RubyGems - cisco_node_utils_mgx - Versions diffs - 2.1.0.1 - Mend

cisco_node_utils_mgx 2.1.0.1

Files changed (357) hide show

checksums.yaml +7 -0
data/.gitignore +10 -0
data/.rspec +2 -0
data/.rubocop.yml +96 -0
data/.travis.yml +17 -0
data/CHANGELOG.md +676 -0
data/CONTRIBUTING.md +43 -0
data/Gemfile +10 -0
data/LICENSE +201 -0
data/README.md +246 -0
data/Rakefile +44 -0
data/SUPPORT.md +3 -0
data/bin/.rubocop.yml +18 -0
data/bin/check_metric_limits.rb +109 -0
data/bin/git/hooks/commit-msg/enforce_style +89 -0
data/bin/git/hooks/hook_lib +115 -0
data/bin/git/hooks/hooks-wrapper +38 -0
data/bin/git/hooks/post-flow-hotfix-start/update-version +24 -0
data/bin/git/hooks/post-flow-release-finish/update-version +29 -0
data/bin/git/hooks/post-flow-release-start/update-version +19 -0
data/bin/git/hooks/post-merge/update-hooks +6 -0
data/bin/git/hooks/post-rewrite/update-hooks +6 -0
data/bin/git/hooks/pre-commit/check_unstaged_changes +18 -0
data/bin/git/hooks/pre-commit/rubocop +25 -0
data/bin/git/hooks/pre-commit/validate-diffs +45 -0
data/bin/git/hooks/pre-commit/validate-yaml +18 -0
data/bin/git/hooks/pre-push/check-changelog +24 -0
data/bin/git/hooks/pre-push/rubocop +7 -0
data/bin/git/update-hooks +123 -0
data/bin/show_running_yang.rb +233 -0
data/cisco_node_utils.gemspec +41 -0
data/docs/README-develop-best-practices.md +521 -0
data/docs/README-develop-node-utils-APIs.md +570 -0
data/docs/README-maintainers.md +77 -0
data/docs/README-test-execution.md +57 -0
data/docs/README-utilities.md +14 -0
data/docs/agent_files.png +0 -0
data/docs/cisco_node_utils.yaml.example +36 -0
data/docs/template-router.rb +123 -0
data/docs/template-test_router.rb +104 -0
data/ext/mkrf_conf.rb +63 -0
data/lib/.rubocop.yml +18 -0
data/lib/cisco_node_utils/aaa_authentication_login.rb +95 -0
data/lib/cisco_node_utils/aaa_authentication_login_service.rb +138 -0
data/lib/cisco_node_utils/aaa_authorization_service.rb +156 -0
data/lib/cisco_node_utils/ace.rb +467 -0
data/lib/cisco_node_utils/acl.rb +101 -0
data/lib/cisco_node_utils/banner.rb +63 -0
data/lib/cisco_node_utils/bfd_global.rb +305 -0
data/lib/cisco_node_utils/bgp.rb +988 -0
data/lib/cisco_node_utils/bgp_af.rb +545 -0
data/lib/cisco_node_utils/bgp_af_aggr_addr.rb +207 -0
data/lib/cisco_node_utils/bgp_neighbor.rb +527 -0
data/lib/cisco_node_utils/bgp_neighbor_af.rb +780 -0
data/lib/cisco_node_utils/bridge_domain.rb +178 -0
data/lib/cisco_node_utils/bridge_domain_vni.rb +206 -0
data/lib/cisco_node_utils/cisco_cmn_utils.rb +444 -0
data/lib/cisco_node_utils/client/client.rb +238 -0
data/lib/cisco_node_utils/client/grpc/client.rb +395 -0
data/lib/cisco_node_utils/client/grpc/ems.proto +148 -0
data/lib/cisco_node_utils/client/grpc/ems.rb +111 -0
data/lib/cisco_node_utils/client/grpc/ems_services.rb +49 -0
data/lib/cisco_node_utils/client/grpc.rb +33 -0
data/lib/cisco_node_utils/client/nxapi/client.rb +368 -0
data/lib/cisco_node_utils/client/nxapi.rb +31 -0
data/lib/cisco_node_utils/client/utils.rb +180 -0
data/lib/cisco_node_utils/client.rb +35 -0
data/lib/cisco_node_utils/cmd_ref/README_YAML.md +590 -0
data/lib/cisco_node_utils/cmd_ref/aaa_auth_login_service.yaml +25 -0
data/lib/cisco_node_utils/cmd_ref/aaa_authentication_login.yaml +38 -0
data/lib/cisco_node_utils/cmd_ref/aaa_authorization_service.yaml +40 -0
data/lib/cisco_node_utils/cmd_ref/acl.yaml +48 -0
data/lib/cisco_node_utils/cmd_ref/banner.yaml +11 -0
data/lib/cisco_node_utils/cmd_ref/bfd_global.yaml +117 -0
data/lib/cisco_node_utils/cmd_ref/bgp.yaml +383 -0
data/lib/cisco_node_utils/cmd_ref/bgp_af.yaml +223 -0
data/lib/cisco_node_utils/cmd_ref/bgp_af_aa.yaml +38 -0
data/lib/cisco_node_utils/cmd_ref/bgp_neighbor.yaml +174 -0
data/lib/cisco_node_utils/cmd_ref/bgp_neighbor_af.yaml +236 -0
data/lib/cisco_node_utils/cmd_ref/bridge_domain.yaml +49 -0
data/lib/cisco_node_utils/cmd_ref/bridge_domain_vni.yaml +33 -0
data/lib/cisco_node_utils/cmd_ref/dhcp_relay_global.yaml +128 -0
data/lib/cisco_node_utils/cmd_ref/dnsclient.yaml +55 -0
data/lib/cisco_node_utils/cmd_ref/encapsulation.yaml +25 -0
data/lib/cisco_node_utils/cmd_ref/evpn_multicast.yaml +12 -0
data/lib/cisco_node_utils/cmd_ref/evpn_multisite.yaml +18 -0
data/lib/cisco_node_utils/cmd_ref/evpn_stormcontrol.yaml +18 -0
data/lib/cisco_node_utils/cmd_ref/evpn_vni.yaml +48 -0
data/lib/cisco_node_utils/cmd_ref/fabricpath.yaml +183 -0
data/lib/cisco_node_utils/cmd_ref/fabricpath_topology.yaml +40 -0
data/lib/cisco_node_utils/cmd_ref/feature.yaml +126 -0
data/lib/cisco_node_utils/cmd_ref/hostname.yaml +8 -0
data/lib/cisco_node_utils/cmd_ref/hsrp_global.yaml +25 -0
data/lib/cisco_node_utils/cmd_ref/images.yaml +8 -0
data/lib/cisco_node_utils/cmd_ref/interface.yaml +781 -0
data/lib/cisco_node_utils/cmd_ref/interface_channel_group.yaml +45 -0
data/lib/cisco_node_utils/cmd_ref/interface_evpn_multisite.yaml +17 -0
data/lib/cisco_node_utils/cmd_ref/interface_hsrp_group.yaml +120 -0
data/lib/cisco_node_utils/cmd_ref/interface_ospf.yaml +112 -0
data/lib/cisco_node_utils/cmd_ref/interface_portchannel.yaml +87 -0
data/lib/cisco_node_utils/cmd_ref/interface_service_vni.yaml +42 -0
data/lib/cisco_node_utils/cmd_ref/inventory.yaml +45 -0
data/lib/cisco_node_utils/cmd_ref/ip_multicast.yaml +22 -0
data/lib/cisco_node_utils/cmd_ref/itd_device_group.yaml +83 -0
data/lib/cisco_node_utils/cmd_ref/itd_service.yaml +119 -0
data/lib/cisco_node_utils/cmd_ref/memory.yaml +24 -0
data/lib/cisco_node_utils/cmd_ref/ntp_auth_key.yaml +10 -0
data/lib/cisco_node_utils/cmd_ref/ntp_config.yaml +27 -0
data/lib/cisco_node_utils/cmd_ref/ntp_server.yaml +34 -0
data/lib/cisco_node_utils/cmd_ref/object_group.yaml +32 -0
data/lib/cisco_node_utils/cmd_ref/ospf.yaml +91 -0
data/lib/cisco_node_utils/cmd_ref/ospf_area.yaml +91 -0
data/lib/cisco_node_utils/cmd_ref/ospf_area_vlink.yaml +88 -0
data/lib/cisco_node_utils/cmd_ref/overlay_global.yaml +37 -0
data/lib/cisco_node_utils/cmd_ref/pim.yaml +43 -0
data/lib/cisco_node_utils/cmd_ref/portchannel_global.yaml +86 -0
data/lib/cisco_node_utils/cmd_ref/radius_global.yaml +37 -0
data/lib/cisco_node_utils/cmd_ref/radius_server.yaml +100 -0
data/lib/cisco_node_utils/cmd_ref/radius_server_group.yaml +19 -0
data/lib/cisco_node_utils/cmd_ref/route_map.yaml +601 -0
data/lib/cisco_node_utils/cmd_ref/show_system.yaml +9 -0
data/lib/cisco_node_utils/cmd_ref/show_version.yaml +84 -0
data/lib/cisco_node_utils/cmd_ref/snmp_community.yaml +81 -0
data/lib/cisco_node_utils/cmd_ref/snmp_group.yaml +9 -0
data/lib/cisco_node_utils/cmd_ref/snmp_notification_receiver.yaml +74 -0
data/lib/cisco_node_utils/cmd_ref/snmp_server.yaml +91 -0
data/lib/cisco_node_utils/cmd_ref/snmp_user.yaml +57 -0
data/lib/cisco_node_utils/cmd_ref/snmpnotification.yaml +23 -0
data/lib/cisco_node_utils/cmd_ref/span_session.yaml +65 -0
data/lib/cisco_node_utils/cmd_ref/stp_global.yaml +235 -0
data/lib/cisco_node_utils/cmd_ref/syslog_facility.yaml +10 -0
data/lib/cisco_node_utils/cmd_ref/syslog_server.yaml +34 -0
data/lib/cisco_node_utils/cmd_ref/syslog_settings.yaml +45 -0
data/lib/cisco_node_utils/cmd_ref/system.yaml +7 -0
data/lib/cisco_node_utils/cmd_ref/tacacs_global.yaml +37 -0
data/lib/cisco_node_utils/cmd_ref/tacacs_server.yaml +63 -0
data/lib/cisco_node_utils/cmd_ref/tacacs_server_group.yaml +45 -0
data/lib/cisco_node_utils/cmd_ref/tacacs_server_host.yaml +64 -0
data/lib/cisco_node_utils/cmd_ref/upgrade.yaml +38 -0
data/lib/cisco_node_utils/cmd_ref/vdc.yaml +52 -0
data/lib/cisco_node_utils/cmd_ref/virtual_service.yaml +8 -0
data/lib/cisco_node_utils/cmd_ref/vlan.yaml +106 -0
data/lib/cisco_node_utils/cmd_ref/vpc.yaml +233 -0
data/lib/cisco_node_utils/cmd_ref/vrf.yaml +86 -0
data/lib/cisco_node_utils/cmd_ref/vrf_af.yaml +139 -0
data/lib/cisco_node_utils/cmd_ref/vtp.yaml +32 -0
data/lib/cisco_node_utils/cmd_ref/vxlan_vtep.yaml +114 -0
data/lib/cisco_node_utils/cmd_ref/vxlan_vtep_vni.yaml +71 -0
data/lib/cisco_node_utils/cmd_ref/yang.yaml +7 -0
data/lib/cisco_node_utils/cmd_ref/yum.yaml +68 -0
data/lib/cisco_node_utils/command_reference.rb +724 -0
data/lib/cisco_node_utils/configparser_lib.rb +195 -0
data/lib/cisco_node_utils/constants.rb +40 -0
data/lib/cisco_node_utils/dhcp_relay_global.rb +302 -0
data/lib/cisco_node_utils/dns_domain.rb +93 -0
data/lib/cisco_node_utils/domain_name.rb +82 -0
data/lib/cisco_node_utils/encapsulation.rb +112 -0
data/lib/cisco_node_utils/environment.rb +110 -0
data/lib/cisco_node_utils/evpn_multicast.rb +66 -0
data/lib/cisco_node_utils/evpn_multisite.rb +96 -0
data/lib/cisco_node_utils/evpn_stormcontrol.rb +84 -0
data/lib/cisco_node_utils/evpn_vni.rb +159 -0
data/lib/cisco_node_utils/exceptions.rb +140 -0
data/lib/cisco_node_utils/fabricpath_global.rb +405 -0
data/lib/cisco_node_utils/fabricpath_topology.rb +137 -0
data/lib/cisco_node_utils/feature.rb +377 -0
data/lib/cisco_node_utils/hostname.rb +62 -0
data/lib/cisco_node_utils/hsrp_global.rb +97 -0
data/lib/cisco_node_utils/interface.rb +2128 -0
data/lib/cisco_node_utils/interface_channel_group.rb +142 -0
data/lib/cisco_node_utils/interface_evpn_multisite.rb +72 -0
data/lib/cisco_node_utils/interface_hsrp_group.rb +557 -0
data/lib/cisco_node_utils/interface_ospf.rb +378 -0
data/lib/cisco_node_utils/interface_portchannel.rb +180 -0
data/lib/cisco_node_utils/interface_service_vni.rb +132 -0
data/lib/cisco_node_utils/ip_multicast.rb +90 -0
data/lib/cisco_node_utils/itd_device_group.rb +228 -0
data/lib/cisco_node_utils/itd_device_group_node.rb +144 -0
data/lib/cisco_node_utils/itd_service.rb +511 -0
data/lib/cisco_node_utils/logger.rb +78 -0
data/lib/cisco_node_utils/name_server.rb +64 -0
data/lib/cisco_node_utils/node.rb +443 -0
data/lib/cisco_node_utils/node_util.rb +111 -0
data/lib/cisco_node_utils/ntp_auth_key.rb +67 -0
data/lib/cisco_node_utils/ntp_config.rb +83 -0
data/lib/cisco_node_utils/ntp_server.rb +86 -0
data/lib/cisco_node_utils/object_group.rb +75 -0
data/lib/cisco_node_utils/object_group_entry.rb +143 -0
data/lib/cisco_node_utils/overlay_global.rb +142 -0
data/lib/cisco_node_utils/pim.rb +131 -0
data/lib/cisco_node_utils/pim_group_list.rb +109 -0
data/lib/cisco_node_utils/pim_rp_address.rb +103 -0
data/lib/cisco_node_utils/platform.rb +217 -0
data/lib/cisco_node_utils/portchannel_global.rb +347 -0
data/lib/cisco_node_utils/radius_global.rb +165 -0
data/lib/cisco_node_utils/radius_server.rb +421 -0
data/lib/cisco_node_utils/radius_server_group.rb +117 -0
data/lib/cisco_node_utils/route_map.rb +2540 -0
data/lib/cisco_node_utils/router_ospf.rb +77 -0
data/lib/cisco_node_utils/router_ospf_area.rb +416 -0
data/lib/cisco_node_utils/router_ospf_area_vlink.rb +313 -0
data/lib/cisco_node_utils/router_ospf_vrf.rb +342 -0
data/lib/cisco_node_utils/snmp_notification_receiver.rb +176 -0
data/lib/cisco_node_utils/snmpcommunity.rb +109 -0
data/lib/cisco_node_utils/snmpgroup.rb +54 -0
data/lib/cisco_node_utils/snmpnotification.rb +57 -0
data/lib/cisco_node_utils/snmpserver.rb +132 -0
data/lib/cisco_node_utils/snmpuser.rb +403 -0
data/lib/cisco_node_utils/span_session.rb +149 -0
data/lib/cisco_node_utils/stp_global.rb +676 -0
data/lib/cisco_node_utils/syslog_facility.rb +64 -0
data/lib/cisco_node_utils/syslog_server.rb +146 -0
data/lib/cisco_node_utils/syslog_settings.rb +174 -0
data/lib/cisco_node_utils/tacacs_global.rb +137 -0
data/lib/cisco_node_utils/tacacs_server.rb +173 -0
data/lib/cisco_node_utils/tacacs_server_group.rb +149 -0
data/lib/cisco_node_utils/tacacs_server_host.rb +216 -0
data/lib/cisco_node_utils/upgrade.rb +122 -0
data/lib/cisco_node_utils/vdc.rb +118 -0
data/lib/cisco_node_utils/version.rb +21 -0
data/lib/cisco_node_utils/vlan.rb +301 -0
data/lib/cisco_node_utils/vpc.rb +466 -0
data/lib/cisco_node_utils/vrf.rb +192 -0
data/lib/cisco_node_utils/vrf_af.rb +327 -0
data/lib/cisco_node_utils/vtp.rb +125 -0
data/lib/cisco_node_utils/vxlan_vtep.rb +286 -0
data/lib/cisco_node_utils/vxlan_vtep_vni.rb +331 -0
data/lib/cisco_node_utils/yang.rb +160 -0
data/lib/cisco_node_utils/yum.rb +213 -0
data/lib/cisco_node_utils.rb +21 -0
data/lib/minitest/environment_plugin.rb +31 -0
data/lib/minitest/log_level_plugin.rb +41 -0
data/spec/client_spec.rb +7 -0
data/spec/environment_spec.rb +384 -0
data/spec/grpc_client_spec.rb +23 -0
data/spec/isolate/all_clients_spec.rb +9 -0
data/spec/isolate/grpc_only_spec.rb +16 -0
data/spec/isolate/no_clients_spec.rb +26 -0
data/spec/isolate/nxapi_only_spec.rb +16 -0
data/spec/nxapi_client_spec.rb +42 -0
data/spec/schema.yaml +82 -0
data/spec/shared_examples_for_clients.rb +14 -0
data/spec/spec_helper.rb +91 -0
data/spec/whitespace_spec.rb +10 -0
data/spec/yaml_spec.rb +42 -0
data/tests/.rubocop.yml +18 -0
data/tests/CSCuxdublin-1.0.0-7.0.3.I3.1.lib32_n9000.rpm +0 -0
data/tests/basetest.rb +243 -0
data/tests/ciscotest.rb +577 -0
data/tests/cmd_config.yaml +75 -0
data/tests/cmd_config_invalid.yaml +16 -0
data/tests/n9000_sample-1.0.0-7.0.3.x86_64.rpm +0 -0
data/tests/noop.rb +7 -0
data/tests/platform_info.rb +63 -0
data/tests/tacacs_server.yaml.example +6 -0
