diff --git a/config/aaa.py b/config/aaa.py index fdb784dc4a..06a23df1c3 100644 --- a/config/aaa.py +++ b/config/aaa.py @@ -9,6 +9,7 @@ ADHOC_VALIDATION = True RADIUS_MAXSERVERS = 8 +TACACS_MAXSERVERS = 8 RADIUS_PASSKEY_MAX_LEN = 65 VALID_CHARS_MSG = "Valid chars are ASCII printable except SPACE, '#', and ','" @@ -265,9 +266,12 @@ def add(address, timeout, key, auth_type, port, pri, use_mgmt_vrf): config_db = ValidatedConfigDBConnector(ConfigDBConnector()) config_db.connect() - old_data = config_db.get_entry('TACPLUS_SERVER', address) - if old_data != {}: - click.echo('server %s already exists' % address) + old_data = config_db.get_table('TACPLUS_SERVER') + ctx = click.get_current_context() + if address in old_data: + ctx.fail(f'server {address} already exists') + if len(old_data) == TACACS_MAXSERVERS: + ctx.fail(f'tacacs server reached max size {TACACS_MAXSERVERS}') else: data = { 'tcp_port': str(port), @@ -284,7 +288,6 @@ def add(address, timeout, key, auth_type, port, pri, use_mgmt_vrf): try: config_db.set_entry('TACPLUS_SERVER', address, data) except ValueError as e: - ctx = click.get_current_context() ctx.fail("Invalid ip address. Error: {}".format(e)) tacacs.add_command(add) @@ -511,11 +514,11 @@ def add(address, retransmit, timeout, key, auth_type, auth_port, pri, use_mgmt_v config_db = ValidatedConfigDBConnector(ConfigDBConnector()) config_db.connect() old_data = config_db.get_table('RADIUS_SERVER') - if address in old_data : - click.echo('server %s already exists' % address) - return + ctx = click.get_current_context() + if address in old_data: + ctx.fail(f'server {address} already exists') if len(old_data) == RADIUS_MAXSERVERS: - click.echo('Maximum of %d can be configured' % RADIUS_MAXSERVERS) + ctx.fail(f'Maximum of {RADIUS_MAXSERVERS} can be configured') else: data = { 'auth_port': str(auth_port), @@ -547,7 +550,6 @@ def add(address, retransmit, timeout, key, auth_type, auth_port, pri, use_mgmt_v try: config_db.set_entry('RADIUS_SERVER', address, data) except ValueError as e: - ctx = click.get_current_context() ctx.fail("Invalid ConfigDB. Error: {}".format(e)) radius.add_command(add)