[202012] [TACACS+] Add config command for AAA authorization and accou…

…nting. (#1889) (#2891) * [TACACS+] Add config command for AAA authorization and accounting. (#1889) This pull request add config command for AAA authorization & accounting. Support TACACS per-command authorization & accounting. Change AAA config command to support authorization & accounting. Change show AAA command to support authorization & accounting. Add UT to cover changed code. 1. Build following project and pass all UTs: make target/python-wheels/sonic_utilities-1.2-py3-none-any.whl 2. Test new command manually. N/A Add config command for AAA authorization & accounting. * Remove radius UT * Remove UT because depends code change not in 202012 --------- Co-authored-by: Qi Luo <qiluo-msft@users.noreply.github.com>
sonic-net · Jul 10, 2023 · 7b47641 · 7b47641
1 parent 399b1e3
commit 7b47641
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 0 deletions.
diff --git a/config/aaa.py b/config/aaa.py
@@ -78,6 +78,44 @@ def login(auth_protocol):
         add_table_kv('AAA', 'authentication', 'login', val)
 authentication.add_command(login)
 
+# cmd: aaa authorization
+@click.command()
+@click.argument('protocol', nargs=-1, type=click.Choice([ "tacacs+", "local", "tacacs+ local"]))
+def authorization(protocol):
+    """Switch AAA authorization [tacacs+ | local | '\"tacacs+ local\"']"""
+    if len(protocol) == 0:
+        click.echo('Argument "protocol" is required')
+        return
+
+    if len(protocol) == 1 and (protocol[0] == 'tacacs+' or protocol[0] == 'local'):
+        add_table_kv('AAA', 'authorization', 'login', protocol[0])
+    elif len(protocol) == 1 and protocol[0] == 'tacacs+ local':
+        add_table_kv('AAA', 'authorization', 'login', 'tacacs+,local')
+    else:
+        click.echo('Not a valid command')
+aaa.add_command(authorization)
+
+# cmd: aaa accounting
+@click.command()
+@click.argument('protocol', nargs=-1, type=click.Choice(["disable", "tacacs+", "local", "tacacs+ local"]))
+def accounting(protocol):
+    """Switch AAA accounting [disable | tacacs+ | local | '\"tacacs+ local\"']"""
+    if len(protocol) == 0:
+        click.echo('Argument "protocol" is required')
+        return
+
+    if len(protocol) == 1:
+        if protocol[0] == 'tacacs+' or protocol[0] == 'local':
+            add_table_kv('AAA', 'accounting', 'login', protocol[0])
+        elif protocol[0] == 'tacacs+ local':
+            add_table_kv('AAA', 'accounting', 'login', 'tacacs+,local')
+        elif protocol[0] == 'disable':
+            del_table_key('AAA', 'accounting', 'login')
+        else:
+            click.echo('Not a valid command')
+    else:
+        click.echo('Not a valid command')
+aaa.add_command(accounting)
 
 @click.group()
 def tacacs():

diff --git a/show/main.py b/show/main.py
@@ -1434,10 +1434,20 @@ def aaa():
         'authentication': {
             'login': 'local (default)',
             'failthrough': 'False (default)'
+        },
+        'authorization': {
+            'login': 'local (default)'
+        },
+        'accounting': {
+            'login': 'disable (default)'
         }
     }
     if 'authentication' in data:
         aaa['authentication'].update(data['authentication'])
+    if 'authorization' in data:
+        aaa['authorization'].update(data['authorization'])
+    if 'accounting' in data:
+        aaa['accounting'].update(data['accounting'])
     for row in aaa:
         entry = aaa[row]
         for key in entry: