@pulumi/juniper-mist 0.0.18 → 0.0.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/device/ap.d.ts +0 -2
  2. package/device/ap.js +0 -2
  3. package/device/ap.js.map +1 -1
  4. package/device/gateway.d.ts +0 -2
  5. package/device/gateway.js +0 -2
  6. package/device/gateway.js.map +1 -1
  7. package/device/switch.d.ts +12 -8
  8. package/device/switch.js +2 -4
  9. package/device/switch.js.map +1 -1
  10. package/org/networktemplate.d.ts +18 -0
  11. package/org/networktemplate.js +2 -0
  12. package/org/networktemplate.js.map +1 -1
  13. package/org/setting.d.ts +3 -0
  14. package/org/setting.js +2 -0
  15. package/org/setting.js.map +1 -1
  16. package/package.json +2 -2
  17. package/site/networktemplate.d.ts +18 -0
  18. package/site/networktemplate.js +2 -0
  19. package/site/networktemplate.js.map +1 -1
  20. package/site/setting.d.ts +24 -9
  21. package/site/setting.js.map +1 -1
  22. package/types/input.d.ts +259 -58
  23. package/types/output.d.ts +276 -75
package/types/output.d.ts CHANGED
@@ -674,12 +674,16 @@ export declare namespace device {
674
674
  * by default, we'll re-advertise all learned BGP routers toward overlay
675
675
  */
676
676
  noReadvertiseToOverlay: boolean;
677
+ /**
678
+ * if `type`==`tunnel`
679
+ */
680
+ tunnelName?: string;
677
681
  /**
678
682
  * enum: `external`, `internal`
679
683
  */
680
684
  type?: string;
681
685
  /**
682
- * network name. enum: `lan`, `vpn`, `wan`
686
+ * network name. enum: `lan`, `tunnel`, `vpn`, `wan`
683
687
  */
684
688
  via: string;
685
689
  vpnName?: string;
@@ -1443,9 +1447,9 @@ export declare namespace device {
1443
1447
  }
1444
1448
  interface GatewayServicePolicy {
1445
1449
  /**
1446
- * enum: `allow`, `deny`
1450
+ * Required when `servicepolicyId` is not defined, optional otherwise (override the servicepolicy action). enum: `allow`, `deny`
1447
1451
  */
1448
- action: string;
1452
+ action?: string;
1449
1453
  /**
1450
1454
  * For SRX Only
1451
1455
  */
@@ -1455,7 +1459,10 @@ export declare namespace device {
1455
1459
  /**
1456
1460
  * access within the same VRF
1457
1461
  */
1458
- localRouting: boolean;
1462
+ localRouting?: boolean;
1463
+ /**
1464
+ * Required when `servicepolicyId` is not defined, optional otherwise (override the servicepolicy name)
1465
+ */
1459
1466
  name?: string;
1460
1467
  /**
1461
1468
  * by default, we derive all paths available and use them
@@ -1466,7 +1473,13 @@ export declare namespace device {
1466
1473
  * used to link servicepolicy defined at org level and overwrite some attributes
1467
1474
  */
1468
1475
  servicepolicyId?: string;
1476
+ /**
1477
+ * Required when `servicepolicyId` is not defined. List of Applications / Desctinations
1478
+ */
1469
1479
  services: string[];
1480
+ /**
1481
+ * Required when `servicepolicyId` is not defined. List of Networks / Users
1482
+ */
1470
1483
  tenants: string[];
1471
1484
  }
1472
1485
  interface GatewayServicePolicyAppqoe {
@@ -1529,7 +1542,7 @@ export declare namespace device {
1529
1542
  /**
1530
1543
  * networks reachable via this tunnel
1531
1544
  */
1532
- networks?: string[];
1545
+ networks: string[];
1533
1546
  primary?: outputs.device.GatewayTunnelConfigsPrimary;
1534
1547
  /**
1535
1548
  * Only if `provider`== `custom-ipsec`
@@ -1560,10 +1573,6 @@ export declare namespace device {
1560
1573
  enable?: boolean;
1561
1574
  latlng?: outputs.device.GatewayTunnelConfigsAutoProvisionLatlng;
1562
1575
  primary?: outputs.device.GatewayTunnelConfigsAutoProvisionPrimary;
1563
- /**
1564
- * enum: `APAC`, `Americas`, `EMEA`, `auto`
1565
- */
1566
- region: string;
1567
1576
  secondary?: outputs.device.GatewayTunnelConfigsAutoProvisionSecondary;
1568
1577
  }
1569
1578
  interface GatewayTunnelConfigsAutoProvisionLatlng {
@@ -3230,7 +3239,7 @@ export declare namespace device {
3230
3239
  /**
3231
3240
  * enum: `allow`, `deny`
3232
3241
  */
3233
- action: string;
3242
+ action?: string;
3234
3243
  dstTag: string;
3235
3244
  }
3236
3245
  interface SwitchAclTags {
@@ -3321,11 +3330,11 @@ export declare namespace device {
3321
3330
  /**
3322
3331
  * if `type`==`local` - optional, if not defined, system one will be used
3323
3332
  */
3324
- dnsServers?: string[];
3333
+ dnsServers: string[];
3325
3334
  /**
3326
3335
  * if `type`==`local` - optional, if not defined, system one will be used
3327
3336
  */
3328
- dnsSuffixes?: string[];
3337
+ dnsSuffixes: string[];
3329
3338
  /**
3330
3339
  * Property key is the MAC Address. Format is `[0-9a-f]{12}` (e.g "5684dae9ac8b")
3331
3340
  */
@@ -3370,17 +3379,17 @@ export declare namespace device {
3370
3379
  /**
3371
3380
  * if `type`==`relay`
3372
3381
  */
3373
- servers?: string[];
3382
+ servers: string[];
3374
3383
  /**
3375
3384
  * if `type6`==`relay`
3376
3385
  */
3377
- servers6s?: string[];
3386
+ servers6s: string[];
3378
3387
  /**
3379
- * enum: `local` (DHCP Server), `none`, `relay` (DHCP Relay)
3388
+ * enum: `none`, `relay` (DHCP Relay), `server` (DHCP Server)
3380
3389
  */
3381
- type: string;
3390
+ type?: string;
3382
3391
  /**
3383
- * enum: `local` (DHCP Server), `none`, `relay` (DHCP Relay)
3392
+ * enum: `none`, `relay` (DHCP Relay), `server` (DHCP Server)
3384
3393
  */
3385
3394
  type6: string;
3386
3395
  /**
@@ -3458,6 +3467,9 @@ export declare namespace device {
3458
3467
  preference?: number;
3459
3468
  }
3460
3469
  interface SwitchIpConfig {
3470
+ /**
3471
+ * Required when `type`==`static`
3472
+ */
3461
3473
  dns: string[];
3462
3474
  dnsSuffixes: string[];
3463
3475
  gateway?: string;
@@ -3516,27 +3528,49 @@ export declare namespace device {
3516
3528
  */
3517
3529
  useMgmtVrfForHostOut: boolean;
3518
3530
  }
3519
- interface SwitchOspfConfig {
3531
+ interface SwitchOspfAreas {
3532
+ includeLoopback: boolean;
3533
+ networks: {
3534
+ [key: string]: outputs.device.SwitchOspfAreasNetworks;
3535
+ };
3536
+ /**
3537
+ * OSPF type. enum: `default`, `nssa`, `stub`
3538
+ */
3539
+ type: string;
3540
+ }
3541
+ interface SwitchOspfAreasNetworks {
3520
3542
  /**
3521
- * OSPF areas to run on this device and the corresponding per-area-specific configs. Property key is the area
3543
+ * Required if `authType`==`md5`. Property key is the key number
3522
3544
  */
3523
- areas?: {
3524
- [key: string]: outputs.device.SwitchOspfConfigAreas;
3545
+ authKeys: {
3546
+ [key: string]: string;
3525
3547
  };
3526
3548
  /**
3527
- * whether to rung OSPF on this device
3549
+ * Required if `authType`==`password`, the password, max length is 8
3528
3550
  */
3529
- enabled?: boolean;
3551
+ authPassword?: string;
3530
3552
  /**
3531
- * Bandwidth for calculating metric defaults (9600..4000000000000)
3553
+ * auth type. enum: `md5`, `none`, `password`
3532
3554
  */
3533
- referenceBandwidth: string;
3534
- }
3535
- interface SwitchOspfConfigAreas {
3555
+ authType: string;
3556
+ bfdMinimumInterval?: number;
3557
+ deadInterval?: number;
3558
+ exportPolicy?: string;
3559
+ helloInterval?: number;
3560
+ importPolicy?: string;
3561
+ /**
3562
+ * interface type (nbma = non-broadcast multi-access). enum: `broadcast`, `nbma`, `p2mp`, `p2p`
3563
+ */
3564
+ interfaceType: string;
3565
+ metric?: number;
3536
3566
  /**
3537
- * for a stub/nssa area, where to avoid forwarding type-3 LSA to this area
3567
+ * by default, we'll re-advertise all learned OSPF routes toward overlay
3538
3568
  */
3539
- noSummary?: boolean;
3569
+ noReadvertiseToOverlay: boolean;
3570
+ /**
3571
+ * whether to send OSPF-Hello
3572
+ */
3573
+ passive: boolean;
3540
3574
  }
3541
3575
  interface SwitchOtherIpConfigs {
3542
3576
  /**
@@ -3706,6 +3740,10 @@ export declare namespace device {
3706
3740
  * Only if `mode`!=`dynamic` and `enableMacAuth`==`true`
3707
3741
  */
3708
3742
  macAuthOnly?: boolean;
3743
+ /**
3744
+ * Only if `mode`!=`dynamic` + `enableMacAuth`==`true` + `macAuthOnly`==`false`, dot1x will be given priority then mac_auth. Enable this to prefer macAuth over dot1x.
