Example for Providing a Warning Message by Saving and Restoring a Script Variable

Networking Requirements

As shown in Figure 1, the user remotely manages a switch through a network. When the user runs the arp learning multicast enable command for the first time, a message is displayed on the terminal indicating that the command has security risks. The user needs to confirm whether to run the command. If the user confirms not to run this command, when the user enters this command again, the message is still displayed on the terminal. Once the user confirms the execution of this command, if the user enters the command again, no prompt information is displayed in the system.

Figure 1 Networking for providing a warning message by saving and restoring a script variable

Configuration Roadmap

Configure the IP address of the interface as the management IP address of the switch.
Make a Python script riskwarning.py to display a warning message when a high-risk command needs to be executed.
Log in to the switch remotely, upload the Python script to the switch, and install the script.
Configure a Python script assistant.

Procedure

Make Python scripts.
# Make Python scripts riskwarning.py to implement the following functions:
- Register the command line event to trigger a warning message when a high-risk command needs to be executed.
- The script determines whether to execute the high-risk command according to user input. If the user confirms not to run this command, when the user enters this command again, the message is still displayed on the terminal. Once the user confirms the execution of this command, if the user enters the command again, no prompt information is displayed in the system.
Upload and install the Python script.
# Log in to the switch remotely and upload the Python script from the PC to the switch. For details about how to upload a file, see File Management in S2720, S5700, and S6700 V200R019C10 Configuration Guide - Basic Configuration.

# Install the Python script on the switch.
```
<Switch> ops install file riskwarning.py
```
Configure a Python script assistant.
# Configure a Python script assistant and register the CLI event in the script riskwarning.py. Wait for the event to be triggered.
```
<Switch> system-view
[Switch] ops
[Switch-ops] script-assistant python riskwarning.py
[Switch-ops] quit
```
Verify the configuration.
# After the preceding configurations are complete, run a command with a specified level of risk to check whether the system will display a warning message. The command specified in the current script is arp learning multicast enable and is executed in the system view.
```
[Switch] arp learning multicast enable
The device may be attacked by ARP attack packets with multicast MAC addresses. Are you sure to continue?[Y/N]:
```
If you enter N or n, the arp learning multicast enable command is not executed. If you enter the display current-configuration | include arp command in any view, the command output does not display the arp learning multicast enable command. When you enter the arp learning multicast enable command next time, the prompt information is still displayed on the terminal.

If you enter Y or y, the arp learning multicast enable command is executed. If you enter the display current-configuration | include arp command in any view, the command output displays the arp learning multicast enable command. When you enter the arp learning multicast enable command next time, no prompt information is displayed in the system.

Configuration Files and Scripts

Configuration file of the switch

#
ops
 script-assistant python riskwarning.py
#
return

Example of the script riskwarning.py

# -*- coding: utf-8 -*-
import ops         # Import the OPS module.
import sys         # Import the sys module.
import os          # Import the OS module.
# Subscription processing function
def ops_condition (ops):
	# Match the risky command arp learning multicast enable.
	value, err_str = ops.cli.subscribe("cli1", "arp learning multicast enable", enter=True, sync=True, sync_wait=60)
	# Clear the script variable value saved last time.
	value1, descri_str1 = ops.context.retrieve("input")
	return 0

# Work processing function
def ops_execute (ops):
	# Obtain the system environment variable _cli_vty, indicating the user channel.
	key, value = ops.environment.get("_cli_vty")
	# Read user input from a terminal and save user input as the variable name input. You can obtain user input by restoring the script variable.
	value1, descri_str1 = ops.context.retrieve("input");
	# When the arp learning multicast enable command is executed for the first time, a message indicating a CLI risk is not displayed, so value1 = None is matched.
	# When the arp learning multicast enable command is executed last time, you enter other information except for Y and y after a message indicating a CLI risk is displayed, value1 != "Y" and value1 != "y" is matched.
	if (value1 != "Y" or value1 != "y") or value1 == None:
	# Generate a message indicating a CLI risk on the terminal.
		a, b = ops.terminal.write("The device may be attacked by ARP attack packets with multicast MAC addresses. Are you sure to continue?[Y/N]:", vty=key)
		# Read user input from the terminal and save user input as the variable name input.
		value2, descri_str2 = ops.terminal.read(512, timeout=30, vty=None)
		value3, descri_str3 = ops.context.save("input", value2)
		# If other information except for Y or y is entered, the arp learning multicast enable command cannot be executed.
		if value2 != "Y" and value2 != "y":
			return 0
		# If Y or y is entered, run the arp learning multicast enable command.
		else:
			return 1
	# After a message indicating a CLI risk is displayed on the terminal and Y or y is entered, the arp learning multicast enable command can be executed directly for the next time.
	else:
		value3, descri_str3 = ops.context.save("input", "Y")
		return 1