illumioapi

package module
v1.86.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 22, 2023 License: MIT Imports: 17 Imported by: 46

README

Illumio API Package

GoDoc

Description

Go package to interact with the Illumio PCE API.

Deprecated Method Announcement - June 2, 2022

Several methods have been deprecated as part of a naming convention standardization and leveraging the new PCE crud methods in crud.go. Old methods are maintained in depreceated.go to keep backwards compatibility. The deprecated functions will be removed in August 2022.

Example Code

All interaction with the PCE are done via methods on the PCE type. For example, the code below prints all hostnames:

// Create PCE
pce := illumioapi.PCE{
   FQDN: "bep-lab.poc.segmentationpov.com",
   Port: 443,
   DisableTLSChecking: true}

// Login and ignore error checking for example
pce.Login("brian@email.com", "Password123")

// Get all workloads and ignore error checking for example
wklds, _, _ := pce.GetWklds(nil)

// Iterate through workloads and print hostname
for _, w := range wklds {
    fmt.Println(w.
}

// Get just managed workloads using query parameter
managedWklds, _, _ := pce.GetWklds(map[string]string{"managed":"true"})

Documentation

Index

Constants

This section is empty.

Variables

View Source
var Threshold int

Threshold is the value set to iterate

Functions

func LabelsToRuleStructure added in v1.3.0

func LabelsToRuleStructure(labels []Label) ([][]Label, error)

LabelsToRuleStructure takes a slice of labels and returns a slice of slices for how the labels would be organized as read by the PCE rule processing. For example {"A-ERP", "A-CRM", "E-PROD"} will return [{"A-ERP, E-PROD"}. {"A-CRM", "E-PROD"}]

func ParseObjectType

func ParseObjectType(href string) string

ParseObjectType takes an href and returns one of the following options: iplist, label, label_group, virtual_service, workload, or unknown.

func ProtocolList

func ProtocolList() map[int]string

ProtocolList returns a map for the IANA protocol numbers.

Types

type APIKey

type APIKey struct {
	Href         string `json:"href,omitempty"`
	KeyID        string `json:"key_id,omitempty"`
	AuthUsername string `json:"auth_username,omitempty"`
	CreatedAt    string `json:"created_at,omitempty"`
	Name         string `json:"name,omitempty"`
	Description  string `json:"description,omitempty"`
	Secret       string `json:"secret,omitempty"`
}

APIKey represents an API Key

type APIResponse

type APIResponse struct {
	RespBody   string
	StatusCode int
	Header     http.Header
	Request    *http.Request
	ReqBody    string
	Warnings   []string
}

APIResponse contains the information from the response of the API

type Actors

type Actors struct {
	Actors     string      `json:"actors,omitempty"`
	Label      *Label      `json:"label,omitempty"`
	LabelGroup *LabelGroup `json:"label_group,omitempty"`
	Workload   *Workload   `json:"workload,omitempty"`
}

Actors - more info to follow

type Agent

type Agent struct {
	ActivePceFqdn string         `json:"active_pce_fqdn,omitempty"`
	Config        *Config        `json:"config,omitempty"`
	Href          string         `json:"href,omitempty"`
	SecureConnect *SecureConnect `json:"secure_connect,omitempty"`
	Status        *Status        `json:"status,omitempty"`
	TargetPceFqdn string         `json:"target_pce_fqdn,omitempty"`
	Hostname      string         `json:"hostname,omitempty"` // Added this for events
}

An Agent is an Agent on a Workload

func (*Agent) GetID

func (a *Agent) GetID() string

GetID returns the ID from the Href of an Agent

type AgentHealth

type AgentHealth struct {
	AuditEvent string `json:"audit_event,omitempty"`
	Severity   string `json:"severity,omitempty"`
	Type       string `json:"type,omitempty"`
}

AgentHealth represents the Agent Health of the Status of a Workload

type AgentHealthErrors

type AgentHealthErrors struct {
	Errors   []string `json:"errors,omitempty"`
	Warnings []string `json:"warnings,omitempty"`
}

AgentHealthErrors represents the Agent Health Errors of the Status of a Workload This is depreciated - use AgentHealth

type AsyncTrafficQuery added in v1.78.0

type AsyncTrafficQuery struct {
	CreatedAt       string                  `json:"created_at,omitempty"` // Timestamp in UTC when this query was created
	CreatedBy       *CreatedBy              `json:"created_by,omitempty"`
	FlowsCount      int                     `json:"flows_count,omitempty"`   // result count after query limits and RBAC filtering are applied
	Href            string                  `json:"href,omitempty"`          // Query URI
	MatchesCount    int                     `json:"matches_count,omitempty"` // query result count
	QueryParameters *TrafficAnalysisRequest `json:"query_parameters"`        // Explorer query parameters
	Regions         []*RegionsItems         `json:"regions,omitempty"`       // Region-specific response metadata
	Result          string                  `json:"result,omitempty"`        // Result download URI, availble only if status is completed
	Status          string                  `json:"status"`                  // Current query status
	UpdatedAt       string                  `json:"updated_at,omitempty"`    // Timestamp in UTC when this async query was last updated.
}

Root Asynchronous explorer query status

type Authentication

type Authentication struct {
	AuthToken string `json:"auth_token"`
}

Authentication represents the response of the Authenticate API

type BulkResponse added in v1.12.0

type BulkResponse struct {
	Href    string  `json:"href"`
	Status  string  `json:"status"`
	Token   string  `json:"token"`
	Message string  `json:"message"`
	Errors  []Error `json:"errors"`
}

BulkResponse is the data structure for the bulk response API

type ChangeSubset

type ChangeSubset struct {
	FirewallSettings      []*FirewallSettings      `json:"firewall_settings,omitempty"`
	IPLists               []*IPList                `json:"ip_lists,omitempty"`
	LabelGroups           []*LabelGroup            `json:"label_groups,omitempty"`
	RuleSets              []*RuleSet               `json:"rule_sets,omitempty"`
	SecureConnectGateways []*SecureConnectGateways `json:"secure_connect_gateways,omitempty"`
	Services              []*Service               `json:"services,omitempty"`
	VirtualServers        []*VirtualServer         `json:"virtual_servers,omitempty"`
	VirtualServices       []*VirtualService        `json:"virtual_services,omitempty"`
	EnforcementBoundaries []*EnforcementBoundary   `json:"enforcement_boundaries,omitempty"`
}

ChangeSubset Hash of pending hrefs, organized by model

type CompatibilityReport

type CompatibilityReport struct {
	LastUpdatedAt time.Time `json:"last_updated_at"`
	Results       Results   `json:"results"`
	QualifyStatus string    `json:"qualify_status"`
}

CompatibilityReport is a compatibility report for a VEN in Idle status

type Conditions added in v1.59.0

type Conditions struct {
	FirstReportedTimestamp time.Time   `json:"first_reported_timestamp"`
	LatestEvent            LatestEvent `json:"latest_event"`
}

Conditions are the list of conditions for VEN Health

type Config

type Config struct {
	LogTraffic               bool   `json:"log_traffic"`
	Mode                     string `json:"mode,omitempty"`
	SecurityPolicyUpdateMode string `json:"security_policy_update_mode,omitempty"`
	VisibilityLevel          string `json:"visibility_level,omitempty"`
}

Config represents the Configuration of an Agent on a Workload

type Consumers

type Consumers struct {
	Actors         string          `json:"actors,omitempty"`
	IPList         *IPList         `json:"ip_list,omitempty"`
	Label          *Label          `json:"label,omitempty"`
	LabelGroup     *LabelGroup     `json:"label_group,omitempty"`
	VirtualService *VirtualService `json:"virtual_service,omitempty"`
	Workload       *Workload       `json:"workload,omitempty"`
}

Consumers - more info to follow

type ConsumingSecurityPrincipals

type ConsumingSecurityPrincipals struct {
	Deleted       bool   `json:"deleted,omitempty"`
	Href          string `json:"href,omitempty"`
	Name          string `json:"name,omitempty"`
	SID           string `json:"sid,omitempty"`
	UsedByRuleSet bool   `json:"used_by_ruleset,omitempty"`
}

ConsumingSecurityPrincipals are AD user groups

type ContainerCluster added in v1.31.0

type ContainerCluster struct {
	Href             string `json:"href,omitempty"`
	Name             string `json:"name,omitempty"`
	Description      string `json:"description,omitempty"`
	ContainerRuntime string `json:"container_runtime,omitempty"`
	ManagerType      string `json:"manager_type,omitempty"`
	Online           *bool  `json:"online,omitempty"`
	KubelinkVersion  string `json:"kubelink_version,omitempty"`
	PceFqdn          string `json:"pce_fqdn,omitempty"`
}

ContainerCluster represents a container cluster in the Illumio PCE

func (*ContainerCluster) ID added in v1.62.0

func (c *ContainerCluster) ID() string

type ContainerWorkloadProfile added in v1.48.0

type ContainerWorkloadProfile struct {
	Href            string                           `json:"href,omitempty"`
	Name            *string                          `json:"name"` // API expects null for name to remove it. Always sent.
	Namespace       string                           `json:"namespace,omitempty"`
	Description     *string                          `json:"description,omitempty"`
	EnforcementMode string                           `json:"enforcement_mode,omitempty"`
	VisibilityLevel string                           `json:"visibility_level,omitempty"`
	Managed         *bool                            `json:"managed,omitempty"`
	Linked          *bool                            `json:"linked,omitempty"`
	Labels          *[]ContainerWorkloadProfileLabel `json:"labels,omitempty"`
	CreatedAt       string                           `json:"created_at,omitempty"`
	CreatedBy       *CreatedBy                       `json:"created_by,omitempty"`
	UpdatedAt       string                           `json:"updated_at,omitempty"`
	UpdatedBy       *UpdatedBy                       `json:"updated_by,omitempty"`
	ClusterName     string                           `json:"-"`
}

ContainerWorkloadProfile represents a container workload profile in the Illumio PCE

func (*ContainerWorkloadProfile) GetLabelByKey added in v1.62.0

func (c *ContainerWorkloadProfile) GetLabelByKey(key string) string

GetLabelByKey returns the value for a provided label key

func (*ContainerWorkloadProfile) RemoveLabel added in v1.62.0

func (c *ContainerWorkloadProfile) RemoveLabel(key string) error

SetLabelByKey sets the specified label

func (*ContainerWorkloadProfile) SanitizeContainerWorkloadProfilePut added in v1.62.0

func (c *ContainerWorkloadProfile) SanitizeContainerWorkloadProfilePut()

SanitizeContainerWorkloadProfilePut removes fields not acceptable to the put method.

func (*ContainerWorkloadProfile) SetLabel added in v1.62.0

func (c *ContainerWorkloadProfile) SetLabel(label Label, pce *PCE) error

SetLabelByKey sets the specified label

type ContainerWorkloadProfileAssignLabel added in v1.48.0

type ContainerWorkloadProfileAssignLabel struct {
	Href string `json:"href,omitempty"`
}

type ContainerWorkloadProfileLabel added in v1.48.0

type ContainerWorkloadProfileLabel struct {
	Key         string                                     `json:"key,omitempty"`
	Assignment  ContainerWorkloadProfileLabelAssignment    `json:"assignment,omitempty"`
	Restriction []ContainerWorkloadProfileLabelRestriction `json:"restriction,omitempty"`
}

type ContainerWorkloadProfileLabelAssignment added in v1.48.0

type ContainerWorkloadProfileLabelAssignment struct {
	Href  string `json:"href,omitempty"`
	Value string `json:"value,omitempty"`
}

type ContainerWorkloadProfileLabelRestriction added in v1.62.0

type ContainerWorkloadProfileLabelRestriction struct {
	Href  string `json:"href"`
	Value string `json:"value"`
}

type CreatedBy

type CreatedBy struct {
	Href string `json:"href"`
}

CreatedBy represents the CreatedBy property of an object

type DeletedBy

type DeletedBy struct {
	Href string `json:"href,omitempty"`
}

DeletedBy represents the Deleted By property of an object

type Destinations

type Destinations struct {
	Include [][]Include `json:"include"`
	Exclude []Exclude   `json:"exclude"`
}