3745
+ */
3746
+ macAuthPreferred?: boolean;
3709
3747
  /**
3710
3748
  * Only if `mode`!=`dynamic` and `enableMacAuth` ==`true`. This type is ignored if mistNac is enabled. enum: `eap-md5`, `eap-peap`, `pap`
3711
3749
  */
@@ -3746,10 +3784,6 @@ export declare namespace device {
3746
3784
  * Only if `mode`!=`dynamic` and `portAuth`=`dot1x` reauthentication interval range
3747
3785
  */
3748
3786
  reauthInterval: number;
3749
- /**
3750
- * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` when radius server reject / fails
3751
- */
3752
- rejectedNetwork?: string;
3753
3787
  /**
3754
3788
  * Only if `mode`==`dynamic` Control when the DPC port should be changed to the default port usage. enum: `linkDown`, `none` (let the DPC port keep at the current port usage)
3755
3789
  */
@@ -3758,6 +3792,14 @@ export declare namespace device {
3758
3792
  * Only if `mode`==`dynamic`
3759
3793
  */
3760
3794
  rules?: outputs.device.SwitchPortUsagesRule[];
3795
+ /**
3796
+ * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` sets server fail fallback vlan
3797
+ */
3798
+ serverFailNetwork?: string;
3799
+ /**
3800
+ * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` when radius server reject / fails
3801
+ */
3802
+ serverRejectNetwork?: string;
3761
3803
  /**
3762
3804
  * Only if `mode`!=`dynamic` speed, default is auto to automatically negotiate speed
3763
3805
  */
@@ -3885,6 +3927,10 @@ export declare namespace device {
3885
3927
  * Auth port of RADIUS server
3886
3928
  */
3887
3929
  port: number;
3930
+ /**
3931
+ * whether to require Message-Authenticator in requests
3932
+ */
3933
+ requireMessageAuthenticator: boolean;
3888
3934
  /**
3889
3935
  * secret of RADIUS server
3890
3936
  */
@@ -4197,9 +4243,9 @@ export declare namespace device {
4197
4243
  }
4198
4244
  interface SwitchStpConfig {
4199
4245
  /**
4200
- * enum: `rstp`, `vstp`
4246
+ * ignored for switches participating in EVPN
4201
4247
  */
4202
- type: string;
4248
+ vstpEnabled: boolean;
4203
4249
  }
4204
4250
  interface SwitchSwitchMgmt {
4205
4251
  /**
@@ -4222,6 +4268,7 @@ export declare namespace device {
4222
4268
  * Enable to provide the FQDN with DHCP option 81
4223
4269
  */
4224
4270
  dhcpOptionFqdn: boolean;
4271
+ disableOobDownAlarm?: boolean;
4225
4272
  /**
4226
4273
  * Property key is the user name. For Local user authentication
4227
4274
  */
@@ -4883,12 +4930,16 @@ export declare namespace org {
4883
4930
  * by default, we'll re-advertise all learned BGP routers toward overlay
4884
4931
  */
4885
4932
  noReadvertiseToOverlay: boolean;
4933
+ /**
4934
+ * if `type`==`tunnel`
4935
+ */
4936
+ tunnelName?: string;
4886
4937
  /**
4887
4938
  * enum: `external`, `internal`
4888
4939
  */
4889
4940
  type?: string;
4890
4941
  /**
4891
- * network name. enum: `lan`, `vpn`, `wan`
4942
+ * network name. enum: `lan`, `tunnel`, `vpn`, `wan`
4892
4943
  */
4893
4944
  via: string;
4894
4945
  vpnName?: string;
@@ -5629,9 +5680,9 @@ export declare namespace org {
5629
5680
  }
5630
5681
  interface DeviceprofileGatewayServicePolicy {
5631
5682
  /**
5632
- * enum: `allow`, `deny`
5683
+ * Required when `servicepolicyId` is not defined, optional otherwise (override the servicepolicy action). enum: `allow`, `deny`
5633
5684
  */
5634
- action: string;
5685
+ action?: string;
5635
5686
  /**
5636
5687
  * For SRX Only
5637
5688
  */
