Merge pull request #2274 from napalm-automation/iss2273

Fix issue with sanitized and filtered EOS configs

Author: bewing

docs/conf.py

@@ -307,6 +307,7 @@
     "get_arp_table_with_vrf": "get_arp_table",
     "get_route_to_longer": "get_route_to",
     "get_config_sanitized": "get_config",
+    "get_config_sanitized_filtered": "get_config",
 }
 
 

napalm/base/constants.py

@@ -100,3 +100,9 @@
     r"^((tacacs|radius) server [^\n]+\n(\s+[^\n]+\n)*\s+key) [^\n]+$": r"\1 <removed>",
     r"^(\s+ppp (chap|pap) password \d) .+$": r"\1 <removed>",
 }
+
+EOS_SANITIZE_FILTERS = {
+    **CISCO_SANITIZE_FILTERS,
+    r"^(\s+aaa root secret \d) .+$": r"\1 <removed>",
+    r"^(\s+username .+ (password|secret) \d) .+$": r"\1 <removed>",
+}

napalm/base/test/getters.py

@@ -541,6 +541,30 @@ def test_get_config_sanitized(self, test_case):
 
         return get_config
 
+    @wrap_test_cases
+    def test_get_config_sanitized_filtered(self, test_case):
+        """Test get_config with both sanitized=True and retrieve parameter."""
+        return_config = {}
+        get_config = self.device.get_config(retrieve="running", sanitized=True)
+        assert isinstance(get_config, dict)
+        assert helpers.test_model(models.ConfigDict, get_config)
+        assert get_config["startup"] == ""
+        assert get_config["candidate"] == ""
+        assert get_config["running"] != ""
+        return_config["running"] = get_config["running"]
+
+        get_config = self.device.get_config(retrieve="startup", sanitized=True)
+        assert isinstance(get_config, dict)
+        assert helpers.test_model(models.ConfigDict, get_config)
+        assert get_config["running"] == ""
+        assert get_config["candidate"] == ""
+
+        return_config["startup"] = get_config["startup"]
+
+        return_config["candidate"] = ""
+
+        return return_config
+
     @wrap_test_cases
     def test_get_network_instances(self, test_case):
         """Test get_network_instances method."""

napalm/eos/eos.py

@@ -2085,7 +2085,7 @@ def get_config(self, retrieve="all", full=False, sanitized=False, format="text")
             startup_cfg = str(output[0]["output"]) if get_startup else ""
             if sanitized and startup_cfg:
                 startup_cfg = napalm.base.helpers.sanitize_config(
-                    startup_cfg, c.CISCO_SANITIZE_FILTERS
+                    startup_cfg, c.EOS_SANITIZE_FILTERS
                 )
             return {
                 "startup": startup_cfg,
@@ -2094,17 +2094,28 @@ def get_config(self, retrieve="all", full=False, sanitized=False, format="text")
             }
         elif get_startup or get_running:
             if retrieve == "running":
-                commands = ["show {}-config{}".format(retrieve, run_full)]
+                commands = [
+                    "show {}-config{}{}".format(retrieve, run_full, run_sanitized)
+                ]
             elif retrieve == "startup":
                 commands = ["show {}-config".format(retrieve)]
             output = self._run_commands(commands, encoding="text")
+            startup_cfg = str(output[0]["output"]) if get_startup else ""
+            if sanitized and get_startup and startup_cfg:
+                startup_cfg = napalm.base.helpers.sanitize_config(
+                    startup_cfg, c.EOS_SANITIZE_FILTERS
+                )
             return {
-                "startup": str(output[0]["output"]) if get_startup else "",
+                "startup": startup_cfg,
                 "running": str(output[0]["output"]) if get_running else "",
                 "candidate": "",
             }
         elif get_candidate:
-            commands = ["show session-config named {}".format(self.config_session)]
+            commands = [
+                "show session-config named {}{}".format(
+                    self.config_session, run_sanitized
+                )
+            ]
             output = self._run_commands(commands, encoding="text")
             return {"startup": "", "running": "", "candidate": str(output[0]["output"])}
         elif retrieve == "candidate":