Destinations represents the destination query portion of the explorer API

type DiscoveredVirtualServer

type DiscoveredVirtualServer struct {
	Href string `json:"href"`
}

DiscoveredVirtualServer is part of a Virtual Server

type Dst

type Dst struct {
	IP       string     `json:"ip"`
	Workload *Workload  `json:"workload,omitempty"`
	FQDN     string     `json:"fqdn,omitempty"`
	IPLists  *[]*IPList `json:"ip_lists"`
}

Dst is the provider workload details

type EnforcementBoundary added in v1.25.0

type EnforcementBoundary struct {
	Href            string             `json:"href,omitempty"`
	Name            *string            `json:"name,omitempty"`
	Providers       *[]Providers       `json:"providers,omitempty"`
	Consumers       *[]Consumers       `json:"consumers,omitempty"`
	IngressServices *[]IngressServices `json:"ingress_services,omitempty"`
	Enabled         *bool              `json:"enabled,omitempty"`
	NetworkType     *string            `json:"network_type,omitempty"` //  ["brn", "non_brn", "all"]
	CreatedAt       *string            `json:"created_at,omitempty"`
	CreatedBy       *CreatedBy         `json:"created_by,omitempty"`
	DeletedAt       *string            `json:"deleted_at,omitempty"`
	DeletedBy       *DeletedBy         `json:"deleted_by,omitempty"`
	UpdateType      *string            `json:"update_type,omitempty"`
	UpdatedAt       *string            `json:"updated_at,omitempty"`
	UpdatedBy       *UpdatedBy         `json:"updated_by,omitempty"`
}

type Error added in v1.12.0

type Error struct {
	Token   string `json:"token"`
	Message string `json:"message"`
}

type Event added in v1.39.0

type Event struct {
	Href           string          `json:"href"`
	Timestamp      time.Time       `json:"timestamp"`
	PceFqdn        string          `json:"pce_fqdn"`
	EventCreatedBy EventCreatedBy  `json:"created_by"`
	EventType      string          `json:"event_type"`
	Status         string          `json:"status"`
	Severity       string          `json:"severity"`
	Notifications  []Notifications `json:"notifications"`
}

Event represents an auditable event in the Illumio PCE

func (*Event) PopulateCreatedBy added in v1.39.0

func (e *Event) PopulateCreatedBy()

type EventCreatedBy added in v1.39.0

type EventCreatedBy struct {
	Agent            Agent            `json:"agent"`
	User             UserLogin        `json:"user"`
	ContainerCluster ContainerCluster `json:"container_cluster"`
	System           System           `json:"system,omitempty"`
	Name             string
	Href             string
}

EventCreatedBy is who created the event

type Exclude

type Exclude struct {
	Label          *Label     `json:"label,omitempty"`
	Workload       *Workload  `json:"workload,omitempty"`
	IPList         *IPList    `json:"ip_list,omitempty"`
	IPAddress      *IPAddress `json:"ip_address,omitempty"`
	Port           int        `json:"port,omitempty"`
	ToPort         int        `json:"to_port,omitempty"`
	Proto          int        `json:"proto,omitempty"`
	Process        string     `json:"process_name,omitempty"`
	WindowsService string     `json:"windows_service_name,omitempty"`
	Transmission   string     `json:"transmission,omitempty"`
}

Exclude represents the type of objects used in an include query. The exclude struct should only have the following combinations: label only, workload only, IP address only, Port and/or protocol only. Example - Label and Workload cannot both be non-nil Example - Port and Proto can both be non-nil (e.g., port 3306 and proto 6)

type ExpSrv

type ExpSrv struct {
	Port           int    `json:"port,omitempty"`
	Proto          int    `json:"proto,omitempty"`
	Process        string `json:"process_name,omitempty"`
	User           string `json:"user_name,omitempty"`
	WindowsService string `json:"windows_service_name,omitempty"`
}

ExpSrv is a service in the explorer response

type ExplorerServices

type ExplorerServices struct {
	Include []Include `json:"include"`
	Exclude []Exclude `json:"exclude"`
}

ExplorerServices represent services to be included or excluded in the explorer query

type FQDN

type FQDN struct {
	FQDN string `json:"fqdn"`
}

FQDN represents an FQDN in an IPList

type FirewallSettings

type FirewallSettings struct {
	Href string `json:"href"`
}

FirewallSettings are a provisionable object

type FlowFilter added in v1.78.0

type FlowFilter struct {
	Href         string `json:"href,omitempty"`
	Action       string `json:"action,omitempty"`       // drop or aggregate
	Transmission string `json:"transmission,omitempty"` // broadcast, multicast, unicast
	Target       Target `json:"target,omitempty"`
}

type FlowUploadResp

type FlowUploadResp struct {
	NumFlowsReceived int       `json:"num_flows_received"`
	NumFlowsFailed   int       `json:"num_flows_failed"`
	FailedFlows      []*string `json:"failed_flows,omitempty"`
}

FlowUploadResp is the response from the traffic upload API

type IPAddress

type IPAddress struct {
	Value string `json:"value,omitempty"`
}

IPAddress represents an IP Address

type IPList

type IPList struct {
	CreatedAt             string      `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy  `json:"created_by,omitempty"`
	DeletedAt             string      `json:"deleted_at,omitempty"`
	DeletedBy             *DeletedBy  `json:"deleted_by,omitempty"`
	Description           string      `json:"description,omitempty"`
	ExternalDataReference string      `json:"external_data_reference,omitempty"`
	ExternalDataSet       string      `json:"external_data_set,omitempty"`
	FQDNs                 *[]*FQDN    `json:"fqdns,omitempty"`
	Href                  string      `json:"href,omitempty"`
	IPRanges              *[]*IPRange `json:"ip_ranges,omitempty"`
	Name                  string      `json:"name,omitempty"`
	UpdatedAt             string      `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy  `json:"updated_by,omitempty"`
	Size                  int         `json:"size,omitempty"`
}

IPList represents an IP List in the Illumio PCE.

type IPRange

type IPRange struct {
	Description string `json:"description,omitempty"`
	Exclusion   bool   `json:"exclusion,omitempty"`
	FromIP      string `json:"from_ip,omitempty"`
	ToIP        string `json:"to_ip,omitempty"`
}

IPRange repsents one of the IP ranges of an IP List.

type IPTablesRules

type IPTablesRules struct {
	Actors      []*Actors     `json:"actors"`
	Description string        `json:"description,omitempty"`
	Enabled     bool          `json:"enabled"`
	Href        string        `json:"href"`
	IPVersion   string        `json:"ip_version"`
	Statements  []*Statements `json:"statements"`
}

IPTablesRules - more info to follow

type IllumioSecurityTemplate

type IllumioSecurityTemplate struct {
	Name                  string     `json:"name"`
	Version               int        `json:"version"`
	OsFamily              string     `json:"os_family"`
	Icon                  string     `json:"icon"`
	CompatiblePceVersions []int      `json:"compatible_pce_versions"`
	Labels                []*Label   `json:"labels,omitempty"`
	IPLists               []*IPList  `json:"ip_lists,omitempty"`
	Services              []*Service `json:"services,omitempty"`
}

IllumioSecurityTemplate contains Labels, IP Lists, Services

type IllumioSecurityTemplateFile

type IllumioSecurityTemplateFile struct {
	IllumioSecurityTemplates []*IllumioSecurityTemplate `json:"illumio_security_templates"`
}

IllumioSecurityTemplateFile is a file with a slice of templates

func ParseTemplateFile

func ParseTemplateFile(filename string) (IllumioSecurityTemplateFile, error)

ParseTemplateFile imports a JSON template file into the PCE

type Include

type Include struct {
	Actors         string     `json:"actors,omitempty"`
	Label          *Label     `json:"label,omitempty"`
	Workload       *Workload  `json:"workload,omitempty"`
	IPList         *IPList    `json:"ip_list,omitempty"`
	IPAddress      *IPAddress `json:"ip_address,omitempty"`
	Port           int        `json:"port,omitempty"`
	ToPort         int        `json:"to_port,omitempty"`
	Proto          int        `json:"proto,omitempty"`
	Process        string     `json:"process_name,omitempty"`
	WindowsService string     `json:"windows_service_name,omitempty"`
}

Include represents the type of objects used in an include query. The include struct should be label only, workload only, IP address only, Port and/or protocol only. Example - Label and Workload cannot both be non-nil Example - Port and Proto can both be non-nil (e.g., port 3306 and proto 6)

type IncreaseTrafficUpdateReq added in v1.51.0

type IncreaseTrafficUpdateReq struct {
	Workloads []Workload `json:"workloads"`
}

type Info added in v1.39.0

type Info struct {
	APIEndpoint string `json:"api_endpoint"`
	APIMethod   string `json:"api_method"`
	SrcIP       string `json:"src_ip"`
}

Info are notification info

type IngressServices

type IngressServices struct {
	Port     *int    `json:"port,omitempty"`
	Protocol *int    `json:"proto,omitempty"`
	ToPort   *int    `json:"to_port,omitempty"`
	Href     *string `json:"href,omitempty"`
}

IngressServices - more info to follow

type Interface

type Interface struct {
	Address               string `json:"address,omitempty"`
	CidrBlock             *int   `json:"cidr_block,omitempty"`
	DefaultGatewayAddress string `json:"default_gateway_address,omitempty"`
	FriendlyName          string `json:"friendly_name,omitempty"`
	LinkState             string `json:"link_state,omitempty"`
	Name                  string `json:"name,omitempty"`
}

An Interface represent the Interfaces of a Workload

type Label

type Label struct {
	CreatedAt             string      `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy  `json:"created_by,omitempty"`
	Deleted               bool        `json:"deleted,omitempty"`
	ExternalDataReference string      `json:"external_data_reference,omitempty"`
	ExternalDataSet       string      `json:"external_data_set,omitempty"`
	Href                  string      `json:"href,omitempty"`
	Key                   string      `json:"key,omitempty"`
	UpdatedAt             string      `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy  `json:"updated_by,omitempty"`
	Value                 string      `json:"value,omitempty"`
	LabelUsage            *LabelUsage `json:"usage,omitempty"`
}

A Label represents an Illumio Label.

type LabelDimension added in v1.75.0

type LabelDimension struct {
	Href                  string              `json:"href"`
	Key                   string              `json:"key"`
	DisplayName           string              `json:"display_name"`
	CreatedAt             string              `json:"created_at"`
	UpdatedAt             string              `json:"updated_at"`
	Deleted               bool                `json:"deleted"`
	DeletedAt             string              `json:"deleted_at"`
	Usage                 LabelDimensionUsage `json:"usage"`
	Caps                  []string            `json:"caps"`
	ExternalDataSet       string              `json:"external_data_set,omitempty"`
	ExternalDataReference string              `json:"external_data_reference,omitempty"`
	CreatedBy             CreatedBy           `json:"created_by"`
	UpdatedBy             UpdatedBy           `json:"updated_by"`
	DeletedBy             DeletedBy           `json:"deleted_by"`
}

type LabelDimensionUsage added in v1.75.0

type LabelDimensionUsage struct {
	Labels      bool `json:"labels"`
	LabelGroups bool `json:"label_groups"`
}

type LabelGroup

type LabelGroup struct {
	Description           string       `json:"description,omitempty"`
	ExternalDataReference string       `json:"external_data_reference,omitempty"`
	ExternalDataSet       string       `json:"external_data_set,omitempty"`
	Href                  string       `json:"href,omitempty"`
	Key                   string       `json:"key,omitempty"`
	Labels                []*Label     `json:"labels,omitempty"`
	Name                  string       `json:"name,omitempty"`
	SubGroups             []*SubGroups `json:"sub_groups,omitempty"`
	Usage                 *Usage       `json:"usage,omitempty"`
}

LabelGroup represents a Label Group in the Illumio PCE

type LabelUsage added in v1.22.0

type LabelUsage struct {
	VirtualServer                     bool `json:"virtual_server"`
	LabelGroup                        bool `json:"label_group"`
	Ruleset                           bool `json:"ruleset"`
	StaticPolicyScopes                bool `json:"static_policy_scopes"`
	PairingProfile                    bool `json:"pairing_profile"`
	Permission                        bool `json:"permission"`
	Workload                          bool `json:"workload"`
	ContainerWorkload                 bool `json:"container_workload"`
	FirewallCoexistenceScope          bool `json:"firewall_coexistence_scope"`
	ContainersInheritHostPolicyScopes bool `json:"containers_inherit_host_policy_scopes"`
	ContainerWorkloadProfile          bool `json:"container_workload_profile"`
	BlockedConnectionRejectScope      bool `json:"blocked_connection_reject_scope"`
	EnforcementBoundary               bool `json:"enforcement_boundary"`
	LoopbackInterfacesInPolicyScopes  bool `json:"loopback_interfaces_in_policy_scopes"`
	VirtualService                    bool `json:"virtual_service"`
}

type LatestEvent added in v1.59.0

type LatestEvent struct {
	NotificationType string    `json:"notification_type"`
	Severity         string    `json:"severity"`
	Href             string    `json:"href"`
	Info             Info      `json:"info"`
	Timestamp        time.Time `json:"timestamp"`
}

LatestEvent is for a Condition

type LoadInput added in v1.6.0

type LoadInput struct {
	ProvisionStatus             string // Must be draft or active. Blank value is draft
	Labels                      bool
	LabelGroups                 bool
	IPLists                     bool
	Workloads                   bool
	WorkloadsQueryParameters    map[string]string
	VirtualServices             bool
	VirtualServers              bool
	Services                    bool
	ConsumingSecurityPrincipals bool
	RuleSets                    bool
	VENs                        bool
	ContainerClusters           bool
	ContainerWorkloads          bool
	EnforcementBoundaries       bool
}

LoadInput tells the p.Load method what objects to load

type Network

type Network struct {
	Href string `json:"href,omitempty"`
	Name string `json:"name,omitempty"`
}

Network represents a network in the PCE

type Notifications added in v1.39.0

type Notifications struct {
	UUID             string `json:"uuid"`
	NotificationType string `json:"notification_type"`
	Info             Info   `json:"info"`
}

Notifications are event notifications

type OpenServicePorts

type OpenServicePorts struct {
	Address        string `json:"address,omitempty"`
	Package        string `json:"package,omitempty"`
	Port           int    `json:"port,omitempty"`
	ProcessName    string `json:"process_name,omitempty"`
	Protocol       int    `json:"protocol,omitempty"`
	User           string `json:"user,omitempty"`
	WinServiceName string `json:"win_service_name,omitempty"`
}

OpenServicePorts represents open ports for a service running on a workload

type Org

type Org struct {
	Href        string `json:"href"`
	DisplayName string `json:"display_name"`
	ID          int    `json:"org_id"`
}

Org is an an organization in a SaaS PCE

type PCE

type PCE struct {
	FriendlyName                   string
	FQDN                           string
	Port                           int
	Org                            int
	User                           string
	Key                            string
	Proxy                          string
	DisableTLSChecking             bool
	Version                        Version
	LabelsSlice                    []Label               // All labels stored in a slice
	Labels                         map[string]Label      // Labels can be looked up by href or key+value (no character between key and value)
	LabelGroups                    map[string]LabelGroup // Label Groups can be looked up by href or name
	LabelGroupsSlice               []LabelGroup
	IPLists                        map[string]IPList                      // IP Lists can be looked up by href or name
	IPListsSlice                   []IPList                               // All IP Lists stored in a slice
	Workloads                      map[string]Workload                    // Workloads can be looked up by href, hostname, or names
	WorkloadsSlice                 []Workload                             // All Workloads stored in a slice
	VirtualServices                map[string]VirtualService              // VirtualServices can be looked up by href or name
	VirtualServers                 map[string]VirtualServer               // VirtualServers can be looked up by href or name
	Services                       map[string]Service                     // Services can be looked up by href or name
	ServicesSlice                  []Service                              // All services stored in a slice
	ConsumingSecurityPrincipals    map[string]ConsumingSecurityPrincipals // ConsumingSecurityPrincipals can be loooked up by href or name
	RuleSets                       map[string]RuleSet                     // RuleSets can be looked up by href or name
	VENs                           map[string]VEN                         // VENs can be looked up by href or name
	VENsSlice                      []VEN                                  // All VENs stored in a slice
	ContainerClusters              map[string]ContainerCluster
	ContainerClustersSlice         []ContainerCluster
	ContainerWorkloads             map[string]Workload
	ContainerWorkloadsSlice        []Workload
	ContainerWorkloadProfiles      map[string]ContainerWorkloadProfile
	ContainerWorkloadProfilesSlice []ContainerWorkloadProfile
	EnforcementBoundaries          map[string]EnforcementBoundary
	EnforcementBoundariesSlice     []EnforcementBoundary
}

PCE represents an Illumio PCE and the necessary info to authenticate. The policy objects are maps for lookups. ] Each map will have multiple look up keys so the length of the map will be larger than the total objects. For example, each label will be in the map for an HREF and a key value. Policy objects should be called by their corresponding PCE method if you need to iterate or count them (e.g., pce.GetAllLabels)

func (*PCE) BulkVS

func (p *PCE) BulkVS(virtualServices []VirtualService, method string) ([]APIResponse, error)

BulkVS takes a bulk action on an array of workloads. Method must be create, update, or delete

func (*PCE) BulkWorkload

func (p *PCE) BulkWorkload(workloads []Workload, method string, stdoutLogs bool) ([]APIResponse, error)

BulkWorkload takes a bulk action on an array of workloads. Method must be create, update, or delete

func (*PCE) CreateADUserGroup

func (p *PCE) CreateADUserGroup(group ConsumingSecurityPrincipals) (createdGroup ConsumingSecurityPrincipals, api APIResponse, err error)

CreateADUserGroup creates a user group policy object in the PCE

func (*PCE) CreateAsyncTrafficRequest added in v1.78.0

func (p *PCE) CreateAsyncTrafficRequest(t TrafficAnalysisRequest) (asyncQuery AsyncTrafficQuery, api APIResponse, err error)

CreateAsyncTrafficRequest makes a traffic request and returns the async query to look up later

func (*PCE) CreateEnforcementBoundary added in v1.25.0

func (p *PCE) CreateEnforcementBoundary(eb EnforcementBoundary) (createdEB EnforcementBoundary, api APIResponse, err error)

CreateEnforcementBoundary creates a new enforcement boundary in the Illumio PCE

func (*PCE) CreateFlowFilter added in v1.78.0

func (p *PCE) CreateFlowFilter(flowFilter FlowFilter) (createdFlowFilter FlowFilter, api APIResponse, err error)

CreateLabel creates a new Label in the PCE.

func (*PCE) CreateIPList

func (p *PCE) CreateIPList(ipList IPList) (createdIPL IPList, api APIResponse, err error)

CreateIPList creates a new IP List in the PCE.

func (*PCE) CreateLabel

func (p *PCE) CreateLabel(label Label) (createdLabel Label, api APIResponse, err error)

CreateLabel creates a new Label in the PCE.

func (*PCE) CreateLabelGroup

func (p *PCE) CreateLabelGroup(labelGroup LabelGroup) (createdLabelGroup LabelGroup, api APIResponse, err error)

CreateLabelGroup creates a new label group in the PCE.

func (*PCE) CreatePairingKey

func (p *PCE) CreatePairingKey(pairingProfile PairingProfile) (pairingKey PairingKey, api APIResponse, err error)

CreatePairingKey creates a pairing key from a pairing profile.

func (*PCE) CreatePairingProfile

func (p *PCE) CreatePairingProfile(pairingProfile PairingProfile) (createdPairingProfile PairingProfile, api APIResponse, err error)

CreatePairingProfile creates a new pairing profile in the PCE.

func (*PCE) CreateRule added in v1.51.0

func (p *PCE) CreateRule(rulesetHref string, rule Rule) (createdRule Rule, api APIResponse, err error)

CreateRule creates a new rule in the PCE.

func (*PCE) CreateRuleSet deprecated

func (p *PCE) CreateRuleSet(rs RuleSet) (createdRS RuleSet, api APIResponse, err error)

Deprecated: Use CreateRuleset instead.

func (*PCE) CreateRuleSetRule deprecated

func (p *PCE) CreateRuleSetRule(rulesetHref string, rule Rule) (Rule, APIResponse, error)

Deprecated: Use CreateRule instead.

func (*PCE) CreateRuleset added in v1.54.0

func (p *PCE) CreateRuleset(rs RuleSet) (createdRS RuleSet, api APIResponse, err error)

CreateRuleSet creates a new ruleset in the PCE.

func (*PCE) CreateService

func (p *PCE) CreateService(service Service) (createdService Service, api APIResponse, err error)

CreateService creates a new service in the PCE.

func (*PCE) CreateServiceBinding

func (p *PCE) CreateServiceBinding(serviceBindings []ServiceBinding) (createdServiceBindings []ServiceBinding, api APIResponse, err error)

CreateServiceBinding binds new workloads to a virtual service

func (*PCE) CreateTrafficRequest added in v1.51.0

func (p *PCE) CreateTrafficRequest(t TrafficAnalysisRequest) (returnedTraffic []TrafficAnalysis, api APIResponse, err error)

CreateTrafficRequest makes a traffic request and waits for the results

func (*PCE) CreateVirtualService

func (p *PCE) CreateVirtualService(virtualService VirtualService) (createdVirtualService VirtualService, api APIResponse, err error)

CreateVirtualService creates a new virtual service in the Illumio PCE.

func (*PCE) CreateWkld added in v1.51.0

func (p *PCE) CreateWkld(wkld Workload) (Workload, APIResponse, error)

CreateWkld creates a new unmanaged workload in the Illumio PCE

func (*PCE) CreateWorkload deprecated

func (p *PCE) CreateWorkload(wkld Workload) (Workload, APIResponse, error)

Deprecated: Use CreateWkld instead.

func (*PCE) DeleteEnforcementBoundary added in v1.82.0

func (p *PCE) DeleteEnforcementBoundary(eb EnforcementBoundary) (APIResponse, error)

DeleteEnforcementBoundary removes an enforcement boundary from the PCE. The provided enforcement boundary object must include an Href.

func (*PCE) DeleteHref

func (p *PCE) DeleteHref(href string) (APIResponse, error)

DeleteHref deletes an existing object in the PCE based on its href.

func (*PCE) ExpandLabelGroup

func (p *PCE) ExpandLabelGroup(href string) (labelHrefs []string)

ExpandLabelGroup returns a string of label hrefs in a label group Every subgroup (and nested subgroup) is expanded

func (*PCE) FindObject

func (p *PCE) FindObject(href string) (key, name string, err error)

FindObject takes an href and returns what it is and the name

func (*PCE) GetADUserGroups added in v1.51.0

func (p *PCE) GetADUserGroups(queryParameters map[string]string) (groups []ConsumingSecurityPrincipals, api APIResponse, err error)

GetADUserGroups returns a slice of AD user groups from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetAllADUserGroups deprecated

func (p *PCE) GetAllADUserGroups() ([]ConsumingSecurityPrincipals, APIResponse, error)

Deprecated: Use GetADUserGroups instead.

func (*PCE) GetAllAPIKeys

func (p *PCE) GetAllAPIKeys(userHref string) ([]APIKey, APIResponse, error)

GetAllAPIKeys gets all the APIKeys associated with a user

func (*PCE) GetAllActiveIPLists deprecated

func (p *PCE) GetAllActiveIPLists() ([]IPList, APIResponse, error)

Deprecated: Use GetIPLists instead.

func (*PCE) GetAllContainerClusters deprecated added in v1.31.0

func (p *PCE) GetAllContainerClusters(queryParameters map[string]string) (containerClusters []ContainerCluster, api APIResponse, err error)

Deprecated: Use GetContainerClusters instead.

func (*PCE) GetAllContainerWorkloadProfiles deprecated added in v1.48.0

func (p *PCE) GetAllContainerWorkloadProfiles(queryParameters map[string]string, containerClusterID string) ([]ContainerWorkloadProfile, APIResponse, error)

Deprecated: Use GetContainerWkldProfiles instead.

func (*PCE) GetAllContainerWorkloads deprecated added in v1.31.0

func (p *PCE) GetAllContainerWorkloads(queryParameters map[string]string) ([]Workload, APIResponse, error)

Deprecated: Use GetContainerWklds instead.

func (*PCE) GetAllDraftIPLists deprecated

func (p *PCE) GetAllDraftIPLists() ([]IPList, APIResponse, error)

Deprecated: Use GetIPLists instead.

func (*PCE) GetAllEvents deprecated added in v1.39.0

func (p *PCE) GetAllEvents(queryParameters map[string]string) ([]Event, APIResponse, error)

Deprecated: Use GetEvents instead.

func (*PCE) GetAllIPLists deprecated

func (p *PCE) GetAllIPLists() ([]IPList, []APIResponse, error)

Deprecated: Use two separate calls to GetIPLists instead.

func (*PCE) GetAllLabelGroups deprecated

func (p *PCE) GetAllLabelGroups(pStatus string) ([]LabelGroup, APIResponse, error)

Deprecated: Use GetLabelGroups instead.

func (*PCE) GetAllLabels deprecated

func (p *PCE) GetAllLabels() ([]Label, APIResponse, error)

Deprecated: use GetLabels instead.

func (*PCE) GetAllLabelsQP deprecated added in v1.22.0

func (p *PCE) GetAllLabelsQP(queryParameters map[string]string) ([]Label, APIResponse, error)

Deprecated: use GetLabels instead.

func (*PCE) GetAllPairingProfiles deprecated

func (p *PCE) GetAllPairingProfiles() ([]PairingProfile, APIResponse, error)

Deprecated: Use GetPairingProfiles instead.

func (*PCE) GetAllPending deprecated

func (p *PCE) GetAllPending() (ChangeSubset, APIResponse, error)

Deprecated: Use GetPendingChanges instead.

func (*PCE) GetAllRuleSets deprecated

func (p *PCE) GetAllRuleSets(pStatus string) ([]RuleSet, APIResponse, error)

Deprecated: Use GetRulesets instead.

func (*PCE) GetAllRuleSetsQP deprecated added in v1.44.0

func (p *PCE) GetAllRuleSetsQP(queryParameters map[string]string, pStatus string) ([]RuleSet, APIResponse, error)

Deprecated: Use GetRulesets instead.

func (*PCE) GetAllServiceBindings deprecated

func (p *PCE) GetAllServiceBindings(virtualService VirtualService) ([]ServiceBinding, APIResponse, error)

Deprecated: Use GetServiceBindings instead.

func (*PCE) GetAllServices deprecated

func (p *PCE) GetAllServices(pStatus string) ([]Service, APIResponse, error)

Deprecated: Use GetServices instead.

func (*PCE) GetAllVens deprecated added in v1.31.0

func (p *PCE) GetAllVens(queryParameters map[string]string) ([]VEN, APIResponse, error)

Deprecated: Use GetAllVens instead.

func (*PCE) GetAllVirtualServers deprecated

func (p *PCE) GetAllVirtualServers(pStatus string) ([]VirtualServer, APIResponse, error)

Deprecated: Use GetVirtualServers instead.

func (*PCE) GetAllVirtualServices deprecated

func (p *PCE) GetAllVirtualServices(queryParameters map[string]string, pStatus string) ([]VirtualService, APIResponse, error)

Deprecated: Use GetVirtualServices instead.

func (*PCE) GetAllVulnReports deprecated

func (p *PCE) GetAllVulnReports() ([]VulnerabilityReport, APIResponse, error)

Deprecated: Use GetVulnReports instead.

func (*PCE) GetAllVulns deprecated

func (p *PCE) GetAllVulns() ([]Vulnerability, APIResponse, error)

Deprecated: Use GetVulns instead.

func (*PCE) GetAllWorkloads deprecated

func (p *PCE) GetAllWorkloads() ([]Workload, APIResponse, error)

Deprecated: Use GetWklds instead.

func (*PCE) GetAllWorkloadsQP deprecated

func (p *PCE) GetAllWorkloadsQP(queryParameters map[string]string) ([]Workload, APIResponse, error)

Deprecated: Use GetWklds instead.

func (*PCE) GetAsyncQueries added in v1.76.0

func (p *PCE) GetAsyncQueries(queryParameters map[string]string) (asyncQueries []AsyncTrafficQuery, api APIResponse, err error)

func (*PCE) GetAsyncQueryResults added in v1.78.0

func (p *PCE) GetAsyncQueryResults(aq AsyncTrafficQuery) (returnedTraffic []TrafficAnalysis, api APIResponse, err error)

func (*PCE) GetCollection added in v1.51.0

func (p *PCE) GetCollection(endpoint string, async bool, queryParameters map[string]string, response interface{}) (APIResponse, error)

GetCollection returns a collection of Illumio objects GetCollection uses a single header of Content-Type:application/json To customize the header, use GetCollectionHeaders

func (*PCE) GetCollectionHeaders added in v1.76.0

func (p *PCE) GetCollectionHeaders(endpoint string, async bool, queryParameters, headers map[string]string, response interface{}) (APIResponse, error)

GetCollectionHeaders returns a collection of Illumio objects and allows for customizing headers of HTTP request

func (*PCE) GetCompatibilityReport

func (p *PCE) GetCompatibilityReport(w Workload) (cr CompatibilityReport, api APIResponse, err error)

GetCompatibilityReport returns the compatibility report for a VEN

func (*PCE) GetContainerClusters added in v1.51.0

func (p *PCE) GetContainerClusters(queryParameters map[string]string) (containerClusters []ContainerCluster, api APIResponse, err error)

GetContainerClusters returns a slice of ContainerCluster in the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetContainerWkldProfiles added in v1.51.0

func (p *PCE) GetContainerWkldProfiles(queryParameters map[string]string, containerClusterID string) (containerWkldProfiles []ContainerWorkloadProfile, api APIResponse, err error)

GetContainerWkldProfiles returns a slice of container workload profiles from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetContainerWklds added in v1.51.0

func (p *PCE) GetContainerWklds(queryParameters map[string]string) (containerWklds []Workload, api APIResponse, err error)

GetContainerWklds returns a slice of container workloads from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetEnforcementBoundaries added in v1.82.0

func (p *PCE) GetEnforcementBoundaries(queryParameters map[string]string, pStatus string) (ebs []EnforcementBoundary, api APIResponse, err error)

GetEnforcementBoundaries returns a slice of enforcement boundaries from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetEnforcementBoundaryByHref added in v1.82.0

func (p *PCE) GetEnforcementBoundaryByHref(href string) (eb EnforcementBoundary, api APIResponse, err error)

GetEnforcementBoundaryByHref returns the enforcement boundary with the specified HREF

func (*PCE) GetEvents added in v1.51.0

func (p *PCE) GetEvents(queryParameters map[string]string) (events []Event, api APIResponse, err error)

GetEvents returns a slice of events from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetHref added in v1.49.0

func (p *PCE) GetHref(href string, response interface{}) (APIResponse, error)

GetHref returns the Illumio object with a specific href

func (*PCE) GetIPList deprecated

func (p *PCE) GetIPList(name string, pStatus string) (IPList, APIResponse, error)

Deprecated: Use GetIPListByName instead.

func (*PCE) GetIPListByName added in v1.51.0

func (p *PCE) GetIPListByName(name string, pStatus string) (IPList, APIResponse, error)

GetIPListByName queries returns the IP List based on name. A blank IP List is return if no exact match.

func (*PCE) GetIPLists added in v1.51.0

func (p *PCE) GetIPLists(queryParameters map[string]string, pStatus string) (ipLists []IPList, api APIResponse, err error)

GetIPLists returns a slice of IP lists from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetLabelByHref added in v1.51.0

func (p *PCE) GetLabelByHref(href string) (Label, APIResponse, error)

GetLabelbyHref returns a label based on the provided HREF.

func (*PCE) GetLabelByKeyValue added in v1.51.0

func (p *PCE) GetLabelByKeyValue(key, value string) (Label, APIResponse, error)

GetLabelByKeyValue finds a label based on the key and value. A blank label is return if no exact match.

func (*PCE) GetLabelDimensions added in v1.75.0

func (p *PCE) GetLabelDimensions(queryParameters map[string]string) (labelDimensions []LabelDimension, api APIResponse, err error)

GetLabelDimensions returns a slice of label tpes from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetLabelGroups added in v1.51.0

func (p *PCE) GetLabelGroups(queryParameters map[string]string, pStatus string) (labelGroups []LabelGroup, api APIResponse, err error)

GetLabelGroups returns a slice of label groups from the PCE. pStatus must be "draft" or "active" queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetLabelbyHref deprecated

func (p *PCE) GetLabelbyHref(href string) (Label, APIResponse, error)

Deprecated: Use GetLabelByHref instead.

func (*PCE) GetLabelbyKeyValue deprecated

func (p *PCE) GetLabelbyKeyValue(key, value string) (Label, APIResponse, error)

Deprecated: Use GetLabelByKeyValue instead.

func (*PCE) GetLabels added in v1.51.0

func (p *PCE) GetLabels(queryParameters map[string]string) (labels []Label, api APIResponse, err error)

GetLabels returns a slice of labels from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetPairingProfiles added in v1.51.0

func (p *PCE) GetPairingProfiles(queryParameters map[string]string) (pairingProfiles []PairingProfile, api APIResponse, err error)

GetPairingProfiles returns a slice of pairing profiles from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetPendingChanges added in v1.51.0

func (p *PCE) GetPendingChanges() (cs ChangeSubset, api APIResponse, err error)

GetPending returns a slice of pending changes from the PCE.

func (*PCE) GetRuleByHref added in v1.51.0

func (p *PCE) GetRuleByHref(href string) (rule Rule, api APIResponse, err error)

GetRuleByHref returns the rule with a specific href

func (*PCE) GetRuleSetByHref deprecated added in v1.49.0

func (p *PCE) GetRuleSetByHref(href string) (RuleSet, APIResponse, error)

Deprecated: Use GetRulesetByHref instead.

func (*PCE) GetRuleSetMapName deprecated

func (p *PCE) GetRuleSetMapName(pStatus string) (map[string]RuleSet, APIResponse, error)

Deprecated: Use GetRulesets and the maps attached to PCE instead.

func (*PCE) GetRuleSetRuleByHref deprecated added in v1.49.0

func (p *PCE) GetRuleSetRuleByHref(href string) (Rule, APIResponse, error)

Deprecated: Use GetRuleByHref instead.

func (*PCE) GetRulesetByHref added in v1.51.0

func (p *PCE) GetRulesetByHref(href string) (ruleset RuleSet, api APIResponse, err error)

