rbeapi 0.1.0

data/lib/rbeapi/eapilib.rb

@@ -0,0 +1,334 @@
+#
+# Copyright (c) 2014, Arista Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#   Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+#
+#   Neither the name of Arista Networks nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ARISTA NETWORKS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+require 'net/http'
+require 'json'
+
+require 'net_http_unix'
+
+module Rbeapi
+
+  module Eapilib
+
+    DEFAULT_HTTP_PORT = 80
+    DEFAULT_HTTPS_PORT = 443
+    DEFAULT_HTTP_LOCAL_PORT = 8080
+    DEFAULT_HTTP_TIMEOUT = 10
+    DEFAULT_HTTP_PATH = '/command-api'
+    DEFAULT_UNIX_SOCKET = '/var/run/command-api.sock'
+
+    class EapiError < StandardError
+
+      attr_accessor :commands
+
+      ##
+      # Base error class for generating exceptions.  The EapiError class
+      # provides one property for holding the set of commands issued
+      # when the error was generated
+      #
+      # @param [String] :message The error message to return from raising
+      #   the exception
+      def initalize(message)
+        @message = message
+        @commands = nil
+        super(message)
+      end
+    end
+
+    class CommandError < EapiError
+
+      attr_reader :error_code
+      attr_reader :error_text
+
+      ##
+      # A CommandError exception is raised in response to an eAPI call that
+      # returns a failure message.  The exception contains the eAPI error
+      # code and error text.
+      #
+      # @param [String] :message The error message to return from raising
+      #   this exception
+      # @param [Integer] :code The error code associated with the error
+      #   messsage to be raised
+      # @param [Array] :commands The list of commands that were used  in the
+      #   eAPI request message
+      def initialize(message, code, commands = nil)
+        @error_code = code
+        @error_text = message
+        @commands = commands
+        message = "Error [#{code}]: #{message}"
+        super(message)
+      end
+    end
+
+    class ConnectionError < EapiError
+
+      attr_accessor :connection_type
+
+      ##
+      # A ConnectionError exception is raised when the connection object
+      # is unable to establish a connection with eAPI.
+      #
+      # @param [String] :message The error message to return from raising
+      #   this exception
+      # @param [String] :connection_type The optional connection_type of
+      #   the instance
+      # @param [Array] :commands The list of commands that were used  in the
+      #   eAPI request message
+      def initialize(message, connection_type = nil, commands = nil)
+        @connection_type = connection_type
+        @commands = commands
+        super(message)
+      end
+    end
+
+    class EapiConnection
+
+      attr_reader :error
+
+      ##
+      # The EapiConnection provides a base class for building eAPI connection
+      # instances with a specific transport for connecting to Arista EOS
+      # devices.  This class handles sending and receiving eAPI calls using
+      # JSON-RPC over HTTP.  This class should not need to be directly
+      # instantiated.
+      #
+      # @param [Net::HTTP] :transport The HTTP transport to use for sending
+      #   and receive eAPI request and response messages
+      def initialize(transport)
+        @transport = transport
+        @error = nil
+      end
+
+      ##
+      # Configures the connection authentication values (username and
+      # and password).  The authentication values are used to authenticate
+      # the eAPI connection.  Using authentication is only required for
+      # connections that use Http or Https transports
+      #
+      # @param [String] :username The username to use to authenticate to
+      #   eAPI with
+      # @param [String] :password The password to use to authenticate to
+      #   eAPI with
+      def authentication(username, password)
+        @username = username
+        @password = password
+      end
+
+      ##
+      # Generates the eAPI JSON request message.
+      #
+      # @example eAPI Request
+      #   {
+      #     "jsonrpc": "2.0",
+      #     "method": "runCmds",
+      #     "params": {
+      #       "version": 1,
+      #       "cmds": [
+      #         <commands>
+      #       ],
+      #       "format": [json, text],
+      #     }
+      #     "id": <reqid>
+      #   }
+      #
+      # @param [Array] :commands The ordered set of commands that should
+      #   be included in the eAPI request
+      # @param [Hash] :opts Optional keyword arguments
+      # @option :opts [String] :id The value to use for the eAPI request
+      #   id.  If not provided,the object_id for the connection instance
+      #   will be used
+      # @option :opts [String] :format The encoding formation to pass in
+      #   the eAPI request.  Valid values are json or text.  The default
+      #   value is json
+      #
+      # @return [Hash] Returns a Ruby hash of the request message that is
+      #   suitable to be JSON encoded and sent to the desitination node
+      def request(commands, opts = {})
+        id = opts.fetch(:reqid, self.object_id)
+        format = opts.fetch(:format, 'json')
+        cmds = [*commands]
+        params = { 'version' => 1, 'cmds' => cmds, 'format' => format }
+        { 'jsonrpc' => '2.0', 'method' => 'runCmds',
+          'params' => params, 'id' => id }
+      end
+
+      ##
+      # This method will send the request to the node over the specified
+      # transport and return a response message with the contents from
+      # the eAPI response.  eAPI responds to request messages with either
+      # a success message or failure message.
