Junos RPC YANG module for security command(s)
Version: 2019-01-01
module junos-ex-rpc-security { yang-version 1; namespace "http://yang.juniper.net/junos-ex/rpc/security"; prefix security; import junos-common-types { prefix jt; revision-date "2019-01-01"; } organization "Juniper Networks, Inc."; contact "yang-support@juniper.net"; description "Junos RPC YANG module for security command(s)"; revision "2019-01-01" { description "Junos: 21.3R1.9"; } rpc get-security-alarm-information { description "Show active security alarm information"; input { leaf alarm-id { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Alarm ID filter"; } leaf-list alarm-type { type enumeration { enum "authentication" { value 0; description "Authentication alarms"; } enum "cryptographic-self-test" { value 1; description "Cryptographic self-test alarms"; } enum "decryption-failures" { value 2; description "Decryption failure alarms"; } enum "encryption-failures" { value 3; description "Encryption failure alarms"; } enum "ike-phase1-failures" { value 4; description "IKE Phase 1 failure alarms"; } enum "ike-phase2-failures" { value 5; description "IKE Phase 2 failure alarms"; } enum "key-generation-self-test" { value 6; description "Key generation self-test alarms"; } enum "non-cryptographic-self-test" { value 7; description "Non-cryptographic self-test alarms"; } enum "policy" { value 8; description "Policy alarms"; } enum "replay-attacks" { value 9; description "Replay attack alarms"; } enum "idp" { value 10; description "IDP attack alarms"; } } ordered-by user; description "Alarm type filter"; } leaf newer-than { type jt:time; description "Alarms newer than filter (YYYY-MM-DD.HH:MM:SS)"; } leaf older-than { type jt:time; description "Alarms older than filter (YYYY-MM-DD.HH:MM:SS)"; } leaf process { type string; description "Process that generated the alarm filter"; } leaf severity { type enumeration { enum "alert" { value 0; description "Alert severity"; } enum "crit" { value 1; description "Critical severity"; } enum "debug" { value 2; description "Debug severity"; } enum "emerg" { value 3; description "Emergency severity"; } enum "err" { value 4; description "Error severity"; } enum "info" { value 5; description "Information severity"; } enum "notice" { value 6; description "Notice severity"; } enum "warning" { value 7; description "Warning severity"; } } description "Severity of the alarm filter"; } leaf style { type enumeration { enum "detail" { value 0; description "Show detail alarm information"; } } } } output { choice output_c { leaf output { type string; } anyxml security-alarm-information; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-security-alarm-information rpc get-security-log-information { description "Show auditable security log information"; input { leaf destination-address { type jt:ipprefix-optional; description "Destination address and optional prefix length"; } leaf destination-port { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Destination port"; } leaf event-id { type string; description "Event ID filter"; } leaf interface-name { type string; description "Name of interface"; } leaf older-than { type jt:time; description "Events older than filter (YYYY-MM-DD.HH:MM:SS)"; } leaf policy-name { type string; description "Policy name filter"; } leaf process { type string; description "Process that generated the event"; } leaf protocol { type string; description "Protocol filter"; } leaf newer-than { type jt:time; description "Events newer than filter (YYYY-MM-DD.HH:MM:SS)"; } leaf result { type enumeration { enum "failure" { value 0; description "Event was a failure"; } enum "success" { value 1; description "Event was successful"; } } } leaf severity { type enumeration { enum "alert" { value 0; description "Alert severity"; } enum "crit" { value 1; description "Critical severity"; } enum "debug" { value 2; description "Debug severity"; } enum "emerg" { value 3; description "Emergency severity"; } enum "err" { value 4; description "Error severity"; } enum "info" { value 5; description "Information severity"; } enum "notice" { value 6; description "Notice severity"; } enum "warning" { value 7; description "Warning severity"; } } description "Severity of the event"; } leaf source-address { type jt:ipprefix-optional; description "Source address and optional prefix length"; } leaf source-port { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Source port"; } leaf username { type string; description "Username filter"; } leaf sort-by { type enumeration { enum "destination-address" { value 0; description "Sort by destination address"; } enum "destination-port" { value 1; description "Sort by destination port"; } enum "interface-name" { value 2; description "Sort by interface name"; } enum "policy-name" { value 3; description "Sort by policy name"; } enum "protocol" { value 4; description "Sort by protocol"; } enum "source-address" { value 5; description "Sort by source address"; } enum "source-port" { value 6; description "Sort by source port"; } enum "time" { value 7; description "Sort by time of event arrival"; } enum "username" { value 8; description "Sort by event user name "; } } default "time"; description "Sort by selected field"; } leaf direction { type enumeration { enum "ascending" { value 0; description "Sort in ascending order"; } enum "descending" { value 1; description "Sort in descending order"; } } default "ascending"; } leaf style { type enumeration { enum "detail" { value 0; description "Show detail alarm information"; } } } } output { choice output_c { leaf output { type string; } anyxml security-log-information; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-security-log-information rpc get-pki-certificate-request { description "Show PKCS-10 certificate request information"; input { uses command-forwarding; choice daemon-select { case logical-system { } // case logical-system } // choice daemon-select leaf certificate-id { type string { length "1 .. 32"; } description "Certificate identifier"; } leaf level { type enumeration { enum "brief" { value 0; description "Display brief output"; } enum "detail" { value 1; description "Display detailed output"; } } default "brief"; } } output { choice output_c { leaf output { type string; } anyxml x509-pki-certificate-info-list; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-pki-certificate-request rpc get-pki-ca-certificate { description "Show certificate-authority certificate information"; input { uses command-forwarding; choice daemon-select { case logical-system { } // case logical-system } // choice daemon-select choice ca-cert-choice { leaf ca-profile { type string { length "1 .. 32"; } description "Certificate authority profile"; } leaf ca-profile-group { type string { length "1 .. 32"; } description "Show CA profile group"; } } // choice ca-cert-choice leaf level { type enumeration { enum "brief" { value 0; description "Display brief output"; } enum "detail" { value 1; description "Display detailed output"; } } default "brief"; } } output { choice output_c { leaf output { type string; } anyxml x509-pki-certificate-info-list; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-pki-ca-certificate rpc get-node-local-local-certificate { description "Show router certificate information"; input { uses command-forwarding; choice daemon-select { case logical-system { } // case logical-system } // choice daemon-select choice certificate-choice { leaf certificate-id { type string { length "1 .. 32"; } description "Certificate identifier"; } leaf system-generated { type empty; description "Autogenerated self-signed certificate"; } } // choice certificate-choice leaf level { type enumeration { enum "brief" { value 0; description "Display brief output"; } enum "detail" { value 1; description "Display detailed output"; } } default "brief"; } } output { choice output_c { leaf output { type string; } anyxml x509-pki-certificate-info-list; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-node-local-local-certificate rpc get-node-local-certificate-request { description "Show PKCS-10 certificate request information"; input { uses command-forwarding; choice daemon-select { case logical-system { } // case logical-system } // choice daemon-select leaf certificate-id { type string { length "1 .. 32"; } description "Certificate identifier"; } leaf level { type enumeration { enum "brief" { value 0; description "Display brief output"; } enum "detail" { value 1; description "Display detailed output"; } } default "brief"; } } output { choice output_c { leaf output { type string; } anyxml x509-pki-certificate-info-list; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-node-local-certificate-request rpc get-pki-local-certificate { description "Show router certificate information"; input { uses command-forwarding; choice daemon-select { case logical-system { } // case logical-system } // choice daemon-select choice certificate-choice { leaf certificate-id { type string { length "1 .. 32"; } description "Certificate identifier"; } leaf system-generated { type empty; description "Autogenerated self-signed certificate"; } } // choice certificate-choice leaf level { type enumeration { enum "brief" { value 0; description "Display brief output"; } enum "detail" { value 1; description "Display detailed output"; } } default "brief"; } } output { choice output_c { leaf output { type string; } anyxml x509-pki-certificate-info-list; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-pki-local-certificate rpc get-pki-crl { description "Show certificate revocation list information"; input { uses command-forwarding; choice daemon-select { case logical-system { } // case logical-system } // choice daemon-select leaf ca-profile { type string { length "1 .. 32"; } description "Certificate authority profile"; } leaf level { type enumeration { enum "brief" { value 0; description "Display brief output"; } enum "detail" { value 1; description "Display detailed output"; } } default "brief"; } } output { choice output_c { leaf output { type string; } anyxml x509-pkid-crl-information-list; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-pki-crl rpc get-gvpn-security-associations-information { description "Show IPSec security association information"; input { uses command-forwarding; leaf level { type enumeration { enum "brief" { value 0; description "Display brief output"; } enum "detail" { value 1; description "Display detailed output"; } } default "brief"; } leaf show-gvpn-index-ipsec-security-association { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10001 .. 