diff --git a/PowerArubaCX/Private/Confirm.ps1 b/PowerArubaCX/Private/Confirm.ps1 index a514d44..605e84e 100644 --- a/PowerArubaCX/Private/Confirm.ps1 +++ b/PowerArubaCX/Private/Confirm.ps1 @@ -119,4 +119,36 @@ function Confirm-ArubaCXVrfs { throw "Element specified does not contain a ssh_enable property." } $true +} + +function Confirm-ArubaCXTacacsServer { + + Param ( + [Parameter (Mandatory = $true)] + [object]$argument + ) + #Check if it looks like a TACACS server element + + if ( -not ( $argument | Get-Member -name auth_type -Membertype Properties)) { + throw "Element specified does not contain an auth_type property." + } + if ( -not ( $argument | Get-Member -name default_group_priority -Membertype Properties)) { + throw "Element specified does not contain a default_group_priority property." + } + if ( -not ( $argument | Get-Member -name group -Membertype Properties)) { + throw "Element specified does not contain a group property." + } + if ( -not ( $argument | Get-Member -name passkey -Membertype Properties)) { + throw "Element specified does not contain a passkey property." + } + if ( -not ( $argument | Get-Member -name timeout -Membertype Properties)) { + throw "Element specified does not contain a timeout property." + } + if ( -not ( $argument | Get-Member -name tracking_enable -Membertype Properties)) { + throw "Element specified does not contain a tracking_enable property." + } + if ( -not ( $argument | Get-Member -name user_group_priority -Membertype Properties)) { + throw "Element specified does not contain an user_group_priority property." + } + $true } \ No newline at end of file diff --git a/PowerArubaCX/Public/Tacacs.ps1 b/PowerArubaCX/Public/Tacacs.ps1 new file mode 100644 index 0000000..60d6644 --- /dev/null +++ b/PowerArubaCX/Public/Tacacs.ps1 @@ -0,0 +1,371 @@ +# +# Copyright 2021, Cédric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# + +function Add-ArubaCXTacacsServer { + + <# + .SYNOPSIS + Add Aruba CX TACACS Server + + .DESCRIPTION + Add TACACS server (ip, group, port...) + + .EXAMPLE + Add-ArubaCXTacacsServer -address 192.2.0.1 -port 49 -group Clearpass -default_group_priority 10 + + Add TACACS server with ip 192.2.0.1 and port 49 in TACACS group Clearpass + + .EXAMPLE + Add-ArubaCXTacacsServer -address 192.2.0.1 -port 49 -group Clearpass -default_group_priority 10 -timeout 10 -passkey ExampleTACACS + + Add TACACS server with ip 192.2.0.1 and port 49 in TACACS group Clearpass with timeout set to 10 and passkey as ExampleTACACS + #> + Param( + [Parameter (Mandatory = $true)] + [string]$address, + [Parameter (Mandatory = $false)] + [ValidateRange(1, 65535)] + [int]$port = 49, + [Parameter (Mandatory = $false)] + [ValidateSet('pap')] + [string]$auth_type = "pap", + [Parameter (Mandatory = $false)] + [ValidateRange(1, 9223372036854775807)] + [int64]$default_group_priority = 10, + [Parameter (Mandatory = $false)] + [string]$group = "tacacs", + [Parameter (Mandatory = $false)] + [string]$passkey, + [Parameter (Mandatory = $false)] + [int]$timeout, + [Parameter (Mandatory = $false)] + [switch]$tracking_enable, + [Parameter (Mandatory = $false)] + [int]$user_group_priority, + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + $uri = "system/vrfs/${vrf}/tacacs_servers" + + $_tacacs = new-Object -TypeName PSObject + + $_tacacs | add-member -name "address" -membertype NoteProperty -Value $address + + $_tacacs | add-member -name "tcp_port" -membertype NoteProperty -Value $port + + $_tacacs | add-member -name "vrf" -membertype NoteProperty -Value ("/rest/" + $($connection.version) + "/system/vrfs/" + $vrf) + + $_tacacs | add-member -name "default_group_priority" -membertype NoteProperty -Value $default_group_priority + + $_group = @() + + $_group += "/rest/" + $($connection.version) + "/system/aaa_server_groups/" + $group + + $_tacacs | add-member -name "group" -membertype NoteProperty -Value $_group + + $_tacacs | add-member -name "auth_type" -membertype NoteProperty -Value $auth_type + + if ( $PsBoundParameters.ContainsKey('passkey') ) { + $_tacacs | add-member -name "passkey" -membertype NoteProperty -Value $passkey + } + + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $_tacacs | add-member -name "timeout" -membertype NoteProperty -Value $timeout + } + + if ( $PsBoundParameters.ContainsKey('user_group_priority') ) { + $_tacacs | add-member -name "user_group_priority" -membertype NoteProperty -Value $user_group_priority + } + + if ( $PsBoundParameters.ContainsKey('tracking_enable') ) { + if ($tracking_enable) { + $_tacacs | add-member -name "tracking_enable" -membertype NoteProperty -Value $true + } + else { + $_tacacs | add-member -name "tracking_enable" -membertype NoteProperty -Value $false + } + } + + $response = Invoke-ArubaCXRestMethod -uri $uri -method 'POST' -body $_tacacs -connection $connection + $response + + Get-ArubaCXTacacsServer -address $address -port $port -vrf $vrf + + } + + End { + } +} + +function Get-ArubaCXTacacsServer { + + <# + .SYNOPSIS + Get list of TACACS server configured + + .DESCRIPTION + Get list of TACACS server configured (ip, group, port...) + + .EXAMPLE + Get-ArubaCXTacacsServer -vrf default + + Get list of TACACS server configured (ip, group, port...) on default vrf + + .EXAMPLE + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 + + Get TACACS server with ip 192.2.0.1 and port 49 + #> + + [CmdletBinding(DefaultParametersetname = "Default")] + Param( + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [ipaddress]$address, + [Parameter (Mandatory = $false)] + [int]$port = 49, + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter(Mandatory = $false)] + [ValidateRange(1, 4)] + [Int]$depth, + [Parameter(Mandatory = $false, ParameterSetName = "address")] + [ValidateSet("configuration", "status", "statistics", "writable")] + [String]$selector, + [Parameter(Mandatory = $false)] + [String[]]$attributes, + [Parameter(Mandatory = $false)] + [switch]$vsx_peer, + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('depth') ) { + $invokeParams.add( 'depth', $depth ) + } + if ( $PsBoundParameters.ContainsKey('selector') ) { + $invokeParams.add( 'selector', $selector ) + } + if ( $PsBoundParameters.ContainsKey('attributes') ) { + $invokeParams.add( 'attributes', $attributes ) + } + if ( $PsBoundParameters.ContainsKey('vsx_peer') ) { + $invokeParams.add( 'vsx_peer', $true ) + } + + if ($PsBoundParameters.ContainsKey('address') -and $PsBoundParameters.ContainsKey('port')) { + $uri = "system/vrfs/${vrf}/tacacs_servers/${address},${port}" + } + else { + $uri = "system/vrfs/${vrf}/tacacs_servers" + } + + $response = Invoke-ArubaCXRestMethod -uri $uri -method 'GET' -connection $connection @invokeParams + + $response + + } + + End { + } +} + +function Set-ArubaCXTacacsServer { + + <# + .SYNOPSIS + Configure TACACS Server ArubaCX Switch + + .DESCRIPTION + Configure TACACS Server (Timeout, port...) + + .EXAMPLE + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -timeout 15 + + Configure timeout on TACACS server + + .EXAMPLE + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -group tacacs + + Configure group on TACACS server + + .EXAMPLE + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -passkey ExampleTacacs + + Configure passkey on TACACS server + + .EXAMPLE + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -default_group_priority 10 -group PowerArubaCX -passkey ExampleTacacs -timeout 15 -tacking_enable -user_group_priority 1 + + Configure passkey, timeout, tacking enable and user group priority on TACACS server + #> + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ID")] + [ValidateScript( { Confirm-ArubaCXTacacsServer $_ })] + [psobject]$tacacs, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [string]$address, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [int]$port, + [Parameter (Mandatory = $false)] + [ValidateSet('pap')] + [string]$auth_type, + [Parameter (Mandatory = $false)] + [ValidateRange(1, 9223372036854775807)] + [int]$default_group_priority, + [Parameter (Mandatory = $false)] + [string]$group = "tacacs", + [Parameter (Mandatory = $false)] + [string]$passkey, + [Parameter (Mandatory = $false)] + [int]$timeout = 10, + [Parameter (Mandatory = $false)] + [switch]$tracking_enable, + [Parameter (Mandatory = $false)] + [int]$user_group_priority = 1, + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + + Begin { + } + + Process { + + $_tacacs = @{ } + + if ($tacacs) { + $address = $tacacs.address + $port = $tacacs.tcp_port + } + + $uri = "system/vrfs/${vrf}/tacacs_servers/${address},${port}" + + $_tacacs = Get-ArubaCXTacacsServer -address $address -port $port -selector writable + + if ( $PsBoundParameters.ContainsKey('auth_type') ) { + $_tacacs.auth_type = $auth_type + } + if ( $PsBoundParameters.ContainsKey('default_group_priority') ) { + $_tacacs.default_group_priority = $default_group_priority + } + + $_group = @() + + $_group += "/rest/" + $($connection.version) + "/system/aaa_server_groups/" + $group + + $_tacacs.group = $_group + + if ( $PsBoundParameters.ContainsKey('passkey') ) { + $_tacacs.passkey = $passkey + } + + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $_tacacs.timeout = $timeout + } + + if ( $PsBoundParameters.ContainsKey('tracking_enable') ) { + if ($tracking_enable) { + $_tacacs.tracking_enable = $true + } + else { + $_tacacs.tracking_enable = $false + } + } + + if ( $PsBoundParameters.ContainsKey('user_group_priority') ) { + $_tacacs.user_group_priority = $user_group_priority + } + + if ($PSCmdlet.ShouldProcess($_tacacs.address, 'Configure Tacacs Server')) { + Invoke-ArubaCXRestMethod -method "PUT" -body $_tacacs -uri $uri -connection $connection + } + + Get-ArubaCXTacacsServer -address $address -port $port -connection $connection + } + + End { + } +} + +function Remove-ArubaCXTacacsServer { + + <# + .SYNOPSIS + Remove a TACACS server on Aruba CX Switch + + .DESCRIPTION + Remove a TACACS server on Aruba CX Switch + + .EXAMPLE + $ts = Get-ArubaCXArubaCXTacacsServer -address 192.2.0.1 -port 49 + PS C:\>$ts | Remove-ArubaCXTacacsServer + + Remove TACACS server with address 192.0.2.1 and port 49 + + .EXAMPLE + Remove-ArubaCXTacacsServer -address 192.2.0.1 -confirm:$false -vrf default + Remove TACACS server 192.0.2.1 on default vrf with no confirmation + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] + Param( + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [string]$address, + [Parameter (Mandatory = $false, ParameterSetName = "address")] + [int]$port = 49, + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ID")] + [ValidateScript( { Confirm-ArubaCXTacacsServer $_ })] + [psobject]$ts, + [Parameter(Mandatory = $false, ParameterSetName = "address")] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + #get address, port and vrf from tacacs server ts object + if ($ts) { + $address = $ts.address + $port = $ts.tcp_port + } + + $uri = "system/vrfs/${vrf}/tacacs_servers/${address},${port}" + + if ($PSCmdlet.ShouldProcess("Tacacs Server (VRF: ${vrf})", "Remove ${address},${port}")) { + Invoke-ArubaCXRestMethod -method "DELETE" -uri $uri -connection $connection + } + } + + End { + } +} \ No newline at end of file diff --git a/README.md b/README.md index 4043bf2..68c443f 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ With this module (version 0.5.0) you can manage: - [LLDP Neighbor](#lldp-neighbor) (Get) - [System](#System) (Get/Set) - [Users](#Users) (Get) +- [TACACS Server](#tacacs-server) (Add/Get/Set/Remove) - [Vlans](#Vlans-Management) (Add/Get/Set/Remove) - [VRF](#vrf) (Add/Get/Set/Remove) - [VM](#vm) (Deploy and Configure ArubaCX OVA (for initial setup)) @@ -748,6 +749,60 @@ For example to get system of 2 ArubaCX ``` +### TACACS Server + +You can create a new TACACS Server `Add-ArubaCXTacacsServer`, retrieve its information `Get-ArubaCXTacacsServer`, modify its properties `Set-ArubaCXTacacsServer`, or delete it `Remove-ArubaCXTacacsServer`. + +```powershell +# Create a TACACS Server + Add-ArubaCXTacacsServer -address 192.2.0.1 -port 49 -auth_type pap -default_group_priority 10 -group tacacs -passkey PowerArubaCX -timeout 10 -tracking_enable -user_group_priority 10 -vrf default + + address : 192.2.0.1 + [...] + auth_type : pap + default_group_priority : 10 + group : @{tacacs=} + [...] + passkey : AQBapWD/wBAlSYvjgEqjBhR33D8T+fRfVUjTQNKVtSYzl5kMDAAAAM6/W76103nUuYlUQQ== + reachability_status : + tcp_port : 49 + timeout : 10 + tracking_enable : True + [...] + user_group_priority : 10 + + +# Get information about TACACS Server + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 -depth 2 -attributes auth_type, default_group_priority, group, passkey, tcp_port, timeout, tracking_enable, user_group_priority | Format-Table + + auth_type default_group_priority group passkey tcp_port timeout tracking_enable user_group_priority + --------- ---------------------- ----- ------- -------- ------- --------------- ------------------- + pap 10 @{tacacs=} AQBapWD/wBAlSYvjgEqjBhR33D8T+fRfVUjTQNKVtSYzl5kMDAAAAM6/W76103nUuYlUQQ== 49 10 True 10 + +# Change settings of a TACACS Server (Timeout and default group priority) + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -timeout 15 -default_group_priority 1 + + address : 192.2.0.1 + [...] + auth_type : pap + default_group_priority : 1 + group : @{tacacs=} + [...] + passkey : AQBapWD/wBAlSYvjgEqjBhR33D8T+fRfVUjTQNKVtSYzl5kMDAAAAM6/W76103nUuYlUQQ== + reachability_status : + tcp_port : 49 + timeout : 15 + tracking_enable : True + [...] + user_group_priority : 10 + + +# Remove a TACACS Server + Get-ArubaCXTacacsServer -address 192.2.0.1 | Remove-ArubaCXTacacsServer +``` + +For configure a vlan to an interface, need to use [Set-ArubaCXInterfaces](#Interface) + ### Disconnecting ```powershell diff --git a/Tests/common.ps1 b/Tests/common.ps1 index 8046ad3..a42cce8 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -13,6 +13,8 @@ $script:pester_interface2 = "1/1/2" #interface id for test... $script:pester_lag = "2" #lag id for test... $script:pester_loopback = "2" #loopback id for test... $script:pester_vrf = "pester_vrf" #interface id for test... +$script:pester_tacacs_address = "192.2.0.1" +$script:pester_tacacs_port = "49" . ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... diff --git a/Tests/integration/Tacacs.Tests.ps1 b/Tests/integration/Tacacs.Tests.ps1 new file mode 100644 index 0000000..2b044d3 --- /dev/null +++ b/Tests/integration/Tacacs.Tests.ps1 @@ -0,0 +1,227 @@ +# +# Copyright 2020, Cédric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# +. ../common.ps1 + +BeforeAll { + Connect-ArubaCX @invokeParams +} + +Describe "Get TACACS Server" { + BeforeAll { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -auth_type pap -timeout 15 + } + + It "Get TACACS Server Does not throw an error" { + { + Get-ArubaCXTacacsServer + } | Should -Not -Throw + } + + It "Get ALL TACACS Server" { + $tacacs = Get-ArubaCXTacacsServer + @($tacacs).count | Should -Not -Be $NULL + } + + It "Get TACACS Server ($pester_tacacs_address)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.tcp_port | Should -Be $pester_tacacs_port + } + + It "Get TACACS Server ($pester_tacacs_address) and confirm (via Confirm-ArubaCXTacacsServer)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + Confirm-ArubaCXTacacsServer ($tacacs) | Should -Be $true + } + + #Get with attribute, depth... + Context "Selector" { + + It "Get TACACS Server with selector equal configuration" { + { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector configuration + } | Should -Not -Throw + } + + It "Get TACACS Server with selector equal statistics" { + { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector statistics + } | Should -Not -Throw + } + + It "Get TACACS Server with selector equal status" { + { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector status + } | Should -Not -Throw + } + + It "Get TACACS Server with selector equal writable" { + { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector writable + } | Should -Not -Throw + } + } + + Context "Depth" { + + It "Get TACACS Server with depth equal 1" { + { + Get-ArubaCXTacacsServer -depth 1 + } | Should -Not -Throw + } + + It "Get TACACS Server with depth equal 2" { + { + Get-ArubaCXTacacsServer -depth 2 + } | Should -Not -Throw + } + + It "Get TACACS Server with depth equal 3" { + { + Get-ArubaCXTacacsServer -depth 3 + } | Should -Not -Throw + } + + It "Get TACACS Server with depth equal 4" { + { + Get-ArubaCXTacacsServer -depth 4 + } | Should -Not -Throw + } + } + + Context "Attribute" { + + It "Get TACACS Server with one attribute (auth_type)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -attribute auth_type + @($tacacs).count | Should -Be 1 + $tacacs.address | Should -BeNullOrEmpty + $tacacs.auth_type | Should -Not -BeNullOrEmpty + } + + It "Get TACACS Server with two attributes (auth_type, timeout)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -attribute auth_type,timeout + @($tacacs).count | Should -Be 1 + $tacacs.address | Should -BeNullOrEmpty + $tacacs.auth_type | Should -Be "pap" + $tacacs.timeout | Should -Be 15 + } + + } + + Context "Search" { + It "Search TACACS Server by address ($pester_tacacs_address)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + @($tacacs).count | Should -Be 1 + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.tcp_port | Should -Be $pester_tacacs_port + } + } + + AfterAll { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Remove-ArubaCXTacacsServer -confirm:$false + } +} + +Describe "Add TACACS Server" { + + AfterEach { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Remove-ArubaCXTacacsServer -confirm:$false -ErrorAction SilentlyContinue + } + + It "Add TACACS Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group)" { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -depth 2 + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.tcp_port | Should -Be $pester_tacacs_port + $tacacs.group.tacacs | Should -Be "@{group_name=tacacs; group_type=tacacs; origin=built-in}" + $tacacs.default_group_priority | Should -Be 1 + $tacacs.timeout | Should -Be $null + $tacacs.passkey | Should -Be $null + $tacacs.tracking_enable | Should -Be $false + } + + It "Add TACACS Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group, and a timeout)" { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -timeout 10 + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -depth 2 + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.tcp_port | Should -Be $pester_tacacs_port + $tacacs.group.tacacs | Should -Be "@{group_name=tacacs; group_type=tacacs; origin=built-in}" + $tacacs.default_group_priority | Should -Be 1 + $tacacs.timeout | Should -Be 10 + $tacacs.passkey | Should -Be $null + $tacacs.tracking_enable | Should -Be $false + } + + It "Add TACACS Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group, a timeout, a passkey and tracking_enable)" { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -timeout 10 -passkey PowerArubaCX -tracking_enable + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -depth 2 + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.tcp_port | Should -Be $pester_tacacs_port + $tacacs.group.tacacs | Should -Be "@{group_name=tacacs; group_type=tacacs; origin=built-in}" + $tacacs.default_group_priority | Should -Be 1 + $tacacs.timeout | Should -Be 10 + $tacacs.passkey | Should -Not -BeNullOrEmpty + $tacacs.tracking_enable | Should -Be $true + } +} + +Describe "Configure TACACS Server" { + BeforeAll { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 + } + + It "Change TACACS Server default_group_priority" { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -default_group_priority 10 + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.default_group_priority | Should -Be 10 + } + + It "Change TACACS Server timeout" { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -timeout 10 + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.timeout | Should -Be 10 + } + + It "Change TACACS Server tracking_enable (enable)" { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -tracking_enable:$true + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.tracking_enable | Should -Be $true + } + + It "Change TACACS Server tracking_enable (disable)" { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -tracking_enable:$false + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.tracking_enable | Should -Be $false + } + + AfterAll { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Remove-ArubaCXTacacsServer -confirm:$false + } +} + +Describe "Remove TACACS Server" { + + BeforeEach { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 + } + + It "Remove TACACS Server $pester_tacacs_address by address and port" { + Remove-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -confirm:$false + $tacacs = Get-ArubaCXTacacsServer + $tacacs.$pester_tacacs_address | Should -Be $NULL + } + + It "Remove TACACS Server $pester_tacacs_address by pipeline" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs | Remove-ArubaCXTacacsServer -confirm:$false + $tacacs = Get-ArubaCXTacacsServer + $tacacs.$pester_tacacs_address | Should -Be $NULL + } + +} + +AfterAll { + Disconnect-ArubaCX -confirm:$false +} \ No newline at end of file