def _from_idl(nh_idl, ne):
if nh_idl == None:
return
addr = None
if nh_idl.nextHop and nh_idl.nextHop.address != None:
if isinstance(nh_idl, L3UcastRouteNextHopIDL):
addr = NetworkInterface._convert_to_inetaddress(
nh_idl.nextHop.address)
elif isinstance(nh_idl, L3UcastRouteNextHopOutIDL):
addr = nh_idl.nextHop.address.addr
scp = L3UnicastScope._from_idl(nh_idl.scope)
ni = None
try:
ni = NetworkInterface(ne, nh_idl.nextHop.name,
nh_idl.nextHop.interfaceType,
nh_idl.nextHop.xosHandle)
except OnepIllegalArgumentException as e:
L3UnicastNextHop.log.debug('failed to convert NetworkInterface ' +
e)
L3UnicastNextHop.log.debug('Creating L3UcastRouteNextHop from IDL')
l3nh = L3UnicastNextHop(ni, addr, scp, nh_idl.nextHop.ec,
nh_idl.nextHop.metric)
if nh_idl.nextHop.route_tag is not None:
l3nh._route_tag = nh_idl.nextHop.route_tag
return l3nh
def _from_idl(node_idl, node_type):
if node_idl is None or node_type is None:
return
node_name = node_idl.hostname
addr_list = list()
na_list = node_idl.addrlist
if na_list != None:
for na in na_list:
inet_addr = NetworkInterface._convert_to_inetaddress(na)
if inet_addr != None:
addr_list.append(inet_addr)
return Node(node_name, node_type, addr_list)
def _from_out_idl(node_out_idl, node_type):
"""
Convert TopologyNodeOutIDL to Node object
This method for internal use only
@param node_out_idl: TopologyNodeOutIDL object
@param node_type: NodeType node type
@return: Node object
"""
if node_out_idl == None or node_type == None:
return
node_name = node_out_idl.hostname
addr_list = list()
na_list = node_out_idl.addrlist
if na_list != None:
for na in na_list:
inet_addr = NetworkInterface._convert_to_inetaddress(na)
if inet_addr != None:
addr_list.append(inet_addr)
return Node(node_name, node_type, addr_list)
def _from_idl(route_idl, ne):
if route_idl == None:
return
nh_set = set()
for nh_idl in route_idl.hopList:
if nh_idl != None:
nh_set.add(L3UnicastNextHop._from_idl(nh_idl, ne))
prefix = None
addr = None
if route_idl.prefix != None and route_idl.prefix.addr != None:
if isinstance(route_idl, L3UcastRouteIDL):
addr = NetworkInterface._convert_to_inetaddress(
route_idl.prefix.addr)
elif isinstance(route_idl, L3UcastRouteOutIDL):
addr = route_idl.prefix.addr.addr
prefix = NetworkPrefix(addr, route_idl.prefix.prefix_len)
return L3UnicastRoute(prefix, nh_set, route_idl.ownerType,
route_idl.tag, route_idl.l3UcastRouteType,
route_idl.route.adminDistance,
route_idl.route.metric, route_idl.route.ec)
def _from_idl(connector_idl, connector_type, node):
"""
Convert a TopologyConnectorIDL object to NodeConnector.
This method is for internal use only.
@param connector_idl: TopologyConnectorIDL object.
@param connector_type: ConnectorType object
@param node: associated node
@return: A NodeConnector object
"""
if connector_idl == None or connector_type == None:
return
node_name = connector_idl.connname
addr_list = []
na_list = connector_idl.addrlist
if na_list != None:
for na in na_list:
inet_addr = NetworkInterface._convert_to_inetaddress(na)
if inet_addr != None:
addr_list.append(inet_addr)
return NodeConnector(node_name, connector_type, node, addr_list)
def authenticate(self, list_):
"""
Authenticate a user using the AAA Service on the Network Element.
This method authenticates a user (i.e. an instance of AAA User)
using the AAA Service on the Network Element associated with the user
set while creating the AAA User instance
or updated using set_network_element(NetworkElement).
On successful authentication the following will happen:
- The user's authorization profile configured on the AAA server is
returned as a AAA Attribute List instance.
- Accounting is turned on for the user, if the AAA Server
administrator has enabled auto-accounting for this user by
configuring Cisco VSA "auto-acct=enable" in the user's authorization
profile.
The AAA User Authorization Profile is realized using a list of L{onep.aaa.Attribute}
structure, which is cached locally in the AAA User instance.
