Skip to content

rust-srxmcp v0.2.0 — Phase 2 IDP signature-package lifecycle

Choose a tag to compare

@fastrevmd-lab fastrevmd-lab released this 26 May 17:44
f6bd675

What's new

manage_idp_security_package — full IDP signature-package lifecycle on Juniper SRX:

  • check_server — query latest available signature version from signatures.juniper.net
  • download_and_install — confirmation-gated, idempotent (already_at_target short-circuit), supports explicit version pinning
  • rollback — restores previously installed signature version
  • Cluster-aware: synchronizes both nodes on chassis-cluster devices

Fixes shipped with this release (#73)

  • IDP composite RPC shapescheck-server, download-status, and install-status are composite XML (parent + empty child), not flat hyphenated names. Same failure mode as Phase 1B #68.
  • Junos 24.4R0 license-schema tolerance — parser now accepts both legacy (<licenses-installed>/<licenses-used>/<licenses-needed>/<license-type>) and 24.4R0+ live (<licensed>/<used-licensed>/<needed>/<validity-type>) element names. Previously, counts read as zero on 24.4R0 devices, tripping the preflight defence-in-depth check on devices that clearly had the license installed.

Validation

5/7 destructive live smokes pass on vSRX-test3 against LXC 601:30032:

  • idp_check_server_returns_latest_version
  • idp_download_and_install_call1_returns_plan
  • idp_download_and_install_call2_succeeds ✅ (237s — real ~300 MB pull from signatures.juniper.net)
  • idp_already_at_target_short_circuits
  • idp_version_pin_accepts_explicit
  • idp_rollback_after_install_restores_previous — lab precondition (no prior IDP package on test3)
  • idp_cluster_install_syncs_both_nodes — known lab gap (no IDP-licensed cluster pair)

Tool surface

7 srxmcp tools total (up from 6 in v0.1.2):

  • srxmcp_status, check_srx_feature_license, vpn_lifecycle_report, get_chassis_cluster_status, get_srx_security_services_status
  • manage_idp_security_package (new in this release)

Deployed to LXC 601:30032.