File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/__pycache__/nxos.cpython-310.pyc
o
�����N�gKb�����������������������@���s����d�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�m�Z���d�d�l�Z d�d�l
Z d�d�l�m�Z�m
Z
m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�Z�e���e���Z�d i�i�Z�d
Z�d�Z�d�d
��Z�d�d���Z�dKd�d���Z�d�d���Z�d�d���Z d�d���Z!d�d���Z"d�d���Z#d�d���Z$d�d ��Z%dLd"d#��Z&dMd%d&��Z'd'd(��Z(d)d*��Z)d+d,��Z*d-d.��Z+ � � / � � 0dNd1d2��Z,d3d4��Z-d5d6��Z.d7d8��Z/dKd9d:��Z0d;d<��Z1 � � � =dOd>d?��Z2d@dA��Z3dBdC��Z4dDdE��Z5dFdG��Z6dPdIdJ��Z7d�S�)Qa# ��
Execution module for Cisco NX OS Switches.
.. versionadded:: 2016.11.0
This module supports execution using a Proxy Minion or Native Minion:
1) Proxy Minion: Connect over SSH or NX-API HTTP(S).
See :mod:`salt.proxy.nxos <salt.proxy.nxos>` for proxy minion setup details.
2) Native Minion: Connect over NX-API Unix Domain Socket (UDS).
Install the minion inside the GuestShell running on the NX-OS device.
:maturity: new
:platform: nxos
.. note::
To use this module over remote NX-API the feature must be enabled on the
NX-OS device by executing ``feature nxapi`` in configuration mode.
This is not required for NX-API over UDS.
Configuration example:
.. code-block:: bash
switch# conf t
switch(config)# feature nxapi
To check that NX-API is properly enabled, execute ``show nxapi``.
Output example:
.. code-block:: bash
switch# show nxapi
nxapi enabled
HTTPS Listen on port 443
Native minion configuration options:
.. code-block:: yaml
nxos:
cookie: 'username'
save_config: False
cookie
Use the option to override the default cookie 'admin:local' when
connecting over UDS and use 'username:local' instead. This is needed when
running the salt-minion in the GuestShell using a non-admin user.
This option is ignored for SSH and NX-API Proxy minions.
save_config:
If True, 'copy running-config starting-config' is issues for every
configuration command.
If False, Running config is not saved to startup config
Default: True
The recommended approach is to use the `save_running_config` function
instead of this option to improve performance. The default behavior
controlled by this option is preserved for backwards compatibility.
The APIs defined in this execution module can also be executed using
salt-call from the GuestShell environment as follows.
.. code-block:: bash
salt-call --local nxos.sendline 'show lldp neighbors' raw_text
.. note::
The functions in this module should be executed like so:
salt '*' nxos.<function>
salt '*' nxos.get_user username=admin
For backwards compatibility, the following syntax will be supported
until the 3001 release.
salt '*' nxos.cmd <function>
salt '*' nxos.cmd get_user username=admin
�����N)���error)���CommandExecutionError� NxosError��SaltInvocationError)���clean_kwargs)���gen_hash)��
warn_until��nxos��grains_cachez"copy running-config startup-configa`���
Unable to send command to the NX-OS device.
Please verify the following and re-try:
- 'feature ssh' must be enabled for SSH proxy minions.
- 'feature nxapi' must be enabled for NX-API proxy minions.
- Settings in the proxy minion configuration file must match device settings.
- NX-OS device is reachable from the Salt Master.
c��������������������C���s����t�S�)�N)���__virtualname__��r����r�����E/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/nxos.py��__virtual__t���s������r����c��������������������K���s(���t�j�j�����r�t�d�����S�t�d���d�i�|�����S�)�zr
Ping the device on the other end of the connection.
.. code-block: bash
salt '*' nxos.ping
z nxos.pingNr����)���salt��utils��platform��is_proxy� __proxy__� __utils__����kwargsr����r����r
�����pingx���s������
���r����Fc��������������������K���s����d�d�d�d�d���}�t�|�f�i�|�����}�|�s�d�S�d�|�v�r�d�S�t���d |�����d
��}�|�d�u�r;t���d�|�������\�}�}�} t�|�|�|�|���d���}
n�|�}
|
|�k�rCd
S�d�S�)�a����
Verify user password.
username
Username on which to perform password check
password
Password to check
encrypted
Whether or not the password is encrypted
Default: False
.. code-block: bash
salt '*' nxos.check_password username=admin password=admin
salt '*' nxos.check_password username=admin \
password='$5$2fWwO2vK$s7.Hr3YltMNHuhywQQ3nfOd.gAPHgs3SOBYYdGT3E.A' \
encrypted=True
��md5��blowfish��sha256��sha512)���1Z�2a��5��6N��!Fz�(\$[0-6](?:\$[^$ ]+)+)r����z�^\$([0-6])\$([^$]+)\$(.*)$���
crypt_salt��password� algorithmT)���get_user��re��search��group��groupsr����)���usernamer"���� encryptedr����Z�hash_algorithms�
password_lineZ�cur_hashZ hash_typeZ�cur_salt��hashed_passZ�new_hashr����r����r
�����check_password����s4�������������������������������������������������������r-���c��������������������K���s����|�t�|�f�i�|�����v�S�)�z�
Verify role assignment for user.
.. code-block:: bash
salt '*' nxos.check_role username=admin role=network-admin
)�� get_roles)�r)�����roler����r����r����r
����
check_role����s������r0���c��������������������O���sd���t�d�d�����t�|���D�]�}�|���d���r�|���|�����q d���d�|�g���}�t���d�|�����|�t�v�r)d�S�t�|���|�i�|�����S�)�a����
NOTE: This function is preserved for backwards compatibility. This allows
commands to be executed using either of the following syntactic forms.
salt '*' nxos.cmd <function>
or
salt '*' nxos.<function>
command
function from `salt.modules.nxos` to run
args
positional args to pass to `command` function
kwargs
key word arguments to pass to `command` function
.. code-block:: bash
salt '*' nxos.cmd sendline 'show ver'
salt '*' nxos.cmd show_run
salt '*' nxos.cmd check_password username=admin password='$5$lkjsdfoi$blahblahblah' encrypted=True
��Argonz;'nxos.cmd COMMAND' is deprecated in favor of 'nxos.COMMAND'Z�__pub_��.r ���z�local command: %sF)�r������list�
startswith��pop��join��log��info��__salt__)���command��argsr������kZ
local_commandr����r����r
�����cmd����s����
���
�
�������������r=���c��������������������K���s"���t���|�t�j���}�|���t�d�i�|�������S�)�a"���
Find all instances where the pattern is in the running configuration.
.. code-block:: bash
salt '*' nxos.find '^snmp-server.*$'
.. note::
This uses the `re.MULTILINE` regex format for python, and runs the
regex against the whole show_run output.
Nr����)�r%�����compile� MULTILINE��findall��show_run)���patternr������matcherr����r����r
�����find����s��������rD���c��������������������K���sp���t�|���}�|�s�g�S�d�|�����}�t�|�f�i�|�����}�t�|�t���r�|�d���}�t���d�|�t�j���}�|�r4|���d�������� d���}�|�S�g�}�|�S�)�zt
Get roles assigned to a username.
.. code-block: bash
salt '*' nxos.get_roles username=admin
z�show user-account r����z�^\s*roles:(.*)$������� )
r$�����sendline�
isinstancer3���r%���r&���r?���r'�����strip��split)�r)���r������userr:���r8���Z�rolesr����r����r
���r.�������s����������
���
���������������r.���c��������������������K���s2���d�|���d���}�t�|�f�i�|�����}�t�|�t���r�|�d���}�|�S�)�zp
Get username line from switch.
.. code-block: bash
salt '*' nxos.get_user username=admin
z�show run | include "^username z
password 5 "r������rG���rH���r3���)�r)���r����r:���r8���r����r����r
���r$�������s
�������
�����r$���c��������������������K���sD���t�d���s�t�j�j���t�d�i�|�������}�t���|�����t�d�����|�d�������t�d���S�)�zW
Get grains for minion.
.. code-block: bash
salt '*' nxos.grains
r
���r ���Nr����) ��DEVICE_DETAILSr����r����r �����system_info��show_verr7�����debug��update)�r������retr����r����r
�����grains ���s
�������
�����rS���c��������������������K���s����i�t�d�<�t�d�i�|�����S�)�zq
Refresh the grains for the NX-OS device.
.. code-block: bash
salt '*' nxos.grains_refresh
r
���Nr����)�rM���rS���r����r����r����r
�����grains_refresh/���s��������rT�����cli_show_asciic����������������
���K���s����g�d���}�|�|�v�r�d���|�|���}�|�S�z�t�j�j�����r#t�d���|�|�f�i�|�����W�S�t�|�|�f�i�|�����W�S���t�yE��}���z
|�j�d���t ��W���Y�d�}�~�S�d�}�~�w���t
y]��}���z
|�j�d���t ��W���Y�d�}�~�S�d�}�~�w�w�)�a����
Send arbitrary commands to the NX-OS device.
command
The command or list of commands to be sent.
['cmd1', 'cmd2'] is converted to 'cmd1 ; cmd2'.
method:
``cli_show_ascii``: Return raw test or unstructured output.
``cli_show``: Return structured output.
``cli_conf``: Send configuration commands to the device.
Defaults to ``cli_show_ascii``.
NOTE: method is ignored for SSH proxy minion. All data is returned
unstructured.
error_pattern
Use the option to pass in a regular expression to search for in the
returned output of the command that indicates an error has occurred.
This option is only used when proxy minion connection type is ssh and
otherwise ignored.
.. code-block: bash
salt '*' nxos.sendline 'show run | include "^username admin password"'
salt '*' nxos.sendline "['show inventory', 'show version']"
salt '*' nxos.sendline 'show inventory ; show version'
)�rU�����cli_show��cli_confz�
INPUT ERROR: Second argument 'method' must be one of {}
Value passed: {}
Hint: White space separated commands should be wrapped by double quotes
z
nxos.sendline��
N)���formatr����r����r����r����r������_nxapi_request��socket_error��strerror��CONNECTION_ERROR_MSGr����)�r:�����methodr����Z�smethods��msg��er����r����r
���rG���;���s&�����������������������������������������rG���Tc��������������������K���sl���t�d�d�����t�|�t���s�d���|���}�|�S�|�r�d�}�n�d�}�t�|�|�f�i�|�����}�t�|�t���r4d�d���|�D���}�|�s2d�g�}�|�S�|�S�) aD���
Execute one or more show (non-configuration) commands.
commands
The commands to be executed.
raw_text: ``True``
Whether to return raw text or structured data.
NOTE: raw_text option is ignored for SSH proxy minion. Data is
returned unstructured.
CLI Example:
.. code-block:: bash
salt-call --local nxos.show 'show version'
salt '*' nxos.show 'show bgp sessions ; show processes' raw_text=False
salt 'regular-minion' nxos.show 'show interfaces' host=sw01.example.com username=test password=test
r1���zG'nxos.show commands' is deprecated in favor of 'nxos.sendline commands'z�
INPUT ERROR: Second argument 'raw_text' must be either True or False
Value passed: {}
Hint: White space separated show commands should be wrapped by double quotes
rU���rV���c��������������������S���s����g�|�]�}�|�r�|���q�S�r����r����)���.0��responser����r����r
����
<listcomp>�����������z�show.<locals>.<listcomp>��)�r����rH�����boolrY���rG���r3���)���commandsZ�raw_textr����r_���r^���Z
response_listrR���r����r����r
�����showm���s*�����������
���������������������
�����������rh���c��������������������K����*���d�}�t�|�f�i�|�����}�t�|�t���r�|�d���}�|�S�)�zw
Shortcut to run `show version` on the NX-OS device.
.. code-block:: bash
salt '*' nxos.show_ver
z�show versionr����rL�����r����r:���r8���r����r����r
���rO��������
�������
�����rO���c��������������������K���ri���)�z~
Shortcut to run `show running-config` on the NX-OS device.
.. code-block:: bash
salt '*' nxos.show_run
��show running-configr����rL���rj���r����r����r
���rA�������rk���rA���c��������������������K���s&���t�d�d�����t�j�j���t�d�i�|�������d���S�)�zz
Return system information for grains of the minion.
.. code-block:: bash
salt '*' nxos.system_info
r1���z:'nxos.system_info' is deprecated in favor of 'nxos.grains'r ���Nr����)�r����r����r����r ���rN���rO���r����r����r����r
���rN�������s����
���rN���c��������������������K���s(���t�d�d�����t�d�i�|�����}�t�|�f�i�|�����S�)�a����
Add one or more config lines to the NX-OS device running config.
lines
Configuration lines to add
save_config
If False, don't save configuration commands to startup configuration.
If True, save configuration to startup configuration.
Default: True
.. code-block:: bash
salt '*' nxos.add_config 'snmp-server community TESTSTRINGHERE group network-operator'
.. note::
For more than one config added per command, lines should be a list.
r1���zH'nxos.add_config lines' is deprecated in favor of 'nxos.config commands'Nr����)�r����r������config)���linesr����r����r����r
����
add_config����s����������������ro�����jinja��basec����������������
���K���s����t�d�i�|�����}�t�d�i�|�����}�t�|�t���r�|�d���}�|�r.t�d���|�|�d���}�|�d�u�r-t�d�|���d�������n�|�r>t�|�t���r8|�g�}�d���|���}�n�t�d ����|�rNt�d
��|�|�|�|�|���}�d�d���|�����D���}�z
t |�f�i�|�����} W�n1��t
yz��}
��z
|
j�d���t���W���Y�d
}
~
S�d
}
~
w���t
y���}
��z
|
j�d���t���W���Y�d
}
~
S�d
}
~
w�w�t�| ��} t�d�i�|�����}�t�|�t���r�|�d���}�t���|���d���d�d
����|���d���d�d
������}�d���d�d���|�D�����}
d�}�| d���}�| d���}�|�|���d���|���d���|
��S�)�a����
Configures the Nexus switch with the specified commands.
This method is used to send configuration commands to the switch. It
will take either a string or a list and prepend the necessary commands
to put the session into config mode.
.. warning::
All the commands will be applied directly to the running-config.
config_file
The source file with the configuration commands to be sent to the
device.
The file can also be a template that can be rendered using the template
engine of choice.
This can be specified using the absolute path to the file, or using one
of the following URL schemes:
- ``salt://``, to fetch the file from the Salt fileserver.
- ``http://`` or ``https://``
- ``ftp://``
- ``s3://``
- ``swift://``
commands
The commands to send to the switch in config mode. If the commands
argument is a string it will be cast to a list.
The list of commands will also be prepended with the necessary commands
to put the session in config mode.
.. note::
This argument is ignored when ``config_file`` is specified.
template_engine: ``jinja``
The template engine to use when rendering the source file. Default:
``jinja``. To simply fetch the file without attempting to render, set
this argument to ``None``.
context
Variables to add to the template context.
defaults
Default values of the context_dict.
save_config
If False, don't save configuration commands to startup configuration.
If True, save configuration to startup configuration.
Default: True
CLI Example:
.. code-block:: bash
salt '*' nxos.config commands="['spanning-tree mode mstp']"
salt '*' nxos.config config_file=salt://config.txt
salt '*' nxos.config config_file=https://bit.ly/2LGLcDy context="{'servers': ['1.2.3.4']}"
rl���r����z�cp.get_file_str)���saltenvFz�Source file z
not foundrX���z8Either arg <config_file> or <commands> must be specifiedz�file.apply_template_on_contentsc��������������������S���s����g�|�]�}�|�����r�|���q�S�r������rI���)�ra�����liner����r����r
���rc���D����������z�config.<locals>.<listcomp>NrE��������re���c��������������������S���s����g�|�]�}�|���d�d�����q�S�)���
re���)���replace��ra�����xr����r����r
���rc���S���ru���z�COMMAND_LIST: r����)�rl���)�r����rG���rH���r3���r9���r������strr6����
splitlines��_configure_devicer[���r\���r]���r������_parse_config_result��difflibZ�unified_diff)�rg���Z�config_fileZ�template_engine��context��defaultsrr���r����Z�initial_configZ�file_str�
config_resultr`���Z�current_config��diffZ
clean_diff��headZ�ccZ�crr����r����r
���rm�������sT����F��
���������������
���������������
���������������������������
����� �������������rm���c��������������������C���sv���d���d�d���|�d���D�����}�|�d���}�t�|�t���r7d�}�t�|�d���t���r3|�d���D�]
}�|�|�d���|���7�}�q"|�}�|�|�g�S�|�d���}�|�|�g�S�)�Nz� ; c��������������������S���s����g�|�]�}�|�������q�S�r����rs���ry���r����r����r
���rc���[���rd���z(_parse_config_result.<locals>.<listcomp>r����rE���re���)�r6���rH���r3�����dict)���dataZ�command_listr������result��keyr����r����r
���r~���Z���s��������
�����������������r~���c����������������
���K���s����t�|�t���s�|�g�}�t�|���D�]�\�}�}�d�|�|�����|�|�<�q�d�}�z�t�d�i�|�����}�t�|�f�i�|�����}�W�|�S���t�yK��}���z�t���|�j���d���d�k�r@��W�Y�d�}�~�|�S�d�}�~�w�w�)�a����
Delete one or more config lines to the switch running config.
lines
Configuration lines to remove.
save_config
If False, don't save configuration commands to startup configuration.
If True, save configuration to startup configuration.
Default: True
.. code-block:: bash
salt '*' nxos.delete_config 'snmp-server community TESTSTRINGHERE group network-operator'
.. note::
For more than one config deleted per command, lines should be a list.
z�no N��codeZ�400r����) rH���r3���� enumerater����rm���r������astZ�literal_eval��message)�rn���r������i��_r����r`���r����r����r
����
delete_configh���s ���
�����������������������
�������r����c��������������������K���s(���d�|�����}�t�d�i�|�����}�t�|�f�i�|�����S�)�aK���
Remove user from switch.
username
Username to remove
save_config
If False, don't save configuration commands to startup configuration.
If True, save configuration to startup configuration.
Default: True
.. code-block:: bash
salt '*' nxos.remove_user username=daniel
��no username Nr������r����rm���)�r)���r����Z user_liner����r����r
�����remove_user����s����
�����r����c���������������� ���K���s����|�d�u�r�t���d�t���|�����d���t�j���}�t���t���|�����}�n�t���|�t�j���}�t���|���}�g�g�d���}�|���t�����D�]�}�|�d�����|���d�������|�d�����|���|�|���d���������q2t d i�|�����}�|�d���rbt
|�d���f�i�|�������|�d���rpt�|�d���f�i�|�������|�S�)
a����
Replace string or full line matches in switch's running config.
If full_match is set to True, then the whole line will need to be matched
as part of the old value.
.. code-block:: bash
salt '*' nxos.replace 'TESTSTRINGHERE' 'NEWTESTSTRINGHERE'
Fz�^.*z�.*$)���old��newr����r����r����Nr����)�r%���r>�����escaper?�����finditerrA�����appendr'�����subr����r����rm���)�� old_valueZ new_valueZ
full_matchr����rC�����replrn���rt���r����r����r
���rx�������s������������
�
�������������������rx���c��������������������K���s����t�t�f�i�|�����S�)�z�
Save the running configuration to startup configuration.
.. code-block:: bash
salt '*' nxos.save_running_config
)�rm�����COPY_RSr����r����r����r
�����save_running_config����s������r����r����c������������ �������K���s����|�d�k�r�t�d�����t�|�f�i�|�������|�d�u�r�t�|�|�|�d���}�n�|�}�d�|���d�|�����}�|�d�u�r1|�d�|�����7�}�t�d i�|�����}�t�|�f�i�|�����S�)
aO���
Set users password on switch.
username
Username to configure
password
Password to configure for username
encrypted
Whether or not to encrypt the password
Default: False
role
Configure role for the username
Default: None
crypt_salt
Configure crypt_salt setting
Default: None
algorithm
Encryption algorithm
Default: sha256
save_config
If False, don't save configuration commands to startup configuration.
