Class: Cisco::AaaAuthorizationService

Inherits:

NodeUtil

• Object
• NodeUtil
• Cisco::AaaAuthorizationService

Defined in:

lib/cisco_node_utils/aaa_authorization_service.rb

Overview

AaaAuthorizationService - node util class for aaa authorization management

Instance Attribute Summary

• #name ⇒ Object readonly

  Returns the value of attribute name.

• #type ⇒ Object readonly

  Returns the value of attribute type.

Class Method Summary

• .auth_type_str_to_sym(str) ⇒ Object
• .auth_type_sym_to_str(sym) ⇒ Object
• .remove_local_auth ⇒ Object
• .services ⇒ Object

Instance Method Summary

• #default_groups ⇒ Object

  default is [].

• #default_method ⇒ Object

  default is :local.

• #destroy ⇒ Object
• #groups ⇒ Object

  groups aren’t retrieved via the usual CLI regex memory type because there can be an arbitrary number of groups and specifying a repeating memory regex only captures the last match ex: aaa authorization console group group1 group2 group3 local.

• #groups_method_set(grps, m) ⇒ Object

  groups and method must be set in the same CLI string aaa authorization login <type> <name> / local | group <group1 [group2, …]> [local].

• #initialize(type, name, create = true) ⇒ AaaAuthorizationService constructor

  A new instance of AaaAuthorizationService.

• #method ⇒ Object

Methods inherited from NodeUtil

client, #client, config_get, #config_get, #config_get_default, config_get_default, config_set, #config_set, #get, #ios_xr?, #nexus?, #node, node, platform, #platform, supports?, #supports?

Constructor Details

#initialize(type, name, create = true) ⇒ AaaAuthorizationService

Returns a new instance of AaaAuthorizationService.

# File 'lib/cisco_node_utils/aaa_authorization_service.rb', line 26

def initialize(type, name, create=true)
  fail TypeError unless name.is_a? String
  fail TypeError unless type.is_a? Symbol
  # only console and default are supported currently
  fail ArgumentError unless %w(console default).include? name
  fail ArgumentError unless
    %i(commands config_commands ssh_certificate ssh_publickey).include? type
  @name = name
  @type = type
  type_str = AaaAuthorizationService.auth_type_sym_to_str(type)

  return unless create

  config_set('aaa_authorization_service', 'method', '', type_str, name)
end

Instance Attribute Details

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/cisco_node_utils/aaa_authorization_service.rb', line 24

def name
  @name
end

#type ⇒ Object (readonly)

Returns the value of attribute type.

# File 'lib/cisco_node_utils/aaa_authorization_service.rb', line 24

def type
  @type
end

Class Method Details

.auth_type_str_to_sym(str) ⇒ Object

# File 'lib/cisco_node_utils/aaa_authorization_service.rb', line 152

def self.auth_type_str_to_sym(str)
  str.sub('-', '_').to_sym
end

.auth_type_sym_to_str(sym) ⇒ Object

# File 'lib/cisco_node_utils/aaa_authorization_service.rb', line 148

def self.auth_type_sym_to_str(sym)
  sym.to_s.sub('_', '-')
end

.remove_local_auth ⇒ Object

# File 'lib/cisco_node_utils/aaa_authorization_service.rb', line 42

def self.remove_local_auth
  config_get('aaa_authorization_service', 'remove_local_auth')
end

.services ⇒ Object

# File 'lib/cisco_node_utils/aaa_authorization_service.rb', line 46

def self.services
  servs = {}
  servs_arr = config_get('aaa_authorization_service', 'services')
  unless servs_arr.nil?
    servs_arr.each do |type, name|
      type = auth_type_str_to_sym(type)
      servs[type] ||= {}
      servs[type][name] = AaaAuthorizationService.new(type, name, false)
    end
  end
  servs
end

Instance Method Details

#default_groups ⇒ Object

default is []

# File 'lib/cisco_node_utils/aaa_authorization_service.rb', line 107

def default_groups
  config_get_default('aaa_authorization_service', 'groups')
end

#default_method ⇒ Object

default is :local

# File 'lib/cisco_node_utils/aaa_authorization_service.rb', line 118

def default_method
  config_get_default('aaa_authorization_service', 'method')
end

#destroy ⇒ Object

# File 'lib/cisco_node_utils/aaa_authorization_service.rb', line 59

def destroy
  # must specify exact current config string to unconfigure
  m = method
  m_str = m == :unselected ? '' : m.to_s
  g_str = groups.join(' ')
  t_str = AaaAuthorizationService.auth_type_sym_to_str(@type)

  if g_str.empty?
    # cannot remove no groups + local, so do nothing in this case
    unless m == :local
      config_set('aaa_authorization_service', 'method',
                 'no', t_str, @name)
    end
  else
    # Removal of auth method local is not supported on all platforms.
    m_str = AaaAuthorizationService.remove_local_auth ? m_str : ''
    config_set('aaa_authorization_service', 'groups',
               'no', t_str, @name, g_str, m_str)
  end
end

#groups ⇒ Object

groups aren’t retrieved via the usual CLI regex memory type because there can be an arbitrary number of groups and specifying a repeating memory regex only captures the last match ex: aaa authorization console group group1 group2 group3 local

# File 'lib/cisco_node_utils/aaa_authorization_service.rb', line 84

def groups
  # config_get returns the following format:
  # [{"appl_subtype": "console",
  #   "cmd_type": "config-commands",
  #   "methods": "group foo bar local "}], ...
  hsh_arr = config_get('aaa_authorization_service', 'groups')
  fail 'unable to retrieve aaa groups information' if hsh_arr.empty?
  type_s = AaaAuthorizationService.auth_type_sym_to_str(@type)
  hsh = hsh_arr.find do |x|
    x['appl_subtype'] == @name && x['cmd_type'] == type_s
  end
  fail "no aaa info for #{@type},#{@name}" if hsh.nil?
  fail "no aaa info for #{@type},#{@name}. api/feature change?" unless
    hsh.key? 'methods'
  # ex: ["group", "group1", "local"]
  grps = hsh['methods'].strip.split
  # return [] if grps.size == 1
  # remove local, group keywords
  grps -= %w(local group)
  grps
end

#groups_method_set(grps, m) ⇒ Object

groups and method must be set in the same CLI string aaa authorization login <type> <name> /

local | group <group1 [group2, ...]> [local]

# File 'lib/cisco_node_utils/aaa_authorization_service.rb', line 125

def groups_method_set(grps, m)
  grps = Array(grps) unless grps.is_a? Array
  fail TypeError unless grps.all? { |x| x.is_a? String }
  fail TypeError unless m.is_a? Symbol
  # only the following are supported (unselected = blank)
  fail ArgumentError unless [:local, :unselected].include? m

  # raise "type 'local' not allowed when groups are configured" if
  #  m == :local and not grps.empty?
  m_str = m == :unselected ? '' : m.to_s
  g_str = grps.join(' ')
  t_str = AaaAuthorizationService.auth_type_sym_to_str(@type)

  # config_set depends on whether we're setting groups or not
  if g_str.empty?
    config_set('aaa_authorization_service', 'method',
               '', t_str, @name)
  else
    config_set('aaa_authorization_service', 'groups',
               '', t_str, @name, g_str, m_str)
  end
end

#method ⇒ Object

# File 'lib/cisco_node_utils/aaa_authorization_service.rb', line 111

def method
  t_str = AaaAuthorizationService.auth_type_sym_to_str(@type)
  m = config_get('aaa_authorization_service', 'method', @name, t_str)
  m.nil? ? :unselected : m.to_sym
end