Merge release_1.3.1 --> develop (#454)

* Add 8K to BGP wait_for_process_initialized()

* Add 8K to OSPF wait_for_process_initialized()

* Fix for n8k vrf context

* fix comment

* Remove skip for CSCuz44696

* fix vni for all supported platforms

* Fix minitest for aaa feature

* yaml fix

* Update version.rb

* Utils.normalize_range_array

* The motivation for this change was finding yet another array normalizer in the private vlan code so these changes are initially meant to address fixes there. IMO our range summarize methods were getting a bit long and difficult to maintain; these new methods will hopefully simplify things somewhat.

* The main problem these methods are trying to solve is reconciling manifest inputs with getter results when there are overlapping ranges; e.g.:
  * '2-5, 9, 4-6'     needs to be ['2-6', '9']
  * ['2', '3', '4-6'] needs to be ['2-6']
  * ['2', '3', '4']   needs to be ['2-4']

* It's fairly easy to merge the ranges if they are actual ruby ranges instead of the dash-syntax ranges, so the new methods just convert to ruby ranges, merge, and convert back.

* There's also a method that breaks the ranges down into individual elements so that delta_add_remove can add or remove specific elements on the switch.

* I have a related commit for Puppet on the way.

* Tested on n9k

* Property mapped_vni fix for n5|6k

* private_vlan_association minitest fix

* Updated result values to reflect that API now uses Utils.normalize_range_array, which summarizes the ranges.

* The rest is just cleanup, ie removed the else clause since the if block does a return.

* Tested on n3,n5,n6,n7,n8,n9-I3

* comment updates only

* Refactor yaml to use default_only

* Error condition for l2vpn added

* Minor test code cleanups

* Add basic filter to Interface.filter

* Get rid of interfaces_id method

* shorten test method names in test_interface_private_vlan

* tested on n9

* Simplified yaml entry

* process_initialized is included for n8k

* Fix negotiate auto invalid skips (#404)

* Condense negoitate test code and fix invalid skips

* Remove debug code

* Update aaa_authentication_login_service.rb

* interface: private_vlan refactor

* There were a few errors with the original implementation. As I worked through this I found that it made sense to rewrite many of the methods to use the new range conversion utilities, and with so many functional changes we decided to take the opportunity to shorten the property names. Since the original code was already released with 1.3.0 we decided to just deprecate them.

* Created `DEPRECATED.yaml` and `interface_DEPRECATED.rb` for the original code. The setters will raise a warning if used, which includes the name of the new property to use. I ran the original test_interface_private_vlan tests against the deprecated code and they still pass, but then updated the test file to use the new methods. This means that going forward the deprecated methods will not have any tests run, and any issues found will not be fixed.

* Related puppet fixes are in the works.

* Tested on n3-I4,n5,n6,n7,n8,n9-I2,n9-I3

* switchport_pvlan_mapping_trunk needs to be a multiple

* My first pass at this code missed that this property supported multiple occurrences
  * Added a delta_hash method for trunk
  * Changed `pvlan_range_delta` to a single-caller method for `switchport_pvlan_mapping` since it's no longer shared with the trunk method
  * Fixed the minitest

* Passes on n3-I4,n5,n6,n7,n8,n9-I2,n9-I3

* Move svi pvlan test into test_interface_svi.rb

* Tests pass on all NX platforms

* Move deprecated keys into own hash

* This is just a minor cleanup to make this simpler to remove later on

* Update comments in DEPRECATED.yaml

* change private_vlan to pvlan

* changelog

* fix for context

* Change deprecation warning msg

* Change deprecation warning msg

* pvlan_mapping should always return array

* This property allows input as string or array. The getter was returning default as [] and non-default as String - which forces special handling in puppet's insync? method - so I changed it to always return an array. This way we don't need to override insync? at all.

* Also moved the pvlan_mapping test out of the svi file. While it does only apply to svi interfaces it seems to fit better with the other interface-related private-vlan tests.

