Train-Juniper Plugin Roadmap

Current Status: v0.7.4

Production Ready

Train-juniper is production-ready with 100% code coverage, comprehensive security testing, and enterprise-grade architecture.

• Code Quality

  ---

  • 100% test coverage achieved
  • Zero RuboCop violations
  • Comprehensive security testing
  • Modern Ruby patterns

• Security First

  ---

  • Command injection protection
  • Credential sanitization
  • Security test suite
  • Regular dependency audits

• Enterprise Ready

  ---

  • Bastion proxy support
  • Environment configuration
  • Comprehensive logging
  • Mock mode for CI/CD

Recently Completed

v0.7.x Series - Architecture Excellence

• ✅ Modular architecture - Complete refactoring into focused modules
• ✅ 100% test coverage - Achieved perfect coverage with SimpleCov
• ✅ DRY improvements - Factory methods and logging helpers
• ✅ Security hardening - Command sanitization and credential protection
• ✅ Material for MkDocs - Beautiful documentation with coverage reports
• ✅ Windows bastion support - plink.exe integration for password authentication
• ✅ Cross-platform compatibility - Full support for Linux, macOS, and Windows
• ✅ Enhanced error handling - Command context in error messages

v0.6.x Series - Production Readiness

• ✅ Windows compatibility - Fixed FFI dependency for Windows users
• ✅ Mock mode improvements - Accurate platform detection in mock mode
• ✅ Trusted publishing - OIDC authentication for gem releases
• ✅ Automated release process - git-cliff changelog generation
• ✅ Ruby 3.3 support - Updated workflows for latest Ruby

Prioritization Strategy

Focus Areas

Based on user feedback and STIG compliance requirements, we're focusing on:

1. Complete the InSpec Resource Pack - Already 52% done, critical for STIG compliance
2. Enhanced Mock Mode - Essential for testing resources without devices
3. Configuration Mode - Required for several STIG controls
4. Better Debugging - Helps users troubleshoot connection issues

Features in "Wait for Demand" are valuable but should be driven by specific user needs.

Estimated Timeline

• Q3 2025: Complete InSpec Resource Pack v1.0
• Q3 2025: Enhanced mock mode with device profiles
• Q4 2025: Configuration mode support
• Q4 2025: Advanced debugging features

Future Enhancements

High Priority - Should Target

These features provide immediate value and have clear use cases

InSpec Resource Pack (In Progress)

Already 52% Complete

The InSpec resource pack is actively being developed to support STIG compliance:

Core Resources (Ready for testing): - ✅ juniper_system_alarms - System alarm monitoring - ✅ juniper_system_boot_messages - Boot message analysis - ✅ juniper_system_core_dumps - Core dump detection - ✅ juniper_system_ntp - NTP configuration validation - ✅ juniper_system_services - Service state verification - ✅ juniper_system_storage - Storage utilization checks - ✅ juniper_system_uptime - System uptime tracking - ✅ juniper_system_users - User account auditing

Priority Resources (Next targets): - juniper_security_policies - Firewall policy validation - juniper_interfaces - Interface configuration checks - juniper_routing_options - Routing security validation - juniper_snmp - SNMP configuration auditing

Enhanced Mock Mode

• Custom mock data loading from YAML/JSON files
• Device-specific mocks (MX240, EX4300, QFX5100, vSRX)
• Scenario-based mocking for different compliance states
• Mock data validation against real device schemas

Configuration Mode Support

Required for STIG compliance

Several STIG controls require configuration verification:

# Example use case
describe juniper_configuration do
  its('system login message') { should match /DoD Notice and Consent Banner/ }
  its('protocols ospf') { should_not be_configured }
end

Enhanced Debugging & Diagnostics

• Connection diagnostics command for troubleshooting
• Command history tracking for debugging
• Performance metrics for slow commands
• Verbose error messages with suggested fixes

Lower Priority - Wait for Demand

These features are valuable but should wait for user requests

Advanced Connectivity

NETCONF Transport

Add NETCONF protocol support as an alternative to SSH

inspec detect -t juniper-netconf://device:830

• Structured XML responses
• Better for automation
• Uses net-netconf gem
• Industry-standard protocol

Connection Resilience

• Automatic reconnection on drops
• Connection pooling for profiles
• Persistent session management
• Health check mechanisms

JunOS Capabilities

Configuration ModeAdvanced Commands

• Enter configuration mode
• Make configuration changes
• Commit/rollback support
• Candidate configuration

• Operational mode extensions
• Custom RPC calls
• Error handling improvements
• Multi-line output parsing

Performance & Profiling

• Performance profiling tools
• Command timing metrics
• Connection pooling for multiple devices
• Batch command execution

Protocol & Feature Extensions

Feature	Description	Rationale
BGP Support	Validate BGP configurations	Wait for specific use case
OSPF Support	Check OSPF neighbor states	Wait for specific use case
VLAN Validation	Verify VLAN configurations	Wait for specific use case
Hardware Info	Chassis and component details	Wait for specific use case
Config Diff	Compare running vs candidate	Part of config mode support
Custom RPC calls	Direct JunOS RPC execution	Complex implementation
Advanced file operations	Upload/download configs	Security implications

How to Contribute

Want to help?

We welcome contributions in all areas! Here's how to get started:

• Code Contributions

  ---

  • Pick an item from the roadmap
  • Check our Contributing Guide
  • Follow our coding standards
  • Submit a pull request

• Documentation

  ---

  • Improve existing docs
  • Add usage examples
  • Create tutorials
  • Fix typos and clarity

• Testing & QA

  ---

  • Test on different JunOS versions
  • Report bugs and edge cases
  • Contribute mock data
  • Performance testing

• Ideas & Feedback

  ---

  • Open an issue
  • Join discussions
  • Share use cases
  • Vote on features

Contact

• GitHub

  ---

  github.com/mitre/train-juniper

• Email

  ---

  saf@mitre.org

• Community

  ---

  Join our community discussions

---

Living Document

This roadmap evolves based on community feedback, security requirements, and emerging JunOS features. Last updated: {{ git_revision_date }}