cisco_node_utils 1.3.0 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/CHANGELOG.md +66 -0
- data/Gemfile +1 -0
- data/README.md +44 -43
- data/bin/.rubocop.yml +18 -0
- data/bin/show_running_yang.rb +233 -0
- data/cisco_node_utils.gemspec +1 -1
- data/docs/README-maintainers.md +1 -0
- data/docs/README-utilities.md +14 -0
- data/lib/.rubocop.yml +1 -1
- data/lib/cisco_node_utils/aaa_authentication_login_service.rb +8 -3
- data/lib/cisco_node_utils/aaa_authorization_service.rb +6 -0
- data/lib/cisco_node_utils/bfd_global.rb +300 -0
- data/lib/cisco_node_utils/bgp.rb +6 -4
- data/lib/cisco_node_utils/bgp_af.rb +2 -0
- data/lib/cisco_node_utils/bgp_neighbor.rb +14 -0
- data/lib/cisco_node_utils/bgp_neighbor_af.rb +4 -1
- data/lib/cisco_node_utils/cisco_cmn_utils.rb +126 -0
- data/lib/cisco_node_utils/client/client.rb +6 -2
- data/lib/cisco_node_utils/client/grpc/client.rb +120 -36
- data/lib/cisco_node_utils/client/nxapi/client.rb +6 -2
- data/lib/cisco_node_utils/cmd_ref/DEPRECATED.yaml +118 -0
- data/lib/cisco_node_utils/cmd_ref/aaa_authorization_service.yaml +14 -0
- data/lib/cisco_node_utils/cmd_ref/bfd_global.yaml +117 -0
- data/lib/cisco_node_utils/cmd_ref/bgp.yaml +7 -7
- data/lib/cisco_node_utils/cmd_ref/bgp_neighbor.yaml +7 -0
- data/lib/cisco_node_utils/cmd_ref/dhcp_relay_global.yaml +125 -0
- data/lib/cisco_node_utils/cmd_ref/feature.yaml +10 -0
- data/lib/cisco_node_utils/cmd_ref/interface.yaml +141 -49
- data/lib/cisco_node_utils/cmd_ref/interface_ospf.yaml +44 -0
- data/lib/cisco_node_utils/cmd_ref/interface_portchannel.yaml +6 -0
- data/lib/cisco_node_utils/cmd_ref/ospf.yaml +6 -0
- data/lib/cisco_node_utils/cmd_ref/ospf_area.yaml +91 -0
- data/lib/cisco_node_utils/cmd_ref/ospf_area_vlink.yaml +88 -0
- data/lib/cisco_node_utils/cmd_ref/overlay_global.yaml +0 -3
- data/lib/cisco_node_utils/cmd_ref/show_version.yaml +3 -3
- data/lib/cisco_node_utils/cmd_ref/snmp_community.yaml +39 -15
- data/lib/cisco_node_utils/cmd_ref/snmp_notification_receiver.yaml +43 -21
- data/lib/cisco_node_utils/cmd_ref/snmp_server.yaml +48 -19
- data/lib/cisco_node_utils/cmd_ref/snmp_user.yaml +0 -0
- data/lib/cisco_node_utils/cmd_ref/tacacs_global.yaml +30 -0
- data/lib/cisco_node_utils/cmd_ref/tacacs_server.yaml +18 -6
- data/lib/cisco_node_utils/cmd_ref/vdc.yaml +4 -0
- data/lib/cisco_node_utils/cmd_ref/virtual_service.yaml +1 -0
- data/lib/cisco_node_utils/cmd_ref/vlan.yaml +23 -10
- data/lib/cisco_node_utils/cmd_ref/vxlan_vtep.yaml +8 -2
- data/lib/cisco_node_utils/cmd_ref/yang.yaml +7 -0
- data/lib/cisco_node_utils/cmd_ref/yum.yaml +10 -1
- data/lib/cisco_node_utils/constants.rb +8 -1
- data/lib/cisco_node_utils/dhcp_relay_global.rb +302 -0
- data/lib/cisco_node_utils/exceptions.rb +29 -0
- data/lib/cisco_node_utils/feature.rb +28 -0
- data/lib/cisco_node_utils/interface.rb +493 -402
- data/lib/cisco_node_utils/interface_DEPRECATED.rb +513 -0
- data/lib/cisco_node_utils/interface_ospf.rb +126 -0
- data/lib/cisco_node_utils/interface_portchannel.rb +16 -0
- data/lib/cisco_node_utils/logger.rb +3 -0
- data/lib/cisco_node_utils/node.rb +29 -1
- data/lib/cisco_node_utils/overlay_global.rb +1 -12
- data/lib/cisco_node_utils/pim.rb +1 -0
- data/lib/cisco_node_utils/pim_group_list.rb +1 -0
- data/lib/cisco_node_utils/pim_rp_address.rb +1 -0
- data/lib/cisco_node_utils/platform.rb +9 -2
- data/lib/cisco_node_utils/router_ospf.rb +1 -1
- data/lib/cisco_node_utils/router_ospf_area.rb +416 -0
- data/lib/cisco_node_utils/router_ospf_area_vlink.rb +313 -0
- data/lib/cisco_node_utils/router_ospf_vrf.rb +17 -0
- data/lib/cisco_node_utils/snmp_notification_receiver.rb +27 -9
- data/lib/cisco_node_utils/snmpcommunity.rb +34 -8
- data/lib/cisco_node_utils/snmpserver.rb +4 -4
- data/lib/cisco_node_utils/snmpuser.rb +0 -0
- data/lib/cisco_node_utils/tacacs_global.rb +102 -0
- data/lib/cisco_node_utils/tacacs_server.rb +8 -7
- data/lib/cisco_node_utils/vdc.rb +25 -7
- data/lib/cisco_node_utils/version.rb +1 -1
- data/lib/cisco_node_utils/vlan.rb +30 -56
- data/lib/cisco_node_utils/vlan_DEPRECATED.rb +108 -0
- data/lib/cisco_node_utils/yang.rb +160 -0
- data/lib/cisco_node_utils/yum.rb +25 -32
- data/tests/.rubocop.yml +3 -0
- data/tests/ciscotest.rb +136 -19
- data/tests/cmd_config_invalid.yaml +1 -1
- data/tests/noop.rb +7 -0
- data/tests/tacacs_server.yaml.example +6 -0
- data/tests/test_aaa_authentication_login.rb +24 -1
- data/tests/test_aaa_authentication_login_service.rb +9 -16
- data/tests/test_aaa_authorization_service.rb +111 -84
- data/tests/test_bfd_global.rb +278 -0
- data/tests/test_bgp_neighbor.rb +20 -0
- data/tests/test_bridge_domain_vni.rb +2 -9
- data/tests/test_cmn_utils.rb +76 -0
- data/tests/test_dhcp_relay_global.rb +284 -0
- data/tests/test_dns_domain.rb +4 -4
- data/tests/test_domain_name.rb +2 -2
- data/tests/test_encapsulation.rb +2 -4
- data/tests/test_evpn_vni.rb +14 -7
- data/tests/test_fabricpath_global.rb +12 -13
- data/tests/test_feature.rb +35 -17
- data/tests/test_interface.rb +352 -127
- data/tests/test_interface_bdi.rb +2 -2
- data/tests/test_interface_channel_group.rb +1 -1
- data/tests/test_interface_ospf.rb +153 -23
- data/tests/test_interface_portchannel.rb +15 -6
- data/tests/test_interface_private_vlan.rb +200 -576
- data/tests/test_interface_svi.rb +5 -52
- data/tests/test_interface_switchport.rb +80 -240
- data/tests/test_itd_device_group.rb +2 -2
- data/tests/test_itd_device_group_node.rb +2 -2
- data/tests/test_itd_service.rb +1 -1
- data/tests/test_name_server.rb +3 -3
- data/tests/test_node_ext.rb +15 -17
- data/tests/test_ntp_config.rb +1 -1
- data/tests/test_ntp_server.rb +3 -3
- data/tests/test_nxapi.rb +1 -0
- data/tests/test_overlay_global.rb +15 -19
- data/tests/test_pim.rb +5 -5
- data/tests/test_pim_group_list.rb +1 -37
- data/tests/test_pim_rp_address.rb +1 -1
- data/tests/test_platform.rb +9 -11
- data/tests/test_portchannel_global.rb +43 -3
- data/tests/test_radius_server.rb +1 -1
- data/tests/test_radius_server_group.rb +1 -1
- data/tests/test_router_bgp.rb +17 -30
- data/tests/test_router_ospf_area.rb +433 -0
- data/tests/test_router_ospf_area_vlink.rb +298 -0
- data/tests/test_router_ospf_vrf.rb +17 -0
- data/tests/test_snmp_notification_receiver.rb +11 -11
- data/tests/test_snmpcommunity.rb +177 -69
- data/tests/test_snmpgroup.rb +7 -7
- data/tests/test_snmpserver.rb +164 -253
- data/tests/test_snmpuser.rb +73 -69
- data/tests/test_stp_global.rb +15 -15
- data/tests/test_syslog_settings.rb +1 -1
- data/tests/test_tacacs_global.rb +80 -0
- data/tests/test_tacacs_server.rb +129 -51
- data/tests/test_tacacs_server_group.rb +3 -29
- data/tests/test_tacacs_server_host.rb +24 -27
- data/tests/test_vlan.rb +57 -59
- data/tests/test_vlan_private.rb +271 -284
- data/tests/test_vpc.rb +10 -4
- data/tests/test_vrf.rb +2 -0
- data/tests/test_vrf_af.rb +2 -5
- data/tests/test_vtp.rb +5 -2
- data/tests/test_vxlan_vtep.rb +20 -44
- data/tests/test_vxlan_vtep_vni.rb +23 -16
- data/tests/test_yang.rb +369 -0
- data/tests/test_yum.rb +34 -42
- data/tests/yum_package.yaml +35 -0
- metadata +31 -4
- data/tests/test_vlan_mt_full.rb +0 -85
data/tests/test_stp_global.rb
CHANGED
@@ -24,7 +24,7 @@ class TestStpGlobal < CiscoTestCase
|
|
24
24
|
def setup
|
25
25
|
super
|
26
26
|
config 'no spanning-tree mode'
|
27
|
-
|
27
|
+
remove_all_vlans
|
28
28
|
@intf = Interface.new(interfaces[0])
|
29
29
|
|
30
30
|
# Only pre-clean interface on initial setup
|
@@ -35,7 +35,7 @@ class TestStpGlobal < CiscoTestCase
|
|
35
35
|
|
36
36
|
def teardown
|
37
37
|
config 'no spanning-tree mode'
|
38
|
-
|
38
|
+
remove_all_vlans
|
39
39
|
super
|
40
40
|
end
|
41
41
|
|
@@ -419,7 +419,7 @@ class TestStpGlobal < CiscoTestCase
|
|
419
419
|
global.vlan_designated_priority)
|
420
420
|
end
|
421
421
|
|
422
|
-
def
|
422
|
+
def test_intf_stp_bpdufilter_change
|
423
423
|
@intf.stp_bpdufilter = 'enable'
|
424
424
|
assert_equal('enable', @intf.stp_bpdufilter)
|
425
425
|
@intf.stp_bpdufilter = 'disable'
|
@@ -429,7 +429,7 @@ class TestStpGlobal < CiscoTestCase
|
|
429
429
|
@intf.stp_bpdufilter)
|
430
430
|
end
|
431
431
|
|
432
|
-
def
|
432
|
+
def test_intf_stp_bpduguard_change
|
433
433
|
@intf.stp_bpduguard = 'enable'
|
434
434
|
assert_equal('enable', @intf.stp_bpduguard)
|
435
435
|
@intf.stp_bpduguard = 'disable'
|
@@ -439,7 +439,7 @@ class TestStpGlobal < CiscoTestCase
|
|
439
439
|
@intf.stp_bpduguard)
|
440
440
|
end
|
441
441
|
|
442
|
-
def
|
442
|
+
def test_intf_stp_cost_change
|
443
443
|
@intf.stp_cost = 2000
|
444
444
|
assert_equal(2000, @intf.stp_cost)
|
445
445
|
@intf.stp_cost = @intf.default_stp_cost
|
@@ -447,7 +447,7 @@ class TestStpGlobal < CiscoTestCase
|
|
447
447
|
@intf.stp_cost)
|
448
448
|
end
|
449
449
|
|
450
|
-
def
|
450
|
+
def test_intf_stp_guard_change
|
451
451
|
@intf.stp_guard = 'loop'
|
452
452
|
assert_equal('loop', @intf.stp_guard)
|
453
453
|
@intf.stp_guard = 'none'
|
@@ -459,7 +459,7 @@ class TestStpGlobal < CiscoTestCase
