junos-ez-srx 0.0.8

data/LICENSE

@@ -0,0 +1,26 @@
+LICENSE (BSD-2)
+===============
+Copyright (c) 2013, Jeremy Schulman, Juniper Networks
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    Redistributions of source code must retain the above copyright notice,
+    this list of conditions and the following disclaimer.
+
+    Redistributions in binary form must reproduce the above copyright notice,
+    this list of conditions and the following disclaimer in
+    the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,83 @@
+# OVERVIEW
+
+**NOTE: Work in progress - not yet in RubyGems.org**
+
+A collection of Ruby classes to make Junos SRX automation Easy.  This library supports the following
+resources:
+
+  * Zones and associated interfaces
+  * Zone address-book entries
+  * Zone address-book sets
+  * Policy Rules
+  * Application entries
+  * Application sets
+  
+For more information about each topic, please refer to the **README_xyz.md** files. 
+
+# EXAMPLE USAGE
+  
+````ruby
+require 'pry'
+require 'yaml'
+require 'net/netconf/jnpr'
+require 'junos-ez/stdlib'
+require 'junos-ez/srx'
+
+# login information for NETCONF session 
+
+login = { :target => 'vsrx', :username => 'jeremy',  :password => 'jeremy1',  }
+
+## create a NETCONF object to manage the device and open the connection ...
+
+ndev = Netconf::SSH.new( login )
+$stdout.print "Connecting to device #{login[:target]} ... "
+ndev.open
+$stdout.puts "OK!"
+
+## Now bind providers to the device object.
+## the 'Junos::Ez::Provider' must be first before all others
+## this provider will setup the device 'facts'.  The other providers
+## allow you to define the instance variables; so this example
+## is using 'l1_ports' and 'ip_ports', but you could name them
+## what you like, yo!
+
+Junos::Ez::Provider( ndev )
+Junos::Ez::L1ports::Provider( ndev, :l1_ports )
+Junos::Ez::IPports::Provider( ndev, :ip_ports )
+Junos::Ez::SRX::Zones::Provider( ndev, :zones )
+Junos::Ez::SRX::Policies::Provider( ndev, :policies )
+
+## drop into interactive mode to play around ... let's look
+## at what the device has for facts ...
+
+#->  ndev.facts.list
+#->  ndev.facts.catalog
+#->  ndev.fact :version
+
+## now look at specific providers like the zones and policies
+
+#-> ndev.zones.list
+#-> ndev.zones.catalog
+
+binding.pry
+
+ndev.close
+````
+  
+# DEPENDENCIES
+
+  * gem netconf
+  * gem [junos-ez-stdlib](https://github.com/jeremyschulman/ruby-junos-ez-stdlib)
+
+
+# INSTALLATION 
+
+  * gem install junos-ez-srx  (* JUST NOT YET *)
+
+# CONTRIBUTORS
+
+  * Jeremy Schulman, @nwkautomaniac
+
+# LICENSES
+
+   BSD-2, See LICENSE file

data/examples/app_sets.rb

@@ -0,0 +1,25 @@
+require 'yaml'
+require 'net/netconf/jnpr'
+require 'junos-ez/stdlib'
+require 'junos-ez/srx'
+
+login = { :target => 'vsrx', :username => 'jeremy',  :password => 'jeremy1',  }
+
+ndev = Netconf::SSH.new( login )
+ndev.open
+
+Junos::Ez::Provider( ndev )
+Junos::Ez::SRX::Zones::Provider( ndev, :zones )
+Junos::Ez::SRX::Policies::Provider( ndev, :policies )
+Junos::Ez::SRX::Apps::Provider( ndev, :apps )
+Junos::Ez::SRX::AppSets::Provider( ndev, :appsets )
+
+zone = ndev.zones["DEF-PROTECT-BZ-ST1"]
+addr_set = zone.sets["SWITCHBOARD-MDM-UAT"]
+
+app_list = ndev.apps.list
+appset_list = ndev.appsets.list
+
+binding.pry
+
+ndev.close

data/examples/apps.rb

@@ -0,0 +1,20 @@
+require 'yaml'
+require 'net/netconf/jnpr'
+require 'junos-ez/stdlib'
+require 'junos-ez/srx'
+
+login = { :target => 'vsrx', :username => 'jeremy',  :password => 'jeremy1',  }
+
+ndev = Netconf::SSH.new( login )
+ndev.open
+
+Junos::Ez::Provider( ndev )
+Junos::Ez::SRX::Zones::Provider( ndev, :zones )
+Junos::Ez::SRX::Policies::Provider( ndev, :policies )
+Junos::Ez::SRX::Apps::Provider( ndev, :apps )
+
+a = ndev.apps["TCP-1024-3388"]
+
+binding.pry
+
+ndev.close

