@pulumi/juniper-mist
Version:
A Pulumi package for creating and managing Juniper Mist resources.
1,335 lines • 586 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
export interface UpgradeDeviceAutoUpgradeStat {
lastcheck?: pulumi.Input<number>;
}
export interface UpgradeDeviceFwupdate {
progress?: pulumi.Input<number>;
/**
* enum: `inprogress`, `failed`, `upgraded`, `success`, `scheduled`, `error`
*/
status?: pulumi.Input<string>;
statusId?: pulumi.Input<number>;
/**
* Epoch (seconds)
*/
timestamp?: pulumi.Input<number>;
willRetry?: pulumi.Input<boolean>;
}
export declare namespace device {
interface ApAeroscout {
/**
* Whether to enable aeroscout config
*/
enabled?: pulumi.Input<boolean>;
/**
* Required if enabled, aeroscout server host
*/
host?: pulumi.Input<string>;
/**
* Whether to enable the feature to allow wireless clients data received and sent to AES server for location calculation
*/
locateConnected?: pulumi.Input<boolean>;
port?: pulumi.Input<number>;
}
interface ApAirista {
/**
* Whether to enable Airista config
*/
enabled?: pulumi.Input<boolean>;
/**
* Required if enabled, Airista server host
*/
host?: pulumi.Input<string>;
port?: pulumi.Input<number>;
}
interface ApBleConfig {
/**
* Whether Mist beacons is enabled
*/
beaconEnabled?: pulumi.Input<boolean>;
/**
* Required if `beaconRateMode`==`custom`, 1-10, in number-beacons-per-second
*/
beaconRate?: pulumi.Input<number>;
/**
* enum: `custom`, `default`
*/
beaconRateMode?: pulumi.Input<string>;
/**
* List of AP BLE location beam numbers (1-8) which should be disabled at the AP and not transmit location information (where beam 1 is oriented at the top the AP, growing counter-clock-wise, with 9 being the omni BLE beam)
*/
beamDisableds?: pulumi.Input<pulumi.Input<number>[]>;
/**
* Can be enabled if `beaconEnabled`==`true`, whether to send custom packet
*/
customBlePacketEnabled?: pulumi.Input<boolean>;
/**
* The custom frame to be sent out in this beacon. The frame must be a hexstring
*/
customBlePacketFrame?: pulumi.Input<string>;
/**
* Frequency (msec) of data emitted by custom ble beacon
*/
customBlePacketFreqMsec?: pulumi.Input<number>;
/**
* Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default
*/
eddystoneUidAdvPower?: pulumi.Input<number>;
eddystoneUidBeams?: pulumi.Input<string>;
/**
* Only if `beaconEnabled`==`false`, Whether Eddystone-UID beacon is enabled
*/
eddystoneUidEnabled?: pulumi.Input<boolean>;
/**
* Frequency (msec) of data emit by Eddystone-UID beacon
*/
eddystoneUidFreqMsec?: pulumi.Input<number>;
/**
* Eddystone-UID instance for the device
*/
eddystoneUidInstance?: pulumi.Input<string>;
/**
* Eddystone-UID namespace
*/
eddystoneUidNamespace?: pulumi.Input<string>;
/**
* Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default
*/
eddystoneUrlAdvPower?: pulumi.Input<number>;
eddystoneUrlBeams?: pulumi.Input<string>;
/**
* Only if `beaconEnabled`==`false`, Whether Eddystone-URL beacon is enabled
*/
eddystoneUrlEnabled?: pulumi.Input<boolean>;
/**
* Frequency (msec) of data emit by Eddystone-UID beacon
*/
eddystoneUrlFreqMsec?: pulumi.Input<number>;
/**
* URL pointed by Eddystone-URL beacon
*/
eddystoneUrlUrl?: pulumi.Input<string>;
/**
* Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default
*/
ibeaconAdvPower?: pulumi.Input<number>;
ibeaconBeams?: pulumi.Input<string>;
/**
* Can be enabled if `beaconEnabled`==`true`, whether to send iBeacon
*/
ibeaconEnabled?: pulumi.Input<boolean>;
/**
* Frequency (msec) of data emit for iBeacon
*/
ibeaconFreqMsec?: pulumi.Input<number>;
/**
* Major number for iBeacon
*/
ibeaconMajor?: pulumi.Input<number>;
/**
* Minor number for iBeacon
*/
ibeaconMinor?: pulumi.Input<number>;
/**
* Optional, if not specified, the same UUID as the beacon will be used
*/
ibeaconUuid?: pulumi.Input<string>;
/**
* Required if `powerMode`==`custom`; else use `powerMode` as default
*/
power?: pulumi.Input<number>;
/**
* enum: `custom`, `default`
*/
powerMode?: pulumi.Input<string>;
}
interface ApCentrak {
enabled?: pulumi.Input<boolean>;
}
interface ApClientBridge {
auth?: pulumi.Input<inputs.device.ApClientBridgeAuth>;
/**
* When acted as client bridge:
* * only 5G radio can be used
* * will not serve as AP on any radios
*/
enabled?: pulumi.Input<boolean>;
ssid?: pulumi.Input<string>;
}
interface ApClientBridgeAuth {
psk?: pulumi.Input<string>;
/**
* wpa2-AES/CCMPp is assumed when `type`==`psk`. enum: `open`, `psk`
*/
type?: pulumi.Input<string>;
}
interface ApEslConfig {
/**
* Only if `type`==`imagotag` or `type`==`native`
*/
cacert?: pulumi.Input<string>;
/**
* Only if `type`==`imagotag` or `type`==`native`
*/
channel?: pulumi.Input<number>;
/**
* usb_config is ignored if eslConfig enabled
*/
enabled?: pulumi.Input<boolean>;
/**
* Only if `type`==`imagotag` or `type`==`native`
*/
host?: pulumi.Input<string>;
/**
* Only if `type`==`imagotag` or `type`==`native`
*/
port?: pulumi.Input<number>;
/**
* note: bleConfig will be ignored if eslConfig is enabled and with native mode. enum: `hanshow`, `imagotag`, `native`, `solum`
*/
type?: pulumi.Input<string>;
/**
* Only if `type`==`imagotag` or `type`==`native`
*/
verifyCert?: pulumi.Input<boolean>;
/**
* Only if `type`==`solum` or `type`==`hanshow`
*/
vlanId?: pulumi.Input<number>;
}
interface ApIpConfig {
/**
* If `type`==`static`
*/
dns?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Required if `type`==`static`
*/
dnsSuffixes?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Required if `type`==`static`
*/
gateway?: pulumi.Input<string>;
gateway6?: pulumi.Input<string>;
/**
* Required if `type`==`static`
*/
ip?: pulumi.Input<string>;
ip6?: pulumi.Input<string>;
mtu?: pulumi.Input<number>;
/**
* Required if `type`==`static`
*/
netmask?: pulumi.Input<string>;
netmask6?: pulumi.Input<string>;
/**
* enum: `dhcp`, `static`
*/
type?: pulumi.Input<string>;
/**
* enum: `autoconf`, `dhcp`, `disabled`, `static`
*/
type6?: pulumi.Input<string>;
/**
* Management VLAN id, default is 1 (untagged)
*/
vlanId?: pulumi.Input<number>;
}
interface ApLacpConfig {
enabled?: pulumi.Input<boolean>;
}
interface ApLed {
brightness?: pulumi.Input<number>;
enabled?: pulumi.Input<boolean>;
}
interface ApMesh {
/**
* List of bands that the mesh should apply to. For relay, the first viable one will be picked. For relay, the first viable one will be picked. enum: `24`, `5`, `6`
*/
bands?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether mesh is enabled on this AP
*/
enabled?: pulumi.Input<boolean>;
/**
* Mesh group, base AP(s) will only allow remote AP(s) in the same mesh group to join, 1-9, optional
*/
group?: pulumi.Input<number>;
/**
* enum: `base`, `remote`
*/
role?: pulumi.Input<string>;
}
interface ApPortConfig {
disabled?: pulumi.Input<boolean>;
/**
* Optional dynamic vlan
*/
dynamicVlan?: pulumi.Input<inputs.device.ApPortConfigDynamicVlan>;
enableMacAuth?: pulumi.Input<boolean>;
/**
* enum:
* * `all`: local breakout, All VLANs
* * `limited`: local breakout, only the VLANs configured in `portVlanId` and `vlanIds`
* * `mxtunnel`: central breakout to an Org Mist Edge (requires `mxtunnelId`)
* * `siteMxedge`: central breakout to a Site Mist Edge (requires `mxtunnelName`)
* * `wxtunnel`': central breakout to an Org WxTunnel (requires `wxtunnelId`)
*/
forwarding?: pulumi.Input<string>;
/**
* When `true`, we'll do dot1x then mac_auth. enable this to prefer mac_auth
*/
macAuthPreferred?: pulumi.Input<boolean>;
/**
* if `enableMacAuth`==`true`, allows user to select an authentication protocol. enum: `eap-md5`, `eap-peap`, `pap`
*/
macAuthProtocol?: pulumi.Input<string>;
mistNac?: pulumi.Input<inputs.device.ApPortConfigMistNac>;
/**
* If `forwarding`==`mxtunnel`, vlanIds comes from mxtunnel
*/
mxTunnelId?: pulumi.Input<string>;
/**
* If `forwarding`==`siteMxedge`, vlanIds comes from siteMxedge (`mxtunnels` under site setting)
*/
mxtunnelName?: pulumi.Input<string>;
/**
* When doing port auth. enum: `dot1x`, `none`
*/
portAuth?: pulumi.Input<string>;
/**
* If `forwarding`==`limited`
*/
portVlanId?: pulumi.Input<number>;
/**
* Junos Radius config
*/
radiusConfig?: pulumi.Input<inputs.device.ApPortConfigRadiusConfig>;
/**
* RadSec settings
*/
radsec?: pulumi.Input<inputs.device.ApPortConfigRadsec>;
/**
* Optional to specify the vlan id for a tunnel if forwarding is for `wxtunnel`, `mxtunnel` or `siteMxedge`.
* * if vlanId is not specified then it will use first one in vlan_ids[] of the mxtunnel.
* * if forwarding == site_mxedge, vlanIds comes from siteMxedge (`mxtunnels` under site setting)
*/
vlanId?: pulumi.Input<number>;
/**
* If `forwarding`==`limited`, comma separated list of additional vlan ids allowed on this port
*/
vlanIds?: pulumi.Input<string>;
/**
* If `forwarding`==`wxtunnel`, the port is bridged to the vlan of the session
*/
wxtunnelId?: pulumi.Input<string>;
/**
* If `forwarding`==`wxtunnel`, the port is bridged to the vlan of the session
*/
wxtunnelRemoteId?: pulumi.Input<string>;
}
interface ApPortConfigDynamicVlan {
defaultVlanId?: pulumi.Input<number>;
enabled?: pulumi.Input<boolean>;
type?: pulumi.Input<string>;
vlans?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
}
interface ApPortConfigMistNac {
/**
* How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled.
*/
acctInterimInterval?: pulumi.Input<number>;
/**
* Radius auth session retries. Following fast timers are set if `fastDot1xTimers` knob is enabled. "retries" are set to value of `authServersTimeout`. "max-requests" is also set when setting `authServersRetries` is set to default value to 3.
*/
authServersRetries?: pulumi.Input<number>;
/**
* Radius auth session timeout. Following fast timers are set if `fastDot1xTimers` knob is enabled. "quite-period" and "transmit-period" are set to half the value of `authServersTimeout`. "supplicant-timeout" is also set when setting `authServersTimeout` is set to default value of 10.
*/
authServersTimeout?: pulumi.Input<number>;
/**
* Allows a RADIUS server to dynamically modify the authorization status of a user session.
*/
coaEnabled?: pulumi.Input<boolean>;
/**
* the communication port used for “Change of Authorization” (CoA) messages
*/
coaPort?: pulumi.Input<number>;
/**
* When enabled:
* * `authServers` is ignored
* * `acctServers` is ignored
* * `auth_servers_*` are ignored
* * `coaServers` is ignored
* * `radsec` is ignored
* * `coaEnabled` is assumed
*/
enabled?: pulumi.Input<boolean>;
/**
* If set to true, sets default fast-timers with values calculated from `authServersTimeout` and `authServerRetries`.
*/
fastDot1xTimers?: pulumi.Input<boolean>;
/**
* Which network the mist nac server resides in
*/
network?: pulumi.Input<string>;
/**
* In case there is a static IP for this network, we can specify it using source ip
*/
sourceIp?: pulumi.Input<string>;
}
interface ApPortConfigRadiusConfig {
/**
* How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
*/
acctInterimInterval?: pulumi.Input<number>;
acctServers?: pulumi.Input<pulumi.Input<inputs.device.ApPortConfigRadiusConfigAcctServer>[]>;
authServers?: pulumi.Input<pulumi.Input<inputs.device.ApPortConfigRadiusConfigAuthServer>[]>;
/**
* radius auth session retries
*/
authServersRetries?: pulumi.Input<number>;
/**
* radius auth session timeout
*/
authServersTimeout?: pulumi.Input<number>;
coaEnabled?: pulumi.Input<boolean>;
coaPort?: pulumi.Input<number>;
/**
* use `network`or `sourceIp`, which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
*/
network?: pulumi.Input<string>;
/**
* use `network`or `sourceIp`
*/
sourceIp?: pulumi.Input<string>;
}
interface ApPortConfigRadiusConfigAcctServer {
/**
* IP/ hostname of RADIUS server
*/
host: pulumi.Input<string>;
keywrapEnabled?: pulumi.Input<boolean>;
/**
* enum: `ascii`, `hex`
*/
keywrapFormat?: pulumi.Input<string>;
keywrapKek?: pulumi.Input<string>;
keywrapMack?: pulumi.Input<string>;
port?: pulumi.Input<string>;
/**
* Secret of RADIUS server
*/
secret: pulumi.Input<string>;
}
interface ApPortConfigRadiusConfigAuthServer {
/**
* IP/ hostname of RADIUS server
*/
host: pulumi.Input<string>;
keywrapEnabled?: pulumi.Input<boolean>;
/**
* enum: `ascii`, `hex`
*/
keywrapFormat?: pulumi.Input<string>;
keywrapKek?: pulumi.Input<string>;
keywrapMack?: pulumi.Input<string>;
port?: pulumi.Input<string>;
/**
* Whether to require Message-Authenticator in requests
*/
requireMessageAuthenticator?: pulumi.Input<boolean>;
/**
* Secret of RADIUS server
*/
secret: pulumi.Input<string>;
}
interface ApPortConfigRadsec {
coaEnabled?: pulumi.Input<boolean>;
enabled?: pulumi.Input<boolean>;
idleTimeout?: pulumi.Input<string>;
/**
* To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
*/
mxclusterIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Default is site.mxedge.radsec.proxy_hosts which must be a superset of all `wlans[*].radsec.proxy_hosts`. When `radsec.proxy_hosts` are not used, tunnel peers (org or site mxedges) are used irrespective of `useSiteMxedge`
*/
proxyHosts?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
*/
serverName?: pulumi.Input<string>;
/**
* List of RadSec Servers. Only if not Mist Edge.
*/
servers?: pulumi.Input<pulumi.Input<inputs.device.ApPortConfigRadsecServer>[]>;
/**
* use mxedge(s) as RadSec Proxy
*/
useMxedge?: pulumi.Input<boolean>;
/**
* To use Site mxedges when this WLAN does not use mxtunnel
*/
useSiteMxedge?: pulumi.Input<boolean>;
}
interface ApPortConfigRadsecServer {
host?: pulumi.Input<string>;
port?: pulumi.Input<number>;
}
interface ApPwrConfig {
/**
* Additional power to request during negotiating with PSE over PoE, in mW
*/
base?: pulumi.Input<number>;
/**
* Whether to enable power out to peripheral, meanwhile will reduce power to Wi-Fi (only for AP45 at power mode)
*/
preferUsbOverWifi?: pulumi.Input<boolean>;
}
interface ApRadioConfig {
allowRrmDisable?: pulumi.Input<boolean>;
/**
* Antenna gain for 2.4G - for models with external antenna only
*/
antGain24?: pulumi.Input<number>;
/**
* Antenna gain for 5G - for models with external antenna only
*/
antGain5?: pulumi.Input<number>;
/**
* Antenna gain for 6G - for models with external antenna only
*/
antGain6?: pulumi.Input<number>;
/**
* enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
*/
antennaMode?: pulumi.Input<string>;
/**
* Antenna Mode for AP which supports selectable antennas. enum: `""` (default), `external`, `internal`
*/
antennaSelect?: pulumi.Input<string>;
/**
* Radio Band AP settings
*/
band24?: pulumi.Input<inputs.device.ApRadioConfigBand24>;
/**
* enum: `24`, `5`, `6`, `auto`
*/
band24Usage?: pulumi.Input<string>;
/**
* Radio Band AP settings
*/
band5?: pulumi.Input<inputs.device.ApRadioConfigBand5>;
/**
* Radio Band AP settings
*/
band5On24Radio?: pulumi.Input<inputs.device.ApRadioConfigBand5On24Radio>;
/**
* Radio Band AP settings
*/
band6?: pulumi.Input<inputs.device.ApRadioConfigBand6>;
/**
* Let RRM control everything, only the `channels` and `antGain` will be honored (i.e. disabled/bandwidth/power/band_24_usage are all controlled by RRM)
*/
fullAutomaticRrm?: pulumi.Input<boolean>;
/**
* To make an outdoor operate indoor. For an outdoor-ap, some channels are disallowed by default, this allows the user to use it as an indoor-ap
*/
indoorUse?: pulumi.Input<boolean>;
/**
* Enable RRM to manage all radio settings (ignores all bandXxx configs)
*/
rrmManaged?: pulumi.Input<boolean>;
/**
* Whether scanning radio is enabled
*/
scanningEnabled?: pulumi.Input<boolean>;
}
interface ApRadioConfigBand24 {
allowRrmDisable?: pulumi.Input<boolean>;
antGain?: pulumi.Input<number>;
/**
* enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
*/
antennaMode?: pulumi.Input<string>;
/**
* channel width for the 2.4GHz band. enum: `0`(disabled, response only), `20`, `40`
*/
bandwidth?: pulumi.Input<number>;
/**
* For Device. (primary) channel for the band, 0 means using the Site Setting
*/
channel?: pulumi.Input<number>;
/**
* For RFTemplates. List of channels, null or empty array means auto
*/
channels?: pulumi.Input<pulumi.Input<number>[]>;
/**
* Whether to disable the radio
*/
disabled?: pulumi.Input<boolean>;
/**
* TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
*/
power?: pulumi.Input<number>;
/**
* When power=0, max tx power to use, HW-specific values will be used if not set
*/
powerMax?: pulumi.Input<number>;
/**
* When power=0, min tx power to use, HW-specific values will be used if not set
*/
powerMin?: pulumi.Input<number>;
/**
* enum: `auto`, `long`, `short`
*/
preamble?: pulumi.Input<string>;
}
interface ApRadioConfigBand5 {
allowRrmDisable?: pulumi.Input<boolean>;
antGain?: pulumi.Input<number>;
/**
* enum: `narrow`, `medium`, `wide`
*/
antennaBeamPattern?: pulumi.Input<string>;
/**
* enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
*/
antennaMode?: pulumi.Input<string>;
/**
* channel width for the 5GHz band. enum: `0`(disabled, response only), `20`, `40`, `80`
*/
bandwidth?: pulumi.Input<number>;
/**
* For Device. (primary) channel for the band, 0 means using the Site Setting
*/
channel?: pulumi.Input<number>;
/**
* For RFTemplates. List of channels, null or empty array means auto
*/
channels?: pulumi.Input<pulumi.Input<number>[]>;
/**
* Whether to disable the radio
*/
disabled?: pulumi.Input<boolean>;
/**
* TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
*/
power?: pulumi.Input<number>;
/**
* When power=0, max tx power to use, HW-specific values will be used if not set
*/
powerMax?: pulumi.Input<number>;
/**
* When power=0, min tx power to use, HW-specific values will be used if not set
*/
powerMin?: pulumi.Input<number>;
/**
* enum: `auto`, `long`, `short`
*/
preamble?: pulumi.Input<string>;
}
interface ApRadioConfigBand5On24Radio {
allowRrmDisable?: pulumi.Input<boolean>;
antGain?: pulumi.Input<number>;
/**
* enum: `narrow`, `medium`, `wide`
*/
antennaBeamPattern?: pulumi.Input<string>;
/**
* enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
*/
antennaMode?: pulumi.Input<string>;
/**
* channel width for the 5GHz band. enum: `0`(disabled, response only), `20`, `40`, `80`
*/
bandwidth?: pulumi.Input<number>;
/**
* For Device. (primary) channel for the band, 0 means using the Site Setting
*/
channel?: pulumi.Input<number>;
/**
* For RFTemplates. List of channels, null or empty array means auto
*/
channels?: pulumi.Input<pulumi.Input<number>[]>;
/**
* Whether to disable the radio
*/
disabled?: pulumi.Input<boolean>;
/**
* TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
*/
power?: pulumi.Input<number>;
/**
* When power=0, max tx power to use, HW-specific values will be used if not set
*/
powerMax?: pulumi.Input<number>;
/**
* When power=0, min tx power to use, HW-specific values will be used if not set
*/
powerMin?: pulumi.Input<number>;
/**
* enum: `auto`, `long`, `short`
*/
preamble?: pulumi.Input<string>;
}
interface ApRadioConfigBand6 {
allowRrmDisable?: pulumi.Input<boolean>;
antGain?: pulumi.Input<number>;
/**
* enum: `narrow`, `medium`, `wide`
*/
antennaBeamPattern?: pulumi.Input<string>;
/**
* enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
*/
antennaMode?: pulumi.Input<string>;
/**
* channel width for the 6GHz band. enum: `0`(disabled, response only), `20`, `40`, `80`, `160`
*/
bandwidth?: pulumi.Input<number>;
/**
* For Device. (primary) channel for the band, 0 means using the Site Setting
*/
channel?: pulumi.Input<number>;
/**
* For RFTemplates. List of channels, null or empty array means auto
*/
channels?: pulumi.Input<pulumi.Input<number>[]>;
/**
* Whether to disable the radio
*/
disabled?: pulumi.Input<boolean>;
/**
* TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
*/
power?: pulumi.Input<number>;
/**
* When power=0, max tx power to use, HW-specific values will be used if not set
*/
powerMax?: pulumi.Input<number>;
/**
* When power=0, min tx power to use, HW-specific values will be used if not set
*/
powerMin?: pulumi.Input<number>;
/**
* enum: `auto`, `long`, `short`
*/
preamble?: pulumi.Input<string>;
/**
* For 6GHz Only, standard-power operation, AFC (Automatic Frequency Coordination) will be performed, and we'll fall back to Low Power Indoor if AFC failed
*/
standardPower?: pulumi.Input<boolean>;
}
interface ApUplinkPortConfig {
/**
* Whether to do 802.1x against uplink switch. When enabled, AP cert will be used to do EAP-TLS and the Org's CA Cert has to be provisioned at the switch
*/
dot1x?: pulumi.Input<boolean>;
/**
* By default, WLANs are disabled when uplink is down. In some scenario, like SiteSurvey, one would want the AP to keep sending beacons.
*/
keepWlansUpIfDown?: pulumi.Input<boolean>;
}
interface ApUsbConfig {
/**
* Only if `type`==`imagotag`
*/
cacert?: pulumi.Input<string>;
/**
* Only if `type`==`imagotag`, channel selection, not needed by default, required for manual channel override only
*/
channel?: pulumi.Input<number>;
/**
* Whether to enable any usb config
*/
enabled?: pulumi.Input<boolean>;
/**
* Only if `type`==`imagotag`
*/
host?: pulumi.Input<string>;
/**
* Only if `type`==`imagotag`
*/
port?: pulumi.Input<number>;
/**
* usb config type. enum: `hanshow`, `imagotag`, `solum`
*/
type?: pulumi.Input<string>;
/**
* Only if `type`==`imagotag`, whether to turn on SSL verification
*/
verifyCert?: pulumi.Input<boolean>;
/**
* Only if `type`==`solum` or `type`==`hanshow`
*/
vlanId?: pulumi.Input<number>;
}
interface BaseLatlng {
lat: pulumi.Input<number>;
lng: pulumi.Input<number>;
}
interface GatewayBgpConfig {
/**
* Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`
*/
authKey?: pulumi.Input<string>;
/**
* Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`, when bfdMultiplier is configured alone. Default:
* * 1000 if `type`==`external`
* * 350 `type`==`internal`
*/
bfdMinimumInterval?: pulumi.Input<number>;
/**
* Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`, when bfdMinimumIntervalIsConfigured alone
*/
bfdMultiplier?: pulumi.Input<number>;
/**
* Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. BFD provides faster path failure detection and is enabled by default
*/
disableBfd?: pulumi.Input<boolean>;
export?: pulumi.Input<string>;
/**
* Default export policies if no per-neighbor policies defined
*/
exportPolicy?: pulumi.Input<string>;
/**
* Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. By default, either inet/net6 unicast depending on neighbor IP family (v4 or v6). For v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
*/
extendedV4Nexthop?: pulumi.Input<boolean>;
/**
* Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. `0` means disable
*/
gracefulRestartTime?: pulumi.Input<number>;
/**
* Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. Default is 90.
