cisco_node_utils_mgx 2.1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +10 -0
- data/.rspec +2 -0
- data/.rubocop.yml +96 -0
- data/.travis.yml +17 -0
- data/CHANGELOG.md +676 -0
- data/CONTRIBUTING.md +43 -0
- data/Gemfile +10 -0
- data/LICENSE +201 -0
- data/README.md +246 -0
- data/Rakefile +44 -0
- data/SUPPORT.md +3 -0
- data/bin/.rubocop.yml +18 -0
- data/bin/check_metric_limits.rb +109 -0
- data/bin/git/hooks/commit-msg/enforce_style +89 -0
- data/bin/git/hooks/hook_lib +115 -0
- data/bin/git/hooks/hooks-wrapper +38 -0
- data/bin/git/hooks/post-flow-hotfix-start/update-version +24 -0
- data/bin/git/hooks/post-flow-release-finish/update-version +29 -0
- data/bin/git/hooks/post-flow-release-start/update-version +19 -0
- data/bin/git/hooks/post-merge/update-hooks +6 -0
- data/bin/git/hooks/post-rewrite/update-hooks +6 -0
- data/bin/git/hooks/pre-commit/check_unstaged_changes +18 -0
- data/bin/git/hooks/pre-commit/rubocop +25 -0
- data/bin/git/hooks/pre-commit/validate-diffs +45 -0
- data/bin/git/hooks/pre-commit/validate-yaml +18 -0
- data/bin/git/hooks/pre-push/check-changelog +24 -0
- data/bin/git/hooks/pre-push/rubocop +7 -0
- data/bin/git/update-hooks +123 -0
- data/bin/show_running_yang.rb +233 -0
- data/cisco_node_utils.gemspec +41 -0
- data/docs/README-develop-best-practices.md +521 -0
- data/docs/README-develop-node-utils-APIs.md +570 -0
- data/docs/README-maintainers.md +77 -0
- data/docs/README-test-execution.md +57 -0
- data/docs/README-utilities.md +14 -0
- data/docs/agent_files.png +0 -0
- data/docs/cisco_node_utils.yaml.example +36 -0
- data/docs/template-router.rb +123 -0
- data/docs/template-test_router.rb +104 -0
- data/ext/mkrf_conf.rb +63 -0
- data/lib/.rubocop.yml +18 -0
- data/lib/cisco_node_utils/aaa_authentication_login.rb +95 -0
- data/lib/cisco_node_utils/aaa_authentication_login_service.rb +138 -0
- data/lib/cisco_node_utils/aaa_authorization_service.rb +156 -0
- data/lib/cisco_node_utils/ace.rb +467 -0
- data/lib/cisco_node_utils/acl.rb +101 -0
- data/lib/cisco_node_utils/banner.rb +63 -0
- data/lib/cisco_node_utils/bfd_global.rb +305 -0
- data/lib/cisco_node_utils/bgp.rb +988 -0
- data/lib/cisco_node_utils/bgp_af.rb +545 -0
- data/lib/cisco_node_utils/bgp_af_aggr_addr.rb +207 -0
- data/lib/cisco_node_utils/bgp_neighbor.rb +527 -0
- data/lib/cisco_node_utils/bgp_neighbor_af.rb +780 -0
- data/lib/cisco_node_utils/bridge_domain.rb +178 -0
- data/lib/cisco_node_utils/bridge_domain_vni.rb +206 -0
- data/lib/cisco_node_utils/cisco_cmn_utils.rb +444 -0
- data/lib/cisco_node_utils/client/client.rb +238 -0
- data/lib/cisco_node_utils/client/grpc/client.rb +395 -0
- data/lib/cisco_node_utils/client/grpc/ems.proto +148 -0
- data/lib/cisco_node_utils/client/grpc/ems.rb +111 -0
- data/lib/cisco_node_utils/client/grpc/ems_services.rb +49 -0
- data/lib/cisco_node_utils/client/grpc.rb +33 -0
- data/lib/cisco_node_utils/client/nxapi/client.rb +368 -0
- data/lib/cisco_node_utils/client/nxapi.rb +31 -0
- data/lib/cisco_node_utils/client/utils.rb +180 -0
- data/lib/cisco_node_utils/client.rb +35 -0
- data/lib/cisco_node_utils/cmd_ref/README_YAML.md +590 -0
- data/lib/cisco_node_utils/cmd_ref/aaa_auth_login_service.yaml +25 -0
- data/lib/cisco_node_utils/cmd_ref/aaa_authentication_login.yaml +38 -0
- data/lib/cisco_node_utils/cmd_ref/aaa_authorization_service.yaml +40 -0
- data/lib/cisco_node_utils/cmd_ref/acl.yaml +48 -0
- data/lib/cisco_node_utils/cmd_ref/banner.yaml +11 -0
- data/lib/cisco_node_utils/cmd_ref/bfd_global.yaml +117 -0
- data/lib/cisco_node_utils/cmd_ref/bgp.yaml +383 -0
- data/lib/cisco_node_utils/cmd_ref/bgp_af.yaml +223 -0
- data/lib/cisco_node_utils/cmd_ref/bgp_af_aa.yaml +38 -0
- data/lib/cisco_node_utils/cmd_ref/bgp_neighbor.yaml +174 -0
- data/lib/cisco_node_utils/cmd_ref/bgp_neighbor_af.yaml +236 -0
- data/lib/cisco_node_utils/cmd_ref/bridge_domain.yaml +49 -0
- data/lib/cisco_node_utils/cmd_ref/bridge_domain_vni.yaml +33 -0
- data/lib/cisco_node_utils/cmd_ref/dhcp_relay_global.yaml +128 -0
- data/lib/cisco_node_utils/cmd_ref/dnsclient.yaml +55 -0
- data/lib/cisco_node_utils/cmd_ref/encapsulation.yaml +25 -0
- data/lib/cisco_node_utils/cmd_ref/evpn_multicast.yaml +12 -0
- data/lib/cisco_node_utils/cmd_ref/evpn_multisite.yaml +18 -0
- data/lib/cisco_node_utils/cmd_ref/evpn_stormcontrol.yaml +18 -0
- data/lib/cisco_node_utils/cmd_ref/evpn_vni.yaml +48 -0
- data/lib/cisco_node_utils/cmd_ref/fabricpath.yaml +183 -0
- data/lib/cisco_node_utils/cmd_ref/fabricpath_topology.yaml +40 -0
- data/lib/cisco_node_utils/cmd_ref/feature.yaml +126 -0
- data/lib/cisco_node_utils/cmd_ref/hostname.yaml +8 -0
- data/lib/cisco_node_utils/cmd_ref/hsrp_global.yaml +25 -0
- data/lib/cisco_node_utils/cmd_ref/images.yaml +8 -0
- data/lib/cisco_node_utils/cmd_ref/interface.yaml +781 -0
- data/lib/cisco_node_utils/cmd_ref/interface_channel_group.yaml +45 -0
- data/lib/cisco_node_utils/cmd_ref/interface_evpn_multisite.yaml +17 -0
- data/lib/cisco_node_utils/cmd_ref/interface_hsrp_group.yaml +120 -0