|
|
459
459
|
@intf.stp_guard)
|
460
460
|
end
|
461
461
|
|
462
|
-
def
|
462
|
+
def test_intf_stp_link_type_change
|
463
463
|
@intf.stp_link_type = 'shared'
|
464
464
|
assert_equal('shared', @intf.stp_link_type)
|
465
465
|
@intf.stp_link_type = 'point-to-point'
|
@@ -469,7 +469,7 @@ class TestStpGlobal < CiscoTestCase
|
|
469
469
|
@intf.stp_link_type)
|
470
470
|
end
|
471
471
|
|
472
|
-
def
|
472
|
+
def test_intf_stp_port_priority_change
|
473
473
|
@intf.stp_port_priority = 32
|
474
474
|
assert_equal(32, @intf.stp_port_priority)
|
475
475
|
@intf.stp_port_priority = @intf.default_stp_port_priority
|
@@ -477,7 +477,7 @@ class TestStpGlobal < CiscoTestCase
|
|
477
477
|
@intf.stp_port_priority)
|
478
478
|
end
|
479
479
|
|
480
|
-
def
|
480
|
+
def test_intf_stp_port_type_change
|
481
481
|
@intf.switchport_mode = :disabled
|
482
482
|
@intf.switchport_mode = :trunk
|
483
483
|
@intf.stp_port_type = 'edge'
|
@@ -493,7 +493,7 @@ class TestStpGlobal < CiscoTestCase
|
|
493
493
|
@intf.stp_port_type)
|
494
494
|
end
|
495
495
|
|
496
|
-
def
|
496
|
+
def test_intf_stp_mst_cost_change
|
497
497
|
@intf.stp_mst_cost = @intf.default_stp_mst_cost
|
498
498
|
assert_equal(@intf.default_stp_mst_cost,
|
499
499
|
@intf.stp_mst_cost)
|
@@ -505,7 +505,7 @@ class TestStpGlobal < CiscoTestCase
|
|
505
505
|
@intf.stp_mst_cost)
|
506
506
|
end
|
507
507
|
|
508
|
-
def
|
508
|
+
def test_intf_stp_mst_port_priority_change
|
509
509
|
@intf.stp_mst_port_priority = @intf.default_stp_mst_port_priority
|
510
510
|
assert_equal(@intf.default_stp_mst_port_priority,
|
511
511
|
@intf.stp_mst_port_priority)
|
@@ -517,7 +517,7 @@ class TestStpGlobal < CiscoTestCase
|
|
517
517
|
@intf.stp_mst_port_priority)
|
518
518
|
end
|
519
519
|
|
520
|
-
def
|
520
|
+
def test_intf_stp_vlan_cost_change
|
521
521
|
@intf.stp_vlan_cost = @intf.default_stp_vlan_cost
|
522
522
|
assert_equal(@intf.default_stp_vlan_cost,
|
523
523
|
@intf.stp_vlan_cost)
|
@@ -529,7 +529,7 @@ class TestStpGlobal < CiscoTestCase
|
|
529
529
|
@intf.stp_vlan_cost)
|
530
530
|
end
|
531
531
|
|
532
|
-
def
|
532
|
+
def test_intf_stp_vlan_port_priority_change
|
533
533
|
@intf.stp_vlan_port_priority = @intf.default_stp_vlan_port_priority
|
534
534
|
assert_equal(@intf.default_stp_vlan_port_priority,
|
535
535
|
@intf.stp_vlan_port_priority)
|
@@ -541,7 +541,7 @@ class TestStpGlobal < CiscoTestCase
|
|
541
541
|
@intf.stp_vlan_port_priority)
|
542
542
|
end
|
543
543
|
|
544
|
-
def
|
544
|
+
def test_intf_stp_props_switchport_disabled
|
545
545
|
@intf.switchport_enable(false)
|
546
546
|
proplist = {
|
547
547
|
'bpdufilter' => 'enable',
|
@@ -555,7 +555,7 @@ class TestStpGlobal < CiscoTestCase
|
|
555
555
|
'vlan_port_priority' => [%w(2-4,6,8-12 224), %w(14 32)],
|
556
556
|
}
|
557
557
|
proplist.each do |k, v|
|
558
|
-
assert_raises(RuntimeError,
|
558
|
+
assert_raises(RuntimeError, "#{@intf}: #{k} => #{v}") do
|
559
559
|
@intf.send("stp_#{k}=", v)
|
560
560
|
end
|
561
561
|
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
#
|
2
|
+
# Minitest for TacacsGlobal class
|
3
|
+
#
|
4
|
+
# Copyright (c) 2014-2016 Cisco and/or its affiliates.
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
require_relative 'ciscotest'
|
19
|
+
require_relative '../lib/cisco_node_utils/tacacs_global'
|
20
|
+
|
21
|
+
# TestTacacsGlobal - Minitest for TacacsGlobal node utility.
|
22
|
+
class TestTacacsGlobal < CiscoTestCase
|
23
|
+
@skip_unless_supported = 'tacacs_global'
|
24
|
+
|
25
|
+
def setup
|
26
|
+
# setup runs at the beginning of each test
|
27
|
+
super
|
28
|
+
config_no_warn('no feature tacacs+') if platform == :nexus
|
29
|
+
no_tacacs_global if platform == :ios_xr
|
30
|
+
end
|
31
|
+
|
32
|
+
def teardown
|
33
|
+
# teardown runs at the end of each test
|
34
|
+
no_tacacs_global
|
35
|
+
config_no_warn('no feature tacacs+') if platform == :nexus
|
36
|
+
super
|
37
|
+
end
|
38
|
+
|
39
|
+
def no_tacacs_global
|
40
|
+
# Turn the feature off for a clean test.
|
41
|
+
config('no tacacs-server timeout 2')
|
42
|
+
end
|
43
|
+
|
44
|
+
# TESTS
|
45
|
+
|
46
|
+
def test_tacacs_global
|
47
|
+
id = 'default'
|
48
|
+
|
49
|
+
global = Cisco::TacacsGlobal.new(id)
|
50
|
+
assert_includes(Cisco::TacacsGlobal.tacacs_global, id)
|
51
|
+
assert_equal(global, Cisco::TacacsGlobal.tacacs_global[id])
|
52
|
+
|
53
|
+
# Default Checking
|
54
|
+
assert_equal(global.default_timeout, global.timeout)
|
55
|
+
|
56
|
+
global.timeout = 5
|
57
|
+
assert_equal(5, Cisco::TacacsGlobal.tacacs_global[id].timeout)
|
58
|
+
assert_equal(5, global.timeout)
|
59
|
+
|
60
|
+
# first change
|
61
|
+
key_format = 0
|
62
|
+
key = 'TEST_NEW'
|
63
|
+
global.encryption_key_set(key_format, key)
|
64
|
+
assert(!global.key.nil?)
|
65
|
+
assert(key_format, global.key_format)
|
66
|
+
|
67
|
+
# second change
|
68
|
+
key_format = 6
|
69
|
+
|
70
|
+
# Must use a valid type6 password: CSCvb36266
|
71
|
+
key = 'JDYkqyIFWeBvzpljSfWmRZrmRSRE8'
|
72
|
+
global.encryption_key_set(key_format, key)
|
73
|
+
assert(!global.key.nil?)
|
74
|
+
assert(key_format, global.key_format)
|
75
|
+
|
76
|
+
# Setting back to default and re-checking
|
77
|
+
global.timeout = global.default_timeout
|
78
|
+
assert_equal(global.default_timeout, global.timeout)
|
79
|
+
end
|
80
|
+
end
|
data/tests/test_tacacs_server.rb
CHANGED
@@ -21,28 +21,39 @@ class TestTacacsServer < CiscoTestCase
|
|
21
21
|
|
22
22
|
def assert_tacacsserver_feature
|
23
23
|
assert_show_match(command: 'show run all | no-more',
|
24
|
-
pattern: /feature tacacs\+/)
|
24
|
+
pattern: /feature tacacs\+/) if platform == :nexus
|
25
25
|
end
|
26
26
|
|
27
27
|
def refute_tacacsserver_feature
|
28
28
|
refute_show_match(command: 'show run all | no-more',
|
29
|
-
pattern: /feature tacacs\+/)
|
29
|
+
pattern: /feature tacacs\+/) if platform == :nexus
|
30
30
|
end
|
31
31
|
|
32
32
|
def setup
|
33
33
|
super
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
34
|
+
if platform == :nexus
|
35
|
+
# Most commands appear under 'show run tacacs all' but the
|
36
|
+
# 'directed-request' command is under 'show run aaa all'
|
37
|
+
@default_show_command = 'show run tacacs all | no-more ; ' \
|
38
|
+
'show run aaa all | no-more'
|
39
|
+
config_no_warn('no feature tacacs+')
|
40
|
+
|
41
|
+
elsif platform == :ios_xr
|
42
|
+
@default_show_command = 'show running-config tacacs-server'
|
43
|
+
no_tacacs_global
|
44
|
+
end
|
39
45
|
end
|
40
46
|
|
41
47
|
def teardown
|
42
|
-
config_no_warn('no feature tacacs+')
