Skip to content

AAA

ANTA catalog for interfaces tests

Test functions related to the EOS various AAA settings

VerifyAcctConsoleMethods

Bases: AntaTest

Verifies the AAA accounting console method lists for different accounting types (system, exec, commands, dot1x).

Expected Results
  • success: The test will pass if the provided AAA accounting console method list is matching in the configured accounting types.
  • failure: The test will fail if the provided AAA accounting console method list is NOT matching in the configured accounting types.
  • skipped: The test will be skipped if the AAA accounting console method list or accounting type list are not provided.
Source code in anta/tests/aaa.py 
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
class VerifyAcctConsoleMethods(AntaTest):
    """
    Verifies the AAA accounting console method lists for different accounting types (system, exec, commands, dot1x).

    Expected Results:
        * success: The test will pass if the provided AAA accounting console method list is matching in the configured accounting types.
        * failure: The test will fail if the provided AAA accounting console method list is NOT matching in the configured accounting types.
        * skipped: The test will be skipped if the AAA accounting console method list or accounting type list are not provided.
    """

    name = "VerifyAcctConsoleMethods"
    description = "Verifies the AAA accounting console method lists for different accounting types (system, exec, commands, dot1x)."
    categories = ["aaa"]
    commands = [AntaCommand(command="show aaa methods accounting")]

    @AntaTest.anta_test
    def test(self, methods: Optional[List[str]] = None, auth_types: Optional[List[str]] = None) -> None:
        """
        Run VerifyAcctConsoleMethods validation.

        Args:
            methods: List of AAA accounting console methods. Methods should be in the right order.
            auth_types: List of accounting types to verify. List elements must be: commands, exec, system, dot1x.
        """
        if not methods or not auth_types:
            self.result.is_skipped(f"{self.__class__.name} did not run because methods or auth_types were not supplied")
            return

        methods_with_group = _check_group_methods(methods)

        _check_auth_type(auth_types, ["system", "exec", "commands", "dot1x"])

        command_output = self.instance_commands[0].json_output

        not_matching = []
        not_configured = []

        for auth_type in auth_types:
            auth_type_key = f"{auth_type}AcctMethods"

            method_key = list(command_output[auth_type_key].keys())[0]

            if not command_output[auth_type_key][method_key].get("consoleAction"):
                not_configured.append(auth_type)

            if command_output[auth_type_key][method_key]["consoleMethods"] != methods_with_group:
                not_matching.append(auth_type)

        if not_configured:
            self.result.is_failure(f"AAA console accounting is not configured for {not_configured}")
            return

        if not not_matching:
            self.result.is_success()
        else:
            self.result.is_failure(f"AAA accounting console methods {methods} are not matching for {not_matching}")

test 

test(
    methods: Optional[List[str]] = None,
    auth_types: Optional[List[str]] = None,
) -> None

Run VerifyAcctConsoleMethods validation.

Parameters:

Name Type Description Default
methods Optional[List[str]]

List of AAA accounting console methods. Methods should be in the right order.

 None
auth_types Optional[List[str]]

List of accounting types to verify. List elements must be: commands, exec, system, dot1x.

 None
Source code in anta/tests/aaa.py 
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
@AntaTest.anta_test
def test(self, methods: Optional[List[str]] = None, auth_types: Optional[List[str]] = None) -> None:
    """
    Run VerifyAcctConsoleMethods validation.

    Args:
        methods: List of AAA accounting console methods. Methods should be in the right order.
        auth_types: List of accounting types to verify. List elements must be: commands, exec, system, dot1x.
    """
    if not methods or not auth_types:
        self.result.is_skipped(f"{self.__class__.name} did not run because methods or auth_types were not supplied")
        return

    methods_with_group = _check_group_methods(methods)

    _check_auth_type(auth_types, ["system", "exec", "commands", "dot1x"])

    command_output = self.instance_commands[0].json_output

    not_matching = []
    not_configured = []

    for auth_type in auth_types:
        auth_type_key = f"{auth_type}AcctMethods"

        method_key = list(command_output[auth_type_key].keys())[0]

        if not command_output[auth_type_key][method_key].get("consoleAction"):
            not_configured.append(auth_type)

        if command_output[auth_type_key][method_key]["consoleMethods"] != methods_with_group:
            not_matching.append(auth_type)

    if not_configured:
        self.result.is_failure(f"AAA console accounting is not configured for {not_configured}")
        return

    if not not_matching:
        self.result.is_success()
    else:
        self.result.is_failure(f"AAA accounting console methods {methods} are not matching for {not_matching}")

VerifyAcctDefaultMethods

Bases: AntaTest

Verifies the AAA accounting default method lists for different accounting types (system, exec, commands, dot1x).

Expected Results
  • success: The test will pass if the provided AAA accounting default method list is matching in the configured accounting types.
  • failure: The test will fail if the provided AAA accounting default method list is NOT matching in the configured accounting types.
  • skipped: The test will be skipped if the AAA accounting default method list or accounting type list are not provided.
Source code in anta/tests/aaa.py 
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
class VerifyAcctDefaultMethods(AntaTest):
    """
    Verifies the AAA accounting default method lists for different accounting types (system, exec, commands, dot1x).

    Expected Results:
        * success: The test will pass if the provided AAA accounting default method list is matching in the configured accounting types.
        * failure: The test will fail if the provided AAA accounting default method list is NOT matching in the configured accounting types.
        * skipped: The test will be skipped if the AAA accounting default method list or accounting type list are not provided.
    """

    name = "VerifyAcctDefaultMethods"
    description = "Verifies the AAA accounting default method lists for different accounting types (system, exec, commands, dot1x)."
    categories = ["aaa"]
    commands = [AntaCommand(command="show aaa methods accounting")]

    @AntaTest.anta_test
    def test(self, methods: Optional[List[str]] = None, auth_types: Optional[List[str]] = None) -> None:
        """
        Run VerifyAcctDefaultMethods validation.

        Args:
            methods: List of AAA accounting default methods. Methods should be in the right order.
            auth_types: List of accounting types to verify. List elements must be: commands, exec, system, dot1x.
        """
        if not methods or not auth_types:
            self.result.is_skipped(f"{self.__class__.name} did not run because methods or auth_types were not supplied")
            return

        methods_with_group = _check_group_methods(methods)

        _check_auth_type(auth_types, ["system", "exec", "commands", "dot1x"])

        command_output = self.instance_commands[0].json_output

        not_matching = []
        not_configured = []

        for auth_type in auth_types:
            auth_type_key = f"{auth_type}AcctMethods"

            method_key = list(command_output[auth_type_key].keys())[0]

            if not command_output[auth_type_key][method_key].get("defaultAction"):
                not_configured.append(auth_type)

            if command_output[auth_type_key][method_key]["defaultMethods"] != methods_with_group:
                not_matching.append(auth_type)

        if not_configured:
            self.result.is_failure(f"AAA default accounting is not configured for {not_configured}")
            return

        if not not_matching:
            self.result.is_success()
        else:
            self.result.is_failure(f"AAA accounting default methods {methods} are not matching for {not_matching}")

test 

test(
    methods: Optional[List[str]] = None,
    auth_types: Optional[List[str]] = None,
) -> None

Run VerifyAcctDefaultMethods validation.

Parameters:

Name Type Description Default
methods Optional[List[str]]

List of AAA accounting default methods. Methods should be in the right order.

 None
auth_types Optional[List[str]]

List of accounting types to verify. List elements must be: commands, exec, system, dot1x.

 None
Source code in anta/tests/aaa.py 
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
@AntaTest.anta_test
def test(self, methods: Optional[List[str]] = None, auth_types: Optional[List[str]] = None) -> None:
    """
    Run VerifyAcctDefaultMethods validation.

    Args:
        methods: List of AAA accounting default methods. Methods should be in the right order.
        auth_types: List of accounting types to verify. List elements must be: commands, exec, system, dot1x.
    """
    if not methods or not auth_types:
        self.result.is_skipped(f"{self.__class__.name} did not run because methods or auth_types were not supplied")
        return

    methods_with_group = _check_group_methods(methods)

    _check_auth_type(auth_types, ["system", "exec", "commands", "dot1x"])

    command_output = self.instance_commands[0].json_output

    not_matching = []
    not_configured = []

    for auth_type in auth_types:
        auth_type_key = f"{auth_type}AcctMethods"

        method_key = list(command_output[auth_type_key].keys())[0]

        if not command_output[auth_type_key][method_key].get("defaultAction"):
            not_configured.append(auth_type)

        if command_output[auth_type_key][method_key]["defaultMethods"] != methods_with_group:
            not_matching.append(auth_type)

    if not_configured:
        self.result.is_failure(f"AAA default accounting is not configured for {not_configured}")
        return

    if not not_matching:
        self.result.is_success()
    else:
        self.result.is_failure(f"AAA accounting default methods {methods} are not matching for {not_matching}")

VerifyAuthenMethods

Bases: AntaTest

Verifies the AAA authentication method lists for different authentication types (login, enable, dot1x).

Expected Results
  • success: The test will pass if the provided AAA authentication method list is matching in the configured authentication types.
  • failure: The test will fail if the provided AAA authentication method list is NOT matching in the configured authentication types.
  • skipped: The test will be skipped if the AAA authentication method list or authentication type list are not provided.
Source code in anta/tests/aaa.py 
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
class VerifyAuthenMethods(AntaTest):
    """
    Verifies the AAA authentication method lists for different authentication types (login, enable, dot1x).

    Expected Results:
        * success: The test will pass if the provided AAA authentication method list is matching in the configured authentication types.
        * failure: The test will fail if the provided AAA authentication method list is NOT matching in the configured authentication types.
        * skipped: The test will be skipped if the AAA authentication method list or authentication type list are not provided.
    """

    name = "VerifyAuthenMethods"
    description = "Verifies the AAA authentication method lists for different authentication types (login, enable, dot1x)."
    categories = ["aaa"]
    commands = [AntaCommand(command="show aaa methods authentication")]

    @AntaTest.anta_test
    def test(self, methods: Optional[List[str]] = None, auth_types: Optional[List[str]] = None) -> None:
        """
        Run VerifyAuthenMethods validation.

        Args:
            methods: List of AAA authentication methods. Methods should be in the right order.
            auth_types: List of authentication types to verify. List elements must be: login, enable, dot1x.
        """
        if not methods or not auth_types:
            self.result.is_skipped(f"{self.__class__.name} did not run because methods or auth_types were not supplied")
            return

        methods_with_group = _check_group_methods(methods)

        _check_auth_type(auth_types, ["login", "enable", "dot1x"])

        command_output = self.instance_commands[0].json_output

        not_matching = []

        for auth_type in auth_types:
            auth_type_key = f"{auth_type}AuthenMethods"

            if auth_type_key == "loginAuthenMethods":
                if not command_output[auth_type_key].get("login"):
                    self.result.is_failure("AAA authentication methods are not configured for login console")
                    return

                if command_output[auth_type_key]["login"]["methods"] != methods_with_group:
                    self.result.is_failure(f"AAA authentication methods {methods} are not matching for login console")
                    return

            if command_output[auth_type_key]["default"]["methods"] != methods_with_group:
                not_matching.append(auth_type)

        if not not_matching:
            self.result.is_success()
        else:
            self.result.is_failure(f"AAA authentication methods {methods} are not matching for {not_matching}")

test 

test(
    methods: Optional[List[str]] = None,
    auth_types: Optional[List[str]] = None,
) -> None

Run VerifyAuthenMethods validation.

Parameters:

Name Type Description Default
methods Optional[List[str]]

List of AAA authentication methods. Methods should be in the right order.

 None
auth_types Optional[List[str]]

List of authentication types to verify. List elements must be: login, enable, dot1x.

 None
Source code in anta/tests/aaa.py 
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
@AntaTest.anta_test
def test(self, methods: Optional[List[str]] = None, auth_types: Optional[List[str]] = None) -> None:
    """
    Run VerifyAuthenMethods validation.

    Args:
        methods: List of AAA authentication methods. Methods should be in the right order.
        auth_types: List of authentication types to verify. List elements must be: login, enable, dot1x.
    """
    if not methods or not auth_types:
        self.result.is_skipped(f"{self.__class__.name} did not run because methods or auth_types were not supplied")
        return

    methods_with_group = _check_group_methods(methods)

    _check_auth_type(auth_types, ["login", "enable", "dot1x"])

    command_output = self.instance_commands[0].json_output

    not_matching = []

    for auth_type in auth_types:
        auth_type_key = f"{auth_type}AuthenMethods"

        if auth_type_key == "loginAuthenMethods":
            if not command_output[auth_type_key].get("login"):
                self.result.is_failure("AAA authentication methods are not configured for login console")
                return

            if command_output[auth_type_key]["login"]["methods"] != methods_with_group:
                self.result.is_failure(f"AAA authentication methods {methods} are not matching for login console")
                return

        if command_output[auth_type_key]["default"]["methods"] != methods_with_group:
            not_matching.append(auth_type)

    if not not_matching:
        self.result.is_success()
    else:
        self.result.is_failure(f"AAA authentication methods {methods} are not matching for {not_matching}")

VerifyAuthzMethods

Bases: AntaTest

Verifies the AAA authorization method lists for different authorization types (commands, exec).

Expected Results
  • success: The test will pass if the provided AAA authorization method list is matching in the configured authorization types.
  • failure: The test will fail if the provided AAA authorization method list is NOT matching in the configured authorization types.
  • skipped: The test will be skipped if the AAA authentication method list or authorization type list are not provided.
Source code in anta/tests/aaa.py 
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
class VerifyAuthzMethods(AntaTest):
    """
    Verifies the AAA authorization method lists for different authorization types (commands, exec).

    Expected Results:
        * success: The test will pass if the provided AAA authorization method list is matching in the configured authorization types.
        * failure: The test will fail if the provided AAA authorization method list is NOT matching in the configured authorization types.
        * skipped: The test will be skipped if the AAA authentication method list or authorization type list are not provided.
    """

    name = "VerifyAuthzMethods"
    description = "Verifies the AAA authorization method lists for different authorization types (commands, exec)."
    categories = ["aaa"]
    commands = [AntaCommand(command="show aaa methods authorization")]

    @AntaTest.anta_test
    def test(self, methods: Optional[List[str]] = None, auth_types: Optional[List[str]] = None) -> None:
        """
        Run VerifyAuthzMethods validation.

        Args:
            methods: List of AAA authorization methods. Methods should be in the right order.
            auth_types: List of authorization types to verify. List elements must be: commands, exec.
        """
        if not methods or not auth_types:
            self.result.is_skipped(f"{self.__class__.name} did not run because methods or auth_types were not supplied")
            return

        _check_auth_type(auth_types, ["commands", "exec"])

        methods_with_group = _check_group_methods(methods)

        command_output = self.instance_commands[0].json_output

        not_matching = []

        for auth_type in auth_types:
            auth_type_key = f"{auth_type}AuthzMethods"

            method_key = list(command_output[auth_type_key].keys())[0]

            if command_output[auth_type_key][method_key]["methods"] != methods_with_group:
                not_matching.append(auth_type)

        if not not_matching:
            self.result.is_success()
        else:
            self.result.is_failure(f"AAA authorization methods {methods} are not matching for {not_matching}")

test 

test(
    methods: Optional[List[str]] = None,
    auth_types: Optional[List[str]] = None,
) -> None

Run VerifyAuthzMethods validation.

Parameters:

Name Type Description Default
methods Optional[List[str]]

List of AAA authorization methods. Methods should be in the right order.

 None
auth_types Optional[List[str]]

List of authorization types to verify. List elements must be: commands, exec.

 None
Source code in anta/tests/aaa.py 
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
@AntaTest.anta_test
def test(self, methods: Optional[List[str]] = None, auth_types: Optional[List[str]] = None) -> None:
    """
    Run VerifyAuthzMethods validation.

    Args:
        methods: List of AAA authorization methods. Methods should be in the right order.
        auth_types: List of authorization types to verify. List elements must be: commands, exec.
    """
    if not methods or not auth_types:
        self.result.is_skipped(f"{self.__class__.name} did not run because methods or auth_types were not supplied")
        return

    _check_auth_type(auth_types, ["commands", "exec"])

    methods_with_group = _check_group_methods(methods)

    command_output = self.instance_commands[0].json_output

    not_matching = []

    for auth_type in auth_types:
        auth_type_key = f"{auth_type}AuthzMethods"

        method_key = list(command_output[auth_type_key].keys())[0]

        if command_output[auth_type_key][method_key]["methods"] != methods_with_group:
            not_matching.append(auth_type)

    if not not_matching:
        self.result.is_success()
    else:
        self.result.is_failure(f"AAA authorization methods {methods} are not matching for {not_matching}")

VerifyTacacsServerGroups

Bases: AntaTest

Verifies if the provided TACACS server group(s) are configured.

Expected Results
  • success: The test will pass if the provided TACACS server group(s) are configured.
  • failure: The test will fail if one or all the provided TACACS server group(s) are NOT configured.
  • skipped: The test will be skipped if TACACS server group(s) are not provided.
Source code in anta/tests/aaa.py 
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
class VerifyTacacsServerGroups(AntaTest):
    """
    Verifies if the provided TACACS server group(s) are configured.

    Expected Results:
        * success: The test will pass if the provided TACACS server group(s) are configured.
        * failure: The test will fail if one or all the provided TACACS server group(s) are NOT configured.
        * skipped: The test will be skipped if TACACS server group(s) are not provided.
    """

    name = "VerifyTacacsServerGroups"
    description = "Verifies if the provided TACACS server group(s) are configured."
    categories = ["aaa"]
    commands = [AntaCommand(command="show tacacs")]

    @AntaTest.anta_test
    def test(self, groups: Optional[List[str]] = None) -> None:
        """
        Run VerifyTacacsServerGroups validation.

        Args:
            groups: List of TACACS server group.
        """
        if not groups:
            self.result.is_skipped(f"{self.__class__.name} did not run because groups were not supplied")
            return

        command_output = self.instance_commands[0].json_output

        tacacs_groups = command_output["groups"]

        if not tacacs_groups:
            self.result.is_failure("No TACACS server group(s) are configured")
            return

        not_configured = [group for group in groups if group not in tacacs_groups]

        if not not_configured:
            self.result.is_success()
        else:
            self.result.is_failure(f"TACACS server group(s) {not_configured} are not configured")

test 

test(groups: Optional[List[str]] = None) -> None

Run VerifyTacacsServerGroups validation.

Parameters:

Name Type Description Default
groups Optional[List[str]]

List of TACACS server group.

 None
Source code in anta/tests/aaa.py 
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
@AntaTest.anta_test
def test(self, groups: Optional[List[str]] = None) -> None:
    """
    Run VerifyTacacsServerGroups validation.

    Args:
        groups: List of TACACS server group.
    """
    if not groups:
        self.result.is_skipped(f"{self.__class__.name} did not run because groups were not supplied")
        return

    command_output = self.instance_commands[0].json_output

    tacacs_groups = command_output["groups"]

    if not tacacs_groups:
        self.result.is_failure("No TACACS server group(s) are configured")
        return

    not_configured = [group for group in groups if group not in tacacs_groups]

    if not not_configured:
        self.result.is_success()
    else:
        self.result.is_failure(f"TACACS server group(s) {not_configured} are not configured")

VerifyTacacsServers

Bases: AntaTest

Verifies TACACS servers are configured for a specified VRF.

Expected Results
  • success: The test will pass if the provided TACACS servers are configured in the specified VRF.
  • failure: The test will fail if the provided TACACS servers are NOT configured in the specified VRF.
  • skipped: The test will be skipped if TACACS servers or VRF are not provided.
Source code in anta/tests/aaa.py 
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
class VerifyTacacsServers(AntaTest):
    """
    Verifies TACACS servers are configured for a specified VRF.

    Expected Results:
        * success: The test will pass if the provided TACACS servers are configured in the specified VRF.
        * failure: The test will fail if the provided TACACS servers are NOT configured in the specified VRF.
        * skipped: The test will be skipped if TACACS servers or VRF are not provided.
    """

    name = "VerifyTacacsServers"
    description = "Verifies TACACS servers are configured for a specified VRF."
    categories = ["aaa"]
    commands = [AntaCommand(command="show tacacs")]

    @AntaTest.anta_test
    def test(self, servers: Optional[List[str]] = None, vrf: str = "default") -> None:
        """
        Run VerifyTacacsServers validation.

        Args:
            servers: List of TACACS servers IP addresses.
            vrf: The name of the VRF to transport TACACS messages. Defaults to 'default'.
        """
        if not servers or not vrf:
            self.result.is_skipped(f"{self.__class__.name} did not run because servers or vrf were not supplied")
            return

        command_output = self.instance_commands[0].json_output

        tacacs_servers = command_output["tacacsServers"]

        if not tacacs_servers:
            self.result.is_failure("No TACACS servers are configured")
            return

        not_configured = [
            server
            for server in servers
            if not any(server == tacacs_server["serverInfo"]["hostname"] and vrf == tacacs_server["serverInfo"]["vrf"] for tacacs_server in tacacs_servers)
        ]

        if not not_configured:
            self.result.is_success()
        else:
            self.result.is_failure(f"TACACS servers {not_configured} are not configured in VRF {vrf}")

test 

test(
    servers: Optional[List[str]] = None,
    vrf: str = "default",
) -> None

Run VerifyTacacsServers validation.

Parameters:

Name Type Description Default
servers Optional[List[str]]

List of TACACS servers IP addresses.

 None
vrf str

The name of the VRF to transport TACACS messages. Defaults to ‘default’.

 'default'
Source code in anta/tests/aaa.py 
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
@AntaTest.anta_test
def test(self, servers: Optional[List[str]] = None, vrf: str = "default") -> None:
    """
    Run VerifyTacacsServers validation.

    Args:
        servers: List of TACACS servers IP addresses.
        vrf: The name of the VRF to transport TACACS messages. Defaults to 'default'.
    """
    if not servers or not vrf:
        self.result.is_skipped(f"{self.__class__.name} did not run because servers or vrf were not supplied")
        return

    command_output = self.instance_commands[0].json_output

    tacacs_servers = command_output["tacacsServers"]

    if not tacacs_servers:
        self.result.is_failure("No TACACS servers are configured")
        return

    not_configured = [
        server
        for server in servers
        if not any(server == tacacs_server["serverInfo"]["hostname"] and vrf == tacacs_server["serverInfo"]["vrf"] for tacacs_server in tacacs_servers)
    ]

    if not not_configured:
        self.result.is_success()
    else:
        self.result.is_failure(f"TACACS servers {not_configured} are not configured in VRF {vrf}")

VerifyTacacsSourceIntf

Bases: AntaTest

Verifies TACACS source-interface for a specified VRF.

Expected Results
  • success: The test will pass if the provided TACACS source-interface is configured in the specified VRF.
  • failure: The test will fail if the provided TACACS source-interface is NOT configured in the specified VRF.
  • skipped: The test will be skipped if source-interface or VRF is not provided.
Source code in anta/tests/aaa.py 
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
class VerifyTacacsSourceIntf(AntaTest):
    """
    Verifies TACACS source-interface for a specified VRF.

    Expected Results:
        * success: The test will pass if the provided TACACS source-interface is configured in the specified VRF.
        * failure: The test will fail if the provided TACACS source-interface is NOT configured in the specified VRF.
        * skipped: The test will be skipped if source-interface or VRF is not provided.
    """

    name = "VerifyTacacsSourceIntf"
    description = "Verifies TACACS source-interface for a specified VRF."
    categories = ["aaa"]
    commands = [AntaCommand(command="show tacacs")]

    @AntaTest.anta_test
    def test(self, intf: Optional[str] = None, vrf: str = "default") -> None:
        """
        Run VerifyTacacsSourceIntf validation.

        Args:
            intf: Source-interface to use as source IP of TACACS messages.
            vrf: The name of the VRF to transport TACACS messages. Defaults to 'default'.
        """
        if not intf or not vrf:
            self.result.is_skipped(f"{self.__class__.name} did not run because intf or vrf was not supplied")
            return

        command_output = self.instance_commands[0].json_output

        try:
            if command_output["srcIntf"][vrf] == intf:
                self.result.is_success()
            else:
                self.result.is_failure(f"Wrong source-interface configured in VRF {vrf}")

        except KeyError:
            self.result.is_failure(f"Source-interface {intf} is not configured in VRF {vrf}")

test 

test(
    intf: Optional[str] = None, vrf: str = "default"
) -> None

Run VerifyTacacsSourceIntf validation.

Parameters:

Name Type Description Default
intf Optional[str]

Source-interface to use as source IP of TACACS messages.

 None
vrf str

The name of the VRF to transport TACACS messages. Defaults to ‘default’.

 'default'
Source code in anta/tests/aaa.py 
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
@AntaTest.anta_test
def test(self, intf: Optional[str] = None, vrf: str = "default") -> None:
    """
    Run VerifyTacacsSourceIntf validation.

    Args:
        intf: Source-interface to use as source IP of TACACS messages.
        vrf: The name of the VRF to transport TACACS messages. Defaults to 'default'.
    """
    if not intf or not vrf:
        self.result.is_skipped(f"{self.__class__.name} did not run because intf or vrf was not supplied")
        return

    command_output = self.instance_commands[0].json_output

    try:
        if command_output["srcIntf"][vrf] == intf:
            self.result.is_success()
        else:
            self.result.is_failure(f"Wrong source-interface configured in VRF {vrf}")

    except KeyError:
        self.result.is_failure(f"Source-interface {intf} is not configured in VRF {vrf}")
Last update: July 19, 2023