Class: Rbeapi::Api::Acl

Inherits:
Entity
  • Object
show all
Defined in:
lib/rbeapi/api/acl.rb

Overview

The Acl class manages the set of standard ACLs.

Instance Attribute Summary

Attributes inherited from Entity

#config, #error, #node

Instance Method Summary collapse

Methods inherited from Entity

#command_builder, #configure, #configure_interface, #get_block, instance

Constructor Details

#initialize(node) ⇒ Acl

Returns a new instance of Acl.



44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/rbeapi/api/acl.rb', line 44

def initialize(node)
  super(node)
  @entry_re = Regexp.new(%r{(\d+)
                            (?:\ ([p|d]\w+))
                            (?:\ (any))?
                            (?:\ (host))?
                            (?:\ ([0-9]+(?:\.[0-9]+){3}))?
                            (?:/([0-9]{1,2}))?
                            (?:\ ([0-9]+(?:\.[0-9]+){3}))?
                            (?:\ (log))?}x)
end

Instance Method Details

#add_entry(name, entry) ⇒ Boolean

add_entry will add an entry to the specified ACL with the passed in parameters.

Parameters:

  • name (String)

    The ACL name to add an entry to on the node.

  • entry (Hash)

    the options for the entry.

Options Hash (entry):

  • action (String)

    The action triggered by the ACL. Valid values are ‘permit’, ‘deny’, or ‘remark’.

  • addr (String)

    The IP address to permit or deny.

  • prefixlen (String)

    The prefixlen for the IP address.

  • log (Boolean)

    Triggers an informational log message to the console about the matching packet.

Returns:

  • (Boolean)

    Returns true if the command complete successfully.

Since:

  • eos_version 4.13.7M



326
327
328
329
330
331
 
# File 'lib/rbeapi/api/acl.rb', line 326

def add_entry(name, entry)
  cmds = ["ip access-list standard #{name}"]
  cmds << build_entry(entry)
  cmds << 'exit'
  configure(cmds)
end

#create(name) ⇒ Boolean

create will create a new ACL resource in the nodes current configuration with the specified name. If the create method is called and the ACL already exists, this method will still return true. The ACL will not have any entries. Use add_entry to add entries to the ACL.

Commands

ip access-list standard <name>

Parameters:

  • name (String)

    The ACL name to create on the node. Must begin with an alphabetic character. Cannot contain spaces or quotation marks.

Returns:

  • (Boolean)

    Returns true if the command completed successfully.

Since:

  • eos_version 4.13.7M



205
206
207
 
# File 'lib/rbeapi/api/acl.rb', line 205

def create(name)
  configure("ip access-list standard #{name}")
end

#default(name) ⇒ Boolean

default will configure the ACL using the default keyword. This command has the same effect as deleting the ACL from the nodes running configuration.

Commands

default no ip access-list standard <name>

Parameters:

  • name (String)

    The ACL name to set to the default value on the node.

Returns:

  • (Boolean)

    Returns true if the command complete successfully

Since:

  • eos_version 4.13.7M



240
241
242
 
# File 'lib/rbeapi/api/acl.rb', line 240

def default(name)
  configure("default ip access-list standard #{name}")
end

#delete(name) ⇒ Boolean

delete will delete an existing ACL resource from the nodes current running configuration. If the delete method is called and the ACL does not exist, this method will succeed.

Commands

no ip access-list standard <name>

Parameters:

  • name (String)

    The ACL name to delete on the node.

Returns:

  • (Boolean)

    Returns true if the command completed successfully.

Since:

  • eos_version 4.13.7M



222
223
224
 
# File 'lib/rbeapi/api/acl.rb', line 222

def delete(name)
  configure("no ip access-list standard #{name}")
end

#get(name) ⇒ nil, Hash<Symbol, Object>

get returns the specified ACL from the nodes current configuration.

Examples:

{
  <seqno>: {
    seqno: <integer>,
    action: <string>,
    srcaddr: <string>,
    srcprefixle: <string>,
    log: <string>
  },
  <seqno>: {
    seqno: <integer>,
    action: <string>,
    srcaddr: <string>,
    srcprefixle: <string>,
    log: <string>
  },
  ...
}

Parameters:

  • name (String)

    The ACL name.

Returns:

  • (nil, Hash<Symbol, Object>)

    Returns the ACL resource as a Hash. Returns nil if name does not exist.



82
83
84
85
86
87
 
# File 'lib/rbeapi/api/acl.rb', line 82

def get(name)
  config = get_block("ip access-list standard #{name}")
  return nil unless config

  parse_entries(config)
end

#getallnil, Hash<Symbol, Object>

getall returns the collection of ACLs from the nodes running configuration as a hash. The ACL resource collection hash is keyed by the ACL name.

Examples:

{
  <name>: {
    <seqno>: {
      seqno: <integer>,
      action: <string>,
      srcaddr: <string>,
      srcprefixle: <string>,
      log: <string>
    },
    <seqno>: {
      seqno: <integer>,
      action: <string>,
      srcaddr: <string>,
      srcprefixle: <string>,
      log: <string>
    },
    ...
  },
  <name>: {
    <seqno>: {
      seqno: <integer>,
      action: <string>,
      srcaddr: <string>,
      srcprefixle: <string>,
      log: <string>
    },
    <seqno>: {
      seqno: <integer>,
      action: <string>,
      srcaddr: <string>,
      srcprefixle: <string>,
      log: <string>
    },
    ...
  },
  ...
}

Returns:

  • (nil, Hash<Symbol, Object>)

    Returns a hash that represents the entire ACL collection from the nodes running configuration. If there are no ACLs configured, this method will return an empty hash.



137
138
139
140
141
142
143
 
# File 'lib/rbeapi/api/acl.rb', line 137

def getall
  acls = config.scan(/ip access-list standard ([^\s]+)/)
  acls.each_with_object({}) do |name, hsh|
    resource = get(name[0])
    hsh[name[0]] = resource if resource
  end
end

#mask_to_prefixlen(mask) ⇒ String

mask_to_prefixlen converts a subnet mask from dotted decimal to bit length.

Parameters:

  • mask (String)

    The dotted decimal subnet mask to convert.

Returns:

  • (String)

    The subnet mask as a valid prefix length.



152
153
154
155
 
# File 'lib/rbeapi/api/acl.rb', line 152

def mask_to_prefixlen(mask)
  mask = '255.255.255.255' unless mask
  NetAddr::CIDR.create('0.0.0.0/' + mask).netmask_ext
end

#remove_entry(name, seqno) ⇒ Boolean

remove_entry will remove the entry specified by the seqno for the ACL specified by name.

Parameters:

  • name (String)

    The ACL name to update on the node.

  • seqno (String)

    The sequence number of the entry in the ACL to remove.

Returns:

  • (Boolean)

    Returns true if the command complete successfully.

Since:

  • eos_version 4.13.7M



345
346
347
348
 
# File 'lib/rbeapi/api/acl.rb', line 345

def remove_entry(name, seqno)
  cmds = ["ip access-list standard #{name}", "no #{seqno}", 'exit']
  configure(cmds)
end

#update_entry(name, entry) ⇒ Boolean

update_entry will update an entry, identified by the seqno in the ACL specified by name, with the passed in parameters.

Parameters:

  • name (String)

    The ACL name to update on the node.

  • entry (Hash)

    the options for the entry.

Options Hash (entry):

  • seqno (String)

    The sequence number of the entry in the ACL to update.

  • action (String)

    The action triggered by the ACL. Valid values are ‘permit’, ‘deny’, or ‘remark’.

  • addr (String)

    The IP address to permit or deny.

  • prefixlen (String)

    The prefixlen for the IP address.

  • log (Boolean)

    Triggers an informational log message to the console about the matching packet.

Returns:

  • (Boolean)

    Returns true if the command complete successfully.

Since:

  • eos_version 4.13.7M



297
298
299
300
301
302
303
 
# File 'lib/rbeapi/api/acl.rb', line 297

def update_entry(name, entry)
  cmds = ["ip access-list standard #{name}"]
  cmds << "no #{entry[:seqno]}"
  cmds << build_entry(entry)
  cmds << 'exit'
  configure(cmds)
end