- data/lib/cisco_node_utils/cmd_ref/interface_ospf.yaml +112 -0
- data/lib/cisco_node_utils/cmd_ref/interface_portchannel.yaml +87 -0
- data/lib/cisco_node_utils/cmd_ref/interface_service_vni.yaml +42 -0
- data/lib/cisco_node_utils/cmd_ref/inventory.yaml +45 -0
- data/lib/cisco_node_utils/cmd_ref/ip_multicast.yaml +22 -0
- data/lib/cisco_node_utils/cmd_ref/itd_device_group.yaml +83 -0
- data/lib/cisco_node_utils/cmd_ref/itd_service.yaml +119 -0
- data/lib/cisco_node_utils/cmd_ref/memory.yaml +24 -0
- data/lib/cisco_node_utils/cmd_ref/ntp_auth_key.yaml +10 -0
- data/lib/cisco_node_utils/cmd_ref/ntp_config.yaml +27 -0
- data/lib/cisco_node_utils/cmd_ref/ntp_server.yaml +34 -0
- data/lib/cisco_node_utils/cmd_ref/object_group.yaml +32 -0
- data/lib/cisco_node_utils/cmd_ref/ospf.yaml +91 -0
- data/lib/cisco_node_utils/cmd_ref/ospf_area.yaml +91 -0
- data/lib/cisco_node_utils/cmd_ref/ospf_area_vlink.yaml +88 -0
- data/lib/cisco_node_utils/cmd_ref/overlay_global.yaml +37 -0
- data/lib/cisco_node_utils/cmd_ref/pim.yaml +43 -0
- data/lib/cisco_node_utils/cmd_ref/portchannel_global.yaml +86 -0
- data/lib/cisco_node_utils/cmd_ref/radius_global.yaml +37 -0
- data/lib/cisco_node_utils/cmd_ref/radius_server.yaml +100 -0
- data/lib/cisco_node_utils/cmd_ref/radius_server_group.yaml +19 -0
- data/lib/cisco_node_utils/cmd_ref/route_map.yaml +601 -0
- data/lib/cisco_node_utils/cmd_ref/show_system.yaml +9 -0
- data/lib/cisco_node_utils/cmd_ref/show_version.yaml +84 -0
- data/lib/cisco_node_utils/cmd_ref/snmp_community.yaml +81 -0
- data/lib/cisco_node_utils/cmd_ref/snmp_group.yaml +9 -0
- data/lib/cisco_node_utils/cmd_ref/snmp_notification_receiver.yaml +74 -0
- data/lib/cisco_node_utils/cmd_ref/snmp_server.yaml +91 -0
- data/lib/cisco_node_utils/cmd_ref/snmp_user.yaml +57 -0
- data/lib/cisco_node_utils/cmd_ref/snmpnotification.yaml +23 -0
- data/lib/cisco_node_utils/cmd_ref/span_session.yaml +65 -0
- data/lib/cisco_node_utils/cmd_ref/stp_global.yaml +235 -0
- data/lib/cisco_node_utils/cmd_ref/syslog_facility.yaml +10 -0
- data/lib/cisco_node_utils/cmd_ref/syslog_server.yaml +34 -0
- data/lib/cisco_node_utils/cmd_ref/syslog_settings.yaml +45 -0
- data/lib/cisco_node_utils/cmd_ref/system.yaml +7 -0
- data/lib/cisco_node_utils/cmd_ref/tacacs_global.yaml +37 -0
- data/lib/cisco_node_utils/cmd_ref/tacacs_server.yaml +63 -0
- data/lib/cisco_node_utils/cmd_ref/tacacs_server_group.yaml +45 -0
- data/lib/cisco_node_utils/cmd_ref/tacacs_server_host.yaml +64 -0
- data/lib/cisco_node_utils/cmd_ref/upgrade.yaml +38 -0
- data/lib/cisco_node_utils/cmd_ref/vdc.yaml +52 -0
- data/lib/cisco_node_utils/cmd_ref/virtual_service.yaml +8 -0
- data/lib/cisco_node_utils/cmd_ref/vlan.yaml +106 -0
- data/lib/cisco_node_utils/cmd_ref/vpc.yaml +233 -0
- data/lib/cisco_node_utils/cmd_ref/vrf.yaml +86 -0
- data/lib/cisco_node_utils/cmd_ref/vrf_af.yaml +139 -0
- data/lib/cisco_node_utils/cmd_ref/vtp.yaml +32 -0
- data/lib/cisco_node_utils/cmd_ref/vxlan_vtep.yaml +114 -0
- data/lib/cisco_node_utils/cmd_ref/vxlan_vtep_vni.yaml +71 -0
- data/lib/cisco_node_utils/cmd_ref/yang.yaml +7 -0
- data/lib/cisco_node_utils/cmd_ref/yum.yaml +68 -0
- data/lib/cisco_node_utils/command_reference.rb +724 -0
- data/lib/cisco_node_utils/configparser_lib.rb +195 -0
- data/lib/cisco_node_utils/constants.rb +40 -0
- data/lib/cisco_node_utils/dhcp_relay_global.rb +302 -0
- data/lib/cisco_node_utils/dns_domain.rb +93 -0
- data/lib/cisco_node_utils/domain_name.rb +82 -0
- data/lib/cisco_node_utils/encapsulation.rb +112 -0
- data/lib/cisco_node_utils/environment.rb +110 -0
- data/lib/cisco_node_utils/evpn_multicast.rb +66 -0
- data/lib/cisco_node_utils/evpn_multisite.rb +96 -0
- data/lib/cisco_node_utils/evpn_stormcontrol.rb +84 -0
- data/lib/cisco_node_utils/evpn_vni.rb +159 -0
- data/lib/cisco_node_utils/exceptions.rb +140 -0
- data/lib/cisco_node_utils/fabricpath_global.rb +405 -0
- data/lib/cisco_node_utils/fabricpath_topology.rb +137 -0
- data/lib/cisco_node_utils/feature.rb +377 -0
- data/lib/cisco_node_utils/hostname.rb +62 -0
- data/lib/cisco_node_utils/hsrp_global.rb +97 -0
- data/lib/cisco_node_utils/interface.rb +2128 -0
- data/lib/cisco_node_utils/interface_channel_group.rb +142 -0
- data/lib/cisco_node_utils/interface_evpn_multisite.rb +72 -0
- data/lib/cisco_node_utils/interface_hsrp_group.rb +557 -0
- data/lib/cisco_node_utils/interface_ospf.rb +378 -0
- data/lib/cisco_node_utils/interface_portchannel.rb +180 -0
- data/lib/cisco_node_utils/interface_service_vni.rb +132 -0
- data/lib/cisco_node_utils/ip_multicast.rb +90 -0
- data/lib/cisco_node_utils/itd_device_group.rb +228 -0
- data/lib/cisco_node_utils/itd_device_group_node.rb +144 -0
- data/lib/cisco_node_utils/itd_service.rb +511 -0
- data/lib/cisco_node_utils/logger.rb +78 -0
- data/lib/cisco_node_utils/name_server.rb +64 -0
- data/lib/cisco_node_utils/node.rb +443 -0
- data/lib/cisco_node_utils/node_util.rb +111 -0
- data/lib/cisco_node_utils/ntp_auth_key.rb +67 -0
- data/lib/cisco_node_utils/ntp_config.rb +83 -0
- data/lib/cisco_node_utils/ntp_server.rb +86 -0
