junos

package module
v0.0.0-...-8639bb4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 5, 2019 License: MIT Imports: 12 Imported by: 1

README

go-junos

GoDoc Travis-CI Go Report Card

A Go package that interacts with Junos devices, as well as Junos Space, and allows you to do the following:

  • Run operational mode commands, such as show, request, etc..
  • Compare the active configuration to a rollback configuration (diff).
  • Rollback the configuration to a given state or a "rescue" config.
  • Configure devices by submitting commands, uploading a local file or from a remote FTP/HTTP server.
  • Commit operations: lock, unlock, commit, commit at, commit confirmed, commit full.
  • Device views - This will allow you to quickly get all the information on the device for the specified view.
  • [SRX] Convert from a zone-based address book to a global one.

Junos Space <= 15.2

  • Get information from Junos Space managed devices.
  • Add/remove devices from Junos Space.
  • List all software image packages that are in Junos Space.
  • Stage and deploy software images to devices from Junos Space.
  • Create, edit and delete address and service objects/groups.
  • Edit address and service groups by adding or removing objects to them.
  • View all policies managed by Junos Space.
  • Publish policies and update devices.
  • Add/modify polymorphic (variable) objects.

Installation

go get -u github.com/scottdware/go-junos

Note: This package makes all of it's calls over Netconf using the go-netconf package from Juniper Networks. Please make sure you allow Netconf communication to your devices:

set system services netconf ssh
set security zones security-zone <xxx> interfaces <xxx> host-inbound-traffic system-services netconf

Authentication Methods

There are two different ways you can authenticate against to device. Standard username/password combination, or use SSH keys. There is an AuthMethod struct which defines these methods that you will need to use in your code. Here is an example of connecting to a device using only a username and password.

auth := &junos.AuthMethod{
    Credentials: []string{"scott", "deathstar"},
}

jnpr, err := junos.NewSession("srx.company.com", auth)
if err != nil {
    fmt.Println(err)
}

If you are using SSH keys, here is an example of how to connect:

auth := &junos.AuthMethod{
    Username:   "scott",
    PrivateKey: "/home/scott/.ssh/id_rsa",
    Passphrase: "mysecret",
}

jnpr, err := junos.NewSession("srx.company.com", auth)
if err != nil {
    fmt.Println(err)
}

If you do not have a passphrase tied to your private key, then you can omit the Passphrase field entirely. In the above example, we are connecting from a *nix/Mac device, as shown by the private key path. No matter the OS, as long as you provide the location of the private key file, you should be fine.

If you are running Windows, and using PuTTY for all your SSH needs, then you will need to generate a public/private key pair by using Puttygen. Once you have generated it, you will need to export your private key using the OpenSSH format, and save it somewhere as shown below:

alt-text

Examples

Visit the GoDoc page for package documentation and examples.

Connect to a device, and view the current config to rollback 1.

auth := &junos.AuthMethod{
    Credentials: []string{"admin", "Juniper123!"},
}

jnpr, err := junos.NewSession("qfx-switch.company.com", auth)
if err != nil {
    fmt.Println(err)
}

defer jnpr.Close()

diff, err := jnpr.Diff(1)
if err != nil {
    fmt.Println(err)
}

fmt.Println(diff)

// Will output the following

[edit vlans]
-   zzz-Test {
-       vlan-id 999;
-   }
-   zzz-Test2 {
-       vlan-id 1000;
-   }

View the routing-instance configuration.

auth := &junos.AuthMethod{
    Username:   "admin",
    PrivateKey: "/home/scott/.ssh/id_rsa",
}

jnpr, err := junos.NewSession("srx.company.com", auth)
if err != nil {
    fmt.Println(err)
}

defer jnpr.Close()

riConfig, err := jnpr.GetConfig("text", "routing-instances")
if err != nil {
    fmt.Println(err)
}

fmt.Println(riConfig)

// Will output the following

## Last changed: 2017-03-24 12:26:58 EDT
routing-instances {
    default-ri {
        instance-type virtual-router;
        interface lo0.0;
        interface reth1.0;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 10.1.1.1;
            }
        }
    }
}

Views

Device views allow you to quickly gather information regarding a specific "view," so that you may use that information however you wish. A good example, is using the "interface" view to gather all of the interface information on the device, then iterate over that view to see statistics, interface settings, etc.

Note: Some of the views aren't available for all platforms, such as the ethernetswitch and virtualchassis on an SRX or MX.

Current out-of-the-box, built-in views are:

Views CLI equivilent
arp show arp
route show route
bgp show bgp summary
interface show interfaces
vlan show vlans
ethernetswitch show ethernet-switching table
inventory show chassis hardware
virtualchassis show virtual-chassis status
staticnat show security nat static rule all
sourcenat show security nat source rule all
storage show system storage
firewallpolicy show security policies (SRX only)
lldp show lldp neighbors

NOTE: Clustered SRX's will only show the NAT rules from one of the nodes, since they are duplicated on the other.

When using the interface view, by default it will return all of the interfaces on the device. If you wish to see only a particular interface and all of it's logical interfaces, you can optionally specify the name of an interface using the option parameter, e.g.:

jnpr.View("interface", "ge-0/0/0")

Creating Custom Views

You can even create a custom view by creating a struct that models the XML output from using the GetConfig() function. Granted, this is a little more work, and requires you to know a bit more about the Go language (such as unmarshalling XML), but if there's a custom view that you want to see, it's possible to do this for anything you want.

