Class: PuppetX::Eos::Tacacs

Inherits:
ModuleBase show all
Defined in:
lib/puppet_x/eos/modules/tacacs.rb

Overview

Tacacs provides instance methods to retrieve and set tacacs configuration values.

Constant Summary collapse

SERVER_REGEXP =

Regular expression to extract a tacacs server’s attributes from the running-configuration text. The explicit [ ] spaces enable line wrappping and indentation with the /x flag.

/tacacs-server[ ]host[ ](.*?)
(?:[ ](single-connection))?
(?:[ ]port[ ](\d+))?
(?:[ ]timeout[ ](\d+))?
(?:[ ]key[ ](\d+)[ ](\w+))?\s/x
DEFAULT_PORT =

Default Tacacs TCP port

49
SERVER_GROUP_REGEXP =

Regular expression to extract a tacacs server’s attributes from the running-configuration text. The explicit [ ] spaces enable line wrappping and indentation with the /x flag.

/aaa group server tacacs[+]? (.*)/
GROUP_MEMBER_REGEXP =

FIXME Needs to be updated

/server[ ](.*?)
(?:[ ]vrf[ ]([^ ]+))?
(?:[ ]port[ ](\d+))?\s/x

Instance Attribute Summary

Attributes inherited from ModuleBase

#api

Instance Method Summary collapse

Methods inherited from ModuleBase

#initialize, #running_configuration

Constructor Details

This class inherits a constructor from PuppetX::Eos::ModuleBase

Instance Method Details

#getallArray<Hash>

getall Returns an Array with a single resource Hash describing the current state of the global tacacs configuration on the target device. This method is intended to be used by a provider’s instances class method.

The resource hash returned contains the following information:

* name: ('settings')
* enable: (true | false) if tacacs functionality is enabled.  This is
  always true for EOS.
* key: (String) the key either in plaintext or hashed format
* key_format: (Integer) e.g. 0 or 7
* timeout: (Integer) seconds before the timeout period ends



50
51
52
53
54
55
56
 
# File 'lib/puppet_x/eos/modules/tacacs.rb', line 50

def getall
  config = running_configuration
  rsrc_hsh = tacacs_global_defaults
  rsrc_hsh.merge!(parse_global_key(config))
  rsrc_hsh.merge!(parse_global_timeout(config))
  [rsrc_hsh]
end

#parse_group_servers(config, name) ⇒ Array<Hash<Symbol,Object>] Array of server attributes

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

parse_group_servers parses the list of servers associated with a tacacs server group given a group name and a running configuration text.



217
218
219
220
221
222
223
224
 
# File 'lib/puppet_x/eos/modules/tacacs.rb', line 217

def parse_group_servers(config, name)
  regexp = /aaa group server tacacs[+] #{name}(.*?)!/m
  mdata = regexp.match(config)
  tuples = mdata[1].scan(GROUP_MEMBER_REGEXP)
  tuples.collect do |(hostname, vrf, port)|
    { hostname: hostname, port: port ? port.to_i : DEFAULT_PORT }
  end
end

#remove_server(opts = {}) ⇒ Boolean

remove_server removes the tacacs server identified by the hostname, and port attributes.



294
295
296
297
298
299
 
# File 'lib/puppet_x/eos/modules/tacacs.rb', line 294

def remove_server(opts = {})
  cmd = "no tacacs-server host #{opts[:hostname]}"
  cmd << " port #{opts[:port]}" if opts[:port]
  result = api.config(cmd)
  result == [{}]
end

#remove_server_group(opts = {}) ⇒ Boolean

remove_server_group removes a tacacs server group by name. This API call maps to the ‘no aaa group server tacacs <name>` command.

Options Hash (opts):

  • :name (String) — default: 'TAC-GR'

    The name of the tacacs server group to remove.



262
263
264
265
 
# File 'lib/puppet_x/eos/modules/tacacs.rb', line 262

def remove_server_group(opts = {})
  result = api.config("no aaa group server tacacs+ #{opts[:name]}")
  result == [{}]
end

#server_groupsArray<Hash<Symbol,Object>>

server_groups retrieves a list of tacacs server groups from the target device.



