Configuration file

[sec0uth]

Branch yml-config-#11

Specification of main configuration file.

• Why yaml? PyEZ already uses it, Ansible does too, but it is really easy to read.

# logging
logging:
  verbose: true
  console: true
  file: /path/to/log/output

# connection settings
ssh:
  config: ~/.ssh/config
  host: router
  passwd: h4ckme
  # ask_passwd: true

# configure changes in device
changes:
  banner: "!!!!! This is the new awesome banner !!!!!"
  # banner_file: /path/to/banner/works/too

  user:
    name: little-juno
    passwd: imdumb
    # class: super-user

  config: |
         set system foo bar
         set system policy drop
  # config_file: /path/to/config/works/too

Logging

• [ ] verbose : if true add debug log messages (default false)
• [ ] console : if true send log messages to default terminal output (default true)
• [ ] file : if set, also send log messages to this target (default null)

SSH

• [ ] config : ssh host configuration file (default: ~/.ssh/config)
• [ ] host : either the Host section of ~/.ssh/config or a host address
• [ ] passwd : clear text password for ssh
• [ ] ask_passwd : whether to ask for ssh password

Changes

• [ ] banner : banner message text
• [ ] banner_file : read banner from file
• [ ] user :
  • [ ] name : user name text
  • [ ] passwd : user password in clear text. If missing, will ask for the password.
  • [ ] class : user login class, see default login classes at juniper docs. The default login class is read-only.
• [ ] config : text to be replaced in device configuration
• [ ] config_file : file to be replaced in device configuration

Advanced

Mutually exclusive

SSH

• ask_passwd and passwd : if set to ask for ssh password but already has a password configured, it uses that password

Changes

• banner and banner_file : banner text takes precedence over the file
• config and config_file : same as with banner and banner_file

[sec0uth]

I started with testing first, and to keep it simple, the validation over the configuration file will not be strict. Only required fields are going to be verified, the following fields:

• ssh:
  • host
• changes
  • banner or banner_file
  • user:
    • name
  • config or config_file

Note: the field at user.passwd is also required, but the application take care of asking when missing

[sec0uth]

Finished juniper.config module:

• [x] read from yaml file
• [x] ensure data structure has required fields