If True, save configuration to startup configuration.
Default: True
.. code-block:: bash
salt '*' nxos.set_password admin TestPass
salt '*' nxos.set_password admin \
password='$5$2fWwO2vK$s7.Hr3YltMNHuhywQQ3nfOd.gAPHgs3SOBYYdGT3E.A' \
encrypted=True
r����z0Hash algorithm requested isn't available on nxosFr ���� username z� password 5 N�� role r����)�r����r$���r����r����rm���) r)���r"���r*���r/���r!���r#���r����r,���r+���r����r����r
�����set_password����s�����.������������������������r����c��������������������K����.���d�|���d�|�����}�t�d�i�|�����}�t�|�f�i�|�����S�)�a����
Assign role to username.
username
Username for role configuration
role
Configure role for username
save_config
If False, don't save configuration commands to startup configuration.
If True, save configuration to startup configuration.
Default: True
.. code-block:: bash
salt '*' nxos.set_role username=daniel role=vdc-admin.
r����r����Nr����r������r)���r/���r����Z role_liner����r����r
�����set_role ��������������r����c��������������������K���r����)�a����
Remove role from username.
username
Username for role removal
role
Role to remove
save_config
If False, don't save configuration commands to startup configuration.
If True, save configuration to startup configuration.
Default: True
.. code-block:: bash
salt '*' nxos.unset_role username=daniel role=vdc-admin
r����r����Nr����r����r����r����r����r
����
unset_role!���r����r����c��������������������K���s0���t�j�j�����r�t�d���|�f�i�|�����S�t�|�f�i�|�����S�)�z�
Helper function to send configuration commands to the device over a
proxy minion or native minion using NX-API or SSH.
z�nxos.proxy_config)�r����r����r����r����r�����
_nxapi_config)�rg���r����r����r����r
���r}���<���s����������r}���c����������������
���K���s����t�d���d�i���}�|�j�d�i�|�������t�|�t���s�|�g�}�z(t�|�f�i�|�����}�|���d���r-t�t�f�i�|�������|�D�]�}�d�|�v�r:t���|�����q/W�|�|�g�S���t y\��}���z�t���|�����|�t
|���g�W���Y�d�}�~�S�d�}�~�w�w�)�zF
Helper function to send configuration commands using NX-API.
�
config.getr ���Z�save_configZ�FailureNr����)�r9���rQ���rH���r3���rZ�����getr����r7���r����r������repr)�rg���r�����
api_kwargsrR���Z�eachr`���r����r����r
���r����G���s&�������
�������
�������
���������
�������r����rW���c��������������������K���sZ���t�j�j�����r�t�d���|�f�d�|�i�|�����S�t�d���d�i���}�|�j�d�i�|�������t�d���|�f�d�|�i�|�����S�)�av���
Helper function to send exec and config requests over NX-API.
commands
The exec or config commands to be sent.
method: ``cli_show``
``cli_show_ascii``: Return raw test or unstructured output.
``cli_show``: Return structured output.
``cli_conf``: Send configuration commands to the device.
Defaults to ``cli_conf``.
z�nxos._nxapi_requestr^���r����r ���z�nxos.nxapi_requestNr����)�r����r����r����r����r����r9���rQ���r����)�rg���r^���r����r����r����r����r
���rZ���\���s
����
��������rZ���)�F)�rU���)�T)�NNrp���NNrq���)�FNNr����)�rW���)8��__doc__r����r�����loggingr%�����socketr����r[���Z�salt.utils.nxosr����Z�salt.utils.platformZ�salt.exceptionsr����r����r����Z�salt.utils.argsr����Z�salt.utils.pycryptor����Z�salt.utils.versionsr����r����� getLogger��__name__r7���rM���r����r]���r����r����r-���r0���r=���rD���r.���r$���rS���rT���rG���rh���rO���rA���rN���ro���rm���r~���r����r����rx���r����r����r����r����r}���r����rZ���r����r����r����r
�����<module>����sn������U����������������������
��������
��
��1���&��������
�
2�2������������������
��r���#
�� ��������
��>��������