Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2094
Views
0
Helpful
4
Replies

Create an authgroup using MAAPI Java API

Go to solution
Philip Petty
Cisco Employee
Cisco Employee

‎07-09-2017 05:43 PM - edited ‎03-01-2019 03:54 AM

Hi,

I'd like to get some help creating an authgroup entry using the MAAPI Java API. So far I have been following the AddAndSyncDevices example found here and modifying it as appropriate:
examples.ncs/getting-started/developing-with-ncs/8-maapi/packages/maapi/src/java/src/com/example/maapi/actions/AddAndSyncDevices.java

Below is a snippet of the code I have - I have created the socket, maapi instance, user session and transaction handle prior to this:

        ConfPath newAuthgroupPath = new ConfPath("/ncs:devices/authgroups/group{%s}", name);

        if (maapi.exists(th, newAuthgroupPath)) {

            System.out.println("Authgroup " + name + " already exists - deleting");

            maapi.delete(th, newAuthgroupPath);

        }

        maapi.create(th, newAuthgroupPath);

Pretty basic stuff and it works up to this point. The problem I am having is, an authgroup has a 'umap' element which is a list, however, I can't figure out how to create it. I have tried the following:

     maapi.create(th, newAuthgroupPath.copyAppend(Ncs._umap_));

This throws the following exception:

com.tailf.maapi.MaapiException: /ncs:devices/authgroups/group{testing}/umap: notcreatable

I have also tried:

     ConfList umapList = new ConfList();

     maapi.setElem(th, umapList, newAuthgroupPath.copyAppend(Ncs._umap_));

This throws the following exception:
com.tailf.maapi.MaapiException: /ncs:devices/authgroups/group{testing}/umap: typeless node

Failing getting umap to work, I tried creating a default-map instead (however I would prefer to use a umap) with a bit more success. I have been able to create the default-map and set the remote-name, however I am getting an exception when setting the remote-password. I am guessing that this is because the remote-password I am setting is a string and it is defined as a tailf:aes-cfb-128-encrypted-string in tailf-ncs-cluster.yang?

Below is the code I have tried for creating and setting the default-map:

     maapi.create(th, newAuthgroupPath.copyAppend(Ncs._default_map_));

     ConfBuf remoteNameBuf = new ConfBuf(username);

     maapi.setElem(th, remoteNameBuf, newAuthgroupPath.copyAppend(Ncs._default_map_ + "/" + Ncs._remote_name_));

     ConfBuf remotePasswordBuf = new ConfBuf(password);

     maapi.setElem(th, remotePasswordBuf,

          newAuthgroupPath.copyAppend(Ncs._default_map_ + "/" + Ncs._remote_password_));

     ConfBuf remoteSecondaryPasswordBuf = new ConfBuf(enablePassword);

     maapi.setElem(th, remoteSecondaryPasswordBuf,

          newAuthgroupPath.copyAppend(Ncs._default_map_ + "/" + Ncs._remote_secondary_password_));

Below is the exception I mentioned above when setting the password but it is not encrypted:

com.tailf.maapi.MaapiException: /ncs:devices/authgroups/group{testing}/default-map/remote-password: <<"testing">> is not a valid value.


I have looked through the Ncs examples and the advanced NSO training material and I haven't seen any examples like this, of creating a umap or list or creating an encrypted string.

To summaries, these are my questions:

  • How do I create a umap/list and populate it with values via MAAPI?
  • How do I create the encrypted remote-password via MAAPI?

Appreciate your help with this!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
frjansso
Cisco Employee
Cisco Employee

‎07-09-2017 10:02 PM

Hi!

I'd recommend you go with Navu, IMHO easer to work with.

To create the umap list entry, I believe you'll have to create a path like:

"/ncs:devices/authgroups/group{%s}/umap{%s}, groupName, userName

so possibly:

maapi.create(th, newAuthgroupPath.copyAppend(Ncs._umap_ + "/{" + userName + "}"))

//Fredrik

View solution in original post

0 Helpful
4 Replies 4

Go to solution
frjansso
Cisco Employee
Cisco Employee

‎07-09-2017 10:02 PM

Hi!

I'd recommend you go with Navu, IMHO easer to work with.

To create the umap list entry, I believe you'll have to create a path like:

"/ncs:devices/authgroups/group{%s}/umap{%s}, groupName, userName

so possibly:

maapi.create(th, newAuthgroupPath.copyAppend(Ncs._umap_ + "/{" + userName + "}"))

//Fredrik

0 Helpful

Go to solution
Philip Petty
Cisco Employee
Cisco Employee
In response to frjansso

‎07-09-2017 10:17 PM

Thank you, Fredrik. That frustratingly makes sense because according to the YANG model, the umap is keyed on the local-user field so the local-user should be given at the time it is being created. I can confirm that this now works.

Any pointers on encrypting the remote-password?

I did start looking into Navu but I couldn't find any examples of how to create objects so I kept exploring MAAPI based on the AddAndSyncDevice example mentioned above. If you have good examples/resources for Navu I'd be very interested in reading them.

0 Helpful

Go to solution
frjansso
Cisco Employee
Cisco Employee
In response to Philip Petty

‎07-10-2017 07:18 AM

Hi!

Unfortunately I don't have an example of decrypting the password. I'd suggest you open a separate thread on it.

If you have a Java service, you'll actually get the Navu object as part of the call:

17 public Properties create(ServiceContext context,

18 NavuNode service,

19 NavuNode ncsRoot,

20 Properties opaque) throws ConfException {

NavuList devices = ncsRoot.container("devices").list("device");

NavuListEntry theDevice = devices.elem("the-device");

NavuContainer newDevice = devices.create("the-new-device");

If you need to create the Navu from a Maapi object, you could do this:

oth is a thread handle

NavuContext context = new NavuContext(maapi, oth);

NavuList devices = (NavuList) new NavuContainer(context).getNavuNode(new ConfPath("/ncs:devices/ncs:device"));

I hope that helps!

Cheers,

Fredrik

0 Helpful

Go to solution
schalaga
Cisco Employee
Cisco Employee

‎07-11-2017 12:36 AM

Hi!

This code works to create an authgroup.

private void addAuthgroup() {
        int th1 = 0;

        try {
            th1 = maapi.startTrans(Conf.DB_RUNNING, Conf.MODE_READ_WRITE);
            NavuContainer ncsContainer = DeviceOnboardingUtility.getNcsContainer(maapi, th1);
            NavuList devlist = ncsContainer.container(Ncs._devices_).container(Ncs._authgroups_).list(Ncs._group_);
            NavuContainer authgrpCont = devlist.create("BASIC_AUTH");
            logger.info(" exists  " + authgrpCont.container(Ncs._default_map).exists());
            NavuContainer defContainer = authgrpCont.container(Ncs._default_map).create();
            defContainer.leaf(Ncs._remote_name_).set("admin");
            defContainer.leaf(Ncs._remote_password_).set("admin");
            maapi.applyTrans(th1, false);
            maapi.finishTrans(th1);
        }catch(Exception e){
            e.printStackTrace();
        }
       
    }

Thanks,

Sujani

0 Helpful
Customers Also Viewed These Support Documents