From 7b47641f46948b2f32e926ca63eb9e2041ccb606 Mon Sep 17 00:00:00 2001
From: Hua Liu <58683130+liuh-80@users.noreply.github.com>
Date: Mon, 10 Jul 2023 09:35:46 +0800
Subject: [PATCH] [202012] [TACACS+] Add config command for AAA authorization
 and accounting. (#1889) (#2891)

* [TACACS+] Add config command for AAA authorization and accounting. (#1889)

This pull request add config command for AAA authorization & accounting.

    Support TACACS per-command authorization & accounting.

    Change AAA config command to support authorization & accounting.
    Change show AAA command to support authorization & accounting.
    Add UT to cover changed code.

    1. Build following project and pass all UTs:
        make target/python-wheels/sonic_utilities-1.2-py3-none-any.whl
    2. Test new command manually.

    N/A

    Add config command for AAA authorization & accounting.

* Remove radius UT

* Remove UT because depends code change not in 202012

---------

Co-authored-by: Qi Luo <qiluo-msft@users.noreply.github.com>
---
 config/aaa.py | 38 ++++++++++++++++++++++++++++++++++++++
 show/main.py  | 10 ++++++++++
 2 files changed, 48 insertions(+)

diff --git a/config/aaa.py b/config/aaa.py
index a56a977bad..ddbc31f0bb 100644
--- a/config/aaa.py
+++ b/config/aaa.py
@@ -78,6 +78,44 @@ def login(auth_protocol):
         add_table_kv('AAA', 'authentication', 'login', val)
 authentication.add_command(login)
 
+# cmd: aaa authorization
+@click.command()
+@click.argument('protocol', nargs=-1, type=click.Choice([ "tacacs+", "local", "tacacs+ local"]))
+def authorization(protocol):
+    """Switch AAA authorization [tacacs+ | local | '\"tacacs+ local\"']"""
+    if len(protocol) == 0:
+        click.echo('Argument "protocol" is required')
+        return
+
+    if len(protocol) == 1 and (protocol[0] == 'tacacs+' or protocol[0] == 'local'):
+        add_table_kv('AAA', 'authorization', 'login', protocol[0])
+    elif len(protocol) == 1 and protocol[0] == 'tacacs+ local':
+        add_table_kv('AAA', 'authorization', 'login', 'tacacs+,local')
+    else:
+        click.echo('Not a valid command')
+aaa.add_command(authorization)
+
+# cmd: aaa accounting
+@click.command()
+@click.argument('protocol', nargs=-1, type=click.Choice(["disable", "tacacs+", "local", "tacacs+ local"]))
+def accounting(protocol):
+    """Switch AAA accounting [disable | tacacs+ | local | '\"tacacs+ local\"']"""
+    if len(protocol) == 0:
+        click.echo('Argument "protocol" is required')
+        return
+
+    if len(protocol) == 1:
+        if protocol[0] == 'tacacs+' or protocol[0] == 'local':
+            add_table_kv('AAA', 'accounting', 'login', protocol[0])
+        elif protocol[0] == 'tacacs+ local':
+            add_table_kv('AAA', 'accounting', 'login', 'tacacs+,local')
+        elif protocol[0] == 'disable':
+            del_table_key('AAA', 'accounting', 'login')
+        else:
+            click.echo('Not a valid command')
+    else:
+        click.echo('Not a valid command')
+aaa.add_command(accounting)
 
 @click.group()
 def tacacs():
diff --git a/show/main.py b/show/main.py
index 73d8089ee5..0a98f4b7ee 100644
--- a/show/main.py
+++ b/show/main.py
@@ -1434,10 +1434,20 @@ def aaa():
         'authentication': {
             'login': 'local (default)',
             'failthrough': 'False (default)'
+        },
+        'authorization': {
+            'login': 'local (default)'
+        },
+        'accounting': {
+            'login': 'disable (default)'
         }
     }
     if 'authentication' in data:
         aaa['authentication'].update(data['authentication'])
+    if 'authorization' in data:
+        aaa['authorization'].update(data['authorization'])
+    if 'accounting' in data:
+        aaa['accounting'].update(data['accounting'])
     for row in aaa:
         entry = aaa[row]
         for key in entry: