'set' Based OS Remediations

[jtdub]

fixes #103

"set" based operating systems can now be remediated in experimental capacity. Here is an example of a JunOS style remediation.

$ cat ./tests/fixtures/running_config_flat_junos.confset system host-name aggr-example.rtr

set firewall family inet filter TEST term 1 from source-address 10.0.0.0/29
set firewall family inet filter TEST term 1 then accept

set vlans switch_mgmt_10.0.2.0/24 vlan-id 2
set vlans switch_mgmt_10.0.2.0/24 l3-interface irb.2

set vlans switch_mgmt_10.0.4.0/24 vlan-id 3
set vlans switch_mgmt_10.0.4.0/24 l3-interface irb.3

set interfaces irb unit 2 family inet address 10.0.2.1/24
set interfaces irb unit 2 family inet description "switch_10.0.2.0/24"
set interfaces irb unit 2 family inet disable

set interfaces irb unit 3 family inet address 10.0.4.1/16
set interfaces irb unit 3 family inet filter input TEST
set interfaces irb unit 3 family inet mtu 9000
set interfaces irb unit 3 family inet description "switch_mgmt_10.0.4.0/24"

$ python3
Python 3.8.10 (default, Nov 22 2023, 10:22:35) 
[GCC 9.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import yaml
>>> from hier_config import Host
>>>
>>> host = Host('example.rtr', 'junos')
>>> 
>>> # Build Hierarchical Configuration object for the Running Config
>>> host.load_running_config_from_file("./tests/fixtures/running_config_flat_junos.conf")
>>> 
>>> # Build Hierarchical Configuration object for the Generated Config
>>> host.load_generated_config_from_file("./tests/fixtures/generated_config_flat_junos.conf")
>>> 
>>> # Build and Print the all lines of the remediation config
>>> print(host.remediation_config_filtered_text({}, {}))
delete vlans switch_mgmt_10.0.4.0/24 vlan-id 3
delete vlans switch_mgmt_10.0.4.0/24 l3-interface irb.3
delete interfaces irb unit 2 family inet disable
delete interfaces irb unit 3 family inet address 10.0.4.1/16
delete interfaces irb unit 3 family inet description "switch_mgmt_10.0.4.0/24"
set vlans switch_mgmt_10.0.3.0/24 vlan-id 3
set vlans switch_mgmt_10.0.3.0/24 l3-interface irb.3
set vlans switch_mgmt_10.0.4.0/24 vlan-id 4
set vlans switch_mgmt_10.0.4.0/24 l3-interface irb.4
set interfaces irb unit 2 family inet filter input TEST
set interfaces irb unit 2 family inet mtu 9000
set interfaces irb unit 3 family inet address 10.0.3.1/16
set interfaces irb unit 3 family inet description "switch_mgmt_10.0.3.0/24"
set interfaces irb unit 4 family inet address 10.0.4.1/16
set interfaces irb unit 4 family inet filter input TEST
set interfaces irb unit 4 family inet mtu 9000
set interfaces irb unit 4 family inet description "switch_mgmt_10.0.4.0/24"

Configurations loaded into Hier Config as Juniper-style syntax are converted to a flat set based configuration format. Remediations are then rendered using this set style syntax.

$ cat ./tests/fixtures/running_config_junos.conf 
system {
    host-name aggr-example.rtr;
}

firewall {
    family inet {
        filter TEST {
            term 1 {
                from {
                    source-address 10.0.0.0/29;
                }
                then {
                    accept;
                }
            }
        }
    }
}

vlans {
    switch_mgmt_10.0.2.0/24 {
        vlan-id 2;
        l3-interface irb.2;
    }
    switch_mgmt_10.0.4.0/24 {
        vlan-id 3;
        l3-interface irb.3;
    }
}

interfaces {
    irb {
        unit 2 {
            family inet {
                address 10.0.2.1/24;
                description "switch_10.0.2.0/24";
                disable;
            }
        }
        unit 3 {
            family inet {
                address 10.0.4.1/16;
                filter {
                    input TEST;
                }
                mtu 9000;
                description "switch_mgmt_10.0.4.0/24";
            }
        }
    }
}

$ python3
Python 3.8.10 (default, Nov 22 2023, 10:22:35) 
[GCC 9.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import yaml
>>> from hier_config import Host
>>> 
>>> host = Host('example.rtr', 'junos')
>>> 
>>> # Build Hierarchical Configuration object for the Running Config
>>> host.load_running_config_from_file("./tests/fixtures/running_config_junos.conf")
>>> 
>>> # Build Hierarchical Configuration object for the Generated Config
>>> host.load_generated_config_from_file("./tests/fixtures/generated_config_junos.conf")
>>> 
>>> # Build and Print the all lines of the remediation config
>>> print(host.remediation_config_filtered_text({}, {}))
delete vlans switch_mgmt_10.0.4.0/24 vlan-id 3
delete vlans switch_mgmt_10.0.4.0/24 l3-interface irb.3
delete interfaces irb unit 2 family inet description "switch_10.0.2.0/24"
delete interfaces irb unit 2 family inet disable
delete interfaces irb unit 3 family inet address 10.0.4.1/16
delete interfaces irb unit 3 family inet description "switch_mgmt_10.0.4.0/24"
set vlans switch_mgmt_10.0.3.0/24 vlan-id 3
set vlans switch_mgmt_10.0.3.0/24 l3-interface irb.3
set vlans switch_mgmt_10.0.4.0/24 vlan-id 4
set vlans switch_mgmt_10.0.4.0/24 l3-interface irb.4
set interfaces irb unit 2 family inet filter input TEST
set interfaces irb unit 2 family inet mtu 9000
set interfaces irb unit 2 family inet description "switch_mgmt_10.0.2.0/24"
set interfaces irb unit 3 family inet address 10.0.3.1/16
set interfaces irb unit 3 family inet description "switch_mgmt_10.0.3.0/24"
set interfaces irb unit 4 family inet address 10.0.4.1/16
set interfaces irb unit 4 family inet filter input TEST
set interfaces irb unit 4 family inet mtu 9000
set interfaces irb unit 4 family inet description "switch_mgmt_10.0.4.0/24"

[jeffkala]

Junos does support a edit stanza is the intention to use that in the future? Or always go the route of deleting then doing a new set? example:

[edit]
user@host# edit protocols ospf area 0.0.0.0 
[edit protocols ospf area 0.0.0.0]
user@host# set interface so-0/0/0 hello-interval 5
[edit protocols ospf area 0.0.0.0]
user@host# delete 
Delete everything under this level? [yes, no] yes 
[edit protocols ospf area 0.0.0.0]
user@host# show
[edit]
user@host#

[jtdub]

@jeffkala - Currently, it's set and delete