@pulumi/juniper-mist 0.8.0 → 0.8.1

package/types/input.d.ts

@@ -7618,6 +7618,188 @@ export declare namespace org {
          */
         vcMac?: pulumi.Input<string>;
     }
+    interface MxclusterMistDas {
+        /**
+         * Dynamic authorization clients configured to send CoA|DM to mist edges on port 3799
+         */
+        coaServers?: pulumi.Input<pulumi.Input<inputs.org.MxclusterMistDasCoaServer>[]>;
+        enabled?: pulumi.Input<boolean>;
+    }
+    interface MxclusterMistDasCoaServer {
+        /**
+         * Whether to disable Event-Timestamp Check
+         */
+        disableEventTimestampCheck?: pulumi.Input<boolean>;
+        enabled?: pulumi.Input<boolean>;
+        /**
+         * This server configured to send CoA|DM to mist edges
+         */
+        host?: pulumi.Input<string>;
+        /**
+         * Mist edges will allow this host on this port
+         */
+        port?: pulumi.Input<number>;
+        /**
+         * Whether to require Message-Authenticator in requests
+         */
+        requireMessageAuthenticator?: pulumi.Input<boolean>;
+        secret?: pulumi.Input<string>;
+    }
+    interface MxclusterMistNac {
+        acctServerPort?: pulumi.Input<number>;
+        authServerPort?: pulumi.Input<number>;
+        /**
+         * Property key is the RADIUS Client IP/Subnet.
+         */
+        clientIps?: pulumi.Input<{
+            [key: string]: pulumi.Input<inputs.org.MxclusterMistNacClientIps>;
+        }>;
+        enabled?: pulumi.Input<boolean>;
+        secret?: pulumi.Input<string>;
+    }
+    interface MxclusterMistNacClientIps {
+    }
+    interface MxclusterMxedgeMgmt {
+        configAutoRevert?: pulumi.Input<boolean>;
+        fipsEnabled?: pulumi.Input<boolean>;
+        mistPassword?: pulumi.Input<string>;
+        /**
+         * enum: `dhcp`, `disabled`, `static`
+         */
+        oobIpType?: pulumi.Input<string>;
+        /**
+         * enum: `autoconf`, `dhcp`, `disabled`, `static`
+         */
+        oobIpType6?: pulumi.Input<string>;
+        rootPassword?: pulumi.Input<string>;
+    }
+    interface MxclusterProxy {
+        disabled?: pulumi.Input<boolean>;
+        url?: pulumi.Input<string>;
+    }
+    interface MxclusterRadsec {
+        /**
+         * List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
+         */
+        acctServers?: pulumi.Input<pulumi.Input<inputs.org.MxclusterRadsecAcctServer>[]>;
+        /**
+         * List of RADIUS authentication servers, order matters where the first one is treated as primary
+         */
+        authServers?: pulumi.Input<pulumi.Input<inputs.org.MxclusterRadsecAuthServer>[]>;
+        /**
+         * Whether to enable service on Mist Edge i.e. RADIUS proxy over TLS
+         */
+        enabled?: pulumi.Input<boolean>;
+        /**
+         * Whether to match ssid in request message to select from a subset of RADIUS servers
+         */
+        matchSsid?: pulumi.Input<boolean>;
+        /**
+         * SSpecify NAS-IP-ADDRESS, NAS-IPv6-ADDRESS to use with auth_servers. enum: `any`, `oob`, `oob6`, `tunnel`, `tunnel6`
+         */
+        nasIpSource?: pulumi.Input<string>;
+        /**
+         * Hostnames or IPs for Mist AP to use as the TLS Server (i.e. they are reachable from AP) in addition to `tuntermHosts`
+         */
+        proxyHosts?: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * When ordered, Mist Edge will prefer and go back to the first radius server if possible. enum: `ordered`, `unordered`
+         */
+        serverSelection?: pulumi.Input<string>;
+        /**
+         * Specify IP address to connect to authServers and acct_servers. enum: `any`, `oob`, `oob6`, `tunnel`, `tunnel6`
+         */
+        srcIpSource?: pulumi.Input<string>;
+    }
+    interface MxclusterRadsecAcctServer {
+        /**
+         * IP / hostname of RADIUS server
+         */
+        host?: pulumi.Input<string>;
+        /**
+         * Acct port of RADIUS server
+         */
+        port?: pulumi.Input<number>;
+        /**
+         * Secret of RADIUS server
+         */
+        secret?: pulumi.Input<string>;
+        /**
+         * List of ssids that will use this server if matchSsid is true and match is found
+         */
+        ssids?: pulumi.Input<pulumi.Input<string>[]>;
+    }
+    interface MxclusterRadsecAuthServer {
+        /**
+         * IP / hostname of RADIUS server
+         */
+        host?: pulumi.Input<string>;
+        /**
+         * Whether to enable inband status check
+         */
+        inbandStatusCheck?: pulumi.Input<boolean>;
+        /**
+         * Inband status interval, in seconds
+         */
+        inbandStatusInterval?: pulumi.Input<number>;
+        /**
+         * If used for Mist APs, enable keywrap algorithm. Default is false
+         */
+        keywrapEnabled?: pulumi.Input<boolean>;
+        /**
+         * if used for Mist APs. enum: `ascii`, `hex`
+         */
+        keywrapFormat?: pulumi.Input<string>;
+        /**
+         * If used for Mist APs, encryption key
+         */
+        keywrapKek?: pulumi.Input<string>;
+        /**
+         * If used for Mist APs, Message Authentication Code Key
+         */
+        keywrapMack?: pulumi.Input<string>;
+        /**
+         * Auth port of RADIUS server
+         */
+        port?: pulumi.Input<number>;
+        /**
+         * Authentication request retry
+         */
+        retry?: pulumi.Input<number>;
+        /**
+         * Secret of RADIUS server
+         */
+        secret?: pulumi.Input<string>;
+        /**
+         * List of ssids that will use this server if matchSsid is true and match is found
+         */
+        ssids?: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * Authentication request timeout, in seconds
+         */
+        timeout?: pulumi.Input<number>;
+    }
+    interface MxclusterRadsecTls {
+        keypair?: pulumi.Input<string>;
+    }
+    interface MxclusterTuntermDhcpdConfig {
+        enabled?: pulumi.Input<boolean>;
+        servers?: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * enum: `relay`
+         */
+        type?: pulumi.Input<string>;
+    }
+    interface MxclusterTuntermExtraRoutes {
+        via?: pulumi.Input<string>;
+    }
+    interface MxclusterTuntermMonitoring {
+        host: pulumi.Input<string>;
+        port: pulumi.Input<number>;
+        protocol: pulumi.Input<string>;
+        srcVlanId: pulumi.Input<number>;
+        timeout: pulumi.Input<number>;
+    }
     interface MxedgeMxedgeMgmt {
         configAutoRevert?: pulumi.Input<boolean>;
         fipsEnabled?: pulumi.Input<boolean>;
@@ -7768,6 +7950,59 @@ export declare namespace org {
         mxagent?: pulumi.Input<string>;
         tunterm?: pulumi.Input<string>;
     }
+    interface NacPortalPortal {
+        /**
+         * Guest portal authentication type. enum: `external`, `multi`, `none`
+         */
+        auth?: pulumi.Input<string>;
+        /**
+         * If `auth`==`none` or `auth`==`multi`, whether to expire the guest after a certain time
+         */
+        expire?: pulumi.Input<number>;
+        /**
+         * If `auth`==`external`, the URL to redirect the user to for authentication
+         */
+        externalPortalUrl?: pulumi.Input<string>;
+        /**
+         * Disconnect client (workaround for reauth issues)
+         */
+        forceReconnect?: pulumi.Input<boolean>;
+        /**
+         * If `auth`==`none` or `auth`==`multi`, whether to forward the user to the guest portal after authentication
+         */
+        forward?: pulumi.Input<boolean>;
+        /**
+         * If `auth`==`none` or `auth`==`multi`, URL to forward the user to after authentication
+         */
+        forwardUrl?: pulumi.Input<string>;
+        /**
+         * Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
+         */
+        maxNumDevices?: pulumi.Input<number>;
+        /**
+         * If `auth`==`none` or `auth`==`multi`, whether to show the privacy policy
+         */
+        privacy?: pulumi.Input<boolean>;
+    }
+    interface NacPortalSso {
+        idpCert?: pulumi.Input<string>;
+        /**
+         * Signing algorithm for SAML Assertion. enum: `sha1`, `sha256`, `sha384`, `sha512`.
+         */
+        idpSignAlgo?: pulumi.Input<string>;
+        idpSsoUrl?: pulumi.Input<string>;
+        issuer?: pulumi.Input<string>;
+        nameidFormat?: pulumi.Input<string>;
+        ssoRoleMatchings?: pulumi.Input<pulumi.Input<inputs.org.NacPortalSsoSsoRoleMatching>[]>;
+        /**
+         * If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)
+         */
+        useSsoRoleForCert?: pulumi.Input<boolean>;
+    }
+    interface NacPortalSsoSsoRoleMatching {
+        assigned?: pulumi.Input<string>;
+        match?: pulumi.Input<string>;
+    }
     interface NacruleMatching {
         /**
          * enum: `cert`, `device-auth`, `eap-teap`, `eap-tls`, `eap-ttls`, `idp`, `mab`, `eap-peap`

package/types/output.d.ts

@@ -12698,6 +12698,188 @@ export declare namespace org {
          */
         vcMac: string;
     }
+    interface MxclusterMistDas {
+        /**
+         * Dynamic authorization clients configured to send CoA|DM to mist edges on port 3799
+         */
+        coaServers?: outputs.org.MxclusterMistDasCoaServer[];
+        enabled: boolean;
+    }
+    interface MxclusterMistDasCoaServer {
+        /**
+         * Whether to disable Event-Timestamp Check
+         */
+        disableEventTimestampCheck: boolean;
+        enabled?: boolean;
+        /**
+         * This server configured to send CoA|DM to mist edges
+         */
+        host?: string;
+        /**
+         * Mist edges will allow this host on this port
+         */
+        port: number;
+        /**
+         * Whether to require Message-Authenticator in requests
+         */
+        requireMessageAuthenticator: boolean;
+        secret?: string;
+    }
+    interface MxclusterMistNac {
+        acctServerPort: number;
+        authServerPort: number;
+        /**
+         * Property key is the RADIUS Client IP/Subnet.
+         */
+        clientIps: {
+            [key: string]: outputs.org.MxclusterMistNacClientIps;
+        };
+        enabled: boolean;
+        secret?: string;
+    }
+    interface MxclusterMistNacClientIps {
+    }
+    interface MxclusterMxedgeMgmt {
+        configAutoRevert: boolean;
+        fipsEnabled: boolean;
+        mistPassword?: string;
+        /**
+         * enum: `dhcp`, `disabled`, `static`
+         */
+        oobIpType: string;
+        /**
+         * enum: `autoconf`, `dhcp`, `disabled`, `static`
+         */
+        oobIpType6: string;
+        rootPassword?: string;
+    }
+    interface MxclusterProxy {
+        disabled: boolean;
+        url?: string;
+    }
+    interface MxclusterRadsec {
+        /**
+         * List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
+         */
+        acctServers?: outputs.org.MxclusterRadsecAcctServer[];
+        /**
+         * List of RADIUS authentication servers, order matters where the first one is treated as primary
+         */
+        authServers?: outputs.org.MxclusterRadsecAuthServer[];
+        /**
+         * Whether to enable service on Mist Edge i.e. RADIUS proxy over TLS
+         */
+        enabled?: boolean;
+        /**
+         * Whether to match ssid in request message to select from a subset of RADIUS servers
+         */
+        matchSsid?: boolean;
+        /**
+         * SSpecify NAS-IP-ADDRESS, NAS-IPv6-ADDRESS to use with auth_servers. enum: `any`, `oob`, `oob6`, `tunnel`, `tunnel6`
+         */
+        nasIpSource: string;
+        /**
+         * Hostnames or IPs for Mist AP to use as the TLS Server (i.e. they are reachable from AP) in addition to `tuntermHosts`
+         */
+        proxyHosts?: string[];
+        /**
+         * When ordered, Mist Edge will prefer and go back to the first radius server if possible. enum: `ordered`, `unordered`
+         */
+        serverSelection: string;
+        /**
+         * Specify IP address to connect to authServers and acct_servers. enum: `any`, `oob`, `oob6`, `tunnel`, `tunnel6`
+         */
+        srcIpSource: string;
+    }
+    interface MxclusterRadsecAcctServer {
+        /**
+         * IP / hostname of RADIUS server
+         */
+        host?: string;
+        /**
+         * Acct port of RADIUS server
+         */
+        port: number;
+        /**
+         * Secret of RADIUS server
+         */
+        secret?: string;
+        /**
+         * List of ssids that will use this server if matchSsid is true and match is found
+         */
+        ssids?: string[];
+    }
+    interface MxclusterRadsecAuthServer {
+        /**
+         * IP / hostname of RADIUS server
+         */
+        host?: string;
+        /**
+         * Whether to enable inband status check
+         */
+        inbandStatusCheck: boolean;
+        /**
+         * Inband status interval, in seconds
+         */
+        inbandStatusInterval: number;
+        /**
+         * If used for Mist APs, enable keywrap algorithm. Default is false
+         */
+        keywrapEnabled?: boolean;
+        /**
+         * if used for Mist APs. enum: `ascii`, `hex`
+         */
+        keywrapFormat: string;
+        /**
+         * If used for Mist APs, encryption key
+         */
+        keywrapKek?: string;
+        /**
+         * If used for Mist APs, Message Authentication Code Key
+         */
+        keywrapMack?: string;
+        /**
+         * Auth port of RADIUS server
+         */
+        port: number;
+        /**
+         * Authentication request retry
+         */
+        retry: number;
+        /**
+         * Secret of RADIUS server
+         */
+        secret?: string;
+        /**
+         * List of ssids that will use this server if matchSsid is true and match is found
+         */
+        ssids?: string[];
+        /**
+         * Authentication request timeout, in seconds
+         */
+        timeout: number;
+    }
+    interface MxclusterRadsecTls {
+        keypair?: string;
+    }
+    interface MxclusterTuntermDhcpdConfig {
+        enabled: boolean;
+        servers?: string[];
+        /**
+         * enum: `relay`
+         */
+        type: string;
+    }
+    interface MxclusterTuntermExtraRoutes {
+        via?: string;
+    }
+    interface MxclusterTuntermMonitoring {
+        host: string;
+        port: number;
+        protocol: string;
+        srcVlanId: number;
+        timeout: number;
+    }
     interface MxedgeMxedgeMgmt {
         configAutoRevert: boolean;
         fipsEnabled: boolean;
@@ -12848,6 +13030,59 @@ export declare namespace org {
         mxagent: string;
         tunterm: string;
     }
+    interface NacPortalPortal {
+        /**
+         * Guest portal authentication type. enum: `external`, `multi`, `none`
+         */
+        auth?: string;
+        /**
+         * If `auth`==`none` or `auth`==`multi`, whether to expire the guest after a certain time
+         */
+        expire?: number;
+        /**
+         * If `auth`==`external`, the URL to redirect the user to for authentication
+         */
+        externalPortalUrl?: string;
+        /**
+         * Disconnect client (workaround for reauth issues)
+         */
+        forceReconnect?: boolean;
+        /**
+         * If `auth`==`none` or `auth`==`multi`, whether to forward the user to the guest portal after authentication
+         */
+        forward?: boolean;
+        /**
+         * If `auth`==`none` or `auth`==`multi`, URL to forward the user to after authentication
+         */
+        forwardUrl?: string;
+        /**
+         * Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
+         */
+        maxNumDevices: number;
+        /**
+         * If `auth`==`none` or `auth`==`multi`, whether to show the privacy policy
+         */
+        privacy?: boolean;
+    }
+    interface NacPortalSso {
+        idpCert?: string;
+        /**
+         * Signing algorithm for SAML Assertion. enum: `sha1`, `sha256`, `sha384`, `sha512`.
+         */
+        idpSignAlgo: string;
+        idpSsoUrl?: string;
+        issuer?: string;
+        nameidFormat?: string;
+        ssoRoleMatchings?: outputs.org.NacPortalSsoSsoRoleMatching[];
+        /**
+         * If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)
+         */
+        useSsoRoleForCert?: boolean;
+    }
+    interface NacPortalSsoSsoRoleMatching {
+        assigned?: string;
+        match?: string;
+    }
     interface NacruleMatching {
         /**
          * enum: `cert`, `device-auth`, `eap-teap`, `eap-tls`, `eap-ttls`, `idp`, `mab`, `eap-peap`