rust-srxmcp v0.2.0 — Phase 2 IDP signature-package lifecycle
What's new
manage_idp_security_package — full IDP signature-package lifecycle on Juniper SRX:
check_server— query latest available signature version fromsignatures.juniper.netdownload_and_install— confirmation-gated, idempotent (already_at_targetshort-circuit), supports explicit version pinningrollback— restores previously installed signature version- Cluster-aware: synchronizes both nodes on chassis-cluster devices
Fixes shipped with this release (#73)
- IDP composite RPC shapes —
check-server,download-status, andinstall-statusare composite XML (parent + empty child), not flat hyphenated names. Same failure mode as Phase 1B #68. - Junos 24.4R0 license-schema tolerance — parser now accepts both legacy (
<licenses-installed>/<licenses-used>/<licenses-needed>/<license-type>) and 24.4R0+ live (<licensed>/<used-licensed>/<needed>/<validity-type>) element names. Previously, counts read as zero on 24.4R0 devices, tripping the preflight defence-in-depth check on devices that clearly had the license installed.
Validation
5/7 destructive live smokes pass on vSRX-test3 against LXC 601:30032:
idp_check_server_returns_latest_version✅idp_download_and_install_call1_returns_plan✅idp_download_and_install_call2_succeeds✅ (237s — real ~300 MB pull fromsignatures.juniper.net)idp_already_at_target_short_circuits✅idp_version_pin_accepts_explicit✅idp_rollback_after_install_restores_previous— lab precondition (no prior IDP package on test3)idp_cluster_install_syncs_both_nodes— known lab gap (no IDP-licensed cluster pair)
Tool surface
7 srxmcp tools total (up from 6 in v0.1.2):
srxmcp_status,check_srx_feature_license,vpn_lifecycle_report,get_chassis_cluster_status,get_srx_security_services_statusmanage_idp_security_package(new in this release)
Deployed to LXC 601:30032.