- data/lib/cisco_node_utils/object_group.rb +75 -0
- data/lib/cisco_node_utils/object_group_entry.rb +143 -0
- data/lib/cisco_node_utils/overlay_global.rb +142 -0
- data/lib/cisco_node_utils/pim.rb +131 -0
- data/lib/cisco_node_utils/pim_group_list.rb +109 -0
- data/lib/cisco_node_utils/pim_rp_address.rb +103 -0
- data/lib/cisco_node_utils/platform.rb +217 -0
- data/lib/cisco_node_utils/portchannel_global.rb +347 -0
- data/lib/cisco_node_utils/radius_global.rb +165 -0
- data/lib/cisco_node_utils/radius_server.rb +421 -0
- data/lib/cisco_node_utils/radius_server_group.rb +117 -0
- data/lib/cisco_node_utils/route_map.rb +2540 -0
- data/lib/cisco_node_utils/router_ospf.rb +77 -0
- data/lib/cisco_node_utils/router_ospf_area.rb +416 -0
- data/lib/cisco_node_utils/router_ospf_area_vlink.rb +313 -0
- data/lib/cisco_node_utils/router_ospf_vrf.rb +342 -0
- data/lib/cisco_node_utils/snmp_notification_receiver.rb +176 -0
- data/lib/cisco_node_utils/snmpcommunity.rb +109 -0
- data/lib/cisco_node_utils/snmpgroup.rb +54 -0
- data/lib/cisco_node_utils/snmpnotification.rb +57 -0
- data/lib/cisco_node_utils/snmpserver.rb +132 -0
- data/lib/cisco_node_utils/snmpuser.rb +403 -0
- data/lib/cisco_node_utils/span_session.rb +149 -0
- data/lib/cisco_node_utils/stp_global.rb +676 -0
- data/lib/cisco_node_utils/syslog_facility.rb +64 -0
- data/lib/cisco_node_utils/syslog_server.rb +146 -0
- data/lib/cisco_node_utils/syslog_settings.rb +174 -0
- data/lib/cisco_node_utils/tacacs_global.rb +137 -0
- data/lib/cisco_node_utils/tacacs_server.rb +173 -0
- data/lib/cisco_node_utils/tacacs_server_group.rb +149 -0
- data/lib/cisco_node_utils/tacacs_server_host.rb +216 -0
- data/lib/cisco_node_utils/upgrade.rb +122 -0
- data/lib/cisco_node_utils/vdc.rb +118 -0
- data/lib/cisco_node_utils/version.rb +21 -0
- data/lib/cisco_node_utils/vlan.rb +301 -0
- data/lib/cisco_node_utils/vpc.rb +466 -0
- data/lib/cisco_node_utils/vrf.rb +192 -0
- data/lib/cisco_node_utils/vrf_af.rb +327 -0
- data/lib/cisco_node_utils/vtp.rb +125 -0
- data/lib/cisco_node_utils/vxlan_vtep.rb +286 -0
- data/lib/cisco_node_utils/vxlan_vtep_vni.rb +331 -0
- data/lib/cisco_node_utils/yang.rb +160 -0
- data/lib/cisco_node_utils/yum.rb +213 -0
- data/lib/cisco_node_utils.rb +21 -0
- data/lib/minitest/environment_plugin.rb +31 -0
- data/lib/minitest/log_level_plugin.rb +41 -0
- data/spec/client_spec.rb +7 -0
- data/spec/environment_spec.rb +384 -0
- data/spec/grpc_client_spec.rb +23 -0
- data/spec/isolate/all_clients_spec.rb +9 -0
- data/spec/isolate/grpc_only_spec.rb +16 -0
- data/spec/isolate/no_clients_spec.rb +26 -0
- data/spec/isolate/nxapi_only_spec.rb +16 -0
- data/spec/nxapi_client_spec.rb +42 -0
- data/spec/schema.yaml +82 -0
- data/spec/shared_examples_for_clients.rb +14 -0
- data/spec/spec_helper.rb +91 -0
- data/spec/whitespace_spec.rb +10 -0
- data/spec/yaml_spec.rb +42 -0
- data/tests/.rubocop.yml +18 -0
- data/tests/CSCuxdublin-1.0.0-7.0.3.I3.1.lib32_n9000.rpm +0 -0
- data/tests/basetest.rb +243 -0
- data/tests/ciscotest.rb +577 -0
- data/tests/cmd_config.yaml +75 -0
- data/tests/cmd_config_invalid.yaml +16 -0
- data/tests/n9000_sample-1.0.0-7.0.3.x86_64.rpm +0 -0
- data/tests/noop.rb +7 -0
- data/tests/platform_info.rb +63 -0
- data/tests/tacacs_server.yaml.example +6 -0
- data/tests/test_aaa_authentication_login.rb +243 -0
- data/tests/test_aaa_authentication_login_service.rb +761 -0
- data/tests/test_aaa_authorization_service.rb +874 -0
- data/tests/test_ace.rb +304 -0
- data/tests/test_acl.rb +185 -0
- data/tests/test_banner.rb +85 -0
- data/tests/test_bfd_global.rb +272 -0
- data/tests/test_bgp_af.rb +875 -0
- data/tests/test_bgp_af_aa.rb +108 -0
- data/tests/test_bgp_neighbor.rb +596 -0
- data/tests/test_bgp_neighbor_af.rb +781 -0
- data/tests/test_bridge_domain.rb +198 -0
- data/tests/test_bridge_domain_vni.rb +109 -0
- data/tests/test_client_utils.rb +111 -0
- data/tests/test_cmn_utils.rb +76 -0
- data/tests/test_command_config.rb +206 -0
- data/tests/test_command_reference.rb +669 -0
- data/tests/test_dhcp_relay_global.rb +286 -0
- data/tests/test_dns_domain.rb +123 -0
- data/tests/test_domain_name.rb +96 -0
- data/tests/test_encapsulation.rb +75 -0
- data/tests/test_evpn_multicast.rb +65 -0
- data/tests/test_evpn_multisite.rb +70 -0
- data/tests/test_evpn_stormcontrol.rb +56 -0
- data/tests/test_evpn_vni.rb +131 -0
- data/tests/test_fabricpath_global.rb +246 -0
- data/tests/test_fabricpath_topology.rb +77 -0
- data/tests/test_feature.rb +272 -0
- data/tests/test_grpc.rb +166 -0
- data/tests/test_hostname.rb +64 -0
- data/tests/test_hsrp_global.rb +79 -0
- data/tests/test_interface.rb +1958 -0
- data/tests/test_interface_bdi.rb +80 -0
- data/tests/test_interface_channel_group.rb +131 -0
- data/tests/test_interface_evpn_multisite.rb +94 -0
- data/tests/test_interface_hsrp.rb +134 -0
- data/tests/test_interface_hsrp_group.rb +570 -0
- data/tests/test_interface_ospf.rb +820 -0
- data/tests/test_interface_portchannel.rb +135 -0
- data/tests/test_interface_private_vlan.rb +365 -0