I will be adding more views over time, but feel free to request ones you'd like to see by emailing me, or drop me a line on Twitter.

Example: View the ARP table on a device

view, err := jnpr.View("arp")
if err != nil {
    fmt.Println(err)
}

fmt.Printf("# ARP entries: %d\n\n", view.Arp.Count)
for _, a := range view.Arp.Entries {
    fmt.Printf("MAC: %s\n", a.MACAddress)
    fmt.Printf("IP: %s\n", a.IPAddress)
    fmt.Printf("Interface: %s\n\n", a.Interface)
}

// Will print out the following

# ARP entries: 4

MAC: 00:01:ab:cd:4d:73
IP: 10.1.1.28
Interface: reth0.1

MAC: 00:01:ab:cd:0a:93
IP: 10.1.1.30
Interface: reth0.1

MAC: 00:01:ab:cd:4f:8c
IP: 10.1.1.33
Interface: reth0.1

MAC: 00:01:ab:cd:f8:30
IP: 10.1.1.36
Interface: reth0.1

Documentation

Overview

Package junos provides automation for Junos (Juniper Networks) devices, as well as interaction with Junos Space.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type APIRequest

type APIRequest struct {
	Method      string
	URL         string
	Body        string
	ContentType string
}

APIRequest builds our request before sending it to the server.

type Address

type Address struct {
	ID          int    `xml:"id"`
	Name        string `xml:"name"`
	AddressType string `xml:"address-type"`
	Description string `xml:"description"`
	IPAddress   string `xml:"ip-address"`
	Hostname    string `xml:"host-name"`
}

An Address contains information about each individual address object.

type AddressEntry

type AddressEntry struct {
	Name     string `xml:"name"`
	IP       string `xml:"ip-prefix,omitempty"`
	DNSName  string `xml:"dns-name>name,omitempty"`
	Wildcard string `xml:"wildcard-address>name,omitempty"`
}

AddressEntry contains information about each individual address-book entry.

type AddressSet

type AddressSet struct {
	Name           string         `xml:"name"`
	AddressEntries []AddressEntry `xml:"address"`
}

AddressSet contains all of the address-sets (groups) in the address-book.

type Addresses

type Addresses struct {
	Addresses []Address `xml:"address"`
}

Addresses contains a list of address objects.

type ArpEntry

type ArpEntry struct {
	MACAddress string `xml:"mac-address"`
	IPAddress  string `xml:"ip-address"`
	Interface  string `xml:"interface-name"`
}

ArpEntry holds each individual ARP entry.

type ArpTable

type ArpTable struct {
	Count   int        `xml:"arp-entry-count"`
	Entries []ArpEntry `xml:"arp-table-entry"`
}

ArpTable contains the ARP table on the device.

type AuthMethod

type AuthMethod struct {
	Credentials []string
	Username    string
	PrivateKey  string
	Passphrase  string
}

AuthMethod defines how we want to authenticate to the device. If using a username and password to authenticate, the Credentials field must be populated like so:

[]string{"user", "password"}

If you are using an SSH prviate key for authentication, you must provide the username, path to the private key, and passphrase. On most systems, the private key is found in the following location:

~/.ssh/id_rsa

If you do not have a passphrase tied to your private key, then you can omit this field.

type BGPPeer

type BGPPeer struct {
	Address            string `xml:"peer-address"`
	ASN                int    `xml:"peer-as"`
	InputMessages      int    `xml:"input-messages"`
	OutputMessages     int    `xml:"output-messages"`
	QueuedRoutes       int    `xml:"route-queue-count"`
	Flaps              int    `xml:"flap-count"`
	ElapsedTime        string `xml:"elapsed-time"`
	State              string `xml:"peer-state"`
	RoutingTable       string `xml:"bgp-rib>name"`
	ActivePrefixes     int    `xml:"bgp-rib>active-prefix-count"`
	ReceivedPrefixes   int    `xml:"bgp-rib>received-prefix-count"`
	AcceptedPrefixes   int    `xml:"bgp-rib>accepted-prefix-count"`
	SuppressedPrefixes int    `xml:"bgp-rib>suppressed-prefix-count"`
}

BGPPeer contains information about each individual BGP peer.

type BGPTable

type BGPTable struct {
	TotalGroups int       `xml:"group-count"`
	TotalPeers  int       `xml:"peer-count"`
	DownPeers   int       `xml:"down-peer-count"`
	Entries     []BGPPeer `xml:"bgp-peer"`
}

BGPTable contains information about every BGP peer configured on the device.

type Chassis

type Chassis struct {
	Name         string   `xml:"name"`
	SerialNumber string   `xml:"serial-number"`
	Description  string   `xml:"description"`
	Modules      []Module `xml:"chassis-module"`
}

Chassis contains all of the hardware information for each chassis, such as a clustered pair of SRX's or a virtual-chassis configuration.

type CommitEntry

type CommitEntry struct {
	Sequence  int    `xml:"sequence-number"`
	User      string `xml:"user"`
	Method    string `xml:"client"`
	Log       string `xml:"log"`
	Comment   string `xml:"comment"`
	Timestamp string `xml:"date-time"`
}

CommitEntry holds information about each prevous commit.

type CommitHistory

type CommitHistory struct {
	Entries []CommitEntry `xml:"commit-history"`
}

CommitHistory holds all of the commit entries.

