rbeapi 0.1.0

data/lib/rbeapi/api/radius.rb

@@ -0,0 +1,317 @@
+#
+# Copyright (c) 2014, Arista Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#   Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+#
+#   Neither the name of Arista Networks nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ARISTA NETWORKS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+require 'rbeapi/api'
+
+
+module Rbeapi
+  ##
+  # Eos is module namesapce for working with the EOS command API
+  module Api
+    ##
+    # Radius provides instance methods to retrieve and set radius configuration
+    # values.
+    class Radius < Entity
+
+      DEFAULT_KEY_FORMAT = 0
+      DEFAULT_KEY = nil
+
+      # Regular expression to extract a radius server's attributes from the
+      # running-configuration text.  The explicit [ ] spaces enable line
+      # wrappping and indentation with the /x flag.
+      SERVER_REGEXP = /radius-server[ ]host[ ](.*?)
+                       (?:[ ]vrf[ ]([^\s]+))?
+                       (?:[ ]auth-port[ ](\d+))?
+                       (?:[ ]acct-port[ ](\d+))?
+                       (?:[ ]timeout[ ](\d+))?
+                       (?:[ ]retransmit[ ](\d+))?
+                       (?:[ ]key[ ](\d+)[ ](\w+))?\s/x
+
+      ##
+      # get Returns an Array with a single resource Hash describing the
+      # current state of the global radius configuration on the target device.
+      # This method is intended to be used by a provider's instances class
+      # method.
+      #
+      # The resource hash returned contains the following information:
+      #  * key: (String) the key either in plaintext or hashed format
+      #  * key_format: (Fixnum) e.g. 0 or 7
+      #  * timeout: (Fixnum) seconds before the timeout period ends
+      #  * retransmit: (Fixnum), e.g. 3, attempts after first timeout expiry.
+      #  * servers: (Array),
+      #
+      # @api public
+      #
+      # @return [Array<Hash>] Single element Array of resource hashes
+      def get
+        global = {}
+        global.merge!(parse_global_timeout)
+        global.merge!(parse_global_retransmit)
+        global.merge!(parse_global_key)
+        resource = { global: global, servers: parse_servers }
+        resource
+      end
+
+      ##
+      # parse_time scans the nodes current configuraiton and parse the
+      # radius-server timeout value.  The timeout value is expected to always
+      # be present in the config
+      #
+      # @api private
+      #
+      # @return [Hash<Symbol, Object>] resource hash attribute
+      def parse_global_timeout
+        value = config.scan(/radius-server timeout (\d+)/).first
+        { timeout: value.first.to_i }
+      end
+      private :parse_global_timeout
+
+      ##
+      # parse_retransmit scans the cnodes current configuration and parses the
+      # radius-server retransmit value.  the retransmist value is expected to
+      # always be present in the config
+      #
+      # @api private
+      #
+      # @return [Hash<Symbol, Object>] resource hash attribute
+      def parse_global_retransmit
+        value = config.scan(/radius-server retransmit (\d+)/).first
+        { retransmit: value.first.to_i }
+      end
+      private :parse_global_retransmit
+
+      ##
+      # parse_key scans the current nodes running configuration and parse the
+      # global radius-server key and format value.  If the key is not
+      # configured this method will return DEFAULT_KEY and DEFAULT_KEY_FORMAT
+      # for the resource hash values.
+      #
+      # @api private
+      #
+      # @return [Hash<Symbol, Object>] resource hash attribute
+      def parse_global_key
+        rsrc_hsh = {}
+        (key_format, key) = config.scan(/radius-server key (\d+) (\w+)/).first
+        rsrc_hsh[:key_format] = key_format.to_i || DEFAULT_KEY_FORMAT
+        rsrc_hsh[:key] = key || DEFAULT_KEY
+        rsrc_hsh
+      end
+      private :parse_global_key
+
+      ##
+      # parse_servers returns an Array of radius server resource hashes.  Each
+      # hash describes the current state of the radius server and is intended
+      # to be merged into the radius resource hash
+      #
+      # The resource hash returned contains the following information:
+      #  * hostname: hostname or ip address
+      #  * vrf: (String) vrf name
+      #  * key: (String) the key either in plaintext or hashed format
+      #  * key_format: (Fixnum) e.g. 0 or 7
+      #  * timeout: (Fixnum) seconds before the timeout period ends
+      #  * retransmit: (Integer), e.g. 3, attempts after first timeout expiry.
+      #  * group: (String) Server group associated with this server.
+      #  * acct_port: (Fixnum) Port number to use for accounting.
+      #  * accounting_only: (Boolean) Enable this server for accounting only.
+      #  * auth_port: (Fixnum) Port number to use for authentication
+      #
+      # @api private
+      #
+      # @return [Array<Hash<Symbol,Object>>] Array of resource hashes
+      def parse_servers
+        tuples = config.scan(SERVER_REGEXP)
+        tuples.map do |(host, vrf,  authp, acctp, tout, tries, keyfm, key)|
+          hsh = {}
+          hsh[:hostname]         = host
+          hsh[:vrf]              = vrf
+          hsh[:auth_port]        = authp.to_i
+          hsh[:acct_port]        = acctp.to_i
+          hsh[:timeout]          = tout.to_i
+          hsh[:retransmit]       = tries.to_i
+          hsh[:key_format]       = keyfm.to_i
+          hsh[:key]              = key
+          hsh
+        end
+      end
+      private :parse_servers
+
+      ##
+      # set_global_key configures the global radius-server key.  If the value option
+      # is not specified, radius-server key is configured using the no keyword.
+      # If the default option is specified, radius-server key is configured
+      # using the default keyword.  If both options are specified, the default
+      # keyword option takes precedence.
+      #
+      # @eos_version 4.13.7M
+      #
+      # @commands
+      #   radius-server key <format> <value>
+      #   no radius-server key
+      #   default radius-server key
+      #
+      # @option [String] :value The value to configure the radius-server key to
+      #   in the nodes running configuration
+      #
+      # @option [Fixnum] :key_format The format of the key to be passed to the
+      #   nodes running configuration.  Valid values are 0 (cleartext) or 7
+      #   (encrypted).  The default value is 0 if format is not provided.
+      #
+      # @option [Boolean] :default Configures the radius-server key using the
+      #   default keyword argument
+      #
+      # @return [Boolean] returns true if the commands complete successfully
+      def set_global_key(opts = {})
+        value = opts[:value]
+        key_format = opts[:key_format] || 0
+        default = opts[:default] || false
+
+        case default
+        when true
+          cmds = 'default radius-server key'
+        when false
+          cmds = value ? "radius-server key #{key_format} #{value}" :
+                         'no radius-server key'
+        end
+        configure cmds
+      end
+
+      ##
+      # set_global_timeout configures the radius-server timeout value.  If the value
+      # options is not specified, radius-server timeout is configured using the
+      # no keyword.  If the default option is specified, radius-server timeout
+      # is configured using the default keyword.  If both options are specified
+      # then the default keyword takes precedence.
+      #
+      # @eos_version 4.13.7M
+      #
+      # @commands
+      #   radius-server timeout <value>
+      #   no radius-server timeout
+      #   default radius-server timeout
+      #
+      # @option [String, Fixnum] :value The value to set the global
+      #   radius-server timeout value to.  This value should be in the range of
+      #   1 to 1000
+      #
+      # @option [Boolean] :default Configures the radius-server timeout value
+      #   using the default keyword.
+      #
+      # @return [Boolean] returns true if the commands complete successfully
+      def set_global_timeout(opts = {})
+        value = opts[:value]
+        default = opts[:default] || false
+
+        case default
+        when true
+          cmds = 'default radius-server timeout'
+        when false
+          cmds = value ? "radius-server timeout #{value}" :
+                         'no radius-server timeout'
+        end
+        configure cmds
+      end
+
+      ##
+      # set_global_retransmit configures the global radius-server restransmit value.
+      # If the value is not specified, the radius-server retransmist value is
+      # configured using the no keyword.  If the default option is specified,
+      # the radius-server retransmit value is configured using the default
+      # keyword.  If both options are specified then the default keyword taks
+      # precedence
+      #
+      # @eos_version 4.13.7M
+      #
+      # @commands
+      #   radius-server retransmit <value>
+      #   no radius-server retransmit
+      #   default radius-server retrasmit
+      #
+      # @option [String, Fixnum] :value The valu to set the global
+      #   radius-server retransmit value to.  This value should be in the range
+      #   of 1 to 100
+      #
+      # @option [Boolean] :default Configures the radius-server retransmit
+      #   value using the default keyword
+      #
+      # @return [Boolean] returns true if the commands complete successfully
+      def set_global_retransmit(opts = {})
+        value = opts[:value]
+        default = opts[:default] || false
+
+        case default
+        when true
+          cmds = 'default radius-server retransmit'
+        when false
+          cmds = value ?  "radius-server retransmit #{value}" :
+                          'no radius-server retransmit'
+        end
+        configure cmds
+      end
+
+      ##
+      # update_server configures a radius server resource on the target device.
+      # This API method maps to the `radius server host` command, e.g.
+      # `radius-server host 10.11.12.13 auth-port 1024 acct-port 2048 timeout
+      # 30 retransmit 5 key 7 011204070A5955`
+      #
+      # @api public
+      #
+      # @return [Boolean] true if there are no errors
+      def update_server(opts = {})
+        # beware: order of cli keyword options counts
+        key_format = opts[:key_format] || 7
+        cmd = "radius-server host #{opts[:hostname]}"
+        cmd << " vrf #{opts[:vrf]}"               if opts[:vrf]
+        cmd << " auth-port #{opts[:auth_port]}"   if opts[:auth_port]
+        cmd << " acct-port #{opts[:acct_port]}"   if opts[:acct_port]
+        cmd << " timeout #{opts[:timeout]}"       if opts[:timeout]
+        cmd << " retransmit #{opts[:retransmit]}" if opts[:retransmit]
+        cmd << " key #{key_format} #{opts[:key]}" if opts[:key]
+        configure cmd
+      end
+
+      ##
+      # remove_server removes the SNMP server identified by the hostname,
+      # auth_port, and acct_port attributes.
+      #
+      # @api public
+      #
+      # @return [Boolean] true if no errors
+      def remove_server(opts = {})
+        cmd = "no radius-server host #{opts[:hostname]}"
+        cmd << " vrf #{opts[:vrf]}"             if opts[:vrf]
+        cmd << " auth-port #{opts[:auth_port]}" if opts[:auth_port]
+        cmd << " acct-port #{opts[:acct_port]}" if opts[:acct_port]
+        configure cmd
+      end
+    end
+  end
+end

data/lib/rbeapi/api/radius.rb.old

@@ -0,0 +1,399 @@
+#
+# Copyright (c) 2014, Arista Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#   Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+#
+#   Neither the name of Arista Networks nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ARISTA NETWORKS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+require 'rbeapi/api'
+
+
+module Rbeapi
+  ##
+  # Eos is module namesapce for working with the EOS command API
+  module Api
+    ##
+    # Radius provides instance methods to retrieve and set radius configuration
+    # values.
+    class Radius < Entity
+
+      DEFAULT_AUTH_PORT = 1812
+      DEFAULT_ACCT_PORT = 1813
+
+      # Regular expression to extract a radius server's attributes from the
+      # running-configuration text.  The explicit [ ] spaces enable line
+      # wrappping and indentation with the /x flag.
+      SERVER_REGEXP = /radius-server[ ]host[ ](.*?)
+                       (?:[ ]auth-port[ ](\d+))?
+                       (?:[ ]acct-port[ ](\d+))?
+                       (?:[ ]timeout[ ](\d+))?
+                       (?:[ ]deadtime[ ](\d+))?
+                       (?:[ ]retransmit[ ](\d+))?
+                       (?:[ ]key[ ](\d+)[ ](\w+))?\s/x
+
+      GROUP_MEMBER_REGEXP = /server[ ](.*?)
+                             (?:[ ]auth-port[ ](\d+))?
+                             (?:[ ]acct-port[ ](\d+))?\s/x
+
+      # Regular expression to extract a radius server's attributes from the
+      # running-configuration text.  The explicit [ ] spaces enable line
+      # wrappping and indentation with the /x flag.
+      SERVER_GROUP_REGEXP = /aaa group server radius (.*)/
+
+      ##
+      # getall Returns an Array with a single resource Hash describing the
+      # current state of the global radius configuration on the target device.
+      # This method is intended to be used by a provider's instances class
+      # method.
+      #
+      # The resource hash returned contains the following information:
+      #  * name: ('settings')
+      #  * enable: (true | false) if radius functionality is enabled.  This is
+      #    always true for EOS.
+      #  * key: (String) the key either in plaintext or hashed format
+      #  * key_format: (Integer) e.g. 0 or 7
+      #  * timeout: (Integer) seconds before the timeout period ends
+      #  * retransmit_count: (Integer), e.g. 3, attempts after first timeout
+      #    expiry.
+      #
+      # @api public
+      #
+      # @return [Array<Hash>] Single element Array of resource hashes
+      def getall
+        rsrc_hsh = radius_global_defaults
+        rsrc_hsh.merge!(parse_global_key(config))
+        rsrc_hsh.merge!(parse_global_timeout(config))
+        rsrc_hsh.merge!(parse_global_retransmit(config))
+        [rsrc_hsh]
+      end
+
+      ##
+      # servers returns an Array of radius server resource hashes.  Each hash
+      # describes the current state of the radius server and is suitable for
+      # use in initializing a radius_server provider.
+      #
+      # The resource hash returned contains the following information:
+      #  * hostname: hostname or ip address
+      #  * key: (String) the key either in plaintext or hashed format
+      #  * key_format: (Fixnum) e.g. 0 or 7
+      #  * timeout: (Fixnum) seconds before the timeout period ends
+      #  * retransmit_count: (Integer), e.g. 3, attempts after first timeout
+      #    expiry.
+      #  * group: (String) Server group associated with this server.
+      #  * deadtime: (Fixnum) number of minutes to ignore an unresponsive
+      #   server.
+      #  * acct_port: (Fixnum) Port number to use for accounting.
+      #  * accounting_only: (Boolean) Enable this server for accounting only.
+      #  * auth_port: (Fixnum) Port number to use for authentication
+      #
+      # @api public
+      #
+      # @return [Array<Hash<Symbol,Object>>] Array of resource hashes
+      def servers
+        config = running_configuration
+        tuples = config.scan(SERVER_REGEXP)
+        tuples.map do |(host, authp, acctp, tout, dead, tries, keyfm, key)|
+          hsh = { auth_port: DEFAULT_AUTH_PORT, acct_port: DEFAULT_ACCT_PORT }
+          hsh[:hostname]         = host       if host
+          hsh[:auth_port]        = authp.to_i if authp
+          hsh[:acct_port]        = acctp.to_i if acctp
+          hsh[:timeout]          = tout.to_i  if tout
+          hsh[:retransmit_count] = tries.to_i if tries
+          hsh[:deadtime]         = dead.to_i  if dead
+          hsh[:key_format]       = keyfm.to_i if keyfm
+          hsh[:key]              = key        if key
+          hsh
+        end
+      end
+
+      ##
+      # server_groups retrieves a list of radius server groups from the target
+      # device.
+      #
+      # @api public
+      #
+      # @return [Array<Hash<Symbol,Object>>] Array of resource hashes
+      def server_groups
+        config = running_configuration
+        tuples = config.scan(SERVER_GROUP_REGEXP)
+        tuples.map do |(name)|
+          { name: name, servers: parse_group_servers(config, name) }
+        end
+      end
+
+      ##
+      # parse_group_servers parses the list of servers associated with a radius
+      # server group given a group name and a running configuration text.
+      #
+      # @param [String] config The running configuration text.
+      #
+      # @param [String] name The name of the server group to parse.
+      #
+      # @api private
+      #
+      # @return [Array<Hash<Symbol,Object>] Array of server attributes
+      def parse_group_servers(config, name)
+        regexp = /aaa group server radius #{name}(.*?)!/m
+        mdata = regexp.match(config)
+        if mdata
+          tuples = mdata[1].scan(GROUP_MEMBER_REGEXP)
+          tuples.collect do |(hostname, auth_port, acct_port)|
+            {
+              hostname: hostname,
+              auth_port: auth_port ? auth_port.to_i : DEFAULT_AUTH_PORT,
+              acct_port: acct_port ? acct_port.to_i : DEFAULT_ACCT_PORT
+            }
+          end
+        else
+          Array.new
+        end
+      end
+
+      ##
+      # update_server_group updates a radius server group given an Array of
+      # server attributes and the name of the server group.  The update happens
+      # by first deleting the existing group if it exists then creating it
+      # again with all of the specified servers.
+      #
+      # @param [String] name The name of the server group to update
+      #
+      # @param [Array<Hash<Symbol,Object>>] servers The array of servers to
+      #   associate with the server group.  This hash should have at least the
+      #   :hostname key.
+      #
+      # @api public
+      #
+      # @return [Boolean] true if no errors
+      def update_server_group(opts = {})
+        cmd = "aaa group server radius #{opts[:name]}"
+        api.config("no #{cmd}")
+        cmds = [cmd]
+        opts[:servers].each do |hsh|
+          server = "server #{hsh[:hostname]}"
+          server << " auth-port #{hsh[:auth_port] || DEFAULT_AUTH_PORT}"
+          server << " acct-port #{hsh[:acct_port] || DEFAULT_ACCT_PORT}"
+          cmds << server
+        end
+        result = api.config(cmds)
+        !result.find { |r| r != {} }
+      end
+
+      ##
+      # remove_server_group removes a radius server group by name.  This API
+      # call maps to the `no aaa group server radius <name>` command.
+      #
+      # @option opts [String] :name ('RAD-SV2') The name of the radius server
+      #   group to remove.
+      #
+      # @api public
+      #
+      # @return [Boolean] true if no errors
+      def remove_server_group(opts = {})
+        result = api.config("no aaa group server radius #{opts[:name]}")
+        result == [{}]
+      end
+
+      ##
+      # update_server configures a radius server resource on the target device.
+      # This API method maps to the `radius server host` command, e.g.
+      # `radius-server host 10.11.12.13 auth-port 1024 acct-port 2048 timeout
+      # 30 retransmit 5 key 7 011204070A5955`
+      #
+      # @api public
+      #
+      # @return [Boolean] true if there are no errors
+      def update_server(opts = {})
+        retransmit = opts[:retransmit_count]
+        key_format = opts[:key_format] || 7
+        cmd = "radius-server host #{opts[:hostname]}"
+        cmd << " auth-port #{opts[:auth_port]}"   if opts[:auth_port]
+        cmd << " acct-port #{opts[:acct_port]}"   if opts[:acct_port]
+        cmd << " timeout #{opts[:timeout]}"       if opts[:timeout]
+        cmd << " deadtime #{opts[:deadtime]}"     if opts[:deadtime]
+        cmd << " retransmit #{retransmit}"        if retransmit
+        cmd << " key #{key_format} #{opts[:key]}" if opts[:key]
+        result = api.config(cmd)
+        result == [{}]
+      end
+
+      ##
+      # remove_server removes the SNMP server identified by the hostname,
+      # auth_port, and acct_port attributes.
+      #
+      # @api public
+      #
+      # @return [Boolean] true if no errors
+      def remove_server(opts = {})
+        cmd = "no radius-server host #{opts[:hostname]}"
+        cmd << " auth-port #{opts[:auth_port]}" if opts[:auth_port]
+        cmd << " acct-port #{opts[:acct_port]}" if opts[:acct_port]
+        result = api.config(cmd)
+        result == [{}]
+      end
+
+      ##
+      # radius_global_defaults returns the default values for the radius_global
+      # resource.  This is in a single method to keep the information in one
+      # place.  If a value is explicitly configured to be the same as a default
+      # value it will not show up in the running configuration and as a result
+      # will not be parsed out by the parse instance methods.  This method
+      # exposes the default values.
+      #
+      # @return [Array<Hash>] Single element Array of resource hashes
+      def radius_global_defaults
+        {
+          name: 'settings',
+          enable: true,
+          timeout: 5,
+          retransmit_count: 3
+        }
+      end
+      private :radius_global_defaults
+
+      ##
+      # parse_global_key takes a running configuration as a string and
+      # parses out the radius global key and global key format if it exists in
+      # the configuration.  An empty Hash is returned if there is no global key
+      # configured.  The intent of the Hash is to be merged into a property
+      # hash.
+      #
+      # @param [String] config The running configuration as a single string.
+      #
+      # @api private
+      #
+      # @return [Hash<Symbol,Object>] resource hash attributes
+      def parse_global_key(config)
+        rsrc_hsh = {}
+        (key_format, key) = config.scan(/radius-server key (\d+) (\w+)/).first
+        rsrc_hsh[:key_format] = key_format.to_i if key_format
+        rsrc_hsh[:key] = key if key
+        rsrc_hsh
+      end
+      private :parse_global_key
+
+      ##
+      # parse_global_timeout takes a running configuration as a string
+      # and parses out the radius global timeout if it exists in the
+      # configuration.  An empty Hash is returned if there is no global timeout
+      # value configured.  The intent of the Hash is to be merged into a
+      # property hash.
+      #
+      # @param [String] config The running configuration as a single string.
+      #
+      # @api private
+      #
+      # @return [Hash<Symbol,Object>] resource hash attributes
+      def parse_global_timeout(config)
+        rsrc_hsh = {}
+        timeout = config.scan(/radius-server timeout (\d+)/).first
+        # EOS default is 5 (does not show up in the running config)
+        rsrc_hsh[:timeout] = timeout.first.to_i if timeout
+        rsrc_hsh
+      end
+      private :parse_global_timeout
+
+      ##
+      # parse_global_retransmit takes a running configuration as a string and
+      # parses out the radius global retransmit count value if it exists in the
+      # configuration.  An empty Hash is returned if there is no global timeout
+      # value configured.  The intent of the Hash is to be merged into a
+      # property hash.
+      #
+      # @param [String] config The running configuration as a single string.
+      #
+      # @api private
+      #
+      # @return [Hash<Symbol,Object>] resource hash attributes
+      def parse_global_retransmit(config)
+        rsrc_hsh = {}
+        count = config.scan(/radius-server retransmit (\d+)/).first
+        # EOS default is 3 (does not show up in the running config)
+        rsrc_hsh[:retransmit_count] = count.first.to_i if count
+        rsrc_hsh
+      end
+      private :parse_global_retransmit
+
+      ##
+      # set_global_key configures the radius default key.  This method maps to
+      # the `radius-server key` EOS configuration command, e.g. `radius-server
+      # key 7 070E234F1F5B4A`.
+      #
+      # @option opts [String] :key ('070E234F1F5B4A') The key value
+      #
+      # @option opts [Fixnum] :key_format (7) The key format, 0 for plaintext
+      #   and 7 for a hashed value.  7 will be assumed if this option is not
+      #   provided.
+      #
+      # @api public
+      #
+      # @return [Boolean] true if no errors
+      def set_global_key(opts = {})
+        format = opts[:key_format] || 7
+        key = opts[:key]
+        fail ArgumentError, 'key option is required' unless key
+        result = api.config("radius-server key #{format} #{key}")
+        result == [{}]
+      end
+
+      ##
+      # set_timeout configures the radius default timeout.  This method maps to
+      # the `radius-server timeout` setting.
+      #
+      # @option opts [Fixnum] :timeout (50) The timeout in seconds to
+      #   configure.
+      #
+      # @api public
+      #
+      # @return [Boolean] true if no errors
+      def set_timeout(opts = {})
+        timeout = opts[:timeout]
+        fail ArgumentError, 'timeout option is required' unless timeout
+        result = api.config("radius-server timeout #{timeout}")
+        result == [{}]
+      end
+
+      ##
+      # set_retransmit_count configures the radius default retransmit count.
+      # This method maps to the `radius-server retransmit` configuration
+      # command.
+      #
+      # @option opts [Fixnum] :retransmit_count (4) The number of times to
+      #   retry an unresponsive server after the first timeout period.
+      #
+      # @api public
+      #
+      # @return [Boolean] true if no errors
+      def set_retransmit_count(opts = {})
+        retransmit_count = opts[:retransmit_count]
+        fail ArgumentError,
+          'retransmit_count option is required' unless retransmit_count
+        result = api.config("radius-server retransmit #{retransmit_count}")
+        result == [{}]
+      end
+    end
+  end
+end