@@ -5641,7 +5692,10 @@ export declare namespace org {
5641
5692
  /**
5642
5693
  * access within the same VRF
5643
5694
  */
5644
- localRouting: boolean;
5695
+ localRouting?: boolean;
5696
+ /**
5697
+ * Required when `servicepolicyId` is not defined, optional otherwise (override the servicepolicy name)
5698
+ */
5645
5699
  name?: string;
5646
5700
  /**
5647
5701
  * by default, we derive all paths available and use them
@@ -5652,7 +5706,13 @@ export declare namespace org {
5652
5706
  * used to link servicepolicy defined at org level and overwrite some attributes
5653
5707
  */
5654
5708
  servicepolicyId?: string;
5709
+ /**
5710
+ * Required when `servicepolicyId` is not defined. List of Applications / Desctinations
5711
+ */
5655
5712
  services: string[];
5713
+ /**
5714
+ * Required when `servicepolicyId` is not defined. List of Networks / Users
5715
+ */
5656
5716
  tenants: string[];
5657
5717
  }
5658
5718
  interface DeviceprofileGatewayServicePolicyAppqoe {
@@ -5715,7 +5775,7 @@ export declare namespace org {
5715
5775
  /**
5716
5776
  * networks reachable via this tunnel
5717
5777
  */
5718
- networks?: string[];
5778
+ networks: string[];
5719
5779
  primary?: outputs.org.DeviceprofileGatewayTunnelConfigsPrimary;
5720
5780
  /**
5721
5781
  * Only if `provider`== `custom-ipsec`
@@ -5746,10 +5806,6 @@ export declare namespace org {
5746
5806
  enable?: boolean;
5747
5807
  latlng?: outputs.org.DeviceprofileGatewayTunnelConfigsAutoProvisionLatlng;
5748
5808
  primary?: outputs.org.DeviceprofileGatewayTunnelConfigsAutoProvisionPrimary;
5749
- /**
5750
- * enum: `APAC`, `Americas`, `EMEA`, `auto`
5751
- */
5752
- region: string;
5753
5809
  secondary?: outputs.org.DeviceprofileGatewayTunnelConfigsAutoProvisionSecondary;
5754
5810
  }
5755
5811
  interface DeviceprofileGatewayTunnelConfigsAutoProvisionLatlng {
@@ -6008,12 +6064,16 @@ export declare namespace org {
6008
6064
  * by default, we'll re-advertise all learned BGP routers toward overlay
6009
6065
  */
6010
6066
  noReadvertiseToOverlay: boolean;
6067
+ /**
6068
+ * if `type`==`tunnel`
6069
+ */
6070
+ tunnelName?: string;
6011
6071
  /**
6012
6072
  * enum: `external`, `internal`
6013
6073
  */
6014
6074
  type?: string;
6015
6075
  /**
6016
- * network name. enum: `lan`, `vpn`, `wan`
6076
+ * network name. enum: `lan`, `tunnel`, `vpn`, `wan`
6017
6077
  */
6018
6078
  via: string;
6019
6079
  vpnName?: string;
@@ -6754,9 +6814,9 @@ export declare namespace org {
6754
6814
  }
6755
6815
  interface GatewaytemplateServicePolicy {
6756
6816
  /**
6757
- * enum: `allow`, `deny`
6817
+ * Required when `servicepolicyId` is not defined, optional otherwise (override the servicepolicy action). enum: `allow`, `deny`
6758
6818
  */
6759
- action: string;
6819
+ action?: string;
6760
6820
  /**
6761
6821
  * For SRX Only
6762
6822
  */
@@ -6766,7 +6826,10 @@ export declare namespace org {
6766
6826
  /**
6767
6827
  * access within the same VRF
6768
6828
  */
6769
- localRouting: boolean;
6829
+ localRouting?: boolean;
6830
+ /**
6831
+ * Required when `servicepolicyId` is not defined, optional otherwise (override the servicepolicy name)
6832
+ */
6770
6833
  name?: string;
6771
6834
  /**
6772
6835
  * by default, we derive all paths available and use them
@@ -6777,7 +6840,13 @@ export declare namespace org {
6777
6840
  * used to link servicepolicy defined at org level and overwrite some attributes
