diff options
Diffstat (limited to 'docs/labs/lab07-aaa')
| -rw-r--r-- | docs/labs/lab07-aaa/aaa_users.csv | 5 | ||||
| -rw-r--r-- | docs/labs/lab07-aaa/add_new_user_cvaas.py | 32 | ||||
| -rw-r--r-- | docs/labs/lab07-aaa/add_new_user_onprem.py | 29 | ||||
| -rw-r--r-- | docs/labs/lab07-aaa/add_users_from_csv_cvaas.py | 29 | ||||
| -rw-r--r-- | docs/labs/lab07-aaa/create_svc_account.py | 20 | ||||
| -rw-r--r-- | docs/labs/lab07-aaa/create_svc_account_token.py | 23 | ||||
| -rw-r--r-- | docs/labs/lab07-aaa/create_terminattr_tokens.py | 32 | ||||
| -rw-r--r-- | docs/labs/lab07-aaa/cvaas.tok | 1 | ||||
| -rw-r--r-- | docs/labs/lab07-aaa/delete_all_expired_svc_account_tokens.py | 16 | ||||
| -rw-r--r-- | docs/labs/lab07-aaa/delete_svc_account.py | 17 | ||||
| -rw-r--r-- | docs/labs/lab07-aaa/delete_svc_account_created_by_user.py | 22 | ||||
| -rw-r--r-- | docs/labs/lab07-aaa/get_user_info.py | 20 | ||||
| -rw-r--r-- | docs/labs/lab07-aaa/svc_account_misc.py | 34 |
13 files changed, 280 insertions, 0 deletions
diff --git a/docs/labs/lab07-aaa/aaa_users.csv b/docs/labs/lab07-aaa/aaa_users.csv new file mode 100644 index 0000000..14b3706 --- /dev/null +++ b/docs/labs/lab07-aaa/aaa_users.csv @@ -0,0 +1,5 @@ +username,first_name,last_name,email,user_type,role,status
+alice,,,alice@abc.xyz,SSO,network-admin,Enabled
+bob,,,bob@abc.xyz,SSO,network-admin,Enabled
+jane,Jane,Smith,jane@abc.xyz,SSO,network-admin,Enabled
+john,John,Smith,john@abc.xyz,SSO,network-admin,Enabled
\ No newline at end of file diff --git a/docs/labs/lab07-aaa/add_new_user_cvaas.py b/docs/labs/lab07-aaa/add_new_user_cvaas.py new file mode 100644 index 0000000..af2d48e --- /dev/null +++ b/docs/labs/lab07-aaa/add_new_user_cvaas.py @@ -0,0 +1,32 @@ +# Copyright (c) 2021 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the COPYING file. + +from cvprac.cvp_client import CvpClient +from cvprac.cvp_client_errors import CvpApiError +import ssl +ssl._create_default_https_context = ssl._create_unverified_context +import requests.packages.urllib3 +requests.packages.urllib3.disable_warnings() +from cvprac.cvp_client import CvpClient + +# Create connection to CloudVision using Service Account token +with open("cvaas.tok") as f: + token = f.read().strip('\n') + +clnt = CvpClient() +clnt.connect(nodes=['www.arista.io'], username='', password='', is_cvaas=True, api_token=token) + +username = "john" +password = "" +role = "network-admin" +status = "Enabled" +first_name = "John" +last_name = "Smith" +email = "john.smith@abc.xyz" +utype = "SSO" + +try: + clnt.api.add_user(username,password,role,status,first_name,last_name,email,utype) +except CvpApiError as e: + print(e) diff --git a/docs/labs/lab07-aaa/add_new_user_onprem.py b/docs/labs/lab07-aaa/add_new_user_onprem.py new file mode 100644 index 0000000..218c9fc --- /dev/null +++ b/docs/labs/lab07-aaa/add_new_user_onprem.py @@ -0,0 +1,29 @@ +# Copyright (c) 2021 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the COPYING file. + +from cvprac.cvp_client import CvpClient +from cvprac.cvp_client_errors import CvpApiError +import ssl +ssl._create_default_https_context = ssl._create_unverified_context +import requests.packages.urllib3 +requests.packages.urllib3.disable_warnings() +from getpass import getpass + +# Create connection to CloudVision +clnt = CvpClient() +clnt.connect(['cvp1'],'username', 'password') + +username = "cvpuser2" +password = getpass() +role = "network-admin" +status = "Enabled" +first_name = "Cloud" +last_name = "Vision" +email = "cvp@arista.com" +utype = "TACACS" + +try: + clnt.api.add_user(username,password,role,status,first_name,last_name,email,utype) +except CvpApiError as e: + print(e) diff --git a/docs/labs/lab07-aaa/add_users_from_csv_cvaas.py b/docs/labs/lab07-aaa/add_users_from_csv_cvaas.py new file mode 100644 index 0000000..c5cdda5 --- /dev/null +++ b/docs/labs/lab07-aaa/add_users_from_csv_cvaas.py @@ -0,0 +1,29 @@ +# Copyright (c) 2021 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the COPYING file. + +from cvprac.cvp_client import CvpClient +from cvprac.cvp_client_errors import CvpApiError +import ssl +ssl._create_default_https_context = ssl._create_unverified_context +import requests.packages.urllib3 +requests.packages.urllib3.disable_warnings() +from cvprac.cvp_client import CvpClient +import csv + +# Create connection to CloudVision using Service Account token +with open("cvaas.tok") as f: + token = f.read().strip('\n') + +clnt = CvpClient() +clnt.connect(nodes=['www.arista.io'], username='', password='', is_cvaas=True, api_token=token) + + +with open("aaa_users.csv") as csvfile: + for i in csv.DictReader(csvfile): + data = dict(i) + try: + clnt.api.add_user(data['username'], "", data['role'], data['status'], data['first_name'], data['last_name'], data['email'], data['user_type']) + except CvpApiError as e: + print(e) + print ("Adding user {} to CVaaS".format(data['username'])) diff --git a/docs/labs/lab07-aaa/create_svc_account.py b/docs/labs/lab07-aaa/create_svc_account.py new file mode 100644 index 0000000..7f0e55e --- /dev/null +++ b/docs/labs/lab07-aaa/create_svc_account.py @@ -0,0 +1,20 @@ +# Copyright (c) 2021 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the COPYING file. + +from cvprac.cvp_client import CvpClient +from cvprac.cvp_client_errors import CvpApiError +import ssl +ssl._create_default_https_context = ssl._create_unverified_context +import requests.packages.urllib3 +requests.packages.urllib3.disable_warnings() + +# Create connection to CloudVision using user/password (on-prem only) +clnt = CvpClient() +clnt.connect(['cvp1'],'username', 'password') + +username = "cvprac2" +description = "test cvprac" +roles = ["network-admin", "clouddeploy"] # both role names and role IDs are supported +status = 1 # 1 is equivalent to "ACCOUNT_STATUS_ENABLED" +clnt.api.svc_account_set(username, description, roles, status) diff --git a/docs/labs/lab07-aaa/create_svc_account_token.py b/docs/labs/lab07-aaa/create_svc_account_token.py new file mode 100644 index 0000000..4be8185 --- /dev/null +++ b/docs/labs/lab07-aaa/create_svc_account_token.py @@ -0,0 +1,23 @@ +# Copyright (c) 2021 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the COPYING file. + +from cvprac.cvp_client import CvpClient +from cvprac.cvp_client_errors import CvpApiError +import ssl +ssl._create_default_https_context = ssl._create_unverified_context +import requests.packages.urllib3 +requests.packages.urllib3.disable_warnings() + +# Create connection to CloudVision using user/password (on-prem only) +clnt = CvpClient() +clnt.connect(['cvp1'],'username', 'password') + +username = "cvprac2" +duration = "31536000s" # 1 year validity +description = "test cvprac" +svc_token = clnt.api.svc_account_token_set(username, duration, description) + +# Write the token to file in <username>.tok format +with open(svc_token[0]['value']['user'] + ".tok", "w") as f: + f.write(svc_token[0]['value']['token']) diff --git a/docs/labs/lab07-aaa/create_terminattr_tokens.py b/docs/labs/lab07-aaa/create_terminattr_tokens.py new file mode 100644 index 0000000..d874913 --- /dev/null +++ b/docs/labs/lab07-aaa/create_terminattr_tokens.py @@ -0,0 +1,32 @@ +# Copyright (c) 2021 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the COPYING file. +# +# Example script to generate the TerminAttr token via REST API from CVaaS and CV on-prem +# and save them to a file + +from cvprac.cvp_client import CvpClient +from pprint import pprint as pp +import ssl +ssl._create_default_https_context = ssl._create_unverified_context +import requests.packages.urllib3 +requests.packages.urllib3.disable_warnings() + +# Reading the service account token from a file +with open("cvaas.tok") as f: + token = f.read().strip('\n') + +clnt = CvpClient() +clnt.connect(nodes=['www.arista.io'], username='',password='',is_cvaas=True, api_token=token) + +terminattr_token = clnt.api.create_enroll_token('720h') +with open('cv-onboarding-token', 'w') as f: + f.write(terminattr_token[0]['enrollmentToken']['token']) + +primary = CvpClient() +primary.connect(nodes=['cvp1'], username='username',password='password') + +terminattr_token = primary.api.create_enroll_token('720h') + +with open('token', 'w') as f: + f.write(terminattr_token['data']) diff --git a/docs/labs/lab07-aaa/cvaas.tok b/docs/labs/lab07-aaa/cvaas.tok new file mode 100644 index 0000000..9d0234c --- /dev/null +++ b/docs/labs/lab07-aaa/cvaas.tok @@ -0,0 +1 @@ +<copy service account token here>
\ No newline at end of file diff --git a/docs/labs/lab07-aaa/delete_all_expired_svc_account_tokens.py b/docs/labs/lab07-aaa/delete_all_expired_svc_account_tokens.py new file mode 100644 index 0000000..68e82a9 --- /dev/null +++ b/docs/labs/lab07-aaa/delete_all_expired_svc_account_tokens.py @@ -0,0 +1,16 @@ +# Copyright (c) 2021 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the COPYING file. + +from cvprac.cvp_client import CvpClient +from cvprac.cvp_client_errors import CvpApiError +import ssl +ssl._create_default_https_context = ssl._create_unverified_context +import requests.packages.urllib3 +requests.packages.urllib3.disable_warnings() + +# Create connection to CloudVision using user/password (on-prem only) +clnt = CvpClient() +clnt.connect(['cvp1'],'username', 'password') + +clnt.api.svc_account_delete_expired_tokens() diff --git a/docs/labs/lab07-aaa/delete_svc_account.py b/docs/labs/lab07-aaa/delete_svc_account.py new file mode 100644 index 0000000..a6f7854 --- /dev/null +++ b/docs/labs/lab07-aaa/delete_svc_account.py @@ -0,0 +1,17 @@ +# Copyright (c) 2021 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the COPYING file. + +from cvprac.cvp_client import CvpClient +from cvprac.cvp_client_errors import CvpApiError +import ssl +ssl._create_default_https_context = ssl._create_unverified_context +import requests.packages.urllib3 +requests.packages.urllib3.disable_warnings() + +# Create connection to CloudVision using user/password (on-prem only) +clnt = CvpClient() +clnt.connect(['cvp1'],'username', 'password') + +username = "cvprac2" +clnt.api.svc_account_delete(username) diff --git a/docs/labs/lab07-aaa/delete_svc_account_created_by_user.py b/docs/labs/lab07-aaa/delete_svc_account_created_by_user.py new file mode 100644 index 0000000..b8f4045 --- /dev/null +++ b/docs/labs/lab07-aaa/delete_svc_account_created_by_user.py @@ -0,0 +1,22 @@ +# Copyright (c) 2021 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the COPYING file. + +from cvprac.cvp_client import CvpClient +from cvprac.cvp_client_errors import CvpApiError +import ssl +ssl._create_default_https_context = ssl._create_unverified_context +import requests.packages.urllib3 +requests.packages.urllib3.disable_warnings() + +# Create connection to CloudVision using user/password (on-prem only) +clnt = CvpClient() +clnt.connect(['cvp1'],'username', 'password') + +svc_accounts = clnt.api.svc_account_get_all() +created_by = 'john.smith' + +# Delete service accounts created by user john.smith +for account in svc_accounts: + if account['value']['created_by'] == created_by: + clnt.api.svc_account_delete(account['value']['key']['name']) diff --git a/docs/labs/lab07-aaa/get_user_info.py b/docs/labs/lab07-aaa/get_user_info.py new file mode 100644 index 0000000..5e5a193 --- /dev/null +++ b/docs/labs/lab07-aaa/get_user_info.py @@ -0,0 +1,20 @@ +# Copyright (c) 2021 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the COPYING file. + +from cvprac.cvp_client import CvpClient +from cvprac.cvp_client_errors import CvpApiError +import ssl +ssl._create_default_https_context = ssl._create_unverified_context +import requests.packages.urllib3 +requests.packages.urllib3.disable_warnings() +from cvprac.cvp_client import CvpClient + +with open("cvaas.tok") as f: + token = f.read().strip('\n') + +clnt = CvpClient() +clnt.connect(nodes=['www.arista.io'], username='', password='', is_cvaas=True, api_token=token) + +user_info = clnt.api.get_user('kishore') +print (user_info) diff --git a/docs/labs/lab07-aaa/svc_account_misc.py b/docs/labs/lab07-aaa/svc_account_misc.py new file mode 100644 index 0000000..d3eccca --- /dev/null +++ b/docs/labs/lab07-aaa/svc_account_misc.py @@ -0,0 +1,34 @@ +# Copyright (c) 2021 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the COPYING file. + +from cvprac.cvp_client import CvpClient +from cvprac.cvp_client_errors import CvpApiError +import ssl +ssl._create_default_https_context = ssl._create_unverified_context +import requests.packages.urllib3 +requests.packages.urllib3.disable_warnings() + +# Create connection to CloudVision using user/password (on-prem only) +clnt = CvpClient() +clnt.connect(['cvp1'],'username', 'password') + +# Get all service accounts states + +accounts = clnt.api.svc_account_get_all() + +# Get specific service account state + +account = clnt.api.svc_account_get_one("cvprac2") + +# Get all service account token states + +tokens = clnt.api.svc_account_token_get_all() + +# Get specific token state + +token = clnt.api.svc_account_token_get_one("9bfb39ff892c81d6ac9f25ff95d0389719595feb") + +# Delete a service account token + +clnt.api.svc_account_token_delete("9bfb39ff892c81d6ac9f25ff95d0389719595feb") |