cisco_node_utils 1.3.0 → 1.4.0

data/tests/test_stp_global.rb

@@ -24,7 +24,7 @@ class TestStpGlobal < CiscoTestCase
   def setup
     super
     config 'no spanning-tree mode'
-    config 'system bridge-domain none' if /N7/ =~ node.product_id
+    remove_all_vlans
     @intf = Interface.new(interfaces[0])
 
     # Only pre-clean interface on initial setup
@@ -35,7 +35,7 @@ class TestStpGlobal < CiscoTestCase
 
   def teardown
     config 'no spanning-tree mode'
-    config 'system bridge-domain none' if /N7/ =~ node.product_id
+    remove_all_vlans
     super
   end
 
@@ -419,7 +419,7 @@ class TestStpGlobal < CiscoTestCase
                  global.vlan_designated_priority)
   end
 
-  def test_interface_stp_bpdufilter_change
+  def test_intf_stp_bpdufilter_change
     @intf.stp_bpdufilter = 'enable'
     assert_equal('enable', @intf.stp_bpdufilter)
     @intf.stp_bpdufilter = 'disable'
@@ -429,7 +429,7 @@ class TestStpGlobal < CiscoTestCase
                  @intf.stp_bpdufilter)
   end
 
-  def test_interface_stp_bpduguard_change
+  def test_intf_stp_bpduguard_change
     @intf.stp_bpduguard = 'enable'
     assert_equal('enable', @intf.stp_bpduguard)
     @intf.stp_bpduguard = 'disable'
@@ -439,7 +439,7 @@ class TestStpGlobal < CiscoTestCase
                  @intf.stp_bpduguard)
   end
 
-  def test_interface_stp_cost_change
+  def test_intf_stp_cost_change
     @intf.stp_cost = 2000
     assert_equal(2000, @intf.stp_cost)
     @intf.stp_cost = @intf.default_stp_cost
@@ -447,7 +447,7 @@ class TestStpGlobal < CiscoTestCase
                  @intf.stp_cost)
   end
 
-  def test_interface_stp_guard_change
+  def test_intf_stp_guard_change
     @intf.stp_guard = 'loop'
     assert_equal('loop', @intf.stp_guard)
     @intf.stp_guard = 'none'
@@ -459,7 +459,7 @@ class TestStpGlobal < CiscoTestCase
                  @intf.stp_guard)
   end
 
-  def test_interface_stp_link_type_change
+  def test_intf_stp_link_type_change
     @intf.stp_link_type = 'shared'
     assert_equal('shared', @intf.stp_link_type)
     @intf.stp_link_type = 'point-to-point'
@@ -469,7 +469,7 @@ class TestStpGlobal < CiscoTestCase
                  @intf.stp_link_type)
   end
 
-  def test_interface_stp_port_priority_change
+  def test_intf_stp_port_priority_change
     @intf.stp_port_priority = 32
     assert_equal(32, @intf.stp_port_priority)
     @intf.stp_port_priority = @intf.default_stp_port_priority
@@ -477,7 +477,7 @@ class TestStpGlobal < CiscoTestCase
                  @intf.stp_port_priority)
   end
 
-  def test_interface_stp_port_type_change
+  def test_intf_stp_port_type_change
     @intf.switchport_mode = :disabled
     @intf.switchport_mode = :trunk
     @intf.stp_port_type = 'edge'
@@ -493,7 +493,7 @@ class TestStpGlobal < CiscoTestCase
                  @intf.stp_port_type)
   end
 
-  def test_interface_stp_mst_cost_change
+  def test_intf_stp_mst_cost_change
     @intf.stp_mst_cost = @intf.default_stp_mst_cost
     assert_equal(@intf.default_stp_mst_cost,
                  @intf.stp_mst_cost)
@@ -505,7 +505,7 @@ class TestStpGlobal < CiscoTestCase
                  @intf.stp_mst_cost)
   end
 
-  def test_interface_stp_mst_port_priority_change
+  def test_intf_stp_mst_port_priority_change
     @intf.stp_mst_port_priority = @intf.default_stp_mst_port_priority
     assert_equal(@intf.default_stp_mst_port_priority,
                  @intf.stp_mst_port_priority)
@@ -517,7 +517,7 @@ class TestStpGlobal < CiscoTestCase
                  @intf.stp_mst_port_priority)
   end
 
-  def test_interface_stp_vlan_cost_change
+  def test_intf_stp_vlan_cost_change
     @intf.stp_vlan_cost = @intf.default_stp_vlan_cost
     assert_equal(@intf.default_stp_vlan_cost,
                  @intf.stp_vlan_cost)
@@ -529,7 +529,7 @@ class TestStpGlobal < CiscoTestCase
                  @intf.stp_vlan_cost)
   end
 
-  def test_interface_stp_vlan_port_priority_change
+  def test_intf_stp_vlan_port_priority_change
     @intf.stp_vlan_port_priority = @intf.default_stp_vlan_port_priority
     assert_equal(@intf.default_stp_vlan_port_priority,
                  @intf.stp_vlan_port_priority)
@@ -541,7 +541,7 @@ class TestStpGlobal < CiscoTestCase
                  @intf.stp_vlan_port_priority)
   end
 
-  def test_interface_stp_props_switchport_disabled
+  def test_intf_stp_props_switchport_disabled
     @intf.switchport_enable(false)
     proplist = {
       'bpdufilter'         => 'enable',
@@ -555,7 +555,7 @@ class TestStpGlobal < CiscoTestCase
       'vlan_port_priority' => [%w(2-4,6,8-12 224), %w(14 32)],
     }
     proplist.each do |k, v|
-      assert_raises(RuntimeError, 'foo') do
+      assert_raises(RuntimeError, "#{@intf}: #{k} => #{v}") do
         @intf.send("stp_#{k}=", v)
       end
     end

data/tests/test_syslog_settings.rb

@@ -41,7 +41,7 @@ class TestSyslogSettings < CiscoTestCase
 
   # TESTS
 
-  def test_syslogsettings_create
+  def test_create
     syslog_setting = Cisco::SyslogSettings.new('default')
 
     if platform == :ios_xr

data/tests/test_tacacs_global.rb

@@ -0,0 +1,80 @@
+#
+# Minitest for TacacsGlobal class
+#
+# Copyright (c) 2014-2016 Cisco and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative 'ciscotest'
+require_relative '../lib/cisco_node_utils/tacacs_global'
+
+# TestTacacsGlobal - Minitest for TacacsGlobal node utility.
+class TestTacacsGlobal < CiscoTestCase
+  @skip_unless_supported = 'tacacs_global'
+
+  def setup
+    # setup runs at the beginning of each test
+    super
+    config_no_warn('no feature tacacs+') if platform == :nexus
+    no_tacacs_global if platform == :ios_xr
+  end
+
+  def teardown
+    # teardown runs at the end of each test
+    no_tacacs_global
+    config_no_warn('no feature tacacs+') if platform == :nexus
+    super
+  end
+
+  def no_tacacs_global
+    # Turn the feature off for a clean test.
+    config('no tacacs-server timeout 2')
+  end
+
+  # TESTS
+
+  def test_tacacs_global
+    id = 'default'
+
+    global = Cisco::TacacsGlobal.new(id)
+    assert_includes(Cisco::TacacsGlobal.tacacs_global, id)
+    assert_equal(global, Cisco::TacacsGlobal.tacacs_global[id])
+
+    # Default Checking
+    assert_equal(global.default_timeout, global.timeout)
+
+    global.timeout = 5
+    assert_equal(5, Cisco::TacacsGlobal.tacacs_global[id].timeout)
+    assert_equal(5, global.timeout)
+
+    # first change
+    key_format = 0
+    key = 'TEST_NEW'
+    global.encryption_key_set(key_format, key)
+    assert(!global.key.nil?)
+    assert(key_format, global.key_format)
+
+    # second change
+    key_format = 6
+
+    # Must use a valid type6 password: CSCvb36266
+    key = 'JDYkqyIFWeBvzpljSfWmRZrmRSRE8'
+    global.encryption_key_set(key_format, key)
+    assert(!global.key.nil?)
+    assert(key_format, global.key_format)
+
+    # Setting back to default and re-checking
+    global.timeout = global.default_timeout
+    assert_equal(global.default_timeout, global.timeout)
+  end
+end

data/tests/test_tacacs_server.rb

@@ -21,28 +21,39 @@ class TestTacacsServer < CiscoTestCase
 
   def assert_tacacsserver_feature
     assert_show_match(command: 'show run all | no-more',
-                      pattern: /feature tacacs\+/)
+                      pattern: /feature tacacs\+/) if platform == :nexus
   end
 
   def refute_tacacsserver_feature
     refute_show_match(command: 'show run all | no-more',
-                      pattern: /feature tacacs\+/)
+                      pattern: /feature tacacs\+/) if platform == :nexus
   end
 
   def setup
     super
-    # Most commands appear under 'show run tacacs all' but the
-    # 'directed-request' command is under 'show run aaa all'
-    @default_show_command = 'show run tacacs all | no-more ; ' \
-                            'show run aaa all | no-more'
-    config_no_warn('no feature tacacs+')
+    if platform == :nexus
+      # Most commands appear under 'show run tacacs all' but the
+      # 'directed-request' command is under 'show run aaa all'
+      @default_show_command = 'show run tacacs all | no-more ; ' \
+                              'show run aaa all | no-more'
+      config_no_warn('no feature tacacs+')
+
+    elsif platform == :ios_xr
+      @default_show_command = 'show running-config tacacs-server'
+      no_tacacs_global
+    end
   end
 
   def teardown
-    config_no_warn('no feature tacacs+')
+    config_no_warn('no feature tacacs+') if platform == :nexus
     super
   end
 
+  def no_tacacs_global
+    # Turn the feature off for a clean test.
+    config('no tacacs-server timeout 2')
+  end
+
   def test_create_valid
     tacacs = TacacsServer.new
     assert_tacacsserver_feature
@@ -50,34 +61,53 @@ class TestTacacsServer < CiscoTestCase
   end
 
   def test_get_encryption_type
-    config_no_warn('feature tacacs+')
-    encryption_type = TACACS_SERVER_ENC_UNKNOWN
-    # Get encryption password when not configured
-    tacacs = TacacsServer.new
-    assert_equal(encryption_type,
-                 tacacs.encryption_type,
-                 'Error: Tacacs Server, encryption type incorrect')
-    tacacs.destroy
-
-    # Get encryption password when configured
-    encryption_type = TACACS_SERVER_ENC_NONE
-    # This one is needed since the 'sh run' will always display the type
-    # differently than the used encryption config type.
-    sh_run_encryption_type = TACACS_SERVER_ENC_CISCO_TYPE_7
-    config('feature tacacs+', "tacacs-server key #{encryption_type} TEST")
-
-    tacacs = TacacsServer.new
-    assert_equal(sh_run_encryption_type,
-                 tacacs.encryption_type,
-                 'Error: Tacacs Server, encryption type incorrect')
-
-    encryption_type = TACACS_SERVER_ENC_CISCO_TYPE_7
-    config("tacacs-server key #{encryption_type} TEST")
-
-    assert_equal(sh_run_encryption_type,
-                 tacacs.encryption_type,
-                 'Error: Tacacs Server, encryption type incorrect')
-    tacacs.destroy
+    if platform == :nexus
+      config_no_warn('feature tacacs+')
+
+      # The tacacs-server key is 'sticky'.
+      # If a key is configured it will remain configured even if
+      # the tacacs feature is disabled so to be safe go ahead
+      # and remove any key that might exist before the test.d
+      config_no_warn('no tacacs-server key')
+
+      encryption_type = TACACS_SERVER_ENC_UNKNOWN
+      # Get encryption password when not configured
+      tacacs = TacacsServer.new
+      assert_equal(encryption_type,
+                   tacacs.encryption_type,
+                   'Error: Tacacs Server, encryption type incorrect')
+      tacacs.destroy
+
+      # Get encryption password when configured
+      encryption_type = TACACS_SERVER_ENC_NONE
+      # This one is needed since the 'sh run' will always display the type
+      # differently than the used encryption config type.
+      sh_run_encryption_type = TACACS_SERVER_ENC_CISCO_TYPE_7
+      config('feature tacacs+', "tacacs-server key #{encryption_type} TEST")
+
+      tacacs = TacacsServer.new
+      assert_equal(sh_run_encryption_type,
+                   tacacs.encryption_type,
+                   'Error: Tacacs Server, encryption type incorrect')
+
+      encryption_type = TACACS_SERVER_ENC_CISCO_TYPE_7
+      config("tacacs-server key #{encryption_type} TEST")
+
+      assert_equal(sh_run_encryption_type,
+                   tacacs.encryption_type,
+                   'Error: Tacacs Server, encryption type incorrect')
+      tacacs.destroy
+    elsif platform == :ios_xr
+      encryption_type = TACACS_SERVER_ENC_NONE
+      sh_run_encryption_type = TACACS_SERVER_ENC_CISCO_TYPE_7
+      config("tacacs-server key #{encryption_type} TEST")
+
+      tacacs = TacacsServer.new
+      assert_equal(sh_run_encryption_type,
+                   tacacs.encryption_type,
+                   'Error: Tacacs Server, encryption type incorrect')
+      tacacs.destroy
+    end
   end
 
   def test_get_default_encryption
@@ -88,6 +118,8 @@ class TestTacacsServer < CiscoTestCase
   end
 
   def test_get_encryption_password
+    config('no tacacs-server key') if platform == :ios_xr
+
     tacacs = TacacsServer.new
     assert_equal(node.config_get_default('tacacs_server',
                                          'encryption_password'),
@@ -100,11 +132,23 @@ class TestTacacsServer < CiscoTestCase
     encryption_type = TACACS_SERVER_ENC_NONE
     # This one is needed since the 'sh run' will always display the password
     # differently than the used encryption config type.
-    config('feature tacacs+', "tacacs-server key #{encryption_type} TEST")
+    if platform == :nexus
+      config('feature tacacs+', "tacacs-server key #{encryption_type} TEST")
+    elsif platform == :ios_xr
+      config("tacacs-server key #{encryption_type} TEST")
+    end
     tacacs = TacacsServer.new
-    assert_equal(sh_run_encryption_password,
-                 tacacs.encryption_password,
-                 'Error: Tacacs Server, encryption password incorrect')
+
+    if platform == :nexus
+      assert_equal(sh_run_encryption_password,
+                   tacacs.encryption_password,
+                   'Error: Tacacs Server, encryption password incorrect')
+    elsif platform == :ios_xr
+      # When a password is set on ios_xr it is always encrypted,
+      # even as a return value, hence here checking for not nil.
+      assert(!tacacs.encryption_password.nil?)
+    end
+
     tacacs.destroy
   end
 
@@ -125,9 +169,15 @@ class TestTacacsServer < CiscoTestCase
     tacacs = TacacsServer.new
     tacacs.encryption_key_set(enc_type, password)
     # Get the password from the running config since its encoded
-    line = assert_show_match(
-      pattern: /tacacs-server key\s#{sh_run_encryption_type}\s".*"/,
-      msg:     'Error: Tacacs Server, key not configured')
+    if platform == :nexus
+      line = assert_show_match(
+        pattern: /tacacs-server key\s#{sh_run_encryption_type}\s".*"/,
+        msg:     'Error: Tacacs Server, key not configured')
+    elsif platform == :ios_xr
+      line = assert_show_match(
+        pattern: /tacacs-server key\s#{sh_run_encryption_type}\s.*/,
+        msg:     'Error: Tacacs Server, key not configured')
+    end
     # Extract encrypted password, and git rid of the "" around the pasword
     md = line.to_s
     encrypted_password = md.to_s.split(' ').last.tr('\"', '')
@@ -150,16 +200,27 @@ class TestTacacsServer < CiscoTestCase
 
     tacacs = TacacsServer.new
     tacacs.encryption_key_set(enc_type, password)
-    assert_show_match(
-      pattern: /tacacs-server key\s#{sh_run_encryption_type}\s".*"/,
-      msg:     'Error: Tacacs Server, key not configured')
-
+    if platform == :nexus
+      assert_show_match(
+        pattern: /tacacs-server key\s#{sh_run_encryption_type}\s".*"/,
+        msg:     'Error: Tacacs Server, key not configured')
+    elsif platform == :ios_xr
+      assert_show_match(
+        pattern: /tacacs-server key\s#{sh_run_encryption_type}\s.*/,
+        msg:     'Error: Tacacs Server, key not configured')
+    end
     enc_type = TACACS_SERVER_ENC_UNKNOWN
     password = ''
     tacacs.encryption_key_set(enc_type, password)
-    refute_show_match(
-      pattern: /tacacs-server key\s#{sh_run_encryption_type}\s".*"/,
-      msg:     'Error: Tacacs Server, key configured')
+    if platform == :nexus
+      refute_show_match(
+        pattern: /tacacs-server key\s#{sh_run_encryption_type}\s".*"/,
+        msg:     'Error: Tacacs Server, key configured')
+    elsif platform == :ios_xr
+      refute_show_match(
+        pattern: /tacacs-server key\s#{sh_run_encryption_type}\s.*/,
+        msg:     'Error: Tacacs Server, key configured')
+    end
     tacacs.destroy
   end
 
@@ -197,7 +258,9 @@ class TestTacacsServer < CiscoTestCase
                  'Error: Tacacs Server, timeout value incorrect')
 
     # Invalid case
-    timeout = 80
+    timeout = 80 if platform == :nexus
+    timeout = 80_000 if platform == :ios_xr
+
     assert_raises(Cisco::CliError) do
       tacacs.timeout = timeout
     end
@@ -205,6 +268,8 @@ class TestTacacsServer < CiscoTestCase
   end
 
   def test_get_deadtime
+    return if validate_property_excluded?('tacacs_server', 'deadtime')
+
     tacacs = TacacsServer.new
     deadtime = node.config_get_default('tacacs_server', 'deadtime')
     assert_equal(deadtime, tacacs.deadtime,
@@ -218,12 +283,15 @@ class TestTacacsServer < CiscoTestCase
   end
 
   def test_get_default_deadtime
+    return if validate_property_excluded?('tacacs_server', 'deadtime')
+
     assert_equal(node.config_get_default('tacacs_server', 'deadtime'),
                  TacacsServer.default_deadtime,
                  'Error: Tacacs Server, default deadtime incorrect')
   end
 
   def test_set_deadtime
+    return if validate_property_excluded?('tacacs_server', 'deadtime')
     deadtime = 1250
 
     tacacs = TacacsServer.new
@@ -244,6 +312,8 @@ class TestTacacsServer < CiscoTestCase
   end
 
   def test_get_directed_request
+    return if validate_property_excluded?('tacacs_server', 'deadtime')
+
     config('feature tacacs', 'tacacs-server directed-request')
     tacacs = TacacsServer.new
     assert(tacacs.directed_request?,
@@ -256,12 +326,14 @@ class TestTacacsServer < CiscoTestCase
   end
 
   def test_get_default_directed_request
+    return if validate_property_excluded?('tacacs_server', 'deadtime')
     assert_equal(node.config_get_default('tacacs_server', 'directed_request'),
                  TacacsServer.default_directed_request,
                  'Error: Tacacs Server, default directed-request incorrect')
   end
 
   def test_set_directed_request
+    return if validate_property_excluded?('tacacs_server', 'deadtime')
     config('feature tacacs', 'tacacs-server directed-request')
     state = true
     tacacs = TacacsServer.new
@@ -300,6 +372,8 @@ class TestTacacsServer < CiscoTestCase
   end
 
   def test_get_source_interface
+    return if validate_property_excluded?('tacacs_server', 'deadtime')
+
     config_no_warn('no ip tacacs source-interface')
     tacacs = TacacsServer.new
     intf = node.config_get_default('tacacs_server', 'source_interface')
@@ -314,12 +388,16 @@ class TestTacacsServer < CiscoTestCase
   end
 
   def test_get_default_source_interface
+    return if validate_property_excluded?('tacacs_server', 'deadtime')
+
     assert_equal(node.config_get_default('tacacs_server', 'source_interface'),
                  TacacsServer.default_source_interface,
                  'Error: Tacacs Server, default source-interface incorrect')
   end
 
   def test_set_source_interface
+    return if validate_property_excluded?('tacacs_server', 'deadtime')
+
     config('feature tacacs+', 'no ip tacacs source-int')
     intf = node.config_get_default('tacacs_server', 'source_interface')
     tacacs = TacacsServer.new