type Device

type Device struct {
	ID               int    `xml:"key,attr"`
	Family           string `xml:"deviceFamily"`
	Version          string `xml:"OSVersion"`
	Platform         string `xml:"platform"`
	Serial           string `xml:"serialNumber"`
	IPAddress        string `xml:"ipAddr"`
	Name             string `xml:"name"`
	ConnectionStatus string `xml:"connectionStatus"`
	ManagedStatus    string `xml:"managedStatus"`
}

A Device contains information about each individual device.

type Devices

type Devices struct {
	XMLName xml.Name `xml:"devices"`
	Devices []Device `xml:"device"`
}

Devices contains a list of managed devices.

type EthernetSwitchingTable

type EthernetSwitchingTable struct {
	Entries []L2MACEntry `xml:"l2ng-l2ald-mac-entry-vlan"`
}

EthernetSwitchingTable contains the ethernet-switching table on the device.

type FileSystem

type FileSystem struct {
	Name            string `xml:"filesystem-name"`
	TotalBlocks     int    `xml:"total-blocks"`
	UsedBlocks      int    `xml:"used-blocks"`
	AvailableBlocks int    `xml:"available-blocks"`
	UsedPercent     string `xml:"used-percent"`
	MountedOn       string `xml:"mounted-on"`
}

FileSystem contains the information for each partition.

type FirewallPolicy

type FirewallPolicy struct {
	XMLName xml.Name          `xml:"security-policies"`
	Entries []SecurityContext `xml:"security-context"`
}

FirewallPolicy contains the entire firewall policy for the device.

type GroupMembers

type GroupMembers struct {
	Members []Member `xml:"members>member"`
}

GroupMembers contains a list of all the members within a address or service group.

type HardwareInventory

type HardwareInventory struct {
	Chassis []Chassis `xml:"chassis"`
}

HardwareInventory contains all the hardware information about the device.

type Interfaces

type Interfaces struct {
	Entries []PhysicalInterface `xml:"physical-interface"`
}

Interfaces contains information about every interface on the device.

type Junos

type Junos struct {
	Session        *netconf.Session
	Hostname       string
	RoutingEngines int
	Platform       []RoutingEngine
	CommitTimeout  time.Duration
}

Junos contains our session state.

func NewSession

func NewSession(host string, auth *AuthMethod) (*Junos, error)

NewSession establishes a new connection to a Junos device that we will use to run our commands against, as well as gathers basic information about the device. Authentication methods are defined using the AuthMethod struct, and are as follows:

username and password, SSH private key (with or without passphrase)

Please view the package documentation for AuthMethod on how to use these methods.

func (*Junos) Close

func (j *Junos) Close()

Close disconnects our session to the device.

func (*Junos) Command

func (j *Junos) Command(cmd string, format ...string) (string, error)

Command executes any operational mode command, such as "show" or "request." If you wish to return the results of the command, specify the format, which must be "text" or "xml" as the second parameter (optional).

func (*Junos) Commit

func (j *Junos) Commit() error

Commit commits the configuration.

func (*Junos) CommitAt

func (j *Junos) CommitAt(time string, message ...string) error

CommitAt commits the configuration at the specified time. Time must be in 24-hour HH:mm format. Specifying a commit message is optional.

func (*Junos) CommitCheck

func (j *Junos) CommitCheck() error

CommitCheck checks the configuration for syntax errors, but does not commit any changes.

func (*Junos) CommitConfirm

func (j *Junos) CommitConfirm(delay int) error

CommitConfirm rolls back the configuration after the delayed minutes.

func (*Junos) CommitFull

func (j *Junos) CommitFull() error

CommitFull does a full commit on the configuration, which requires all daemons to check and evaluate the new configuration. Useful for when you get an error with a commit or when you've changed the configuration significantly.

func (*Junos) CommitHistory

func (j *Junos) CommitHistory() (*CommitHistory, error)

CommitHistory gathers all the information about the previous 5 commits.

func (*Junos) Config

func (j *Junos) Config(path interface{}, format string, commit bool) error

Config loads a given configuration file from your local machine, a remote (FTP or HTTP server) location, or via configuration statements from variables (type string or []string) within your script. Format must be "set", "text" or "xml".

func (*Junos) ConvertAddressBook

func (j *Junos) ConvertAddressBook() []string

ConvertAddressBook will generate the configuration needed to migrate from a zone-based address book to a global one. You can then use Config() to apply the changes if necessary.

func (*Junos) Diff

func (j *Junos) Diff(rollback int) (string, error)

Diff compares candidate config to current (rollback 0) or previous rollback this is equivalent to 'show | compare' or 'show | compare rollback X' when in configuration mode RPC: <get-configuration compare="rollback" rollback="[0-49]" format="text"/> https://goo.gl/wFRMX9 (juniper.net)

func (*Junos) GetConfig

func (j *Junos) GetConfig(format string, section ...string) (string, error)

GetConfig returns the configuration starting at the given section. If you do not specify anything for section, then the entire configuration will be returned. Format must be "text" or "xml." You can do sub-sections by separating the section path with a ">" symbol, i.e. "system>login" or "protocols>ospf>area." The default option is to return the XML.

func (*Junos) Lock

func (j *Junos) Lock() error

Lock locks the candidate configuration.

func (*Junos) Reboot

func (j *Junos) Reboot() error

Reboot will reboot the device.

func (*Junos) Rescue

func (j *Junos) Rescue(action string) error

Rescue will create or delete the rescue configuration given "save" or "delete" for the action.

func (*Junos) Rollback

func (j *Junos) Rollback(option interface{}) error

Rollback loads and commits the configuration of a given rollback number or rescue state, by specifying "rescue."

func (*Junos) SetCommitTimeout

func (j *Junos) SetCommitTimeout(delay int)

SetCommitTimeout will add the given delay time (in seconds) to the following commit functions: Lock(), Commit() and Unlock(). When configuring multiple devices, or having a large configuration to push, this can greatly reduce errors (especially if you're dealing with latency).

func (*Junos) Unlock

func (j *Junos) Unlock() error

Unlock unlocks the candidate configuration.

func (*Junos) View

func (j *Junos) View(view string, option ...string) (*Views, error)

View gathers information on the device given the "view" specified. These views can be interrated/looped over to view the data (i.e. ARP table entries, interface details/statistics, routing tables, etc.). Supported views are:

arp, route, bgp, interface, vlan, ethernetswitch, inventory, virtualchassis, staticnat, sourcenat, storage, fireawllpolicy

By default, the interface view will return all interfaces on the device. If you wish to only see a particular physical interface, and all logical interfaces underneath it, you can use the option parameter to specify the name of the interface, e.g.:

View("interface", "ge-0/0/0")

type L2MACEntry

type L2MACEntry struct {
	GlobalMACCount  int        `xml:"mac-count-global"`
	LearnedMACCount int        `xml:"learnt-mac-count"`
	RoutingInstance string     `xml:"l2ng-l2-mac-routing-instance"`
	VlanID          int        `xml:"l2ng-l2-vlan-id"`
	MACEntries      []MACEntry `xml:"l2ng-mac-entry"`
}

L2MACEntry contains information about every MAC address on each VLAN.

type LLDPNeighbor

type LLDPNeighbor struct {
	LocalPortId              string `xml:"lldp-local-port-id"`
	LocalParentInterfaceName string `xml:"lldp-local-parent-interface-name"`
	RemoteChassisIdSubtype   string `xml:"lldp-remote-chassis-id-subtype"`
	RemoteChassisId          string `xml:"lldp-remote-chassis-id"`
	RemotePortDescription    string `xml:"lldp-remote-port-description"`
	RemotePortId             string `xml:"lldp-remote-port-id"`
	RemoteSystemName         string `xml:"lldp-remote-system-name"`
}

type LLDPNeighbors

type LLDPNeighbors struct {
	Entries []LLDPNeighbor `xml:"lldp-neighbor-information"`
}

type LogicalInterface

type LogicalInterface struct {
	Name               string `xml:"name"`
	MTU                string `xml:"address-family>mtu"`
	IPAddress          string `xml:"address-family>interface-address>ifa-local"`
	LocalIndex         int    `xml:"local-index"`
	SNMPIndex          int    `xml:"snmp-index"`
	Encapsulation      string `xml:"encapsulation"`
	LAGInputPackets    uint64 `xml:"lag-traffic-statistics>lag-bundle>input-packets"`
	LAGInputPps        int    `xml:"lag-traffic-statistics>lag-bundle>input-pps"`
	LAGInputBytes      int    `xml:"lag-traffic-statistics>lag-bundle>input-bytes"`
	LAGInputBps        int    `xml:"lag-traffic-statistics>lag-bundle>input-bps"`
	LAGOutputPackets   uint64 `xml:"lag-traffic-statistics>lag-bundle>output-packets"`
	LAGOutputPps       int    `xml:"lag-traffic-statistics>lag-bundle>output-pps"`
	LAGOutputBytes     int    `xml:"lag-traffic-statistics>lag-bundle>output-bytes"`
	LAGOutputBps       int    `xml:"lag-traffic-statistics>lag-bundle>output-bps"`
	ZoneName           string `xml:"logical-interface-zone-name"`
	InputPackets       uint64 `xml:"traffic-statistics>input-packets"`
	OutputPackets      uint64 `xml:"traffic-statistics>output-packets"`
	AddressFamily      string `xml:"address-family>address-family-name"`
	AggregatedEthernet string `xml:"address-family>ae-bundle-name,omitempty"`
	LinkAddress        string `xml:"link-address,omitempty"`
}

LogicalInterface contains information about the logical interfaces tied to a physical interface.

type MACEntry

type MACEntry struct {
	VlanName         string `xml:"l2ng-l2-mac-vlan-name"`
	MACAddress       string `xml:"l2ng-l2-mac-address"`
	Age              string `xml:"l2ng-l2-mac-age"`
	Flags            string `xml:"l2ng-l2-mac-flags"`
	LogicalInterface string `xml:"l2ng-l2-mac-logical-interface"`
}

MACEntry contains information about each individual MAC address. Flags are: S - static MAC, D - dynamic MAC, L - locally learned, P - persistent static, SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC.

type Member

type Member struct {
	ID   int    `xml:"id"`
	Name string `xml:"name"`
}

Member contains information about each individual group member.

type Module

type Module struct {
	Name         string      `xml:"name"`
	Version      string      `xml:"version,omitempty"`
	PartNumber   string      `xml:"part-number"`
	SerialNumber string      `xml:"serial-number"`
	Description  string      `xml:"description"`
	CLEICode     string      `xml:"clei-code"`
	ModuleNumber string      `xml:"module-number"`
	SubModules   []SubModule `xml:"chassis-sub-module"`
}