* Tested on n5,n7,n9-I3

* Add requires for DEPRECATED providers

* Symptom: Noticed a corner case where changing a deprecated file on the device but not changing the inheriting file (I updated interface_DEPRECATED.rb but not interface.rb) caused the following error:

```
Linux# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Facter: error while resolving custom fact "cisco_node_utils": uninitialized constant Cisco::NodeUtil
/opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/cisco_node_utils-1.3.1/lib/cisco_node_utils/interface_DEPRECATED.rb:29: warning: already initialized constant Cisco::PVLAN_PROPERTY
/opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/cisco_node_utils-1.3.1/lib/cisco_node_utils/interface_DEPRECATED.rb:29: warning: previous definition of PVLAN_PROPERTY was here
```

* Analysis: Looks like facter caches the provider files. I found that making a whitespace change in interface.rb was enough to trigger the cache clear for that file and it avoided the error. But the real problem is that the deprecated providers do not have a require for 'node_utils', so just needed to add those to avoid this problem.

* Also moved PVLAN_PROPERTY hash within the class to avoid the re-definition warning. This is probably not necessary but it's cleaner.

* Also found that `set_value` didn't get included for `switchport_mode_private_vlan_trunk_promiscuous` when I copied the file contents over to DEPRECATED.yaml, so it's there now.

* Tested on n9k-i3

* Update interface_DEPRECATED.rb

* Update vlan_DEPRECATED.rb

* virtual_service and system_image yaml fix

* Fix yaml validation error

* Addressed PR comments

* Remove hardcoded tacacs server reference

* Interface shutdown property fix

* Update test_interface.rb

* switchport disable is broken

* Broken by #406

* Tested on n9-i3

* test_interface_private_vlan.rb: /private_vlan/pvlan/

* The vlan object still referenced the old names

* Tested on n9-I3

* test_interface* minor cleanups

* method name changes only for the most part

* tested on n3-I4

* yum package manager fixes

* Removed debug

* Remove trailing whitespace

* Do not track tacacs server info

* Add full relative path to tacacs server info

* Test if tacacs server is valid

* Add relative path of yaml file

* Refined the error message for invalid server

* Pim.pims fix for feature disabled

* The global nature of the pim resource means that an object will be created for each vrf regardless of state; however, this meant that objects were getting created even when feature pim was disabled, causing puppet agent/resource to to raise an error whenever the getter was called.

* Tested on n7

* Add N8k references

* Handle no virtual-services installed case

* vxlan and pvlan fix

* Remove delta check for cpu utilization (#421)

* Add 8k support to CHANGELOG

* Switchport trunk allowed vlan now accepts 'vlan add' lines (#423) (#441)

* Fix regexp to only accept vlan ranges

* Trunk allowed vlan now handles 'vlan add' lines

* test_evpn_vni:route_target_both: I2 vs I3,I4,I4+ (#442)

Badcodefix: #287

* The previous fix should have limited route_target_both testing to just I2 images; instead it did the reverse.

* Tested on n9-i2,n9-i3,n9-i4,n9-i4+

* Fix error due to time zone difference (#443)

* Fix suppress-fib-pending lib and test code (#445)

* Remove testing of vrf context and fix default test

* Fix broken yaml

* Merge default test code into main testcase

* Snmp packet_size fixes (#446)

* Snmp packet_size fixes

* Add n8k

* Fix last_reset check for platform (#444)

* Fix cannot disable local issue (#447)

* New default for vxlan_vtep: holddown (#448)

* Tested on n9k-e_dev
  * Minitest passes
  * Beaker passes

* Fix auth method local cleanup (#449)

* Refactor aaa local auth removal (#450)

* Refactor aaa local auth removal

* Remove whitespace

* Remove unneeded test steps (#452)

* New overlay_global behaviors (#451)

* DME changes for l2rib properties resulted in removal of the 'default' keyword from the cli:

    `l2rib dup-host-mac-detection default`

* Prior to this change, 'default' was the only way to reset the host_moves & timeout properties back to default; there was/is no 'no' command, so the only way to reset it now is to re-enter the command with the default values.

* This change necessitates changes to the setter, minitest, and beaker. I also changed the default values to actual integer values instead of empty strings.

* Tested minitest & beaker for: n9-edev,n9-I4,n5,n6. Skips for n3 (normal) and n7 (requires F3 card).

