Class: Rbeapi::Api::Tacacs

Inherits:

Entity

• Object
• Entity
• Rbeapi::Api::Tacacs

Defined in:

lib/rbeapi/api/tacacs.rb

Overview

Tacacs provides instance methods to retrieve and set tacacs configuration values.

Constant Summary

DEFAULT_KEY_FORMAT =

0

DEFAULT_KEY =

nil

SERVER_REGEXP =

Regular expression to extract a tacacs server’s attributes from the running-configuration text. The explicit [ ] spaces enable line wrapping and indentation with the /x flag.

/tacacs-server[ ]host[ ]([^\s]+)
(?:[ ](single-connection))?
(?:[ ]vrf[ ]([^\s]+))?
(?:[ ]port[ ](\d+))?
(?:[ ]timeout[ ](\d+))?
(?:[ ]key[ ](\d+)[ ](\w+))?\s/x

DEFAULT_PORT =

Default Tacacs TCP port

49

Instance Attribute Summary

Attributes inherited from Entity

#config, #error, #node

Instance Method Summary

• #get ⇒ Array<Hash>

  getall Returns an Array with a single resource Hash describing the current state of the global tacacs configuration on the target device.

• #remove_server(opts = {}) ⇒ Boolean

  remove_server removes the tacacs server identified by the hostname, and port attributes.

• #servers ⇒ Array<Hash<Symbol,Object>>

  servers returns an Array of tacacs server resource hashes.

• #set_global_key(opts = {}) ⇒ Boolean

  set_global_key configures the tacacs default key.

• #set_global_timeout(opts = {}) ⇒ Boolean

  set_timeout configures the tacacs default timeout.

• #set_source_interface(sources) ⇒ Boolean

  set_source_interface takes a dictionary mapping the VRF to the desired source interface.

• #update_server(opts = {}) ⇒ Boolean

  update_server configures a tacacs server resource on the target device.

Methods inherited from Entity

#command_builder, #configure, #configure_interface, #get_block, #initialize, instance

Constructor Details

This class inherits a constructor from Rbeapi::Api::Entity

Instance Method Details

#get ⇒ Array<Hash>

getall Returns an Array with a single resource Hash describing the current state of the global tacacs configuration on the target device. This method is intended to be used by a provider’s instances class method.

Examples:

{
  name: <string>,
  enable: <boolean>,
  key: <string>,
  key_format: <integer>,
  timeout: <integer>
}

Returns:

• (Array<Hash>) —

  Single element Array of resource hashes.

# File 'lib/rbeapi/api/tacacs.rb', line 76

def get
  global = {}
  global.merge!(parse_global_timeout)
  global.merge!(parse_global_key)
  global.merge!(parse_global_source)
  resource = { global: global, servers: servers }
  resource
end

#remove_server(opts = {}) ⇒ Boolean

remove_server removes the tacacs server identified by the hostname, and port attributes.

Parameters:

• opts (Hash) (defaults to: {}) —

  The configuration parameters.

• hostname (Hash) —

  a customizable set of options

• port (Hash) —

  a customizable set of options

Returns:

• (Boolean) —

  Returns true if there are no errors.

# File 'lib/rbeapi/api/tacacs.rb', line 263

def remove_server(opts = {})
  cmd = "no tacacs-server host #{opts[:hostname]}"
  cmd << " port #{opts[:port]}" if opts[:port]
  configure cmd
end

#servers ⇒ Array<Hash<Symbol,Object>>

servers returns an Array of tacacs server resource hashes. Each hash describes the current state of the tacacs server and is suitable for use in initializing a tacacs_server provider.

The resource hash returned contains the following information:

* hostname: hostname or ip address, part of the identifier.
* port: (Fixnum) TCP port of the server, part of the identifier.
* key: (String) the key either in plain text or hashed format.
* key_format: (Fixnum) e.g. 0 or 7.
* timeout: (Fixnum) seconds before the timeout period ends.
* multiplex: (Boolean) true when configured to make requests through a
  single connection.

Returns:

• (Array<Hash<Symbol,Object>>) —

  Array of resource hashes.

# File 'lib/rbeapi/api/tacacs.rb', line 159

def servers
  tuples = config.scan(SERVER_REGEXP)
  tuples.map do |(host, mplex, vrf, port, tout, keyfm, key)|
    hsh = {}
    hsh[:hostname]         = host
    hsh[:vrf]              = vrf
    hsh[:port]             = port.to_i
    hsh[:timeout]          = tout.to_i
    hsh[:key_format]       = keyfm.to_i
    hsh[:key]              = key
    hsh[:multiplex]        = mplex ? true : false
    hsh
  end
end

#set_global_key(opts = {}) ⇒ Boolean

set_global_key configures the tacacs default key. This method maps to the ‘tacacs-server key` EOS configuration command, e.g. `tacacs-server key 7 070E234F1F5B4A`.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• key (String) — default: '070E234F1F5B4A' —

  The key value.

• key_format (Fixnum) — default: 7 —

  The key format, 0 for plain text and 7 for a hashed value. 7 will be assumed if this option is not provided.

Returns:

• (Boolean) —

  Returns true if no errors.

Raises:

• (ArgumentError)

# File 'lib/rbeapi/api/tacacs.rb', line 188

def set_global_key(opts = {})
  format = opts[:key_format]
  key = opts[:key]
  raise ArgumentError, 'key option is required' unless key
  result = api.config("tacacs-server key #{format} #{key}")
  result == [{}]
end

#set_global_timeout(opts = {}) ⇒ Boolean

set_timeout configures the tacacs default timeout. This method maps to the ‘tacacs-server timeout` setting.

Parameters:

• opts (Hash) (defaults to: {}) —

  The configuration parameters.

Options Hash (opts):

• value (string) —

  The value to set the timeout to.

• enable (Boolean) —

  If false then the command is negated. Default is true.

• default (Boolean) —

  The value should be set to default.

Returns:

• (Boolean) —

  Returns true if no errors.

# File 'lib/rbeapi/api/tacacs.rb', line 212

def set_global_timeout(opts = {})
  cmd = command_builder('tacacs-server timeout', opts)
  configure cmd
end

#set_source_interface(sources) ⇒ Boolean

set_source_interface takes a dictionary mapping the VRF to the desired source interface. Any tacacs source-interface lines in the running-config that are not defined in the hash will be removed, then lines generated from the hash will be applied. This is NOT idempotent, however, it is explicit.

Parameters:

• sources (Hash) —

  A hash mapping the vrf name to the source interface.

Returns:

• (Boolean) —

  Returns true if there are no errors.

# File 'lib/rbeapi/api/tacacs.rb', line 282

def set_source_interface(sources)
  existing = config.scan(/ip tacacs.* source-interface.*/)
  desired = []
  sources.each do |vrf, intf|
    vrf_str = vrf == 'default' ? '' : " vrf #{vrf}"
    desired << "ip tacacs#{vrf_str} source-interface #{intf}"
  end
  remove = existing - desired
  cmds = remove.map { |line| "no #{line}" }
  cmds.concat(desired)
  configure cmds
end

#update_server(opts = {}) ⇒ Boolean

update_server configures a tacacs server resource on the target device. This API method maps to the ‘tacacs server host` command, e.g. `tacacs-server host 1.2.3.4 single-connection port 4949 timeout 6 key 7 06070D221D1C5A`.

Parameters:

• opts (Hash) (defaults to: {}) —

  The configuration parameters.

Options Hash (opts):

• key_format (Integer) —

  The format for the key.

• hostname (String) —

  The host value.

• multiplex (String) —

  Defines single-connection.

• port (String) —

  The port value.

• timeout (String) —

  The timeout value.

• key (String) —

  The key value.

Returns:

• (Boolean) —

  Returns true if there are no errors.

# File 'lib/rbeapi/api/tacacs.rb', line 240

def update_server(opts = {})
  key_format = opts[:key_format] || 7
  cmd = "tacacs-server host #{opts[:hostname]}"
  cmd << ' single-connection'               if opts[:multiplex]
  cmd << " port #{opts[:port]}"             if opts[:port]
  cmd << " timeout #{opts[:timeout]}"       if opts[:timeout]
  cmd << " key #{key_format} #{opts[:key]}" if opts[:key]
  configure cmd
end