197
198
199
200
201
202
203
204
 
# File 'lib/puppet_x/eos/modules/tacacs.rb', line 197

def server_groups
  config = running_configuration
  regexp = SERVER_GROUP_REGEXP
  tuples = config.scan(regexp)
  tuples.map do |(name)|
    { name: name, servers: parse_group_servers(config, name) }
  end
end

#serversArray<Hash<Symbol,Object>>

servers returns an Array of tacacs server resource hashes. Each hash describes the current state of the tacacs server and is suitable for use in initializing a tacacs_server provider.

The resource hash returned contains the following information:

* hostname: hostname or ip address, part of the identifier
* port: (Fixnum) TCP port of the server, part of the identifier
* key: (String) the key either in plaintext or hashed format
* key_format: (Fixnum) e.g. 0 or 7
* timeout: (Fixnum) seconds before the timeout period ends
* multiplex: (Boolean) true when configured to make requests through a
  single connection



175
176
177
178
179
180
181
182
183
184
185
186
187
188
 
# File 'lib/puppet_x/eos/modules/tacacs.rb', line 175

def servers
  config = running_configuration
  tuples = config.scan(SERVER_REGEXP)
  tuples.map do |(host, mplex, port, tout, keyfm, key)|
    hsh = { port: DEFAULT_PORT }
    hsh[:hostname]         = host       if host
    hsh[:port]             = port.to_i  if port
    hsh[:timeout]          = tout.to_i  if tout
    hsh[:key_format]       = keyfm.to_i if keyfm
    hsh[:key]              = key        if key
    hsh[:multiplex]        = mplex ? true : false
    hsh
  end
end

#set_global_key(opts = {}) ⇒ Boolean

set_global_key configures the tacacs default key. This method maps to the ‘tacacs-server key` EOS configuration command, e.g. `tacacs-server key 7 070E234F1F5B4A`.

Options Hash (opts):

  • :key (String) — default: '070E234F1F5B4A'

    The key value

  • :key_format (Fixnum) — default: 7

    The key format, 0 for plaintext and 7 for a hashed value. 7 will be assumed if this option is not provided.



132
133
134
135
136
137
138
 
# File 'lib/puppet_x/eos/modules/tacacs.rb', line 132

def set_global_key(opts = {})
  format = opts[:key_format] || 7
  key = opts[:key]
  fail ArgumentError, 'key option is required' unless key
  result = api.config("tacacs-server key #{format} #{key}")
  result == [{}]
end

#set_timeout(opts = {}) ⇒ Boolean

set_timeout configures the tacacs default timeout. This method maps to the ‘tacacs-server timeout` setting.

Options Hash (opts):

  • :timeout (Fixnum) — default: 50

    The timeout in seconds to configure.



150
151
152
153
154
155
 
# File 'lib/puppet_x/eos/modules/tacacs.rb', line 150

def set_timeout(opts = {})
  timeout = opts[:timeout]
  fail ArgumentError, 'timeout option is required' unless timeout
  result = api.config("tacacs-server timeout #{timeout}")
  result == [{}]
end

#update_server(opts = {}) ⇒ Boolean

update_server configures a tacacs server resource on the target device. This API method maps to the ‘tacacs server host` command, e.g. `tacacs-server host 1.2.3.4 single-connection port 4949 timeout 6 key 7 06070D221D1C5A`



276
277
278
279
280
281
282
283
284
285
 
# File 'lib/puppet_x/eos/modules/tacacs.rb', line 276

def update_server(opts = {})
  key_format = opts[:key_format] || 7
  cmd = "tacacs-server host #{opts[:hostname]}"
  cmd << ' single-connection'               if opts[:multiplex]
  cmd << " port #{opts[:port]}"             if opts[:port]
  cmd << " timeout #{opts[:timeout]}"       if opts[:timeout]
  cmd << " key #{key_format} #{opts[:key]}" if opts[:key]
  result = api.config(cmd)
  result == [{}]
end

#update_server_group(opts = {}) ⇒ Boolean

update_server_group updates a tacacs server group given an Array of server attributes and the name of the server group. The update happens by first deleting the existing group if it exists then creating it again with all of the specified servers.



241
242
243
244
245
246
247
248
249
250
 
# File 'lib/puppet_x/eos/modules/tacacs.rb', line 241

def update_server_group(opts = {})
  cmd = "aaa group server tacacs+ #{opts[:name]}"
  api.config("no #{cmd}")
  cmds = [cmd]
  opts[:servers].each do |hsh|
    cmds << "server #{hsh[:hostname]} port #{hsh[:port] || DEFAULT_PORT}"
  end
  result = api.config(cmds)
  !result.find { |r| r != {} }
end