Change of Authorization functionality is not available,
so if the AAA admin changes the user's profile on the AAA server after
the user was successfully authenticated, the new profile will not
be reflected in this object unless the Application calls
authenticate() again to refresh the Authorization Profile.
Note:
Accounting, if enabled, is turned off when the AAA User instance
is removed using remove_user() or if the AAA User's
Network Element attachment is changed using
set_network_element(NetworkElement) API
Note:
The AAA Server that was used to service this request
can be retrieved from self.server
Note:
The "allowed-action" attribute is not returned in the authorization
profile. Use is_action_authorized(String) to read the
value of this attribute set in the authorization profile configured
on the AAA server.
Example:
>>> attrs = user.authenticate(None)
>>> for attr in attrs:
print str(attr)
@return: List of Attributes containing the authorization profile for the user.
If no authorization profile is configured on AAA server, the list is a size of 0.
@raise OnepConnectionException:
The exception is thrown when connection to a network element has failed
@raise OnepRemoteProcedureException:
The exception is thrown when error has occurred in the remote-
procedure call made to a network element
"""
attrType = None
attr = None
attrName = None
format = AttrFormat_e()
idlList = self.AttrListToIDL(list_)
try:
self._validate_element_connection()
except OnepException:
raise
try:
result = self.user_client.authenticate_IDL(
self.network_element.session_handle._id, self.username,
self.password, idlList)
self.userID = result.aaa_user_id
self.is_auto_acct_enabled = True if result.auto_acct_enabled != 0 else False
try:
address = NetworkInterface._convert_to_inetaddress(
result.server.address)
self.server = Server(
address,
Server.OnepAAAProtocol.enumval(result.server.aaa_protocol))
except OnepIllegalArgumentException as e2:
self.log.error(
'User authenticate: error retrieving server information')
for attrIDL in result.author_profile:
skipResultList = False
attr = None
attrName = None
format = attrIDL.format
try:
attrType = attrIDL.type
except OnepIllegalArgumentException as e1:
self.log.error('Error adding attribute type ' +
str(attrIDL.type) +
' to list, possible enum mismatch')
continue
if attrIDL.type == OnepAAAAttributeType.ONEP_AAA_AT_ALLOWED_APP or attrIDL.type == OnepAAAAttributeType.ONEP_AAA_AT_ALLOWED_ACTION or attrIDL.type == OnepAAAAttributeType.ONEP_AAA_AT_AUTO_ACCT:
skipResultList = True
if attrIDL.type == OnepAAAAttributeType.ONEP_AAA_AT_APP_ATTR:
appAttrValue = attrIDL.str_value
if appAttrValue.startswith('"') and appAttrValue.endswith(
'"'):
appAttrValue = appAttrValue.substring[1:-1]
appValue = appAttrValue.split(':')
if len(appValue) < 3:
self.log.error('Invalid app attribute format')
continue
attrName = appValue[0]
try:
if appValue[1].lower() == 'string':
attr = StringAttribute(attrType, attrName,
appValue[2])
else:
attr = IntAttribute(attrType, attrName,
int(appValue[2]))
except OnepIllegalArgumentException as e:
self.log.error(
'Error adding a Application attribute type ' +
str(appValue))
continue
elif format == AttrFormat_e.AAA_TYPE_FORMAT_ULONG:
try:
attr = IntAttribute(attrType, None,
attrIDL.ulong_value)
except OnepIllegalArgumentException as e:
self.log.error('Error adding attribute type ' +
str(attrType))
continue
elif format == AttrFormat_e.AAA_TYPE_FORMAT_STRING:
try:
attr = StringAttribute(attrType, None,
attrIDL.str_value)
except OnepIllegalArgumentException as e:
self.log.error('Error adding attribute type ' +
str(attrType))
continue
elif format == AttrFormat_e.AAA_TYPE_FORMAT_BINARY:
try:
attr = BinaryAttribute(attrType, None,
attrIDL.binary_value)
except OnepIllegalArgumentException as e:
self.log.error('Error adding attribute type ' +
str(attrType))
continue
else:
try:
attr = AddressAttribute(attrType, None,
attrIDL.str_value)
except OnepIllegalArgumentException as e:
self.log.error('Error adding attribute type ' +
str(attrType))
continue
self.attr_original.append(attr)
if not skipResultList:
self.auth_profile.append(attr)
except ExceptionIDL as e:
raise OnepRemoteProcedureException(e)
except TException as e:
raise OnepConnectionException(arg_cause=e)
return self.auth_profile