6778
6841
  */
6779
6842
  servicepolicyId?: string;
6843
+ /**
6844
+ * Required when `servicepolicyId` is not defined. List of Applications / Desctinations
6845
+ */
6780
6846
  services: string[];
6847
+ /**
6848
+ * Required when `servicepolicyId` is not defined. List of Networks / Users
6849
+ */
6781
6850
  tenants: string[];
6782
6851
  }
6783
6852
  interface GatewaytemplateServicePolicyAppqoe {
@@ -6840,7 +6909,7 @@ export declare namespace org {
6840
6909
  /**
6841
6910
  * networks reachable via this tunnel
6842
6911
  */
6843
- networks?: string[];
6912
+ networks: string[];
6844
6913
  primary?: outputs.org.GatewaytemplateTunnelConfigsPrimary;
6845
6914
  /**
6846
6915
  * Only if `provider`== `custom-ipsec`
@@ -6871,10 +6940,6 @@ export declare namespace org {
6871
6940
  enable?: boolean;
6872
6941
  latlng?: outputs.org.GatewaytemplateTunnelConfigsAutoProvisionLatlng;
6873
6942
  primary?: outputs.org.GatewaytemplateTunnelConfigsAutoProvisionPrimary;
6874
- /**
6875
- * enum: `APAC`, `Americas`, `EMEA`, `auto`
6876
- */
6877
- region: string;
6878
6943
  secondary?: outputs.org.GatewaytemplateTunnelConfigsAutoProvisionSecondary;
6879
6944
  }
6880
6945
  interface GatewaytemplateTunnelConfigsAutoProvisionLatlng {
@@ -7753,7 +7818,7 @@ export declare namespace org {
7753
7818
  /**
7754
7819
  * enum: `allow`, `deny`
7755
7820
  */
7756
- action: string;
7821
+ action?: string;
7757
7822
  dstTag: string;
7758
7823
  }
7759
7824
  interface NetworktemplateAclTags {
@@ -7885,6 +7950,50 @@ export declare namespace org {
7885
7950
  subnet?: string;
7886
7951
  vlanId: string;
7887
7952
  }
7953
+ interface NetworktemplateOspfAreas {
7954
+ includeLoopback: boolean;
7955
+ networks: {
7956
+ [key: string]: outputs.org.NetworktemplateOspfAreasNetworks;
7957
+ };
7958
+ /**
7959
+ * OSPF type. enum: `default`, `nssa`, `stub`
7960
+ */
7961
+ type: string;
7962
+ }
7963
+ interface NetworktemplateOspfAreasNetworks {
7964
+ /**
7965
+ * Required if `authType`==`md5`. Property key is the key number
7966
+ */
7967
+ authKeys: {
7968
+ [key: string]: string;
7969
+ };
7970
+ /**
7971
+ * Required if `authType`==`password`, the password, max length is 8
7972
+ */
7973
+ authPassword?: string;
7974
+ /**
7975
+ * auth type. enum: `md5`, `none`, `password`
7976
+ */
7977
+ authType: string;
7978
+ bfdMinimumInterval?: number;
7979
+ deadInterval?: number;
7980
+ exportPolicy?: string;
7981
+ helloInterval?: number;
7982
+ importPolicy?: string;
7983
+ /**
7984
+ * interface type (nbma = non-broadcast multi-access). enum: `broadcast`, `nbma`, `p2mp`, `p2p`
7985
+ */
7986
+ interfaceType: string;
7987
+ metric?: number;
7988
+ /**
7989
+ * by default, we'll re-advertise all learned OSPF routes toward overlay
7990
+ */
7991
+ noReadvertiseToOverlay: boolean;
7992
+ /**
7993
+ * whether to send OSPF-Hello
7994
+ */
7995
+ passive: boolean;
7996
+ }
7888
7997
  interface NetworktemplatePortMirroring {
7889
7998
  /**
7890
7999
  * at least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
@@ -7971,6 +8080,10 @@ export declare namespace org {
7971
8080
  * Only if `mode`!=`dynamic` and `enableMacAuth`==`true`
7972
8081
  */
7973
8082
  macAuthOnly?: boolean;
8083
+ /**
8084
+ * Only if `mode`!=`dynamic` + `enableMacAuth`==`true` + `macAuthOnly`==`false`, dot1x will be given priority then mac_auth. Enable this to prefer macAuth over dot1x.
8085
+ */
8086
+ macAuthPreferred?: boolean;
7974
8087
  /**
7975
8088
  * Only if `mode`!=`dynamic` and `enableMacAuth` ==`true`. This type is ignored if mistNac is enabled. enum: `eap-md5`, `eap-peap`, `pap`
7976
8089
  */
@@ -8011,10 +8124,6 @@ export declare namespace org {
8011
8124
  * Only if `mode`!=`dynamic` and `portAuth`=`dot1x` reauthentication interval range
8012
8125
  */
8013
8126
  reauthInterval: number;
8014
- /**
8015
- * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` when radius server reject / fails
8016
- */
8017
- rejectedNetwork?: string;
8018
8127
  /**
8019
8128
  * Only if `mode`==`dynamic` Control when the DPC port should be changed to the default port usage. enum: `linkDown`, `none` (let the DPC port keep at the current port usage)
8020
8129
  */
@@ -8023,6 +8132,14 @@ export declare namespace org {
8023
8132
  * Only if `mode`==`dynamic`
8024
8133
  */
8025
8134
  rules?: outputs.org.NetworktemplatePortUsagesRule[];
8135
+ /**
8136
+ * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` sets server fail fallback vlan
8137
+ */
8138
+ serverFailNetwork?: string;
8139
+ /**
8140
+ * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` when radius server reject / fails
8141
+ */
8142
+ serverRejectNetwork?: string;
8026
8143
  /**
8027
8144
  * Only if `mode`!=`dynamic` speed, default is auto to automatically negotiate speed
8028
8145
  */
@@ -8150,6 +8267,10 @@ export declare namespace org {
8150
8267
  * Auth port of RADIUS server
8151
8268
  */
8152
8269
  port: number;
8270
+ /**
8271
+ * whether to require Message-Authenticator in requests
8272
+ */
8273
+ requireMessageAuthenticator: boolean;
8153
8274
  /**
8154
8275
  * secret of RADIUS server
8155
8276
  */
@@ -8622,6 +8743,7 @@ export declare namespace org {
8622
8743
  * Enable to provide the FQDN with DHCP option 81
8623
8744
  */
8624
8745
  dhcpOptionFqdn: boolean;
8746
+ disableOobDownAlarm?: boolean;
8625
8747
  /**
8626
8748
  * Property key is the user name. For Local user authentication
8627
8749
  */
@@ -9159,6 +9281,10 @@ export declare namespace org {
9159
9281
  * use this IDP when no explicit realm present in the incoming username/CN OR when no IDP is explicitly mapped to the incoming realm.
9160
9282
  */
9161
9283
  defaultIdpId?: string;
9284
+ /**
9285
+ * to disable RSAE_PSS_SHA256, RSAE_PSS_SHA384, RSAE_PSS_SHA512 from server side. see https://www.openssl.org/docs/man3.0/man1/openssl-ciphers.html
9286
+ */
9287
+ disableRsaeAlgorithms: boolean;
9162
9288
  /**
9163
9289
  * eap ssl security level
9164
9290
  * see https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html#DEFAULT-CALLBACK-BEHAVIOUR
@@ -9169,6 +9295,14 @@ export declare namespace org {
9169
9295
  * For strict GDPR compliancy NAC POD failover would only happen between the PODs located within the EU environment, and no authentication would take place outside of EU. This is an org setting that is applicable to WLANs, switch templates, mxedge clusters that have mistNac enabled
9170
9296
  */
9171
9297
  euOnly: boolean;
9298
+ /**
9299
+ * allow customer to choose the EAP-TLS client certificate's field to use for IDP Machine Groups lookup
9300
+ */
9301
+ idpMachineCertLookupField: string;
9302
+ /**
9303
+ * allow customer to choose the EAP-TLS client certificate's field to use for IDP User Groups lookup
9304
+ */
9305
+ idpUserCertLookupField: string;
9172
9306
  idps: outputs.org.SettingMistNacIdp[];
9173
9307
  /**
9174
9308
  * radius server cert to be presented in EAP TLS
@@ -9225,9 +9359,9 @@ export declare namespace org {
9225
9359
  */
9226
9360
  enabled: boolean;
9227
9361
  /**
9228
- * days, required if password policy is enabled
9362
+ * password expiry in days
9229
9363
  */
9230
- freshness?: number;
9364
+ expiryInDays?: number;
9231
9365
  /**
9232
9366
  * required password length
9233
9367
  */
@@ -9248,6 +9382,15 @@ export declare namespace org {
9248
9382
  */
9249
9383
  maxPktLen: number;
9250
9384
  }
9385
+ interface SettingPortChannelization {
9386
+ /**
9387
+ * Property key is the interface name or range (e.g. `et-0/0/47`, `et-0/0/48-49`), Property value is the interface speed (e.g. `25g`, `50g`)
9388
+ */
9389
+ config?: {
9390
+ [key: string]: string;
9391
+ };
9392
+ enabled: boolean;
9393
+ }
9251
9394
  interface SettingSecurity {
9252
9395
  /**
9253
9396
  * whether to disable local SSH (by default, local SSH is enabled with allowMist in Org is enabled
@@ -10812,7 +10955,7 @@ export declare namespace site {
10812
10955
  /**
10813
10956
  * enum: `allow`, `deny`
10814
10957
  */
10815
- action: string;
10958
+ action?: string;
10816
10959
  dstTag: string;
10817
10960
  }
10818
10961
  interface NetworktemplateAclTags {
@@ -10944,6 +11087,50 @@ export declare namespace site {
10944
11087
  subnet?: string;
10945
11088
  vlanId: string;
10946
11089
  }
11090
+ interface NetworktemplateOspfAreas {
11091
+ includeLoopback: boolean;
11092
+ ospfNetworks: {
11093
+ [key: string]: outputs.site.NetworktemplateOspfAreasOspfNetworks;
11094
+ };
11095
+ /**
11096
+ * OSPF type. enum: `default`, `nssa`, `stub`
11097
+ */
11098
+ type: string;
11099
+ }
11100
+ interface NetworktemplateOspfAreasOspfNetworks {
11101
+ /**
11102
+ * Required if `authType`==`md5`. Property key is the key number
11103
+ */
11104
+ authKeys: {
11105
+ [key: string]: string;
11106
+ };
11107
+ /**
11108
+ * Required if `authType`==`password`, the password, max length is 8
11109
+ */
11110
+ authPassword?: string;
11111
+ /**
11112
+ * auth type. enum: `md5`, `none`, `password`
11113
+ */
11114
+ authType: string;
11115
+ bfdMinimumInterval?: number;
11116
+ deadInterval?: number;
11117
+ exportPolicy?: string;
11118
+ helloInterval?: number;
11119
+ importPolicy?: string;
11120
+ /**
11121
+ * interface type (nbma = non-broadcast multi-access). enum: `broadcast`, `nbma`, `p2mp`, `p2p`
11122
+ */
11123
+ interfaceType: string;
11124
+ metric?: number;
11125
+ /**
11126
+ * by default, we'll re-advertise all learned OSPF routes toward overlay
11127
+ */
11128
+ noReadvertiseToOverlay: boolean;
11129
+ /**
11130
+ * whether to send OSPF-Hello
11131
+ */
11132
+ passive: boolean;
11133
+ }
10947
11134
  interface NetworktemplatePortMirroring {
10948
11135
  /**
10949
11136
  * at least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
@@ -11030,6 +11217,10 @@ export declare namespace site {
11030
11217
  * Only if `mode`!=`dynamic` and `enableMacAuth`==`true`
11031
11218
  */
11032
11219
  macAuthOnly?: boolean;
11220
+ /**
11221
+ * Only if `mode`!=`dynamic` + `enableMacAuth`==`true` + `macAuthOnly`==`false`, dot1x will be given priority then mac_auth. Enable this to prefer macAuth over dot1x.
11222
+ */
11223
+ macAuthPreferred?: boolean;
11033
11224
  /**
11034
11225
  * Only if `mode`!=`dynamic` and `enableMacAuth` ==`true`. This type is ignored if mistNac is enabled. enum: `eap-md5`, `eap-peap`, `pap`
11035
11226
  */
@@ -11070,10 +11261,6 @@ export declare namespace site {
11070
11261
  * Only if `mode`!=`dynamic` and `portAuth`=`dot1x` reauthentication interval range
11071
11262
  */
11072
11263
  reauthInterval: number;
11073
- /**
11074
- * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` when radius server reject / fails
11075
- */
11076
- rejectedNetwork?: string;
11077
11264
  /**
11078
11265
  * Only if `mode`==`dynamic` Control when the DPC port should be changed to the default port usage. enum: `linkDown`, `none` (let the DPC port keep at the current port usage)
11079
11266
  */
@@ -11082,6 +11269,14 @@ export declare namespace site {
11082
11269
  * Only if `mode`==`dynamic`
11083
11270
  */
11084
11271
  rules?: outputs.site.NetworktemplatePortUsagesRule[];
11272
+ /**
11273
+ * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` sets server fail fallback vlan
11274
+ */
11275
+ serverFailNetwork?: string;
11276
+ /**
11277
+ * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` when radius server reject / fails
11278
+ */
11279
+ serverRejectNetwork?: string;
11085
11280
  /**
11086
11281
  * Only if `mode`!=`dynamic` speed, default is auto to automatically negotiate speed
11087
11282
  */
@@ -11209,6 +11404,10 @@ export declare namespace site {
11209
11404
  * Auth port of RADIUS server
11210
11405
  */
11211
11406
  port: number;
11407
+ /**
11408
+ * whether to require Message-Authenticator in requests
11409
+ */
11410
+ requireMessageAuthenticator: boolean;
11212
11411
  /**
11213
11412
  * secret of RADIUS server
11214
11413
  */
@@ -11681,6 +11880,7 @@ export declare namespace site {
11681
11880
  * Enable to provide the FQDN with DHCP option 81
11682
11881
  */
11683
11882
  dhcpOptionFqdn: boolean;
11883
+ disableOobDownAlarm?: boolean;
11684
11884
  /**
11685
11885
  * Property key is the user name. For Local user authentication
11686
11886
  */
@@ -11735,7 +11935,7 @@ export declare namespace site {
11735
11935
  * enum: `any`, `icmp`, `tcp`, `udp`
11736
11936
  */
11737
11937
  protocol: string;
11738
- subnets?: string[];
11938
+ subnets: string[];
11739
11939
  }
11740
11940
  interface NetworktemplateSwitchMgmtTacacs {
11741
11941
  acctServers?: outputs.site.NetworktemplateSwitchMgmtTacacsAcctServer[];
@@ -11938,6 +12138,8 @@ export declare namespace site {
11938
12138
  enabled: boolean;
11939
12139
  /**
11940
12140
  * hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun).
12141
+ *
12142
+ * **Note**: If the dow is not defined then it\u2019\ s treated as 00:00-23:59.
11941
12143
  */
11942
12144
  hours?: outputs.site.SettingConfigPushPolicyPushWindowHours;
11943
12145
  }
@@ -11966,6 +12168,8 @@ export declare namespace site {
11966
12168
  dwellTags?: outputs.site.SettingEngagementDwellTags;
11967
12169
  /**
11968
12170
  * hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun).
12171
+ *
12172
+ * **Note**: If the dow is not defined then it\u2019\ s treated as 00:00-23:59.
11969
12173
  */
11970
12174
  hours?: outputs.site.SettingEngagementHours;
11971
12175
  /**
@@ -12038,25 +12242,22 @@ export declare namespace site {
12038
12242
  enabled?: boolean;
12039
12243
  }
12040
12244
  interface SettingGatewayMgmtAppProbingCustomApp {
12041
- /**
12042
- * if `protocol`==`icmp`
12043
- */
12044
12245
  address: string;
12045
12246
  appType?: string;
12046
12247
  /**
12047
- * if `protocol`==`http`
12248
+ * Only 1 entry is allowed:
12249
+ * * if `protocol`==`http`: URL (e.g. `http://test.com` or `https://test.com`)
12250
+ * * if `protocol`==`icmp`: IP Address (e.g. `1.2.3.4`)
12048
12251
  */
12049
12252
  hostnames: string[];
12050
- name?: string;
12253
+ key: string;
12254
+ name: string;
12051
12255
  network?: string;
12052
12256
  /**
12053
12257
  * enum: `http`, `icmp`
12054
12258
  */
12055
12259
  protocol: string;
12056
- /**
12057
- * if `protocol`==`http`
12058
- */
12059
- url?: string;
12260
+ url: string;
12060
12261
  vrf?: string;
12061
12262
  }
12062
12263
  interface SettingGatewayMgmtAutoSignatureUpdate {