- data/tests/test_interface_service_vni.rb +203 -0
- data/tests/test_interface_svi.rb +210 -0
- data/tests/test_interface_switchport.rb +468 -0
- data/tests/test_ip_multicast.rb +80 -0
- data/tests/test_itd_device_group.rb +145 -0
- data/tests/test_itd_device_group_node.rb +199 -0
- data/tests/test_itd_service.rb +314 -0
- data/tests/test_logger.rb +43 -0
- data/tests/test_name_server.rb +94 -0
- data/tests/test_node.rb +50 -0
- data/tests/test_node_ext.rb +406 -0
- data/tests/test_node_util.rb +119 -0
- data/tests/test_ntp_auth_key.rb +77 -0
- data/tests/test_ntp_config.rb +100 -0
- data/tests/test_ntp_server.rb +146 -0
- data/tests/test_nxapi.rb +236 -0
- data/tests/test_object_group.rb +122 -0
- data/tests/test_overlay_global.rb +108 -0
- data/tests/test_pim.rb +203 -0
- data/tests/test_pim_group_list.rb +147 -0
- data/tests/test_pim_rp_address.rb +155 -0
- data/tests/test_platform.rb +254 -0
- data/tests/test_portchannel_global.rb +322 -0
- data/tests/test_radius_global.rb +108 -0
- data/tests/test_radius_server.rb +377 -0
- data/tests/test_radius_server_group.rb +151 -0
- data/tests/test_route_map.rb +1479 -0
- data/tests/test_router_bgp.rb +1325 -0
- data/tests/test_router_ospf.rb +56 -0
- data/tests/test_router_ospf_area.rb +433 -0
- data/tests/test_router_ospf_area_vlink.rb +298 -0
- data/tests/test_router_ospf_vrf.rb +690 -0
- data/tests/test_snmp_notification_receiver.rb +169 -0
- data/tests/test_snmpcommunity.rb +422 -0
- data/tests/test_snmpgroup.rb +71 -0
- data/tests/test_snmpnotification.rb +91 -0
- data/tests/test_snmpserver.rb +251 -0
- data/tests/test_snmpuser.rb +666 -0
- data/tests/test_span_session.rb +155 -0
- data/tests/test_stp_global.rb +575 -0
- data/tests/test_syslog_facility.rb +80 -0
- data/tests/test_syslog_server.rb +119 -0
- data/tests/test_syslog_settings.rb +123 -0
- data/tests/test_tacacs_global.rb +109 -0
- data/tests/test_tacacs_server.rb +436 -0
- data/tests/test_tacacs_server_group.rb +434 -0
- data/tests/test_tacacs_server_host.rb +427 -0
- data/tests/test_upgrade.rb +105 -0
- data/tests/test_vdc.rb +64 -0
- data/tests/test_vlan.rb +386 -0
- data/tests/test_vlan_private.rb +656 -0
- data/tests/test_vpc.rb +548 -0
- data/tests/test_vrf.rb +248 -0
- data/tests/test_vrf_af.rb +288 -0
- data/tests/test_vtp.rb +278 -0
- data/tests/test_vxlan_vtep.rb +327 -0
- data/tests/test_vxlan_vtep_vni.rb +326 -0
- data/tests/test_yang.rb +369 -0
- data/tests/test_yum.rb +109 -0
- data/tests/upgrade_info.yaml.example +3 -0
- data/tests/yum_package.yaml +94 -0
- metadata +534 -0
@@ -0,0 +1,156 @@
|
|
1
|
+
# NXAPI implementation of AaaAuthorizationService class
|
2
|
+
#
|
3
|
+
# May 2015, Alex Hunsberger
|
4
|
+
#
|
5
|
+
# Copyright (c) 2015-2016 Cisco and/or its affiliates.
|
6
|
+
#
|
7
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
+
# you may not use this file except in compliance with the License.
|
9
|
+
# You may obtain a copy of the License at
|
10
|
+
#
|
11
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
+
#
|
13
|
+
# Unless required by applicable law or agreed to in writing, software
|
14
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
+
# See the License for the specific language governing permissions and
|
17
|
+
# limitations under the License.
|
18
|
+
|
19
|
+
require_relative 'node_util'
|
20
|
+
|
21
|
+
module Cisco
|
22
|
+
# AaaAuthorizationService - node util class for aaa authorization management
|
23
|
+
class AaaAuthorizationService < NodeUtil
|
24
|
+
attr_reader :name, :type
|
25
|
+
|
26
|
+
def initialize(type, name, create=true)
|
27
|
+
fail TypeError unless name.is_a? String
|
28
|
+
fail TypeError unless type.is_a? Symbol
|
29
|
+
# only console and default are supported currently
|
30
|
+
fail ArgumentError unless %w(console default).include? name
|
31
|
+
fail ArgumentError unless
|
32
|
+
%i(commands config_commands ssh_certificate ssh_publickey).include? type
|
33
|
+
@name = name
|
34
|
+
@type = type
|
35
|
+
type_str = AaaAuthorizationService.auth_type_sym_to_str(type)
|
36
|
+
|
37
|
+
return unless create
|
38
|
+
|
39
|
+
config_set('aaa_authorization_service', 'method', '', type_str, name)
|
40
|
+
end
|
41
|
+
|
42
|
+
def self.remove_local_auth
|
43
|
+
config_get('aaa_authorization_service', 'remove_local_auth')
|
44
|
+
end
|
45
|
+
|
46
|
+
def self.services
|
47
|
+
servs = {}
|
48
|
+
servs_arr = config_get('aaa_authorization_service', 'services')
|
49
|
+
unless servs_arr.nil?
|
50
|
+
servs_arr.each do |type, name|
|
51
|
+
type = auth_type_str_to_sym(type)
|
52
|
+
servs[type] ||= {}
|
53
|
+
servs[type][name] = AaaAuthorizationService.new(type, name, false)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
servs
|
57
|
+
end
|
58
|
+
|
59
|
+
def destroy
|
60
|
+
# must specify exact current config string to unconfigure
|
61
|
+
m = method
|
62
|
+
m_str = m == :unselected ? '' : m.to_s
|
63
|
+
g_str = groups.join(' ')
|
64
|
+
t_str = AaaAuthorizationService.auth_type_sym_to_str(@type)
|
65
|
+
|
66
|
+
if g_str.empty?
