[j-nsp] "load replace" junoscript login class permissions
Chuck Anderson
cra at WPI.EDU
Fri Feb 26 08:44:18 EST 2016
Can you please provide an example of what you are saying should work
(in text format even)?
This is what I was trying in XML (from perl) and it doesn't work with
the permissions restricted to "policy-options prefix-list AUTO-.*",
but it does work with the permissions widened to "policy-options .*":
$jnx->load_configuration(
format => "xml",
action => "replace",
configuration => $replace);
Where the contents of the $replace variable is:
<configuration>
<policy-options>
<prefix-list replace="replace">
<name>AUTO-FOO</name>
<prefix-list-item>
<name>1.1.1.1/32</name>
</prefix-list-item>
</prefix-list>
</policy-options>
</configuration>
I believe I also tried applying the "replace" attribute on the <name>
tag like this: <name replace="replace">AUTO-FOO</name>, but that isn't
accepted as valid syntax.
I ended up using a configuration group at Phil's suggestion. That way
I can restrict the permissions to "groups AUTO-PREFIX-LIST
policy-options .*" to allow the replace operation to work but prevent
the script from mucking with objects it isn't supposed to touch.
Thanks.
On Thu, Feb 25, 2016 at 12:05:36PM -0500, Chris Spears wrote:
> Can you add a replace attribute in the container for the prefix-lists
> matching /AUTO-*/, and see if the permissions work? The equivalent
> replace: tag in the text format works with a restricted login class when
> using netconf.
>
> http://www.juniper.net/documentation/en_US/junos14.2/topics/reference/tag-summary/junos-xml-protocol-replace-attribute.html
>
>
>
>
> On Mon, Feb 22, 2016 at 9:46 PM, Chuck Anderson <cra at wpi.edu> wrote:
>
> > On Mon, Feb 22, 2016 at 09:08:04PM -0500, Jared Mauch wrote:
> > > > 1. "load replace" config with the new prefix list contents
> > > > 2. commit
> > >
> > >
> > > Try ‘load update’ first.
> > >
> > > That should be much faster than load replace.
> >
> > Yes, I see it is fast, but I can't figure out the right XML to do the
> > equivalent of "load update relative" in the CLI. If I leave off the
> > "relative", then the entire configuration is replaced (deleted), not
> > just the prefix-list.
> >
> > "show | compare | display xml" exists in 15.1, but not in 14.2 :-(
More information about the juniper-nsp
mailing list