cisco_node_utils 1.3.0 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/CHANGELOG.md +66 -0
- data/Gemfile +1 -0
- data/README.md +44 -43
- data/bin/.rubocop.yml +18 -0
- data/bin/show_running_yang.rb +233 -0
- data/cisco_node_utils.gemspec +1 -1
- data/docs/README-maintainers.md +1 -0
- data/docs/README-utilities.md +14 -0
- data/lib/.rubocop.yml +1 -1
- data/lib/cisco_node_utils/aaa_authentication_login_service.rb +8 -3
- data/lib/cisco_node_utils/aaa_authorization_service.rb +6 -0
- data/lib/cisco_node_utils/bfd_global.rb +300 -0
- data/lib/cisco_node_utils/bgp.rb +6 -4
- data/lib/cisco_node_utils/bgp_af.rb +2 -0
- data/lib/cisco_node_utils/bgp_neighbor.rb +14 -0
- data/lib/cisco_node_utils/bgp_neighbor_af.rb +4 -1
- data/lib/cisco_node_utils/cisco_cmn_utils.rb +126 -0
- data/lib/cisco_node_utils/client/client.rb +6 -2
- data/lib/cisco_node_utils/client/grpc/client.rb +120 -36
- data/lib/cisco_node_utils/client/nxapi/client.rb +6 -2
- data/lib/cisco_node_utils/cmd_ref/DEPRECATED.yaml +118 -0
- data/lib/cisco_node_utils/cmd_ref/aaa_authorization_service.yaml +14 -0
- data/lib/cisco_node_utils/cmd_ref/bfd_global.yaml +117 -0
- data/lib/cisco_node_utils/cmd_ref/bgp.yaml +7 -7
- data/lib/cisco_node_utils/cmd_ref/bgp_neighbor.yaml +7 -0
- data/lib/cisco_node_utils/cmd_ref/dhcp_relay_global.yaml +125 -0
- data/lib/cisco_node_utils/cmd_ref/feature.yaml +10 -0
- data/lib/cisco_node_utils/cmd_ref/interface.yaml +141 -49
- data/lib/cisco_node_utils/cmd_ref/interface_ospf.yaml +44 -0
- data/lib/cisco_node_utils/cmd_ref/interface_portchannel.yaml +6 -0
- data/lib/cisco_node_utils/cmd_ref/ospf.yaml +6 -0
- data/lib/cisco_node_utils/cmd_ref/ospf_area.yaml +91 -0
- data/lib/cisco_node_utils/cmd_ref/ospf_area_vlink.yaml +88 -0
- data/lib/cisco_node_utils/cmd_ref/overlay_global.yaml +0 -3
- data/lib/cisco_node_utils/cmd_ref/show_version.yaml +3 -3
- data/lib/cisco_node_utils/cmd_ref/snmp_community.yaml +39 -15
- data/lib/cisco_node_utils/cmd_ref/snmp_notification_receiver.yaml +43 -21
- data/lib/cisco_node_utils/cmd_ref/snmp_server.yaml +48 -19
- data/lib/cisco_node_utils/cmd_ref/snmp_user.yaml +0 -0
- data/lib/cisco_node_utils/cmd_ref/tacacs_global.yaml +30 -0
- data/lib/cisco_node_utils/cmd_ref/tacacs_server.yaml +18 -6
- data/lib/cisco_node_utils/cmd_ref/vdc.yaml +4 -0
- data/lib/cisco_node_utils/cmd_ref/virtual_service.yaml +1 -0
- data/lib/cisco_node_utils/cmd_ref/vlan.yaml +23 -10
- data/lib/cisco_node_utils/cmd_ref/vxlan_vtep.yaml +8 -2
- data/lib/cisco_node_utils/cmd_ref/yang.yaml +7 -0
- data/lib/cisco_node_utils/cmd_ref/yum.yaml +10 -1
- data/lib/cisco_node_utils/constants.rb +8 -1
- data/lib/cisco_node_utils/dhcp_relay_global.rb +302 -0
- data/lib/cisco_node_utils/exceptions.rb +29 -0
- data/lib/cisco_node_utils/feature.rb +28 -0
- data/lib/cisco_node_utils/interface.rb +493 -402
- data/lib/cisco_node_utils/interface_DEPRECATED.rb +513 -0
- data/lib/cisco_node_utils/interface_ospf.rb +126 -0
- data/lib/cisco_node_utils/interface_portchannel.rb +16 -0
- data/lib/cisco_node_utils/logger.rb +3 -0
- data/lib/cisco_node_utils/node.rb +29 -1
- data/lib/cisco_node_utils/overlay_global.rb +1 -12
- data/lib/cisco_node_utils/pim.rb +1 -0
- data/lib/cisco_node_utils/pim_group_list.rb +1 -0
- data/lib/cisco_node_utils/pim_rp_address.rb +1 -0
- data/lib/cisco_node_utils/platform.rb +9 -2
- data/lib/cisco_node_utils/router_ospf.rb +1 -1
- data/lib/cisco_node_utils/router_ospf_area.rb +416 -0
- data/lib/cisco_node_utils/router_ospf_area_vlink.rb +313 -0
- data/lib/cisco_node_utils/router_ospf_vrf.rb +17 -0
- data/lib/cisco_node_utils/snmp_notification_receiver.rb +27 -9
- data/lib/cisco_node_utils/snmpcommunity.rb +34 -8
- data/lib/cisco_node_utils/snmpserver.rb +4 -4
- data/lib/cisco_node_utils/snmpuser.rb +0 -0
- data/lib/cisco_node_utils/tacacs_global.rb +102 -0
- data/lib/cisco_node_utils/tacacs_server.rb +8 -7
- data/lib/cisco_node_utils/vdc.rb +25 -7
- data/lib/cisco_node_utils/version.rb +1 -1
- data/lib/cisco_node_utils/vlan.rb +30 -56
- data/lib/cisco_node_utils/vlan_DEPRECATED.rb +108 -0
- data/lib/cisco_node_utils/yang.rb +160 -0
- data/lib/cisco_node_utils/yum.rb +25 -32
- data/tests/.rubocop.yml +3 -0
- data/tests/ciscotest.rb +136 -19
- data/tests/cmd_config_invalid.yaml +1 -1
- data/tests/noop.rb +7 -0
- data/tests/tacacs_server.yaml.example +6 -0
- data/tests/test_aaa_authentication_login.rb +24 -1
- data/tests/test_aaa_authentication_login_service.rb +9 -16
- data/tests/test_aaa_authorization_service.rb +111 -84
- data/tests/test_bfd_global.rb +278 -0
- data/tests/test_bgp_neighbor.rb +20 -0
- data/tests/test_bridge_domain_vni.rb +2 -9
- data/tests/test_cmn_utils.rb +76 -0
- data/tests/test_dhcp_relay_global.rb +284 -0
- data/tests/test_dns_domain.rb +4 -4
- data/tests/test_domain_name.rb +2 -2
- data/tests/test_encapsulation.rb +2 -4
- data/tests/test_evpn_vni.rb +14 -7
- data/tests/test_fabricpath_global.rb +12 -13
- data/tests/test_feature.rb +35 -17
- data/tests/test_interface.rb +352 -127
- data/tests/test_interface_bdi.rb +2 -2
- data/tests/test_interface_channel_group.rb +1 -1
- data/tests/test_interface_ospf.rb +153 -23
- data/tests/test_interface_portchannel.rb +15 -6
- data/tests/test_interface_private_vlan.rb +200 -576
- data/tests/test_interface_svi.rb +5 -52
- data/tests/test_interface_switchport.rb +80 -240
- data/tests/test_itd_device_group.rb +2 -2
- data/tests/test_itd_device_group_node.rb +2 -2
- data/tests/test_itd_service.rb +1 -1
- data/tests/test_name_server.rb +3 -3
- data/tests/test_node_ext.rb +15 -17
- data/tests/test_ntp_config.rb +1 -1
- data/tests/test_ntp_server.rb +3 -3
- data/tests/test_nxapi.rb +1 -0
- data/tests/test_overlay_global.rb +15 -19
- data/tests/test_pim.rb +5 -5
- data/tests/test_pim_group_list.rb +1 -37
- data/tests/test_pim_rp_address.rb +1 -1
- data/tests/test_platform.rb +9 -11
- data/tests/test_portchannel_global.rb +43 -3
- data/tests/test_radius_server.rb +1 -1
- data/tests/test_radius_server_group.rb +1 -1
- data/tests/test_router_bgp.rb +17 -30
- data/tests/test_router_ospf_area.rb +433 -0
- data/tests/test_router_ospf_area_vlink.rb +298 -0
- data/tests/test_router_ospf_vrf.rb +17 -0
- data/tests/test_snmp_notification_receiver.rb +11 -11
- data/tests/test_snmpcommunity.rb +177 -69
- data/tests/test_snmpgroup.rb +7 -7
- data/tests/test_snmpserver.rb +164 -253
- data/tests/test_snmpuser.rb +73 -69
- data/tests/test_stp_global.rb +15 -15
- data/tests/test_syslog_settings.rb +1 -1
- data/tests/test_tacacs_global.rb +80 -0
- data/tests/test_tacacs_server.rb +129 -51
- data/tests/test_tacacs_server_group.rb +3 -29
- data/tests/test_tacacs_server_host.rb +24 -27
- data/tests/test_vlan.rb +57 -59
- data/tests/test_vlan_private.rb +271 -284
- data/tests/test_vpc.rb +10 -4
- data/tests/test_vrf.rb +2 -0
- data/tests/test_vrf_af.rb +2 -5
- data/tests/test_vtp.rb +5 -2
- data/tests/test_vxlan_vtep.rb +20 -44
- data/tests/test_vxlan_vtep_vni.rb +23 -16
- data/tests/test_yang.rb +369 -0
- data/tests/test_yum.rb +34 -42
- data/tests/yum_package.yaml +35 -0
- metadata +31 -4
- data/tests/test_vlan_mt_full.rb +0 -85
data/tests/noop.rb
ADDED
@@ -16,8 +16,31 @@ require_relative 'ciscotest'
|
|
16
16
|
require_relative '../lib/cisco_node_utils/aaa_authentication_login'
|
17
17
|
|
18
18
|
# Test class for AAA Authentication Login
|
19
|
-
class
|
19
|
+
class TestAaaAuthenLogin < CiscoTestCase
|
20
20
|
@skip_unless_supported = 'aaa_authentication_login'
|
21
|
+
@@pre_clean_needed = true # rubocop:disable Style/ClassVars
|
22
|
+
|
23
|
+
def setup
|
24
|
+
super
|
25
|
+
return unless @@pre_clean_needed
|
26
|
+
cleanup
|
27
|
+
@@pre_clean_needed = false # rubocop:disable Style/ClassVars
|
28
|
+
end
|
29
|
+
|
30
|
+
def teardown
|
31
|
+
cleanup
|
32
|
+
super
|
33
|
+
end
|
34
|
+
|
35
|
+
def cleanup
|
36
|
+
# Remove any stale commands that may conflict with this testfile
|
37
|
+
s = @device.cmd("show run | i '^aaa authentication' | sed 's/^/no /'")
|
38
|
+
s.split("\n").each do |line|
|
39
|
+
next unless line[/no aaa/]
|
40
|
+
config_no_warn(line)
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
21
44
|
# DEFAULT(:ascii_authentication)
|
22
45
|
# => false
|
23
46
|
# rubocop:disable Style/MethodName
|
@@ -20,14 +20,13 @@ AAA_AUTH_LOGIN_SERVICE_METHOD_LOCAL = :local
|
|
20
20
|
AAA_AUTH_LOGIN_SERVICE_METHOD_UNSELECTED = :unselected
|
21
21
|
|
22
22
|
# Test class for AAA Authentication Login Service
|
23
|
-
class
|
23
|
+
class TestAaaAuthenLoginSvc < CiscoTestCase
|
24
24
|
@skip_unless_supported = 'aaa_auth_login_service'
|
25
25
|
|
26
26
|
def setup
|
27
27
|
super
|
28
|
-
|
29
|
-
|
30
|
-
node.os_version[/7.0\(3\)I3\(/]
|
28
|
+
skip_legacy_defect?('7.0.3.I3.1',
|
29
|
+
'CSCuz44696: Cannot configure aaa group server tacacs')
|
31
30
|
end
|
32
31
|
|
33
32
|
def unconfig_tacacs
|
@@ -85,13 +84,12 @@ class TestAaaAuthenticationLoginService < CiscoTestCase
|
|
85
84
|
aaaauthloginservice.nil?
|
86
85
|
end
|
87
86
|
|
88
|
-
|
87
|
+
# Test with service default
|
88
|
+
def test_collection_svc_def
|
89
89
|
unconfig_aaa
|
90
90
|
aaaauthloginservice_list = AaaAuthenticationLoginService.services
|
91
91
|
refute_empty(aaaauthloginservice_list,
|
92
92
|
'Error: service collection is not filled')
|
93
|
-
assert_equal(1, aaaauthloginservice_list.size,
|
94
|
-
'Error: collection not reporting correct ')
|
95
93
|
assert(aaaauthloginservice_list.key?('default'),
|
96
94
|
'Error: collection does contain default')
|
97
95
|
aaaauthloginservice_list.each do |name, aaaauthloginservice|
|
@@ -107,7 +105,8 @@ class TestAaaAuthenticationLoginService < CiscoTestCase
|
|
107
105
|
aaaauthloginservices_default
|
108
106
|
end
|
109
107
|
|
110
|
-
|
108
|
+
# Test with service default and console
|
109
|
+
def test_collection_svc_def_con
|
111
110
|
unconfig_aaa
|
112
111
|
# preconfig console
|
113
112
|
config('aaa authentication login console none')
|
@@ -143,7 +142,8 @@ class TestAaaAuthenticationLoginService < CiscoTestCase
|
|
143
142
|
aaaauthloginservices_default
|
144
143
|
end
|
145
144
|
|
146
|
-
|
145
|
+
# Test with service default and console with group
|
146
|
+
def test_collection_svc_def_con_grp
|
147
147
|
# preconfig servers
|
148
148
|
servers = %w(group1 group2)
|
149
149
|
config_tacacs_servers(servers)
|
@@ -655,13 +655,6 @@ class TestAaaAuthenticationLoginService < CiscoTestCase
|
|
655
655
|
assert_show_match(command: 'show run aaa all | no-more',
|
656
656
|
pattern: Regexp.new(prefix + groups.join(' ')))
|
657
657
|
|
658
|
-
# default group and method
|
659
|
-
method = aaaauthloginservice.default_method
|
660
|
-
groups = aaaauthloginservice.default_groups
|
661
|
-
aaaauthloginservice.groups_method_set(groups, method)
|
662
|
-
refute_show_match(command: 'show run aaa all | no-more',
|
663
|
-
pattern: /^aaa authentication login console local/)
|
664
|
-
|
665
658
|
aaaauthloginservice_detach(aaaauthloginservice)
|
666
659
|
unconfig_tacacs
|
667
660
|
end
|
@@ -12,20 +12,20 @@
|
|
12
12
|
# See the License for the specific language governing permissions and
|
13
13
|
# limitations under the License.
|
14
14
|
|
15
|
+
require 'yaml'
|
15
16
|
require_relative 'ciscotest'
|
16
17
|
require_relative '../lib/cisco_node_utils/aaa_authorization_service'
|
17
18
|
|
18
19
|
# TestAaaAuthorizationService - Minitest for AaaAuthorizationService util
|
19
|
-
class
|
20
|
+
class TestAaaAuthorSvc < CiscoTestCase
|
20
21
|
@skip_unless_supported = 'aaa_authorization_service'
|
21
22
|
@@pre_clean_needed = true # rubocop:disable Style/ClassVars
|
22
23
|
|
23
24
|
def setup
|
24
25
|
super
|
25
|
-
# TBD: Remove once CSCuz44696 is resolved.
|
26
|
-
skip('This test is not currently supported on 7.0(3)I3 images') if
|
27
|
-
node.os_version[/7.0\(3\)I3\(/]
|
28
26
|
|
27
|
+
skip_legacy_defect?('7.0.3.I3.1',
|
28
|
+
'CSCuz44696: Cannot configure aaa group server tacacs')
|
29
29
|
cleanup_aaa if @@pre_clean_needed
|
30
30
|
@@pre_clean_needed = false # rubocop:disable Style/ClassVars
|
31
31
|
feature_tacacs
|
@@ -42,6 +42,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
42
42
|
def cleanup_aaa
|
43
43
|
cmds = config('show run aaa').scan(/^aaa auth.*/)
|
44
44
|
cmds.each do |cmd|
|
45
|
+
cmd = strip_local(cmd) unless AaaAuthorizationService.remove_local_auth
|
45
46
|
config("no #{cmd}")
|
46
47
|
end
|
47
48
|
end
|
@@ -57,6 +58,13 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
57
58
|
config("#{state} feature tacacs+")
|
58
59
|
end
|
59
60
|
|
61
|
+
def strip_local(config_string)
|
62
|
+
# AAA authorization method 'local' is a prerequisite for several tests in
|
63
|
+
# this suite but once configured by design is not allowed to be removed on
|
64
|
+
# certain nxos platforms.
|
65
|
+
config_string.gsub('local', '')
|
66
|
+
end
|
67
|
+
|
60
68
|
# Helper method to get regexp for aaa authorization commands
|
61
69
|
def get_pattern(cmd_type, service, groups, method=:unselected)
|
62
70
|
cmd_type = cmd_type == :config_commands ? 'config-commands' : cmd_type.to_s
|
@@ -70,17 +78,19 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
70
78
|
Regexp.new(p)
|
71
79
|
end
|
72
80
|
|
73
|
-
#
|
74
|
-
# group can be included in the testing such access to the device
|
75
|
-
# never is compromised.
|
81
|
+
# Pre-configure the user-defined tacacs server in tests/tacacs_server.yaml
|
76
82
|
def preconfig_tacacs_server_access(group_name)
|
77
|
-
|
78
|
-
|
83
|
+
path = File.expand_path('../tacacs_server.yaml', __FILE__)
|
84
|
+
skip('Cannot find tests/tacacs_server.yaml') unless File.file?(path)
|
85
|
+
cfg = YAML.load(File.read(path))
|
86
|
+
valid_cfg?(cfg)
|
87
|
+
config("tacacs-server host #{cfg['host']} key #{cfg['key']}",
|
79
88
|
"aaa group server tacacs+ #{group_name}",
|
80
|
-
|
81
|
-
|
82
|
-
|
89
|
+
"server #{cfg['host']}",
|
90
|
+
"use-vrf #{cfg['vrf']}",
|
91
|
+
"source-interface #{cfg['intf']}",
|
83
92
|
'aaa authentication login ascii-authentication')
|
93
|
+
valid_server?(cfg['host'])
|
84
94
|
end
|
85
95
|
|
86
96
|
def prefix
|
@@ -95,57 +105,73 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
95
105
|
%w(tac_group bxb100 sjc200 rtp10)
|
96
106
|
end
|
97
107
|
|
108
|
+
def valid_cfg?(cfg)
|
109
|
+
skip('tests/tacacs_server.yaml file is empty') unless cfg
|
110
|
+
msg = 'Missing key in tests/tacacs_server.yaml'
|
111
|
+
%w(host key vrf intf).each do |key|
|
112
|
+
skip("#{msg}: #{key}") if cfg[key].nil?
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
def valid_server?(host)
|
117
|
+
test_aaa = config("test aaa server tacacs+ #{host} test test")
|
118
|
+
# Valid tacacs server will return message regarding user authentication
|
119
|
+
valid = test_aaa[/^user has \S+ authenticat(ed|ion)/]
|
120
|
+
fail "Host '#{host}' is either not a valid tacacs server " \
|
121
|
+
'or not reachable' unless valid
|
122
|
+
end
|
123
|
+
|
98
124
|
def test_create_unsupported_type
|
99
125
|
assert_raises(ArgumentError) do
|
100
126
|
AaaAuthorizationService.new(:none, 'default')
|
101
127
|
end
|
102
128
|
end
|
103
129
|
|
104
|
-
def
|
130
|
+
def test_nil_type
|
105
131
|
assert_raises(TypeError) do
|
106
132
|
AaaAuthorizationService.new(nil, 'default')
|
107
133
|
end
|
108
134
|
end
|
109
135
|
|
110
|
-
def
|
136
|
+
def test_type_inv
|
111
137
|
assert_raises(TypeError) do
|
112
138
|
AaaAuthorizationService.new('test', 'default')
|
113
139
|
end
|
114
140
|
end
|
115
141
|
|
116
|
-
def
|
142
|
+
def test_range_type_inv
|
117
143
|
assert_raises(TypeError) do
|
118
144
|
AaaAuthorizationService.new(34, 'default')
|
119
145
|
end
|
120
146
|
end
|
121
147
|
|
122
|
-
def
|
148
|
+
def test_svc_inv
|
123
149
|
assert_raises(ArgumentError) do
|
124
150
|
AaaAuthorizationService.new(:commands, 'test')
|
125
151
|
end
|
126
152
|
end
|
127
153
|
|
128
|
-
def
|
154
|
+
def test_empty_svc
|
129
155
|
assert_raises(ArgumentError) do
|
130
156
|
AaaAuthorizationService.new(:commands, '')
|
131
157
|
end
|
132
158
|
end
|
133
159
|
|
134
|
-
def
|
160
|
+
def test_cmds_def
|
135
161
|
aaa_a_service = AaaAuthorizationService.new(:commands, 'default')
|
136
162
|
refute_nil(aaa_a_service,
|
137
163
|
'Error: AaaAuthorizationService creating commands default')
|
138
164
|
aaa_a_service.destroy unless aaa_a_service.nil?
|
139
165
|
end
|
140
166
|
|
141
|
-
def
|
167
|
+
def test_cmds_con
|
142
168
|
aaa_a_service = AaaAuthorizationService.new(:commands, 'console')
|
143
169
|
refute_nil(aaa_a_service,
|
144
170
|
'Error: AaaAuthorizationService creating commands default')
|
145
171
|
aaa_a_service.destroy unless aaa_a_service.nil?
|
146
172
|
end
|
147
173
|
|
148
|
-
def
|
174
|
+
def test_cfg_cmds_def
|
149
175
|
aaa_a_service = AaaAuthorizationService.new(:config_commands, 'default')
|
150
176
|
refute_nil(aaa_a_service,
|
151
177
|
'Error: AaaAuthorizationService creating ' \
|
@@ -153,7 +179,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
153
179
|
aaa_a_service.destroy unless aaa_a_service.nil?
|
154
180
|
end
|
155
181
|
|
156
|
-
def
|
182
|
+
def test_cfg_cmds_con
|
157
183
|
aaa_a_service = AaaAuthorizationService.new(:config_commands, 'console')
|
158
184
|
refute_nil(aaa_a_service,
|
159
185
|
'Error: AaaAuthorizationService creating commands default')
|
@@ -174,11 +200,11 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
174
200
|
aaa_a_service.destroy
|
175
201
|
end
|
176
202
|
|
177
|
-
def
|
203
|
+
def test_collect_inv
|
178
204
|
assert_nil(AaaAuthorizationService.services['TEST'])
|
179
205
|
end
|
180
206
|
|
181
|
-
def
|
207
|
+
def test_collect_svc_cmds
|
182
208
|
type = :commands
|
183
209
|
collection = AaaAuthorizationService.services[type]
|
184
210
|
|
@@ -210,7 +236,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
210
236
|
end
|
211
237
|
end
|
212
238
|
|
213
|
-
def
|
239
|
+
def test_collect_svc_cfg_cmds
|
214
240
|
type = :config_commands
|
215
241
|
collection = AaaAuthorizationService.services[type]
|
216
242
|
|
@@ -241,7 +267,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
241
267
|
end
|
242
268
|
end
|
243
269
|
|
244
|
-
def
|
270
|
+
def test_type_cmds_def_con_grp
|
245
271
|
# Preconfig AAA Authorization
|
246
272
|
cmd1 = 'aaa authorization commands default group group2 group1 local'
|
247
273
|
cmd2 = 'aaa authorization commands console group group1 local'
|
@@ -278,7 +304,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
278
304
|
|
279
305
|
# only one of default or console can be configured at a time without
|
280
306
|
# locking the CLI
|
281
|
-
config("no #{cmd1}", cmd2)
|
307
|
+
config("no #{strip_local(cmd1)}", cmd2)
|
282
308
|
|
283
309
|
service = 'console'
|
284
310
|
aaa_a_service = collection[service]
|
@@ -290,11 +316,9 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
290
316
|
assert_equal(groups, aaa_a_service.groups,
|
291
317
|
'Error: Invalid AaaAuthorizationService groups for ' \
|
292
318
|
'console in collection')
|
293
|
-
|
294
|
-
config("no #{cmd2}")
|
295
319
|
end
|
296
320
|
|
297
|
-
def
|
321
|
+
def test_type_cfg_cmds_def_con_grp
|
298
322
|
# Preconfig AAA Authorization
|
299
323
|
cmd1 = 'aaa authorization config-commands default group group2 group1 local'
|
300
324
|
cmd2 = 'aaa authorization config-commands console group group1 local'
|
@@ -329,7 +353,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
329
353
|
'Error: Invalid AaaAuthorizationService groups ' \
|
330
354
|
'for default in collection')
|
331
355
|
|
332
|
-
config("no #{cmd1}", cmd2)
|
356
|
+
config("no #{strip_local(cmd1)}", cmd2)
|
333
357
|
|
334
358
|
service = 'console'
|
335
359
|
aaa_a_service = collection[service]
|
@@ -341,11 +365,9 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
341
365
|
assert_equal(groups, aaa_a_service.groups,
|
342
366
|
'Error: Invalid AaaAuthorizationService groups ' \
|
343
367
|
'for console in collection')
|
344
|
-
|
345
|
-
config("no #{cmd2}")
|
346
368
|
end
|
347
369
|
|
348
|
-
def
|
370
|
+
def test_get_def_method
|
349
371
|
type = :commands
|
350
372
|
aaa_a_service = AaaAuthorizationService.new(type, 'default')
|
351
373
|
assert_equal(:local, aaa_a_service.default_method,
|
@@ -373,7 +395,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
373
395
|
aaa_a_service.destroy
|
374
396
|
end
|
375
397
|
|
376
|
-
def
|
398
|
+
def test_collect_grps_cmds_def
|
377
399
|
type = :commands
|
378
400
|
aaa_a_service = AaaAuthorizationService.new(type, 'default')
|
379
401
|
|
@@ -389,8 +411,9 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
389
411
|
assert_equal(:unselected, aaa_a_service.method)
|
390
412
|
|
391
413
|
# Change the config to have different groups and method
|
392
|
-
|
393
|
-
"#{tacacs_groups[0]} #{tacacs_groups[3]} #{tacacs_groups[1]} local"
|
414
|
+
cmd0 = 'aaa authorization commands default group ' \
|
415
|
+
"#{tacacs_groups[0]} #{tacacs_groups[3]} #{tacacs_groups[1]} local"
|
416
|
+
config(cmd0)
|
394
417
|
|
395
418
|
conf_groups = [tacacs_groups[0], tacacs_groups[3], tacacs_groups[1]]
|
396
419
|
assert_equal(conf_groups, aaa_a_service.groups)
|
@@ -399,17 +422,18 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
399
422
|
# Mix default and console, but since our instance is for 'default'
|
400
423
|
# service we should only get 'default' groups and not 'console'
|
401
424
|
# groups.
|
402
|
-
|
403
|
-
|
404
|
-
|
405
|
-
|
406
|
-
|
425
|
+
cmd1 = 'aaa authorization commands default group ' \
|
426
|
+
"#{tacacs_groups.join(' ')} local"
|
427
|
+
cmd2 = 'aaa authorization commands console group ' \
|
428
|
+
"#{tacacs_groups[1..3].join(' ')} local"
|
429
|
+
|
430
|
+
config(cmd1, cmd2)
|
407
431
|
|
408
432
|
assert_equal(tacacs_groups, aaa_a_service.groups)
|
409
433
|
assert_equal(:local, aaa_a_service.method)
|
410
434
|
end
|
411
435
|
|
412
|
-
def
|
436
|
+
def test_collect_grps_cmds_con
|
413
437
|
type = :commands
|
414
438
|
aaa_a_service = AaaAuthorizationService.new(type, 'console')
|
415
439
|
|
@@ -423,8 +447,9 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
423
447
|
assert_equal(:unselected, aaa_a_service.method)
|
424
448
|
|
425
449
|
# Change the config to have different groups and method
|
426
|
-
|
427
|
-
"#{tacacs_groups[0]} #{tacacs_groups[3]} #{tacacs_groups[1]} local"
|
450
|
+
cmd0 = 'aaa authorization commands console group ' \
|
451
|
+
"#{tacacs_groups[0]} #{tacacs_groups[3]} #{tacacs_groups[1]} local"
|
452
|
+
config(cmd0)
|
428
453
|
|
429
454
|
conf_groups = [tacacs_groups[0], tacacs_groups[3], tacacs_groups[1]]
|
430
455
|
assert_equal(conf_groups, aaa_a_service.groups)
|
@@ -433,17 +458,17 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
433
458
|
# Mix default and console, but since our instance is for 'console'
|
434
459
|
# service we should only get 'console' groups and not 'default'
|
435
460
|
# groups.
|
436
|
-
|
461
|
+
cmd1 = 'aaa authorization commands console group ' \
|
437
462
|
"#{tacacs_groups.join(' ')} local"
|
438
|
-
|
463
|
+
cmd2 = 'aaa authorization commands default group ' \
|
439
464
|
"#{tacacs_groups[1..3].join(' ')} local"
|
440
|
-
config(
|
465
|
+
config(cmd1, cmd2)
|
441
466
|
|
442
467
|
assert_equal(tacacs_groups, aaa_a_service.groups)
|
443
468
|
assert_equal(:local, aaa_a_service.method)
|
444
469
|
end
|
445
470
|
|
446
|
-
def
|
471
|
+
def test_collect_grps_cfg_cmds_def
|
447
472
|
type = :config_commands
|
448
473
|
aaa_a_service = AaaAuthorizationService.new(type, 'default')
|
449
474
|
|
@@ -457,8 +482,9 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
457
482
|
assert_equal(:unselected, aaa_a_service.method)
|
458
483
|
|
459
484
|
# Change the config to have different groups and method
|
460
|
-
|
461
|
-
"#{tacacs_groups[0]} #{tacacs_groups[3]} #{tacacs_groups[1]} local"
|
485
|
+
cmd0 = 'aaa authorization config-commands default group ' \
|
486
|
+
"#{tacacs_groups[0]} #{tacacs_groups[3]} #{tacacs_groups[1]} local"
|
487
|
+
config(cmd0)
|
462
488
|
|
463
489
|
conf_groups = [tacacs_groups[0], tacacs_groups[3], tacacs_groups[1]]
|
464
490
|
assert_equal(conf_groups, aaa_a_service.groups)
|
@@ -467,17 +493,17 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
467
493
|
# Mix default and console, but since our instance is for 'default'
|
468
494
|
# service we should only get 'default' groups and not 'console'
|
469
495
|
# groups.
|
470
|
-
|
471
|
-
|
472
|
-
|
473
|
-
|
474
|
-
config(
|
496
|
+
cmd1 = 'aaa authorization config-commands default group ' \
|
497
|
+
"#{tacacs_groups.join(' ')} local"
|
498
|
+
cmd2 = 'aaa authorization config-commands console group ' \
|
499
|
+
"#{tacacs_groups[1..3].join(' ')} local"
|
500
|
+
config(cmd1, cmd2)
|
475
501
|
|
476
502
|
assert_equal(tacacs_groups, aaa_a_service.groups)
|
477
503
|
assert_equal(:local, aaa_a_service.method)
|
478
504
|
end
|
479
505
|
|
480
|
-
def
|
506
|
+
def test_collect_grps_cfg_cmds_con
|
481
507
|
type = :config_commands
|
482
508
|
aaa_a_service = AaaAuthorizationService.new(type, 'console')
|
483
509
|
|
@@ -491,8 +517,9 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
491
517
|
assert_equal(:unselected, aaa_a_service.method)
|
492
518
|
|
493
519
|
# Change the config to have different groups and method
|
494
|
-
|
495
|
-
"#{tacacs_groups[0]} #{tacacs_groups[3]} #{tacacs_groups[1]} local"
|
520
|
+
cmd0 = 'aaa authorization config-commands console group ' \
|
521
|
+
"#{tacacs_groups[0]} #{tacacs_groups[3]} #{tacacs_groups[1]} local"
|
522
|
+
config(cmd0)
|
496
523
|
|
497
524
|
conf_groups = [tacacs_groups[0], tacacs_groups[3], tacacs_groups[1]]
|
498
525
|
assert_equal(conf_groups, aaa_a_service.groups)
|
@@ -501,17 +528,17 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
501
528
|
# Mix default and console, but since our instance is for 'console'
|
502
529
|
# service we should only get 'console' groups and not 'default'
|
503
530
|
# groups.
|
504
|
-
|
505
|
-
|
506
|
-
|
507
|
-
|
508
|
-
config(
|
531
|
+
cmd1 = 'aaa authorization config-commands console group ' \
|
532
|
+
"#{tacacs_groups.join(' ')} local"
|
533
|
+
cmd2 = 'aaa authorization config-commands default group ' \
|
534
|
+
"#{tacacs_groups[1..3].join(' ')} local"
|
535
|
+
config(cmd1, cmd2)
|
509
536
|
|
510
537
|
assert_equal(tacacs_groups, aaa_a_service.groups)
|
511
538
|
assert_equal(:local, aaa_a_service.method)
|
512
539
|
end
|
513
540
|
|
514
|
-
def
|
541
|
+
def test_get_def_grps
|
515
542
|
groups = []
|
516
543
|
type = :commands
|
517
544
|
aaa_a_service = AaaAuthorizationService.new(type, 'default')
|
@@ -544,7 +571,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
544
571
|
aaa_a_service.destroy
|
545
572
|
end
|
546
573
|
|
547
|
-
def
|
574
|
+
def test_cmds_def_unselected_single
|
548
575
|
aaa_a_service = AaaAuthorizationService.new(:commands, 'default')
|
549
576
|
aaa_a_service.groups_method_set(tacacs_groups[0], :unselected)
|
550
577
|
|
@@ -552,7 +579,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
552
579
|
assert_show_match(command: show_cmd, pattern: p)
|
553
580
|
end
|
554
581
|
|
555
|
-
def
|
582
|
+
def test_cmds_def_unselected_multi
|
556
583
|
aaa_a_service = AaaAuthorizationService.new(:commands, 'default')
|
557
584
|
aaa_a_service.groups_method_set(tacacs_groups[0..2], :unselected)
|
558
585
|
|
@@ -560,7 +587,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
560
587
|
assert_show_match(command: show_cmd, pattern: p)
|
561
588
|
end
|
562
589
|
|
563
|
-
def
|
590
|
+
def test_cmds_def_local_multi
|
564
591
|
aaa_a_service = AaaAuthorizationService.new(:commands, 'default')
|
565
592
|
aaa_a_service.groups_method_set(tacacs_groups[0..2], :local)
|
566
593
|
|
@@ -568,7 +595,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
568
595
|
assert_show_match(command: show_cmd, pattern: p)
|
569
596
|
end
|
570
597
|
|
571
|
-
def
|
598
|
+
def test_cmds_def_all_def
|
572
599
|
aaa_a_service = AaaAuthorizationService.new(:commands, 'default')
|
573
600
|
method = aaa_a_service.default_method
|
574
601
|
groups = aaa_a_service.default_groups
|
@@ -578,7 +605,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
578
605
|
assert_show_match(command: show_cmd, pattern: p)
|
579
606
|
end
|
580
607
|
|
581
|
-
def
|
608
|
+
def test_cmds_con_unselected_single
|
582
609
|
aaa_a_service = AaaAuthorizationService.new(:commands, 'console')
|
583
610
|
aaa_a_service.groups_method_set(tacacs_groups[0], :unselected)
|
584
611
|
|
@@ -586,7 +613,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
586
613
|
assert_show_match(command: show_cmd, pattern: p)
|
587
614
|
end
|
588
615
|
|
589
|
-
def
|
616
|
+
def test_cmds_con_unselected_multi
|
590
617
|
aaa_a_service = AaaAuthorizationService.new(:commands, 'console')
|
591
618
|
aaa_a_service.groups_method_set(tacacs_groups[0..2], :unselected)
|
592
619
|
|
@@ -594,7 +621,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
594
621
|
assert_show_match(command: show_cmd, pattern: p)
|
595
622
|
end
|
596
623
|
|
597
|
-
def
|
624
|
+
def test_cmds_con_local_multi
|
598
625
|
aaa_a_service = AaaAuthorizationService.new(:commands, 'console')
|
599
626
|
aaa_a_service.groups_method_set(tacacs_groups[0..2], :local)
|
600
627
|
|
@@ -602,7 +629,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
602
629
|
assert_show_match(command: show_cmd, pattern: p)
|
603
630
|
end
|
604
631
|
|
605
|
-
def
|
632
|
+
def test_cmds_con_all_def
|
606
633
|
aaa_a_service = AaaAuthorizationService.new(:commands, 'console')
|
607
634
|
method = aaa_a_service.default_method
|
608
635
|
groups = aaa_a_service.default_groups
|
@@ -612,7 +639,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
612
639
|
assert_show_match(command: show_cmd, pattern: p)
|
613
640
|
end
|
614
641
|
|
615
|
-
def
|
642
|
+
def test_cfg_cmds_def_unselected_single
|
616
643
|
aaa_a_service = AaaAuthorizationService.new(:config_commands, 'default')
|
617
644
|
aaa_a_service.groups_method_set(tacacs_groups[0], :unselected)
|
618
645
|
|
@@ -620,7 +647,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
620
647
|
assert_show_match(command: show_cmd, pattern: p)
|
621
648
|
end
|
622
649
|
|
623
|
-
def
|
650
|
+
def test_cfg_cmds_def_unselected_multi
|
624
651
|
aaa_a_service = AaaAuthorizationService.new(:config_commands, 'default')
|
625
652
|
aaa_a_service.groups_method_set(tacacs_groups[0..2], :unselected)
|
626
653
|
|
@@ -628,7 +655,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
628
655
|
assert_show_match(command: show_cmd, pattern: p)
|
629
656
|
end
|
630
657
|
|
631
|
-
def
|
658
|
+
def test_cfg_cmds_def_local_multi
|
632
659
|
aaa_a_service = AaaAuthorizationService.new(:config_commands, 'default')
|
633
660
|
aaa_a_service.groups_method_set(tacacs_groups[0..2], :local)
|
634
661
|
|
@@ -636,7 +663,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
636
663
|
assert_show_match(command: show_cmd, pattern: p)
|
637
664
|
end
|
638
665
|
|
639
|
-
def
|
666
|
+
def test_cfg_cmds_def_all_def
|
640
667
|
aaa_a_service = AaaAuthorizationService.new(:config_commands, 'default')
|
641
668
|
|
642
669
|
method = aaa_a_service.default_method
|
@@ -647,7 +674,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
647
674
|
assert_show_match(command: show_cmd, pattern: p)
|
648
675
|
end
|
649
676
|
|
650
|
-
def
|
677
|
+
def test_cfg_cmds_con_unselected_single
|
651
678
|
aaa_a_service = AaaAuthorizationService.new(:config_commands, 'console')
|
652
679
|
aaa_a_service.groups_method_set(tacacs_groups[0], :unselected)
|
653
680
|
|
@@ -655,7 +682,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
655
682
|
assert_show_match(command: show_cmd, pattern: p)
|
656
683
|
end
|
657
684
|
|
658
|
-
def
|
685
|
+
def test_cfg_cmds_con_unselected_multi
|
659
686
|
aaa_a_service = AaaAuthorizationService.new(:config_commands, 'console')
|
660
687
|
aaa_a_service.groups_method_set(tacacs_groups[0..2], :unselected)
|
661
688
|
|
@@ -663,7 +690,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
663
690
|
assert_show_match(command: show_cmd, pattern: p)
|
664
691
|
end
|
665
692
|
|
666
|
-
def
|
693
|
+
def test_cfg_cmds_con_local_multi
|
667
694
|
aaa_a_service = AaaAuthorizationService.new(:config_commands, 'console')
|
668
695
|
aaa_a_service.groups_method_set(tacacs_groups[0..2], :local)
|
669
696
|
|
@@ -671,7 +698,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
671
698
|
assert_show_match(command: show_cmd, pattern: p)
|
672
699
|
end
|
673
700
|
|
674
|
-
def
|
701
|
+
def test_cfg_cmds_con_all_def
|
675
702
|
aaa_a_service = AaaAuthorizationService.new(:config_commands, 'console')
|
676
703
|
method = aaa_a_service.default_method
|
677
704
|
groups = aaa_a_service.default_groups
|
@@ -681,7 +708,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
681
708
|
assert_show_match(command: show_cmd, pattern: p)
|
682
709
|
end
|
683
710
|
|
684
|
-
def
|
711
|
+
def test_cmds_grps_method_set_inv
|
685
712
|
# Commands, with service default
|
686
713
|
type = :commands
|
687
714
|
service = 'default'
|
@@ -725,7 +752,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
725
752
|
aaa_a_service.destroy
|
726
753
|
end
|
727
754
|
|
728
|
-
def
|
755
|
+
def test_cfg_cmds_set_grps_inv
|
729
756
|
# Commands, with service default
|
730
757
|
type = :config_commands
|
731
758
|
service = 'default'
|
@@ -769,7 +796,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
769
796
|
aaa_a_service.destroy
|
770
797
|
end
|
771
798
|
|
772
|
-
def
|
799
|
+
def test_cmds_method_inv
|
773
800
|
# Commands, with service default
|
774
801
|
type = :commands
|
775
802
|
service = 'default'
|
@@ -807,7 +834,7 @@ class TestAaaAuthorizationService < CiscoTestCase
|
|
807
834
|
aaa_a_service.destroy
|
808
835
|
end
|
809
836
|
|
810
|
-
def
|
837
|
+
def test_cfg_cmds_method_inv
|
811
838
|
# Commands, with service default
|
812
839
|
type = :config_commands
|
813
840
|
service = 'default'
|