'
+    auth_pw = 'XXWWPass0wrf'
     create_user(name, "network-admin auth md5 #{auth_pw} priv #{auth_pw}")
 
     # get users
@@ -202,7 +204,7 @@ class TestSnmpUser < CiscoTestCase
 
   def test_snmpuser_auth_password_equal_priv_invalid_param
     name = 'testV3PwEqualInvalid'
-    auth_pw = 'test1234567'
+    auth_pw = 'XXWWPass0wrf'
     create_user(name, "network-operator auth md5 #{auth_pw} priv #{auth_pw}")
 
     # get users
@@ -213,17 +215,17 @@ class TestSnmpUser < CiscoTestCase
 
   def test_snmpuser_auth_password_not_equal
     name = 'testV3PwEqual'
-    auth_pw = 'test1234567'
+    auth_pw = 'xxwwpass0r!f'
     create_user(name, "network-admin auth md5 #{auth_pw}")
 
     # get users
     snmpuser = SnmpUser.users[name]
-    refute(snmpuser.auth_password_equal?('test12345', false))
+    refute(snmpuser.auth_password_equal?('xxwwpass0r!', false))
   end
 
   def test_snmpuser_auth_password_equal
     name = 'testV3PwEqual'
-    auth_pw = 'test1234567'
+    auth_pw = 'XXWWPass0wrf'
     create_user(name, "network-admin auth md5 #{auth_pw}")
 
     # get users
@@ -249,7 +251,7 @@ class TestSnmpUser < CiscoTestCase
     snmpuser = SnmpUser.users[name]
     assert(snmpuser.auth_password_equal?(auth_pw, true))
     # verify that if we give a wrong password, the api will return false
-    refute(snmpuser.auth_password_equal?('0xfe6c', true))
+    refute(snmpuser.auth_password_equal?('0xFe6c', true))
   end
 
   def test_snmpuser_auth_priv_password_equal_localizedkey
@@ -268,8 +270,8 @@ class TestSnmpUser < CiscoTestCase
 
   def test_snmpuser_auth_priv_des_password_equal
     name = 'testV3PwEqual'
-    auth_pw = 'test1234567'
-    priv_pw = 'testdes1234'
+    auth_pw = 'XXWWPass0wrf'
+    priv_pw = 'WWXXPaas0wrf'
     create_user(name, "network-operator auth md5 #{auth_pw} priv #{priv_pw}")
 
     # get users
@@ -281,7 +283,7 @@ class TestSnmpUser < CiscoTestCase
   def test_snmpuser_create_with_single_group_auth_md5_nopriv
     name = 'userv3test5'
     groups = ['network-admin']
-    auth_pw = 'test1234567'
+    auth_pw = 'XXWWPass0wrf'
     snmpuser = SnmpUser.new(name,
                             groups,
                             :md5, auth_pw,
@@ -315,7 +317,7 @@ class TestSnmpUser < CiscoTestCase
   def test_snmpuser_create_with_single_group_auth_sha_nopriv
     name = 'userv3testsha'
     groups = ['network-admin']
-    auth_pw = 'test1234567'
+    auth_pw = 'XXWWPass0wrf'
     snmpuser = SnmpUser.new(name,
                             groups,
                             :sha, auth_pw,
@@ -333,7 +335,7 @@ class TestSnmpUser < CiscoTestCase
   def test_create_1_group_auth_sha_nopriv_pw_localized_localizedkey_false
     name = 'userv3testauthsha3'
     groups = ['network-admin']
-    auth_pw = '0xfe6cf9aea159c2c38e0a79ec23ed3cbb'
+    auth_pw = '0xFe6cf9aea159c2c38e0a79ec23ed3cbb'
 
     snmpuser = SnmpUser.new(name,
                             groups,
@@ -366,8 +368,8 @@ class TestSnmpUser < CiscoTestCase
   def test_snmpuser_create_with_single_group_auth_md5_priv_des
     name = 'userv3test6'
     groups = ['network-admin']
-    auth_pw = 'test1234567'
-    priv_pw = 'priv1234567des'
+    auth_pw = 'XXWWPass0wrf'
+    priv_pw = 'Priv973ApQsX'
     snmpuser = SnmpUser.new(name,
                             groups,
                             :md5, auth_pw,
@@ -402,8 +404,8 @@ class TestSnmpUser < CiscoTestCase
   def test_snmpuser_create_with_single_group_auth_md5_priv_aes128
     name = 'userv3test7'
     groups = ['network-admin']
-    auth_pw = 'test1234567'
-    priv_pw = 'priv1234567aes'
+    auth_pw = 'XXWWPass0wrf'
+    priv_pw = 'Priv973ApQsX'
     snmpuser = SnmpUser.new(name,
                             groups,
                             :md5, auth_pw,
@@ -438,8 +440,8 @@ class TestSnmpUser < CiscoTestCase
   def test_snmpuser_create_with_single_group_auth_sha_priv_des
     name = 'userv3test8'
     groups = ['network-admin']
-    auth_pw = 'test1234567'
-    priv_pw = 'priv1234567des'
+    auth_pw = 'XXWWPass0wrf'
+    priv_pw = 'Priv973ApQsX'
     snmpuser = SnmpUser.new(name,
                             groups,
                             :sha, auth_pw,
@@ -474,8 +476,8 @@ class TestSnmpUser < CiscoTestCase
   def test_snmpuser_create_with_single_group_auth_sha_priv_aes128
     name = 'userv3test9'
     groups = ['network-admin']
-    auth_pw = 'test1234567'
-    priv_pw = 'priv1234567aes'
+    auth_pw = 'XXWWPass0wrf'
+    priv_pw = 'Priv973ApQsX'
     snmpuser = SnmpUser.new(name,
                             groups,
                             :sha, auth_pw,
@@ -509,8 +511,8 @@ class TestSnmpUser < CiscoTestCase
 
   def test_snmpuser_create_destroy_with_engine_id
     name = 'test_with_engine_id'
-    auth_pw = 'testpassword'
-    priv_pw = 'testpassword'
+    auth_pw = 'XXWWPass0wrf'
+    priv_pw = 'XXWWPass0wrf'
     engine_id = '128:12:12:12:12'
     snmpuser = SnmpUser.new(name, [''], :md5, auth_pw, :des, priv_pw,
                             false, engine_id)
@@ -592,7 +594,7 @@ class TestSnmpUser < CiscoTestCase
 
   def test_snmpuser_auth_password_equal_with_engineid
     name = 'test_authpass_equal'
-    auth_pass = 'testpassword'
+    auth_pass = 'XXWWPass0wrf'
     engine_id = '128:12:12:12:12'
 
     snmpuser = SnmpUser.new(name, [''], :md5, auth_pass, :none, '', false,
@@ -600,25 +602,25 @@ class TestSnmpUser < CiscoTestCase
 
     assert(snmpuser.auth_password_equal?(auth_pass, false))
     # our api should be able to detect wrong password
-    refute(snmpuser.auth_password_equal?('test2468', false))
+    refute(snmpuser.auth_password_equal?('WWXXPass0wrf', false))
     snmpuser.destroy
   end
 
   def test_snmpuser_priv_password_equal_with_engineid
     name = 'test_privpass_equal'
-    priv_pass = 'testpassword'
+    priv_pass = 'XXWWPass0wrf'
     engine_id = '128:12:12:12:12'
 
     snmpuser = SnmpUser.new(name, [''], :md5, priv_pass, :des, priv_pass, false,
                             engine_id)
     assert(snmpuser.priv_password_equal?(priv_pass, false))
-    refute(snmpuser.priv_password_equal?('test2468', false))
+    refute(snmpuser.priv_password_equal?('tWWXXpass0wrf', false))
     snmpuser.destroy
 
     snmpuser = SnmpUser.new(name, [''], :md5, priv_pass,
                             :aes128, priv_pass, false, engine_id)
     assert(snmpuser.priv_password_equal?(priv_pass, false))
-    refute(snmpuser.priv_password_equal?('test2468', false))
+    refute(snmpuser.priv_password_equal?('tWWXXpass0wrf', false))
     snmpuser.destroy
   end
 

data/tests/test_syslog_server.rb

@@ -1,7 +1,7 @@
 #
 # Minitest for SyslogServer class
 #
-# Copyright (c) 2014-2015 Cisco and/or its affiliates.
+# Copyright (c) 2014-2016 Cisco and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -35,36 +35,48 @@ class TestSyslogServer < CiscoTestCase
   def no_syslogserver
     # Turn the feature off for a clean test.
     config('no logging server 1.2.3.4',
-           'no logging server 2.3.4.5',
+           'no logging server 2003::2',
            'no vrf context red')
   end
 
   # TESTS
 
-  def test_syslogserver_create_destroy_single
+  def test_create_destroy_single_ipv4
     id = '1.2.3.4'
     refute_includes(Cisco::SyslogServer.syslogservers, id)
 
     server = Cisco::SyslogServer.new(id, 2, 'default', true)
     assert_includes(Cisco::SyslogServer.syslogservers, id)
-    assert_equal(Cisco::SyslogServer.syslogservers[id], server)
+    assert_equal(server, Cisco::SyslogServer.syslogservers[id])
 
     server.destroy
     refute_includes(Cisco::SyslogServer.syslogservers, id)
   end
 
-  def test_syslogserver_create_destroy_multiple
+  def test_create_destroy_single_ipv6
+    id = '2003::2'
+    refute_includes(Cisco::SyslogServer.syslogservers, id)
+
+    server = Cisco::SyslogServer.new(id, 2, 'default', true)
+    assert_includes(Cisco::SyslogServer.syslogservers, id)
+    assert_equal(server, Cisco::SyslogServer.syslogservers[id])
+
+    server.destroy
+    refute_includes(Cisco::SyslogServer.syslogservers, id)
+  end
+
+  def test_create_destroy_multiple
     id = '1.2.3.4'
-    id2 = '2.3.4.5'
+    id2 = '2003::2'
     refute_includes(Cisco::SyslogServer.syslogservers, id)
     refute_includes(Cisco::SyslogServer.syslogservers, id2)
 
     server = Cisco::SyslogServer.new(id, 2, 'default', true)
     server2 = Cisco::SyslogServer.new(id2, 2, 'default', true)
     assert_includes(Cisco::SyslogServer.syslogservers, id)
-    assert_equal(Cisco::SyslogServer.syslogservers[id], server)
+    assert_equal(server, Cisco::SyslogServer.syslogservers[id])
     assert_includes(Cisco::SyslogServer.syslogservers, id2)
-    assert_equal(Cisco::SyslogServer.syslogservers[id2], server2)
+    assert_equal(server2, Cisco::SyslogServer.syslogservers[id2])
 
     server.destroy
     server2.destroy
@@ -72,7 +84,7 @@ class TestSyslogServer < CiscoTestCase
     refute_includes(Cisco::SyslogServer.syslogservers, id2)
   end
 
-  def test_syslogserver_create_destroy_single_vrf
+  def test_create_destroy_single_vrf_ipv4
     config('vrf context red')
     id = '1.2.3.4'
 
@@ -80,7 +92,21 @@ class TestSyslogServer < CiscoTestCase
 
     server = Cisco::SyslogServer.new(id, 2, 'red', true)
     assert_includes(Cisco::SyslogServer.syslogservers, id)
-    assert_equal(Cisco::SyslogServer.syslogservers[id], server)
+    assert_equal(server, Cisco::SyslogServer.syslogservers[id])
+
+    server.destroy
+    refute_includes(Cisco::SyslogServer.syslogservers, id)
+  end
+
+  def test_create_destroy_single_vrf_ipv6
+    config('vrf context red')
+    id = '2003::2'
+
+    refute_includes(Cisco::SyslogServer.syslogservers, id)
+
+    server = Cisco::SyslogServer.new(id, 2, 'red', true)
+    assert_includes(Cisco::SyslogServer.syslogservers, id)
+    assert_equal(server, Cisco::SyslogServer.syslogservers[id])
 
     server.destroy
     refute_includes(Cisco::SyslogServer.syslogservers, id)

data/tests/test_syslog_settings.rb

@@ -1,7 +1,7 @@
 #
 # Minitest for SyslogSetting class
 #
-# Copyright (c) 2014-2015 Cisco and/or its affiliates.
+# Copyright (c) 2014-2016 Cisco and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/tests/test_tacacs_server.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2014-2015 Cisco and/or its affiliates.
+# Copyright (c) 2014-2016 Cisco and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/tests/test_tacacs_server_group.rb