test/eos/mocked_data/test_get_config_sanitized/normal/expected_result.json

@@ -1,5 +1,5 @@
 {
-  "startup": "! Command: show startup-config\n! Startup-config last modified at  Sun Sep 11 18:35:01 2016 by root\n! device: localhost (vEOS, EOS-4.15.2.1F)\n!\n! boot system flash:/vEOS-lab.swi\n!\nevent-handler dhclient\n   trigger on-boot\n      action bash sudo /mnt/flash/initialize_ma1.sh\n      !\n      transceiver qsfp default-mode 4x10G\n      !\n      spanning-tree mode mstp\n      !\n      aaa authorization exec default local\n      !\n      aaa root secret 5 $1$zr7sHZaW$WagNykw1d5wjy4ZhtMgUS/\n      !\n      username admin privilege 15 role network-admin secret 5 $1$VoQBHXed$4z2.EoAeoIY2SFme/Pz3Q/\n      username vagrant privilege 15 role network-admin secret 5 $1$l/6gq.Qs$ifURvKWUYzLm0RqmRgr.W1\n      !\n      interface Ethernet1\n      !\n      interface Ethernet2\n      !\n      interface Management1\n         ip address 10.0.2.15/24\n\t !\n\t no ip routing\n\t !\n\t management api http-commands\n\t    no shutdown\n\t    !\n\t    !\n\t    end\n",
+  "startup": "! Command: show startup-config\n! Startup-config last modified at  Sun Sep 11 18:35:01 2016 by root\n! device: localhost (vEOS, EOS-4.15.2.1F)\n!\n! boot system flash:/vEOS-lab.swi\n!\nevent-handler dhclient\n   trigger on-boot\n      action bash sudo /mnt/flash/initialize_ma1.sh\n      !\n      transceiver qsfp default-mode 4x10G\n      !\n      spanning-tree mode mstp\n      !\n      aaa authorization exec default local\n      !\n      aaa root secret 5 <removed>\n      !\n      username admin privilege 15 role network-admin secret 5 <removed>\n      username vagrant privilege 15 role network-admin secret 5 <removed>\n      !\n      interface Ethernet1\n      !\n      interface Ethernet2\n      !\n      interface Management1\n         ip address 10.0.2.15/24\n\t !\n\t no ip routing\n\t !\n\t management api http-commands\n\t    no shutdown\n\t    !\n\t    !\n\t    end\n",
   "running": "! Command: show startup-config\n! Startup-config last modified at  Sun Sep 11 18:35:01 2016 by root\n! device: localhost (vEOS, EOS-4.15.2.1F)\n!\n! boot system flash:/vEOS-lab.swi\n!\nevent-handler dhclient\n   trigger on-boot\n      action bash sudo /mnt/flash/initialize_ma1.sh\n      !\n      transceiver qsfp default-mode 4x10G\n      !\n      spanning-tree mode mstp\n      !\n      aaa authorization exec default local\n      !\n      aaa root secret 5 <removed>\n      !\n      username admin privilege 15 role network-admin secret 5 <removed>\n      username vagrant privilege 15 role network-admin secret 5 <removed>\n      !\n      interface Ethernet1\n      !\n      interface Ethernet2\n      !\n      interface Management1\n         ip address 10.0.2.15/24\n\t !\n\t no ip routing\n\t !\n\t management api http-commands\n\t    no shutdown\n\t    !\n\t    !\n\t    end\n",
   "candidate": ""
 }

test/eos/mocked_data/test_get_config_sanitized_filtered/normal/expected_result.json

@@ -0,0 +1,5 @@
+{
+  "running": "! Command: show running-config\n!\n! device: localhost (vEOS, EOS-4.15.2.1F)\n!\n! boot system flash:/vEOS-lab.swi\n!\nevent-handler dhclient\n   trigger on-boot\n      action bash sudo /mnt/flash/initialize_ma1.sh\n      !\n      transceiver qsfp default-mode 4x10G\n      !\n      spanning-tree mode mstp\n      !\n      aaa authorization exec default local\n      !\n      aaa root secret 5 <removed>\n      !\n      username admin privilege 15 role network-admin secret 5 <removed>\n      username vagrant privilege 15 role network-admin secret 5 <removed>\n      !\n      interface Ethernet1\n      !\n      interface Ethernet2\n      !\n      interface Management1\n         ip address 10.0.2.15/24\n\t !\n\t no ip routing\n\t !\n\t management api http-commands\n\t    no shutdown\n\t    !\n\t    !\n\t    end\n",
+  "startup": "! Command: show startup-config\n! Startup-config last modified at  Sun Sep 11 18:35:01 2016 by root\n! device: localhost (vEOS, EOS-4.15.2.1F)\n!\n! boot system flash:/vEOS-lab.swi\n!\nevent-handler dhclient\n   trigger on-boot\n      action bash sudo /mnt/flash/initialize_ma1.sh\n      !\n      transceiver qsfp default-mode 4x10G\n      !\n      spanning-tree mode mstp\n      !\n      aaa authorization exec default local\n      !\n      aaa root secret 5 <removed>\n      !\n      username admin privilege 15 role network-admin secret 5 <removed>\n      username vagrant privilege 15 role network-admin secret 5 <removed>\n      !\n      interface Ethernet1\n      !\n      interface Ethernet2\n      !\n      interface Management1\n         ip address 10.0.2.15/24\n\t !\n\t no ip routing\n\t !\n\t management api http-commands\n\t    no shutdown\n\t    !\n\t    !\n\t    end\n",
+  "candidate": ""
+}