*/
holdTime?: pulumi.Input<number>;
import?: pulumi.Input<string>;
/**
* Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. Default import policies if no per-neighbor policies defined
*/
importPolicy?: pulumi.Input<string>;
/**
* Required if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. BGPLocal AS. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`)
*/
localAs?: pulumi.Input<string>;
/**
* Neighbor AS. If `type`==`internal`, must be equal to `localAs`. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`)
*/
neighborAs?: pulumi.Input<string>;
/**
* Required if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. If per-neighbor as is desired. Property key is the neighbor address
*/
neighbors?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.device.GatewayBgpConfigNeighbors>;
}>;
/**
* Optional if `via`==`lan`. List of networks where we expect BGP neighbor to connect to/from
*/
networks?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. If true, we will not advertise private ASNs (AS 64512-65534) to this neighbor
*/
noPrivateAs?: pulumi.Input<boolean>;
/**
* Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. By default, we'll re-advertise all learned BGP routers toward overlay
*/
noReadvertiseToOverlay?: pulumi.Input<boolean>;
/**
* Optional if `via`==`tunnel`
*/
tunnelName?: pulumi.Input<string>;
/**
* Required if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. enum: `external`, `internal`
*/
type?: pulumi.Input<string>;
/**
* enum: `lan`, `tunnel`, `vpn`, `wan`
*/
via: pulumi.Input<string>;
/**
* Optional if `via`==`vpn`
*/
vpnName?: pulumi.Input<string>;
/**
* Optional if `via`==`wan`
*/
wanName?: pulumi.Input<string>;
}
interface GatewayBgpConfigNeighbors {
/**
* If true, the BGP session to this neighbor will be administratively disabled/shutdown
*/
disabled?: pulumi.Input<boolean>;
exportPolicy?: pulumi.Input<string>;
holdTime?: pulumi.Input<number>;
importPolicy?: pulumi.Input<string>;
/**
* Assuming BGP neighbor is directly connected
*/
multihopTtl?: pulumi.Input<number>;
/**
* Neighbor AS. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`)
*/
neighborAs: pulumi.Input<string>;
}
interface GatewayClusterNode {
/**
* Gateway MAC Address. Format is `[0-9a-f]{12}` (e.g. "5684dae9ac8b")
*/
mac: pulumi.Input<string>;
}
interface GatewayDhcpdConfig {
/**
* Property key is the network name
*/
config?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.device.GatewayDhcpdConfigConfig>;
}>;
/**
* If set to `false`, disable the DHCP server
*/
enabled?: pulumi.Input<boolean>;
}
interface GatewayDhcpdConfigConfig {
/**
* If `type`==`local` or `type6`==`local` - optional, if not defined, system one will be used
*/
dnsServers?: pulumi.Input<pulumi.Input<string>[]>;
/**
* If `type`==`local` or `type6`==`local` - optional, if not defined, system one will be used
*
* @deprecated Configuring `dnsSuffix` is deprecated and will not be supported in the future, please configure Code 15 or Code 119 in Server `options` instead
*/
dnsSuffixes?: pulumi.Input<pulumi.Input<string>[]>;
/**
* If `type`==`local` or `type6`==`local`. Property key is the MAC Address. Format is `[0-9a-f]{12}` (e.g. "5684dae9ac8b")
*/
fixedBindings?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.device.GatewayDhcpdConfigConfigFixedBindings>;
}>;
/**
* If `type`==`local` - optional, `ip` will be used if not provided
*/
gateway?: pulumi.Input<string>;
/**
* If `type6`==`local`
*/
ip6End?: pulumi.Input<string>;
/**
* If `type6`==`local`
*/
ip6Start?: pulumi.Input<string>;
/**
* If `type`==`local`
*/
ipEnd?: pulumi.Input<string>;
/**
* If `type`==`local`
*/
ipStart?: pulumi.Input<string>;
/**
* In seconds, lease time has to be between 3600 [1hr] - 604800 [1 week], default is 86400 [1 day]
*/
leaseTime?: pulumi.Input<number>;
/**
* If `type`==`local` or `type6`==`local`. Property key is the DHCP option number
*/
options?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.device.GatewayDhcpdConfigConfigOptions>;
}>;
/**
* `serverIdOverride`==`true` means the device, when acts as DHCP relay and forwards DHCP responses from DHCP server to clients,
* should overwrite the Sever Identifier option (i.e. DHCP option 54) in DHCP responses with its own IP address.
*/
serverIdOverride?: pulumi.Input<boolean>;
/**
* If `type`==`relay`
*/
servers?: pulumi.Input<pulumi.Input<string>[]>;
/**
* If `type6`==`relay`
*/
serversv6s?: pulumi.Input<pulumi.Input<string>[]>;
/**
* enum: `local` (DHCP Server), `none`, `relay` (DHCP Relay)
*/
type?: pulumi.Input<string>;
/**
* enum: `local` (DHCP Server), `none`, `relay` (DHCP Relay)
*/
type6?: pulumi.Input<string>;
/**
* If `type`==`local` or `type6`==`local`. Property key is <enterprise number>:<sub option code>, with
* * enterprise number: 1-65535 (https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers)
* * sub option code: 1-255, sub-option code
*/
vendorEncapsulated?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.device.GatewayDhcpdConfigConfigVendorEncapsulated>;
}>;
}
interface GatewayDhcpdConfigConfigFixedBindings {
ip?: pulumi.Input<string>;
ip6?: pulumi.Input<string>;
name?: pulumi.Input<string>;
}
interface GatewayDhcpdConfigConfigOptions {
/**
* enum: `boolean`, `hex`, `int16`, `int32`, `ip`, `string`, `uint16`, `uint32`
*/
type?: pulumi.Input<string>;
value?: pulumi.Input<string>;
}
interface GatewayDhcpdConfigConfigVendorEncapsulated {
/**
* enum: `boolean`, `hex`, `int16`, `int32`, `ip`, `string`, `uint16`, `uint32`
*/
type?: pulumi.Input<string>;
value?: pulumi.Input<string>;
}
interface GatewayExtraRoutes {
via: pulumi.Input<string>;
}
interface GatewayExtraRoutes6 {
via: pulumi.Input<string>;
}
interface GatewayGatewayMgmt {
/**
* Rollback timer for commit confirmed
*/
configRevertTimer?: pulumi.Input<number>;
}
interface GatewayIdpProfiles {
/**
* enum: `critical`, `standard`, `strict`
*/
baseProfile?: pulumi.Input<string>;
/**
* Unique ID of the object instance in the Mist Organization
*/
id?: pulumi.Input<string>;
name?: pulumi.Input<string>;
orgId?: pulumi.Input<string>;
overwrites?: pulumi.Input<pulumi.Input<inputs.device.GatewayIdpProfilesOverwrite>[]>;
}
interface GatewayIdpProfilesOverwrite {
/**
* enum:
* * alert (default)
* * drop: silently dropping packets
* * close: notify client/server to close connection
*/
action?: pulumi.Input<string>;
matching?: pulumi.Input<inputs.device.GatewayIdpProfilesOverwriteMatching>;
name?: pulumi.Input<string>;
}
interface GatewayIdpProfilesOverwriteMatching {
attackNames?: pulumi.Input<pulumi.Input<string>[]>;
dstSubnets?: pulumi.Input<pulumi.Input<string>[]>;
severities?: pulumi.Input<pulumi.Input<string>[]>;
}
interface GatewayIpConfigs {
ip?: pulumi.Input<string>;
ip6?: pulumi.Input<string>;
netmask?: pulumi.Input<string>;
netmask6?: pulumi.Input<string>;
/**
* Optional list of secondary IPs in CIDR format
*/
secondaryIps?: pulumi.Input<pulumi.Input<string>[]>;
/**
* enum: `dhcp`, `static`
*/
type?: pulumi.Input<string>;
/**
* enum: `autoconf`, `dhcp`, `disabled`, `static`
*/
type6?: pulumi.Input<string>;
}
interface GatewayNetwork {
/**
* Whether to disallow Mist Devices in the network
*/
disallowMistServices?: pulumi.Input<boolean>;
gateway?: pulumi.Input<string>;
gateway6?: pulumi.Input<string>;
internalAccess?: pulumi.Input<inputs.device.GatewayNetworkInternalAccess>;
/**
* Whether this network has direct internet access
*/
internetAccess?: pulumi.Input<inputs.device.GatewayNetworkInternetAccess>;
/**
* Whether to allow clients in the network to talk to each other
*/
isolation?: pulumi.Input<boolean>;
/**
* Whether to enable multicast support (only PIM-sparse mode is supported)
*/
multicast?: pulumi.Input<inputs.device.GatewayNetworkMulticast>;
name: pulumi.Input<string>;
/**
* For a Network (usually LAN), it can be routable to other networks (e.g. OSPF)
*/
routedForNetworks?: pulumi.Input<pulumi.Input<string>[]>;
subnet: pulumi.Input<string>;
subnet6?: pulumi.Input<string>;
/**
* Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}")
*/
tenants?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.device.GatewayNetworkTenants>;
}>;
vlanId?: pulumi.Input<string>;
/**
* Property key is the VPN name. Whether this network can be accessed from vpn
*/
vpnAccess?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.device.GatewayNetworkVpnAccess>;
}>;
}
interface GatewayNetworkInternalAccess {
enabled?: pulumi.Input<boolean>;
}
interface GatewayNetworkInternetAccess {
createSimpleServicePolicy?: pulumi.Input<boolean>;
/**
* Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
*/
destinationNat?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.device.GatewayNetworkInternetAccessDestinationNat>;
}>;
enabled?: pulumi.Input<boolean>;
/**
* By default, all access is allowed, to only allow certain traffic, make `restricted`=`true` and define service_policies
*/
restricted?: pulumi.Input<boolean>;
/**
* Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
*/
staticNat?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.device.GatewayNetworkInternetAccessStaticNat>;
}>;
}
interface GatewayNetworkInternetAccessDestinationNat {
/**
* The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
*/
internalIp?: pulumi.Input<string>;
name?: pulumi.Input<string>;
/**
* The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
*/
port?: pulumi.Input<string>;
/**
* SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
*/
wanName?: pulumi.Input<string>;
}
interface GatewayNetworkInternetAccessStaticNat {
/**
* The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
*/
internalIp: pulumi.Input<string>;
name: pulumi.Input<string>;
/**
* SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
*/
wanName?: pulumi.Input<string>;
}
interface GatewayNetworkMulticast {
/**
* If the network will only be the source of the multicast traffic, IGMP can be disabled
*/
disableIgmp?: pulumi.Input<boolean>;
enabled?: pulumi.Input<boolean>;
/**
* Group address to RP (rendezvous point) mapping. Property Key is the CIDR (example "225.1.0.3/32")
*/
groups?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.device.GatewayNetworkMulticastGroups>;
}>;
}
interface GatewayNetworkMulticastGroups {
/**
* RP (rendezvous point) IP Address
*/
rpIp?: pulumi.Input<string>;
}
interface GatewayNetworkTenants {
addresses?: pulumi.Input<pulumi.Input<string>[]>;
}
interface GatewayNetworkVpnAccess {
/**
* If `routed`==`true`, whether to advertise an aggregated subnet toward HUB this is useful when there are multiple networks on SPOKE's side
*/
advertisedSubnet?: pulumi.Input<string>;
/**
* Whether to allow ping from vpn into this routed network
*/
allowPing?: pulumi.Input<boolean>;
/**
* Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
*/
destinationNat?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.device.GatewayNetworkVpnAccessDestinationNat>;
}>;
/**
* If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub, a subnet is required to create and advertise the route to Hub
*/
natPool?: pulumi.Input<string>;
/**
* toward LAN-side BGP peers
*/
noReadvertiseToLanBgp?: pulumi.Input<boolean>;
/**
* toward LAN-side OSPF peers
*/
noReadvertiseToLanOspf?: pulumi.Input<boolean>;
/**
* toward overlay, how HUB should deal with routes it received from Spokes
*/
noReadvertiseToOverlay?: pulumi.Input<boolean>;
/**
* By default, the routes are only readvertised toward the same vrf on spoke. To allow it to be leaked to other vrfs
*/
otherVrfs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether this network is routable
*/
routed?: pulumi.Input<boolean>;
/**
* If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub
*/
sourceNat?: pulumi.Input<inputs.device.GatewayNetworkVpnAccessSourceNat>;
/**
* Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
*/
staticNat?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.device.GatewayNetworkVpnAccessStaticNat>;
}>;
/**
* toward overlay, how HUB should deal with routes it received from Spokes
*/
summarizedSubnet?: pulumi.Input<string>;
/**
* toward LAN-side BGP peers
*/
summarizedSubnetToLanBgp?: pulumi.Input<string>;
/**
* toward LAN-side OSPF peers
*/
summarizedSubnetToLanOspf?: pulumi.Input<string>;
}
interface GatewayNetworkVpnAccessDestinationNat {
/**
* The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
*/
internalIp?: pulumi.Input<string>;
name?: pulumi.Input<string>;
port?: pulumi.Input<string>;
}
interface GatewayNetworkVpnAccessSourceNat {
externalIp?: pulumi.Input<string>;
}
interface GatewayNetworkVpnAccessStaticNat {
/**
* The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
*/
internalIp: pulumi.Input<string>;
name: pulumi.Input<string>;
}
interface GatewayOobIpConfig {
/**
* If `type`==`static`
*/
gateway?: pulumi.Input<string>;
/**
* If `type`==`static`
*/
ip?: pulumi.Input<string>;
/**
* If `type`==`static`
*/
netmask?: pulumi.Input<string>;
/**
* For HA Cluster, node1 can have different IP Config
*/
node1?: pulumi.Input<inputs.device.GatewayOobIpConfigNode1>;
/**
* enum: `dhcp`, `static`
*/
type?: pulumi.Input<string>;
/**
* If supported on the platform. If enabled, DNS will be using this routing-instance, too
*/
useMgmtVrf?: pulumi.Input<boolean>;
/**
* For host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired
*/
useMgmtVrfForHostOut?: pulumi.Input<boolean>;
vlanId?: pulumi.Input<string>;
}
interface GatewayOobIpConfigNode1 {
/**
* If `type`==`static`
*/
gateway?: pulumi.Input<string>;
ip?: pulumi.Input<string>;
/**
* Used only if `subnet` is not specified in `networks`
*/
netmask?: pulumi.Input<string>;
/**
* enum: `dhcp`, `static`
*/
type?: pulumi.Input<string>;
/**
* If supported on the platform. If enabled, DNS will be using this routing-instance, too
*/
useMgmtVrf?: pulumi.Input<boolean>;
/**
* Whether to use `mgmtJunos` for host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired
*/
useMgmtVrfForHostOut?: pulumi.Input<boolean>;
vlanId?: pulumi.Input<string>;
}
interface GatewayPathPreferences {
paths?: pulumi.Input<pulumi.Input<inputs.device.GatewayPathPreferencesPath>[]>;
/**
* enum: `ecmp`, `ordered`, `weighted`
*/
strategy?: pulumi.Input<string>;
}
interface GatewayPathPreferencesPath {
cost?: pulumi.Input<number>;
/**
* For SSR Only. `true`, if this specific path is undesired
*/
disabled?: pulumi.Input<boolean>;
/**
* Only if `type`==`local`, if a different gateway is desired
*/
gatewayIp?: pulumi.Input<string>;
/**
* Only if `type`==`vpn`, if this vpn path can be used for internet
*/
internetAccess?: pulumi.Input<boolean>;
/**
* Required when
* * `type`==`vpn`: the name of the VPN Path to use
* * `type`==`wan`: the name of the WAN interface to use
*/
name?: pulumi.Input<string>;
/**
* Required when `type`==`local`
*/
networks?: pulumi.Input<pulumi.Input<string>[]>;
/**
* If `type`==`local`, if destination IP is to be replaced
*/
targetIps?: pulum