07-09-2017 05:43 PM - edited 03-01-2019 03:54 AM
Hi,
I'd like to get some help creating an authgroup entry using the MAAPI Java API. So far I have been following the AddAndSyncDevices example found here and modifying it as appropriate:
examples.ncs/getting-started/developing-with-ncs/8-maapi/packages/maapi/src/java/src/com/example/maapi/actions/AddAndSyncDevices.java
Below is a snippet of the code I have - I have created the socket, maapi instance, user session and transaction handle prior to this:
ConfPath newAuthgroupPath = new ConfPath("/ncs:devices/authgroups/group{%s}", name);
if (maapi.exists(th, newAuthgroupPath)) {
System.out.println("Authgroup " + name + " already exists - deleting");
maapi.delete(th, newAuthgroupPath);
}
maapi.create(th, newAuthgroupPath);
Pretty basic stuff and it works up to this point. The problem I am having is, an authgroup has a 'umap' element which is a list, however, I can't figure out how to create it. I have tried the following:
maapi.create(th, newAuthgroupPath.copyAppend(Ncs._umap_));
This throws the following exception:
com.tailf.maapi.MaapiException: /ncs:devices/authgroups/group{testing}/umap: notcreatable
I have also tried:
ConfList umapList = new ConfList();
maapi.setElem(th, umapList, newAuthgroupPath.copyAppend(Ncs._umap_));
This throws the following exception:
com.tailf.maapi.MaapiException: /ncs:devices/authgroups/group{testing}/umap: typeless node
Failing getting umap to work, I tried creating a default-map instead (however I would prefer to use a umap) with a bit more success. I have been able to create the default-map and set the remote-name, however I am getting an exception when setting the remote-password. I am guessing that this is because the remote-password I am setting is a string and it is defined as a tailf:aes-cfb-128-encrypted-string in tailf-ncs-cluster.yang?
Below is the code I have tried for creating and setting the default-map:
maapi.create(th, newAuthgroupPath.copyAppend(Ncs._default_map_));
ConfBuf remoteNameBuf = new ConfBuf(username);
maapi.setElem(th, remoteNameBuf, newAuthgroupPath.copyAppend(Ncs._default_map_ + "/" + Ncs._remote_name_));
ConfBuf remotePasswordBuf = new ConfBuf(password);
maapi.setElem(th, remotePasswordBuf,
newAuthgroupPath.copyAppend(Ncs._default_map_ + "/" + Ncs._remote_password_));
ConfBuf remoteSecondaryPasswordBuf = new ConfBuf(enablePassword);
maapi.setElem(th, remoteSecondaryPasswordBuf,
newAuthgroupPath.copyAppend(Ncs._default_map_ + "/" + Ncs._remote_secondary_password_));
Below is the exception I mentioned above when setting the password but it is not encrypted:
com.tailf.maapi.MaapiException: /ncs:devices/authgroups/group{testing}/default-map/remote-password: <<"testing">> is not a valid value.
I have looked through the Ncs examples and the advanced NSO training material and I haven't seen any examples like this, of creating a umap or list or creating an encrypted string.
To summaries, these are my questions:
Appreciate your help with this!
Solved! Go to Solution.
07-09-2017 10:02 PM
Hi!
I'd recommend you go with Navu, IMHO easer to work with.
To create the umap list entry, I believe you'll have to create a path like:
"/ncs:devices/authgroups/group{%s}/umap{%s}, groupName, userName
so possibly:
maapi.create(th, newAuthgroupPath.copyAppend(Ncs._umap_ + "/{" + userName + "}"))
//Fredrik
07-09-2017 10:02 PM
Hi!
I'd recommend you go with Navu, IMHO easer to work with.
To create the umap list entry, I believe you'll have to create a path like:
"/ncs:devices/authgroups/group{%s}/umap{%s}, groupName, userName
so possibly:
maapi.create(th, newAuthgroupPath.copyAppend(Ncs._umap_ + "/{" + userName + "}"))
//Fredrik
07-09-2017 10:17 PM
Thank you, Fredrik. That frustratingly makes sense because according to the YANG model, the umap is keyed on the local-user field so the local-user should be given at the time it is being created. I can confirm that this now works.
Any pointers on encrypting the remote-password?
I did start looking into Navu but I couldn't find any examples of how to create objects so I kept exploring MAAPI based on the AddAndSyncDevice example mentioned above. If you have good examples/resources for Navu I'd be very interested in reading them.
07-10-2017 07:18 AM
Hi!
Unfortunately I don't have an example of decrypting the password. I'd suggest you open a separate thread on it.
If you have a Java service, you'll actually get the Navu object as part of the call:
17 public Properties create(ServiceContext context,
18 NavuNode service,
19 NavuNode ncsRoot,
20 Properties opaque) throws ConfException {
NavuList devices = ncsRoot.container("devices").list("device");
NavuListEntry theDevice = devices.elem("the-device");
NavuContainer newDevice = devices.create("the-new-device");
If you need to create the Navu from a Maapi object, you could do this:
oth is a thread handle
NavuContext context = new NavuContext(maapi, oth);
NavuList devices = (NavuList) new NavuContainer(context).getNavuNode(new ConfPath("/ncs:devices/ncs:device"));
I hope that helps!
Cheers,
Fredrik
07-11-2017 12:36 AM
Hi!
This code works to create an authgroup.
private void addAuthgroup() {
int th1 = 0;
try {
th1 = maapi.startTrans(Conf.DB_RUNNING, Conf.MODE_READ_WRITE);
NavuContainer ncsContainer = DeviceOnboardingUtility.getNcsContainer(maapi, th1);
NavuList devlist = ncsContainer.container(Ncs._devices_).container(Ncs._authgroups_).list(Ncs._group_);
NavuContainer authgrpCont = devlist.create("BASIC_AUTH");
logger.info(" exists " + authgrpCont.container(Ncs._default_map).exists());
NavuContainer defContainer = authgrpCont.container(Ncs._default_map).create();
defContainer.leaf(Ncs._remote_name_).set("admin");
defContainer.leaf(Ncs._remote_password_).set("admin");
maapi.applyTrans(th1, false);
maapi.finishTrans(th1);
}catch(Exception e){
e.printStackTrace();
}
}
Thanks,
Sujani
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide