Package onep :: Package aaa :: Module User :: Class User
[frames] | no frames]

Class User


AAA User class.

A AAA User is associated with the following entities:

Instance Methods
 
__init__(self, ne, username, password)
Create a User instance.
 
set_network_element(self, network_element)
Set the network element to be used for the AAA Service.
 
authenticate(self, list_)
Authenticate a user using the AAA Service on the Network Element.
 
is_action_authorized(self, action)
Verify if action is authorized for user.
 
send_accounting_record(self, action, accntRecord)
Send an accounting record for a user using AAA Service on the Network Element.
 
remove_user(self)
Remove the user record maintained by ONEP Infrastructure.

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables
  OnepAAAAcctAction = enum('ONEP_AAA_ACCT_ACTION_START', 'ONEP_A...
Definition for accounting action type:...
  log = None
Instance Variables
  server
The AAA server used by the Network Element to service the last authenticated request.
  is_auto_acct_enabled
Indicates whether the auto-accounting is enabled for a user
  auth_profile
The authorization profile.
  username
The user name
  password
The password
Properties

Inherited from object: __class__

Method Details

__init__(self, ne, username, password)
(Constructor)

 

Create a User instance.

Parameters:
  • ne - Network Element which is used to access AAA server.
  • username - User name.
  • password - User password.
Raises:
Overrides: object.__init__

set_network_element(self, network_element)

 

Set the network element to be used for the AAA Service.

This method updates the Network Element to be used to access the AAA Service for an existing AAA User instance. It overwrites the Network Element that was set in the call to User(NetworkElement,String,String). If auto-accounting is enabled for the user and if an accounting session is active between the existing Network Element and the AAA Server, then this API will result into sending an Accounting-Stop over the accounting session. Auto-accounting session will not be initiated from the new Network Element until the AAA User is authenticated on the new Network Element and the Authorization Profile has auto-accounting enabled.

Parameters:
  • network_element - the Network Element to set
Raises:

authenticate(self, list_)

 

Authenticate a user using the AAA Service on the Network Element.

This method authenticates a user (i.e. an instance of AAA User) using the AAA Service on the Network Element associated with the user set while creating the AAA User instance or updated using set_network_element(NetworkElement).

On successful authentication the following will happen:

  • The user's authorization profile configured on the AAA server is returned as a AAA Attribute List instance.
  • Accounting is turned on for the user, if the AAA Server administrator has enabled auto-accounting for this user by configuring Cisco VSA "auto-acct=enable" in the user's authorization profile.

The AAA User Authorization Profile is realized using a list of onep.aaa.Attribute structure, which is cached locally in the AAA User instance.

Change of Authorization functionality is not available, so if the AAA admin changes the user's profile on the AAA server after the user was successfully authenticated, the new profile will not be reflected in this object unless the Application calls authenticate() again to refresh the Authorization Profile.

Note: Accounting, if enabled, is turned off when the AAA User instance is removed using remove_user() or if the AAA User's Network Element attachment is changed using set_network_element(NetworkElement) API

Note: The AAA Server that was used to service this request can be retrieved from self.server

Note: The "allowed-action" attribute is not returned in the authorization profile. Use is_action_authorized(String) to read the value of this attribute set in the authorization profile configured on the AAA server.

Example:

>>> attrs = user.authenticate(None)
>>> for attr in attrs:
        print str(attr)
Returns:
List of Attributes containing the authorization profile for the user. If no authorization profile is configured on AAA server, the list is a size of 0.
Raises:

is_action_authorized(self, action)

 

Verify if action is authorized for user.

This method verifies whether a particular action is authorized for a user. The action-name string must exactly match one of the action-names in the user's profile on the AAA Server. The search space is limited to actions listed for the application that invoked authenticate. Action-names are case-sensitive.

Parameters:
  • action - Action name
Returns:
True if action is authorized, False otherwise.
Raises:
  • OnepException - if action is not present in the attribute list returned by {@link #authenticate} API

send_accounting_record(self, action, accntRecord)

 

Send an accounting record for a user using AAA Service on the Network Element.

This method is used for sending an accounting record to the AAA (Accounting) Server.

Note: This method must not be used to send Accounting messages if auto-accounting is enabled for the AAA User. Note: If auto-accounting is enabled for a user then this API will not be allowed to be executed. Note: The AAA Server that was used to service this request can be retrieved by calling authenticate

Parameters:
  • action - Accounting action type OnepAAAAcctAction, START, STOP,or UPDATE.
  • accntRecord - Attribute list containing Application-specific attributes (including byte/packet counters as per RFC2866) to be included in the accounting records. This argument can be specified as None if there are no Application-specific attributes to be sent.
Raises:

remove_user(self)

 

Remove the user record maintained by ONEP Infrastructure.

This API removes all the information that is maintained by ONEP session infrastructure for the given user. If accounting has started for the given user, an accounting STOP request is sent to the AAA server.

Note: The API below does not remove user records from the AAA server, nor does it invalidate the existing user instance.

The application can reuse the existing User instance to re-authenticate with the AAA Server.

Raises:

Class Variable Details

OnepAAAAcctAction


Definition for accounting action type:
    Start accounting
    Stop accounting
    Update accounting recorded

Value:
enum('ONEP_AAA_ACCT_ACTION_START', 'ONEP_AAA_ACCT_ACTION_STOP', 'ONEP_\
AAA_ACCT_ACTION_UPDATE')