+      #
+      # @example eAPI Response - success
+      #   {
+      #     "jsonrpc": "2.0",
+      #     "result": [
+      #       {},
+      #       {},
+      #       {
+      #         "warnings": [
+      #           <message>
+      #         ]
+      #       },
+      #     ],
+      #     "id": <reqid>
+      #   }
+      #
+      # @example eAPI Response - failure
+      #   {
+      #     "jsonrpc": "2.0",
+      #     "error": {
+      #       "code": <int>,
+      #       "message": <string>,
+      #       "data": [
+      #         {},
+      #         {},
+      #         {
+      #           "errors": [
+      #             <message>
+      #           ]
+      #         }
+      #       ]
+      #     },
+      #     "id": <reqid>
+      #   }
+      #
+      # @param [Hash] :data A hash containing the body of the request
+      #   message.  This should be a valid eAPI request message.
+      #
+      # @return [Hash] returns the response message as a Ruby hash object
+      #
+      # @raises [CommandError] Raised if an eAPI failure response is return
+      #   from the destination node.
+      def send(data)
+        request = Net::HTTP::Post.new('/command-api')
+        request.body = JSON.dump(data)
+        request.basic_auth @username, @password
+
+        begin
+          @transport.open_timeout = DEFAULT_HTTP_TIMEOUT
+          response = @transport.request(request)
+          decoded = JSON(response.body)
+
+          if decoded.include?('error')
+            code = decoded['error']['code']
+            msg = decoded['error']['message']
+            fail CommandError.new(msg, code)
+          end
+        rescue Timeout::Error
+          raise ConnectionError, 'unable to connect to eAPI'
+        end
+
+        return decoded
+      end
+
+      ##
+      # Executes the commands on the destination node and returns the
+      # response from the node.
+      #
+      # @param [Array] :commands The ordered list of commandst to execute
+      #   on the destination node.
+      # @param [Hash] :opts Optional keyword arguments
+      # @option :opts [String] :encoding Used to specify the encoding to be
+      #   used for the response.  Valid encoding values are json or text
+      #
+      # @returns [Array<Hash>] This method will return the array of responses
+      #   for each command executed on the node.
+      #
+      # @raises [CommandError] Raises a CommandError if rescued from the
+      #   send method and adds the list of commands to the exception message
+      #
+      # @raises [ConnectionError] Raises a ConnectionError if resuced and
+      #   adds the list of commands to the exception message
+      def execute(commands, opts = {})
+        begin
+          @error = nil
+          request = request(commands,  opts)
+          response = send request
+          return response['result']
+        rescue ConnectionError, CommandError => exc
+          exc.commands = commands
+          @error = exc
+          raise
+        end
+      end
+    end
+
+    class SocketEapiConnection < EapiConnection
+      def initialize(opts = {})
+        path = opts.fetch(:path, DEFAULT_UNIX_SOCKET)
+        transport = NetX::HTTPUnix.new("unix://#{path}")
+        super(transport)
+      end
+    end
+
+    class HttpEapiConnection < EapiConnection
+      def initialize(opts = {})
+        port = opts.fetch(:port, DEFAULT_HTTP_PORT)
+        host = opts.fetch(:host, 'localhost')
+
+        transport = Net::HTTP.new(host, port.to_i)
+        super(transport)
+
+        user = opts.fetch(:username, 'admin')
+        pass = opts.fetch(:password, '')
+        authentication(user, pass)
+      end
+    end
+
+    class HttpLocalEapiConnection < EapiConnection
+      def initialize(opts = {})
+        port = opts.fetch(:port, DEFAULT_HTTP_LOCAL_PORT)
+        transport = Net::HTTP.new('localhost', port)
+        super(transport)
+
+        user = opts.fetch(:username, 'admin')
+        pass = opts.fetch(:password, '')
+        authentication(user, pass)
+      end
+    end
+
+    class HttpsEapiConnection < EapiConnection
+      def initialize(opts = {})
+        host = opts.fetch(:host, 'localhost')
+        port = opts.fetch(:port, DEFAULT_HTTPS_PORT)
+
+        transport = Net::HTTP.new(host, port)
+        transport.use_ssl = true
+        transport.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        super(transport)
+
+        user = opts.fetch(:username, 'admin')
+        pass = opts.fetch(:password, '')
+        authentication(user, pass)
+      end
+    end
+  end
+end

data/lib/rbeapi/netdev/snmp.rb

@@ -0,0 +1,370 @@
+#
+## Copyright (c) 2014, Arista Networks, Inc.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted provided that the following conditions are
+## met:
+##
+##   Redistributions of source code must retain the above copyright notice,
+##   this list of conditions and the following disclaimer.
+##
+##   Redistributions in binary form must reproduce the above copyright
+##   notice, this list of conditions and the following disclaimer in the
+##   documentation and/or other materials provided with the distribution.
+##
+##   Neither the name of Arista Networks nor the names of its
+##   contributors may be used to endorse or promote products derived from
+##   this software without specific prior written permission.
+##
+## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+## A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ARISTA NETWORKS
+## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+## BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+## WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+## OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+## IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+##
+
+require 'rbeapi/api'
+
+module Rbeapi
+
+  module Netdev
+
+    ##
+    # The Netdev class is a straight port of the original PuppetX netdev
+    # code that existed prior to rbeapi.  This should be considered a legacy
+    # implementation that will go away as the functions get merged into
+    # rbeapi.
+    #
+    # This class should NOT be used for any further development.
+    # YE BE WARNED!
+    #
+    class Snmp < Rbeapi::Api::Entity
+      # snmp_notification_receivers obtains a list of all the snmp
+      # notification receivers and returns them as an Array of resource
+      # hashes suitable for the provider's new class method.  This command
+      # maps the `show snmp host` command to an array of resource hashes.
+      #
+      # @api public
+      #
+      # @return [Array<Hash<Symbol,Object>>] Array of resource hashes.
+      def snmp_notification_receivers
+        cmd = 'show snmp host'
+        result = node.enable(cmd)
+        text = result.first[:result]['output']
+        parse_snmp_hosts(text)
+      end
+
+      ##
+      # parse_snmp_hosts parses the raw text from the `show snmp host`
+      # command and returns an Array of resource hashes.
+      #
+      # rubocop:disable Metrics/MethodLength
+      #
+      # @param [String] text The text of the `show snmp host` output, e.g.
+      #   for three hosts:
+      #
+      #   ```
+      #   Notification host: 127.0.0.1       udp-port: 162   type: trap
+      #   user: public                       security model: v3 noauth
+      #
+      #   Notification host: 127.0.0.1       udp-port: 162   type: trap
+      #   user: smtpuser                     security model: v3 auth
+      #
+      #   Notification host: 127.0.0.2       udp-port: 162   type: trap
+      #   user: private                      security model: v2c
+      #
+      #   Notification host: 127.0.0.3       udp-port: 162   type: trap
+      #   user: public                       security model: v1
+      #
+      #   Notification host: 127.0.0.4       udp-port: 10162 type: inform
+      #   user: private                      security model: v2c
+      #
+      #   Notification host: 127.0.0.4       udp-port: 162   type: trap
+      #   user: priv@te                      security model: v1
+      #
+      #   Notification host: 127.0.0.4       udp-port: 162   type: trap
+      #   user: public                       security model: v1
+      #
+      #   Notification host: 127.0.0.4       udp-port: 20162 type: trap
+      #   user: private                      security model: v1
+      #
+      #   ```
+      #
+      # @api private
+      #
+      # @return [Array<Hash<Symbol,Object>>] Array of resource hashes.
+      def parse_snmp_hosts(text)
+        re = /host: ([^\s]+)\s+.*?port: (\d+)\s+type: (\w+)\s*user: (.*?)\s+security model: (.*?)\n/m # rubocop:disable Metrics/LineLength
+        text.scan(re).map do |(host, port, type, username, auth)|
+          resource_hash = { name: host, ensure: :present, port: port.to_i }
+          sec_match = /^v3 (\w+)/.match(auth)
+          resource_hash[:security] = sec_match[1] if sec_match
+          ver_match = /^(v\d)/.match(auth) # first 2 characters
+          resource_hash[:version] = ver_match[1] if ver_match
+          resource_hash[:type] = /trap/.match(type) ? :traps : :informs
+          resource_hash[:username] = username
+          resource_hash
+        end
+      end
+      # rubocop:enable Metrics/MethodLength
+
+      ##
+      # snmp_notification_receiver_set takes a resource hash and configures a
+      # SNMP notification host on the target device.  In practice this method
+      # usually creates a resource because nearly all of the properties can
+      # vary and are components of a resource identifier.
