forked from sonic-net/sonic-utilities
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[TACACS+] Add config command for AAA authorization and accounting. (s…
…onic-net#1889) This pull request add config command for AAA authorization & accounting. Support TACACS per-command authorization & accounting. Change AAA config command to support authorization & accounting. Change show AAA command to support authorization & accounting. Add UT to cover changed code. 1. Build following project and pass all UTs: make target/python-wheels/sonic_utilities-1.2-py3-none-any.whl 2. Test new command manually. N/A Add config command for AAA authorization & accounting.
- Loading branch information
Showing
3 changed files
with
330 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,282 @@ | ||
import imp | ||
import os | ||
import sys | ||
|
||
from click.testing import CliRunner | ||
from utilities_common.db import Db | ||
|
||
import config.main as config | ||
import show.main as show | ||
|
||
test_path = os.path.dirname(os.path.abspath(__file__)) | ||
modules_path = os.path.dirname(test_path) | ||
sys.path.insert(0, test_path) | ||
sys.path.insert(0, modules_path) | ||
|
||
import mock_tables.dbconnector | ||
|
||
show_aaa_default_output="""\ | ||
AAA authentication login local (default) | ||
AAA authentication failthrough False (default) | ||
AAA authorization login local (default) | ||
AAA accounting login disable (default) | ||
""" | ||
|
||
show_aaa_radius_output="""\ | ||
AAA authentication login radius | ||
AAA authentication failthrough False (default) | ||
AAA authorization login local (default) | ||
AAA accounting login disable (default) | ||
""" | ||
|
||
show_aaa_radius_local_output="""\ | ||
AAA authentication login radius,local | ||
AAA authentication failthrough False (default) | ||
AAA authorization login local (default) | ||
AAA accounting login disable (default) | ||
""" | ||
|
||
config_aaa_empty_output="""\ | ||
""" | ||
|
||
config_aaa_not_a_valid_command_output="""\ | ||
Not a valid command | ||
""" | ||
|
||
show_aaa_tacacs_authentication_output="""\ | ||
AAA authentication login tacacs+ | ||
AAA authentication failthrough False (default) | ||
AAA authorization login local (default) | ||
AAA accounting login disable (default) | ||
""" | ||
|
||
show_aaa_tacacs_authorization_output="""\ | ||
AAA authentication login tacacs+ | ||
AAA authentication failthrough False (default) | ||
AAA authorization login tacacs+ | ||
AAA accounting login disable (default) | ||
""" | ||
|
||
show_aaa_tacacs_local_authorization_output="""\ | ||
AAA authentication login tacacs+ | ||
AAA authentication failthrough False (default) | ||
AAA authorization login tacacs+,local | ||
AAA accounting login disable (default) | ||
""" | ||
|
||
show_aaa_tacacs_accounting_output="""\ | ||
AAA authentication login tacacs+ | ||
AAA authentication failthrough False (default) | ||
AAA authorization login tacacs+,local | ||
AAA accounting login tacacs+ | ||
""" | ||
|
||
show_aaa_tacacs_local_accounting_output="""\ | ||
AAA authentication login tacacs+ | ||
AAA authentication failthrough False (default) | ||
AAA authorization login tacacs+,local | ||
AAA accounting login tacacs+,local | ||
""" | ||
|
||
show_aaa_disable_accounting_output="""\ | ||
AAA authentication login tacacs+ | ||
AAA authentication failthrough False (default) | ||
AAA authorization login tacacs+,local | ||
AAA accounting login disable | ||
""" | ||
|
||
class TestAaa(object): | ||
@classmethod | ||
def setup_class(cls): | ||
os.environ['UTILITIES_UNIT_TESTING'] = "1" | ||
print("SETUP") | ||
import config.main | ||
imp.reload(config.main) | ||
import show.main | ||
imp.reload(show.main) | ||
|
||
@classmethod | ||
def teardown_class(cls): | ||
os.environ['UTILITIES_UNIT_TESTING'] = "0" | ||
print("TEARDOWN") | ||
|
||
def test_show_aaa_default(self): | ||
runner = CliRunner() | ||
result = runner.invoke(show.cli.commands["aaa"], []) | ||
print(result.exit_code) | ||
print(result.output) | ||
assert result.exit_code == 0 | ||
assert result.output == show_aaa_default_output | ||
|
||
def test_config_aaa_radius(self, get_cmd_module): | ||
(config, show) = get_cmd_module | ||
runner = CliRunner() | ||
db = Db() | ||
db.cfgdb.delete_table("AAA") | ||
|
||
result = runner.invoke(config.config.commands["aaa"],\ | ||
["authentication", "login", "radius"], obj=db) | ||
print(result.exit_code) | ||
print(result.output) | ||
assert result.exit_code == 0 | ||
assert result.output == config_aaa_empty_output | ||
|
||
db.cfgdb.mod_entry("AAA", "authentication", {'login' : 'radius'}) | ||
|
||
result = runner.invoke(show.cli.commands["aaa"], [], obj=db) | ||
assert result.exit_code == 0 | ||
assert result.output == show_aaa_radius_output | ||
|
||
result = runner.invoke(config.config.commands["aaa"],\ | ||
["authentication", "login", "default"], obj=db) | ||
print(result.exit_code) | ||
print(result.output) | ||
assert result.exit_code == 0 | ||
assert result.output == config_aaa_empty_output | ||
|
||
db.cfgdb.delete_table("AAA") | ||
|
||
result = runner.invoke(show.cli.commands["aaa"], [], obj=db) | ||
assert result.exit_code == 0 | ||
assert result.output == show_aaa_default_output | ||
|
||
def test_config_aaa_radius_local(self, get_cmd_module): | ||
(config, show) = get_cmd_module | ||
runner = CliRunner() | ||
db = Db() | ||
db.cfgdb.delete_table("AAA") | ||
|
||
result = runner.invoke(config.config.commands["aaa"],\ | ||
["authentication", "login", "radius", "local"], obj=db) | ||
print(result.exit_code) | ||
print(result.output) | ||
assert result.exit_code == 0 | ||
assert result.output == config_aaa_empty_output | ||
|
||
db.cfgdb.mod_entry("AAA", "authentication", {'login' : 'radius,local'}) | ||
|
||
result = runner.invoke(show.cli.commands["aaa"], [], obj=db) | ||
assert result.exit_code == 0 | ||
assert result.output == show_aaa_radius_local_output | ||
|
||
result = runner.invoke(config.config.commands["aaa"],\ | ||
["authentication", "login", "default"], obj=db) | ||
print(result.exit_code) | ||
print(result.output) | ||
assert result.exit_code == 0 | ||
assert result.output == config_aaa_empty_output | ||
|
||
db.cfgdb.delete_table("AAA") | ||
|
||
result = runner.invoke(show.cli.commands["aaa"], [], obj=db) | ||
assert result.exit_code == 0 | ||
assert result.output == show_aaa_default_output | ||
|
||
def test_config_aaa_radius_invalid(self): | ||
runner = CliRunner() | ||
result = runner.invoke(config.config.commands["aaa"],\ | ||
["authentication", "login", "radius", "tacacs+"]) | ||
print(result.exit_code) | ||
print(result.output) | ||
assert result.exit_code == 0 | ||
assert result.output == config_aaa_not_a_valid_command_output | ||
|
||
def test_config_aaa_tacacs(self, get_cmd_module): | ||
(config, show) = get_cmd_module | ||
runner = CliRunner() | ||
db = Db() | ||
db.cfgdb.delete_table("AAA") | ||
|
||
# test tacacs authentication | ||
result = runner.invoke(config.config.commands["aaa"],\ | ||
["authentication", "login", "tacacs+"], obj=db) | ||
print(result.exit_code) | ||
print(result.output) | ||
assert result.exit_code == 0 | ||
assert result.output == config_aaa_empty_output | ||
|
||
db.cfgdb.mod_entry("AAA", "authentication", {'login' : 'tacacs+'}) | ||
|
||
result = runner.invoke(show.cli.commands["aaa"], [], obj=db) | ||
assert result.exit_code == 0 | ||
assert result.output == show_aaa_tacacs_authentication_output | ||
|
||
# test tacacs authorization | ||
result = runner.invoke(config.config.commands["aaa"],\ | ||
["authorization", "tacacs+"], obj=db) | ||
print(result.exit_code) | ||
print(result.output) | ||
assert result.exit_code == 0 | ||
assert result.output == config_aaa_empty_output | ||
|
||
db.cfgdb.mod_entry("AAA", "authorization", {'login' : 'tacacs+'}) | ||
|
||
result = runner.invoke(show.cli.commands["aaa"], [], obj=db) | ||
assert result.exit_code == 0 | ||
assert result.output == show_aaa_tacacs_authorization_output | ||
|
||
# test tacacs + local authorization | ||
result = runner.invoke(config.config.commands["aaa"],\ | ||
["authorization", "tacacs+ local"], obj=db) | ||
print(result.exit_code) | ||
print(result.output) | ||
assert result.exit_code == 0 | ||
assert result.output == config_aaa_empty_output | ||
|
||
db.cfgdb.mod_entry("AAA", "authorization", {'login' : 'tacacs+,local'}) | ||
|
||
result = runner.invoke(show.cli.commands["aaa"], [], obj=db) | ||
assert result.exit_code == 0 | ||
assert result.output == show_aaa_tacacs_local_authorization_output | ||
|
||
# test tacacs accounting | ||
result = runner.invoke(config.config.commands["aaa"],\ | ||
["accounting", "tacacs+"], obj=db) | ||
print(result.exit_code) | ||
print(result.output) | ||
assert result.exit_code == 0 | ||
assert result.output == config_aaa_empty_output | ||
|
||
db.cfgdb.mod_entry("AAA", "accounting", {'login' : 'tacacs+'}) | ||
|
||
result = runner.invoke(show.cli.commands["aaa"], [], obj=db) | ||
assert result.exit_code == 0 | ||
assert result.output == show_aaa_tacacs_accounting_output | ||
|
||
# test tacacs + local accounting | ||
result = runner.invoke(config.config.commands["aaa"],\ | ||
["accounting", "tacacs+ local"], obj=db) | ||
print(result.exit_code) | ||
print(result.output) | ||
assert result.exit_code == 0 | ||
assert result.output == config_aaa_empty_output | ||
|
||
db.cfgdb.mod_entry("AAA", "accounting", {'login' : 'tacacs+,local'}) | ||
|
||
result = runner.invoke(show.cli.commands["aaa"], [], obj=db) | ||
assert result.exit_code == 0 | ||
assert result.output == show_aaa_tacacs_local_accounting_output | ||
|
||
# test disable accounting | ||
result = runner.invoke(config.config.commands["aaa"],\ | ||
["accounting", "disable"], obj=db) | ||
print(result.exit_code) | ||
print(result.output) | ||
assert result.exit_code == 0 | ||
assert result.output == config_aaa_empty_output | ||
|
||
db.cfgdb.mod_entry("AAA", "accounting", {'login' : 'disable'}) | ||
|
||
result = runner.invoke(show.cli.commands["aaa"], [], obj=db) | ||
assert result.exit_code == 0 | ||
assert result.output == show_aaa_disable_accounting_output | ||
|