test/eos/mocked_data/test_get_config_sanitized_filtered/normal/show_running_config_sanitized.text

@@ -0,0 +1,35 @@
+! Command: show running-config
+!
+! device: localhost (vEOS, EOS-4.15.2.1F)
+!
+! boot system flash:/vEOS-lab.swi
+!
+event-handler dhclient
+   trigger on-boot
+      action bash sudo /mnt/flash/initialize_ma1.sh
+      !
+      transceiver qsfp default-mode 4x10G
+      !
+      spanning-tree mode mstp
+      !
+      aaa authorization exec default local
+      !
+      aaa root secret 5 <removed>
+      !
+      username admin privilege 15 role network-admin secret 5 <removed>
+      username vagrant privilege 15 role network-admin secret 5 <removed>
+      !
+      interface Ethernet1
+      !
+      interface Ethernet2
+      !
+      interface Management1
+         ip address 10.0.2.15/24
+	 !
+	 no ip routing
+	 !
+	 management api http-commands
+	    no shutdown
+	    !
+	    !
+	    end

test/eos/mocked_data/test_get_config_sanitized_filtered/normal/show_startup_config.text

@@ -0,0 +1,35 @@
+! Command: show startup-config
+! Startup-config last modified at  Sun Sep 11 18:35:01 2016 by root
+! device: localhost (vEOS, EOS-4.15.2.1F)
+!
+! boot system flash:/vEOS-lab.swi
+!
+event-handler dhclient
+   trigger on-boot
+      action bash sudo /mnt/flash/initialize_ma1.sh
+      !
+      transceiver qsfp default-mode 4x10G
+      !
+      spanning-tree mode mstp
+      !
+      aaa authorization exec default local
+      !
+      aaa root secret 5 $1$zr7sHZaW$WagNykw1d5wjy4ZhtMgUS/
+      !
+      username admin privilege 15 role network-admin secret 5 $1$VoQBHXed$4z2.EoAeoIY2SFme/Pz3Q/
+      username vagrant privilege 15 role network-admin secret 5 $1$l/6gq.Qs$ifURvKWUYzLm0RqmRgr.W1
+      !
+      interface Ethernet1
+      !
+      interface Ethernet2
+      !
+      interface Management1
+         ip address 10.0.2.15/24
+	 !
+	 no ip routing
+	 !
+	 management api http-commands
+	    no shutdown
+	    !
+	    !
+	    end

test/ios/mocked_data/test_get_config_sanitized_filtered/normal/expected_result.json