|
67
|
+
# cannot remove no groups + local, so do nothing in this case
|
68
|
+
unless m == :local
|
69
|
+
config_set('aaa_authorization_service', 'method',
|
70
|
+
'no', t_str, @name)
|
71
|
+
end
|
72
|
+
else
|
73
|
+
# Removal of auth method local is not supported on all platforms.
|
74
|
+
m_str = AaaAuthorizationService.remove_local_auth ? m_str : ''
|
75
|
+
config_set('aaa_authorization_service', 'groups',
|
76
|
+
'no', t_str, @name, g_str, m_str)
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
# groups aren't retrieved via the usual CLI regex memory type because
|
81
|
+
# there can be an arbitrary number of groups and specifying a repeating
|
82
|
+
# memory regex only captures the last match
|
83
|
+
# ex: aaa authorization console group group1 group2 group3 local
|
84
|
+
def groups
|
85
|
+
# config_get returns the following format:
|
86
|
+
# [{"appl_subtype": "console",
|
87
|
+
# "cmd_type": "config-commands",
|
88
|
+
# "methods": "group foo bar local "}], ...
|
89
|
+
hsh_arr = config_get('aaa_authorization_service', 'groups')
|
90
|
+
fail 'unable to retrieve aaa groups information' if hsh_arr.empty?
|
91
|
+
type_s = AaaAuthorizationService.auth_type_sym_to_str(@type)
|
92
|
+
hsh = hsh_arr.find do |x|
|
93
|
+
x['appl_subtype'] == @name && x['cmd_type'] == type_s
|
94
|
+
end
|
95
|
+
fail "no aaa info for #{@type},#{@name}" if hsh.nil?
|
96
|
+
fail "no aaa info for #{@type},#{@name}. api/feature change?" unless
|
97
|
+
hsh.key? 'methods'
|
98
|
+
# ex: ["group", "group1", "local"]
|
99
|
+
grps = hsh['methods'].strip.split
|
100
|
+
# return [] if grps.size == 1
|
101
|
+
# remove local, group keywords
|
102
|
+
grps -= %w(local group)
|
103
|
+
grps
|
104
|
+
end
|
105
|
+
|
106
|
+
# default is []
|
107
|
+
def default_groups
|
108
|
+
config_get_default('aaa_authorization_service', 'groups')
|
109
|
+
end
|
110
|
+
|
111
|
+
def method
|
112
|
+
t_str = AaaAuthorizationService.auth_type_sym_to_str(@type)
|
113
|
+
m = config_get('aaa_authorization_service', 'method', @name, t_str)
|
114
|
+
m.nil? ? :unselected : m.to_sym
|
115
|
+
end
|
116
|
+
|
117
|
+
# default is :local
|
118
|
+
def default_method
|
119
|
+
config_get_default('aaa_authorization_service', 'method')
|
120
|
+
end
|
121
|
+
|
122
|
+
# groups and method must be set in the same CLI string
|
123
|
+
# aaa authorization login <type> <name> /
|
124
|
+
# local | group <group1 [group2, ...]> [local]
|
125
|
+
def groups_method_set(grps, m)
|
126
|
+
grps = Array(grps) unless grps.is_a? Array
|
127
|
+
fail TypeError unless grps.all? { |x| x.is_a? String }
|
128
|
+
fail TypeError unless m.is_a? Symbol
|
129
|
+
# only the following are supported (unselected = blank)
|
130
|
+
fail ArgumentError unless [:local, :unselected].include? m
|
131
|
+
|
132
|
+
# raise "type 'local' not allowed when groups are configured" if
|
133
|
+
# m == :local and not grps.empty?
|
134
|
+
m_str = m == :unselected ? '' : m.to_s
|
135
|
+
g_str = grps.join(' ')
|
136
|
+
t_str = AaaAuthorizationService.auth_type_sym_to_str(@type)
|
137
|
+
|
138
|
+
# config_set depends on whether we're setting groups or not
|
139
|
+
if g_str.empty?
|
140
|
+
config_set('aaa_authorization_service', 'method',
|
141
|
+
'', t_str, @name)
|
142
|
+
else
|
143
|
+
config_set('aaa_authorization_service', 'groups',
|
144
|
+
'', t_str, @name, g_str, m_str)
|
145
|
+
end
|
146
|
+
end
|
147
|
+
|
148
|
+
def self.auth_type_sym_to_str(sym)
|
149
|
+
sym.to_s.sub('_', '-')
|
150
|
+
end
|
151
|
+
|
152
|
+
def self.auth_type_str_to_sym(str)
|
153
|
+
str.sub('-', '_').to_sym
|
154
|
+
end
|
155
|
+
end
|
156
|
+
end
|
@@ -0,0 +1,467 @@
|
|
1
|
+
# Copyright (c) 2015-2018 Cisco and/or its affiliates.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'ipaddr'
|
16
|
+
require_relative 'node_util'
|
17
|
+
|
18
|
+
module Cisco
|
19
|
+
# Ace - node utility class for Ace Configuration
|
20
|
+
class Ace < NodeUtil
|
21
|
+
attr_reader :afi, :acl_name
|
22
|
+
|
23
|
+
def initialize(afi, acl_name, seqno)
|
24
|
+
@afi = Acl.afi_cli(afi)
|
25
|
+
@acl_name = acl_name.to_s
|
26
|
+
@seqno = seqno.to_s
|
27
|
+
set_args_keys_default
|
28
|
+
end
|
29
|
+
|
30
|
+
# Create a hash of all aces under a given acl_name.
|
31
|
+
def self.aces
|
32
|
+
afis = %w(ipv4 ipv6)
|
33
|
+
hash = {}
|
34
|
+
afis.each do |afi|
|
35
|
+
hash[afi] = {}
|
36
|
+
acls = config_get('acl', 'all_acls', afi: Acl.afi_cli(afi))
|
37
|
+
next if acls.nil?
|
38
|
+
|
39
|
+
acls.each do |acl_name|
|
40
|
+
hash[afi][acl_name] = {}
|
41
|
+
aces = config_get('acl', 'all_aces',
|
42
|
+
afi: Acl.afi_cli(afi), acl_name: acl_name)
|
43
|
+
next if aces.nil?
|
44
|
+
|
45
|
+
aces.each do |seqno|
|
46
|
+
hash[afi][acl_name][seqno] = Ace.new(afi, acl_name, seqno)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
hash
|
51
|
+
end
|
52
|
+
|
53
|
+
def destroy
|
54
|
+
set_args_keys(state: 'no')
|
55
|
+
config_set('acl', 'ace_destroy', @set_args)
|
56
|
+
end
|
57
|
+
|
58
|
+
def set_args_keys_default
|
59
|
+
keys = { afi: @afi, acl_name: @acl_name, seqno: @seqno }
|
60
|
+
@get_args = @set_args = keys
|
61
|
+
end
|
62
|
+
|
63
|
+
# rubocop:disable Style/AccessorMethodName
|
64
|
+
def set_args_keys(hash={})
|
65
|
+
set_args_keys_default
|
66
|
+
@set_args = @get_args.merge!(hash) unless hash.empty?
|
67
|
+
end
|
68
|
+
|
69
|
+
# common ace getter
|
70
|
+
def ace_get
|
71
|
+
str = config_get('acl', 'ace', @get_args)
|
72
|
+
return nil if str.nil?
|
73
|
+
|
74
|
+
remark = Regexp.new('(?<seqno>\d+) remark (?<remark>.*)').match(str)
|
75
|
+
return remark unless remark.nil?
|
76
|
+
|
77
|
+
# specialized icmp protocol handling
|
78
|
+
return icmp_ace_get(str) if str.include?('icmp')
|
79
|
+
|
80
|
+
# rubocop:disable Metrics/LineLength
|
81
|
+
regexp = Regexp.new('(?<seqno>\d+) (?<action>\S+)'\
|
82
|
+
' *(?<proto>\d+|\S+)'\
|
83
|
+
' *(?<src_addr>any|host \S+|[:\.0-9a-fA-F]+ [:\.0-9a-fA-F]+|[:\.0-9a-fA-F]+\/\d+|addrgroup \S+)'\
|
84
|
+
' *(?<src_port>range \S+ \S+|(lt|eq|gt|neq|portgroup) \S+)?'\
|
85
|
+
' *(?<dst_addr>any|host \S+|[:\.0-9a-fA-F]+ [:\.0-9a-fA-F]+|[:\.0-9a-fA-F]+\/\d+|addrgroup \S+)'\
|
86
|
+
' *(?<dst_port>range \S+ \S+|(lt|eq|gt|neq|portgroup) \S+)?'\
|
87
|
+
' *(?<tcp_flags>(ack *|fin *|urg *|syn *|psh *|rst *)*)?'\
|
88
|
+
' *(?<established>established)?'\
|
89
|
+
' *(?<precedence>precedence \S+)?'\
|
90
|
+
' *(?<dscp>dscp \S+)?'\
|
91
|
+
' *(?<time_range>time-range \S+)?'\
|
92
|
+
' *(?<packet_length>packet-length (range \d+ \d+|(lt|eq|gt|neq) \d+))?'\
|
93
|
+
' *(?<ttl>ttl \d+)?'\
|
94
|
+
' *(?<http_method>http-method (\d+|connect|delete|get|head|post|put|trace))?'\
|
95
|
+
' *(?<tcp_option_length>tcp-option-length \d+)?'\
|
96
|
+
' *(?<redirect>redirect \S+)?'\
|
97
|
+
' *(?<log>log)?')
|
98
|
+
# rubocop:enable Metrics/LineLength
|
99
|
+
regexp.match(str)
|
100
|
+
end
|
101
|
+
|
102
|
+
# icmp ace getter
|
103
|
+
def icmp_ace_get(str)
|
104
|
+
# rubocop:disable Metrics/LineLength
|
105
|
+
# fragments is nvgen at a different location than all other
|
106
|
+
# proto_option so get rid of it so as not to mess up other fields
|
107
|
+
str.sub!('fragments ', '')
|
108
|
+
regexp = Regexp.new('(?<seqno>\d+) (?<action>\S+)'\
|
109
|
+
' *(?<proto>\d+|\S+)'\
|
110
|
+
' *(?<src_addr>any|host \S+|[:\.0-9a-fA-F]+ [:\.0-9a-fA-F]+|[:\.0-9a-fA-F]+\/\d+|addrgroup \S+)'\
|
111
|
+
' *(?<dst_addr>any|host \S+|[:\.0-9a-fA-F]+ [:\.0-9a-fA-F]+|[:\.0-9a-fA-F]+\/\d+|addrgroup \S+)'\
|
112
|
+
' *(?<proto_option>\S+)?'\
|
113
|
+
' *(?<precedence>precedence \S+)?'\
|
114
|
+
' *(?<dscp>dscp \S+)?'\
|
115
|
+
' *(?<time_range>time-range \S+)?'\
|
116
|
+
' *(?<packet_length>packet-length (range \d+ \d+|(lt|eq|gt|neq) \d+))?'\
|
117
|
+
' *(?<ttl>ttl \d+)?'\
|
118
|
+
' *(?<vlan>vlan \d+)?'\
|
119
|
+
' *(?<set_erspan_gre_proto>set-erspan-gre-proto \d+)?'\
|
120
|
+
' *(?<set_erspan_dscp>set-erspan-dscp \d+)?'\
|
121
|
+
' *(?<redirect>redirect \S+)?')
|
122
|
+
regexp_no_proto_option = Regexp.new('(?<seqno>\d+) (?<action>\S+)'\
|
123
|
+
' *(?<proto>\d+|\S+)'\
|
124
|
+
' *(?<src_addr>any|host \S+|[:\.0-9a-fA-F]+ [:\.0-9a-fA-F]+|[:\.0-9a-fA-F]+\/\d+|addrgroup \S+)'\
|
125
|
+
' *(?<dst_addr>any|host \S+|[:\.0-9a-fA-F]+ [:\.0-9a-fA-F]+|[:\.0-9a-fA-F]+\/\d+|addrgroup \S+)'\
|
126
|
+
' *(?<precedence>precedence \S+)?'\
|
127
|
+
' *(?<dscp>dscp \S+)?'\
|
128
|
+
' *(?<time_range>time-range \S+)?'\
|
129
|
+
' *(?<packet_length>packet-length (range \d+ \d+|(lt|eq|gt|neq) \d+))?'\
|
130
|
+
' *(?<ttl>ttl \d+)?'\
|
131
|
+
' *(?<vlan>vlan \d+)?'\
|
132
|
+
' *(?<set_erspan_gre_proto>set-erspan-gre-proto \d+)?'\
|
133
|
+
' *(?<set_erspan_dscp>set-erspan-dscp \d+)?'\
|
134
|
+
' *(?<redirect>redirect \S+)?')
|
135
|
+
temp = regexp.match(str)
|
136
|
+
po = temp[:proto_option]
|
137
|
+
if po.nil?
|
138
|
+
return temp
|
139
|
+
# redirect can be proto_option or an actual redirect to interface
|
140
|
+
elsif po.strip.match(/redirect$/)
|
141
|
+
if str.match(/Ethernet|port-channel/)
|
142
|
+
# if proto_option is given as redirect and also redirect to intf
|
143
|
+
# we need to do extra processing
|
144
|
+
return temp if check_redirect_repeat(str)
|
145
|
+
return regexp_no_proto_option.match(str)
|
146
|
+
end
|
147
|
+
# the reserved keywords check
|
148
|
+
elsif po.strip.match(/precedence$|dscp$|time-range$|packet-length$|ttl$|vlan$|set-erspan-gre-proto$|set-erspan-dscp$|log$/)
|
149
|
+
return regexp_no_proto_option.match(str)
|
150
|
+
else
|
151
|
+
return temp
|
152
|
+
end
|
153
|
+
# rubocop:enable Metrics/LineLength
|
154
|
+
end
|
155
|
+
|
156
|
+
# common ace setter. Put the values you need in a hash and pass it in.
|
157
|
+
# attrs = {:action=>'permit', :proto=>'tcp', :src =>'host 1.1.1.1'}
|
158
|
+
def ace_set(attrs)
|
159
|
+
if attrs.empty?
|
160
|
+
attrs[:state] = 'no'
|
161
|
+
else
|
162
|
+
# remove existing ace first
|
163
|
+
destroy if seqno
|
164
|
+
attrs[:state] = ''
|
165
|
+
end
|
166
|
+
|
167
|
+
if attrs[:remark]
|
168
|
+
cmd = 'ace_remark'
|
169
|
+
set_args_keys(attrs)
|
170
|
+
else
|
171
|
+
cmd = 'ace'
|
172
|
+
set_args_keys_default
|
173
|
+
set_args_keys(attrs)
|
174
|
+
[:action,
|
175
|
+
:proto,
|
176
|
+
:src_addr,
|
177
|
+
:src_port,
|
178
|
+
:dst_addr,
|
179
|
+
:dst_port,
|
180
|
+
:tcp_flags,
|
181
|
+
:established,
|
182
|
+
:precedence,
|
183
|
+
:dscp,
|
184
|
+
:time_range,
|
185
|
+
:packet_length,
|
186
|
+
:ttl,
|
187
|
+
:http_method,
|
188
|
+
:tcp_option_length,
|
189
|
+
:redirect,
|
190
|
+
:log,
|
191
|
+
:proto_option,
|
192
|
+
:set_erspan_dscp,
|
193
|
+
:set_erspan_gre_proto,
|
194
|
+
:vlan,
|
195
|
+
].each do |p|
|
196
|
+
attrs[p] = '' if attrs[p].nil?
|
197
|
+
send(p.to_s + '=', attrs[p])
|
198
|
+
end
|
199
|
+
@get_args = @set_args
|
200
|
+
end
|
201
|
+
config_set('acl', cmd, @set_args)
|
202
|
+
end
|
203
|
+
|
204
|
+
def valid_ipv6?(addr)
|
205
|
+
begin
|
206
|
+
ret = IPAddr.new(addr.split[0]).ipv6?
|
207
|
+
rescue
|
208
|
+
ret = false
|
209
|
+
end
|
210
|
+
ret
|
211
|
+
end
|
212
|
+
|
213
|
+
def check_redirect_repeat(str)
|
214
|
+
return false unless str.include?('redirect')
|
215
|
+
nstr = str.sub('redirect', '').strip
|
216
|
+
nstr.include?('redirect') ? true : false
|
217
|
+
end
|
218
|
+
|
219
|
+
# PROPERTIES
|
220
|
+
# ----------
|
221
|
+
def seqno
|
222
|
+
match = ace_get
|
223
|
+
return nil if match.nil?
|
224
|
+
match.names.include?('seqno') ? match[:seqno] : nil
|
225
|
+
end
|
226
|
+
|
227
|
+
def action
|
228
|
+
match = ace_get
|
229
|
+
return nil if match.nil?
|
230
|
+
match.names.include?('action') ? match[:action] : nil
|
231
|
+
end
|
232
|
+
|
233
|
+
def action=(action)
|
234
|
+
@set_args[:action] = action
|
235
|
+
end
|
236
|
+
|
237
|
+
def remark
|
238
|
+
match = ace_get
|
239
|
+
return nil if match.nil?
|
240
|
+
match.names.include?('remark') ? match[:remark] : nil
|
241
|
+
end
|
242
|
+
|
243
|
+
def remark=(remark)
|
244
|
+
@set_args[:remark] = remark
|
245
|
+
end
|
246
|
+
|
247
|
+
def proto
|
248
|
+
match = ace_get
|
249
|
+
return nil if match.nil?
|
250
|
+
match.names.include?('proto') ? match[:proto] : nil
|
251
|
+
end
|
252
|
+
|
253
|
+
def proto=(proto)
|
254
|
+
@set_args[:proto] = proto # TBD ip vs ipv4
|
255
|
+
end
|
256
|
+
|
257
|
+
def src_addr
|
258
|
+
match = ace_get
|
259
|
+
return nil if match.nil? || !match.names.include?('src_addr')
|
260
|
+
addr = match[:src_addr]
|
261
|
+
# Normalize addr. Some platforms zero_pad ipv6 addrs.
|
262
|
+
addr.gsub!(/^0*/, '').gsub!(/:0*/, ':') if valid_ipv6?(addr)
|
263
|
+
addr
|
264
|
+
end
|
265
|
+
|
266
|
+
def src_addr=(src_addr)
|
267
|
+
@set_args[:src_addr] = src_addr
|
268
|
+
end
|
269
|
+
|
270
|
+
def src_port
|
271
|
+
match = ace_get
|
272
|
+
return nil if match.nil?
|
273
|
+
match.names.include?('src_port') ? match[:src_port] : nil
|
274
|
+
end
|
275
|
+
|
276
|
+
def src_port=(src_port)
|
277
|
+
@set_args[:src_port] = src_port
|
278
|
+
end
|
279
|
+
|
280
|
+
def dst_addr
|
281
|
+
match = ace_get
|
282
|
+
return nil if match.nil? || !match.names.include?('dst_addr')
|
283
|
+
addr = match[:dst_addr]
|
284
|
+
# Normalize addr. Some platforms zero_pad ipv6 addrs.
|
285
|
+
addr.gsub!(/^0*/, '').gsub!(/:0*/, ':') if valid_ipv6?(addr)
|
286
|
+
addr
|
287
|
+
end
|
288
|
+
|
289
|
+
def dst_addr=(dst_addr)
|
290
|
+
@set_args[:dst_addr] = dst_addr
|
291
|
+
end
|
292
|
+
|
293
|
+
def dst_port
|
294
|
+
match = ace_get
|
295
|
+
return nil if match.nil?
|
296
|
+
match.names.include?('dst_port') ? match[:dst_port] : nil
|
297
|
+
end
|
298
|
+
|
299
|
+
def dst_port=(src_port)
|
300
|
+
@set_args[:dst_port] = src_port
|
301
|
+
end
|
302
|
+
|
303
|
+
def tcp_flags
|
304
|
+
match = ace_get
|
305
|
+
return nil if match.nil?
|
306
|
+
match.names.include?('tcp_flags') ? match[:tcp_flags].strip : nil
|
307
|
+
end
|
308
|
+
|
309
|
+
def tcp_flags=(tcp_flags)
|
310
|
+
@set_args[:tcp_flags] = tcp_flags.strip
|
311
|
+
end
|
312
|
+
|
313
|
+
def established
|
314
|
+
match = ace_get
|
315
|
+
return nil unless remark.nil?
|
316
|
+
return false if match.nil?
|
317
|
+
return false unless match.names.include?('established')
|
318
|
+
match[:established] == 'established' ? true : false
|
319
|
+
end
|
320
|
+
|
321
|
+
def established=(established)
|
322
|
+
@set_args[:established] = established.to_s == 'true' ? 'established' : ''
|
323
|
+
end
|
324
|
+
|
325
|
+
def precedence
|
326
|
+
Utils.extract_value(ace_get, 'precedence')
|
327
|
+
end
|
328
|
+
|
329
|
+
def precedence=(precedence)
|
330
|
+
@set_args[:precedence] = Utils.attach_prefix(precedence, :precedence)
|
331
|
+
end
|
332
|
+
|
333
|
+
def dscp
|
334
|
+
Utils.extract_value(ace_get, 'dscp')
|
335
|
+
end
|
336
|
+
|
337
|
+
def dscp=(dscp)
|
338
|
+
@set_args[:dscp] = Utils.attach_prefix(dscp, :dscp)
|
339
|
+
end
|
340
|
+
|
341
|
+
def vlan
|
342
|
+
Utils.extract_value(ace_get, 'vlan')
|
343
|
+
end
|
344
|
+
|
345
|
+
def vlan=(vlan)
|
346
|
+
@set_args[:vlan] = Utils.attach_prefix(vlan, :vlan)
|
347
|
+
end
|
348
|
+
|
349
|
+
def set_erspan_dscp
|
350
|
+
ret = Utils.extract_value(ace_get, 'set_erspan_dscp', 'set-erspan-dscp')
|
351
|
+
return ret if ret
|
352
|
+
# position of set_erspan_dscp is different in older release so check again
|
353
|
+
str = config_get('acl', 'ace', @get_args)
|
354
|
+
sstr = str.split
|
355
|
+
return sstr[sstr.index('set-erspan-dscp') + 1] if
|
356
|
+
sstr.include?('set-erspan-dscp')
|
357
|
+
end
|
358
|
+
|
359
|
+
def set_erspan_dscp=(set_erspan_dscp)
|
360
|
+
@set_args[:set_erspan_dscp] = Utils.attach_prefix(set_erspan_dscp,
|
361
|
+
:set_erspan_dscp,
|
362
|
+
'set-erspan-dscp')
|
363
|
+
end
|
364
|
+
|
365
|
+
def set_erspan_gre_proto
|
366
|
+
ret = Utils.extract_value(ace_get, 'set_erspan_gre_proto',
|
367
|
+
'set-erspan-gre-proto')
|
368
|
+
return ret if ret
|
369
|
+
# position of set_erspan_gre_proto is different in older release
|
370
|
+
# so check again
|
371
|
+
str = config_get('acl', 'ace', @get_args)
|
372
|
+
sstr = str.split
|
373
|
+
return sstr[sstr.index('set-erspan-gre-proto') + 1] if
|
374
|
+
sstr.include?('set-erspan-gre-proto')
|
375
|
+
end
|
376
|
+
|
377
|
+
def set_erspan_gre_proto=(set_erspan_gre_proto)
|
378
|
+
@set_args[:set_erspan_gre_proto] =
|
379
|
+
Utils.attach_prefix(set_erspan_gre_proto,
|
380
|
+
:set_erspan_gre_proto,
|
381
|
+
'set-erspan-gre-proto')
|
382
|
+
end
|
383
|
+
|
384
|
+
def time_range
|
385
|
+
Utils.extract_value(ace_get, 'time_range', 'time-range')
|
386
|
+
end
|
387
|
+
|
388
|
+
def time_range=(time_range)
|
389
|
+
@set_args[:time_range] = Utils.attach_prefix(time_range,
|
390
|
+
:time_range,
|
391
|
+
'time-range')
|
392
|
+
end
|
393
|
+
|
394
|
+
def packet_length
|
395
|
+
Utils.extract_value(ace_get, 'packet_length', 'packet-length')
|
396
|
+
end
|
397
|
+
|
398
|
+
def packet_length=(packet_length)
|
399
|
+
@set_args[:packet_length] = Utils.attach_prefix(packet_length,
|
400
|
+
:packet_length,
|
401
|
+
'packet-length')
|
402
|
+
end
|
403
|
+
|
404
|
+
def ttl
|
405
|
+
Utils.extract_value(ace_get, 'ttl')
|
406
|
+
end
|
407
|
+
|
408
|
+
def ttl=(ttl)
|
409
|
+
@set_args[:ttl] = Utils.attach_prefix(ttl, :ttl)
|
410
|
+
end
|
411
|
+
|
412
|
+
def http_method
|
413
|
+
Utils.extract_value(ace_get, 'http_method', 'http-method')
|
414
|
+
end
|
415
|
+
|
416
|
+
def http_method=(http_method)
|
417
|
+
@set_args[:http_method] = Utils.attach_prefix(http_method,
|
418
|
+
:http_method,
|
419
|
+
'http-method')
|
420
|
+
end
|
421
|
+
|
422
|
+
def tcp_option_length
|
423
|
+
Utils.extract_value(ace_get, 'tcp_option_length', 'tcp-option-length')
|
424
|
+
end
|
425
|
+
|
426
|
+
def tcp_option_length=(tcp_option_length)
|
427
|
+
@set_args[:tcp_option_length] = Utils.attach_prefix(tcp_option_length,
|
428
|
+
:tcp_option_length,
|
429
|
+
'tcp-option-length')
|
430
|
+
end
|
431
|
+
|
432
|
+
def redirect
|
433
|
+
Utils.extract_value(ace_get, 'redirect')
|
434
|
+
end
|
435
|
+
|
436
|
+
def redirect=(redirect)
|
437
|
+
@set_args[:redirect] = Utils.attach_prefix(redirect, :redirect)
|
438
|
+
end
|
439
|
+
|
440
|
+
def proto_option
|
441
|
+
match = ace_get
|
442
|
+
return nil if match.nil? || proto != 'icmp' || !remark.nil?
|
443
|
+
# fragments is nvgen at a different location than all other
|
444
|
+
# proto_option
|
445
|
+
if config_get('acl', 'ace', @get_args).include?('fragments')
|
446
|
+
return 'fragments'
|
447
|
+
end
|
448
|
+
# log is special case
|
449
|
+
return nil if !match.names.include?('proto_option') ||
|
450
|
+
match[:proto_option] == 'log'
|
451
|
+
match[:proto_option]
|
452
|
+
end
|
453
|
+
|
454
|
+
def proto_option=(proto_option)
|
455
|
+
@set_args[:proto_option] = proto_option
|
456
|
+
end
|
457
|
+
|
458
|
+
def log
|
459
|
+
return nil unless remark.nil?
|
460
|
+
config_get('acl', 'ace', @get_args).include?('log') ? true : false
|
461
|
+
end
|
462
|
+
|
463
|
+
def log=(log)
|
464
|
+
@set_args[:log] = log.to_s == 'true' ? 'log' : ''
|
465
|
+
end
|
466
|
+
end
|
467
|
+
end
|