20000"; } } description "Index of security association"; } leaf group-id { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Group VPN identification number"; } leaf service-set { type string; description "Service set name"; } } output { choice output_c { leaf output { type string; } anyxml ipsec-security-associations-information; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-gvpn-security-associations-information rpc get-gvpn-ipsec-statistics-information { description "Show IPSec statistics"; input { uses command-forwarding; leaf fpc { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "FPC slot number"; } leaf pic { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "PIC slot number"; } leaf show-gvpn-index-ipsec-statistics { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10001 .. 20000"; } } description "Index of Security Association"; } } output { choice output_c { leaf output { type string; } anyxml usp-ipsec-total-statistics-information; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-gvpn-ipsec-statistics-information rpc get-gvpn-inactive-tunnels { description "Inactive-tunnels"; input { uses command-forwarding; leaf level { type enumeration { enum "brief" { value 0; description "Display brief output"; } enum "detail" { value 1; description "Display detailed output"; } } default "brief"; } leaf group-id { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Group VPN identification number"; } leaf service-set { type string; description "Service set name"; } } output { choice output_c { leaf output { type string; } anyxml ipsec-unestablished-tunnel-information; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-gvpn-inactive-tunnels rpc get-gvpn-ike-security-associations-information { description "Show IKE security association information"; input { uses command-forwarding; leaf level { type enumeration { enum "brief" { value 0; description "Show brief output (default)"; } enum "detail" { value 1; description "Show detailed output"; } } default "brief"; } leaf peer-address { type jt:ipaddr; description "IP address of the peer"; } leaf index { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Index of security association"; } leaf service-set { type string; description "Service set name"; } } output { choice output_c { leaf output { type string; } anyxml ike-security-associations-information; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-gvpn-ike-security-associations-information rpc get-gvpn-kek-security-associations-information { description "Show KEK security association information"; input { uses command-forwarding; leaf level { type enumeration { enum "brief" { value 0; description "Show brief output (default)"; } enum "detail" { value 1; description "Show detailed output"; } } default "brief"; } leaf peer-address { type jt:ipaddr; description "IP address of the peer"; } leaf index { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Index of security association"; } choice groupchoice { description "Specify a group by name or ID"; leaf group-id { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Group VPN identification number"; } leaf vpn { type string { length "1 .. 32"; } description "Group VPN Name"; } } // choice groupchoice } output { choice output_c { leaf output { type string; } anyxml gvpn-kek-security-associations-information; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-gvpn-kek-security-associations-information rpc get-hakr-keychain-information { description "Show all protocols keychain"; input { leaf verbosity { type enumeration { enum "brief" { value 0; description "Display brief output (default)"; } enum "detail" { value 1; description "Display detailed output"; } } default "brief"; } } output { choice output_c { leaf output { type string; } anyxml hakr-keychain-information; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-hakr-keychain-information rpc get-mka-session-information { description "Show MKA sessions information"; input { leaf verbosity_level { type enumeration { enum "summary" { value 0; description "Display summary output"; } enum "brief" { value 1; description "Display brief output (default)"; } enum "detail" { value 2; description "Display detailed output"; } } default "brief"; } } output { choice output_c { leaf output { type string; } anyxml mka-session-information; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-mka-session-information rpc get-mka-session-interface-information { description "Show MKA session on this interface"; input { leaf verbosity_level { type enumeration { enum "summary" { value 0; description "Display summary output"; } enum "brief" { value 1; description "Display brief output (default)"; } enum "detail" { value 2; description "Display detailed output"; } } default "brief"; } leaf interface-name { type string; default "all"; description "Show MKA session for this interface"; } } output { choice output_c { leaf output { type string; } anyxml mka-session-information; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-mka-session-interface-information rpc get-mka-statistics { description "Show MKA statistics"; output { choice output_c { leaf output { type string; } anyxml mka-statistics; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-mka-statistics rpc get-mka-interface-statistics { description "Show MKA statistics on this interface"; input { leaf interface-name { type string; default "all"; description "Show MKA statistics for this interface"; } } output { choice output_c { leaf output { type string; } anyxml mka-statistics; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-mka-interface-statistics rpc get-macsec-connection-information { description "Show MAC Security connections information"; output { choice output_c { leaf output { type string; } anyxml macsec-connection-information; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-macsec-connection-information rpc get-macsec-connection-interface-information { description "Show MAC security connections on this interface"; input { leaf interface-name { type string; default "all"; description "Show MAC security connections for this interface"; } } output { choice output_c { leaf output { type string; } anyxml macsec-connection-information; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-macsec-connection-interface-information rpc get-macsec-statistics { description "Show MAC Security statistics"; input { leaf verbosity_level { type enumeration { enum "brief" { value 0; description "Display brief output (default)"; } enum "detail" { value 1; description "Display detailed output"; } } default "brief"; } } output { choice output_c { leaf output { type string; } anyxml macsec-statistics; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-macsec-statistics rpc get-macsec-interface-statistics { description "Show MAC security statistics on this interface"; input { leaf verbosity_level { type enumeration { enum "brief" { value 0; description "Display brief output (default)"; } enum "detail" { value 1; description "Display detailed output"; } } default "brief"; } leaf interface-name { type string; default "all"; description "Show MAC security statistics for this interface"; } } output { choice output_c { leaf output { type string; } anyxml macsec-statistics; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-macsec-interface-statistics rpc get-macsec-crypto-algorithms { description "Show fips validated algorithms used by MACsec module from crypto library"; output { choice output_c { leaf output { type string; } anyxml macsec-crypto-algorithms; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-macsec-crypto-algorithms rpc get-macsec-crypto-version { description "Show version of crypto library used by MACsec module"; output { choice output_c { leaf output { type string; } anyxml macsec-crypto-version; anyxml multi-routing-engine-results; } // choice output_c } } // rpc get-macsec-crypto-version grouping command-forwarding { choice chassis-selector { leaf all-chassis { type empty; description "All chassis"; } leaf all-lcc { type empty; description "All LCC chassis"; } leaf scc { type empty; description "SCC"; } leaf sfc { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "SFC"; } leaf lcc { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Specific LCC"; } leaf node { type string; description "Specific node"; } leaf bsys { type empty; description "Base system"; } leaf gnf { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } description "Specific guest network function"; } leaf all-gnfs { type empty; description "All guest network functions"; } leaf all-system { type empty; description "All system (BSYS and GNFs)"; } leaf server { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 1"; } } description "Specific server slot"; } leaf all-servers { type empty; description "All servers"; } leaf vnf { type string; description "Specific virtual-network-function"; } leaf all-vnfs { type empty; description "All virtual-network-functions"; } } // choice chassis-selector choice re-selector { leaf re0 { type empty; description "RE0"; } leaf re1 { type empty; description "RE1"; } leaf routing-engine { type enumeration { enum "local" { value 0; description "Local routing engine"; } enum "other" { value 1; description "Other routing engine"; } enum "master" { value 2; description "Master routing engine"; } enum "backup" { value 3; description "Backup routing engine"; } enum "both" { value 4; description "Both routing engines"; } } description "Specific routing engine"; } } // choice re-selector choice lr-selector { leaf logical-system { type string; description "Name of logical system, or 'all'"; } } // choice lr-selector choice tenant-selector { leaf tenant { type string; description "Name of tenant, or 'all'"; } } // choice tenant-selector choice vc-selector { leaf local { type empty; description "Local virtual chassis member"; } leaf all-members { type empty; description "All virtual chassis members"; } leaf member { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Specific virtual chassis member"; } } // choice vc-selector } // grouping command-forwarding } // module junos-ex-rpc-security
© 2023 YumaWorks, Inc. All rights reserved.