|
48
|
+
config_no_warn('no feature tacacs+') if platform == :nexus
|
43
49
|
super
|
44
50
|
end
|
45
51
|
|
52
|
+
def no_tacacs_global
|
53
|
+
# Turn the feature off for a clean test.
|
54
|
+
config('no tacacs-server timeout 2')
|
55
|
+
end
|
56
|
+
|
46
57
|
def test_create_valid
|
47
58
|
tacacs = TacacsServer.new
|
48
59
|
assert_tacacsserver_feature
|
@@ -50,34 +61,53 @@ class TestTacacsServer < CiscoTestCase
|
|
50
61
|
end
|
51
62
|
|
52
63
|
def test_get_encryption_type
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
64
|
+
if platform == :nexus
|
65
|
+
config_no_warn('feature tacacs+')
|
66
|
+
|
67
|
+
# The tacacs-server key is 'sticky'.
|
68
|
+
# If a key is configured it will remain configured even if
|
69
|
+
# the tacacs feature is disabled so to be safe go ahead
|
70
|
+
# and remove any key that might exist before the test.d
|
71
|
+
config_no_warn('no tacacs-server key')
|
72
|
+
|
73
|
+
encryption_type = TACACS_SERVER_ENC_UNKNOWN
|
74
|
+
# Get encryption password when not configured
|
75
|
+
tacacs = TacacsServer.new
|
76
|
+
assert_equal(encryption_type,
|
77
|
+
tacacs.encryption_type,
|
78
|
+
'Error: Tacacs Server, encryption type incorrect')
|
79
|
+
tacacs.destroy
|
80
|
+
|
81
|
+
# Get encryption password when configured
|
82
|
+
encryption_type = TACACS_SERVER_ENC_NONE
|
83
|
+
# This one is needed since the 'sh run' will always display the type
|
84
|
+
# differently than the used encryption config type.
|
85
|
+
sh_run_encryption_type = TACACS_SERVER_ENC_CISCO_TYPE_7
|
86
|
+
config('feature tacacs+', "tacacs-server key #{encryption_type} TEST")
|
87
|
+
|
88
|
+
tacacs = TacacsServer.new
|
89
|
+
assert_equal(sh_run_encryption_type,
|
90
|
+
tacacs.encryption_type,
|
91
|
+
'Error: Tacacs Server, encryption type incorrect')
|
92
|
+
|
93
|
+
encryption_type = TACACS_SERVER_ENC_CISCO_TYPE_7
|
94
|
+
config("tacacs-server key #{encryption_type} TEST")
|
95
|
+
|
96
|
+
assert_equal(sh_run_encryption_type,
|
97
|
+
tacacs.encryption_type,
|
98
|
+
'Error: Tacacs Server, encryption type incorrect')
|
99
|
+
tacacs.destroy
|
100
|
+
elsif platform == :ios_xr
|
101
|
+
encryption_type = TACACS_SERVER_ENC_NONE
|
102
|
+
sh_run_encryption_type = TACACS_SERVER_ENC_CISCO_TYPE_7
|
103
|
+
config("tacacs-server key #{encryption_type} TEST")
|
104
|
+
|
105
|
+
tacacs = TacacsServer.new
|
106
|
+
assert_equal(sh_run_encryption_type,
|
107
|
+
tacacs.encryption_type,
|
108
|
+
'Error: Tacacs Server, encryption type incorrect')
|
109
|
+
tacacs.destroy
|
110
|
+
end
|
81
111
|
end
|
82
112
|
|
83
113
|
def test_get_default_encryption
|
@@ -88,6 +118,8 @@ class TestTacacsServer < CiscoTestCase
|
|
88
118
|
end
|
89
119
|
|
90
120
|
def test_get_encryption_password
|
121
|
+
config('no tacacs-server key') if platform == :ios_xr
|
122
|
+
|
91
123
|
tacacs = TacacsServer.new
|
92
124
|
assert_equal(node.config_get_default('tacacs_server',
|
93
125
|
'encryption_password'),
|
@@ -100,11 +132,23 @@ class TestTacacsServer < CiscoTestCase
|
|
100
132
|
encryption_type = TACACS_SERVER_ENC_NONE
|
101
133
|
# This one is needed since the 'sh run' will always display the password
|
102
134
|
# differently than the used encryption config type.
|
103
|
-
|
135
|
+
if platform == :nexus
|
136
|
+
config('feature tacacs+', "tacacs-server key #{encryption_type} TEST")
|
137
|
+
elsif platform == :ios_xr
|
138
|
+
config("tacacs-server key #{encryption_type} TEST")
|
139
|
+
end
|
104
140
|
tacacs = TacacsServer.new
|
105
|
-
|
106
|
-
|
107
|
-
|
141
|
+
|
142
|
+
if platform == :nexus
|
143
|
+
assert_equal(sh_run_encryption_password,
|
144
|
+
tacacs.encryption_password,
|
145
|
+
'Error: Tacacs Server, encryption password incorrect')
|
146
|
+
elsif platform == :ios_xr
|
147
|
+
# When a password is set on ios_xr it is always encrypted,
|
148
|
+
# even as a return value, hence here checking for not nil.
|
149
|
+
assert(!tacacs.encryption_password.nil?)
|
150
|
+
end
|
151
|
+
|
108
152
|
tacacs.destroy
|
109
153
|
end
|
110
154
|
|
@@ -125,9 +169,15 @@ class TestTacacsServer < CiscoTestCase
|
|
125
169
|
tacacs = TacacsServer.new
|
126
170
|
tacacs.encryption_key_set(enc_type, password)
|
127
171
|
# Get the password from the running config since its encoded
|
128
|
-
|
129
|
-
|
130
|
-
|
172
|
+
if platform == :nexus
|
173
|
+
line = assert_show_match(
|
174
|
+
pattern: /tacacs-server key\s#{sh_run_encryption_type}\s".*"/,
|
175
|
+
msg: 'Error: Tacacs Server, key not configured')
|
176
|
+
elsif platform == :ios_xr
|
177
|
+
line = assert_show_match(
|
178
|
+
pattern: /tacacs-server key\s#{sh_run_encryption_type}\s.*/,
|
179
|
+
msg: 'Error: Tacacs Server, key not configured')
|
180
|
+
end
|
131
181
|
# Extract encrypted password, and git rid of the "" around the pasword
|
132
182
|
md = line.to_s
|
133
183
|
encrypted_password = md.to_s.split(' ').last.tr('\"', '')
|
@@ -150,16 +200,27 @@ class TestTacacsServer < CiscoTestCase
|
|
150
200
|
|
151
201
|
tacacs = TacacsServer.new
|
152
202
|
tacacs.encryption_key_set(enc_type, password)
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
203
|
+
if platform == :nexus
|
204
|
+
assert_show_match(
|
205
|
+
pattern: /tacacs-server key\s#{sh_run_encryption_type}\s".*"/,
|
206
|
+
msg: 'Error: Tacacs Server, key not configured')
|
207
|
+
elsif platform == :ios_xr
|
208
|
+
assert_show_match(
|
209
|
+
pattern: /tacacs-server key\s#{sh_run_encryption_type}\s.*/,
|
210
|
+
msg: 'Error: Tacacs Server, key not configured')
|
211
|
+
end
|
157
212
|
enc_type = TACACS_SERVER_ENC_UNKNOWN
|
158
213
|
password = ''
|
159
214
|
tacacs.encryption_key_set(enc_type, password)
|
160
|
-
|
161
|
-
|
162
|
-
|
215
|
+
if platform == :nexus
|
216
|
+
refute_show_match(
|
217
|
+
pattern: /tacacs-server key\s#{sh_run_encryption_type}\s".*"/,
|
218
|
+
msg: 'Error: Tacacs Server, key configured')
|
219
|
+
elsif platform == :ios_xr
|
220
|
+
refute_show_match(
|
221
|
+
pattern: /tacacs-server key\s#{sh_run_encryption_type}\s.*/,
|
222
|
+
msg: 'Error: Tacacs Server, key configured')
|
223
|
+
end
|
163
224
|
tacacs.destroy
|
164
225
|
end
|
165
226
|
|
