class Rbeapi::Api::Tacacs
Tacacs
provides instance methods to retrieve and set tacacs configuration values.
Constants
- DEFAULT_KEY
- DEFAULT_KEY_FORMAT
- DEFAULT_PORT
Default
Tacacs
TCP port- SERVER_REGEXP
Regular expression to extract a tacacs server's attributes from the running-configuration text. The explicit [ ] spaces enable line wrapping and indentation with the /x flag.
Public Instance Methods
getall Returns an Array with a single resource Hash describing the current state of the global tacacs configuration on the target device. This method is intended to be used by a provider's instances class method.
@example
{ name: <string>, enable: <boolean>, key: <string>, key_format: <integer>, timeout: <integer> }
@return [Array<Hash>] Single element Array of resource hashes.
# File lib/rbeapi/api/tacacs.rb, line 76 def get global = {} global.merge!(parse_global_timeout) global.merge!(parse_global_key) global.merge!(parse_global_source) resource = { global: global, servers: servers } resource end
remove_server
removes the tacacs server identified by the hostname, and port attributes.
@api public
@param opts [Hash] The configuration parameters.
@option hostname [String] The host value.
@option port [String] The port value.
@return [Boolean] Returns true if there are no errors.
# File lib/rbeapi/api/tacacs.rb, line 263 def remove_server(opts = {}) cmd = "no tacacs-server host #{opts[:hostname]}" cmd << " port #{opts[:port]}" if opts[:port] configure cmd end
servers returns an Array of tacacs server resource hashes. Each hash describes the current state of the tacacs server and is suitable for use in initializing a tacacs_server provider.
The resource hash returned contains the following information:
* hostname: hostname or ip address, part of the identifier. * port: (Fixnum) TCP port of the server, part of the identifier. * key: (String) the key either in plain text or hashed format. * key_format: (Fixnum) e.g. 0 or 7. * timeout: (Fixnum) seconds before the timeout period ends. * multiplex: (Boolean) true when configured to make requests through a single connection.
@api public
@return [Array<Hash<Symbol,Object>>] Array of resource hashes.
# File lib/rbeapi/api/tacacs.rb, line 159 def servers tuples = config.scan(SERVER_REGEXP) tuples.map do |(host, mplex, vrf, port, tout, keyfm, key)| hsh = {} hsh[:hostname] = host hsh[:vrf] = vrf hsh[:port] = port.to_i hsh[:timeout] = tout.to_i hsh[:key_format] = keyfm.to_i hsh[:key] = key hsh[:multiplex] = mplex ? true : false hsh end end
set_global_key
configures the tacacs default key. This method maps to the `tacacs-server key` EOS configuration command, e.g. `tacacs-server key 7 070E234F1F5B4A`.
@option opts key [String] ('070E234F1F5B4A') The key value.
@option opts key_format [Fixnum] (7) The key format, 0 for plain text
and 7 for a hashed value. 7 will be assumed if this option is not provided.
@api public
@return [Boolean] Returns true if no errors.
# File lib/rbeapi/api/tacacs.rb, line 188 def set_global_key(opts = {}) format = opts[:key_format] key = opts[:key] raise ArgumentError, 'key option is required' unless key result = api.config("tacacs-server key #{format} #{key}") result == [{}] end
set_timeout configures the tacacs default timeout. This method maps to the `tacacs-server timeout` setting.
@param opts [Hash] The configuration parameters.
@option opts value [string] The value to set the timeout to.
@option opts enable [Boolean] If false then the command is
negated. Default is true.
@option opts default [Boolean] The value should be set to default.
@api public
@return [Boolean] Returns true if no errors.
# File lib/rbeapi/api/tacacs.rb, line 212 def set_global_timeout(opts = {}) cmd = command_builder('tacacs-server timeout', opts) configure cmd end
set_source_interface
takes a dictionary mapping the VRF to the desired source interface. Any tacacs source-interface lines in the running-config that are not defined in the hash will be removed, then lines generated from the hash will be applied. This is NOT idempotent, however, it is explicit.
@api public
@param sources [Hash] A hash mapping the vrf name to the source
interface.
@return [Boolean] Returns true if there are no errors.
# File lib/rbeapi/api/tacacs.rb, line 282 def set_source_interface(sources) existing = config.scan(/ip tacacs.* source-interface.*/) desired = [] sources.each do |vrf, intf| vrf_str = vrf == 'default' ? '' : " vrf #{vrf}" desired << "ip tacacs#{vrf_str} source-interface #{intf}" end remove = existing - desired cmds = remove.map { |line| "no #{line}" } cmds.concat(desired) configure cmds end
update_server
configures a tacacs server resource on the target device. This API method maps to the `tacacs server host` command, e.g. `tacacs-server host 1.2.3.4 single-connection port 4949 timeout 6 key 7 06070D221D1C5A`.
@api public
@param opts [Hash] The configuration parameters.
@option opts key_format [Integer] The format for the key.
@option opts hostname [String] The host value.
@option opts multiplex [String] Defines single-connection.
@option opts port [String] The port value.
@option opts timeout [String] The timeout value.
@option opts key [String] The key value.
@return [Boolean] Returns true if there are no errors.
# File lib/rbeapi/api/tacacs.rb, line 240 def update_server(opts = {}) key_format = opts[:key_format] || 7 cmd = "tacacs-server host #{opts[:hostname]}" cmd << ' single-connection' if opts[:multiplex] cmd << " port #{opts[:port]}" if opts[:port] cmd << " timeout #{opts[:timeout]}" if opts[:timeout] cmd << " key #{key_format} #{opts[:key]}" if opts[:key] configure cmd end
Private Instance Methods
parse_global_key
takes a running configuration as a string and parses out the radius global key and global key format if it exists in the configuration. An empty Hash is returned if there is no global key configured. The intent of the Hash is to be merged into a property hash.
@api private
@return [Hash<Symbol,Object>] Returns the resource hash attributes.
# File lib/rbeapi/api/tacacs.rb, line 95 def parse_global_key rsrc_hsh = {} (key_format, key) = config.scan(/tacacs-server key (\d+) (\w+)/).first rsrc_hsh[:key_format] = key_format.to_i || DEFAULT_KEY_FORMAT rsrc_hsh[:key] = key || DEFAULT_KEY { key: key, key_format: key_format } end
parse_global_source
takes a running configuration as a string and parses out the tacacs global source-interface per VRF if it exists in the configuration. An empty Hash is returned if there is no global setting configured. The Hash needs to be converted to ordered lists for vrf and source_interface before being merged into a property hash.
@api private
@return [Hash<Symbol,Object>] Returns the resource hash attributes.
# File lib/rbeapi/api/tacacs.rb, line 130 def parse_global_source src = config.scan(/ip tacacs(?:\svrf\s(\w+))?\ssource-interface\s(\w+)/) sources = {} src.each do |vrf, intf| vrf = vrf.nil? ? 'default' : vrf sources[vrf] = intf end { source_interface: sources } end
parse_global_timeout
takes a running configuration as a string and parses out the tacacs global timeout if it exists in the configuration. An empty Hash is returned if there is no global timeout value configured. The intent of the Hash is to be merged into a property hash.
@api private
@return [Hash<Symbol,Object>] Returns the resource hash attributes.
# File lib/rbeapi/api/tacacs.rb, line 114 def parse_global_timeout timeout = config.scan(/tacacs-server timeout (\d+)/).first { timeout: timeout.first.to_i } end