class Rbeapi::Api::Acl

The Acl class manages the set of standard ACLs.

Public Class Methods

new(node) click to toggle source
Calls superclass method Rbeapi::Api::Entity::new
# File lib/rbeapi/api/acl.rb, line 44
def initialize(node)
  super(node)
  @entry_re = Regexp.new(%r{(\d+)
                            (?:\ ([p|d]\w+))
                            (?:\ (any))?
                            (?:\ (host))?
                            (?:\ ([0-9]+(?:\.[0-9]+){3}))?
                            (?:/([0-9]{1,2}))?
                            (?:\ ([0-9]+(?:\.[0-9]+){3}))?
                            (?:\ (log))?}x)
end

Public Instance Methods

add_entry(name, entry) click to toggle source

add_entry will add an entry to the specified ACL with the passed in parameters.

@since eos_version 4.13.7M

@param name [String] The ACL name to add an entry to on the node.

@param entry [Hash] the options for the entry.

@option entry action [String] The action triggered by the ACL. Valid

values are 'permit', 'deny', or 'remark'.

@option entry addr [String] The IP address to permit or deny.

@option entry prefixlen [String] The prefixlen for the IP address.

@option entry log [Boolean] Triggers an informational log message

to the console about the matching packet.

@return [Boolean] Returns true if the command complete successfully.

# File lib/rbeapi/api/acl.rb, line 326
def add_entry(name, entry)
  cmds = ["ip access-list standard #{name}"]
  cmds << build_entry(entry)
  cmds << 'exit'
  configure(cmds)
end
create(name) click to toggle source

create will create a new ACL resource in the nodes current configuration with the specified name. If the create method is called and the ACL already exists, this method will still return true. The ACL will not have any entries. Use add_entry to add entries to the ACL.

@since eos_version 4.13.7M

Commands

ip access-list standard <name>

@param name [String] The ACL name to create on the node. Must

begin with an alphabetic character. Cannot contain spaces or
quotation marks.

@return [Boolean] Returns true if the command completed successfully.

# File lib/rbeapi/api/acl.rb, line 205
def create(name)
  configure("ip access-list standard #{name}")
end
default(name) click to toggle source

default will configure the ACL using the default keyword. This command has the same effect as deleting the ACL from the nodes running configuration.

@since eos_version 4.13.7M

Commands

default no ip access-list standard <name>

@param name [String] The ACL name to set to the default value

on the node.

@return [Boolean] Returns true if the command complete successfully

# File lib/rbeapi/api/acl.rb, line 240
def default(name)
  configure("default ip access-list standard #{name}")
end
delete(name) click to toggle source

delete will delete an existing ACL resource from the nodes current running configuration. If the delete method is called and the ACL does not exist, this method will succeed.

@since eos_version 4.13.7M

Commands

no ip access-list standard <name>

@param name [String] The ACL name to delete on the node.

@return [Boolean] Returns true if the command completed successfully.

# File lib/rbeapi/api/acl.rb, line 222
def delete(name)
  configure("no ip access-list standard #{name}")
end
get(name) click to toggle source

get returns the specified ACL from the nodes current configuration.

@example

{
  <seqno>: {
    seqno: <integer>,
    action: <string>,
    srcaddr: <string>,
    srcprefixle: <string>,
    log: <string>
  },
  <seqno>: {
    seqno: <integer>,
    action: <string>,
    srcaddr: <string>,
    srcprefixle: <string>,
    log: <string>
  },
  ...
}

@param name [String] The ACL name.

@return [nil, Hash<Symbol, Object>] Returns the ACL resource as a

Hash. Returns nil if name does not exist.
# File lib/rbeapi/api/acl.rb, line 82
def get(name)
  config = get_block("ip access-list standard #{name}")
  return nil unless config

  parse_entries(config)
end
getall() click to toggle source

getall returns the collection of ACLs from the nodes running configuration as a hash. The ACL resource collection hash is keyed by the ACL name.

@example

{
  <name>: {
    <seqno>: {
      seqno: <integer>,
      action: <string>,
      srcaddr: <string>,
      srcprefixle: <string>,
      log: <string>
    },
    <seqno>: {
      seqno: <integer>,
      action: <string>,
      srcaddr: <string>,
      srcprefixle: <string>,
      log: <string>
    },
    ...
  },
  <name>: {
    <seqno>: {
      seqno: <integer>,
      action: <string>,
      srcaddr: <string>,
      srcprefixle: <string>,
      log: <string>
    },
    <seqno>: {
      seqno: <integer>,
      action: <string>,
      srcaddr: <string>,
      srcprefixle: <string>,
      log: <string>
    },
    ...
  },
  ...
}

@return [nil, Hash<Symbol, Object>] Returns a hash that represents

the entire ACL collection from the nodes running configuration.
If there are no ACLs configured, this method will return an
empty hash.
# File lib/rbeapi/api/acl.rb, line 137
def getall
  acls = config.scan(/ip access-list standard ([^\s]+)/)
  acls.each_with_object({}) do |name, hsh|
    resource = get(name[0])
    hsh[name[0]] = resource if resource
  end
end
mask_to_prefixlen(mask) click to toggle source

mask_to_prefixlen converts a subnet mask from dotted decimal to bit length.

@param mask [String] The dotted decimal subnet mask to convert.

@return [String] The subnet mask as a valid prefix length.

# File lib/rbeapi/api/acl.rb, line 152
def mask_to_prefixlen(mask)
  mask = '255.255.255.255' unless mask
  NetAddr::CIDR.create('0.0.0.0/' + mask).netmask_ext
end
remove_entry(name, seqno) click to toggle source

remove_entry will remove the entry specified by the seqno for the ACL specified by name.

@since eos_version 4.13.7M

@param name [String] The ACL name to update on the node.

@param seqno [String] The sequence number of the entry in

the ACL to remove.

@return [Boolean] Returns true if the command complete successfully.

# File lib/rbeapi/api/acl.rb, line 345
def remove_entry(name, seqno)
  cmds = ["ip access-list standard #{name}", "no #{seqno}", 'exit']
  configure(cmds)
end
update_entry(name, entry) click to toggle source

update_entry will update an entry, identified by the seqno in the ACL specified by name, with the passed in parameters.

@since eos_version 4.13.7M

@param name [String] The ACL name to update on the node.

@param entry [Hash] the options for the entry.

@option entry seqno [String] The sequence number of the entry in

the ACL to update.

@option entry action [String] The action triggered by the ACL. Valid

values are 'permit', 'deny', or 'remark'.

@option entry addr [String] The IP address to permit or deny.

@option entry prefixlen [String] The prefixlen for the IP address.

@option entry log [Boolean] Triggers an informational log message

to the console about the matching packet.

@return [Boolean] Returns true if the command complete successfully.

# File lib/rbeapi/api/acl.rb, line 297
def update_entry(name, entry)
  cmds = ["ip access-list standard #{name}"]
  cmds << "no #{entry[:seqno]}"
  cmds << build_entry(entry)
  cmds << 'exit'
  configure(cmds)
end

Private Instance Methods

build_entry(entry) click to toggle source

build_entry will build the commands to add an entry.

@api private

@param entry [Hash] the options for the entry.

@option entry seqno [String] The sequence number of the entry in

the ACL to add. Default is nil, will be assigned.

@option entry action [String] The action triggered by the ACL. Valid

values are 'permit', 'deny', or 'remark'.

@option entry addr [String] The IP address to permit or deny.

@option entry prefixlen [String] The prefixlen for the IP address.

@option entry log [Boolean] Triggers an informational log message

to the console about the matching packet.

@return [String] Returns commands to create an entry.

# File lib/rbeapi/api/acl.rb, line 265
def build_entry(entry)
  cmds = "#{entry[:seqno]} " if entry[:seqno]
  cmds << "#{entry[:action]} #{entry[:srcaddr]}/#{entry[:srcprefixlen]}"
  cmds << ' log' if entry[:log]
  cmds
end
parse_entries(config) click to toggle source

parse_entries scans the nodes configurations and parses the entries within an ACL.

@api private

@param config [String] The switch config.

@return [Hash<Symbol, Object>] Returns the resource hash attribute.

# File lib/rbeapi/api/acl.rb, line 167
def parse_entries(config)
  entries = {}

  lines = config.scan(/\d+ [p|d].*$/)
  lines.each do |line|
    entry = line.scan(@entry_re).map \
      do |(seqno, act, _anyip, _host, ip, mlen, mask, log)|
      {
        seqno: seqno,
        action: act,
        srcaddr: ip || '0.0.0.0',
        srcprefixlen: mlen || mask_to_prefixlen(mask),
        log: log
      }
    end
    entries[entry[0][:seqno]] = entry[0]
  end
  entries
end