* Prevent removal of method local on unsupported platforms (#453)

* Missed merge conflict

.gitignore

@@ -3,6 +3,7 @@ pkg/*
 vendor/*
 coverage
 ext/Rakefile
+tests/tacacs_server.yaml
 Gemfile.lock
 *.gem
 *.swp

CHANGELOG.md

@@ -19,9 +19,7 @@ Changelog
 * Added client support for gRPC on IOS XR.
 * Smart dependency installation - installing this gem will install `grpc` on IOS XR and Linux environments, but not on NX-OS environments.
 * Added `bin/show_running_yang` utility to retrieve yang configuration from XR devices.
-
-
-## [v1.3.1]
+* Cisco Nexus 8xxx platform support added to existing classes
 
 ### Changed
 * Deprecated `vlan` private-vlan properties and replaced with new methods. New file `vlan_DEPRECATED.rb` has been created to store the deprecated methods. The old -> new properties are:

README.md

@@ -47,6 +47,7 @@ Cisco Nexus N3k  | NX-OS  | 7.0(3)I2(1) and later
 Cisco Nexus N5k  | NX-OS  | 7.3(0)N1(1) and later
 Cisco Nexus N6k  | NX-OS  | 7.3(0)N1(1) and later
 Cisco Nexus N7k  | NX-OS  | 7.3(0)D1(1) and later
+Cisco Nexus N8k  | NX-OS  | 7.0(3)F1(1) and later
 Cisco XRv9k      | IOS-XR | 6.0.1 and later
 
 Please note: For Cisco Nexus 3k and 9k platforms, a virtual Nexus N9000/N3000 may be helpful for development and testing. Users with a valid [cisco.com](http://cisco.com) user ID can obtain a copy of a virtual Nexus N9000/N3000 by sending their [cisco.com](http://cisco.com) user ID in an email to <get-n9kv@cisco.com>. If you do not have a [cisco.com](http://cisco.com) user ID please register for one at [https://tools.cisco.com/IDREG/guestRegistration](https://tools.cisco.com/IDREG/guestRegistration)

docs/README-maintainers.md

@@ -48,6 +48,7 @@ When we are considering publishing a new release, all of the following steps mus
     - N56xx
     - N6xxx
     - N7xxx
+    - N8xxx
     - N9xxx
 
 3. Triage any minitest failures.

lib/cisco_node_utils/aaa_authentication_login_service.rb

@@ -57,7 +57,7 @@ def destroy
 
       if g_str.empty?
         # cannot remove default local, so do nothing in this case
-        unless m == :local && @name == 'default'
+        unless m == :local
           unless node.product_id[/N8/]
             # TBD: These 'no' commands currently error on N8k
             #   no aaa authentication login console local

lib/cisco_node_utils/aaa_authorization_service.rb

@@ -39,6 +39,10 @@ def initialize(type, name, create=true)
       config_set('aaa_authorization_service', 'method', '', type_str, name)
     end
 
+    def self.remove_local_auth
+      config_get('aaa_authorization_service', 'remove_local_auth')
+    end
+
     def self.services
       servs = {}
       servs_arr = config_get('aaa_authorization_service', 'services')
@@ -66,6 +70,8 @@ def destroy
                      'no', t_str, @name)
         end
       else
+        # Removal of auth method local is not supported on all platforms.
+        m_str = AaaAuthorizationService.remove_local_auth ? m_str : ''
         config_set('aaa_authorization_service', 'groups',
                    'no', t_str, @name, g_str, m_str)
       end

lib/cisco_node_utils/bgp.rb

@@ -867,7 +867,8 @@ def default_shutdown
 
     # Supress Fib Pending (Getter/Setter/Default)
     def suppress_fib_pending
-      config_get('bgp', 'suppress_fib_pending', @get_args)
+      val = config_get('bgp', 'suppress_fib_pending', @get_args)
+      val.nil? ? false : val
     end
 
     def suppress_fib_pending=(enable)

lib/cisco_node_utils/cmd_ref/aaa_authorization_service.yaml

@@ -19,6 +19,19 @@ method:
   set_value: "%s aaa authorization %s %s local"
   default_value: :local
 
+remove_local_auth:
+  # Used for determining if removal of authentication method
+  # 'local' is permitted.
+  kind: boolean
+  N3k: &remove_local_disallowed
+    default_only: false
+  N8k: *remove_local_disallowed
+  N9k: *remove_local_disallowed
+  N5k: &remove_local_allowed
+    default_only: true
+  N6k: *remove_local_allowed
+  N7k: *remove_local_allowed
+
 services:
   get_command: "show run aaa all"
   get_value: '/^aaa authorization (\S+) (\S+) .*(?:local)? ?$/'

lib/cisco_node_utils/cmd_ref/bgp.yaml

@@ -331,12 +331,12 @@ shutdown:
     default_value: false
 
 suppress_fib_pending:
-  # Note: Does not exist in IOS XR
-  nexus:
-    kind: boolean
-    get_value: 'suppress-fib-pending'
-    set_value: '<state> suppress-fib-pending'
-    default_value: false
+  _exclude: [ios_xr]
+  kind: boolean
+  get_value: '/^(?:no )?suppress-fib-pending$/'
+  set_value: '<state> suppress-fib-pending'
+  default_value: true
+  auto_default: false
 
 timer_bestpath_limit:
   # Note: Does not exist in IOS XR

lib/cisco_node_utils/cmd_ref/overlay_global.yaml

@@ -25,9 +25,6 @@ dup_host_mac_detection:
   get_value: '/^l2rib dup-host-mac-detection (\d+) (\d+)$/'
   set_value: "l2rib dup-host-mac-detection <host_moves> <timeout>"
 
-dup_host_mac_detection_default:
-  set_value: "l2rib dup-host-mac-detection default"
-
 dup_host_mac_detection_host_moves:
   default_value: 5
 

lib/cisco_node_utils/cmd_ref/snmp_server.yaml

@@ -49,7 +49,21 @@ packet_size:
   get_command: "show snmp internal globals"
   get_value: '/SNMP Max packet size :(\d+)/'
   set_value: "%s snmp-server packetsize %d"
-  default_value: 1500
+  N3k: &n3k_default_packet_size
+    # Prior to the 7.0(3)I4(1) release, the default packet size
+    # was incorrectly displayed as 0.  CSCuz14217 fixed this to
+    # corectly display 1500.
+    default_value: 1500
+  N9k: *n3k_default_packet_size
+  N5k: &n5k_default_packet_size
+    # N5|6|7k platforms still incorrectly display the packet
+    # size as 0. This value is therefore still used as the
+    # default. This yaml entry will be changed to match
+    # the n3|9k behavior when the issue is resolved.
+    default_value: 0
+  N6k: *n5k_default_packet_size
+  N7k: *n5k_default_packet_size
+  N8k: *n5k_default_packet_size
 
 protocol:
   _exclude: [ios_xr]

lib/cisco_node_utils/cmd_ref/vxlan_vtep.yaml

@@ -50,7 +50,7 @@ source_intf:
   default_value: ''
 
 source_intf_hold_down_time:
-  _exclude: [N5k, N6k, N7k, N8k]
+  _exclude: [N5k, N6k, N7k]
   kind: int
   get_value: '/^source-interface hold-down-time (\d+)$/'
   set_value: '<state> source-interface hold-down-time <time>'

lib/cisco_node_utils/cmd_ref/yum.yaml

@@ -11,5 +11,11 @@ query:
   # pass in the pkg name, retrieve version
   get_value: '/^%s\S*\s+(\S+)\s+(?:installed|@\S+)/'
 
+query_all:
+  multiple: true
+  get_command: "show install packages"
+  get_value: '/^(\S+)\s+(\S+)\s+(\S+)$/'
+  default_value: []
+
 remove:
   set_value: "install deactivate %s"

lib/cisco_node_utils/interface.rb

@@ -1276,7 +1276,7 @@ def default_switchport_pvlan_trunk_native_vlan
     # Always returns an array.
     def pvlan_mapping
       range = config_get('interface', 'pvlan_mapping', name: @name)
-      return nil if range.nil?
+      return default_pvlan_mapping if range.nil?
       range.empty? ? range : [range.delete(' ')]
     end
 

lib/cisco_node_utils/overlay_global.rb

@@ -31,7 +31,6 @@ class OverlayGlobal < NodeUtil
 
     # dup-host-ip-addr-detection
     def dup_host_ip_addr_detection
-      return nil unless Feature.nv_overlay_evpn_enabled?
       match = config_get('overlay_global', 'dup_host_ip_addr_detection')
       if match.nil?
         default_dup_host_ip_addr_detection
@@ -99,16 +98,7 @@ def dup_host_mac_detection_timeout
 