@@ -197,7 +258,9 @@ class TestTacacsServer < CiscoTestCase
|
|
197
258
|
'Error: Tacacs Server, timeout value incorrect')
|
198
259
|
|
199
260
|
# Invalid case
|
200
|
-
timeout = 80
|
261
|
+
timeout = 80 if platform == :nexus
|
262
|
+
timeout = 80_000 if platform == :ios_xr
|
263
|
+
|
201
264
|
assert_raises(Cisco::CliError) do
|
202
265
|
tacacs.timeout = timeout
|
203
266
|
end
|
@@ -205,6 +268,8 @@ class TestTacacsServer < CiscoTestCase
|
|
205
268
|
end
|
206
269
|
|
207
270
|
def test_get_deadtime
|
271
|
+
return if validate_property_excluded?('tacacs_server', 'deadtime')
|
272
|
+
|
208
273
|
tacacs = TacacsServer.new
|
209
274
|
deadtime = node.config_get_default('tacacs_server', 'deadtime')
|
210
275
|
assert_equal(deadtime, tacacs.deadtime,
|
@@ -218,12 +283,15 @@ class TestTacacsServer < CiscoTestCase
|
|
218
283
|
end
|
219
284
|
|
220
285
|
def test_get_default_deadtime
|
286
|
+
return if validate_property_excluded?('tacacs_server', 'deadtime')
|
287
|
+
|
221
288
|
assert_equal(node.config_get_default('tacacs_server', 'deadtime'),
|
222
289
|
TacacsServer.default_deadtime,
|
223
290
|
'Error: Tacacs Server, default deadtime incorrect')
|
224
291
|
end
|
225
292
|
|
226
293
|
def test_set_deadtime
|
294
|
+
return if validate_property_excluded?('tacacs_server', 'deadtime')
|
227
295
|
deadtime = 1250
|
228
296
|
|
229
297
|
tacacs = TacacsServer.new
|
@@ -244,6 +312,8 @@ class TestTacacsServer < CiscoTestCase
|
|
244
312
|
end
|
245
313
|
|
246
314
|
def test_get_directed_request
|
315
|
+
return if validate_property_excluded?('tacacs_server', 'deadtime')
|
316
|
+
|
247
317
|
config('feature tacacs', 'tacacs-server directed-request')
|
248
318
|
tacacs = TacacsServer.new
|
249
319
|
assert(tacacs.directed_request?,
|
@@ -256,12 +326,14 @@ class TestTacacsServer < CiscoTestCase
|
|
256
326
|
end
|
257
327
|
|
258
328
|
def test_get_default_directed_request
|
329
|
+
return if validate_property_excluded?('tacacs_server', 'deadtime')
|
259
330
|
assert_equal(node.config_get_default('tacacs_server', 'directed_request'),
|
260
331
|
TacacsServer.default_directed_request,
|
261
332
|
'Error: Tacacs Server, default directed-request incorrect')
|
262
333
|
end
|
263
334
|
|
264
335
|
def test_set_directed_request
|
336
|
+
return if validate_property_excluded?('tacacs_server', 'deadtime')
|
265
337
|
config('feature tacacs', 'tacacs-server directed-request')
|
266
338
|
state = true
|
267
339
|
tacacs = TacacsServer.new
|
@@ -300,6 +372,8 @@ class TestTacacsServer < CiscoTestCase
|
|
300
372
|
end
|
301
373
|
|
302
374
|
def test_get_source_interface
|
375
|
+
return if validate_property_excluded?('tacacs_server', 'deadtime')
|
376
|
+
|
303
377
|
config_no_warn('no ip tacacs source-interface')
|
304
378
|
tacacs = TacacsServer.new
|
305
379
|
intf = node.config_get_default('tacacs_server', 'source_interface')
|
@@ -314,12 +388,16 @@ class TestTacacsServer < CiscoTestCase
|
|
314
388
|
end
|
315
389
|
|
316
390
|
def test_get_default_source_interface
|
391
|
+
return if validate_property_excluded?('tacacs_server', 'deadtime')
|
392
|
+
|
317
393
|
assert_equal(node.config_get_default('tacacs_server', 'source_interface'),
|
318
394
|
TacacsServer.default_source_interface,
|
319
395
|
'Error: Tacacs Server, default source-interface incorrect')
|
320
396
|
end
|
321
397
|
|
322
398
|
def test_set_source_interface
|
399
|
+
return if validate_property_excluded?('tacacs_server', 'deadtime')
|
400
|
+
|
323
401
|
config('feature tacacs+', 'no ip tacacs source-int')
|
324
402
|
intf = node.config_get_default('tacacs_server', 'source_interface')
|
325
403
|
tacacs = TacacsServer.new
|