Module contains information about each individual module.

type PhysicalInterface

type PhysicalInterface struct {
	Name                    string             `xml:"name"`
	AdminStatus             string             `xml:"admin-status"`
	OperStatus              string             `xml:"oper-status"`
	LocalIndex              int                `xml:"local-index"`
	SNMPIndex               int                `xml:"snmp-index"`
	Description             string             `xml:"description"`
	LinkLevelType           string             `xml:"link-level-type"`
	MTU                     string             `xml:"mtu"`
	LinkMode                string             `xml:"link-mode"`
	Speed                   string             `xml:"speed"`
	FlowControl             string             `xml:"if-flow-control"`
	AutoNegotiation         string             `xml:"if-auto-negotiation"`
	CurrentPhysicalAddress  string             `xml:"current-physical-address"`
	HardwarePhysicalAddress string             `xml:"hardware-physical-address"`
	Flapped                 string             `xml:"interface-flapped"`
	InputBps                int                `xml:"traffic-statistics>input-bps"`
	InputPps                int                `xml:"traffic-statistics>input-pps"`
	OutputBps               int                `xml:"traffic-statistics>output-bps"`
	OutputPps               int                `xml:"traffic-statistics>output-pps"`
	LogicalInterfaces       []LogicalInterface `xml:"logical-interface"`
}

PhysicalInterface contains information about each individual physical interface.

type Policies

type Policies struct {
	Policies []Policy `xml:"firewall-policy"`
}

Policies contains a list of firewall policies.

type Policy

type Policy struct {
	ID          int    `xml:"id"`
	Name        string `xml:"name"`
	Description string `xml:"description"`
}

A Policy contains information about each individual firewall policy.

type Route

type Route struct {
	Destination           string `xml:"rt-destination"`
	Active                string `xml:"rt-entry>active-tag"`
	Protocol              string `xml:"rt-entry>protocol-name"`
	Preference            int    `xml:"rt-entry>preference"`
	Age                   string `xml:"rt-entry>age"`
	NextHop               string `xml:"rt-entry>nh>to,omitempty"`
	NextHopInterface      string `xml:"rt-entry>nh>via,omitempty"`
	NextHopTable          string `xml:"rt-entry>nh>nh-table,omitempty"`
	NextHopLocalInterface string `xml:"rt-entry>nh>nh-local-interface,omitempty"`
}

Route holds information about each individual route.

type RouteTable

type RouteTable struct {
	Name           string  `xml:"table-name"`
	TotalRoutes    int     `xml:"total-route-count"`
	ActiveRoutes   int     `xml:"active-route-count"`
	HolddownRoutes int     `xml:"holddown-route-count"`
	HiddenRoutes   int     `xml:"hidden-routes"`
	Entries        []Route `xml:"rt"`
}

RouteTable holds all the route information for each table.

type RoutingEngine

type RoutingEngine struct {
	Model   string
	Version string
}

RoutingEngine contains the hardware and software information for each route engine.

type RoutingTable

type RoutingTable struct {
	RouteTables []RouteTable `xml:"route-table"`
}

RoutingTable contains every routing table on the device.

type Rule

type Rule struct {
	Name                 string   `xml:"policy-name"`
	State                string   `xml:"policy-state"`
	Identifier           int      `xml:"policy-identifier"`
	ScopeIdentifier      int      `xml:"scope-policy-identifier"`
	SequenceNumber       int      `xml:"policy-sequence-number"`
	SourceAddresses      []string `xml:"source-addresses>source-address>address-name"`
	DestinationAddresses []string `xml:"destination-addresses>destination-address>address-name"`
	Applications         []string `xml:"applications>application>application-name"`
	SourceIdentities     []string `xml:"source-identities>source-identity>role-name"`
	PolicyAction         string   `xml:"policy-action>action-type"`
	PolicyTCPOptions     struct {
		SYNCheck      string `xml:"policy-tcp-options-syn-check"`
		SequenceCheck string `xml:"policy-tcp-options-sequence-check"`
	} `xml:"policy-action>policy-tcp-options"`
}

Rule contains each individual element that makes up a security policy rule.

type SecurityContext

type SecurityContext struct {
	SourceZone      string `xml:"context-information>source-zone-name"`
	DestinationZone string `xml:"context-information>destination-zone-name"`
	Rules           []Rule `xml:"policies>policy-information"`
}

SecurityContext contains the policies for each context, such as rules from trust to untrust zones.

type SecurityDevice

type SecurityDevice struct {
	ID        int    `xml:"id"`
	Family    string `xml:"device-family"`
	Platform  string `xml:"platform"`
	IPAddress string `xml:"device-ip"`
	Name      string `xml:"name"`
}

A SecurityDevice contains information about each individual security device.

type SecurityDevices

type SecurityDevices struct {
	XMLName xml.Name         `xml:"devices"`
	Devices []SecurityDevice `xml:"device"`
}

SecurityDevices contains a list of security devices.

type SecurityZones

type SecurityZones struct {
	XMLName xml.Name `xml:"configuration"`
	Zones   []Zone   `xml:"security>zones>security-zone"`
}

SecurityZones contains all of our security-zone information.

type Service

type Service struct {
	ID          int    `xml:"id"`
	Name        string `xml:"name"`
	IsGroup     bool   `xml:"is-group"`
	Description string `xml:"description"`
}

A Service contains information about each individual service object.

type Services

type Services struct {
	Services []Service `xml:"service"`
}

Services contains a list of service objects.

