class Rbeapi::Api::Tacacs

Tacacs provides instance methods to retrieve and set tacacs configuration values.

Constants

DEFAULT_KEY
DEFAULT_KEY_FORMAT
DEFAULT_PORT

Default Tacacs TCP port

SERVER_REGEXP

Regular expression to extract a tacacs server's attributes from the running-configuration text. The explicit [ ] spaces enable line wrapping and indentation with the /x flag.

Public Instance Methods

get() click to toggle source

getall Returns an Array with a single resource Hash describing the current state of the global tacacs configuration on the target device. This method is intended to be used by a provider's instances class method.

@example

{
  name: <string>,
  enable: <boolean>,
  key: <string>,
  key_format: <integer>,
  timeout: <integer>
}

@return [Array<Hash>] Single element Array of resource hashes.

# File lib/rbeapi/api/tacacs.rb, line 76
def get
  global = {}
  global.merge!(parse_global_timeout)
  global.merge!(parse_global_key)
  global.merge!(parse_global_source)
  resource = { global: global, servers: servers }
  resource
end
remove_server(opts = {}) click to toggle source

remove_server removes the tacacs server identified by the hostname, and port attributes.

@api public

@param opts [Hash] The configuration parameters.

@option hostname [String] The host value.

@option port [String] The port value.

@return [Boolean] Returns true if there are no errors.

# File lib/rbeapi/api/tacacs.rb, line 263
def remove_server(opts = {})
  cmd = "no tacacs-server host #{opts[:hostname]}"
  cmd << " port #{opts[:port]}" if opts[:port]
  configure cmd
end
servers() click to toggle source

servers returns an Array of tacacs server resource hashes. Each hash describes the current state of the tacacs server and is suitable for use in initializing a tacacs_server provider.

The resource hash returned contains the following information:

* hostname: hostname or ip address, part of the identifier.
* port: (Fixnum) TCP port of the server, part of the identifier.
* key: (String) the key either in plain text or hashed format.
* key_format: (Fixnum) e.g. 0 or 7.
* timeout: (Fixnum) seconds before the timeout period ends.
* multiplex: (Boolean) true when configured to make requests through a
  single connection.

@api public

@return [Array<Hash<Symbol,Object>>] Array of resource hashes.

# File lib/rbeapi/api/tacacs.rb, line 159
def servers
  tuples = config.scan(SERVER_REGEXP)
  tuples.map do |(host, mplex, vrf, port, tout, keyfm, key)|
    hsh = {}
    hsh[:hostname]         = host
    hsh[:vrf]              = vrf
    hsh[:port]             = port.to_i
    hsh[:timeout]          = tout.to_i
    hsh[:key_format]       = keyfm.to_i
    hsh[:key]              = key
    hsh[:multiplex]        = mplex ? true : false
    hsh
  end
end
set_global_key(opts = {}) click to toggle source

set_global_key configures the tacacs default key. This method maps to the `tacacs-server key` EOS configuration command, e.g. `tacacs-server key 7 070E234F1F5B4A`.

@option opts key [String] ('070E234F1F5B4A') The key value.

@option opts key_format [Fixnum] (7) The key format, 0 for plain text

and 7 for a hashed value. 7 will be assumed if this option is not
provided.

@api public

@return [Boolean] Returns true if no errors.

# File lib/rbeapi/api/tacacs.rb, line 188
def set_global_key(opts = {})
  format = opts[:key_format]
  key = opts[:key]
  raise ArgumentError, 'key option is required' unless key
  result = api.config("tacacs-server key #{format} #{key}")
  result == [{}]
end
set_global_timeout(opts = {}) click to toggle source

set_timeout configures the tacacs default timeout. This method maps to the `tacacs-server timeout` setting.

@param opts [Hash] The configuration parameters.

@option opts value [string] The value to set the timeout to.

@option opts enable [Boolean] If false then the command is

negated. Default is true.

@option opts default [Boolean] The value should be set to default.

@api public

@return [Boolean] Returns true if no errors.