data/tests/test_aaa_authentication_login.rb +243 -0
data/tests/test_aaa_authentication_login_service.rb +761 -0
data/tests/test_aaa_authorization_service.rb +874 -0
data/tests/test_ace.rb +304 -0
data/tests/test_acl.rb +185 -0
data/tests/test_banner.rb +85 -0
data/tests/test_bfd_global.rb +272 -0
data/tests/test_bgp_af.rb +875 -0
data/tests/test_bgp_af_aa.rb +108 -0
data/tests/test_bgp_neighbor.rb +596 -0
data/tests/test_bgp_neighbor_af.rb +781 -0
data/tests/test_bridge_domain.rb +198 -0
data/tests/test_bridge_domain_vni.rb +109 -0
data/tests/test_client_utils.rb +111 -0
data/tests/test_cmn_utils.rb +76 -0
data/tests/test_command_config.rb +206 -0
data/tests/test_command_reference.rb +669 -0
data/tests/test_dhcp_relay_global.rb +286 -0
data/tests/test_dns_domain.rb +123 -0
data/tests/test_domain_name.rb +96 -0
data/tests/test_encapsulation.rb +75 -0
data/tests/test_evpn_multicast.rb +65 -0
data/tests/test_evpn_multisite.rb +70 -0
data/tests/test_evpn_stormcontrol.rb +56 -0
data/tests/test_evpn_vni.rb +131 -0
data/tests/test_fabricpath_global.rb +246 -0
data/tests/test_fabricpath_topology.rb +77 -0
data/tests/test_feature.rb +272 -0
data/tests/test_grpc.rb +166 -0
data/tests/test_hostname.rb +64 -0
data/tests/test_hsrp_global.rb +79 -0
data/tests/test_interface.rb +1958 -0
data/tests/test_interface_bdi.rb +80 -0
data/tests/test_interface_channel_group.rb +131 -0
data/tests/test_interface_evpn_multisite.rb +94 -0
data/tests/test_interface_hsrp.rb +134 -0
data/tests/test_interface_hsrp_group.rb +570 -0
data/tests/test_interface_ospf.rb +820 -0
data/tests/test_interface_portchannel.rb +135 -0
data/tests/test_interface_private_vlan.rb +365 -0
data/tests/test_interface_service_vni.rb +203 -0
data/tests/test_interface_svi.rb +210 -0
data/tests/test_interface_switchport.rb +468 -0
data/tests/test_ip_multicast.rb +80 -0
data/tests/test_itd_device_group.rb +145 -0
data/tests/test_itd_device_group_node.rb +199 -0
data/tests/test_itd_service.rb +314 -0
data/tests/test_logger.rb +43 -0
data/tests/test_name_server.rb +94 -0
data/tests/test_node.rb +50 -0
data/tests/test_node_ext.rb +406 -0
data/tests/test_node_util.rb +119 -0
data/tests/test_ntp_auth_key.rb +77 -0
data/tests/test_ntp_config.rb +100 -0
data/tests/test_ntp_server.rb +146 -0
data/tests/test_nxapi.rb +236 -0
data/tests/test_object_group.rb +122 -0
data/tests/test_overlay_global.rb +108 -0
data/tests/test_pim.rb +203 -0
data/tests/test_pim_group_list.rb +147 -0
data/tests/test_pim_rp_address.rb +155 -0
data/tests/test_platform.rb +254 -0
data/tests/test_portchannel_global.rb +322 -0
data/tests/test_radius_global.rb +108 -0
data/tests/test_radius_server.rb +377 -0
data/tests/test_radius_server_group.rb +151 -0
data/tests/test_route_map.rb +1479 -0
data/tests/test_router_bgp.rb +1325 -0
data/tests/test_router_ospf.rb +56 -0
data/tests/test_router_ospf_area.rb +433 -0
data/tests/test_router_ospf_area_vlink.rb +298 -0
data/tests/test_router_ospf_vrf.rb +690 -0
data/tests/test_snmp_notification_receiver.rb +169 -0
data/tests/test_snmpcommunity.rb +422 -0
data/tests/test_snmpgroup.rb +71 -0
data/tests/test_snmpnotification.rb +91 -0
data/tests/test_snmpserver.rb +251 -0
data/tests/test_snmpuser.rb +666 -0
data/tests/test_span_session.rb +155 -0
data/tests/test_stp_global.rb +575 -0
data/tests/test_syslog_facility.rb +80 -0
data/tests/test_syslog_server.rb +119 -0
data/tests/test_syslog_settings.rb +123 -0
data/tests/test_tacacs_global.rb +109 -0
data/tests/test_tacacs_server.rb +436 -0
data/tests/test_tacacs_server_group.rb +434 -0
data/tests/test_tacacs_server_host.rb +427 -0
data/tests/test_upgrade.rb +105 -0
data/tests/test_vdc.rb +64 -0
data/tests/test_vlan.rb +386 -0
data/tests/test_vlan_private.rb +656 -0
data/tests/test_vpc.rb +548 -0
data/tests/test_vrf.rb +248 -0
data/tests/test_vrf_af.rb +288 -0
data/tests/test_vtp.rb +278 -0
data/tests/test_vxlan_vtep.rb +327 -0
data/tests/test_vxlan_vtep_vni.rb +326 -0
data/tests/test_yang.rb +369 -0
data/tests/test_yum.rb +109 -0
data/tests/upgrade_info.yaml.example +3 -0
data/tests/yum_package.yaml +94 -0
metadata +534 -0

data/lib/cisco_node_utils/aaa_authorization_service.rb ADDED Viewed

@@ -0,0 +1,156 @@
+# NXAPI implementation of AaaAuthorizationService class
+#
+# May 2015, Alex Hunsberger
+#
+# Copyright (c) 2015-2016 Cisco and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require_relative 'node_util'
+module Cisco
+  # AaaAuthorizationService - node util class for aaa authorization management
+  class AaaAuthorizationService < NodeUtil
+    attr_reader :name, :type
+    def initialize(type, name, create=true)
+      fail TypeError unless name.is_a? String
+      fail TypeError unless type.is_a? Symbol
+      # only console and default are supported currently
+      fail ArgumentError unless %w(console default).include? name
+      fail ArgumentError unless
+        %i(commands config_commands ssh_certificate ssh_publickey).include? type
+      @name = name
+      @type = type
+      type_str = AaaAuthorizationService.auth_type_sym_to_str(type)
+      return unless create
+      config_set('aaa_authorization_service', 'method', '', type_str, name)
+    end
+    def self.remove_local_auth
+      config_get('aaa_authorization_service', 'remove_local_auth')
+    end
+    def self.services
+      servs = {}
+      servs_arr = config_get('aaa_authorization_service', 'services')
+      unless servs_arr.nil?
+        servs_arr.each do |type, name|
+          type = auth_type_str_to_sym(type)
+          servs[type] ||= {}
+          servs[type][name] = AaaAuthorizationService.new(type, name, false)
+        end
+      end
+      servs
+    end
+    def destroy
+      # must specify exact current config string to unconfigure
+      m = method
+      m_str = m == :unselected ? '' : m.to_s
+      g_str = groups.join(' ')
+      t_str = AaaAuthorizationService.auth_type_sym_to_str(@type)
+      if g_str.empty?
+        # cannot remove no groups + local, so do nothing in this case
+        unless m == :local
+          config_set('aaa_authorization_service', 'method',
+                     'no', t_str, @name)
+        end
+      else
+        # Removal of auth method local is not supported on all platforms.
+        m_str = AaaAuthorizationService.remove_local_auth ? m_str : ''
+        config_set('aaa_authorization_service', 'groups',
+                   'no', t_str, @name, g_str, m_str)
+      end
+    end
+    # groups aren't retrieved via the usual CLI regex memory type because
+    # there can be an arbitrary number of groups and specifying a repeating
+    # memory regex only captures the last match
+    # ex: aaa authorization console group group1 group2 group3 local
+    def groups
+      # config_get returns the following format:
+      # [{"appl_subtype": "console",
+      #   "cmd_type": "config-commands",
+      #   "methods": "group foo bar local "}], ...
+      hsh_arr = config_get('aaa_authorization_service', 'groups')
+      fail 'unable to retrieve aaa groups information' if hsh_arr.empty?
+      type_s = AaaAuthorizationService.auth_type_sym_to_str(@type)
+      hsh = hsh_arr.find do |x|
+        x['appl_subtype'] == @name && x['cmd_type'] == type_s
+      end
+      fail "no aaa info for #{@type},#{@name}" if hsh.nil?
+      fail "no aaa info for #{@type},#{@name}. api/feature change?" unless
+        hsh.key? 'methods'
+      # ex: ["group", "group1", "local"]
+      grps = hsh['methods'].strip.split
+      # return [] if grps.size == 1
+      # remove local, group keywords
+      grps -= %w(local group)
+      grps
+    end
+    # default is []
+    def default_groups
+      config_get_default('aaa_authorization_service', 'groups')
+    end
+    def method
+      t_str = AaaAuthorizationService.auth_type_sym_to_str(@type)
+      m = config_get('aaa_authorization_service', 'method', @name, t_str)
+      m.nil? ? :unselected : m.to_sym
+    end
+    # default is :local
+    def default_method
+      config_get_default('aaa_authorization_service', 'method')
+    end
+    # groups and method must be set in the same CLI string
+    # aaa authorization login <type> <name> /
+    #   local | group <group1 [group2, ...]> [local]
+    def groups_method_set(grps, m)
+      grps = Array(grps) unless grps.is_a? Array
+      fail TypeError unless grps.all? { |x| x.is_a? String }
+      fail TypeError unless m.is_a? Symbol
+      # only the following are supported (unselected = blank)
+      fail ArgumentError unless [:local, :unselected].include? m
+      # raise "type 'local' not allowed when groups are configured" if
+      #  m == :local and not grps.empty?
