How can I hide aaa particular node in show full configuration

Sumeet · December 11, 2018, 10:31pm

Hi,
I need to hide password value for aaa user in command “show full configuration”.
I tried following with import tailf-aaa:
tailf:annotate “/aaa:aaa/aaa:authentication/aaa:users/aaa:user/aaa:password” {
tailf:suppress-echo true;
}

It did not make any difference. Any help is appreciated.

Thanks,
Sumeet

mnovak · December 17, 2018, 10:19am

You can try to tailf:annotate with tailf:hidden annotation, not tailf:suppress-echo (which is for when you input values like passwords).

Sumeet · December 17, 2018, 11:16pm

Thanks. I tried. None in effect.
I also tried hiding aaa user password by cli spec file. This is not calling executable python file.
From user guide 6.4.1, I referenced 16.21.6:
Here is the file:

< clispec xmlns=“http://tail-f.com/ns/clispec/1.0” style=“c”>
< configureMode>
< cmd name=“custom-show-cmd” mount=“show full-configuration aaa” >

 < info>Hide hashed password</info>
 < help>Hide hashed password</help>
 < callback>
	 < exec>
	    < osCommand>/opt/bluecoat/clp/cli/scripts/custom_show_cmd.py</osCommand>
	 < /exec>
 < /callback>

< /cmd>
< /configureMode>

< /clispec>

Thanks in advance.

mnovak · December 18, 2018, 11:22am

I have tried annotation file

module datamodel_an {
    namespace "http://tail-f.com/ns/example/datamodel_an";
    prefix datamodel_an;

    import tailf-common {
        prefix tailf;
    }

    import tailf-aaa {
       prefix aaa;
    }

    tailf:annotate "/aaa:aaa/aaa:authentication/aaa:users/aaa:user/aaa:password" {
       tailf:hidden true;
    }
}

output:

# show running-config aaa 
aaa authentication users user admin
 uid        9000
 gid        100
 ssh_keydir /var/confd/homes/admin/.ssh
 homedir    /var/confd/homes/admin
!
aaa authentication users user oper
 uid        9000
 gid        100
 ssh_keydir /var/confd/homes/oper/.ssh
 homedir    /var/confd/homes/oper
!
aaa authentication users user private
 uid        9000
 gid        100
 ssh_keydir /var/confd/homes/private/.ssh

please make sure you compile tailf-aaa.fxs from $(CONFD_DIR)/src/confd/aaa/tailf-aaa.yang
and annotate it.

Here is small example:
https://cisco.box.com/s/4ld6bp5baazwsl2hl2e7ibv0i6szfzah

Sumeet · December 18, 2018, 11:20pm

Thanks a lot. After referring your example, I found annotation compilation in Makefile different. I was naming new modified aaa filename.fxs whereas in example it is same tailf-aaa.fxs. This solves the problem. Now, I can hide aaa password.