Gitiles
Code Review Sign In
gerrit.onosproject.org / spring-open-cli / 1725e498e49068c90ef3ef405d2f085f766dd25a / . / cli / desc / version200 / tacacs_run_config.py
blob: 88dd6a58c2188a5b25b558ca6c5b5081cd004d88 [file] [log] [blame]
Srikanth Vavilapalli1725e492014-12-01 17:50:52 -0800[diff] [blame^]1#
2# Copyright (c) 2013 Big Switch Networks, Inc.
3#
4# Licensed under the Eclipse Public License, Version 1.0 (the
5# "License"); you may not use this file except in compliance with the
6# License. You may obtain a copy of the License at
7#
8# http://www.eclipse.org/legal/epl-v10.html
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
13# implied. See the License for the specific language governing
14# permissions and limitations under the License.
15#
16
17# tacacs.
18#
19
20import run_config
21import utif
22
23
24#
25# --------------------------------------------------------------------------------
26
27def create_obj_type_dict(context, obj_type, field):
28 """
29 Should there be some collections of middeleware functions for use by packages?
30 """
31 entries = context.get_table_from_store(obj_type)
32 result_dict = {}
33 for entry in entries:
34 if entry[field] in result_dict:
35 result_dict[entry[field]].append(entry)
36 else:
37 result_dict[entry[field]] = [entry]
38
39 return result_dict
40
41#
42# --------------------------------------------------------------------------------
43
44def running_config_tacacs(context, config, words):
45 t_obj_type = 'tacacs-plus-config'
46 th_obj_type = 'tacacs-plus-host'
47
48 tacacs = context.get_table_from_store(t_obj_type)
49 if len(tacacs) > 1:
50 print 'running_config_tacacs: more than one tacacs record'
51
52 tacacs_host = context.rest_query_objects(th_obj_type,
53 {'orderby' : 'timestamp'})
54
55
56 t_config = []
57
58 if tacacs:
59 tacacs = tacacs[0]
60
61 if run_config.not_default_value(t_obj_type, 'tacacs-plus-authn', tacacs['tacacs-plus-authn']) and \
62 run_config.not_default_value(t_obj_type, 'local-authn', tacacs['local-authn']):
63 t_config.append('aaa authentication login default group tacacs+\n')
64 elif run_config.not_default_value(t_obj_type, 'tacacs-plus-authn', tacacs['tacacs-plus-authn']):
65 t_config.append('aaa authentication login default group tacacs+ local\n')
66
67 if run_config.not_default_value(t_obj_type, 'tacacs-plus-authz', tacacs['tacacs-plus-authz']) and \
68 run_config.not_default_value(t_obj_type, 'local-authz', tacacs['local-authz']):
69 t_config.append('aaa authorization exec default group tacacs+\n')
70 elif run_config.not_default_value(t_obj_type, 'tacacs-plus-authz', tacacs['tacacs-plus-authz']):
71 t_config.append('aaa authorization exec default group tacacs+ local\n')
72
73 if run_config.not_default_value(t_obj_type, 'tacacs-plus-acct', tacacs['tacacs-plus-acct']):
74 t_config.append('aaa accounting exec default start-stop group tacacs+\n')
75
76 if run_config.not_default_value(t_obj_type, 'key', tacacs['key']):
77 t_config.append('tacacs server key %s\n' % tacacs['key'])
78
79 if run_config.not_default_value(t_obj_type, 'timeout', tacacs['timeout']):
80 t_config.append('tacacs server timeout %s\n' % tacacs['timeout'])
81
82 for h in tacacs_host:
83 if run_config.not_default_value(th_obj_type, 'key', h['key']):
84 key = ' key %s' % utif.quote_string(h['key'])
85 else:
86 key = ''
87
88 t_config.append('tacacs server host %s%s\n' % (h['ip'], key))
89
90 if len(t_config):
91 config.append('!\n')
92 config += t_config
93
94
95#
96# --------------------------------------------------------------------------------
97
98tacacs_running_config_tuple = (
99 (
100 {
101 'optional' : False,
102 'field' : 'running-config',
103 'type' : 'enum',
104 'values' : 'tacacs',
105 'doc' : 'running-config|show-tacacs',
106 'short-help': 'Configuration for TACACS authentication'
107 },
108 ),
109)
110
111run_config.register_running_config('tacacs', 2000, None,
112 running_config_tacacs,
113 tacacs_running_config_tuple)