+      m_str = m == :unselected ? '' : m.to_s
+      g_str = grps.join(' ')
+      t_str = AaaAuthorizationService.auth_type_sym_to_str(@type)
+      # config_set depends on whether we're setting groups or not
+      if g_str.empty?
+        config_set('aaa_authorization_service', 'method',
+                   '', t_str, @name)
+      else
+        config_set('aaa_authorization_service', 'groups',
+                   '', t_str, @name, g_str, m_str)
+      end
+    end
+    def self.auth_type_sym_to_str(sym)
+      sym.to_s.sub('_', '-')
+    end
+    def self.auth_type_str_to_sym(str)
+      str.sub('-', '_').to_sym
+    end
+  end
+end

data/lib/cisco_node_utils/ace.rb ADDED Viewed

@@ -0,0 +1,467 @@
+# Copyright (c) 2015-2018 Cisco and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require 'ipaddr'
+require_relative 'node_util'
+module Cisco
+  # Ace - node utility class for Ace Configuration
+  class Ace < NodeUtil
+    attr_reader :afi, :acl_name
+    def initialize(afi, acl_name, seqno)
+      @afi = Acl.afi_cli(afi)
+      @acl_name = acl_name.to_s
+      @seqno = seqno.to_s
+      set_args_keys_default
+    end
+    # Create a hash of all aces under a given acl_name.
+    def self.aces
+      afis = %w(ipv4 ipv6)
+      hash = {}
+      afis.each do |afi|
+        hash[afi] = {}
+        acls = config_get('acl', 'all_acls', afi: Acl.afi_cli(afi))
+        next if acls.nil?
+        acls.each do |acl_name|
+          hash[afi][acl_name] = {}
+          aces = config_get('acl', 'all_aces',
+                            afi: Acl.afi_cli(afi), acl_name: acl_name)
+          next if aces.nil?
+          aces.each do |seqno|
+            hash[afi][acl_name][seqno] = Ace.new(afi, acl_name, seqno)
+          end
+        end
+      end
+      hash
+    end
+    def destroy
+      set_args_keys(state: 'no')
+      config_set('acl', 'ace_destroy', @set_args)
+    end
+    def set_args_keys_default
+      keys = { afi: @afi, acl_name: @acl_name, seqno: @seqno }
+      @get_args = @set_args = keys
+    end
+    # rubocop:disable Style/AccessorMethodName
+    def set_args_keys(hash={})
+      set_args_keys_default
+      @set_args = @get_args.merge!(hash) unless hash.empty?
+    end
+    # common ace getter
+    def ace_get
+      str = config_get('acl', 'ace', @get_args)
+      return nil if str.nil?
+      remark = Regexp.new('(?<seqno>\d+) remark (?<remark>.*)').match(str)
+      return remark unless remark.nil?
+      # specialized icmp protocol handling
+      return icmp_ace_get(str) if str.include?('icmp')
+      # rubocop:disable Metrics/LineLength
+      regexp = Regexp.new('(?<seqno>\d+) (?<action>\S+)'\
+                 ' *(?<proto>\d+|\S+)'\
+                 ' *(?<src_addr>any|host \S+|[:\.0-9a-fA-F]+ [:\.0-9a-fA-F]+|[:\.0-9a-fA-F]+\/\d+|addrgroup \S+)'\
+                 ' *(?<src_port>range \S+ \S+|(lt|eq|gt|neq|portgroup) \S+)?'\
+                 ' *(?<dst_addr>any|host \S+|[:\.0-9a-fA-F]+ [:\.0-9a-fA-F]+|[:\.0-9a-fA-F]+\/\d+|addrgroup \S+)'\
+                 ' *(?<dst_port>range \S+ \S+|(lt|eq|gt|neq|portgroup) \S+)?'\
+                 ' *(?<tcp_flags>(ack *|fin *|urg *|syn *|psh *|rst *)*)?'\
+                 ' *(?<established>established)?'\
+                 ' *(?<precedence>precedence \S+)?'\
+                 ' *(?<dscp>dscp \S+)?'\
+                 ' *(?<time_range>time-range \S+)?'\
+                 ' *(?<packet_length>packet-length (range \d+ \d+|(lt|eq|gt|neq) \d+))?'\
+                 ' *(?<ttl>ttl \d+)?'\
+                 ' *(?<http_method>http-method (\d+|connect|delete|get|head|post|put|trace))?'\
+                 ' *(?<tcp_option_length>tcp-option-length \d+)?'\
+                 ' *(?<redirect>redirect \S+)?'\
+                 ' *(?<log>log)?')
+      # rubocop:enable Metrics/LineLength
+      regexp.match(str)
+    end
+    # icmp ace getter
+    def icmp_ace_get(str)
+      # rubocop:disable Metrics/LineLength
+      # fragments is nvgen at a different location than all other
+      # proto_option so get rid of it so as not to mess up other fields
+      str.sub!('fragments ', '')
+      regexp = Regexp.new('(?<seqno>\d+) (?<action>\S+)'\
+                 ' *(?<proto>\d+|\S+)'\
+                 ' *(?<src_addr>any|host \S+|[:\.0-9a-fA-F]+ [:\.0-9a-fA-F]+|[:\.0-9a-fA-F]+\/\d+|addrgroup \S+)'\
+                 ' *(?<dst_addr>any|host \S+|[:\.0-9a-fA-F]+ [:\.0-9a-fA-F]+|[:\.0-9a-fA-F]+\/\d+|addrgroup \S+)'\
+                 ' *(?<proto_option>\S+)?'\
+                 ' *(?<precedence>precedence \S+)?'\
+                 ' *(?<dscp>dscp \S+)?'\
+                 ' *(?<time_range>time-range \S+)?'\
+                 ' *(?<packet_length>packet-length (range \d+ \d+|(lt|eq|gt|neq) \d+))?'\
+                 ' *(?<ttl>ttl \d+)?'\
+                 ' *(?<vlan>vlan \d+)?'\
+                 ' *(?<set_erspan_gre_proto>set-erspan-gre-proto \d+)?'\
+                 ' *(?<set_erspan_dscp>set-erspan-dscp \d+)?'\
+                 ' *(?<redirect>redirect \S+)?')
+      regexp_no_proto_option = Regexp.new('(?<seqno>\d+) (?<action>\S+)'\
+                 ' *(?<proto>\d+|\S+)'\
+                 ' *(?<src_addr>any|host \S+|[:\.0-9a-fA-F]+ [:\.0-9a-fA-F]+|[:\.0-9a-fA-F]+\/\d+|addrgroup \S+)'\
+                 ' *(?<dst_addr>any|host \S+|[:\.0-9a-fA-F]+ [:\.0-9a-fA-F]+|[:\.0-9a-fA-F]+\/\d+|addrgroup \S+)'\
+                 ' *(?<precedence>precedence \S+)?'\
+                 ' *(?<dscp>dscp \S+)?'\
+                 ' *(?<time_range>time-range \S+)?'\
+                 ' *(?<packet_length>packet-length (range \d+ \d+|(lt|eq|gt|neq) \d+))?'\
+                 ' *(?<ttl>ttl \d+)?'\
+                 ' *(?<vlan>vlan \d+)?'\
+                 ' *(?<set_erspan_gre_proto>set-erspan-gre-proto \d+)?'\
+                 ' *(?<set_erspan_dscp>set-erspan-dscp \d+)?'\
+                 ' *(?<redirect>redirect \S+)?')
+      temp = regexp.match(str)
+      po = temp[:proto_option]
+      if po.nil?
+        return temp
+      # redirect can be proto_option or an actual redirect to interface
+      elsif po.strip.match(/redirect$/)
+        if str.match(/Ethernet|port-channel/)
+          # if proto_option is given as redirect and also redirect to intf
+          # we need to do extra processing
+          return temp if check_redirect_repeat(str)
+          return regexp_no_proto_option.match(str)
+        end
+      # the reserved keywords check
+      elsif po.strip.match(/precedence$|dscp$|time-range$|packet-length$|ttl$|vlan$|set-erspan-gre-proto$|set-erspan-dscp$|log$/)
+        return regexp_no_proto_option.match(str)
+      else
+        return temp
+      end
+      # rubocop:enable Metrics/LineLength
+    end
+    # common ace setter. Put the values you need in a hash and pass it in.
+    # attrs = {:action=>'permit', :proto=>'tcp', :src =>'host 1.1.1.1'}
+    def ace_set(attrs)
+      if attrs.empty?
+        attrs[:state] = 'no'
+      else
+        # remove existing ace first
+        destroy if seqno
+        attrs[:state] = ''
+      end
+      if attrs[:remark]
+        cmd = 'ace_remark'
+        set_args_keys(attrs)
+      else
+        cmd = 'ace'
+        set_args_keys_default
+        set_args_keys(attrs)
+        [:action,
+         :proto,
+         :src_addr,
+         :src_port,
+         :dst_addr,
+         :dst_port,
+         :tcp_flags,
+         :established,
+         :precedence,
+         :dscp,
+         :time_range,
+         :packet_length,
+         :ttl,
+         :http_method,
+         :tcp_option_length,
+         :redirect,
+         :log,
+         :proto_option,
+         :set_erspan_dscp,
+         :set_erspan_gre_proto,
+         :vlan,
+        ].each do |p|
+          attrs[p] = '' if attrs[p].nil?
+          send(p.to_s + '=', attrs[p])
+        end
+        @get_args = @set_args
+      end
+      config_set('acl', cmd, @set_args)
+    end
+    def valid_ipv6?(addr)
+      begin
+        ret = IPAddr.new(addr.split[0]).ipv6?
+      rescue
+        ret = false
+      end
+      ret
+    end
+    def check_redirect_repeat(str)
+      return false unless str.include?('redirect')
+      nstr = str.sub('redirect', '').strip
+      nstr.include?('redirect') ? true : false
+    end
+    # PROPERTIES
+    # ----------
+    def seqno
+      match = ace_get
+      return nil if match.nil?
+      match.names.include?('seqno') ? match[:seqno] : nil
+    end
+    def action
+      match = ace_get
+      return nil if match.nil?
+      match.names.include?('action') ? match[:action] : nil
+    end
+    def action=(action)
+      @set_args[:action] = action
+    end
+    def remark
+      match = ace_get
+      return nil if match.nil?
+      match.names.include?('remark') ? match[:remark] : nil
+    end
+    def remark=(remark)
+      @set_args[:remark] = remark
+    end
+    def proto
+      match = ace_get
+      return nil if match.nil?
+      match.names.include?('proto') ? match[:proto] : nil
+    end
+    def proto=(proto)
+      @set_args[:proto] = proto # TBD ip vs ipv4
+    end
+    def src_addr
+      match = ace_get
+      return nil if match.nil? || !match.names.include?('src_addr')
+      addr = match[:src_addr]
+      # Normalize addr. Some platforms zero_pad ipv6 addrs.
+      addr.gsub!(/^0*/, '').gsub!(/:0*/, ':') if valid_ipv6?(addr)
+      addr
+    end
+    def src_addr=(src_addr)
+      @set_args[:src_addr] = src_addr
+    end
+    def src_port
+      match = ace_get
+      return nil if match.nil?
+      match.names.include?('src_port') ? match[:src_port] : nil
+    end
+    def src_port=(src_port)
+      @set_args[:src_port] = src_port
+    end
+    def dst_addr
+      match = ace_get
+      return nil if match.nil? || !match.names.include?('dst_addr')
+      addr = match[:dst_addr]
+      # Normalize addr. Some platforms zero_pad ipv6 addrs.
+      addr.gsub!(/^0*/, '').gsub!(/:0*/, ':') if valid_ipv6?(addr)
+      addr
+    end
+    def dst_addr=(dst_addr)
+      @set_args[:dst_addr] = dst_addr
+    end
+    def dst_port
+      match = ace_get
+      return nil if match.nil?
+      match.names.include?('dst_port') ? match[:dst_port] : nil
+    end
+    def dst_port=(src_port)
+      @set_args[:dst_port] = src_port
+    end
+    def tcp_flags
+      match = ace_get
+      return nil if match.nil?
+      match.names.include?('tcp_flags') ? match[:tcp_flags].strip : nil
+    end
+    def tcp_flags=(tcp_flags)
+      @set_args[:tcp_flags] = tcp_flags.strip
+    end
+    def established
+      match = ace_get
+      return nil unless remark.nil?
+      return false if match.nil?
+      return false unless match.names.include?('established')
+      match[:established] == 'established' ? true : false
+    end
+    def established=(established)
+      @set_args[:established] = established.to_s == 'true' ? 'established' : ''
+    end
+    def precedence
+      Utils.extract_value(ace_get, 'precedence')
+    end
+    def precedence=(precedence)
+      @set_args[:precedence] = Utils.attach_prefix(precedence, :precedence)
+    end
+    def dscp
+      Utils.extract_value(ace_get, 'dscp')
+    end
+    def dscp=(dscp)
+      @set_args[:dscp] = Utils.attach_prefix(dscp, :dscp)
+    end
+    def vlan
+      Utils.extract_value(ace_get, 'vlan')
+    end
+    def vlan=(vlan)
+      @set_args[:vlan] = Utils.attach_prefix(vlan, :vlan)
+    end
+    def set_erspan_dscp
+      ret = Utils.extract_value(ace_get, 'set_erspan_dscp', 'set-erspan-dscp')
+      return ret if ret
+      # position of set_erspan_dscp is different in older release so check again
+      str = config_get('acl', 'ace', @get_args)
+      sstr = str.split
+      return sstr[sstr.index('set-erspan-dscp') + 1] if
+        sstr.include?('set-erspan-dscp')
+    end
+    def set_erspan_dscp=(set_erspan_dscp)
+      @set_args[:set_erspan_dscp] = Utils.attach_prefix(set_erspan_dscp,
+                                                        :set_erspan_dscp,
+                                                        'set-erspan-dscp')
+    end
+    def set_erspan_gre_proto
+      ret = Utils.extract_value(ace_get, 'set_erspan_gre_proto',
+                                'set-erspan-gre-proto')
+      return ret if ret
+      # position of set_erspan_gre_proto is different in older release
+      # so check again
+      str = config_get('acl', 'ace', @get_args)
+      sstr = str.split
+      return sstr[sstr.index('set-erspan-gre-proto') + 1] if
+        sstr.include?('set-erspan-gre-proto')
+    end
+    def set_erspan_gre_proto=(set_erspan_gre_proto)
+      @set_args[:set_erspan_gre_proto] =
+          Utils.attach_prefix(set_erspan_gre_proto,
+                              :set_erspan_gre_proto,
+                              'set-erspan-gre-proto')
+    end
+    def time_range
+      Utils.extract_value(ace_get, 'time_range', 'time-range')
+    end
+    def time_range=(time_range)
+      @set_args[:time_range] = Utils.attach_prefix(time_range,
+                                                   :time_range,
+                                                   'time-range')
+    end
+    def packet_length
+      Utils.extract_value(ace_get, 'packet_length', 'packet-length')
+    end
+    def packet_length=(packet_length)
+      @set_args[:packet_length] = Utils.attach_prefix(packet_length,
+                                                      :packet_length,
+                                                      'packet-length')
+    end
+    def ttl
+      Utils.extract_value(ace_get, 'ttl')
+    end
+    def ttl=(ttl)
+      @set_args[:ttl] = Utils.attach_prefix(ttl, :ttl)
+    end
+    def http_method
+      Utils.extract_value(ace_get, 'http_method', 'http-method')
+    end
+    def http_method=(http_method)
+      @set_args[:http_method] = Utils.attach_prefix(http_method,
+                                                    :http_method,
+                                                    'http-method')
+    end
+    def tcp_option_length
+      Utils.extract_value(ace_get, 'tcp_option_length', 'tcp-option-length')
+    end
+    def tcp_option_length=(tcp_option_length)
+      @set_args[:tcp_option_length] = Utils.attach_prefix(tcp_option_length,
+                                                          :tcp_option_length,
+                                                          'tcp-option-length')
+    end
+    def redirect
+      Utils.extract_value(ace_get, 'redirect')
+    end
+    def redirect=(redirect)
+      @set_args[:redirect] = Utils.attach_prefix(redirect, :redirect)
+    end
+    def proto_option
+      match = ace_get
+      return nil if match.nil? || proto != 'icmp' || !remark.nil?
+      # fragments is nvgen at a different location than all other
+      # proto_option
+      if config_get('acl', 'ace', @get_args).include?('fragments')
+        return 'fragments'
+      end
+      # log is special case
+      return nil if !match.names.include?('proto_option') ||
+                    match[:proto_option] == 'log'
+      match[:proto_option]
+    end
+    def proto_option=(proto_option)
+      @set_args[:proto_option] = proto_option
+    end
+    def log
+      return nil unless remark.nil?
+      config_get('acl', 'ace', @get_args).include?('log') ? true : false
+    end
+    def log=(log)
+      @set_args[:log] = log.to_s == 'true' ? 'log' : ''
+    end
+  end
+end