data/examples/catalog_expanded.rb

@@ -0,0 +1,31 @@
+require 'yaml'
+require 'net/netconf/jnpr'
+require 'junos-ez/stdlib'
+require 'junos-ez/srx'
+
+login = { :target => 'vsrx', :username => 'jeremy',  :password => 'jeremy1',  }
+
+ndev = Netconf::SSH.new( login )
+ndev.open
+
+Junos::Ez::Provider( ndev )
+Junos::Ez::SRX::Zones::Provider( ndev, :zones )
+Junos::Ez::SRX::Policies::Provider( ndev, :policies )
+
+policy = ndev.policies[  ["PII-SOX-BZ-ST1", "OUTSIDE-BZ-ST1"] ]
+
+catalog_h = policy.rules.catalog_expanded
+rule_530 = policy.rules.catalog_expanded( "530" )
+
+### find policy rules that have an application term with 
+### a timeout of < 5 min == 300 seconds
+
+t_5_m = catalog_h[:rules].select do |rule|
+  not( rule[:match_apps].select do |app_name, app_terms|
+    app_terms.select{|t| t[:timeout] > 0 and t[:timeout] < 300 }[0]
+  end.empty? )
+end
+
+binding.pry
+
+ndev.close

data/examples/find_route.rb

@@ -0,0 +1,20 @@
+require 'yaml'
+require 'net/netconf/jnpr'
+require 'junos-ez/stdlib'
+require 'junos-ez/srx'
+
+login = { :target => 'vsrx', :username => 'jeremy',  :password => 'jeremy1',  }
+
+ndev = Netconf::SSH.new( login )
+ndev.open
+
+Junos::Ez::Provider( ndev )
+Junos::Ez::SRX::Zones::Provider( ndev, :zones )
+Junos::Ez::SRX::Policies::Provider( ndev, :policies )
+
+f_1 = ndev.zones.find_route "23.171.20.12", :addrs => true
+f_2 = ndev.zones.find_route "23.171.37.37", :addrs => true
+
+binding.pry
+
+ndev.close

data/examples/junos_srx_test.rb

@@ -0,0 +1,78 @@
+require 'yaml'
+require 'net/netconf/jnpr'
+
+require 'junos-ez/stdlib'
+require 'junos-ez/srx'
+
+require_relative 'mylogins'
+
+class JunosDevice < Netconf::SSH
+  
+  # overload the open method to the Junos device and then
+  # create provider objects starting with Facts ...
+  
+  def open
+    super                                                       # open connection to device
+    Junos::Ez::Facts::Provider( self )                          # Facts must always be first!
+    Junos::Ez::Hosts::Provider( self, :hosts )                  # manage staic host mapping
+    Junos::Ez::SysConfig::Provider( self, :syscfg )
+    Junos::Ez::StaticRoutes::Provider( self, :routes )          # manage static routes
+    Junos::Ez::L1ports::Provider( self, :l1_ports )             # manage IFD properties
+    Junos::Ez::IPports::Provider( self, :ip_ports )             # manage IPv4 interfaces        
+    Junos::Ez::SRX::Zones::Provider( self, :zones )             # manage security zones
+    Junos::Ez::SRX::Policies::Provider( self, :zpols )          # manage secuirty policies
+  end
+  
+  def rollback( rbid = 0 )
+    @rpc.load_configuration( :rollback => rbid.to_s )
+  end
+  def commit_check
+    @rpc.commit_configuration( :check => true )
+  end
+  
+end
+
+target = ARGV[0] || "vsrx"
+host = MyLogins::HOSTS[ target ] 
+filename = "srx-policy.yaml"
+
+JunosDevice.new( host ) do |ndev|
+  
+  
+  from_zone_name = "PII-SOX-BZ-ST1"
+  to_zone_name = "OUTSIDE-BZ-ST1"
+  
+  from_zone = ndev.zones[ from_zone_name ]
+  to_zone = ndev.zones[ to_zone_name ]  
+  zpol_name = [ from_zone_name, to_zone_name ]
+  zpol = ndev.zpols[ zpol_name ]  
+  
+  binding.pry
+  
+  ndev.zpols.create_from_yaml!( :filename=> filename,  :replace=>true  )
+  
+  rule_list = zpol.rules.list!
+  rule = zpol.rules["545"]
+  
+  # hash of new properties ...  
+  new_rule_props = {
+    :description => "This is a test policy rule for JEREMY",
+    :match_srcs => ["S1","S2"],
+    :match_dsts => ["D1", "D2"],
+    :match_apps => ["any"],
+    :action => :permit    
+  }
+
+  zpol.rules.create( "JEREMY", new_rule_props ) do |rule|
+    rule.write!
+    rule.reorder! :before => rule_list.last
+  end
+    
+  
+end
+
+    
+
+
+
+