@@ -0,0 +1,405 @@
+# Copyright (c) 2014-2016 Cisco and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative 'ciscotest'
+require_relative '../lib/cisco_node_utils/tacacs_server_group'
+require_relative '../lib/cisco_node_utils/tacacs_server_host'
+
+# Test class for Tacacs Server Group
+class TestTacacsServerGroup < CiscoTestCase
+  def clean_tacacs_config
+    config('no feature tacacs',
+           'feature tacacs')
+  end
+
+  def create_tacacsserverhost(name='defaulttest')
+    TacacsServerHost.new(name)
+  end
+
+  def detach_tacacsserverhost(host)
+    host.destroy
+  end
+
+  def detach_aaaservergroup(aaa_server_group)
+    aaa_server_group.destroy
+  end
+
+  def create_aaa_group(group_name, server)
+    config("aaa group server #{server} #{group_name}")
+  end
+
+  def destroy_aaa_group(group_name, server)
+    config("no aaa group server #{server} #{group_name}")
+  end
+
+  def create_vrf(group_name, server, vrf_name)
+    config("aaa group server #{server} #{group_name} ; use-vrf #{vrf_name}")
+  end
+
+  def create_deadtime(group_name, server, deadtime)
+    config("aaa group server #{server} #{group_name} ; deadtime #{deadtime}")
+  end
+
+  def create_source_interface(group_name, server, interface)
+    config("aaa group server #{server} #{group_name} ; " \
+           "source-interface #{interface}")
+  end
+
+  def test_create_invalid_name_tacacs
+    assert_raises(TypeError) do
+      TacacsServerGroup.new(nil)
+    end
+  end
+
+  def test_create_valid_tacacs
+    group_name = 'Group1'
+    aaa_group = TacacsServerGroup.new(group_name)
+    assert_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /#{group_name}/)
+
+    detach_aaaservergroup(aaa_group)
+  end
+
+  def test_create_valid_multiple_tacacs
+    group_name1 = 'Group1'
+    group_name2 = 'Group2'
+    aaa_group1 = TacacsServerGroup.new(group_name1)
+    aaa_group2 = TacacsServerGroup.new(group_name2)
+
+    assert_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /#{group_name1}/)
+    assert_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /#{group_name2}/)
+
+    detach_aaaservergroup(aaa_group1)
+    detach_aaaservergroup(aaa_group2)
+  end
+
+  def test_collection_empty_tacacs
+    clean_tacacs_config
+    aaa_group_list = TacacsServerGroup.groups
+    assert_empty(aaa_group_list,
+                 'Error: TacacsServerGroup collection is not empty')
+  end
+
+  def test_collection_multi_tacacs
+    clean_tacacs_config
+    group_name1 = 'Group1'
+    group_name2 = 'Group2'
+    group_name3 = 'Group3'
+    aaa_group1 = TacacsServerGroup.new(group_name1)
+
+    groups = TacacsServerGroup.groups
+    assert_equal(1, groups.size,
+                 'Error: TacacsServerGroup collection reporting incorrect size')
+    assert(groups.key?(group_name1),
+           "Error: TacacsServerGroup collection does contain #{group_name1}")
+    detach_aaaservergroup(aaa_group1)
+
+    create_aaa_group(group_name2, 'tacacs+')
+    create_aaa_group(group_name3, 'tacacs+')
+    groups = TacacsServerGroup.groups
+    refute_empty(groups, 'Error: TacacsServerGroup collection is not filled')
+    assert_equal(2, groups.size,
+                 'Error: TacacsServerGroup collection reporting incorrect size')
+    assert(groups.key?(group_name2),
+           "Error: TacacsServerGroup collection does contain #{group_name2}")
+    assert(groups.key?(group_name3),
+           "Error: TacacsServerGroup collection does contain #{group_name3}")
+
+    destroy_aaa_group(group_name2, 'tacacs+')
+    destroy_aaa_group(group_name3, 'tacacs+')
+  end
+
+  def test_servers_tacacs
+    clean_tacacs_config
+    server_name1 = 'server1'
+    server_name2 = 'server2'
+    server1 = create_tacacsserverhost(server_name1)
+    server2 = create_tacacsserverhost(server_name2)
+
+    aaa_group = TacacsServerGroup.new('Group1')
+
+    # pre check that default servers are empty
+    default_server = aaa_group.default_servers
+    assert_empty(default_server, 'Error: Default Servers are not empty')
+
+    aaa_group.servers = [server_name1, server_name2]
+
+    # Check collection size
+    servers = aaa_group.servers
+    assert_equal(2, servers.size,
+                 'Error: Collection is not two servers')
+    assert(servers.include?('server1'),
+           "Error: Collection does not contain #{server_name1}")
+    assert(servers.include?('server2'),
+           "Error: Collection does not contain #{server_name2}")
+
+    detach_aaaservergroup(aaa_group)
+    detach_tacacsserverhost(server1)
+    detach_tacacsserverhost(server2)
+  end
+
+  def test_add_server_tacacs
+    server_name1 = 'server1'
+    server_name2 = 'server2'
+    server1 = create_tacacsserverhost(server_name1)
+    server2 = create_tacacsserverhost(server_name2)
+
+    aaa_group = TacacsServerGroup.new('Group1')
+    aaa_group.servers = [server_name1, server_name2]
+
+    assert_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /server #{server_name1}/)
+    assert_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /server #{server_name2}/)
+
+    detach_aaaservergroup(aaa_group)
+    detach_tacacsserverhost(server1)
+    detach_tacacsserverhost(server2)
+  end
+
+  def test_remove_server_tacacs
+    clean_tacacs_config
+    server_name1 = 'server1'
+    server_name2 = 'server2'
+    server1 = create_tacacsserverhost(server_name1)
+    server2 = create_tacacsserverhost(server_name2)
+
+    aaa_group = TacacsServerGroup.new('Group1')
+    aaa_group.servers = [server_name1, server_name2]
+
+    # Check collection size
+    servers = aaa_group.servers
+    assert_equal(2, servers.size,
+                 'Error: Collection is not two servers')
+
+    # Now remove them and then check again
+    aaa_group.servers = [server_name2]
+    refute_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /server #{server_name1}/)
+
+    aaa_group.servers = []
+    refute_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /server #{server_name2}/)
+
+    detach_aaaservergroup(aaa_group)
+    detach_tacacsserverhost(server1)
+    detach_tacacsserverhost(server2)
+  end
+
+  def test_remove_server_twice_tacacs
+    clean_tacacs_config
+    server_name1 = 'server1'
+    server_name2 = 'server2'
+    server1 = create_tacacsserverhost(server_name1)
+    server2 = create_tacacsserverhost(server_name2)
+
+    aaa_group = TacacsServerGroup.new('Group1')
+    aaa_group.servers = [server_name1, server_name2]
+
+    # Check collection size
+    servers = aaa_group.servers
+    assert_equal(2, servers.size,
+                 'Error: Collection is not two servers')
+
+    # Remove server 1
+    aaa_group.servers = [server_name2]
+    refute_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /server #{server_name1}/)
+
+    # Now remove server 2
+    aaa_group.servers = []
+    refute_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /server #{server_name2}/)
+
+    # Check collection size
+    servers = aaa_group.servers
+    assert_empty(servers, 'Error: Collection not empty')
+
+    detach_aaaservergroup(aaa_group)
+    detach_tacacsserverhost(server1)
+    detach_tacacsserverhost(server2)
+  end
+
+  def test_get_vrf_tacacs
+    group_name1 = 'Group1'
+    aaa_group = TacacsServerGroup.new(group_name1)
+
+    vrf = cmd_ref.lookup('tacacs_server_group', 'vrf').default_value
+    assert_equal(vrf, aaa_group.vrf,
+                 'Error: TacacsServerGroup, vrf not default')
+
+    vrf = 'TESTME'
+    create_vrf(group_name1, 'tacacs+', vrf)
+    assert_equal(vrf, aaa_group.vrf,
+                 'Error: TacacsServerGroup, vrf not configured')
+
+    vrf = cmd_ref.lookup('tacacs_server_group', 'vrf').default_value
+    aaa_group.vrf = vrf
+    assert_equal(vrf, aaa_group.vrf,
+                 'Error: TacacsServerGroup, vrf not restored to default')
+
+    detach_aaaservergroup(aaa_group)
+  end
+
+  def test_get_default_vrf_tacacs
+    aaa_group = TacacsServerGroup.new('Group1')
+    assert_equal(cmd_ref.lookup('tacacs_server_group', 'vrf').default_value,
+                 aaa_group.default_vrf,
+                 'Error: TacacsServerGroup, default vrf incorrect')
+    detach_aaaservergroup(aaa_group)
+  end
+
+  def test_set_vrf_tacacs
+    vrf = 'management-123'
+    aaa_group = TacacsServerGroup.new('Group1')
+    aaa_group.vrf = vrf
+    assert_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /use-vrf #{vrf}/)
+
+    # Invalid case
+    assert_raises(TypeError) do
+      aaa_group.vrf = 2450
+    end
+    detach_aaaservergroup(aaa_group)
+  end
+
+  def test_get_deadtime_tacacs
+    group_name = 'Group1'
+    aaa_group = TacacsServerGroup.new(group_name)
+
+    deadtime = cmd_ref.lookup('tacacs_server_group', 'deadtime').default_value
+    assert_equal(deadtime, aaa_group.deadtime,
+                 'Error: TacacsServerGroup, deadtime not default')
+
+    deadtime = 850
+    create_deadtime(group_name, 'tacacs+', deadtime)
+    assert_equal(deadtime, aaa_group.deadtime,
+                 'Error: TacacsServerGroup, deadtime not configured')
+
+    deadtime = cmd_ref.lookup('tacacs_server_group', 'deadtime').default_value
+    aaa_group.deadtime = deadtime
+    assert_equal(deadtime, aaa_group.deadtime,
+                 'Error: TacacsServerGroup, deadtime not restored to default')
+
+    detach_aaaservergroup(aaa_group)
+  end
+
+  def test_get_default_deadtime_tacacs
+    aaa_group = TacacsServerGroup.new('Group1')
+    assert_equal(
+      cmd_ref.lookup('tacacs_server_group', 'deadtime').default_value,
+      aaa_group.default_deadtime,
+      'Error: TacacsServerGroup, default deadtime incorrect')
+    detach_aaaservergroup(aaa_group)
+  end
+
+  def test_set_deadtime_tacacs
+    deadtime = 1250
+    aaa_group = TacacsServerGroup.new('Group1')
+    aaa_group.deadtime = deadtime
+    assert_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /deadtime #{deadtime}/,
+                      msg:     'Error: deadtime not configured')
+    # Invalid case
+    deadtime = 2450
+    assert_raises(CliError) do
+      aaa_group.deadtime = deadtime
+    end
+    detach_aaaservergroup(aaa_group)
+  end
+
+  def test_get_source_interface_tacacs
+    group_name = 'Group1'
+    aaa_group = TacacsServerGroup.new(group_name)
+    intf =
+      cmd_ref.lookup('tacacs_server_group', 'source_interface').default_value
+    assert_equal(intf, aaa_group.source_interface,
+                 'Error: TacacsServerGroup, source-interface set')
+
+    intf = 'Ethernet1/1'
+    create_source_interface(group_name, 'tacacs+', intf)
+    assert_equal(intf, aaa_group.source_interface,
+                 'Error: TacacsServerGroup, source-interface not correct')
+
+    intf = 'Ethernet1/32'
+    create_source_interface(group_name, 'tacacs+', intf)
+    assert_equal(intf, aaa_group.source_interface,
+                 'Error: TacacsServerGroup, source-interface not correct')
+
+    detach_aaaservergroup(aaa_group)
+  end
+
+  def test_get_default_source_interface_tacacs
+    aaa_group = TacacsServerGroup.new('Group1')
+    assert_equal(
+      cmd_ref.lookup('tacacs_server_group', 'source_interface').default_value,
+      aaa_group.default_source_interface,
+      'Error: Aaa_Group Server, default source-interface incorrect')
+    detach_aaaservergroup(aaa_group)
+  end
+
+  def test_set_source_interface_tacacs
+    intf =
+      cmd_ref.lookup('tacacs_server_group', 'source_interface').default_value
+    aaa_group = TacacsServerGroup.new('Group1')
+    assert_equal(intf, aaa_group.source_interface,
+                 'Error: Aaa_Group Server, source-interface not default')
+
+    aaa_group.source_interface = 'loopback1'
+    assert_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /source-interface loopback1/,
+                      msg:     'Error: source-interface not correct')
+
+    aaa_group.source_interface =
+      cmd_ref.lookup('tacacs_server_group', 'source_interface').default_value
+    refute_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /source-interface loopback1/)
+
+    # Invalid case
+    state = true
+    assert_raises(TypeError) do
+      aaa_group.source_interface = state
+    end
+
+    detach_aaaservergroup(aaa_group)
+  end
+
+  # tacacs_server_groups method is the same as groups, added for netdev
+  # compatibility, make sure output is the same
+  def test_groups_methods_equality
+    aaagroup1 = TacacsServerGroup.new('test1')
+    aaagroup2 = TacacsServerGroup.new('test2')
+    aaagroup3 = TacacsServerGroup.new('test3')
+
+    groups1 = TacacsServerGroup.groups.sort
+    groups2 = TacacsServerGroup.tacacs_server_groups.sort
+
+    assert_equal(groups1, groups2)
+
+    detach_aaaservergroup(aaagroup1)
+    detach_aaaservergroup(aaagroup2)
+    detach_aaaservergroup(aaagroup3)
+  end
+
+  def test_destroy_tacacs
+    group_name = 'Group1'
+    aaa_group = TacacsServerGroup.new(group_name)
+
+    detach_aaaservergroup(aaa_group)
+    refute_show_match(command: 'show run tacacs+ all | no-more',
+                      pattern: /#{group_name}/)
+  end
+end