     def dup_host_mac_detection_set(host_moves, timeout)
       set_args = { host_moves: host_moves, timeout: timeout }
-      if host_moves == default_dup_host_mac_detection_host_moves &&
-         timeout == default_dup_host_mac_detection_timeout
-        dup_host_mac_detection_default
-      else
-        config_set('overlay_global', 'dup_host_mac_detection', set_args)
-      end
-    end
-
-    def dup_host_mac_detection_default
-      config_set('overlay_global', 'dup_host_mac_detection_default')
+      config_set('overlay_global', 'dup_host_mac_detection', set_args)
     end
 
     def default_dup_host_mac_detection
@@ -126,7 +116,6 @@ def default_dup_host_mac_detection_timeout
 
     # anycast-gateway-mac
     def anycast_gateway_mac
-      return nil unless Feature.nv_overlay_evpn_enabled?
       mac = config_get('overlay_global', 'anycast_gateway_mac')
       mac.nil? || mac.empty? ? default_anycast_gateway_mac : mac.downcase
     end

lib/cisco_node_utils/pim.rb

@@ -45,6 +45,7 @@ def initialize(afi, vrf, instantiate=true)
     def self.pims
       afis = %w(ipv4) # TBD: No support for ipv6 at this time
       hash_final = {}
+      return hash_final unless Feature.pim_enabled?
       afis.each do |afi|
         hash_final[afi] = {}
         default_vrf = 'default'

lib/cisco_node_utils/pim_group_list.rb

@@ -42,6 +42,7 @@ def initialize(afi, vrf, rp_addr, group, instantiate=true)
     def self.group_lists
       afis = %w(ipv4) # TBD ipv6
       hash = {}
+      return hash unless Feature.pim_enabled?
       afis.each do |afi|
         hash[afi] = {}
         default_vrf = 'default'

lib/cisco_node_utils/pim_rp_address.rb

@@ -39,6 +39,7 @@ def initialize(afi, vrf, rp_addr, instantiate=true)
     def self.rp_addresses
       afis = %w(ipv4) # TBD ipv6
       hash = {}
+      return hash unless Feature.pim_enabled?
       afis.each do |afi|
         hash[afi] = {}
         default_vrf = 'default'

lib/cisco_node_utils/platform.rb

@@ -188,7 +188,14 @@ def self.fans
     #                            'cpu'      => '0% system CPU' }},
     #      { ... }}
     def self.virtual_services
-      virts = config_get('virtual_service', 'services')
+      # If no virtual-services are installed, this will result
+      # in a RuntimeError.  We need to rescue this specific case.
+      begin
+        virts = config_get('virtual_service', 'services')
+      rescue RuntimeError => e
+        return {} if e.message[/No key \"TABLE_detail\"/]
+        raise
+      end
       return {} if virts.nil?
       # NXAPI returns hash instead of array if there's only 1
       virts = [virts] if virts.is_a? Hash

lib/cisco_node_utils/yum.rb

@@ -22,45 +22,30 @@
 module Cisco
   # This Yum class provides cisco package management functions through nxapi.
   class Yum < NodeUtil
-    def self.decompose_name(file_name)
-      # ex: chef-12.0.0alpha.2+20150319.git.1.b6f-1.el5.x86_64.rpm
-      name_ver_arch_regex = /^([\w\-\+]+)-(\d+\..*)\.(\w{4,})(?:\.rpm)?$/
-
-      # ex n9000_sample-1.0.0-7.0.3.x86_64.rpm
-      name_ver_arch_regex_nx = /^(.*)-([\d\.]+-[\d\.]+)\.(\w{4,})\.rpm$/
-
-      # ex: b+z-ip2.x64_64
-      name_arch_regex = /^([\w\-\+]+)\.(\w+)$/
-
-      file_name.match(name_ver_arch_regex) ||
-        file_name.match(name_ver_arch_regex_nx) ||
-        file_name.match(name_arch_regex)
-    end
-
-    def self.validate(pkg)
-      file_name = pkg.strip.tr(':', '/').split('/').last
-      pkg_info = Yum.decompose_name(file_name)
-      if pkg_info.nil?
-        query_name = file_name
-      else
-        if pkg_info[3].nil?
-          query_name = pkg_info[1]
-        else
-          query_name = "#{pkg_info[1]}.#{pkg_info[3]}"
+    def self.validate_installed(pkg)
+      # Sample data returned from config_get('yum', 'query_all')
+      # ["nxos.sample-n8k_EOR.lib32_nxos", "1.0.0-7.0.3.F1.1", "@patching"],
+      patch_data = config_get('yum', 'query_all')
+      patch_data.each do |name_arch, version, _state|
+        # Separate name and architecture
+        next if name_arch.rindex('.').nil?
+        arch = name_arch.slice!(name_arch.rindex('.')..-1).delete('.')
+        # Version/Architecture info not available when only pkg name specified.
+        version = arch = '' if name_arch == pkg
+        # Check for match
+        if pkg.match(name_arch) && pkg.match(version) && pkg.match(arch)
+          return true
         end
       end
-      should_ver = pkg_info[2] if pkg_info && pkg_info[3]
-      ver = query(query_name)
-      if ver.nil? || (!should_ver.nil? && should_ver != ver)
-        fail 'Failed to install the requested rpm'
-      end
+      fail 'Failed to install the requested rpm'
     end
 
     def self.detect_vrf
       # Detect current namespace from agent environment
       inode = File::Stat.new('/proc/self/ns/net').ino
       # -L reqd for guestshell's find command
       vrfname = File.basename(`find -L /var/run/netns/ -inum #{inode}`.chop)
+
       vrf = 'vrf ' + vrfname unless vrfname.empty?
       vrf
     end
@@ -73,7 +58,7 @@ def self.install(pkg, vrf=nil)
       # which may fail at a later stage yet return a false positive;
       # therefore a post-validation check is needed here to verify the
       # actual outcome.
-      validate(pkg)
+      validate_installed(pkg)
     end
 
     # returns version of package, or false if package doesn't exist

tests/ciscotest.rb

@@ -288,9 +288,10 @@ def vxlan_linecard?
     #   '9  12  10/40 Gbps Ethernet Module  N77-F312FQ-25 ok'
     #   '2   6  Nexus 6xQSFP Ethernet Module  N5K-C5672UP-M6Q ok'
     #   '2   6  Nexus xxQSFP Ethernet Module  N6K-C6004-96Q/EF ok'
+    #   '2   4  Nexus 4xQSFP Ethernet Module  N6K-C6001-M4Q ok'
     if node.product_id[/N(5|6)K/]
       sh_mod_string = @device.cmd("sh mod | i '^[0-9]+.*N[56]K-C[56]'")
-      sh_mod = sh_mod_string[/^(\d+)\s.*N[56]K-C(56|6004)/]
+      sh_mod = sh_mod_string[/^(\d+)\s.*N[56]K-C(56|600[14])/]
       skip('Unable to find compatible interface in chassis') if sh_mod.nil?
     elsif node.product_id[/N7K/]
       mt_full_interface?

tests/tacacs_server.yaml.example

@@ -0,0 +1,6 @@
+# Tacacs server configuration for test_aaa_authorization_service.rb
+# Tacacs server must be set up with external access for test to run
+host: '10.122.197.197'
+key:  'testing123'
+vrf:  'management'
+intf: 'mgmt0'

tests/test_aaa_authentication_login_service.rb

@@ -84,8 +84,6 @@ def test_collection_svc_def
     aaaauthloginservice_list = AaaAuthenticationLoginService.services
     refute_empty(aaaauthloginservice_list,
                  'Error: service collection is not filled')
-    assert_equal(1, aaaauthloginservice_list.size,
-                 'Error:  collection not reporting correct ')
     assert(aaaauthloginservice_list.key?('default'),
            'Error:  collection does contain default')
     aaaauthloginservice_list.each do |name, aaaauthloginservice|
@@ -651,13 +649,6 @@ def test_service_console_set_groups
     assert_show_match(command: 'show run aaa all | no-more',
                       pattern: Regexp.new(prefix + groups.join(' ')))
 
-    # default group and method
-    method = aaaauthloginservice.default_method
-    groups = aaaauthloginservice.default_groups
-    aaaauthloginservice.groups_method_set(groups, method)
-    refute_show_match(command: 'show run aaa all | no-more',
-                      pattern: /^aaa authentication login console local/)
-
     aaaauthloginservice_detach(aaaauthloginservice)
     unconfig_tacacs
   end