data/examples/sample-change.rb

@@ -0,0 +1,97 @@
+require 'yaml'
+require 'net/netconf/jnpr'
+require 'junos-ez/stdlib'
+require 'junos-ez/srx'
+
+###
+### load the data we want to use to represent the 'change request'
+###
+
+change_data = YAML.load_file( 'change.yaml' )
+
+###
+### open a NETCONF connection to the target device
+###
+
+login = {:target => 'vsrx', :username => 'jeremy', :password => 'jeremy1' }
+ndev = Netconf::SSH.new( login )
+ndev.open
+
+
+###
+### bind Junos EZ provider objects to the device object, you can pick the
+### instance variable names, I'm just using :zones and :policies, but
+### it's entirely up to you.
+###
+
+Junos::Ez::Provider ndev
+Junos::Ez::SRX::Zones::Provider ndev, :zones
+Junos::Ez::SRX::Policies::Provider ndev, :policies
+
+###
+### select the provider resource objects for the from-zone and to-zone
+###
+
+from_zone = ndev.zones[ change_data['from-zone']['name'] ]
+to_zone = ndev.zones[ change_data['to-zone']['name'] ]
+
+### add the address names/sets to the proper zones.
+### if the address data is an Array, then we're adding
+### an address book set.  otherwise we're adding an entry
+
+{'from-zone' => from_zone, 'to-zone' => to_zone}.each do |which, zone|
+  change_data[which]['addresses'].each do |adr_name, adr_data|
+    case adr_data
+    when Array
+      set = zone.sets[adr_name]
+      set[:addr_names] = adr_data
+      set.write!
+    else
+      entry = zone.addrs[adr_name]
+      entry[:ip_prefix] = adr_data
+      entry.write!
+    end
+  end
+end
+
+###
+### now add the new rule to the policy.  insert the 
+### new rule before the current last rule
+###
+
+policy = ndev.policies[ [from_zone.name, to_zone.name] ]
+last_rule = policy.rules.list.last
+
+binding.pry
+
+change_policy = change_data['policy']
+
+rule = policy.rules[ change_policy['rule'] ]
+rule[:action] = change_policy['action'].to_sym
+rule[:match_srcs] = change_policy['from']
+rule[:match_dsts] = change_policy['to']
+rule[:match_apps] = change_policy['apps']
+rule.write!
+rule.reorder! :before => last_rule
+
+###
+### get a "diff" output of the changes and display them to the screen
+###
+
+binding.pry
+
+puts "Junos changes:\n"
+config_diff = ndev.rpc.get_configuration(:compare=>'rollback', :rollback=>'0')
+puts config_diff
+
+# - breakpoint if we want to 'look around', just uncomment out the next line
+# binding.pry
+
+###
+### now commit the configuration changes and close the connection
+###
+
+ndev.rpc.commit_configuration
+ndev.close
+
+

data/examples/simple.rb

@@ -0,0 +1,22 @@
+require 'yaml'
+require 'net/netconf/jnpr'
+require 'junos-ez/stdlib'
+require 'junos-ez/srx'
+
+unless ARGV[0]
+  puts "You must specify a target"
+end
+
+login = { :target => ARGV[0], :username => 'jeremy',  :password => 'jeremy1',  }
+ndev = Netconf::SSH.new( login )
+ndev.open
+
+Junos::Ez::Provider( ndev )
+Junos::Ez::L1ports::Provider( ndev, :l1_ports )
+Junos::Ez::IPports::Provider( ndev, :ip_ports )
+Junos::Ez::SRX::Zones::Provider( ndev, :zones )
+Junos::Ez::SRX::Policies::Provider( ndev, :policies )
+
+binding.pry
+
+ndev.close

data/examples/srx_dump_yaml.rb

@@ -0,0 +1,48 @@
+require 'yaml'
+require 'net/netconf/jnpr'
+require 'junos-ez/stdlib'
+require 'junos-ez/srx'
+
+def yaml_zone( zone )
+  zone.to_yaml :filename => zone.name + "_ZONE_IFS.yaml"
+  zone.addrs.to_yaml :filename => zone.name + "_ZONE_ADDRS.yaml"
+  zone.sets.to_yaml :filename => zone.name + "_ZONE_SETS.yaml"
+end
+
+login = {:target => 'vsrx', :username => 'jeremy', :password => 'jeremy1' }
+
+ndev = Netconf::SSH.new( login )
+ndev.open
+
+Junos::Ez::Provider( ndev )
+Junos::Ez::SRX::Zones.Provider( ndev, :zones )
+Junos::Ez::SRX::Policies.Provider( ndev, :policies )
+
+### -----------------------------------------------------------------
+### dump all of the Zones to YAML
+### -----------------------------------------------------------------
+
+ndev.zones.each do |zone|
+  next if zone.name == "junos-host"     
+  $stdout.puts "Dumping Junos ZONE to YAML:[#{zone.name}]"
+  yaml_zone( zone )
+end
+
+### -----------------------------------------------------------------
+### dump all of the Polcies to YAML
+### -----------------------------------------------------------------
+
+ndev.policies.each do |policy|
+  from_zone, to_zone = policy.name
+  $stdout.puts "Dumping Junos POLICY to YAML: #{from_zone} --> #{to_zone}"
+  policy.to_yaml :filename => "POLICY__" + from_zone + "__" + to_zone + ".yaml"
+end
+
+ndev.close
+
+
+    
+
+
+
+