+      #
+      # @option opts [String] :name ('127.0.0.1') The hostname or ip address
+      #   of the snmp notification receiver host.
+      #
+      # @option opts [String] :username ('public') The SNMP username, or
+      #   community, to use for authentication.
+      #
+      # @option opts [Fixnum] :port (162) The UDP port of the receiver.
+      #
+      # @option opts [Symbol] :version (:v3) The version, :v1, :v2, or :v3
+      #
+      # @option opts [Symbol] :type (:traps) The notification type, :traps or
+      #   :informs.
+      #
+      # @option opts [Symbol] :security (:auth) The security mode, :auth,
+      #   :noauth, or :priv
+      #
+      # @api public
+      #
+      # @return [Boolean]
+      def snmp_notification_receiver_set(opts = {})
+        configure snmp_notification_receiver_cmd(opts)
+      end
+
+      ##
+      # snmp_notification_receiver_cmd builds a command given a resource
+      # hash.
+      #
+      # @return [String]
+      def snmp_notification_receiver_cmd(opts = {})
+        host = opts[:name].split(':').first
+        version = /\d+/.match(opts[:version]).to_s
+        version.sub!('2', '2c')
+        cmd = "snmp-server host #{host}"
+        cmd << " #{opts[:type] || :traps}"
+        cmd << " version #{version}"
+        cmd << " #{opts[:security] || :noauth}" if version == '3'
+        cmd << " #{opts[:username]}"
+        cmd << " udp-port #{opts[:port]}"
+        cmd
+      end
+      private :snmp_notification_receiver_cmd
+
+      ##
+      # snmp_notification_receiver_remove removes an snmp-server host from
+      # the target device.
+      #
+      # @option opts [String] :name ('127.0.0.1') The hostname or ip address
+      #   of the snmp notification receiver host.
+      #
+      # @option opts [String] :username ('public') The SNMP username, or
+      #   community, to use for authentication.
+      #
+      # @option opts [Fixnum] :port (162) The UDP port of the receiver.
+      #
+      # @option opts [Symbol] :version (:v3) The version, :v1, :v2, or :v3
+      #
+      # @option opts [Symbol] :type (:traps) The notification type, :traps or
+      #   :informs.
+      #
+      # @option opts [Symbol] :security (:auth) The security mode, :auth,
+      #   :noauth, or :priv
+      #
+      # @api public
+      #
+      # @return [Boolean]
+      def snmp_notification_receiver_remove(opts = {})
+        cmd = 'no ' << snmp_notification_receiver_cmd(opts)
+        configure cmd
+      end
+
+      ##
+      # snmp_users retrieves all of the SNMP users  defined on the target
+      # device and returns an Array of Hash objects suitable for use as a
+      # resource hash to the provider's initializer method.
+      #
+      # @api public
+      #
+      # @return [Array<Hash<Symbol,Object>>] Array of resource hashes.
+      def snmp_users
+        cmd = 'show snmp user'
+        result = node.enable(cmd)
+        text = result.first[:result]['output']
+        users = parse_snmp_users(text)
+        users.each do |h|
+          cmd = "snmp-server user #{h[:name]} #{h[:roles]} #{h[:version]}"
+          password = snmp_user_password_hash(config, cmd)[:auth]
+          h[:password] = password if password
+        end
+      end
+
+      ##
+      # parse_snmp_users takes the text output from the `show snmp user` EAPI
+      # command and parses the text into structured data suitable for use as
+      # a resource has to the provider initializer method.
+      #
+      # ```
+      #
+      # User name      : jeff
+      # Security model : v3
+      # Engine ID      : f5717f00420008177800
+      # Authentication : SHA
+      # Privacy        : AES-128
+      # Group          : developers
+      #
+      # User name      : nigel
+      # Security model : v2c
+      # Group          : sysops (not configured)
+      #
+      # User name      : nigel
+      # Security model : v3
+      # Engine ID      : f5717f00420008177800
+      # Authentication : SHA
+      # Privacy        : AES-128
+      # Group          : sysops
+      # ```
+      #
+      # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/MethodLength
+      #
+      # @param [String] text The text to parse
+      #
+      # @api private
+      #
+      # @return [Array<Hash<Symbol,Object>>] Array of resource hashes.
+      def parse_snmp_users(text)
+        text.split("\n\n").map do |user_s|
+          user_s.scan(/^(\w+).*?: (.*)/).each_with_object({}) do |(h, v), m|
+            key = SNMP_USER_PARAM[h.downcase.intern] || h.downcase.intern
+            m[key] = case key
+                      when :privacy  then /AES/.match(v) ? :aes128 : :des
+                      when :version  then v.sub('v2c', 'v2').intern
+                      when :auth     then v.downcase.intern
+                      when :roles    then v.sub(/ \(.*?\)/, '')
+                      else v.downcase
+                      end
+          end
+        end
+      end
+      # rubocop:enable Metrics/MethodLength
+
+      # Map SNMP headings from `show snmp user` to snmp_user parameter names
+      SNMP_USER_PARAM = {
+        user: :name,
+        engine: :engine_id,
+        security: :version,
+        authentication: :auth,
+        privacy: :privacy,
+        group: :roles
+      }
+
+      ##
+      # snmp_user_set creates or updates an SNMP user account on the target
+      # device.
+      #
+      # rubocop:disable Metrics/MethodLength
+      #
+      # @option opts [String] :name ('johndoe') The username
+      #
+      # @option opts [Array] :roles (['developers']) The group, as an Array,
+      #   this user is associated with.
+      #
+      # @option opts [Symbol] :version (:v2) The snmp version for this user
+      #   account.
+      #
+      # @option opts [Symbol] :auth (:sha) The authentication digest method
+      #
+      # @option opts [Symbol] :privacy (:aes) The encryption scheme for
+      #   privacy.
+      #
+      # @option opts [String] :password ('abc123') The password to
+      #   configure for authentication and privacy.
+      #
+      # @api public
+      #
+      # @return [Hash<Symbol,Object>] Updated properties, e.g. the password
+      #   hash which is idempotent.
+      def snmp_user_set(opts = {})
+        group = [*opts[:roles]].first
+        fail ArgumentError, 'at least one role is required' unless group
+        version = opts[:version].to_s.sub('v2', 'v2c')
+        cmd = user_cmd = "snmp-server user #{opts[:name]} #{group} #{version}"
+        if opts[:password] && version == 'v3'
+          privacy = opts[:privacy].to_s.scan(/aes|des/).first
+          fail ArgumentError,
+                'privacy is required when managing passwords' unless privacy
+          cmd += " auth #{opts[:auth] || 'sha'} #{opts[:password]} "\
+            "priv #{privacy} #{opts[:password]}"
+        end
+        configure cmd
+        hash = snmp_user_password_hash(running_config, user_cmd)
+        { password: hash[:auth] }
+      end
+      # rubocop:enable Metrics/MethodLength
+
+      ##
+      # snmp_user_destroy removes an SNMP user from the target device
+      #
+      # @option opts [String] :name ('johndoe') The username
+      #
+      # @option opts [Array] :roles (['developers']) The group, as an Array,
+      #   this user is associated with.
+      #
+      # @option opts [Symbol] :version (:v2) The snmp version for this user
+      #   account.
+      #
+      # @option opts [Symbol] :auth (:sha) The authentication digest method
+      #
+      # @option opts [Symbol] :privacy (:aes) The encryption scheme for
+      #   privacy.
+      #
+      # @option opts [String] :password ('abc123') The password to
+      #   configure for authentication and privacy.
+      #
+      # @api public
+      #
+      # @return [Hash<Symbol,Object>] Updated properties, e.g. the password
+      #   hash which is idempotent.
+      #
+      # @return [String]
+      def snmp_user_destroy(opts = {})
+        group = [*opts[:roles]].first
+        version = opts[:version].to_s.sub('v2', 'v2c')
+        cmd = "no snmp-server user #{opts[:name]} #{group} #{version}"
+        configure cmd
+        {}
+      end
+
+      ##
+      # snmp_user_password obtains the password hash from the device in order
+      # to provide an idempotent configuration value.
+      #
+      # @param [String] running_config The text of the current running
+      #   configuration.
+      #
+      # @param [String] user_cmd The prefix of the command that identifies
+      #   the user in the running-config.  e.g. ('snmp-server user jeff
+      #   developers v3')
+      #
+      # @return [Hash<Symbol,String>] The hashes for :auth and :privacy
+      def snmp_user_password_hash(running_config, user_cmd)
+        regexp = /#{user_cmd} .*?auth \w+\s+(.*?)\s+priv \w+\s+(.*?)\s/
+        (auth_hash, priv_hash) = running_config.scan(regexp).first
+        { auth: auth_hash, privacy: priv_hash }
+      end
+    end
+  end
+end