The highest tagged major version is
README
¶
Illumio API Package
Description
Go package to easily interact with the Illumio API.
Example Code
Nearly all functions that interact with your PCE are methods on the PCE type. For example, the code below prints all hostnames:
// Create PCE
pce := illumioapi.PCE{
FQDN: "bep-lab.poc.segmentationpov.com",
Port: 443,
DisableTLSChecking: true}
// Login and ignore error checking for example
pce.Login("brian@email.com", "Password123")
// Get all workloads and ignore error checking for example
wklds, _, _ := pce.GetAllWorkloads()
// Iterate through workloads and print hostname
for _, w := range wklds {
fmt.Println(w.Hostname)
}
Tests and Examples
The illumioapi_test package includes some tests for the package. This can also be referenced for examples on how to use some of the functions. It's not a complete test package.
Documentation
¶
Index ¶
- Variables
- func LabelsToRuleStructure(labels []Label) ([][]Label, error)
- func ParseObjectType(href string) string
- func ProtocolList() map[int]string
- type APIKey
- type APIResponse
- type Actors
- type Agent
- type AgentHealth
- type AgentHealthErrors
- type Authentication
- type BulkResponse
- type ChangeSubset
- type CompatibilityReport
- type Config
- type Consumers
- type ConsumingSecurityPrincipals
- type CreatedBy
- type DeletedBy
- type Destinations
- type DiscoveredVirtualServer
- type Dst
- type EnforcementBoundary
- type Error
- type Exclude
- type ExpSrv
- type ExplorerServices
- type FQDN
- type FirewallSettings
- type FlowUploadResp
- type IPAddress
- type IPList
- type IPRange
- type IPTablesRules
- type IllumioSecurityTemplate
- type IllumioSecurityTemplateFile
- type Include
- type IncraseTrafficUpdateReq
- type IngressServices
- type Interface
- type Label
- type LabelGroup
- type LabelUsage
- type LoadInput
- type Network
- type OpenServicePorts
- type Org
- type PCE
- func (p *PCE) BulkVS(virtualServices []VirtualService, method string) ([]APIResponse, error)
- func (p *PCE) BulkWorkload(workloads []Workload, method string, stdoutLogs bool) ([]APIResponse, error)
- func (p *PCE) CreateADUserGroup(g ConsumingSecurityPrincipals) (ConsumingSecurityPrincipals, APIResponse, error)
- func (p *PCE) CreateEnforcementBoundary(enforcementBoundary EnforcementBoundary) (EnforcementBoundary, APIResponse, error)
- func (p *PCE) CreateIPList(ipList IPList) (IPList, APIResponse, error)
- func (p *PCE) CreateLabel(label Label) (Label, APIResponse, error)
- func (p *PCE) CreateLabelGroup(labelGroup LabelGroup) (LabelGroup, APIResponse, error)
- func (p *PCE) CreatePairingKey(pairingProfile PairingProfile) (PairingKey, APIResponse, error)
- func (p *PCE) CreatePairingProfile(pairingProfile PairingProfile) (APIResponse, error)
- func (p *PCE) CreateRuleSet(rs RuleSet) (RuleSet, APIResponse, error)
- func (p *PCE) CreateRuleSetRule(rulesetHref string, rule Rule) (Rule, APIResponse, error)
- func (p *PCE) CreateService(service Service) (Service, APIResponse, error)
- func (p *PCE) CreateServiceBinding(serviceBindings []ServiceBinding, virtualService VirtualService) ([]ServiceBinding, APIResponse, error)
- func (p *PCE) CreateVirtualService(virtualService VirtualService) (VirtualService, APIResponse, error)
- func (p *PCE) CreateWorkload(workload Workload) (Workload, APIResponse, error)
- func (p *PCE) DeleteHref(href string) (APIResponse, error)
- func (p *PCE) ExpandLabelGroup(href string) (labelHrefs []string)
- func (p *PCE) FindObject(href string) (key, name string, err error)
- func (p *PCE) GetAllADUserGroups() ([]ConsumingSecurityPrincipals, APIResponse, error)
- func (p *PCE) GetAllAPIKeys(userHref string) ([]APIKey, APIResponse, error)
- func (p *PCE) GetAllActiveIPLists() ([]IPList, APIResponse, error)
- func (p *PCE) GetAllDraftIPLists() ([]IPList, APIResponse, error)
- func (p *PCE) GetAllIPLists() ([]IPList, []APIResponse, error)
- func (p *PCE) GetAllLabelGroups(provisionStatus string) ([]LabelGroup, APIResponse, error)
- func (p *PCE) GetAllLabels() ([]Label, APIResponse, error)
- func (p *PCE) GetAllLabelsQP(queryParameters map[string]string) ([]Label, APIResponse, error)
- func (p *PCE) GetAllPairingProfiles() ([]PairingProfile, APIResponse, error)
- func (p *PCE) GetAllPending() (ChangeSubset, APIResponse, error)
- func (p *PCE) GetAllRuleSets(provisionStatus string) ([]RuleSet, APIResponse, error)
- func (p *PCE) GetAllServiceBindings(virtualService VirtualService) ([]ServiceBinding, APIResponse, error)
- func (p *PCE) GetAllServices(provisionStatus string) ([]Service, APIResponse, error)
- func (p *PCE) GetAllVirtualServers(provisionStatus string) ([]VirtualServer, APIResponse, error)
- func (p *PCE) GetAllVirtualServices(queryParameters map[string]string, provisionStatus string) ([]VirtualService, APIResponse, error)
- func (p *PCE) GetAllVulnReports() ([]VulnerabilityReport, APIResponse, error)
- func (p *PCE) GetAllVulns() ([]Vulnerability, APIResponse, error)
- func (p *PCE) GetAllWorkloads() ([]Workload, APIResponse, error)
- func (p *PCE) GetAllWorkloadsQP(queryParameters map[string]string) ([]Workload, APIResponse, error)
- func (p *PCE) GetCompatibilityReport(w Workload) (CompatibilityReport, APIResponse, error)
- func (p *PCE) GetIPList(name string) (IPList, APIResponse, error)
- func (p *PCE) GetLabelbyHref(href string) (Label, APIResponse, error)
- func (p *PCE) GetLabelbyKeyValue(key, value string) (Label, APIResponse, error)
- func (p *PCE) GetRuleSetMapName(provisionStatus string) (map[string]RuleSet, APIResponse, error)
- func (p *PCE) GetTrafficAnalysis(q TrafficQuery) ([]TrafficAnalysis, APIResponse, error)
- func (p *PCE) GetTrafficAnalysisAPI(t TrafficAnalysisRequest) ([]TrafficAnalysis, APIResponse, error)
- func (p *PCE) GetVersion() (Version, error)
- func (p *PCE) GetVirtualServiceByName(name string, provisionStatus string) (VirtualService, APIResponse, error)
- func (p *PCE) GetWkldByHref(href string) (Workload, APIResponse, error)
- func (p *PCE) GetWkldHostMap() (map[string]Workload, APIResponse, error)
- func (p *PCE) GetWkldHrefMap() (map[string]Workload, APIResponse, error)
- func (p *PCE) IncreaseTrafficUpdateRate(wklds []Workload) (APIResponse, error)
- func (p *PCE) IterateTraffic(q TrafficQuery, stdout bool) ([]TrafficAnalysis, error)
- func (p *PCE) IterateTrafficJString(q TrafficQuery, stdout bool) (string, error)
- func (p *PCE) Load(l LoadInput) error
- func (p *PCE) Login(user, password string) (UserLogin, []APIResponse, error)
- func (p *PCE) LoginAPIKey(user, password, name, desc string) (UserLogin, []APIResponse, error)
- func (p *PCE) ProvisionCS(cs ChangeSubset, comment string) (APIResponse, error)
- func (p *PCE) ProvisionHref(hrefs []string, comment string) (APIResponse, error)
- func (p *PCE) UpdateIPList(iplist IPList) (APIResponse, error)
- func (p *PCE) UpdateLabel(label Label) (APIResponse, error)
- func (p *PCE) UpdateLabelGroup(labelGroup LabelGroup) (APIResponse, error)
- func (p *PCE) UpdateRuleSetRules(rule Rule) (APIResponse, error)
- func (p *PCE) UpdateService(service Service) (APIResponse, error)
- func (p *PCE) UpdateVirtualService(virtualService VirtualService) (APIResponse, error)
- func (p *PCE) UpdateWorkload(workload Workload) (APIResponse, error)
- func (p *PCE) UploadTraffic(filename string, headerLine bool) (UploadFlowResults, error)
- func (p *PCE) WorkloadQueryLabelParameter(data [][]string) (string, error)
- func (p *PCE) WorkloadUpgrade(wkldHref, targetVersion string) (APIResponse, error)
- func (p *PCE) WorkloadsUnpair(wklds []Workload, ipTablesRestore string) ([]APIResponse, error)
- type PairingKey
- type PairingProfile
- type PortOverrides
- type PortProtos
- type ProductVersion
- type Providers
- type Provision
- type QualifyTest
- type ResolveLabelsAs
- type Results
- type Rule
- type RuleSet
- type Scopes
- type SecureConnect
- type SecureConnectGateways
- type Service
- type ServiceAddresses
- type ServiceBinding
- type ServicePort
- type Services
- type Sources
- type Src
- type Statements
- type Status
- type SubGroups
- type TimestampRange
- type TrafficAnalysis
- type TrafficAnalysisRequest
- type TrafficQuery
- type Unpair
- type UpdatedBy
- type UploadFlowResults
- type Usage
- type UserLogin
- type VEN
- type Version
- type VirtualServer
- type VirtualServers
- type VirtualService
- type Vulnerability
- type VulnerabilityReport
- type WindowsService
- type Workload
- func (w *Workload) ChangeLabel(pce PCE, targetKey, newValue string) (PCE, error)
- func (w *Workload) GetApp(labelMap map[string]Label) Label
- func (w *Workload) GetAppGroup(labelMap map[string]Label) string
- func (w *Workload) GetAppGroupL(labelMap map[string]Label) string
- func (w *Workload) GetCIDR(ip string) string
- func (w *Workload) GetDefaultGW() string
- func (w *Workload) GetEnv(labelMap map[string]Label) Label
- func (w *Workload) GetIPWithDefaultGW() string
- func (w *Workload) GetInterfaceName(ip string) string
- func (w *Workload) GetLoc(labelMap map[string]Label) Label
- func (w *Workload) GetMode() string
- func (w *Workload) GetNetMask(ip string) string
- func (w *Workload) GetNetMaskWithDefaultGW() string
- func (w *Workload) GetNetwork(ip string) string
- func (w *Workload) GetNetworkWithDefaultGateway() string
- func (w *Workload) GetRole(labelMap map[string]Label) Label
- func (w *Workload) GetVisibilityLevel() string
- func (w *Workload) HoursSinceLastHeartBeat() float64
- func (w *Workload) LabelsMatch(role, app, env, loc string, labelMap map[string]Label) bool
- func (w *Workload) SanitizeBulkUpdate()
- func (w *Workload) SanitizePut()
- func (w *Workload) SetMode(m string) error
- func (w *Workload) SetVisibilityLevel(v string) error
Constants ¶
This section is empty.
Variables ¶
var Threshold int
Threshold is the value set to iterate
Functions ¶
func LabelsToRuleStructure ¶ added in v1.3.0
LabelsToRuleStructure takes a slice of labels and returns a slice of slices for how the labels would be organized as read by the PCE rule processing. For example {"A-ERP", "A-CRM", "E-PROD"} will return [{"A-ERP, E-PROD"}. {"A-CRM", "E-PROD"}]
func ParseObjectType ¶
ParseObjectType takes an href and returns one of the following options: iplist, label, label_group, virtual_service, workload, or unknown.
func ProtocolList ¶
ProtocolList returns a map for the IANA protocol numbers.
Types ¶
type APIKey ¶
type APIKey struct {
Href string `json:"href,omitempty"`
KeyID string `json:"key_id,omitempty"`
AuthUsername string `json:"auth_username,omitempty"`
CreatedAt string `json:"created_at,omitempty"`
Name string `json:"name,omitempty"`
Description string `json:"description,omitempty"`
Secret string `json:"secret,omitempty"`
}
APIKey represents an API Key
type APIResponse ¶
type APIResponse struct {
RespBody string
StatusCode int
Header http.Header
Request *http.Request
ReqBody string
Warnings []string
}
APIResponse contains the information from the response of the API
type Actors ¶
type Actors struct {
Actors string `json:"actors,omitempty"`
Label *Label `json:"label,omitempty"`
LabelGroup *LabelGroup `json:"label_group,omitempty"`
Workload *Workload `json:"workload,omitempty"`
}
Actors - more info to follow
type Agent ¶
type Agent struct {
ActivePceFqdn string `json:"active_pce_fqdn,omitempty"`
Config *Config `json:"config,omitempty"`
Href string `json:"href,omitempty"`
SecureConnect *SecureConnect `json:"secure_connect,omitempty"`
Status *Status `json:"status,omitempty"`
TargetPceFqdn string `json:"target_pce_fqdn,omitempty"`
}
An Agent is an Agent on a Workload
type AgentHealth ¶
type AgentHealth struct {
AuditEvent string `json:"audit_event,omitempty"`
Severity string `json:"severity,omitempty"`
Type string `json:"type,omitempty"`
}
AgentHealth represents the Agent Health of the Status of a Workload
type AgentHealthErrors ¶
type AgentHealthErrors struct {
Errors []string `json:"errors,omitempty"`
Warnings []string `json:"warnings,omitempty"`
}
AgentHealthErrors represents the Agent Health Errors of the Status of a Workload This is depreciated - use AgentHealth
type Authentication ¶
type Authentication struct {
AuthToken string `json:"auth_token"`
}
Authentication represents the response of the Authenticate API
type BulkResponse ¶ added in v1.12.0
type BulkResponse struct {
Href string `json:"href"`
Status string `json:"status"`
Token string `json:"token"`
Message string `json:"message"`
Errors []Error `json:"errors"`
}
BulkResponse is the data structure for the bulk response API
type ChangeSubset ¶
type ChangeSubset struct {
FirewallSettings []*FirewallSettings `json:"firewall_settings,omitempty"`
IPLists []*IPList `json:"ip_lists,omitempty"`
LabelGroups []*LabelGroup `json:"label_groups,omitempty"`
RuleSets []*RuleSet `json:"rule_sets,omitempty"`
SecureConnectGateways []*SecureConnectGateways `json:"secure_connect_gateways,omitempty"`
Services []*Service `json:"services,omitempty"`
VirtualServers []*VirtualServer `json:"virtual_servers,omitempty"`
VirtualServices []*VirtualService `json:"virtual_services,omitempty"`
EnforcementBoundaries []*EnforcementBoundary `json:"enforcement_boundaries,omitempty"`
}
ChangeSubset Hash of pending hrefs, organized by model
type CompatibilityReport ¶
type CompatibilityReport struct {
LastUpdatedAt time.Time `json:"last_updated_at"`
Results Results `json:"results"`
QualifyStatus string `json:"qualify_status"`
}
CompatibilityReport is a compatibility report for a VEN in Idle status
type Config ¶
type Config struct {
LogTraffic bool `json:"log_traffic"`
Mode string `json:"mode,omitempty"`
SecurityPolicyUpdateMode string `json:"security_policy_update_mode,omitempty"`
VisibilityLevel string `json:"visibility_level,omitempty"`
}
Config represents the Configuration of an Agent on a Workload
type Consumers ¶
type Consumers struct {
Actors string `json:"actors,omitempty"`
IPList *IPList `json:"ip_list,omitempty"`
Label *Label `json:"label,omitempty"`
LabelGroup *LabelGroup `json:"label_group,omitempty"`
VirtualService *VirtualService `json:"virtual_service,omitempty"`
Workload *Workload `json:"workload,omitempty"`
}
Consumers - more info to follow
type ConsumingSecurityPrincipals ¶
type ConsumingSecurityPrincipals struct {
Actors []*Actors `json:"actors,omitempty"`
Deleted bool `json:"deleted,omitempty"`
Description string `json:"description,omitempty"`
Enabled bool `json:"enabled,omitempty"`
Href string `json:"href,omitempty"`
IPVersion string `json:"ip_version,omitempty"`
Statements []*Statements `json:"statements,omitempty"`
Name string `json:"name,omitempty"`
SID string `json:"sid,omitempty"`
UsedByRuleSet bool `json:"used_by_ruleset,omitempty"`
}
ConsumingSecurityPrincipals - more info to follow
type CreatedBy ¶
type CreatedBy struct {
Href string `json:"href"`
}
CreatedBy represents the CreatedBy property of an object
type DeletedBy ¶
type DeletedBy struct {
Href string `json:"href,omitempty"`
}
DeletedBy represents the Deleted By property of an object
type Destinations ¶
type Destinations struct {
Include [][]Include `json:"include"`
Exclude []Exclude `json:"exclude"`
}
Destinations represents the destination query portion of the explorer API
type DiscoveredVirtualServer ¶
type DiscoveredVirtualServer struct {
Href string `json:"href"`
}
DiscoveredVirtualServer is part of a Virtual Server
type Dst ¶
type Dst struct {
IP string `json:"ip"`
Workload *Workload `json:"workload,omitempty"`
FQDN string `json:"fqdn,omitempty"`
IPLists *[]*IPList `json:"ip_lists"`
}
Dst is the provider workload details
type EnforcementBoundary ¶ added in v1.25.0
type EnforcementBoundary struct {
Href string `json:"href,omitempty"`
Name string `json:"name,omitempty"`
Providers []Providers `json:"providers,omitempty"`
Consumers []Consumers `json:"consumers,omitempty"`
IngressServices []IngressServices `json:"ingress_services,omitempty"`
}
type Exclude ¶
type Exclude struct {
Label *Label `json:"label,omitempty"`
Workload *Workload `json:"workload,omitempty"`
IPList *IPList `json:"ip_list,omitempty"`
IPAddress *IPAddress `json:"ip_address,omitempty"`
Port int `json:"port,omitempty"`
ToPort int `json:"to_port,omitempty"`
Proto int `json:"proto,omitempty"`
Process string `json:"process_name,omitempty"`
WindowsService string `json:"windows_service_name,omitempty"`
Transmission string `json:"transmission,omitempty"`
}
Exclude represents the type of objects used in an include query. The exclude struct should only have the following combinations: label only, workload only, IP address only, Port and/or protocol only. Example - Label and Workload cannot both be non-nil Example - Port and Proto can both be non-nil (e.g., port 3306 and proto 6)
type ExpSrv ¶
type ExpSrv struct {
Port int `json:"port,omitempty"`
Proto int `json:"proto,omitempty"`
Process string `json:"process_name,omitempty"`
User string `json:"user_name,omitempty"`
WindowsService string `json:"windows_service_name,omitempty"`
}
ExpSrv is a service in the explorer response
type ExplorerServices ¶
type ExplorerServices struct {
Include []Include `json:"include"`
Exclude []Exclude `json:"exclude"`
}
ExplorerServices represent services to be included or excluded in the explorer query
type FirewallSettings ¶
type FirewallSettings struct {
Href string `json:"href"`
}
FirewallSettings are a provisionable object
type FlowUploadResp ¶
type FlowUploadResp struct {
NumFlowsReceived int `json:"num_flows_received"`
NumFlowsFailed int `json:"num_flows_failed"`
FailedFlows []*string `json:"failed_flows,omitempty"`
}
FlowUploadResp is the response from the traffic upload API
type IPAddress ¶
type IPAddress struct {
Value string `json:"value,omitempty"`
}
IPAddress represents an IP Address
type IPList ¶
type IPList struct {
CreatedAt string `json:"created_at,omitempty"`
CreatedBy *CreatedBy `json:"created_by,omitempty"`
DeletedAt string `json:"deleted_at,omitempty"`
DeletedBy *DeletedBy `json:"deleted_by,omitempty"`
Description string `json:"description,omitempty"`
ExternalDataReference string `json:"external_data_reference,omitempty"`
ExternalDataSet string `json:"external_data_set,omitempty"`
FQDNs []*FQDN `json:"fqdns,omitempty"`
Href string `json:"href,omitempty"`
IPRanges []*IPRange `json:"ip_ranges,omitempty"`
Name string `json:"name,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
UpdatedBy *UpdatedBy `json:"updated_by,omitempty"`
Size int `json:"size,omitempty"`
}
IPList represents an IP List in the Illumio PCE.
type IPRange ¶
type IPRange struct {
Description string `json:"description,omitempty"`
Exclusion bool `json:"exclusion,omitempty"`
FromIP string `json:"from_ip,omitempty"`
ToIP string `json:"to_ip,omitempty"`
}
IPRange repsents one of the IP ranges of an IP List.
type IPTablesRules ¶
type IPTablesRules struct {
Actors []*Actors `json:"actors"`
Description string `json:"description,omitempty"`
Enabled bool `json:"enabled"`
Href string `json:"href"`
IPVersion string `json:"ip_version"`
Statements []*Statements `json:"statements"`
}
IPTablesRules - more info to follow
type IllumioSecurityTemplate ¶
type IllumioSecurityTemplate struct {
Name string `json:"name"`
Version int `json:"version"`
OsFamily string `json:"os_family"`
Icon string `json:"icon"`
CompatiblePceVersions []int `json:"compatible_pce_versions"`
Labels []*Label `json:"labels,omitempty"`
IPLists []*IPList `json:"ip_lists,omitempty"`
Services []*Service `json:"services,omitempty"`
}
IllumioSecurityTemplate contains Labels, IP Lists, Services
type IllumioSecurityTemplateFile ¶
type IllumioSecurityTemplateFile struct {
IllumioSecurityTemplates []*IllumioSecurityTemplate `json:"illumio_security_templates"`
}
IllumioSecurityTemplateFile is a file with a slice of templates
func ParseTemplateFile ¶
func ParseTemplateFile(filename string) (IllumioSecurityTemplateFile, error)
ParseTemplateFile imports a JSON template file into the PCE
type Include ¶
type Include struct {
Label *Label `json:"label,omitempty"`
Workload *Workload `json:"workload,omitempty"`
IPList *IPList `json:"ip_list,omitempty"`
IPAddress *IPAddress `json:"ip_address,omitempty"`
Port int `json:"port,omitempty"`
ToPort int `json:"to_port,omitempty"`
Proto int `json:"proto,omitempty"`
Process string `json:"process_name,omitempty"`
WindowsService string `json:"windows_service_name,omitempty"`
}
Include represents the type of objects used in an include query. The include struct should be label only, workload only, IP address only, Port and/or protocol only. Example - Label and Workload cannot both be non-nil Example - Port and Proto can both be non-nil (e.g., port 3306 and proto 6)
type IncraseTrafficUpdateReq ¶ added in v1.27.0
type IncraseTrafficUpdateReq struct {
Workloads []Workload `json:"workloads"`
}
type IngressServices ¶
type IngressServices struct {
Port *int `json:"port,omitempty"`
Protocol *int `json:"proto,omitempty"`
ToPort *int `json:"to_port,omitempty"`
Href *string `json:"href,omitempty"`
}
IngressServices - more info to follow
type Interface ¶
type Interface struct {
Address string `json:"address,omitempty"`
CidrBlock *int `json:"cidr_block,omitempty"`
DefaultGatewayAddress string `json:"default_gateway_address,omitempty"`
FriendlyName string `json:"friendly_name,omitempty"`
LinkState string `json:"link_state,omitempty"`
Name string `json:"name,omitempty"`
}
An Interface represent the Interfaces of a Workload
type Label ¶
type Label struct {
CreatedAt string `json:"created_at,omitempty"`
CreatedBy *CreatedBy `json:"created_by,omitempty"`
Deleted bool `json:"deleted,omitempty"`
ExternalDataReference string `json:"external_data_reference,omitempty"`
ExternalDataSet string `json:"external_data_set,omitempty"`
Href string `json:"href,omitempty"`
Key string `json:"key,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
UpdatedBy *UpdatedBy `json:"updated_by,omitempty"`
Value string `json:"value,omitempty"`
LabelUsage *LabelUsage `json:"usage,omitempty"`
}
A Label represents an Illumio Label.
type LabelGroup ¶
type LabelGroup struct {
Description string `json:"description,omitempty"`
ExternalDataReference string `json:"external_data_reference,omitempty"`
ExternalDataSet string `json:"external_data_set,omitempty"`
Href string `json:"href,omitempty"`
Key string `json:"key,omitempty"`
Labels []*Label `json:"labels,omitempty"`
Name string `json:"name,omitempty"`
SubGroups []*SubGroups `json:"sub_groups,omitempty"`
Usage *Usage `json:"usage,omitempty"`
}
LabelGroup represents a Label Group in the Illumio PCE
type LabelUsage ¶ added in v1.22.0
type LabelUsage struct {
VirtualServer bool `json:"virtual_server"`
LabelGroup bool `json:"label_group"`
Ruleset bool `json:"ruleset"`
StaticPolicyScopes bool `json:"static_policy_scopes"`
PairingProfile bool `json:"pairing_profile"`
Permission bool `json:"permission"`
Workload bool `json:"workload"`
ContainerWorkload bool `json:"container_workload"`
FirewallCoexistenceScope bool `json:"firewall_coexistence_scope"`
ContainersInheritHostPolicyScopes bool `json:"containers_inherit_host_policy_scopes"`
ContainerWorkloadProfile bool `json:"container_workload_profile"`
BlockedConnectionRejectScope bool `json:"blocked_connection_reject_scope"`
EnforcementBoundary bool `json:"enforcement_boundary"`
LoopbackInterfacesInPolicyScopes bool `json:"loopback_interfaces_in_policy_scopes"`
VirtualService bool `json:"virtual_service"`
}
type LoadInput ¶ added in v1.6.0
type LoadInput struct {
ProvisionStatus string // Must be draft or active. Blank value is draft
Labels bool
LabelGroups bool
IPLists bool
Workloads bool
WorkloadsQueryParameters map[string]string
VirtualServices bool
VirtualServers bool
Services bool
ConsumingSecurityPrincipals bool
RuleSets bool
}
LoadInput tells the p.Load method what objects to load
type OpenServicePorts ¶
type OpenServicePorts struct {
Address string `json:"address,omitempty"`
Package string `json:"package,omitempty"`
Port int `json:"port,omitempty"`
ProcessName string `json:"process_name,omitempty"`
Protocol int `json:"protocol,omitempty"`
User string `json:"user,omitempty"`
WinServiceName string `json:"win_service_name,omitempty"`
}
OpenServicePorts represents open ports for a service running on a workload
type Org ¶
type Org struct {
Href string `json:"href"`
DisplayName string `json:"display_name"`
ID int `json:"org_id"`
}
Org is an an organization in a SaaS PCE
type PCE ¶
type PCE struct {
FriendlyName string
FQDN string
Port int
Org int
User string
Key string
DisableTLSChecking bool
LabelsSlice []Label // All labels stored in a slice
Labels map[string]Label // Labels can be looked up by href or key+value (no character between key and value)
LabelGroups map[string]LabelGroup // Label Groups can be looked up by href or name
IPLists map[string]IPList // IP Lists can be looked up by href or name
IPListsSlice []IPList // All IP Lists stored in a slice
Workloads map[string]Workload // Workloads can be looked up by href, hostname, or names
WorkloadsSlice []Workload // All Workloads stored in a slice
VirtualServices map[string]VirtualService // VirtualServices can be looked up by href or name
VirtualServers map[string]VirtualServer // VirtualServers can be looked up by href or name
Services map[string]Service // Services can be looked up by href or name
ServicesSlice []Service // All services stored in a slice
ConsumingSecurityPrincipals map[string]ConsumingSecurityPrincipals // ConsumingSecurityPrincipals can be loooked up by href or name
RuleSets map[string]RuleSet // RuleSets can be looked up by href or name
}
PCE represents an Illumio PCE and the necessary info to authenticate. The policy objects are maps for lookups. ] Each map will have multiple look up keys so the length of the map will be larger than the total objects. For example, each label will be in the map for an HREF and a key value. Policy objects should be called by their corresponding PCE method if you need to iterate or count them (e.g., pce.GetAllLabels)
func (*PCE) BulkVS ¶
func (p *PCE) BulkVS(virtualServices []VirtualService, method string) ([]APIResponse, error)
BulkVS takes a bulk action on an array of workloads. Method must be create, update, or delete
func (*PCE) BulkWorkload ¶
func (p *PCE) BulkWorkload(workloads []Workload, method string, stdoutLogs bool) ([]APIResponse, error)
BulkWorkload takes a bulk action on an array of workloads. Method must be create, update, or delete
func (*PCE) CreateADUserGroup ¶
func (p *PCE) CreateADUserGroup(g ConsumingSecurityPrincipals) (ConsumingSecurityPrincipals, APIResponse, error)
CreateADUserGroup creates a user group policy object in the PCE
func (*PCE) CreateEnforcementBoundary ¶ added in v1.25.0
func (p *PCE) CreateEnforcementBoundary(enforcementBoundary EnforcementBoundary) (EnforcementBoundary, APIResponse, error)
CreateEnforcementBoundary creates a new enforcement boundary in the Illumio PCE
func (*PCE) CreateIPList ¶
func (p *PCE) CreateIPList(ipList IPList) (IPList, APIResponse, error)
CreateIPList creates a new IP List in the Illumio PCE.
The function will not remove properties not in the POST schema (e.g., CreatedAt)
func (*PCE) CreateLabel ¶
func (p *PCE) CreateLabel(label Label) (Label, APIResponse, error)
CreateLabel creates a new Label in the Illumio PCE.
func (*PCE) CreateLabelGroup ¶
func (p *PCE) CreateLabelGroup(labelGroup LabelGroup) (LabelGroup, APIResponse, error)
CreateLabelGroup creates a new Label Group in the Illumio PCE.
The function will remove properties not in the POST schema
func (*PCE) CreatePairingKey ¶
func (p *PCE) CreatePairingKey(pairingProfile PairingProfile) (PairingKey, APIResponse, error)
CreatePairingKey creates a pairing key from a pairing profile.
func (*PCE) CreatePairingProfile ¶
func (p *PCE) CreatePairingProfile(pairingProfile PairingProfile) (APIResponse, error)
CreatePairingProfile creates a new pairing profile in the Illumio PCE.
func (*PCE) CreateRuleSet ¶
func (p *PCE) CreateRuleSet(rs RuleSet) (RuleSet, APIResponse, error)
CreateRuleSet creates a new ruleset in the Illumio PCE
func (*PCE) CreateRuleSetRule ¶
CreateRuleSetRule adds a rule to a RuleSet in the Illumio PCE.
The provided RuleSet struct must include an Href.
func (*PCE) CreateService ¶
func (p *PCE) CreateService(service Service) (Service, APIResponse, error)
CreateService creates a new service in the Illumio PCE
func (*PCE) CreateServiceBinding ¶
func (p *PCE) CreateServiceBinding(serviceBindings []ServiceBinding, virtualService VirtualService) ([]ServiceBinding, APIResponse, error)
CreateServiceBinding binds new workloads to a virtual service
func (*PCE) CreateVirtualService ¶
func (p *PCE) CreateVirtualService(virtualService VirtualService) (VirtualService, APIResponse, error)
CreateVirtualService creates a new virtual service in the Illumio PCE.
func (*PCE) CreateWorkload ¶
func (p *PCE) CreateWorkload(workload Workload) (Workload, APIResponse, error)
CreateWorkload creates a new unmanaged workload in the Illumio PCE
func (*PCE) DeleteHref ¶
func (p *PCE) DeleteHref(href string) (APIResponse, error)
DeleteHref deletes an existing object in the PCE based on its href.
func (*PCE) ExpandLabelGroup ¶
ExpandLabelGroup returns a string of label hrefs in a label group Every subgroup (and nested subgroup) is expanded
func (*PCE) FindObject ¶
FindObject takes an href and returns what it is and the name
func (*PCE) GetAllADUserGroups ¶
func (p *PCE) GetAllADUserGroups() ([]ConsumingSecurityPrincipals, APIResponse, error)
GetAllADUserGroups gets all user groups in the PCE
func (*PCE) GetAllAPIKeys ¶
func (p *PCE) GetAllAPIKeys(userHref string) ([]APIKey, APIResponse, error)
GetAllAPIKeys gets all the APIKeys associated with a user
func (*PCE) GetAllActiveIPLists ¶
func (p *PCE) GetAllActiveIPLists() ([]IPList, APIResponse, error)
GetAllActiveIPLists returns a slice of draft IPLists If there are more than 500 IP Lists, async will run.
func (*PCE) GetAllDraftIPLists ¶
func (p *PCE) GetAllDraftIPLists() ([]IPList, APIResponse, error)
GetAllDraftIPLists returns a slice of draft IPLists If there are more than 500 IP Lists, async will run.
func (*PCE) GetAllIPLists ¶
func (p *PCE) GetAllIPLists() ([]IPList, []APIResponse, error)
GetAllIPLists returns a slice of all IPLists in the PCE. The function combines the query to get draft and active IP Lists. If there are more than 500 of either, async queries will run. The []APIResponse will have two entries - first is for draft, second for active. The HREF will indicate if it's active or draft.
func (*PCE) GetAllLabelGroups ¶
func (p *PCE) GetAllLabelGroups(provisionStatus string) ([]LabelGroup, APIResponse, error)
GetAllLabelGroups returns a slice of all Label Groups of a specific provision status in the Illumio PCE.
The pvoision status must be "draft" or "active". The first call does not use the async option. If the response array length is >=500, it is re-run enabling async.
func (*PCE) GetAllLabels ¶
func (p *PCE) GetAllLabels() ([]Label, APIResponse, error)
GetAllLabels returns a slice of all Labels in the Illumio PCE. The first API call to the PCE does not use the async option. If the array length is >=500, it re-runs with async.
func (*PCE) GetAllLabelsQP ¶ added in v1.22.0
func (*PCE) GetAllPairingProfiles ¶
func (p *PCE) GetAllPairingProfiles() ([]PairingProfile, APIResponse, error)
GetAllPairingProfiles gets all pairing profiles in the Illumio PCE.
func (*PCE) GetAllPending ¶
func (p *PCE) GetAllPending() (ChangeSubset, APIResponse, error)
GetAllPending gets all the items pending provisioning
func (*PCE) GetAllRuleSets ¶
func (p *PCE) GetAllRuleSets(provisionStatus string) ([]RuleSet, APIResponse, error)
GetAllRuleSets returns a slice of Rulesets for all RuleSets in the Illumio PCE
func (*PCE) GetAllServiceBindings ¶
func (p *PCE) GetAllServiceBindings(virtualService VirtualService) ([]ServiceBinding, APIResponse, error)
GetAllServiceBindings returns a slice of all workload bindings for a virtual service.
The first call does not use the async option. If the response array length is >=500, it is re-run enabling async.
func (*PCE) GetAllServices ¶
func (p *PCE) GetAllServices(provisionStatus string) ([]Service, APIResponse, error)
GetAllServices returns a slice of Services for each Service in the Illumio PCE. provisionStatus must either be "draft" or "active". The first API call to the PCE does not use the async option. If the array length is >=500, it re-runs with async.
func (*PCE) GetAllVirtualServers ¶
func (p *PCE) GetAllVirtualServers(provisionStatus string) ([]VirtualServer, APIResponse, error)
GetAllVirtualServers returns a slice of virtual servers in the Illumio PCE. provisionStatus must be "draft" or "active" The first API call to the PCE does not use the async option. If the array length is >=500, it re-runs with async.
func (*PCE) GetAllVirtualServices ¶
func (p *PCE) GetAllVirtualServices(queryParameters map[string]string, provisionStatus string) ([]VirtualService, APIResponse, error)
GetAllVirtualServices returns a slice of all Virtual services of a specific provision status in the Illumio PCE.
The queryParameters are map["parameter"]="value" (e.g., queryParameters["name"]="name123") The provision status must be "draft" or "active". The first call does not use the async option. If the response array length is >=500, it is re-run enabling async.
func (*PCE) GetAllVulnReports ¶
func (p *PCE) GetAllVulnReports() ([]VulnerabilityReport, APIResponse, error)
GetAllVulnReports returns a slice of all Vulnerability Reports in the Illumio PCE. The first call does not use the async option. If the response slice length is >=500, it is re-run enabling async.
func (*PCE) GetAllVulns ¶
func (p *PCE) GetAllVulns() ([]Vulnerability, APIResponse, error)
GetAllVulns returns a slice of all Vulnerabilities in the Illumio PCE. The first call does not use the async option. If the response slice length is >=500, it is re-run enabling async.
func (*PCE) GetAllWorkloads ¶
func (p *PCE) GetAllWorkloads() ([]Workload, APIResponse, error)
GetAllWorkloads returns an slice of workloads in the Illumio PCE. The first API call to the PCE does not use the async option. If the array length is >=500, it re-runs with async.
func (*PCE) GetAllWorkloadsQP ¶
GetAllWorkloadsQP returns a slice of workloads in the Illumio PCE. The first API call to the PCE does not use the async option. If the array length is >=500, it re-runs with async. QueryParameters can be passed as a map of [key]=vale
func (*PCE) GetCompatibilityReport ¶
func (p *PCE) GetCompatibilityReport(w Workload) (CompatibilityReport, APIResponse, error)
GetCompatibilityReport returns the compatibility report for a VEN
func (*PCE) GetIPList ¶
func (p *PCE) GetIPList(name string) (IPList, APIResponse, error)
GetIPList queries returns the IP List based on name. Provisioned IP lists checked before draft
func (*PCE) GetLabelbyHref ¶
func (p *PCE) GetLabelbyHref(href string) (Label, APIResponse, error)
GetLabelbyHref returns a label based on the provided HREF.
func (*PCE) GetLabelbyKeyValue ¶
func (p *PCE) GetLabelbyKeyValue(key, value string) (Label, APIResponse, error)
GetLabelbyKeyValue finds a label based on the key and value. It will only return one Label that is an exact match.
func (*PCE) GetRuleSetMapName ¶
GetRuleSetMapName returns a map of all rulesets with the name as a key
func (*PCE) GetTrafficAnalysis ¶
func (p *PCE) GetTrafficAnalysis(q TrafficQuery) ([]TrafficAnalysis, APIResponse, error)
GetTrafficAnalysis gets flow data from Explorer.
func (*PCE) GetTrafficAnalysisAPI ¶ added in v1.6.0
func (p *PCE) GetTrafficAnalysisAPI(t TrafficAnalysisRequest) ([]TrafficAnalysis, APIResponse, error)
GetTrafficAnalysisAPI gets flow data from Explorer.
func (*PCE) GetVersion ¶
GetVersion returns the version of the PCE
func (*PCE) GetVirtualServiceByName ¶
func (p *PCE) GetVirtualServiceByName(name string, provisionStatus string) (VirtualService, APIResponse, error)
GetVirtualServiceByName returns a single Virtual Service that matches the name Using the queryParameters in GetAllVirtualServices reports partial matches on name values This method only returns a single value for exact match.
func (*PCE) GetWkldByHref ¶
func (p *PCE) GetWkldByHref(href string) (Workload, APIResponse, error)
GetWkldByHref returns the workload with a specific href
func (*PCE) GetWkldHostMap ¶
func (p *PCE) GetWkldHostMap() (map[string]Workload, APIResponse, error)
GetWkldHostMap returns a map of all workloads with the hostname as the key.
func (*PCE) GetWkldHrefMap ¶
func (p *PCE) GetWkldHrefMap() (map[string]Workload, APIResponse, error)
GetWkldHrefMap returns a map of all workloads with the Href as the key.
func (*PCE) IncreaseTrafficUpdateRate ¶ added in v1.27.0
func (p *PCE) IncreaseTrafficUpdateRate(wklds []Workload) (APIResponse, error)
IncreaseTrafficUpdateRate increases the VEN traffic update rate
func (*PCE) IterateTraffic ¶
func (p *PCE) IterateTraffic(q TrafficQuery, stdout bool) ([]TrafficAnalysis, error)
IterateTraffic returns an array of traffic analysis . The iterative query starts by running a blank explorer query. If the results are over 90K, it queries again by TCP, UDP, and other. If either protocol-specific query is over 90K, it queries again by TCP and UDP port.
func (*PCE) IterateTrafficJString ¶
func (p *PCE) IterateTrafficJString(q TrafficQuery, stdout bool) (string, error)
IterateTrafficJString returns the combined JSON output from an iterative exlplorer query. The iterative query starts by running a blank explorer query. If the results are over threshold, it queries again by TCP, UDP, and other. If either protocol-specific query is over 90K, it queries again by TCP and UDP port.
func (*PCE) Login ¶
func (p *PCE) Login(user, password string) (UserLogin, []APIResponse, error)
Login authenticates to the PCE. Login will populate the User, Key, and Org fields in the PCE instance. Login will use a temporary session token that expires after 10 minutes.
func (*PCE) LoginAPIKey ¶
func (p *PCE) LoginAPIKey(user, password, name, desc string) (UserLogin, []APIResponse, error)
LoginAPIKey authenticates to the PCE. Login will populate the User, Key, and Org fields in the PCE instance. LoginAPIKey will create a permanent API Key with the provided name and description fields.
func (*PCE) ProvisionCS ¶
func (p *PCE) ProvisionCS(cs ChangeSubset, comment string) (APIResponse, error)
ProvisionCS provisions a ChangeSubset
func (*PCE) ProvisionHref ¶
func (p *PCE) ProvisionHref(hrefs []string, comment string) (APIResponse, error)
ProvisionHref provisions a slice of HREFs
func (*PCE) UpdateIPList ¶
func (p *PCE) UpdateIPList(iplist IPList) (APIResponse, error)
UpdateIPList updates an existing IP List in the Illumio PCE.
The provided IPList struct must include an Href. The function will remove properties not included in the PUT schema.
func (*PCE) UpdateLabel ¶
func (p *PCE) UpdateLabel(label Label) (APIResponse, error)
UpdateLabel updates an existing label in the Illumio PCE. The provided label struct must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdateLabelGroup ¶
func (p *PCE) UpdateLabelGroup(labelGroup LabelGroup) (APIResponse, error)
UpdateLabelGroup updates an existing Label Group in the Illumio PCE.
The provided Label Group struct must include an Href. The function will remove properties not included in the PUT schema.
func (*PCE) UpdateRuleSetRules ¶
func (p *PCE) UpdateRuleSetRules(rule Rule) (APIResponse, error)
UpdateRuleSetRules updates a rule in the Illumio PCE.
The provided Rule struct must include an Href. The function will remove properties not included in the PUT schema.
func (*PCE) UpdateService ¶
func (p *PCE) UpdateService(service Service) (APIResponse, error)
UpdateService updates an existing service object in the Illumio PCE
func (*PCE) UpdateVirtualService ¶
func (p *PCE) UpdateVirtualService(virtualService VirtualService) (APIResponse, error)
UpdateVirtualService updates an existing virtual service in the Illumio PCE.
The provided Virtual Service struct must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdateWorkload ¶
func (p *PCE) UpdateWorkload(workload Workload) (APIResponse, error)
UpdateWorkload updates an existing workload in the Illumio PCE The provided workload struct must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UploadTraffic ¶
func (p *PCE) UploadTraffic(filename string, headerLine bool) (UploadFlowResults, error)
UploadTraffic uploads a csv to the PCE with traffic flows. filename should be the path to a csv file with 4 cols: src_ip, dst_ip, port, protocol (IANA numerical format 6=TCP, 17=UDP) When headerLine = true, the first line of the CSV is skipped. If there are more than 999 entries in the CSV, it creates chunks of 999
func (*PCE) WorkloadQueryLabelParameter ¶ added in v1.14.0
WorkloadQueryLabelParameter takes [][]string (example for after parsing a CSV). The first slice must be the label key headers: role, app, env, and loc Each inner slice is an "AND" query The slices are pieces together using "OR" The PCE must be loaded with the labels
func (*PCE) WorkloadUpgrade ¶
func (p *PCE) WorkloadUpgrade(wkldHref, targetVersion string) (APIResponse, error)
WorkloadUpgrade upgrades the VEN version on the workload
func (*PCE) WorkloadsUnpair ¶
func (p *PCE) WorkloadsUnpair(wklds []Workload, ipTablesRestore string) ([]APIResponse, error)
WorkloadsUnpair unpairs workloads. There is no limit to the length of []Workloads. The method chunks the API calls into groups of 1,000 to conform to the Illumio API.
type PairingKey ¶
type PairingKey struct {
ActivationCode string `json:"activation_code,omitempty"`
}
PairingKey represents a VEN pairing key
type PairingProfile ¶
type PairingProfile struct {
AllowedUsesPerKey string `json:"allowed_uses_per_key,omitempty"`
AppLabelLock bool `json:"app_label_lock"`
CreatedAt string `json:"created_at,omitempty"`
CreatedBy *CreatedBy `json:"created_by,omitempty"`
Description string `json:"description,omitempty"`
Enabled bool `json:"enabled"`
EnvLabelLock bool `json:"env_label_lock"`
ExternalDataReference string `json:"external_data_reference,omitempty"`
ExternalDataSet string `json:"external_data_set,omitempty"`
Href string `json:"href,omitempty"`
IsDefault bool `json:"is_default,omitempty"`
KeyLifespan string `json:"key_lifespan,omitempty"`
Labels []*Label `json:"labels,omitempty"`
LastPairingAt string `json:"last_pairing_at,omitempty"`
LocLabelLock bool `json:"loc_label_lock"`
LogTraffic bool `json:"log_traffic"`
LogTrafficLock bool `json:"log_traffic_lock"`
Mode string `json:"mode,omitempty"`
ModeLock bool `json:"mode_lock"`
Name string `json:"name,omitempty"`
RoleLabelLock bool `json:"role_label_lock"`
TotalUseCount int `json:"total_use_count,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
UpdatedBy *UpdatedBy `json:"updated_by,omitempty"`
VisibilityLevel string `json:"visibility_level,omitempty"`
VisibilityLevelLock bool `json:"visibility_level_lock"`
}
PairingProfile represents a pairing profile in the Illumio PCE
type PortOverrides ¶
type PortOverrides struct {
Port int `json:"port"`
Proto int `json:"proto"`
NewPort int `json:"new_port"`
}
PortOverrides override a port on a virtual service binding.
type PortProtos ¶
PortProtos represents the ports and protocols query portion of the exporer API
type ProductVersion ¶
type ProductVersion struct {
Build int `json:"build,omitempty"`
EngineeringInfo string `json:"engineering_info,omitempty"`
LongDisplay string `json:"long_display,omitempty"`
ReleaseInfo string `json:"release_info,omitempty"`
ShortDisplay string `json:"short_display,omitempty"`
Version string `json:"version,omitempty"`
}
ProductVersion represents the version of the product
type Providers ¶
type Providers struct {
Actors string `json:"actors,omitempty"`
IPList *IPList `json:"ip_list,omitempty"`
Label *Label `json:"label,omitempty"`
LabelGroup *LabelGroup `json:"label_group,omitempty"`
VirtualServer *VirtualServer `json:"virtual_server,omitempty"`
VirtualService *VirtualService `json:"virtual_service,omitempty"`
Workload *Workload `json:"workload,omitempty"`
}
Providers - more info to follow
type Provision ¶
type Provision struct {
ChangeSubset *ChangeSubset `json:"change_subset,omitempty"`
UpdateDescription string `json:"update_description,omitempty"`
}
Provision is sent to the PCE to provision policy objects
type QualifyTest ¶
type QualifyTest struct {
Status *string `json:"status"`
IpsecServiceEnabled *string `json:"ipsec_service_enabled"` // Using a string to differentiate between false and empty
Ipv4ForwardingEnabled *string `json:"ipv4_forwarding_enabled"`
Ipv4ForwardingPktCnt *string `json:"ipv4_forwarding_pkt_cnt"`
IptablesRuleCnt *string `json:"iptables_rule_cnt"`
Ipv6GlobalScope *string `json:"ipv6_global_scope"`
Ipv6ActiveConnCnt *string `json:"ipv6_active_conn_cnt"`
IP6TablesRuleCnt *string `json:"ip6tables_rule_cnt"`
RoutingTableConflict *string `json:"routing_table_conflict"`
IPv6Enabled *string `json:"IPv6_enabled"`
UnwantedNics *string `json:"Unwanted_nics"`
GroupPolicy *string `json:"Group_policy"`
RequiredPackagesInstalled *string `json:"required_packages_installed"` // Using a string to differentiate between false and empty
RequiredPackagesMissing *[]string `json:"required_packages_missing"`
}
QualifyTest is part of compatibility report
type ResolveLabelsAs ¶
type ResolveLabelsAs struct {
Consumers []string `json:"consumers"`
Providers []string `json:"providers"`
}
ResolveLabelsAs - more info to follow
type Results ¶
type Results struct {
QualifyTests []QualifyTest `json:"qualify_tests"`
}
Results are the list of qualify tests
type Rule ¶
type Rule struct {
CreatedAt string `json:"created_at,omitempty"`
CreatedBy *CreatedBy `json:"created_by,omitempty"`
DeletedAt string `json:"deleted_at,omitempty"`
DeletedBy *DeletedBy `json:"deleted_by,omitempty"`
Consumers []*Consumers `json:"consumers,omitempty"`
ConsumingSecurityPrincipals []*ConsumingSecurityPrincipals `json:"consuming_security_principals,omitempty"`
Description string `json:"description,omitempty"`
Enabled *bool `json:"enabled,omitempty"`
ExternalDataReference string `json:"external_data_reference,omitempty"`
ExternalDataSet string `json:"external_data_set,omitempty"`
Href string `json:"href,omitempty"`
IngressServices *[]*IngressServices `json:"ingress_services,omitempty"`
Providers []*Providers `json:"providers,omitempty"`
ResolveLabelsAs *ResolveLabelsAs `json:"resolve_labels_as,omitempty"`
SecConnect *bool `json:"sec_connect,omitempty"`
Stateless *bool `json:"stateless,omitempty"`
MachineAuth *bool `json:"machine_auth,omitempty"`
UnscopedConsumers *bool `json:"unscoped_consumers,omitempty"`
UpdateType string `json:"update_type,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
UpdatedBy *UpdatedBy `json:"updated_by,omitempty"`
}
Rule - more info to follow
func (*Rule) GetRuleSetHrefFromRuleHref ¶
GetRuleSetHrefFromRuleHref returns the href of a ruleset based on the rule's href
type RuleSet ¶
type RuleSet struct {
CreatedAt string `json:"created_at,omitempty"`
CreatedBy *CreatedBy `json:"created_by,omitempty"`
DeletedAt string `json:"deleted_at,omitempty"`
DeletedBy *DeletedBy `json:"deleted_by,omitempty"`
Description string `json:"description,omitempty"`
Enabled *bool `json:"enabled,omitempty"`
ExternalDataReference string `json:"external_data_reference,omitempty"`
ExternalDataSet string `json:"external_data_set,omitempty"`
Href string `json:"href,omitempty"`
IPTablesRules []*IPTablesRules `json:"ip_tables_rules,omitempty"`
Name string `json:"name,omitempty"`
Rules []*Rule `json:"rules,omitempty"`
Scopes [][]*Scopes `json:"scopes,omitempty"`
UpdateType string `json:"update_type,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
UpdatedBy *UpdatedBy `json:"updated_by,omitempty"`
}
RuleSet - more info to follow
type Scopes ¶
type Scopes struct {
Label *Label `json:"label,omitempty"`
LabelGroup *LabelGroup `json:"label_group,omitempty"`
}
Scopes - more info to follow
type SecureConnect ¶
type SecureConnect struct {
MatchingIssuerName string `json:"matching_issuer_name,omitempty"`
}
SecureConnect represents SecureConnect for an Agent on a Workload
type SecureConnectGateways ¶
type SecureConnectGateways struct {
Href string `json:"href"`
}
SecureConnectGateways represent SecureConnectGateways in provisioning
type Service ¶
type Service struct {
CreatedAt string `json:"created_at,omitempty"`
CreatedBy *CreatedBy `json:"created_by,omitempty"`
DeletedAt string `json:"deleted_at,omitempty"`
DeletedBy *DeletedBy `json:"deleted_by,omitempty"`
Description string `json:"description,omitempty"`
DescriptionURL string `json:"description_url,omitempty"`
ExternalDataReference string `json:"external_data_reference,omitempty"`
ExternalDataSet string `json:"external_data_set,omitempty"`
Href string `json:"href,omitempty"`
Name string `json:"name"`
ProcessName string `json:"process_name,omitempty"`
ServicePorts []*ServicePort `json:"service_ports,omitempty"`
UpdateType string `json:"update_type,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
UpdatedBy *UpdatedBy `json:"updated_by,omitempty"`
WindowsServices []*WindowsService `json:"windows_services,omitempty"`
}
Service represent a service in the Illumio PCE
func (*Service) ParseService ¶
ParseService returns a slice of WindowsServices and ServicePorts from an Illumio service object
func (*Service) ToExplorer ¶ added in v1.6.0
ToExplorer takes a service and returns an explorer query include and exclude
type ServiceAddresses ¶
type ServiceAddresses struct {
IP string `json:"ip,omitempty"`
Network *Network `json:"network,omitempty"`
Fqdn string `json:"fqdn,omitempty"`
Description string `json:"description,omitempty"`
}
ServiceAddresses are FQDNs for Virtual Services
type ServiceBinding ¶
type ServiceBinding struct {
Href string `json:"href,omitempty"`
VirtualService VirtualService `json:"virtual_service"`
Workload Workload `json:"workload"`
PortOverrides []PortOverrides `json:"port_overrides,omitempty"`
}
A ServiceBinding binds a worklad to a Virtual Service
type ServicePort ¶
type ServicePort struct {
IcmpCode int `json:"icmp_code,omitempty"`
IcmpType int `json:"icmp_type,omitempty"`
ID int `json:"id,omitempty"`
Port int `json:"port,omitempty"`
Protocol int `json:"proto,omitempty"`
ToPort int `json:"to_port,omitempty"`
}
ServicePort represent port and protocol information for a non-Windows service
type Services ¶
type Services struct {
CreatedAt string `json:"created_at,omitempty"`
OpenServicePorts []*OpenServicePorts `json:"open_service_ports,omitempty"`
UptimeSeconds int `json:"uptime_seconds,omitempty"`
}
Services represent the Services running on a Workload
type Src ¶
type Src struct {
IP string `json:"ip"`
Workload *Workload `json:"workload,omitempty"`
FQDN string `json:"fqdn,omitempty"`
IPLists *[]*IPList `json:"ip_lists"`
}
Src is the consumer workload details
type Statements ¶
type Statements struct {
ChainName string `json:"chain_name"`
Parameters string `json:"parameters"`
TableName string `json:"table_name"`
}
Statements are part of a custom IPTables rule
type Status ¶
type Status struct {
AgentHealth []*AgentHealth `json:"agent_health,omitempty"`
AgentHealthErrors *AgentHealthErrors `json:"agent_health_errors,omitempty"`
AgentVersion string `json:"agent_version,omitempty"`
FirewallRuleCount int `json:"firewall_rule_count,omitempty"`
FwConfigCurrent bool `json:"fw_config_current,omitempty"`
InstanceID string `json:"instance_id,omitempty"`
LastHeartbeatOn string `json:"last_heartbeat_on,omitempty"`
ManagedSince string `json:"managed_since,omitempty"`
SecurityPolicyAppliedAt string `json:"security_policy_applied_at,omitempty"`
SecurityPolicyReceivedAt string `json:"security_policy_received_at,omitempty"`
SecurityPolicyRefreshAt string `json:"security_policy_refresh_at,omitempty"`
SecurityPolicySyncState string `json:"security_policy_sync_state,omitempty"`
Status string `json:"status,omitempty"`
UID string `json:"uid,omitempty"`
UptimeSeconds int `json:"uptime_seconds,omitempty"`
}
Status represents the Status of an Agent on a Workload
type TimestampRange ¶
type TimestampRange struct {
FirstDetected string `json:"first_detected"`
LastDetected string `json:"last_detected"`
}
TimestampRange is used to limit queries ranges for the flow detected
type TrafficAnalysis ¶
type TrafficAnalysis struct {
Dst *Dst `json:"dst"`
NumConnections int `json:"num_connections"`
PolicyDecision string `json:"policy_decision"`
ExpSrv *ExpSrv `json:"service"`
Src *Src `json:"src"`
TimestampRange *TimestampRange `json:"timestamp_range"`
Transmission string `json:"transmission"`
}
TrafficAnalysis represents the response from the explorer API
func DedupeExplorerTraffic ¶
func DedupeExplorerTraffic(first, second []TrafficAnalysis) []TrafficAnalysis
DedupeExplorerTraffic takes two traffic responses and returns a de-duplicated result set
type TrafficAnalysisRequest ¶
type TrafficAnalysisRequest struct {
Sources Sources `json:"sources"`
Destinations Destinations `json:"destinations"`
ExplorerServices ExplorerServices `json:"services"`
StartDate time.Time `json:"start_date,omitempty"`
EndDate time.Time `json:"end_date,omitempty"`
PolicyDecisions []string `json:"policy_decisions"`
MaxResults int `json:"max_results,omitempty"`
SourcesDestinationsQueryOp string `json:"sources_destinations_query_op,omitempty"`
}
TrafficAnalysisRequest represents the payload object for the traffic analysis POST request
type TrafficQuery ¶
type TrafficQuery struct {
SourcesInclude [][]string
SourcesExclude []string
DestinationsInclude [][]string
DestinationsExclude []string
// PortProtoInclude and PortProtoExclude entries should be in the format of [port, protocol]
// Example [80, 6] is Port 80 TCP.
PortProtoInclude [][2]int
PortProtoExclude [][2]int
// PortRangeInclude and PortRangeExclude entries should be of the format [fromPort, toPort, protocol]
// Example - [1000, 2000, 6] is Ports 1000-2000 TCP.
PortRangeInclude [][3]int
PortRangeExclude [][3]int
ProcessInclude []string
WindowsServiceInclude []string
ProcessExclude []string
WindowsServiceExclude []string
StartTime time.Time
EndTime time.Time
PolicyStatuses []string
MaxFLows int
TransmissionExcludes []string // Example: []string{"broadcast", "multicast"} will only get unicast traffic
QueryOperator string // Value should be "and" or "or". "and" is used by default
}
TrafficQuery is the struct to be passed to the GetTrafficAnalysis function
type Unpair ¶
type Unpair struct {
Workloads []Workload `json:"workloads"`
IPTableRestore string `json:"ip_table_restore"`
}
Unpair is the payload for using the API to unpair workloads.
type UpdatedBy ¶
type UpdatedBy struct {
Href string `json:"href"`
}
UpdatedBy represents the UpdatedBy property of an object
type UploadFlowResults ¶
type UploadFlowResults struct {
FlowResps []FlowUploadResp
APIResps []APIResponse
TotalFlowsInCSV int
}
UploadFlowResults is the struct returned to the user when using the pce.UploadTraffic() method
type Usage ¶
type Usage struct {
LabelGroup bool `json:"label_group"`
Rule bool `json:"rule"`
Ruleset bool `json:"ruleset"`
StaticPolicyScopes bool `json:"static_policy_scopes,omitempty"`
}
Usage covers how a LabelGroup is used in the PCE
type UserLogin ¶
type UserLogin struct {
AuthUsername string `json:"auth_username,omitempty"`
FullName string `json:"full_name,omitempty"`
Href string `json:"href,omitempty"`
InactivityExpirationMinutes int `json:"inactivity_expiration_minutes,omitempty"`
LastLoginIPAddress string `json:"last_login_ip_address,omitempty"`
LastLoginOn string `json:"last_login_on,omitempty"`
ProductVersion *ProductVersion `json:"product_version,omitempty"`
SessionToken string `json:"session_token,omitempty"`
TimeZone string `json:"time_zone,omitempty"`
Type string `json:"type,omitempty"`
Orgs []*Org `json:"orgs,omitempty"`
}
UserLogin represents a user logging in via password to get a session key
type Version ¶
type Version struct {
Version string `json:"version"`
Build int `json:"build"`
LongDisplay string `json:"long_display"`
ShortDisplay string `json:"short_display"`
Major int
Minor int
Patch int
}
Version represents the version of the PCE
type VirtualServer ¶
type VirtualServer struct {
Href string `json:"href,omitempty"`
CreatedAt string `json:"created_at,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
DeletedAt string `json:"deleted_at,omitempty"`
CreatedBy *CreatedBy `json:"created_by,omitempty"`
UpdatedBy *UpdatedBy `json:"updated_by,omitempty"`
DeletedBy *DeletedBy `json:"deleted_by,omitempty"`
Name string `json:"name,omitempty"`
Description string `json:"description,omitempty"`
DiscoveredVirtualServer *DiscoveredVirtualServer `json:"discovered_virtual_server,omitempty"`
DvsName string `json:"dvs_name,omitempty"`
DvsIdentifier string `json:"dvs_identifier,omitempty"`
Labels []*Label `json:"labels,omitempty"`
Service *Service `json:"service,omitempty"`
Providers []interface{} `json:"providers,omitempty"`
Mode string `json:"mode,omitempty"`
}
VirtualServer represents a VirtualServer in the PCE
type VirtualServers ¶
type VirtualServers struct {
Href string `json:"href"`
}
VirtualServers reresent virtual servers in provisioning
type VirtualService ¶
type VirtualService struct {
ApplyTo string `json:"apply_to,omitempty"`
CreatedAt string `json:"created_at,omitempty"`
CreatedBy *CreatedBy `json:"created_by,omitempty"`
DeletedAt string `json:"deleted_at,omitempty"`
DeletedBy *DeletedBy `json:"deleted_by,omitempty"`
Description string `json:"description,omitempty"`
ExternalDataReference string `json:"external_data_reference,omitempty"`
ExternalDataSet string `json:"external_data_set,omitempty"`
Href string `json:"href,omitempty"`
IPOverrides []string `json:"ip_overrides,omitempty"`
Labels []*Label `json:"labels,omitempty"`
Name string `json:"name,omitempty"`
PceFqdn string `json:"pce_fqdn,omitempty"`
Service *Service `json:"service,omitempty"`
ServiceAddresses []*ServiceAddresses `json:"service_addresses,omitempty"`
ServicePorts []*ServicePort `json:"service_ports,omitempty"`
UpdateType string `json:"update_type,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
UpdatedBy *UpdatedBy `json:"updated_by,omitempty"`
}
A VirtualService represents a Virtual Service in the Illumio PCE
func (*VirtualService) Sanitize ¶
func (vs *VirtualService) Sanitize()
Sanitize removes fields for an update
func (*VirtualService) SetActive ¶
func (vs *VirtualService) SetActive() VirtualService
SetActive changes the HREF of the Virtual Service Object to Active
type Vulnerability ¶
type Vulnerability struct {
CreatedAt string `json:"created_at,omitempty"`
CreatedBy *CreatedBy `json:"created_by,omitempty"`
CveIds []string `json:"cve_ids,omitempty"`
Description string `json:"description,omitempty"`
Href string `json:"href,omitempty"`
Name string `json:"name,omitempty"`
Score int `json:"score,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
UpdatedBy *UpdatedBy `json:"updated_by,omitempty"`
}
Vulnerability represents a vulnerability in the Illumio PCE
type VulnerabilityReport ¶
type VulnerabilityReport struct {
Authoritative bool `json:"authoritative,omitempty"`
CreatedAt string `json:"created_at,omitempty"`
CreatedBy *CreatedBy `json:"created_by,omitempty"`
Href string `json:"href,omitempty"`
Name string `json:"name,omitempty"`
NumVulnerabilities int `json:"num_vulnerabilities,omitempty"`
ReportType string `json:"report_type,omitempty"`
ScannedIps []string `json:"scanned_ips,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
UpdatedBy *UpdatedBy `json:"updated_by,omitempty"`
}
VulnerabilityReport represents a vulnerability report in the Illumio PCE
type WindowsService ¶
type WindowsService struct {
IcmpCode int `json:"icmp_code,omitempty"`
IcmpType int `json:"icmp_type,omitempty"`
Port int `json:"port,omitempty"`
ProcessName string `json:"process_name,omitempty"`
Protocol int `json:"proto,omitempty"`
ServiceName string `json:"service_name,omitempty"`
ToPort int `json:"to_port,omitempty"`
}
WindowsService represents port and protocol information for a Windows service
type Workload ¶
type Workload struct {
Agent *Agent `json:"agent,omitempty"`
CreatedAt string `json:"created_at,omitempty"`
CreatedBy *CreatedBy `json:"created_by,omitempty"`
DataCenter string `json:"data_center,omitempty"`
DataCenterZone string `json:"data_center_zone,omitempty"`
DeleteType string `json:"delete_type,omitempty"`
Deleted *bool `json:"deleted,omitempty"`
DeletedAt string `json:"deleted_at,omitempty"`
DeletedBy *DeletedBy `json:"deleted_by,omitempty"`
Description string `json:"description,omitempty"`
DistinguishedName string `json:"distinguished_name,omitempty"`
EnforcementMode string `json:"enforcement_mode,omitempty"`
ExternalDataReference string `json:"external_data_reference,omitempty"`
ExternalDataSet string `json:"external_data_set,omitempty"`
Hostname string `json:"hostname,omitempty"`
Href string `json:"href,omitempty"`
IgnoredInterfaceNames *[]string `json:"ignored_interface_names,omitempty"`
Interfaces []*Interface `json:"interfaces,omitempty"`
Labels *[]*Label `json:"labels,omitempty"` // This breaks the removing all labels
Name string `json:"name,omitempty"`
Online bool `json:"online,omitempty"`
OsDetail string `json:"os_detail,omitempty"`
OsID string `json:"os_id,omitempty"`
PublicIP string `json:"public_ip,omitempty"`
ServicePrincipalName string `json:"service_principal_name,omitempty"`
ServiceProvider string `json:"service_provider,omitempty"`
Services *Services `json:"services,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
UpdatedBy *UpdatedBy `json:"updated_by,omitempty"`
VEN *VEN `json:"ven,omitempty"`
VisibilityLevel string `json:"visibility_level,omitempty"`
}
A Workload represents a workload in the PCE
func (*Workload) ChangeLabel ¶
ChangeLabel updates a workload struct with new label href. It does not call the Illumio API to update the workload in the PCE. Use pce.UpdateWorkload() or bulk update for that. The method returns the labelMapH in case it needs to create a new label.
func (*Workload) GetApp ¶
GetApp takes a map of labels with the href string as the key and returns the app label for a workload. To get the LabelMap call GetLabelMapH.
func (*Workload) GetAppGroup ¶
GetAppGroup returns the app group string of a workload in the format of App | Env. If the workload does not have an app or env label, "NO APP GROUP" is returned. Use GetAppGroupL to include the loc label in the app group.
func (*Workload) GetAppGroupL ¶
GetAppGroupL returns the app group string of a workload in the format of App | Env | Loc. If the workload does not have an app, env, or loc label, "NO APP GROUP" is returned. Use GetAppGroup to only use app and env in App Group.
func (*Workload) GetCIDR ¶
GetCIDR returns the CIDR Block for a workload's IP address The CIDR value is returned as a string (e.g., "/24"). If the CIDR value is not known (e.g., unmanaged workloads) it returns "NA" If the provided IP address is not attached to the workload, GetCIDR returns "NA".
func (*Workload) GetDefaultGW ¶
GetDefaultGW returns the default gateway for a workload. If the workload does not have a default gateway (many unmanaged workloads) it will return "NA"
func (*Workload) GetEnv ¶
GetEnv takes a map of labels with the href string as the key and returns the env label for a workload. To get the LabelMap call GetLabelMapH.
func (*Workload) GetIPWithDefaultGW ¶
GetIPWithDefaultGW returns the IP address of the interface that has the default gateway If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"
func (*Workload) GetInterfaceName ¶
GetInterfaceName returns the interface name for a workload's IP address If the provided IP address is not attached to the workload, GetInterfaceName returns "NA".
func (*Workload) GetLoc ¶
GetLoc takes a map of labels with the href string as the key and returns the loc label for a workload. To get the LabelMap call GetLabelMapH.
func (*Workload) GetMode ¶
GetMode returns the mode of the workloads. The returned value in 20.2 and newer PCEs will be unmanaged, idle, visibility_only, full, or selective. For visibility levels, use the w.GetVisibilityLevel() method.
The returned value in 20.1 and lower PCEs will be unmanaged, idle, build, test, enforced-no, enforced-low, enforced-high. The enforced options represent no logging, low details, and high detail.
func (*Workload) GetNetMask ¶
GetNetMask returns the netmask for a workload's IP address The value is returned as a string (e.g., "255.0.0.0") If the value is not known (e.g., unmanaged workloads) it returns "NA" If the provided IP address is not attached to the workload, GetNetMask returns "NA".
func (*Workload) GetNetMaskWithDefaultGW ¶
GetNetMaskWithDefaultGW returns the netmask of the ip address that has the default gateway If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"
func (*Workload) GetNetwork ¶
GetNetwork returns the network of a workload's IP address.
func (*Workload) GetNetworkWithDefaultGateway ¶
GetNetworkWithDefaultGateway returns the CIDR notation of the network of the interface with the default gateway. If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"
func (*Workload) GetRole ¶
GetRole takes a map of labels with the href string as the key and returns the role label for a workload. To get the LabelMap call GetLabelMapH.
func (*Workload) GetVisibilityLevel ¶ added in v1.26.0
func (*Workload) HoursSinceLastHeartBeat ¶
HoursSinceLastHeartBeat returns the hours since the last beat. -9999 is returned for unmanaged workloads or when it cannot be calculated.
func (*Workload) LabelsMatch ¶
LabelsMatch checks if the workload matches the provided labels. Blank values ("") for role, app, env, or loc mean no label assigned for that key. A single asterisk (*) can be used to represent any in a particular key. For example, using "*" for role will return true as long as the app, env, and loc match.
func (*Workload) SanitizeBulkUpdate ¶
func (w *Workload) SanitizeBulkUpdate()
SanitizeBulkUpdate removes the properites necessary for a bulk update
func (*Workload) SanitizePut ¶
func (w *Workload) SanitizePut()
SanitizePut removes the necessary properties to update an unmanaged and managed workload
func (*Workload) SetMode ¶
SetMode adjusts the workload to reflect the assigned mode. Nothing is changed in the PCE. To reflect the change in the PCE use SetMode method followed by PCE.UpdateWorkload() method.
Valid options in 20.2 and newer PCEs are idle, visibility_only, full, and selective. For visibility levels, use the w.SetVisibilityLevel() method.
Valid options in 20.1 and lower PCEs are idle, build, test, enforced-no, enforced-low, enforced-high. The enforced options represent no logging, low details, and high detail.
func (*Workload) SetVisibilityLevel ¶ added in v1.19.0
SetVisibilityLevel adjusts the workload to reflect the assigned visibility level. Nothing is changed in the PCE. To reflect the change in the PCE use SetVisibilityLevel method followed by PCE.UpdateWorkload() method.
Valid options in 20.2 and newer PCEs are flow_summary, flow_drops, flow_off, or enhanced_data_collection
20.1 PCEs and lower do not use this method.
Source Files