trigger.tacacsrc
— Network credentials library¶
Abstract interface to .tacacsrc credentials file.
Designed to interoperate with the legacy DeviceV2 implementation, but provide a reasonable API on top of that. The name and format of the .tacacsrc file are not ideal, but compatibility matters.
-
trigger.tacacsrc.
get_device_password
(device=None, tcrc=None)¶ Fetch the password for a device/realm or create a new entry for it. If device is not passed,
settings.DEFAULT_REALM
is used, which is default realm for most devices.Parameters: - device – Realm or device name to updated
- device – Optional
Tacacsrc
instance
-
trigger.tacacsrc.
prompt_credentials
(device, user=None)¶ Prompt for username, password and return them as Credentials namedtuple.
Parameters: - device – Device or realm name to store
- user – (Optional) If set, use as default username
-
trigger.tacacsrc.
convert_tacacsrc
()¶ Converts old .tacacsrc to new .tacacsrc.gpg.
-
trigger.tacacsrc.
update_credentials
(device, username=None)¶ Update the credentials for a given device/realm. Assumes the same username that is already cached unless it is passed.
This may seem redundant at first compared to Tacacsrc.update_creds() but we need this factored out so that we don’t end up with a race condition when credentials are messed up.
Returns True if it actually updated something or None if it didn’t.
Parameters: - device – Device or realm name to update
- username – Username for credentials
-
trigger.tacacsrc.
validate_credentials
(creds=None)¶ Given a set of credentials, try to return a
Credentials
object.If
creds
is unset it will fetch from.tacacsrc
.Expects either a 2-tuple of (username, password) or a 3-tuple of (username, password, realm). If only (username, password) are provided, realm will be populated from
DEFAULT_REALM
.Parameters: creds – A tuple of credentials.
-
class
trigger.tacacsrc.
Credentials
(username, password, realm)¶ -
password
¶ Alias for field number 1
-
realm
¶ Alias for field number 2
-
username
¶ Alias for field number 0
-
-
class
trigger.tacacsrc.
Tacacsrc
(tacacsrc_file=None, use_gpg=False, generate_new=False)¶ Encrypts, decrypts and returns credentials for use by network devices and other tools.
Pass use_gpg=True to force GPG, otherwise it relies on settings.USE_GPG_AUTH
*_old
functions should be removed after everyone is moved to the new system.-
update_creds
(creds, realm, user=None)¶ Update username/password for a realm/device and set self.creds_updated bit to trigger .write().
Parameters: - creds – Dictionary of credentials keyed by realm
- realm – The realm to update within the creds dict
- user – (Optional) Username passed to prompt_credentials()
-
user_has_gpg
()¶ Checks if user has .gnupg directory and .tacacsrc.gpg file.
-
write
()¶ Writes .tacacsrc(.gpg) using the accurate method (old vs. new).
-