# File lib/rbeapi/api/tacacs.rb, line 212
def set_global_timeout(opts = {})
  cmd = command_builder('tacacs-server timeout', opts)
  configure cmd
end
set_source_interface(sources) click to toggle source

set_source_interface takes a dictionary mapping the VRF to the desired source interface. Any tacacs source-interface lines in the running-config that are not defined in the hash will be removed, then lines generated from the hash will be applied. This is NOT idempotent, however, it is explicit.

@api public

@param sources [Hash] A hash mapping the vrf name to the source

interface.

@return [Boolean] Returns true if there are no errors.

# File lib/rbeapi/api/tacacs.rb, line 282
def set_source_interface(sources)
  existing = config.scan(/ip tacacs.* source-interface.*/)
  desired = []
  sources.each do |vrf, intf|
    vrf_str = vrf == 'default' ? '' : " vrf #{vrf}"
    desired << "ip tacacs#{vrf_str} source-interface #{intf}"
  end
  remove = existing - desired
  cmds = remove.map { |line| "no #{line}" }
  cmds.concat(desired)
  configure cmds
end
update_server(opts = {}) click to toggle source

update_server configures a tacacs server resource on the target device. This API method maps to the `tacacs server host` command, e.g. `tacacs-server host 1.2.3.4 single-connection port 4949 timeout 6 key 7 06070D221D1C5A`.

@api public

@param opts [Hash] The configuration parameters.

@option opts key_format [Integer] The format for the key.

@option opts hostname [String] The host value.

@option opts multiplex [String] Defines single-connection.

@option opts port [String] The port value.

@option opts timeout [String] The timeout value.

@option opts key [String] The key value.

@return [Boolean] Returns true if there are no errors.

# File lib/rbeapi/api/tacacs.rb, line 240
def update_server(opts = {})
  key_format = opts[:key_format] || 7
  cmd = "tacacs-server host #{opts[:hostname]}"
  cmd << ' single-connection'               if opts[:multiplex]
  cmd << " port #{opts[:port]}"             if opts[:port]
  cmd << " timeout #{opts[:timeout]}"       if opts[:timeout]
  cmd << " key #{key_format} #{opts[:key]}" if opts[:key]
  configure cmd
end

Private Instance Methods

parse_global_key() click to toggle source

parse_global_key takes a running configuration as a string and parses out the radius global key and global key format if it exists in the configuration. An empty Hash is returned if there is no global key configured. The intent of the Hash is to be merged into a property hash.

@api private

@return [Hash<Symbol,Object>] Returns the resource hash attributes.

# File lib/rbeapi/api/tacacs.rb, line 95
def parse_global_key
  rsrc_hsh = {}
  (key_format, key) = config.scan(/tacacs-server key (\d+) (\w+)/).first
  rsrc_hsh[:key_format] = key_format.to_i || DEFAULT_KEY_FORMAT
  rsrc_hsh[:key] = key || DEFAULT_KEY
  { key: key, key_format: key_format }
end
parse_global_source() click to toggle source

parse_global_source takes a running configuration as a string and parses out the tacacs global source-interface per VRF if it exists in the configuration. An empty Hash is returned if there is no global setting configured. The Hash needs to be converted to ordered lists for vrf and source_interface before being merged into a property hash.

@api private

@return [Hash<Symbol,Object>] Returns the resource hash attributes.

# File lib/rbeapi/api/tacacs.rb, line 130
def parse_global_source
  src = config.scan(/ip tacacs(?:\svrf\s(\w+))?\ssource-interface\s(\w+)/)
  sources = {}
  src.each do |vrf, intf|
    vrf = vrf.nil? ? 'default' : vrf
    sources[vrf] = intf
  end
  { source_interface: sources }
end
parse_global_timeout() click to toggle source

parse_global_timeout takes a running configuration as a string and parses out the tacacs global timeout if it exists in the configuration. An empty Hash is returned if there is no global timeout value configured. The intent of the Hash is to be merged into a property hash.

@api private

@return [Hash<Symbol,Object>] Returns the resource hash attributes.

# File lib/rbeapi/api/tacacs.rb, line 114
def parse_global_timeout
  timeout = config.scan(/tacacs-server timeout (\d+)/).first
  { timeout: timeout.first.to_i }
end