@@ -0,0 +1,5 @@
+{
+  "startup": "!\n\n!\nversion 15.5\nservice timestamps debug datetime msec\nservice timestamps log datetime msec\nno platform punt-keepalive disable-kernel-core\nplatform console auto\n!\nhostname CSR1\n!\nboot-start-marker\nboot-end-marker\n!\n!\nenable password cisco\n!\naaa new-model\n!\n!\naaa authentication login default local\naaa authorization exec default local\n!\n!\n!\n!\n!\naaa session-id common\n!\nip vrf MGMT\n!\n!\n!\n!\n!\n!\n!\n!\n!\n\n\nip domain name example.local\n\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\nsubscriber templating\n!\nmultilink bundle-name authenticated\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\nlicense udi pid CSR1000V sn 9OSEGKJXRHE\nspanning-tree extend system-id\n!\nusername cisco privilege 15 password 0 <removed>\n!\nredundancy\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\ninterface Loopback0\n ip address 1.1.1.1 255.255.255.255\n!\ninterface GigabitEthernet1\n ip vrf forwarding MGMT\n ip address 192.168.35.121 255.255.255.0\n negotiation auto\n!\ninterface GigabitEthernet2\n ip address 10.1.1.1 255.255.255.0\n negotiation auto\n!\ninterface GigabitEthernet3\n no ip address\n shutdown\n negotiation auto\n!\nrouter ospf 1\n redistribute connected subnets\n network 10.1.1.0 0.0.0.255 area 0\n!\n!\nvirtual-service csr_mgmt\n!\nip forward-protocol nd\n!\nno ip http server\nno ip http secure-server\n!\n!\n!\n!\n!\n!\ncontrol-plane\n!\n !\n !\n !\n !\n!\n!\n!\n!\n!\nline con 0\nline vty 0 4\n!\n!\nend",
+  "running": "!\n\n!\nversion 15.5\nservice timestamps debug datetime msec\nservice timestamps log datetime msec\nno platform punt-keepalive disable-kernel-core\nplatform console auto\n!\nhostname CSR1\n!\nboot-start-marker\nboot-end-marker\n!\n!\nenable password cisco\n!\naaa new-model\n!\n!\naaa authentication login default local\naaa authorization exec default local\n!\n!\n!\n!\n!\naaa session-id common\n!\nip vrf MGMT\n!\n!\n!\n!\n!\n!\n!\n!\n!\n\n\nip domain name example.local\n\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\nsubscriber templating\n!\nmultilink bundle-name authenticated\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\nlicense udi pid CSR1000V sn 9OSEGKJXRHE\nspanning-tree extend system-id\n!\nusername cisco privilege 15 password 0 <removed>\n!\nredundancy\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\ninterface Loopback0\n ip address 1.1.1.1 255.255.255.255\n!\ninterface GigabitEthernet1\n ip vrf forwarding MGMT\n ip address 192.168.35.121 255.255.255.0\n negotiation auto\n!\ninterface GigabitEthernet2\n ip address 10.1.1.1 255.255.255.0\n negotiation auto\n!\ninterface GigabitEthernet3\n no ip address\n shutdown\n negotiation auto\n!\nrouter ospf 1\n redistribute connected subnets\n network 10.1.1.0 0.0.0.255 area 0\n!\n!\nvirtual-service csr_mgmt\n!\nip forward-protocol nd\n!\nno ip http server\nno ip http secure-server\n!\n!\n!\n!\n!\n!\ncontrol-plane\n!\n !\n !\n !\n !\n!\n!\n!\n!\n!\nline con 0\nline vty 0 4\n!\n!\nend",
+  "candidate": ""
+}

test/ios/mocked_data/test_get_config_sanitized_filtered/normal/show_running_config.txt

@@ -0,0 +1,151 @@
+Building configuration...
+
+Current configuration : 1366 bytes
+!
+! Last configuration change at 18:41:02 UTC Thu Nov 24 2016
+!
+version 15.5
+service timestamps debug datetime msec
+service timestamps log datetime msec
+no platform punt-keepalive disable-kernel-core
+platform console auto
+!
+hostname CSR1
+!
+boot-start-marker
+boot-end-marker
+!
+!
+enable password cisco
+!
+aaa new-model
+!
+!
+aaa authentication login default local
+aaa authorization exec default local
+!
+!
+!
+!
+!
+aaa session-id common
+!
+ip vrf MGMT
+!
+!
+!
+!
+!
+!
+!
+!
+!
+
+
+ip domain name example.local
+
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+subscriber templating
+!
+multilink bundle-name authenticated
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+license udi pid CSR1000V sn 9OSEGKJXRHE
+spanning-tree extend system-id
+!
+username cisco privilege 15 password 0 cisco
+!
+redundancy
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+interface Loopback0
+ ip address 1.1.1.1 255.255.255.255
+!
+interface GigabitEthernet1
+ ip vrf forwarding MGMT
+ ip address 192.168.35.121 255.255.255.0
+ negotiation auto
+!
+interface GigabitEthernet2
+ ip address 10.1.1.1 255.255.255.0
+ negotiation auto
+!
+interface GigabitEthernet3
+ no ip address
+ shutdown
+ negotiation auto
+!
+router ospf 1
+ redistribute connected subnets
+ network 10.1.1.0 0.0.0.255 area 0
+!
+!
+virtual-service csr_mgmt
+!
+ip forward-protocol nd
+!
+no ip http server
+no ip http secure-server
+!
+!
+!
+!
+!
+!
+control-plane
+!
+ !
+ !
+ !
+ !
+!
+!
+!
+!
+!
+line con 0
+line vty 0 4
+!
+!
+end