GetRulesetByHref returns the rule with a specific href

func (*PCE) GetRulesets added in v1.51.0

func (p *PCE) GetRulesets(queryParameters map[string]string, pStatus string) (ruleSets []RuleSet, api APIResponse, err error)

GetRulesets returns a slice of rulesets from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetServiceBindings added in v1.51.0

func (p *PCE) GetServiceBindings(queryParameters map[string]string) (serviceBindings []ServiceBinding, api APIResponse, err error)

GetServiceBindings returns a slice of service bindings from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetServices added in v1.51.0

func (p *PCE) GetServices(queryParameters map[string]string, pStatus string) (services []Service, api APIResponse, err error)

GetServices returns a slice of IP lists from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetTrafficAnalysis

func (p *PCE) GetTrafficAnalysis(q TrafficQuery) (returnedTraffic []TrafficAnalysis, api APIResponse, err error)

GetTrafficAnalysis gets flow data from Explorer.

func (*PCE) GetTrafficAnalysisAPI deprecated added in v1.6.0

func (p *PCE) GetTrafficAnalysisAPI(t TrafficAnalysisRequest) (returnedTraffic []TrafficAnalysis, api APIResponse, err error)

Deprecated: Use GetTrafficAnalysis instead.

func (*PCE) GetVenByHostname added in v1.44.0

func (p *PCE) GetVenByHostname(hostname string) (VEN, APIResponse, error)

GetVenByHostname gets a VEN by the hostname

func (*PCE) GetVenByHref added in v1.43.0

func (p *PCE) GetVenByHref(href string) (ven VEN, api APIResponse, err error)

GetVenByHref returns the VEN with a specific href

func (*PCE) GetVens added in v1.51.0

func (p *PCE) GetVens(queryParameters map[string]string) (vens []VEN, api APIResponse, err error)

GetVens returns a slice of VENs from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value" The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetVersion

func (p *PCE) GetVersion() (version Version, api APIResponse, err error)

GetVersion returns the version of the PCE

func (*PCE) GetVirtualServers added in v1.51.0

func (p *PCE) GetVirtualServers(queryParameters map[string]string, pStatus string) (virtualServers []VirtualServer, api APIResponse, err error)

GetVirtualServers returns a slice of IP lists from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetVirtualServiceByHref added in v1.49.0

func (p *PCE) GetVirtualServiceByHref(href string) (virtualService VirtualService, api APIResponse, err error)

GetVirtualServiceByHref returns the virtualservice with a specific href

func (*PCE) GetVirtualServiceByName

func (p *PCE) GetVirtualServiceByName(name string, pStatus string) (VirtualService, APIResponse, error)

GetVirtualServiceByName returns the virtual service based on name. A blank virtual service is return if no exact match.

func (*PCE) GetVirtualServices added in v1.51.0

func (p *PCE) GetVirtualServices(queryParameters map[string]string, pStatus string) (virtualServices []VirtualService, api APIResponse, err error)

GetVirtualServices returns a slice of IP lists from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetVulnReports added in v1.51.0

func (p *PCE) GetVulnReports(queryParameters map[string]string) (vulnReports []VulnerabilityReport, api APIResponse, err error)

GetVulnReports returns a slice of vulnerabilities from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetVulns added in v1.51.0

func (p *PCE) GetVulns(queryParameters map[string]string) (vulns []Vulnerability, api APIResponse, err error)

GetVulns returns a slice of vulnerabilities from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetWkldByHostname added in v1.43.0

func (p *PCE) GetWkldByHostname(hostname string) (Workload, APIResponse, error)

GetWkldByHostname gets a workload based on the hostname. An empty workload is returned if there is no exact match.

func (*PCE) GetWkldByHref

func (p *PCE) GetWkldByHref(href string) (Workload, APIResponse, error)

GetWkldByHref returns the workload with a specific href

func (*PCE) GetWkldHostMap deprecated

func (p *PCE) GetWkldHostMap() (map[string]Workload, APIResponse, error)

Deprecated: Use GetWklds and the populated workloads map instead.

func (*PCE) GetWkldHrefMap deprecated

func (p *PCE) GetWkldHrefMap() (map[string]Workload, APIResponse, error)

Deprecated: Use GetWklds and the populated workloads map instead.

func (*PCE) GetWklds added in v1.51.0

func (p *PCE) GetWklds(queryParameters map[string]string) ([]Workload, APIResponse, error)

GetWklds returns a slice of workloads from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value" The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) IncreaseTrafficUpdateRate added in v1.27.0

func (p *PCE) IncreaseTrafficUpdateRate(wklds []Workload) (APIResponse, error)

IncreaseTrafficUpdateRate increases the VEN traffic update rate

func (*PCE) IterateTraffic

func (p *PCE) IterateTraffic(q TrafficQuery, stdout bool) ([]TrafficAnalysis, error)

IterateTraffic returns an array of traffic analysis. The iterative query starts by running a blank explorer query. If the results are over 90K, it queries again by TCP, UDP, and other. If either protocol-specific query is over 90K, it queries again by TCP and UDP port.

func (*PCE) IterateTrafficJString

func (p *PCE) IterateTrafficJString(q TrafficQuery, stdout bool) (string, error)

IterateTrafficJString returns the combined JSON output from an iterative exlplorer query. The iterative query starts by running a blank explorer query. If the results are over threshold, it queries again by TCP, UDP, and other. If either protocol-specific query is over 90K, it queries again by TCP and UDP port.

func (*PCE) Load

func (p *PCE) Load(l LoadInput) (map[string]APIResponse, error)

Load fills the PCE object maps

func (*PCE) LoadVenMap added in v1.46.0

func (p *PCE) LoadVenMap()

LoadVenMap populates the workload maps based on p.WorkloadSlice

func (*PCE) LoadWorkloadMap added in v1.46.0

func (p *PCE) LoadWorkloadMap()

LoadWorkloadMap will populate the workload maps based on p.WorkloadSlice

func (*PCE) Login

func (p *PCE) Login(user, password string) (UserLogin, []APIResponse, error)

Login authenticates to the PCE. Login will populate the User, Key, and Org fields in the PCE instance. Login will use a temporary session token that expires after 10 minutes. The ILLUMIO_LOGIN_SERVER environment variable can be used for specifying a login server

func (*PCE) LoginAPIKey

func (p *PCE) LoginAPIKey(user, password, name, desc string) (UserLogin, []APIResponse, error)

LoginAPIKey authenticates to the PCE. Login will populate the User, Key, and Org fields in the PCE instance. LoginAPIKey will create a permanent API Key with the provided name and description fields. The ILLUMIO_LOGIN_SERVER environment variable can be used for specifying a login server.

func (*PCE) Post added in v1.51.0

func (p *PCE) Post(endpoint string, object, createdObject interface{}) (api APIResponse, err error)

Post sends a POST request to the PCE

func (*PCE) ProvisionCS

func (p *PCE) ProvisionCS(cs ChangeSubset, comment string) (api APIResponse, err error)

ProvisionCS provisions a ChangeSubset

func (*PCE) ProvisionHref

func (p *PCE) ProvisionHref(hrefs []string, comment string) (APIResponse, error)

ProvisionHref provisions a slice of HREFs

func (*PCE) Put added in v1.51.0

func (p *PCE) Put(object interface{}) (api APIResponse, err error)

Put sends a PUT request to the PCE. The object must include an Href field.

func (*PCE) UpdateContainerWkldProfiles added in v1.62.0

func (p *PCE) UpdateContainerWkldProfiles(cp ContainerWorkloadProfile) (APIResponse, error)

UpdateContainerWkldProfiles updates an existing container workload profile in the Illumio PCE The provided container workload profile struct must include an href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateEnforcementBoundary added in v1.82.0

func (p *PCE) UpdateEnforcementBoundary(eb EnforcementBoundary) (APIResponse, error)

UpdateEnforcementBoundary updates an existing enforcement boundary in the PCE. The provided enforcement boundary object must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateIPList

func (p *PCE) UpdateIPList(ipList IPList) (APIResponse, error)

UpdateIPList updates an existing IP List in the PCE. The provided IP List must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateLabel

func (p *PCE) UpdateLabel(label Label) (APIResponse, error)

UpdateLabel updates an existing label in the PCE. The provided label must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateLabelGroup

func (p *PCE) UpdateLabelGroup(labelGroup LabelGroup) (APIResponse, error)

UpdateLabelGroup updates an existing label group in the PCE. The provided label group must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateRule added in v1.51.0

func (p *PCE) UpdateRule(rule Rule) (APIResponse, error)

UpdateRule updates an existing rule in the PCE. The provided rule must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateRuleSet deprecated added in v1.40.0

func (p *PCE) UpdateRuleSet(ruleset RuleSet) (APIResponse, error)

Deprecated: Use UpdateRuleset instead.

func (*PCE) UpdateRuleSetRules deprecated

func (p *PCE) UpdateRuleSetRules(rule Rule) (APIResponse, error)

Deprecated: Use UpdateRule instead.

func (*PCE) UpdateRuleset added in v1.51.0

func (p *PCE) UpdateRuleset(ruleset RuleSet) (APIResponse, error)

UpdateRuleset updates an existing ruleset in the PCE. The provided ruleset must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateService

func (p *PCE) UpdateService(service Service) (APIResponse, error)

UpdateService updates an existing service object in the Illumio PCE

func (*PCE) UpdateVen added in v1.31.0

func (p *PCE) UpdateVen(ven VEN) (api APIResponse, err error)

UpdateVEN updates an existing ven in the Illumio PCE The provided ven struct must include an href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateVirtualService

func (p *PCE) UpdateVirtualService(virtualService VirtualService) (APIResponse, error)

UpdateVirtualService updates an existing virtual service in the PCE. The provided virtual service must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateWkld added in v1.51.0

func (p *PCE) UpdateWkld(workload Workload) (APIResponse, error)

UpdateWorkload updates an existing workload in the Illumio PCE The provided workload struct must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateWorkload deprecated

func (p *PCE) UpdateWorkload(wkld Workload) (APIResponse, error)

Deprecated: Use UpdateWkld instead.

func (*PCE) UpgradeVENs added in v1.42.0

func (p *PCE) UpgradeVENs(vens []VEN, release string) (resp VENUpgradeResp, api APIResponse, err error)

func (*PCE) UploadTraffic

func (p *PCE) UploadTraffic(filename string, headerLine bool) (UploadFlowResults, error)

UploadTraffic uploads a csv to the PCE with traffic flows. filename should be the path to a csv file with 4 cols: src_ip, dst_ip, port, protocol (IANA numerical format 6=TCP, 17=UDP) When headerLine = true, the first line of the CSV is skipped. If there are more than 999 entries in the CSV, it creates chunks of 999

func (*PCE) WorkloadQueryLabelParameter added in v1.14.0

func (p *PCE) WorkloadQueryLabelParameter(labelSlices [][]string) (queryParameter string, err error)

WorkloadQueryLabelParameter takes [][]string (example for after parsing a CSV). The first slice must be the label key headers (e.g., role, app, env, bu, etc.) Returns is the query parameter for those labels. Each inner slice is an "AND" query The slices are pieces together using "OR" The PCE must be loaded with the labels

func (*PCE) WorkloadUpgrade

func (p *PCE) WorkloadUpgrade(wkldHref, targetVersion string) (APIResponse, error)

WorkloadUpgrade upgrades the VEN version on the workload

func (*PCE) WorkloadsUnpair

func (p *PCE) WorkloadsUnpair(wklds []Workload, ipTablesRestore string) ([]APIResponse, error)

WorkloadsUnpair unpairs workloads. There is no limit to the length of []Workloads. The method chunks the API calls into groups of 1,000 to conform to the Illumio API.

type PairingKey

type PairingKey struct {
	ActivationCode string `json:"activation_code,omitempty"`
}

PairingKey represents a VEN pairing key

type PairingProfile

type PairingProfile struct {
	AllowedUsesPerKey     string     `json:"allowed_uses_per_key,omitempty"`
	AppLabelLock          bool       `json:"app_label_lock"`
	CreatedAt             string     `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy `json:"created_by,omitempty"`
	Description           string     `json:"description,omitempty"`
	Enabled               bool       `json:"enabled"`
	EnvLabelLock          bool       `json:"env_label_lock"`
	ExternalDataReference string     `json:"external_data_reference,omitempty"`
	ExternalDataSet       string     `json:"external_data_set,omitempty"`
	Href                  string     `json:"href,omitempty"`
	IsDefault             bool       `json:"is_default,omitempty"`
	KeyLifespan           string     `json:"key_lifespan,omitempty"`
	Labels                []*Label   `json:"labels,omitempty"`
	LastPairingAt         string     `json:"last_pairing_at,omitempty"`
	LocLabelLock          bool       `json:"loc_label_lock"`
	LogTraffic            bool       `json:"log_traffic"`
	LogTrafficLock        bool       `json:"log_traffic_lock"`
	Mode                  string     `json:"mode,omitempty"`
	ModeLock              bool       `json:"mode_lock"`
	Name                  string     `json:"name,omitempty"`
	RoleLabelLock         bool       `json:"role_label_lock"`
	TotalUseCount         int        `json:"total_use_count,omitempty"`
	UpdatedAt             string     `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy `json:"updated_by,omitempty"`
	VisibilityLevel       string     `json:"visibility_level,omitempty"`
	VisibilityLevelLock   bool       `json:"visibility_level_lock"`
}

PairingProfile represents a pairing profile in the Illumio PCE

type PortOverrides

type PortOverrides struct {
	Port    int `json:"port"`
	Proto   int `json:"proto"`
	NewPort int `json:"new_port"`
}

PortOverrides override a port on a virtual service binding.

type PortProtos

type PortProtos struct {
	Include []Include `json:"include"`
	Exclude []Exclude `json:"exclude"`
}

PortProtos represents the ports and protocols query portion of the exporer API

type ProductVersion

type ProductVersion struct {
	Build           int    `json:"build,omitempty"`
	EngineeringInfo string `json:"engineering_info,omitempty"`
	LongDisplay     string `json:"long_display,omitempty"`
	ReleaseInfo     string `json:"release_info,omitempty"`
	ShortDisplay    string `json:"short_display,omitempty"`
	Version         string `json:"version,omitempty"`
}

ProductVersion represents the version of the product

type Providers

type Providers struct {
	Actors         string          `json:"actors,omitempty"`
	IPList         *IPList         `json:"ip_list,omitempty"`
	Label          *Label          `json:"label,omitempty"`
	LabelGroup     *LabelGroup     `json:"label_group,omitempty"`
	VirtualServer  *VirtualServer  `json:"virtual_server,omitempty"`
	VirtualService *VirtualService `json:"virtual_service,omitempty"`
	Workload       *Workload       `json:"workload,omitempty"`
}

Providers - more info to follow

type Provision

type Provision struct {
	ChangeSubset      *ChangeSubset `json:"change_subset,omitempty"`
	UpdateDescription string        `json:"update_description,omitempty"`
}

Provision is sent to the PCE to provision policy objects

type QualifyTest

type QualifyTest struct {
	Status                    string      `json:"status"`
	IpsecServiceEnabled       interface{} `json:"ipsec_service_enabled"`
	Ipv4ForwardingEnabled     interface{} `json:"ipv4_forwarding_enabled"`
	Ipv4ForwardingPktCnt      interface{} `json:"ipv4_forwarding_pkt_cnt"`
	IptablesRuleCnt           interface{} `json:"iptables_rule_cnt"`
	Ipv6GlobalScope           interface{} `json:"ipv6_global_scope"`
	Ipv6ActiveConnCnt         interface{} `json:"ipv6_active_conn_cnt"`
	IP6TablesRuleCnt          interface{} `json:"ip6tables_rule_cnt"`
	RoutingTableConflict      interface{} `json:"routing_table_conflict"`
	IPv6Enabled               interface{} `json:"IPv6_enabled"`
	UnwantedNics              interface{} `json:"Unwanted_nics"`
	GroupPolicy               interface{} `json:"Group_policy"`
	RequiredPackagesInstalled interface{} `json:"required_packages_installed"`
	RequiredPackagesMissing   *[]string   `json:"required_packages_missing"`
}

QualifyTest is part of compatibility report. Using interface types because API format is not guaranteed.

type RegionsItems added in v1.76.0

type RegionsItems struct {
	FlowsCount   int    `json:"flows_count,omitempty"`   // region result count after query limits and RBAC filtering are applied
	MatchesCount int    `json:"matches_count,omitempty"` // region query result count
	PceFqdn      string `json:"pce_fqdn"`                // fqdn of PCE region
	Responded    bool   `json:"responded"`               // supercluster region responded with query results
}

RegionsItems

type ResolveLabelsAs

type ResolveLabelsAs struct {
	Consumers []string `json:"consumers"`
	Providers []string `json:"providers"`
}

ResolveLabelsAs - more info to follow

type Results

type Results struct {
	QualifyTests []QualifyTest `json:"qualify_tests"`
}

Results are the list of qualify tests

type Rule

type Rule struct {
	CreatedAt                   string                         `json:"created_at,omitempty"`
	CreatedBy                   *CreatedBy                     `json:"created_by,omitempty"`
	DeletedAt                   string                         `json:"deleted_at,omitempty"`
	DeletedBy                   *DeletedBy                     `json:"deleted_by,omitempty"`
	Consumers                   []*Consumers                   `json:"consumers,omitempty"`
	ConsumingSecurityPrincipals []*ConsumingSecurityPrincipals `json:"consuming_security_principals,omitempty"`
	Description                 string                         `json:"description,omitempty"`
	Enabled                     *bool                          `json:"enabled,omitempty"`
	ExternalDataReference       string                         `json:"external_data_reference,omitempty"`
	ExternalDataSet             string                         `json:"external_data_set,omitempty"`
	Href                        string                         `json:"href,omitempty"`
	IngressServices             *[]*IngressServices            `json:"ingress_services,omitempty"`
	Providers                   []*Providers                   `json:"providers,omitempty"`
	ResolveLabelsAs             *ResolveLabelsAs               `json:"resolve_labels_as,omitempty"`
	SecConnect                  *bool                          `json:"sec_connect,omitempty"`
	Stateless                   *bool                          `json:"stateless,omitempty"`
	MachineAuth                 *bool                          `json:"machine_auth,omitempty"`
	UnscopedConsumers           *bool                          `json:"unscoped_consumers,omitempty"`
	UpdateType                  string                         `json:"update_type,omitempty"`
	UpdatedAt                   string                         `json:"updated_at,omitempty"`
	UpdatedBy                   *UpdatedBy                     `json:"updated_by,omitempty"`
	UseWorkloadSubnets          []string                       `json:"use_workload_subnets,omitempty"`
	NetworkType                 string                         `json:"network_type,omitempty"` //  ["brn", "non_brn", "all"]
}

Rule - more info to follow

func (*Rule) GetRuleSetHrefFromRuleHref deprecated

func (r *Rule) GetRuleSetHrefFromRuleHref() string

Deprecated: Use GetRulesetHref instead.

func (*Rule) GetRulesetHref added in v1.51.0

func (r *Rule) GetRulesetHref() string

GetRulesetHref returns the href of a ruleset based on the rule's href

type RuleSet

type RuleSet struct {
	CreatedAt             string           `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy       `json:"created_by,omitempty"`
	DeletedAt             string           `json:"deleted_at,omitempty"`
	DeletedBy             *DeletedBy       `json:"deleted_by,omitempty"`
	Description           string           `json:"description,omitempty"`
	Enabled               *bool            `json:"enabled,omitempty"`
	ExternalDataReference string           `json:"external_data_reference,omitempty"`
	ExternalDataSet       string           `json:"external_data_set,omitempty"`
	Href                  string           `json:"href,omitempty"`
	IPTablesRules         []*IPTablesRules `json:"ip_tables_rules,omitempty"`
	Name                  string           `json:"name,omitempty"`
	Rules                 []*Rule          `json:"rules,omitempty"`
	Scopes                *[][]*Scopes     `json:"scopes,omitempty"`
	UpdateType            string           `json:"update_type,omitempty"`
	UpdatedAt             string           `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy       `json:"updated_by,omitempty"`
}

RuleSet - more info to follow

type Scopes

type Scopes struct {
	Label      *Label      `json:"label,omitempty"`
	LabelGroup *LabelGroup `json:"label_group,omitempty"`
}

Scopes - more info to follow

type SecureConnect

type SecureConnect struct {
	MatchingIssuerName string `json:"matching_issuer_name,omitempty"`
}

SecureConnect represents SecureConnect for an Agent on a Workload

type SecureConnectGateways

type SecureConnectGateways struct {
	Href string `json:"href"`
}

SecureConnectGateways represent SecureConnectGateways in provisioning

type Service

type Service struct {
	CreatedAt             string            `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy        `json:"created_by,omitempty"`
	DeletedAt             string            `json:"deleted_at,omitempty"`
	DeletedBy             *DeletedBy        `json:"deleted_by,omitempty"`
	Description           string            `json:"description,omitempty"`
	DescriptionURL        string            `json:"description_url,omitempty"`
	ExternalDataReference string            `json:"external_data_reference,omitempty"`
	ExternalDataSet       string            `json:"external_data_set,omitempty"`
	Href                  string            `json:"href,omitempty"`
	Name                  string            `json:"name"`
	ProcessName           string            `json:"process_name,omitempty"`
	ServicePorts          []*ServicePort    `json:"service_ports,omitempty"`
	UpdateType            string            `json:"update_type,omitempty"`
	UpdatedAt             string            `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy        `json:"updated_by,omitempty"`
	WindowsServices       []*WindowsService `json:"windows_services,omitempty"`
}

Service represent a service in the Illumio PCE

func (*Service) ParseService

func (s *Service) ParseService() (windowsServices, servicePorts []string)

ParseService returns a slice of WindowsServices and ServicePorts from an Illumio service object

func (*Service) ToExplorer added in v1.6.0

func (s *Service) ToExplorer() ([]Include, []Exclude)

ToExplorer takes a service and returns an explorer query include and exclude

type ServiceAddresses

type ServiceAddresses struct {
	IP          string   `json:"ip,omitempty"`
	Network     *Network `json:"network,omitempty"`
	Fqdn        string   `json:"fqdn,omitempty"`
	Description string   `json:"description,omitempty"`
}

ServiceAddresses are FQDNs for Virtual Services

type ServiceBinding

type ServiceBinding struct {
	Href           string          `json:"href,omitempty"`
	VirtualService VirtualService  `json:"virtual_service"`
	Workload       Workload        `json:"workload"`
	PortOverrides  []PortOverrides `json:"port_overrides,omitempty"`
}

A ServiceBinding binds a worklad to a Virtual Service

type ServicePort

type ServicePort struct {
	IcmpCode int `json:"icmp_code,omitempty"`
	IcmpType int `json:"icmp_type,omitempty"`
	ID       int `json:"id,omitempty"`
	Port     int `json:"port,omitempty"`
	Protocol int `json:"proto,omitempty"`
	ToPort   int `json:"to_port,omitempty"`
}

ServicePort represent port and protocol information for a non-Windows service

type Services

type Services struct {
	CreatedAt        string              `json:"created_at,omitempty"`
	OpenServicePorts []*OpenServicePorts `json:"open_service_ports,omitempty"`
	UptimeSeconds    int                 `json:"uptime_seconds,omitempty"`
}

Services represent the Services running on a Workload

type Sources

type Sources struct {
	Include [][]Include `json:"include"`
	Exclude []Exclude   `json:"exclude"`
}

Sources represents the sources query portion of the explorer API

type Src

type Src struct {
	IP       string     `json:"ip"`
	Workload *Workload  `json:"workload,omitempty"`
	FQDN     string     `json:"fqdn,omitempty"`
	IPLists  *[]*IPList `json:"ip_lists"`
}

Src is the consumer workload details

type Statements

type Statements struct {
	ChainName  string `json:"chain_name"`
	Parameters string `json:"parameters"`
	TableName  string `json:"table_name"`
}

Statements are part of a custom IPTables rule

type Status

type Status struct {
	AgentHealth              []*AgentHealth     `json:"agent_health,omitempty"`
	AgentHealthErrors        *AgentHealthErrors `json:"agent_health_errors,omitempty"`
	AgentVersion             string             `json:"agent_version,omitempty"`
	FirewallRuleCount        int                `json:"firewall_rule_count,omitempty"`
	FwConfigCurrent          bool               `json:"fw_config_current,omitempty"`
	InstanceID               string             `json:"instance_id,omitempty"`
	LastHeartbeatOn          string             `json:"last_heartbeat_on,omitempty"`
	ManagedSince             string             `json:"managed_since,omitempty"`
	SecurityPolicyAppliedAt  string             `json:"security_policy_applied_at,omitempty"`
	SecurityPolicyReceivedAt string             `json:"security_policy_received_at,omitempty"`
	SecurityPolicyRefreshAt  string             `json:"security_policy_refresh_at,omitempty"`
	SecurityPolicySyncState  string             `json:"security_policy_sync_state,omitempty"`
	Status                   string             `json:"status,omitempty"`
	UID                      string             `json:"uid,omitempty"`
	UptimeSeconds            int                `json:"uptime_seconds,omitempty"`
}

Status represents the Status of an Agent on a Workload

type SubGroups

type SubGroups struct {
	Href string `json:"href"`
	Name string `json:"name,omitempty"`
}

SubGroups represent SubGroups for Label Groups

type System added in v1.39.0

type System struct {
}

System is an empty struct for system-generated events

type Target added in v1.78.0

type Target struct {
	Proto   int    `json:"proto,omitempty"`
	SrcIP   string `json:"src_ip,omitempty"`
	SrcPort int    `json:"src_port,omitempty"`
	DestIP  string `json:"dst_ip,omitempty"`
	DstPort int    `json:"dst_port,omitempty"`
}

type TimestampRange

type TimestampRange struct {
	FirstDetected string `json:"first_detected"`
	LastDetected  string `json:"last_detected"`
}

TimestampRange is used to limit queries ranges for the flow detected

type TrafficAnalysis

type TrafficAnalysis struct {
	Dst            *Dst            `json:"dst"`
	NumConnections int             `json:"num_connections"`
	PolicyDecision string          `json:"policy_decision"`
	ExpSrv         *ExpSrv         `json:"service"`
	Src            *Src            `json:"src"`
	TimestampRange *TimestampRange `json:"timestamp_range"`
	Transmission   string          `json:"transmission"`
}

TrafficAnalysis represents the response from the explorer API

func DedupeExplorerTraffic

func DedupeExplorerTraffic(first, second []TrafficAnalysis) []TrafficAnalysis

DedupeExplorerTraffic takes two traffic responses and returns a de-duplicated result set

type TrafficAnalysisRequest

type TrafficAnalysisRequest struct {
	QueryName                       *string          `json:"query_name,omitempty"`
	Sources                         Sources          `json:"sources"`
	Destinations                    Destinations     `json:"destinations"`
	ExplorerServices                ExplorerServices `json:"services"`
	StartDate                       time.Time        `json:"start_date,omitempty"`
	EndDate                         time.Time        `json:"end_date,omitempty"`
	PolicyDecisions                 []string         `json:"policy_decisions"`
	MaxResults                      int              `json:"max_results,omitempty"`
	SourcesDestinationsQueryOp      string           `json:"sources_destinations_query_op,omitempty"`
	ExcludeWorkloadsFromIPListQuery *bool            `json:"exclude_workloads_from_ip_list_query,omitempty"`
}

TrafficAnalysisRequest represents the payload object for the traffic analysis POST request

type TrafficQuery

type TrafficQuery struct {
	SourcesInclude      [][]string
	SourcesExclude      []string
	DestinationsInclude [][]string
	DestinationsExclude []string
	// PortProtoInclude and PortProtoExclude entries should be in the format of [port, protocol]
	// Example [80, 6] is Port 80 TCP.
	PortProtoInclude [][2]int
	PortProtoExclude [][2]int
	// PortRangeInclude and PortRangeExclude entries should be of the format [fromPort, toPort, protocol]
	// Example - [1000, 2000, 6] is Ports 1000-2000 TCP.
	PortRangeInclude                [][3]int
	PortRangeExclude                [][3]int
	ProcessInclude                  []string
	WindowsServiceInclude           []string
	ProcessExclude                  []string
	WindowsServiceExclude           []string
	StartTime                       time.Time
	EndTime                         time.Time
	PolicyStatuses                  []string
	MaxFLows                        int
	TransmissionExcludes            []string // Example: []string{"broadcast", "multicast"} will only get unicast traffic
	QueryOperator                   string   // Value should be "and" or "or". "and" is used by default
	ExcludeWorkloadsFromIPListQuery bool     // The PCE UI uses a value of true by default
}

TrafficQuery is the struct to be passed to the GetTrafficAnalysis function

type Unpair

type Unpair struct {
	Workloads      []Workload `json:"workloads"`
	IPTableRestore string     `json:"ip_table_restore"`
}

Unpair is the payload for using the API to unpair workloads.

type UpdatedBy

type UpdatedBy struct {
	Href string `json:"href"`
}

UpdatedBy represents the UpdatedBy property of an object

type UploadFlowResults

type UploadFlowResults struct {
	FlowResps       []FlowUploadResp
	APIResps        []APIResponse
	TotalFlowsInCSV int
}

UploadFlowResults is the struct returned to the user when using the pce.UploadTraffic() method

type Usage

type Usage struct {
	LabelGroup         bool `json:"label_group"`
	Rule               bool `json:"rule"`
	Ruleset            bool `json:"ruleset"`
	StaticPolicyScopes bool `json:"static_policy_scopes,omitempty"`
}

Usage covers how a LabelGroup is used in the PCE

type UserLogin

type UserLogin struct {
	AuthUsername                string          `json:"auth_username,omitempty"`
	FullName                    string          `json:"full_name,omitempty"`
	Href                        string          `json:"href,omitempty"`
	InactivityExpirationMinutes int             `json:"inactivity_expiration_minutes,omitempty"`
	LastLoginIPAddress          string          `json:"last_login_ip_address,omitempty"`
	LastLoginOn                 string          `json:"last_login_on,omitempty"`
	ProductVersion              *ProductVersion `json:"product_version,omitempty"`
	SessionToken                string          `json:"session_token,omitempty"`
	TimeZone                    string          `json:"time_zone,omitempty"`
	Type                        string          `json:"type,omitempty"`
	Orgs                        []*Org          `json:"orgs,omitempty"`
	Username                    string          `json:"username,omitempty"` // Added for events
}

UserLogin represents a user logging in via password to get a session key

type VEN added in v1.19.0

type VEN struct {
	Href             string            `json:"href,omitempty"`
	Name             string            `json:"name,omitempty"`
	Description      string            `json:"description,omitempty"`
	Hostname         string            `json:"hostname,omitempty"`
	UID              string            `json:"uid,omitempty"`
	Status           string            `json:"status,omitempty"`
	Version          string            `json:"version,omitempty"`
	ActivationType   string            `json:"activation_type,omitempty"`
	ActivePceFqdn    string            `json:"active_pce_fqdn,omitempty"`
	TargetPceFqdn    string            `json:"target_pce_fqdn,omitempty"`
	Workloads        *[]*Workload      `json:"workloads,omitempty"`
	ContainerCluster *ContainerCluster `json:"container_cluster,omitempty"`
	VenType          string            `json:"ven_type,omitempty"`
	Conditions       []Conditions      `json:"conditions,omitempty"`
}

VEN represents a VEN in the Illumio PCE. Not including duplicated fields in a workload - labels, OS information, interfaces, etc.

type VENUpgrade added in v1.42.0

type VENUpgrade struct {
	VENs    []VEN  `json:"vens"`
	Release string `json:"release"`
	DryRun  bool   `json:"dry_run"`
}

type VENUpgradeError added in v1.42.0

type VENUpgradeError struct {
	Token   string   `json:"token"`
	Message string   `json:"message"`
	Hrefs   []string `json:"hrefs"`
}

type VENUpgradeResp added in v1.42.0

type VENUpgradeResp struct {
	VENUpgradeErrors []VENUpgradeError `json:"errors"`
}

type Version

type Version struct {
	Version      string `json:"version"`
	Build        int    `json:"build"`
	LongDisplay  string `json:"long_display"`
	ShortDisplay string `json:"short_display"`
	Major        int
	Minor        int
	Patch        int
}

Version represents the version of the PCE

type VirtualServer

type VirtualServer struct {
	Href                    string                   `json:"href,omitempty"`
	CreatedAt               string                   `json:"created_at,omitempty"`
	UpdatedAt               string                   `json:"updated_at,omitempty"`
	DeletedAt               string                   `json:"deleted_at,omitempty"`
	CreatedBy               *CreatedBy               `json:"created_by,omitempty"`
	UpdatedBy               *UpdatedBy               `json:"updated_by,omitempty"`
	DeletedBy               *DeletedBy               `json:"deleted_by,omitempty"`
	Name                    string                   `json:"name,omitempty"`
	Description             string                   `json:"description,omitempty"`
	DiscoveredVirtualServer *DiscoveredVirtualServer `json:"discovered_virtual_server,omitempty"`
	DvsName                 string                   `json:"dvs_name,omitempty"`
	DvsIdentifier           string                   `json:"dvs_identifier,omitempty"`
	Labels                  []*Label                 `json:"labels,omitempty"`
	Service                 *Service                 `json:"service,omitempty"`
	Providers               []interface{}            `json:"providers,omitempty"`
	Mode                    string                   `json:"mode,omitempty"`
}

VirtualServer represents a VirtualServer in the PCE

type VirtualServers

type VirtualServers struct {
	Href string `json:"href"`
}

VirtualServers reresent virtual servers in provisioning

type VirtualService

type VirtualService struct {
	ApplyTo               string              `json:"apply_to,omitempty"`
	CreatedAt             string              `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy          `json:"created_by,omitempty"`
	DeletedAt             string              `json:"deleted_at,omitempty"`
	DeletedBy             *DeletedBy          `json:"deleted_by,omitempty"`
	Description           string              `json:"description,omitempty"`
	ExternalDataReference string              `json:"external_data_reference,omitempty"`
	ExternalDataSet       string              `json:"external_data_set,omitempty"`
	Href                  string              `json:"href,omitempty"`
	IPOverrides           []string            `json:"ip_overrides,omitempty"`
	Labels                []*Label            `json:"labels,omitempty"`
	Name                  string              `json:"name,omitempty"`
	PceFqdn               string              `json:"pce_fqdn,omitempty"`
	Service               *Service            `json:"service,omitempty"`
	ServiceAddresses      []*ServiceAddresses `json:"service_addresses,omitempty"`
	ServicePorts          []*ServicePort      `json:"service_ports,omitempty"`
	UpdateType            string              `json:"update_type,omitempty"`
	UpdatedAt             string              `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy          `json:"updated_by,omitempty"`
}

A VirtualService represents a Virtual Service in the Illumio PCE

func (*VirtualService) Sanitize

func (vs *VirtualService) Sanitize()

Sanitize removes fields for an update

func (*VirtualService) SetActive

func (vs *VirtualService) SetActive() VirtualService

SetActive changes the HREF of the Virtual Service Object to Active

type Vulnerability

type Vulnerability struct {
	CreatedAt   string     `json:"created_at,omitempty"`
	CreatedBy   *CreatedBy `json:"created_by,omitempty"`
	CveIds      []string   `json:"cve_ids,omitempty"`
	Description string     `json:"description,omitempty"`
	Href        string     `json:"href,omitempty"`
	Name        string     `json:"name,omitempty"`
	Score       int        `json:"score,omitempty"`
	UpdatedAt   string     `json:"updated_at,omitempty"`
	UpdatedBy   *UpdatedBy `json:"updated_by,omitempty"`
}

Vulnerability represents a vulnerability in the Illumio PCE

type VulnerabilityReport

type VulnerabilityReport struct {
	Authoritative      bool       `json:"authoritative,omitempty"`
	CreatedAt          string     `json:"created_at,omitempty"`
	CreatedBy          *CreatedBy `json:"created_by,omitempty"`
	Href               string     `json:"href,omitempty"`
	Name               string     `json:"name,omitempty"`
	NumVulnerabilities int        `json:"num_vulnerabilities,omitempty"`
	ReportType         string     `json:"report_type,omitempty"`
	ScannedIps         []string   `json:"scanned_ips,omitempty"`
	UpdatedAt          string     `json:"updated_at,omitempty"`
	UpdatedBy          *UpdatedBy `json:"updated_by,omitempty"`
}

VulnerabilityReport represents a vulnerability report in the Illumio PCE

type VulnerabilitySummary added in v1.38.0

type VulnerabilitySummary struct {
	NumVulnerabilities         int                        `json:"num_vulnerabilities,omitempty"`
	MaxVulnerabilityScore      int                        `json:"max_vulnerability_score,omitempty"`
	VulnerabilityScore         int                        `json:"vulnerability_score,omitempty"`
	VulnerablePortExposure     int                        `json:"vulnerable_port_exposure,omitempty"`
	VulnerablePortWideExposure VulnerablePortWideExposure `json:"vulnerable_port_wide_exposure,omitempty"`
	VulnerabilityExposureScore int                        `json:"vulnerability_exposure_score,omitempty"`
}

type VulnerablePortWideExposure added in v1.38.0

type VulnerablePortWideExposure struct {
	Any    bool `json:"any"`
	IPList bool `json:"ip_list"`
}

type WindowsService

type WindowsService struct {
	IcmpCode    int    `json:"icmp_code,omitempty"`
	IcmpType    int    `json:"icmp_type,omitempty"`
	Port        int    `json:"port,omitempty"`
	ProcessName string `json:"process_name,omitempty"`
	Protocol    int    `json:"proto,omitempty"`
	ServiceName string `json:"service_name,omitempty"`
	ToPort      int    `json:"to_port,omitempty"`
}

WindowsService represents port and protocol information for a Windows service

type Workload

type Workload struct {
	Agent                 *Agent                `json:"agent,omitempty"`
	CreatedAt             string                `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy            `json:"created_by,omitempty"`
	DataCenter            *string               `json:"data_center,omitempty"`
	DataCenterZone        string                `json:"data_center_zone,omitempty"`
	DeleteType            string                `json:"delete_type,omitempty"`
	Deleted               *bool                 `json:"deleted,omitempty"`
	DeletedAt             string                `json:"deleted_at,omitempty"`
	DeletedBy             *DeletedBy            `json:"deleted_by,omitempty"`
	Description           *string               `json:"description,omitempty"`
	DistinguishedName     *string               `json:"distinguished_name,omitempty"`
	EnforcementMode       string                `json:"enforcement_mode,omitempty"`
	ExternalDataReference *string               `json:"external_data_reference,omitempty"`
	ExternalDataSet       *string               `json:"external_data_set,omitempty"`
	Hostname              string                `json:"hostname,omitempty"`
	Href                  string                `json:"href,omitempty"`
	IgnoredInterfaceNames *[]string             `json:"ignored_interface_names,omitempty"`
	Interfaces            []*Interface          `json:"interfaces,omitempty"`
	Labels                *[]*Label             `json:"labels,omitempty"` // This breaks the removing all labels
	Name                  string                `json:"name,omitempty"`
	Namespace             string                `json:"namespace,omitempty"` // Only used in Container Workloads
	Online                bool                  `json:"online,omitempty"`
	OsDetail              *string               `json:"os_detail,omitempty"`
	OsID                  *string               `json:"os_id,omitempty"`
	PublicIP              string                `json:"public_ip,omitempty"`
	ServicePrincipalName  *string               `json:"service_principal_name,omitempty"`
	ServiceProvider       string                `json:"service_provider,omitempty"`
	Services              *Services             `json:"services,omitempty"`
	UpdatedAt             string                `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy            `json:"updated_by,omitempty"`
	VEN                   *VEN                  `json:"ven,omitempty"`
	VisibilityLevel       string                `json:"visibility_level,omitempty"`
	VulnerabilitySummary  *VulnerabilitySummary `json:"vulnerability_summary,omitempty"`
}

A Workload represents a workload in the PCE

func (*Workload) ChangeLabel

func (w *Workload) ChangeLabel(pce PCE, targetKey, newValue string) (PCE, error)

ChangeLabel updates a workload struct with new label href. It does not call the Illumio API to update the workload in the PCE. Use pce.UpdateWorkload() or bulk update for that. The method returns the labelMapH in case it needs to create a new label.

func (*Workload) GetApp

func (w *Workload) GetApp(labelMap map[string]Label) Label

GetApp takes a map of labels with the href string as the key and returns the app label for a workload. To get the LabelMap call GetLabelMapH.

func (*Workload) GetAppGroup

func (w *Workload) GetAppGroup(labelMap map[string]Label) string

GetAppGroup returns the app group string of a workload in the format of App | Env. If the workload does not have an app or env label, "NO APP GROUP" is returned. Use GetAppGroupL to include the loc label in the app group.

func (*Workload) GetAppGroupL

func (w *Workload) GetAppGroupL(labelMap map[string]Label) string

GetAppGroupL returns the app group string of a workload in the format of App | Env | Loc. If the workload does not have an app, env, or loc label, "NO APP GROUP" is returned. Use GetAppGroup to only use app and env in App Group.

func (*Workload) GetCIDR

func (w *Workload) GetCIDR(ip string) string

GetCIDR returns the CIDR Block for a workload's IP address The CIDR value is returned as a string (e.g., "/24"). If the CIDR value is not known (e.g., unmanaged workloads) it returns "NA" If the provided IP address is not attached to the workload, GetCIDR returns "NA".

func (*Workload) GetDefaultGW

func (w *Workload) GetDefaultGW() string

GetDefaultGW returns the default gateway for a workload. If the workload does not have a default gateway (many unmanaged workloads) it will return "NA"

func (*Workload) GetEnv

func (w *Workload) GetEnv(labelMap map[string]Label) Label

GetEnv takes a map of labels with the href string as the key and returns the env label for a workload. To get the LabelMap call GetLabelMapH.

func (*Workload) GetIPWithDefaultGW

func (w *Workload) GetIPWithDefaultGW() string

GetIPWithDefaultGW returns the IP address of the interface that has the default gateway If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"

func (*Workload) GetInterfaceName

func (w *Workload) GetInterfaceName(ip string) string

GetInterfaceName returns the interface name for a workload's IP address If the provided IP address is not attached to the workload, GetInterfaceName returns "NA".

func (*Workload) GetLabelByKey added in v1.68.0

func (w *Workload) GetLabelByKey(key string, labelMap map[string]Label) Label

GetLabelByKey returns the label object based on the provided key and label map A blank label is return if the label key is not used on the workload

func (*Workload) GetLoc

func (w *Workload) GetLoc(labelMap map[string]Label) Label

GetLoc takes a map of labels with the href string as the key and returns the loc label for a workload. To get the LabelMap call GetLabelMapH.

func (*Workload) GetMode

func (w *Workload) GetMode() string

GetMode returns the mode of the workloads. The returned value in 20.2 and newer PCEs will be unmanaged, idle, visibility_only, full, or selective. For visibility levels, use the w.GetVisibilityLevel() method.

The returned value in 20.1 and lower PCEs will be unmanaged, idle, build, test, enforced-no, enforced-low, enforced-high. The enforced options represent no logging, low details, and high detail.

func (*Workload) GetNetMask

func (w *Workload) GetNetMask(ip string) string

GetNetMask returns the netmask for a workload's IP address The value is returned as a string (e.g., "255.0.0.0") If the value is not known (e.g., unmanaged workloads) it returns "NA" If the provided IP address is not attached to the workload, GetNetMask returns "NA".

func (*Workload) GetNetMaskWithDefaultGW

func (w *Workload) GetNetMaskWithDefaultGW() string

GetNetMaskWithDefaultGW returns the netmask of the ip address that has the default gateway If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"

func (*Workload) GetNetwork

func (w *Workload) GetNetwork(ip string) string

GetNetwork returns the network of a workload's IP address.

func (*Workload) GetNetworkWithDefaultGateway

func (w *Workload) GetNetworkWithDefaultGateway() string

GetNetworkWithDefaultGateway returns the CIDR notation of the network of the interface with the default gateway. If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"

func (*Workload) GetRole

func (w *Workload) GetRole(labelMap map[string]Label) Label

GetRole takes a map of labels with the href string as the key and returns the role label for a workload. To get the LabelMap call GetLabelMapH.

func (*Workload) GetVisibilityLevel added in v1.26.0

func (w *Workload) GetVisibilityLevel() string

GetVisibilityLevel returns unmanaged, blocked_allowed, blocked, or off.

func (*Workload) HoursSinceLastHeartBeat

func (w *Workload) HoursSinceLastHeartBeat() float64

HoursSinceLastHeartBeat returns the hours since the last beat. -9999 is returned for unmanaged workloads or when it cannot be calculated.

func (*Workload) LabelsMatch

func (w *Workload) LabelsMatch(role, app, env, loc string, labelMap map[string]Label) bool

LabelsMatch checks if the workload matches the provided labels. Blank values ("") for role, app, env, or loc mean no label assigned for that key. A single asterisk (*) can be used to represent any in a particular key. For example, using "*" for role will return true as long as the app, env, and loc match.

func (*Workload) SanitizeBulkUpdate

func (w *Workload) SanitizeBulkUpdate()

SanitizeBulkUpdate removes the properites necessary for a bulk update

func (*Workload) SanitizePut

func (w *Workload) SanitizePut()

SanitizePut removes the necessary properties to update a workload.

func (*Workload) SetMode

func (w *Workload) SetMode(m string) error

SetMode adjusts the workload to reflect the assigned mode. Nothing is changed in the PCE. To reflect the change in the PCE use SetMode method followed by PCE.UpdateWorkload() method.

Valid options in 20.2 and newer PCEs are idle, visibility_only, full, and selective. For visibility levels, use the w.SetVisibilityLevel() method.

Valid options in 20.1 and lower PCEs are idle, build, test, enforced-no, enforced-low, enforced-high. The enforced options represent no logging, low details, and high detail.

func (*Workload) SetVisibilityLevel added in v1.19.0

func (w *Workload) SetVisibilityLevel(v string) error

SetVisibilityLevel adjusts the workload to reflect the assigned visibility level. Nothing is changed in the PCE. To reflect the change in the PCE use SetVisibilityLevel method followed by PCE.UpdateWorkload() method.

Valid options in 20.2 and newer PCEs are flow_summary (blocked_allowed), flow_drops (blocked), flow_off (off), or enhanced_data_collection. The options in paranthesis are the UI values. Both are acceptable.

20.1 PCEs and lower do not use this method.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL