Class: Cisco::AaaAuthenticationLoginService

Inherits:
NodeUtil
  • Object
show all
Defined in:
lib/cisco_node_utils/aaa_authentication_login_service.rb

Overview

NXAPI implementation of AAA Authentication Login Service class

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from NodeUtil

#client, client, #config_get, config_get, #config_get_default, config_get_default, config_set, #config_set, #get, #ios_xr?, #nexus?, node, #node, platform, #platform, supports?, #supports?

Constructor Details

#initialize(name, create = true) ⇒ AaaAuthenticationLoginService


27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'lib/cisco_node_utils/aaa_authentication_login_service.rb', line 27

def initialize(name, create=true)
  fail TypeError unless name.is_a? String
  # only console and default are supported currently
  fail ArgumentError unless %w(console default).include? name
  @name = name

  # console needs to be explicitly created before it appears in
  # "show run aaa all" but oddly not before it shows up in
  # "show aaa authentication"
  return unless create
  m = default_method.to_s
  config_set('aaa_auth_login_service', 'method', '', name, m)
end

Instance Attribute Details

#nameObject (readonly)

Returns the value of attribute name


25
26
27
# File 'lib/cisco_node_utils/aaa_authentication_login_service.rb', line 25

def name
  @name
end

Class Method Details

.servicesObject


41
42
43
44
45
46
47
48
49
50
# File 'lib/cisco_node_utils/aaa_authentication_login_service.rb', line 41

def self.services
  servs = {}
  servs_arr = config_get('aaa_auth_login_service', 'services')
  unless servs_arr.nil?
    servs_arr.each do |s|
      servs[s] = AaaAuthenticationLoginService.new(s, false)
    end
  end
  servs
end

Instance Method Details

#default_groupsObject

default is []


99
100
101
# File 'lib/cisco_node_utils/aaa_authentication_login_service.rb', line 99

def default_groups
  config_get_default('aaa_auth_login_service', 'groups')
end

#default_methodObject

default is :local


109
110
111
# File 'lib/cisco_node_utils/aaa_authentication_login_service.rb', line 109

def default_method
  config_get_default('aaa_auth_login_service', 'method')
end

#destroyObject


52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# File 'lib/cisco_node_utils/aaa_authentication_login_service.rb', line 52

def destroy
  # must specify exact current config string to unconfigure
  m = method
  m_str = m == :unselected ? '' : m.to_s
  g_str = groups.join(' ')

  if g_str.empty?
    # cannot remove default local, so do nothing in this case
    unless m == :local
      unless node.product_id[/N(3|9)K-F/]
        # TBD: These 'no' commands currently error on N(3|9)K-F
        #   no aaa authentication login console local
        #   no aaa authentication login console none
        config_set('aaa_auth_login_service', 'method',
                   'no', @name, m_str)
      end
    end
  else
    config_set('aaa_auth_login_service', 'groups',
               'no', @name, g_str, m_str)
  end
end

#groupsObject

groups aren't retrieved via the usual CLI regex memory method because there can be an arbitrary number of groups and specifying a repeating memory regex only captures the last match ex: aaa authentication login default group group1 group2 group3 none


79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# File 'lib/cisco_node_utils/aaa_authentication_login_service.rb', line 79

def groups
  # config_get returns the following format:
  # [{service:"default",method:"group group1 none "},
  #  {service:"console",method:"local "}]
  hsh_arr = config_get('aaa_auth_login_service', 'groups')
  fail 'unable to retrieve aaa groups information' if hsh_arr.empty?
  hsh = hsh_arr.find { |x| x['service'] == @name }
  # this should never happen unless @name is invalid
  fail "no aaa info found for service #{@name}" if hsh.nil?
  fail "no method found for #{@name} - api or feature change?" unless
    hsh.key? 'method'
  # ex: ["group", "group1", "local"] or maybe ["none"]
  grps = hsh['method'].strip.split
  return [] if grps.size == 1
  # remove local, none, group keywords
  grps -= %w(none local group)
  grps
end

#groups_method_set(grps, m) ⇒ Object

groups and method must be set in the same CLI string aaa authentication login { console | default } /

none | local | group <group1 [group2, ...]> [none]

116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# File 'lib/cisco_node_utils/aaa_authentication_login_service.rb', line 116

def groups_method_set(grps, m)
  fail TypeError unless grps.is_a? Array
  fail TypeError unless grps.all? { |x| x.is_a? String }
  fail TypeError unless m.is_a? Symbol
  # only the following 3 are supported (unselected = blank)
  fail ArgumentError unless [:none, :local, :unselected].include? m

  fail "method 'local' not allowed when groups are configured" if
    m == :local && !grps.empty?
  m_str = m == :unselected ? '' : m.to_s
  g_str = grps.join(' ')

  # config_set depends on whether we're setting groups or not
  if g_str.empty?
    config_set('aaa_auth_login_service', 'method',
               '', @name, m_str)
  else
    config_set('aaa_auth_login_service', 'groups',
               '', @name, g_str, m_str)
  end
end

#methodObject


103
104
105
106
# File 'lib/cisco_node_utils/aaa_authentication_login_service.rb', line 103

def method
  m = config_get('aaa_auth_login_service', 'method', @name)
  m.nil? ? :unselected : m.to_sym
end