Class: PuppetX::Eos::Radius

Inherits:

ModuleBase

• Object
• ModuleBase
• PuppetX::Eos::Radius

Defined in:

lib/puppet_x/eos/modules/radius.rb

Overview

Radius provides instance methods to retrieve and set radius configuration values.

Constant Summary

DEFAULT_AUTH_PORT =

1812

DEFAULT_ACCT_PORT =

1813

SERVER_REGEXP =

Regular expression to extract a radius server’s attributes from the running-configuration text. The explicit [ ] spaces enable line wrappping and indentation with the /x flag.

/radius-server[ ]host[ ](.*?)
(?:[ ]auth-port[ ](\d+))?
(?:[ ]acct-port[ ](\d+))?
(?:[ ]timeout[ ](\d+))?
(?:[ ]deadtime[ ](\d+))?
(?:[ ]retransmit[ ](\d+))?
(?:[ ]key[ ](\d+)[ ](\w+))?\s/x

GROUP_MEMBER_REGEXP =

/server[ ](.*?)
(?:[ ]auth-port[ ](\d+))?
(?:[ ]acct-port[ ](\d+))?\s/x

SERVER_GROUP_REGEXP =

Regular expression to extract a radius server’s attributes from the running-configuration text. The explicit [ ] spaces enable line wrappping and indentation with the /x flag.

/aaa group server radius (.*)/

Instance Attribute Summary

Attributes inherited from ModuleBase

#api

Instance Method Summary

• #getall ⇒ Array<Hash>

  getall Returns an Array with a single resource Hash describing the current state of the global radius configuration on the target device.

• #parse_group_servers(config, name) ⇒ Array<Hash<Symbol,Object>] Array of server attributes private

  parse_group_servers parses the list of servers associated with a radius server group given a group name and a running configuration text.

• #remove_server(opts = {}) ⇒ Boolean

  remove_server removes the SNMP server identified by the hostname, auth_port, and acct_port attributes.

• #remove_server_group(opts = {}) ⇒ Boolean

  remove_server_group removes a radius server group by name.

• #server_groups ⇒ Array<Hash<Symbol,Object>>

  server_groups retrieves a list of radius server groups from the target device.

• #servers ⇒ Array<Hash<Symbol,Object>>

  servers returns an Array of radius server resource hashes.

• #set_global_key(opts = {}) ⇒ Boolean

  set_global_key configures the radius default key.

• #set_retransmit_count(opts = {}) ⇒ Boolean

  set_retransmit_count configures the radius default retransmit count.

• #set_timeout(opts = {}) ⇒ Boolean

  set_timeout configures the radius default timeout.

• #update_server(opts = {}) ⇒ Boolean

  update_server configures a radius server resource on the target device.

• #update_server_group(opts = {}) ⇒ Boolean

  update_server_group updates a radius server group given an Array of server attributes and the name of the server group.

Methods inherited from ModuleBase

#initialize, #running_configuration

Constructor Details

This class inherits a constructor from PuppetX::Eos::ModuleBase

Instance Method Details

#getall ⇒ Array<Hash>

getall Returns an Array with a single resource Hash describing the current state of the global radius configuration on the target device. This method is intended to be used by a provider’s instances class method.

The resource hash returned contains the following information:

* name: ('settings')
* enable: (true | false) if radius functionality is enabled.  This is
  always true for EOS.
* key: (String) the key either in plaintext or hashed format
* key_format: (Integer) e.g. 0 or 7
* timeout: (Integer) seconds before the timeout period ends
* retransmit_count: (Integer), e.g. 3, attempts after first timeout
  expiry.

Returns:

• (Array<Hash>) —

  Single element Array of resource hashes

# File 'lib/puppet_x/eos/modules/radius.rb', line 53

def getall
  config = running_configuration
  rsrc_hsh = radius_global_defaults
  rsrc_hsh.merge!(parse_global_key(config))
  rsrc_hsh.merge!(parse_global_timeout(config))
  rsrc_hsh.merge!(parse_global_retransmit(config))
  [rsrc_hsh]
end

#parse_group_servers(config, name) ⇒ Array<Hash<Symbol,Object>] Array of server attributes

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

parse_group_servers parses the list of servers associated with a radius server group given a group name and a running configuration text.

Parameters:

• config (String) —

  The running configuration text.

• name (String) —

  The name of the server group to parse.

Returns:

• (Array<Hash<Symbol,Object>] Array of server attributes) —

  Array<Hash<Symbol,Object>] Array of server attributes

# File 'lib/puppet_x/eos/modules/radius.rb', line 127

def parse_group_servers(config, name)
  regexp = /aaa group server radius #{name}(.*?)!/m
  mdata = regexp.match(config)
  if mdata
    tuples = mdata[1].scan(GROUP_MEMBER_REGEXP)
    tuples.collect do |(hostname, auth_port, acct_port)|
      {
        hostname: hostname,
        auth_port: auth_port ? auth_port.to_i : DEFAULT_AUTH_PORT,
        acct_port: acct_port ? acct_port.to_i : DEFAULT_ACCT_PORT
      }
    end
  else
    Array.new
  end
end

#remove_server(opts = {}) ⇒ Boolean

remove_server removes the SNMP server identified by the hostname, auth_port, and acct_port attributes.

Returns:

• (Boolean) —

  true if no errors

# File 'lib/puppet_x/eos/modules/radius.rb', line 218

def remove_server(opts = {})
  cmd = "no radius-server host #{opts[:hostname]}"
  cmd << " auth-port #{opts[:auth_port]}" if opts[:auth_port]
  cmd << " acct-port #{opts[:acct_port]}" if opts[:acct_port]
  result = api.config(cmd)
  result == [{}]
end

#remove_server_group(opts = {}) ⇒ Boolean

remove_server_group removes a radius server group by name. This API call maps to the ‘no aaa group server radius <name>` command.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :name (String) — default: 'RAD-SV2' —

  The name of the radius server group to remove.

Returns:

• (Boolean) —

  true if no errors

# File 'lib/puppet_x/eos/modules/radius.rb', line 183

def remove_server_group(opts = {})
  result = api.config("no aaa group server radius #{opts[:name]}")
  result == [{}]
end

#server_groups ⇒ Array<Hash<Symbol,Object>>

server_groups retrieves a list of radius server groups from the target device.

Returns:

• (Array<Hash<Symbol,Object>>) —

  Array of resource hashes

# File 'lib/puppet_x/eos/modules/radius.rb', line 108

def server_groups
  config = running_configuration
  tuples = config.scan(SERVER_GROUP_REGEXP)
  tuples.map do |(name)|
    { name: name, servers: parse_group_servers(config, name) }
  end
end

#servers ⇒ Array<Hash<Symbol,Object>>

servers returns an Array of radius server resource hashes. Each hash describes the current state of the radius server and is suitable for use in initializing a radius_server provider.

The resource hash returned contains the following information:

* hostname: hostname or ip address
* key: (String) the key either in plaintext or hashed format
* key_format: (Fixnum) e.g. 0 or 7
* timeout: (Fixnum) seconds before the timeout period ends
* retransmit_count: (Integer), e.g. 3, attempts after first timeout
  expiry.
* group: (String) Server group associated with this server.
* deadtime: (Fixnum) number of minutes to ignore an unresponsive
 server.
* acct_port: (Fixnum) Port number to use for accounting.
* accounting_only: (Boolean) Enable this server for accounting only.
* auth_port: (Fixnum) Port number to use for authentication

Returns:

• (Array<Hash<Symbol,Object>>) —

  Array of resource hashes

# File 'lib/puppet_x/eos/modules/radius.rb', line 84

def servers
  config = running_configuration
  tuples = config.scan(SERVER_REGEXP)
  tuples.map do |(host, authp, acctp, tout, dead, tries, keyfm, key)|
    hsh = { auth_port: DEFAULT_AUTH_PORT, acct_port: DEFAULT_ACCT_PORT }
    hsh[:hostname]         = host       if host
    hsh[:auth_port]        = authp.to_i if authp
    hsh[:acct_port]        = acctp.to_i if acctp
    hsh[:timeout]          = tout.to_i  if tout
    hsh[:retransmit_count] = tries.to_i if tries
    hsh[:deadtime]         = dead.to_i  if dead
    hsh[:key_format]       = keyfm.to_i if keyfm
    hsh[:key]              = key        if key
    hsh
  end
end

#set_global_key(opts = {}) ⇒ Boolean

set_global_key configures the radius default key. This method maps to the ‘radius-server key` EOS configuration command, e.g. `radius-server key 7 070E234F1F5B4A`.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :key (String) — default: '070E234F1F5B4A' —

  The key value

• :key_format (Fixnum) — default: 7 —

  The key format, 0 for plaintext and 7 for a hashed value. 7 will be assumed if this option is not provided.

Returns:

• (Boolean) —

  true if no errors

# File 'lib/puppet_x/eos/modules/radius.rb', line 322

def set_global_key(opts = {})
  format = opts[:key_format] || 7
  key = opts[:key]
  fail ArgumentError, 'key option is required' unless key
  result = api.config("radius-server key #{format} #{key}")
  result == [{}]
end

#set_retransmit_count(opts = {}) ⇒ Boolean

set_retransmit_count configures the radius default retransmit count. This method maps to the ‘radius-server retransmit` configuration command.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :retransmit_count (Fixnum) — default: 4 —

  The number of times to retry an unresponsive server after the first timeout period.

Returns:

• (Boolean) —

  true if no errors

# File 'lib/puppet_x/eos/modules/radius.rb', line 358

def set_retransmit_count(opts = {})
  retransmit_count = opts[:retransmit_count]
  fail ArgumentError,
    'retransmit_count option is required' unless retransmit_count
  result = api.config("radius-server retransmit #{retransmit_count}")
  result == [{}]
end

#set_timeout(opts = {}) ⇒ Boolean

set_timeout configures the radius default timeout. This method maps to the ‘radius-server timeout` setting.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :timeout (Fixnum) — default: 50 —

  The timeout in seconds to configure.

Returns:

• (Boolean) —

  true if no errors

# File 'lib/puppet_x/eos/modules/radius.rb', line 340

def set_timeout(opts = {})
  timeout = opts[:timeout]
  fail ArgumentError, 'timeout option is required' unless timeout
  result = api.config("radius-server timeout #{timeout}")
  result == [{}]
end

#update_server(opts = {}) ⇒ Boolean

update_server configures a radius server resource on the target device. This API method maps to the ‘radius server host` command, e.g. `radius-server host 10.11.12.13 auth-port 1024 acct-port 2048 timeout 30 retransmit 5 key 7 011204070A5955`

Returns:

• (Boolean) —

  true if there are no errors

# File 'lib/puppet_x/eos/modules/radius.rb', line 197

def update_server(opts = {})
  retransmit = opts[:retransmit_count]
  key_format = opts[:key_format] || 7
  cmd = "radius-server host #{opts[:hostname]}"
  cmd << " auth-port #{opts[:auth_port]}"   if opts[:auth_port]
  cmd << " acct-port #{opts[:acct_port]}"   if opts[:acct_port]
  cmd << " timeout #{opts[:timeout]}"       if opts[:timeout]
  cmd << " deadtime #{opts[:deadtime]}"     if opts[:deadtime]
  cmd << " retransmit #{retransmit}"        if retransmit
  cmd << " key #{key_format} #{opts[:key]}" if opts[:key]
  result = api.config(cmd)
  result == [{}]
end

#update_server_group(opts = {}) ⇒ Boolean

update_server_group updates a radius server group given an Array of server attributes and the name of the server group. The update happens by first deleting the existing group if it exists then creating it again with all of the specified servers.

Parameters:

• name (String) —

  The name of the server group to update

• servers (Array<Hash<Symbol,Object>>) —

  The array of servers to associate with the server group. This hash should have at least the :hostname key.

Returns:

• (Boolean) —

  true if no errors

# File 'lib/puppet_x/eos/modules/radius.rb', line 159

def update_server_group(opts = {})
  cmd = "aaa group server radius #{opts[:name]}"
  api.config("no #{cmd}")
  cmds = [cmd]
  opts[:servers].each do |hsh|
    server = "server #{hsh[:hostname]}"
    server << " auth-port #{hsh[:auth_port] || DEFAULT_AUTH_PORT}"
    server << " acct-port #{hsh[:acct_port] || DEFAULT_ACCT_PORT}"
    cmds << server
  end
  result = api.config(cmds)
  !result.find { |r| r != {} }
end