def test11():
logger.info("***** Test 11 - Two Router FSM Test with jsonpath *****")
args = {'verbose': True}
template = """Value slot_id (\S+)
Value pid (\S+)
Value Required serial_number (\S+)
Start
^\s*SlotID\s+PID\s+SN\s+UDI
^\s*-+
^\s*${slot_id}\s+${pid}\s+${serial_number}\s+.* -> Record
"""
template = StringIO(template)
license_match = CmdFsmParse(
"license_match", [("show license udi", template, '$..serial_number')])
license_rule = Rule("license")
license_rule.set_confirm_match(license_match)
test_rules = {1: license_rule}
task = TemplateTask(DEVICES,
'ios',
'cisco',
'cisco',
rules=list(test_rules.keys()),
rule_objs=test_rules,
optional_args=args)
task.run_all_rules(skip_config=True, skip_facts=True)
pprint(task.matches)
pprint(task.objects)
def test4():
logger.info("***** Tes4 - Two Router Two Rules *****")
args = {'verbose': True}
bgp_router_match = Match("bgp_router", "global", "^router\s+bgp")
bgp_rule = Rule("Match BGP routing")
bgp_rule.set_confirm_match(bgp_router_match)
ospf_router_match = Match("ospf_router", "global", "^router\s+ospf")
ospf_lsa_match = Match("ospf_max_lsa", r"^\s*router ospf",
(False, r"max-metric router-lsa"))
ospf_rule = Rule("Match OSPF routing")
ospf_rule.set_confirm_match(ospf_router_match, '&', ospf_lsa_match)
test_rules = {1: bgp_rule, 2: ospf_rule}
task = TestTask(DEVICES, 'ios', 'cisco', 'cisco', optional_args=args)
task.set_device_rules(list(test_rules.keys()), test_rules)
task.run_all_rules()
pprint(task.matches)
def test12():
logger.info("***** Test 11 - Two Router Napalm BGP *****")
args = {'verbose': True}
bgp_match = NapalmGet("bgp_neighbors",
[("bgp_neighbors", '$..*[@.is_up is True]')])
bgp_rule = Rule("bgp")
bgp_rule.set_confirm_match(bgp_match)
test_rules = {1: bgp_rule}
task = TemplateTask(DEVICES,
'ios',
'cisco',
'cisco',
rules=list(test_rules.keys()),
rule_objs=test_rules,
optional_args=args)
task.run_all_rules(skip_config=True, skip_facts=True)
pprint(task.matches)
pprint(task.objects)
def test3():
logger.info("***** Test3 - Two Router Single Rule *****")
args = {'verbose': True}
tacacs_server_global_count = Count("tacacs_server_global",
r"^aaa group server tacacs\+",
(True, r"server\s+", ">1"))
tacacs_server_rule = Rule("Redundant Tacacs servers not configured")
tacacs_server_rule.set_confirm_match(tacacs_server_global_count)
test_rules = {1: tacacs_server_rule}
logger.debug(test_rules)
task = TestTask(DEVICES,
'ios',
'cisco',
'cisco',
rules=list(test_rules.keys()),
rule_objs=test_rules,
optional_args=args)
task.run_all_rules()
pprint(task.matches)
def test5():
logger.info("***** Test5 - Two Router Command Rules *****")
args = {'verbose': True}
command = {
'show cdp neighbor': {
'countcmpnumzl': [(r'csr1000v-\d\.virl\.info', r'> 1')]
}
}
cdp_parse = CmdParse('cdp_parse', command)
cdp_rule = Rule("CDP Parse")
cdp_rule.set_confirm_match(cdp_parse)
test_rules = {1: cdp_rule}
task = TestTask(DEVICES,
'ios',
'cisco',
'cisco',
rules=list(test_rules.keys()),
rule_objs=test_rules,
optional_args=args)
task.run_all_rules()
pprint(task.matches)
def build_rules():
nxos_interface_fpath_match = Match(
"nxos_interface_fpath",
r"^interface", [(True, r"switchport\s+mode\s+fabricpath"),
(False, r"vpc\s+peer-link"),
(True, r"^\s*no\s+shutdown"),
(False, r"channel\-group\s+\d+")])
nxos_interface_fpath_rule = Rule("Shutdown fabricpath ports")
nxos_interface_fpath_rule.set_confirm_match(nxos_interface_fpath_match)
template = "{% for interface in objects['nxos_interface_fpath'][0] %}\n{{ interface.text }}\n shutdown\n{% endfor %}\n" \
"\n********** Undo **********\n" \
"{% for interface in objects['nxos_interface_fpath'][0] %}\n{{ interface.text }}\n no shut\n{% endfor %}\n"
nxos_interface_fpath_rule.set_config_template(template)
fpath_vdc_rules["fpath"] = nxos_interface_fpath_rule
nxos_interface_vpc_match = Match("nxos_interface_vpc",
r"interface port-channel",
[(True, r"vpc\s+\d+"),
(False, r"^\s*shutdown")])
nxos_interface_vpc_rule = Rule("Shutdown vpc ports")
nxos_interface_vpc_rule.set_confirm_match(nxos_interface_vpc_match)
template = "{% for interface in objects['nxos_interface_vpc'][0] %}\n{{ interface.text }}\n shutdown\n{% endfor %}\n" \
"\n********** Undo **********\n" \
"{% for interface in objects['nxos_interface_vpc'][0] %}\n{{ interface.text }}\n no shut\n{% endfor %}\n"
nxos_interface_vpc_rule.set_config_template(template)
default_vdc_rules[545325] = nxos_interface_vpc_rule
fpath_vdc_rules[545325] = nxos_interface_vpc_rule
nxos_interface_pka_match = Match("nxos_interface_pka", r"^interface",
[(True, r"^\s*ip\s+address"),
(True, r"vrf\s+member\s+vpc\-keepalive"),
(False, r"^\s*shutdown")])
nxos_interface_pka_rule = Rule("Shutdown PKA")
nxos_interface_pka_rule.set_confirm_match(nxos_interface_pka_match)
template = "{% for interface in objects['nxos_interface_pka'][0] %}\n{{ interface.text }}\n shutdown\n{% endfor %}\n" \
"\n********** Undo **********\n" \
"{% for interface in objects['nxos_interface_pka'][0] %}\n{{ interface.text }}\n no shut\n{% endfor %}\n"
nxos_interface_pka_rule.set_config_template(template)
default_vdc_rules["pka"] = nxos_interface_pka_rule
fpath_vdc_rules["pka"] = nxos_interface_pka_rule
nxos_interface_peerlink_match = Match("nxos_interface_peerlink",
r"interface port-channel",
[(True, r"vpc\s+peer-link"),
(False, r"^\s*shutdown")])
nxos_interface_peerlink_rule = Rule("Shutdown vpc peer link ports")
nxos_interface_peerlink_rule.set_confirm_match(
nxos_interface_peerlink_match)
template = "{% for interface in objects['nxos_interface_peerlink'][0] %}\n{{ interface.text }}\n shutdown\n{% endfor %}\n" \
"\n********** Undo **********\n" \
"{% for interface in objects['nxos_interface_peerlink'][0] %}\n{{ interface.text }}\n no shut\n{% endfor %}\n"
nxos_interface_peerlink_rule.set_config_template(template)
default_vdc_rules["peerlink"] = nxos_interface_peerlink_rule
fpath_vdc_rules["peerlnk"] = nxos_interface_peerlink_rule
bgp_router_match = Match("bgp_router", "global", "^router\s+bgp")
# bgp_routemap_match = BlockMatch("bgp_routemap_match", r"^\s+route-map")
# bgp_neighbors_af_match = ChildMatch("bgp_neighbors_af_match", r"\s+neighbor", r"\s+(address-family.*)")
# bgp_routemap_rule = Rule("BGP Prepend to All Neighbors")
# bgp_routemap_rule.set_confirm_match(bgp_router_match, '&', bgp_routemap_match, '&', bgp_neighbors_af_match)
# """
# !*** BGP Prepend to All Neighbors ***
# {'bgp_router': [[<IOSCfgLine # 225 'router bgp 65534'>]],
# 'bgp_routemap_match': ['router bgp 65534', ' neighbor 172.29.231.238 remote-as 65534', ' address-family ipv4 unicast',
# ' route-map CIENA-ROUTES out', ' neighbor 172.29.231.246 remote-as 65534', ' address-family ipv4 unicast',
# ' route-map CIENA-ROUTES out', ' neighbor 172.29.231.250 remote-as 65534', ' address-family ipv4 unicast',
# ' route-map CIENA-ROUTES ou'],
# 'bgp_neighbors_af_match': {'parents': [<IOSCfgLine # 228 ' neighbor 172.26.33.194 remote-as 65535' (parent is # 225)>,
# <IOSCfgLine # 231 ' neighbor 172.29.231.238 remote-as 65534' (parent is # 225)>,
# <IOSCfgLine # 235 ' neighbor 172.29.231.246 remote-as 65534' (parent is # 225)>,
# <IOSCfgLine # 239 ' neighbor 172.29.231.250 remote-as 65534' (parent is # 225)>],
# 'children': {' neighbor 172.26.33.194 remote-as 65535': ('address-family ipv4 unicast',),
# ' neighbor 172.29.231.238 remote-as 65534': ('address-family ipv4 unicast',),
# ' neighbor 172.29.231.246 remote-as 65534': ('address-family ipv4 unicast',),
# ' neighbor 172.29.231.250 remote-as 65534': ('address-family ipv4 unicast',)}}}
# """
# template = "route-map THESOUTHERNREACH permit 10\n set as-path prepend 65534 65534 65534 65534 \n" \
# "{{ objects['bgp_router'][0][0].text }}" \
# "{% for neighbor, af_tuple in objects['bgp_neighbors_af_match']['children'].items() %}\n" \
# "{{ neighbor }}\n" \
# "{% for af in af_tuple %}" \
# " {{ af }}\n" \
# " route-map THESOUTHERNREACH out\n" \
# "{% endfor %}\n" \
# "{% endfor %}\n" \
# "\n ********** Undo **********\n" \
# "{{ objects['bgp_router'][0][0].text }}" \
# "{% for neighbor, af_tuple in objects['bgp_neighbors_af_match']['children'].items() %}\n" \
# "{{ neighbor }}\n" \
# "{% for af in af_tuple %}" \
# " {{ af }}\n" \
# " no route-map THESOUTHERNREACH out\n" \
# "{% endfor %}\n" \
# "{% endfor %}\n" \
# "{% for line in objects['bgp_routemap_match'] %}" \
# "{{ line }}\n" \
# "{% endfor %}\n"
# bgp_routemap_rule.set_config_template(template)
bgp_shutdown_rule = Rule("Shutdown BGP routing")
bgp_shutdown_rule.set_confirm_match(bgp_router_match)
template = "{{ objects['bgp_router'][0][0].text }}" \
" shutdown\n" \
"\n ********** Undo **********\n" \
"{{ objects['bgp_router'][0][0].text }}" \
" no shutdown\n"
bgp_shutdown_rule.set_config_template(template)
default_vdc_rules["bgp"] = bgp_shutdown_rule
ospf_router_match = Match("ospf_router", "global", "^router\s+ospf")
ospf_shutdown_match = Match("ospf_max_lsa", r"^\s*router ospf",
(False, r"max-metric router-lsa"))
ospf_shutdown_rule = Rule("Disable OSPF routing")
ospf_shutdown_rule.set_confirm_match(ospf_router_match, '&',
ospf_shutdown_match)
template = "{% for router in objects['ospf_router'][0] %}\n{{ router.text }}\n max-metric router-lsa\n{% endfor %}\n" \
"\n ********** Undo **********\n" \
"{% for router in objects['ospf_router'][0] %}\n{{ router.text }}\n no max-metric router-lsa\n{% endfor %}\n"
ospf_shutdown_rule.set_config_template(template)
default_vdc_rules["ospf shutdown"] = ospf_shutdown_rule
nxos_interface_ipint_match = Match(
"nxos_interface_ipint", r"^interface\s+(?:Ethernet)",
[(True, r"^\s*ip\s+address"),
(False, r"vrf\s+member\s+vpc\-keepalive"),
(True, r"^\s*no\s+shutdown")])
nxos_interface_ipint_rule = Rule("Shutdown L3 Interfaces")
nxos_interface_ipint_rule.set_confirm_match(nxos_interface_ipint_match)
template = "{% for interface in objects['nxos_interface_ipint'][0] %}\n{{ interface.text }}\n shutdown\n{% endfor %}\n" \
"\n ********** Undo **********\n" \
"{% for interface in objects['nxos_interface_ipint'][0] %}\n{{ interface.text }}\n no shut\n{% endfor %}\n"
nxos_interface_ipint_rule.set_config_template(template)
default_vdc_rules["ipint"] = nxos_interface_ipint_rule
nxos_pc_ipint_match = Match("nxos_pc_ipint",
r"^interface\s+(?:port\-channel)",
[(True, r"^\s*ip\s+address"),
(False, r"vrf\s+member\s+vpc\-keepalive"),
(False, r"^\s*shutdown")])
nxos_pc_ipint_rule = Rule("Shutdown L3 PC Interfaces")
nxos_pc_ipint_rule.set_confirm_match(nxos_pc_ipint_match)
template = "{% for interface in objects['nxos_pc_ipint'][0] %}\n{{ interface.text }}\n shutdown\n{% endfor %}\n" \
"\n ********** Undo **********\n" \
"{% for interface in objects['nxos_pc_ipint'][0] %}\n{{ interface.text }}\n no shut\n{% endfor %}\n"
nxos_pc_ipint_rule.set_config_template(template)
default_vdc_rules["pcipint"] = nxos_pc_ipint_rule