Class: Rbeapi::Api::Tacacs

Inherits:
Entity
  • Object
show all
Defined in:
lib/rbeapi/api/tacacs.rb

Overview

Tacacs provides instance methods to retrieve and set tacacs configuration values.

Constant Summary collapse

DEFAULT_KEY_FORMAT =
0
DEFAULT_KEY =
nil
SERVER_REGEXP =

Regular expression to extract a tacacs server's attributes from the running-configuration text. The explicit [ ] spaces enable line wrappping and indentation with the /x flag.

/tacacs-server[ ]host[ ]([^\s]+)
(?:[ ](single-connection))?
(?:[ ]vrf[ ]([^\s]+))?
(?:[ ]port[ ](\d+))?
(?:[ ]timeout[ ](\d+))?
(?:[ ]key[ ](\d+)[ ](\w+))?\s/x
DEFAULT_PORT =

Default Tacacs TCP port

49

Instance Attribute Summary

Attributes inherited from Entity

#config, #error, #node

Instance Method Summary collapse

Methods inherited from Entity

#configure, #get_block, #initialize, instance

Constructor Details

This class inherits a constructor from Rbeapi::Api::Entity

Instance Method Details

#getArray<Hash>

getall Returns an Array with a single resource Hash describing the current state of the global tacacs configuration on the target device. This method is intended to be used by a provider's instances class method.

The resource hash returned contains the following information:

* name: ('settings')
* enable: (true | false) if tacacs functionality is enabled.  This is
  always true for EOS.
* key: (String) the key either in plaintext or hashed format
* key_format: (Integer) e.g. 0 or 7
* timeout: (Integer) seconds before the timeout period ends

77
78
79
80
81
82
83
# File 'lib/rbeapi/api/tacacs.rb', line 77

def get
  global = {}
  global.merge!(parse_global_timeout)
  global.merge!(parse_global_key)
  resource = { global: global, servers: servers }
  resource
end

#remove_server(opts = {}) ⇒ Boolean

remove_server removes the tacacs server identified by the hostname, and port attributes.


229
230
231
232
233
# File 'lib/rbeapi/api/tacacs.rb', line 229

def remove_server(opts = {})
  cmd = "no tacacs-server host #{opts[:hostname]}"
  cmd << " port #{opts[:port]}" if opts[:port]
  configure cmd
end

#serversArray<Hash<Symbol,Object>>

servers returns an Array of tacacs server resource hashes. Each hash describes the current state of the tacacs server and is suitable for use in initializing a tacacs_server provider.

The resource hash returned contains the following information:

* hostname: hostname or ip address, part of the identifier
* port: (Fixnum) TCP port of the server, part of the identifier
* key: (String) the key either in plaintext or hashed format
* key_format: (Fixnum) e.g. 0 or 7
* timeout: (Fixnum) seconds before the timeout period ends
* multiplex: (Boolean) true when configured to make requests through a
  single connection

142
143
144
145
146
147
148
149
150
151
152
153
154
155
# File 'lib/rbeapi/api/tacacs.rb', line 142

def servers
  tuples = config.scan(SERVER_REGEXP)
  tuples.map do |(host, mplex, vrf, port, tout, keyfm, key)|
    hsh = {}
    hsh[:hostname]         = host
    hsh[:vrf]              = vrf
    hsh[:port]             = port.to_i
    hsh[:timeout]          = tout.to_i
    hsh[:key_format]       = keyfm.to_i
    hsh[:key]              = key
    hsh[:multiplex]        = mplex ? true : false
    hsh
  end
end

#set_global_key(opts = {}) ⇒ Boolean

set_global_key configures the tacacs default key. This method maps to the `tacacs-server key` EOS configuration command, e.g. `tacacs-server key 7 070E234F1F5B4A`.

Options Hash (opts):

  • :key (String) — default: '070E234F1F5B4A'

    The key value

  • :key_format (Fixnum) — default: 7

    The key format, 0 for plaintext and 7 for a hashed value. 7 will be assumed if this option is not provided.


171
172
173
174
175
176
177
# File 'lib/rbeapi/api/tacacs.rb', line 171

def set_global_key(opts = {})
  format = opts[:key_format]
  key = opts[:key]
  fail ArgumentError, 'key option is required' unless key
  result = api.config("tacacs-server key #{format} #{key}")
  result == [{}]
end

#set_global_timeout(opts = {}) ⇒ Boolean

set_timeout configures the tacacs default timeout. This method maps to the `tacacs-server timeout` setting.

Options Hash (opts):

  • :timeout (Fixnum) — default: 50

    The timeout in seconds to configure.


189
190
191
192
193
194
195
196
197
198
199
200
201
# File 'lib/rbeapi/api/tacacs.rb', line 189

def set_global_timeout(opts = {})
  value = opts[:value]
  default = opts[:default] || false

  case default
  when true
      cmds = 'default tacacs-server timeout'
  when false
      cmds = value ? "tacacs-server timeout #{value}" :
                     'no tacacs-server timeout'
  end
  configure cmds
end

#update_server(opts = {}) ⇒ Boolean

update_server configures a tacacs server resource on the target device. This API method maps to the `tacacs server host` command, e.g. `tacacs-server host 1.2.3.4 single-connection port 4949 timeout 6 key 7 06070D221D1C5A`


212
213
214
215
216
217
218
219
220
# File 'lib/rbeapi/api/tacacs.rb', line 212

def update_server(opts = {})
  key_format = opts[:key_format] || 7
  cmd = "tacacs-server host #{opts[:hostname]}"
  cmd << ' single-connection'               if opts[:multiplex]
  cmd << " port #{opts[:port]}"             if opts[:port]
  cmd << " timeout #{opts[:timeout]}"       if opts[:timeout]
  cmd << " key #{key_format} #{opts[:key]}" if opts[:key]
  configure cmd
end