type SoftwarePackage

type SoftwarePackage struct {
	ID       int    `xml:"key,attr"`
	Name     string `xml:"fileName"`
	Version  string `xml:"version"`
	Platform string `xml:"platformType"`
}

A SoftwarePackage contains information about each individual software package.

type SoftwarePackages

type SoftwarePackages struct {
	Packages []SoftwarePackage `xml:"package"`
}

SoftwarePackages contains a list of software packages managed by Junos Space.

type SoftwareUpgrade

type SoftwareUpgrade struct {
	UseDownloaded bool // Use an image already staged on the device.
	Validate      bool // Check/don't check compatibility with current configuration.
	Reboot        bool // Reboot system after adding package.
	RebootAfter   int  // Reboot the system after "x" minutes.
	Cleanup       bool // Remove any pre-existing packages on the device.
	RemoveAfter   bool // Remove the package after successful installation.
}

SoftwareUpgrade consists of options available to use before issuing a software upgrade.

type SourceNatEntry

type SourceNatEntry struct {
	Name                     string   `xml:"rule-name"`
	SetName                  string   `xml:"rule-set-name"`
	ID                       string   `xml:"rule-id"`
	RuleMatchingPosition     int      `xml:"rule-matching-position"`
	FromContext              string   `xml:"rule-from-context"`
	FromZone                 string   `xml:"rule-from-context-name"`
	ToContext                string   `xml:"rule-to-context"`
	ToZone                   string   `xml:"rule-to-context-name"`
	SourceAddressLowRange    string   `xml:"source-address-range-entry>rule-source-address-low-range"`
	SourceAddressHighRange   string   `xml:"source-address-range-entryrule-source-address-high-range"`
	SourceAddresses          []string `xml:"source-address-range-entry>rule-source-address"`
	DestinationAddresses     []string `xml:"destination-address-range-entry>rule-destination-address"`
	DestinationPortLow       int      `xml:"destination-port-entry>rule-destination-port-low"`
	DestinationPortHigh      int      `xml:"destination-port-entry>rule-destination-port-high"`
	SourcePortLow            int      `xml:"source-port-entry>rule-source-port-low"`
	SourcePortHigh           int      `xml:"source-port-entry>rule-source-port-high"`
	SourceNatProtocol        string   `xml:"src-nat-protocol-entry"`
	RuleAction               string   `xml:"source-nat-rule-action-entry>source-nat-rule-action"`
	PersistentNatType        string   `xml:"source-nat-rule-action-entry>persistent-nat-type"`
	PersistentNatMappingType string   `xml:"source-nat-rule-action-entry>persistent-nat-mapping-type"`
	PersistentNatTimeout     int      `xml:"source-nat-rule-action-entry>persistent-nat-timeout"`
	PersistentNatMaxSession  int      `xml:"source-nat-rule-action-entry>persistent-nat-max-session"`
	TranslationHits          int      `xml:"source-nat-rule-hits-entry>rule-translation-hits"`
	SuccessfulSessions       int      `xml:"source-nat-rule-hits-entry>succ-hits"`
	ConcurrentHits           int      `xml:"source-nat-rule-hits-entry>concurrent-hits"`
}

SourceNatEntry holds each individual source NAT entry.

type SourceNats

type SourceNats struct {
	Count   int
	Entries []SourceNatEntry `xml:"source-nat-rule-entry"`
}

SourceNats contains the source NATs configured on the device.

type Space

type Space struct {
	Host     string
	User     string
	Password string
}

Space contains our session state.

func NewServer

func NewServer(host, user, passwd string) *Space

NewServer sets up our connection to the Junos Space server.

func (*Space) AddAddress

func (s *Space) AddAddress(name, ip string, description ...string) error

AddAddress creates a new address object in Junos Space. Description is optional.

func (*Space) AddDevice

func (s *Space) AddDevice(host, user, password string) (int, error)

AddDevice adds a new managed device to Junos Space, and returns the Job ID.

func (*Space) AddGroup

func (s *Space) AddGroup(grouptype, name string, description ...string) error

AddGroup creates a new address or service group in Junos Space. Objecttype must be "address" or "service".

func (*Space) AddService

func (s *Space) AddService(protocol, name string, ports interface{}, description string, timeout int) error

AddService creates a new service object to Junos Space. For a single port, just enter in the number. For a range of ports, enter the low-high range in quotes like so: "10000-10002".

func (*Space) AddVariable

func (s *Space) AddVariable(name, address string, description ...string) error

AddVariable creates a new polymorphic object (variable) on the Junos Space server. The address option is a default address object that will be used. This address object must already exist on the server.

func (*Space) Addresses

func (s *Space) Addresses(filter ...string) (*Addresses, error)

Addresses queries the Junos Space server and returns all of the information about each address that is managed by Space. Filter is optional, but if specified can help reduce the amount of objects returned.

func (*Space) DeleteObject

func (s *Space) DeleteObject(grouptype, name string) error

DeleteObject removes an address or service object from Junos Space. Grouptype must be "address" or "service"

func (*Space) DeleteVariable

func (s *Space) DeleteVariable(name string) error

DeleteVariable removes the polymorphic (variable) object from Junos Space. If the variable object is in use by a policy, then it will not be deleted until you remove it from the policy.

func (*Space) DeploySoftware

func (s *Space) DeploySoftware(device, image string, options *SoftwareUpgrade) (int, error)

DeploySoftware starts the upgrade process on the device, using the given image along with the options specified.

func (*Space) Devices

func (s *Space) Devices() (*Devices, error)

Devices queries the Junos Space server and returns all of the information about each device that is managed by Space.

func (*Space) EditAddress

func (s *Space) EditAddress(name, newip string) error

EditAddress changes the IP/Network/FQDN of the given address object name.

func (*Space) EditGroup

func (s *Space) EditGroup(grouptype, action, object, name string) error

EditGroup adds or removes objects to/from an existing address or service group. Grouptype must be "address" or "service." Action must be add or remove.

func (*Space) EditVariable

func (s *Space) EditVariable() (*VariableManagement, error)

EditVariable creates a new state when adding/removing addresses to a polymorphic (variable) object. We do this to only get the list of security devices (SecurityDevices()) once, instead of call the function each time we want to modify a variable.

func (*Space) GroupMembers

func (s *Space) GroupMembers(grouptype, name string) (*GroupMembers, error)

GroupMembers lists all of the address or service objects within the given group. Grouptype must be "address" or "service".

func (*Space) Policies

func (s *Space) Policies() (*Policies, error)

Policies returns a list of all firewall policies managed by Junos Space.

func (*Space) PublishPolicy

func (s *Space) PublishPolicy(policy interface{}, update bool) (int, error)

PublishPolicy publishes a changed firewall policy. If "true" is specified for update, then Junos Space will also update the device.

func (*Space) RemoveDevice

func (s *Space) RemoveDevice(device interface{}) error

RemoveDevice removes a device from Junos Space. You can specify the device ID, name or IP address.

func (*Space) RemoveStagedSoftware

func (s *Space) RemoveStagedSoftware(device, image string) (int, error)

RemoveStagedSoftware will delete the staged software image on the device.

func (*Space) RenameObject

func (s *Space) RenameObject(grouptype, name, newname string) error

RenameObject renames an address or service object to the given new name. Grouptype must be "address" or "service"

func (*Space) Resync

func (s *Space) Resync(device interface{}) (int, error)

Resync synchronizes the device with Junos Space. Good to use if you make a lot of changes outside of Junos Space such as adding interfaces, zones, etc.

func (*Space) SecurityDevices

func (s *Space) SecurityDevices() (*SecurityDevices, error)

SecurityDevices queries the Junos Space server and returns all of the information about each security device that is managed by Space.

func (*Space) Services

func (s *Space) Services(filter ...string) (*Services, error)

Services queries the Junos Space server and returns all of the information about each service that is managed by Space.

func (*Space) Software

func (s *Space) Software() (*SoftwarePackages, error)

Software queries the Junos Space server and returns all of the information about each software image that Space manages.

func (*Space) StageSoftware

func (s *Space) StageSoftware(device, image string, cleanup bool) (int, error)

StageSoftware loads the given software image onto the device but does not upgrade it. The package is placed in the /var/tmp directory.

func (*Space) UpdateDevice

func (s *Space) UpdateDevice(device interface{}) (int, error)

UpdateDevice will update a changed security device, synchronizing it with Junos Space.

func (*Space) Variables

func (s *Space) Variables() (*Variables, error)

Variables returns a listing of all polymorphic (variable) objects.

type StaticNatEntry

type StaticNatEntry struct {
	Name                    string `xml:"rule-name"`
	SetName                 string `xml:"rule-set-name"`
	ID                      string `xml:"rule-id"`
	RuleMatchingPosition    int    `xml:"rule-matching-position"`
	FromContext             string `xml:"rule-from-context"`
	FromZone                string `xml:"rule-from-context-name"`
	SourceAddressLowRange   string `xml:"static-source-address-range-entry>rule-source-address-low-range"`
	SourceAddressHighRange  string `xml:"static-source-address-range-entry>rule-source-address-high-range"`
	DestinaionAddressPrefix string `xml:"rule-destination-address-prefix"`
	DestinationPortLow      int    `xml:"rule-destination-port-low"`
	DestinationPortHigh     int    `xml:"rule-destination-port-high"`
	HostAddressPrefix       string `xml:"rule-host-address-prefix"`
	HostPortLow             int    `xml:"rule-host-port-low"`
	HostPortHigh            int    `xml:"rule-host-port-high"`
	Netmask                 string `xml:"rule-address-netmask"`
	RoutingInstance         string `xml:"rule-host-routing-instance"`
	TranslationHits         int    `xml:"rule-translation-hits"`
	SuccessfulSessions      int    `xml:"succ-hits"`
	ConcurrentHits          int    `xml:"concurrent-hits"`
}

StaticNatEntry holds each individual static NAT entry.

type StaticNats

type StaticNats struct {
	Count   int
	Entries []StaticNatEntry `xml:"static-nat-rule-entry"`
}

StaticNats contains the static NATs configured on the device.

type Storage

type Storage struct {
	Entries []SystemStorage `xml:"system-storage-information"`
}

Storage contains information about all of the file systems on the device.

type SubModule

type SubModule struct {
	Name          string         `xml:"name"`
	Version       string         `xml:"version,omitempty"`
	PartNumber    string         `xml:"part-number"`
	SerialNumber  string         `xml:"serial-number"`
	Description   string         `xml:"description"`
	CLEICode      string         `xml:"clei-code"`
	ModuleNumber  string         `xml:"module-number"`
	SubSubModules []SubSubModule `xml:"chassis-sub-sub-module"`
}

SubModule contains information about each individual sub-module.

type SubSubModule

type SubSubModule struct {
	Name             string            `xml:"name"`
	Version          string            `xml:"version,omitempty"`
	PartNumber       string            `xml:"part-number"`
	SerialNumber     string            `xml:"serial-number"`
	Description      string            `xml:"description"`
	SubSubSubModules []SubSubSubModule `xml:"chassis-sub-sub-sub-module"`
}

SubSubModule contains information about each sub-sub module, such as SFP's.

type SubSubSubModule

type SubSubSubModule struct {
	Name         string `xml:"name"`
	Version      string `xml:"version,omitempty"`
	PartNumber   string `xml:"part-number"`
	SerialNumber string `xml:"serial-number"`
	Description  string `xml:"description"`
}

SubSubSubModule contains information about each sub-sub-sub module, such as SFP's on a PIC, which is tied to a MIC on an MX.

type SystemInformation

type SystemInformation struct {
	XMLName       xml.Name `xml:"system-information"`
	Text          string   `xml:",chardata"`
	HardwareModel string   `xml:"hardware-model"`
	OsName        string   `xml:"os-name"`
	OsVersion     string   `xml:"os-version"`
	SerialNumber  string   `xml:"serial-number"`
	HostName      string   `xml:"host-name"`
}

SystemInformation to fetch the Systen Hostname and Model Info

type SystemStorage

type SystemStorage struct {
	FileSystems []FileSystem `xml:"filesystem"`
}

SystemStorage stores the file system information for each node, routing-engine, etc. on the device.

type VCMember

type VCMember struct {
	Status       string             `xml:"member-status"`
	ID           int                `xml:"member-id"`
	FPCSlot      string             `xml:"fpc-slot"`
	SerialNumber string             `xml:"member-serial-number"`
	Model        string             `xml:"member-model"`
	Priority     int                `xml:"member-priority"`
	MixedMode    string             `xml:"member-mixed-mode"`
	RouteMode    string             `xml:"member-route-mode"`
	Role         string             `xml:"member-role"`
	Neighbors    []VCMemberNeighbor `xml:"neighbor-list>neighbor"`
}

VCMember contains information about each individual virtual-chassis member.

type VCMemberNeighbor

type VCMemberNeighbor struct {
	ID        int    `xml:"neighbor-id"`
	Interface string `xml:"neighbor-interface"`
}

VCMemberNeighbor contains information about each virtual-chassis member neighbor.

type Variable

type Variable struct {
	ID          int    `xml:"id"`
	Name        string `xml:"name"`
	Description string `xml:"description"`
}

A Variable contains information about each individual polymorphic (variable) object.

type VariableManagement

type VariableManagement struct {
	Devices []SecurityDevice
	Space   *Space
}

VariableManagement contains our session state when updating a polymorphic (variable) object.

func (*VariableManagement) Add

func (v *VariableManagement) Add(address, name, firewall string) error

Add appends an address object to the given polymorphic (variable) object. Address is the address object you want to add, and name needs to be the variable object you wish to add the object to. You also must specify the device (firewall) that you want to associate the variable object to.

type Variables

type Variables struct {
	Variables []Variable `xml:"variable-definition"`
}

Variables contains a list of all polymorphic (variable) objects.

type Views

type Views struct {
	Arp            ArpTable
	BGP            BGPTable
	EthernetSwitch EthernetSwitchingTable
	FirewallPolicy FirewallPolicy
	Interface      Interfaces
	Inventory      HardwareInventory
	LLDPNeighbors  LLDPNeighbors
	Route          RoutingTable
	SourceNat      SourceNats
	StaticNat      StaticNats
	Storage        Storage
	VirtualChassis VirtualChassis
	Vlan           Vlans
	SystemInfo     SystemInformation
}

Views contains the information for the specific views. Note that some views aren't available for specific hardware platforms, such as the "VirtualChassis" view on an SRX.

type VirtualChassis

type VirtualChassis struct {
	PreProvisionedVCID   string     `xml:"preprovisioned-virtual-chassis-information>virtual-chassis-id"`
	PreProvisionedVCMode string     `xml:"preprovisioned-virtual-chassis-information>virtual-chassis-mode"`
	Members              []VCMember `xml:"member-list>member"`
}

VirtualChassis contains information regarding the virtual-chassis setup for the device.

type Vlan

type Vlan struct {
	Name             string   `xml:"l2ng-l2rtb-vlan-name"`
	Tag              int      `xml:"l2ng-l2rtb-vlan-tag"`
	MemberInterfaces []string `xml:"l2ng-l2rtb-vlan-member>l2ng-l2rtb-vlan-member-interface"`
}

Vlan contains information about each individual VLAN.

type Vlans

type Vlans struct {
	Entries []Vlan `xml:"l2ng-l2ald-vlan-instance-group"`
}

Vlans contains all of the VLAN information on the device.

type Zone

type Zone struct {
	Name           string          `xml:"name"`
	AddressEntries []AddressEntry  `xml:"address-book>address"`
	AddressSets    []AddressSet    `xml:"address-book>address-set"`
	ZoneInterfaces []ZoneInterface `xml:"interfaces"`
}

Zone contains information about each individual security-zone.

type ZoneInterface

type ZoneInterface struct {
	Name string `xml:"name"`
}

ZoneInterface contains a list of all interfaces that belong to the zone.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL