illumioapi

package module
v1.27.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 19, 2021 License: MIT Imports: 17 Imported by: 46

README

Illumio API Package

GoDoc

Description

Go package to easily interact with the Illumio API.

Example Code

Nearly all functions that interact with your PCE are methods on the PCE type. For example, the code below prints all hostnames:

// Create PCE
pce := illumioapi.PCE{
   FQDN: "bep-lab.poc.segmentationpov.com",
   Port: 443,
   DisableTLSChecking: true}

// Login and ignore error checking for example
pce.Login("brian@email.com", "Password123")

// Get all workloads and ignore error checking for example
wklds, _, _ := pce.GetAllWorkloads()

// Iterate through workloads and print hostname
for _, w := range wklds {
    fmt.Println(w.Hostname)
}

Tests and Examples

The illumioapi_test package includes some tests for the package. This can also be referenced for examples on how to use some of the functions. It's not a complete test package.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var Threshold int

Threshold is the value set to iterate

Functions

func LabelsToRuleStructure added in v1.3.0

func LabelsToRuleStructure(labels []Label) ([][]Label, error)

LabelsToRuleStructure takes a slice of labels and returns a slice of slices for how the labels would be organized as read by the PCE rule processing. For example {"A-ERP", "A-CRM", "E-PROD"} will return [{"A-ERP, E-PROD"}. {"A-CRM", "E-PROD"}]

func ParseObjectType

func ParseObjectType(href string) string

ParseObjectType takes an href and returns one of the following options: iplist, label, label_group, virtual_service, workload, or unknown.

func ProtocolList

func ProtocolList() map[int]string

ProtocolList returns a map for the IANA protocol numbers.

Types

type APIKey

type APIKey struct {
	Href         string `json:"href,omitempty"`
	KeyID        string `json:"key_id,omitempty"`
	AuthUsername string `json:"auth_username,omitempty"`
	CreatedAt    string `json:"created_at,omitempty"`
	Name         string `json:"name,omitempty"`
	Description  string `json:"description,omitempty"`
	Secret       string `json:"secret,omitempty"`
}

APIKey represents an API Key

type APIResponse

type APIResponse struct {
	RespBody   string
	StatusCode int
	Header     http.Header
	Request    *http.Request
	ReqBody    string
	Warnings   []string
}

APIResponse contains the information from the response of the API

type Actors

type Actors struct {
	Actors     string      `json:"actors,omitempty"`
	Label      *Label      `json:"label,omitempty"`
	LabelGroup *LabelGroup `json:"label_group,omitempty"`
	Workload   *Workload   `json:"workload,omitempty"`
}

Actors - more info to follow

type Agent

type Agent struct {
	ActivePceFqdn string         `json:"active_pce_fqdn,omitempty"`
	Config        *Config        `json:"config,omitempty"`
	Href          string         `json:"href,omitempty"`
	SecureConnect *SecureConnect `json:"secure_connect,omitempty"`
	Status        *Status        `json:"status,omitempty"`
	TargetPceFqdn string         `json:"target_pce_fqdn,omitempty"`
}

An Agent is an Agent on a Workload

func (*Agent) GetID

func (a *Agent) GetID() string

GetID returns the ID from the Href of an Agent

type AgentHealth

type AgentHealth struct {
	AuditEvent string `json:"audit_event,omitempty"`
	Severity   string `json:"severity,omitempty"`
	Type       string `json:"type,omitempty"`
}

AgentHealth represents the Agent Health of the Status of a Workload

type AgentHealthErrors

type AgentHealthErrors struct {
	Errors   []string `json:"errors,omitempty"`
	Warnings []string `json:"warnings,omitempty"`
}

AgentHealthErrors represents the Agent Health Errors of the Status of a Workload This is depreciated - use AgentHealth

type Authentication

type Authentication struct {
	AuthToken string `json:"auth_token"`
}

Authentication represents the response of the Authenticate API

type BulkResponse added in v1.12.0

type BulkResponse struct {
	Href    string  `json:"href"`
	Status  string  `json:"status"`
	Token   string  `json:"token"`
	Message string  `json:"message"`
	Errors  []Error `json:"errors"`
}

BulkResponse is the data structure for the bulk response API

type ChangeSubset

type ChangeSubset struct {
	FirewallSettings      []*FirewallSettings      `json:"firewall_settings,omitempty"`
	IPLists               []*IPList                `json:"ip_lists,omitempty"`
	LabelGroups           []*LabelGroup            `json:"label_groups,omitempty"`
	RuleSets              []*RuleSet               `json:"rule_sets,omitempty"`
	SecureConnectGateways []*SecureConnectGateways `json:"secure_connect_gateways,omitempty"`
	Services              []*Service               `json:"services,omitempty"`
	VirtualServers        []*VirtualServer         `json:"virtual_servers,omitempty"`
	VirtualServices       []*VirtualService        `json:"virtual_services,omitempty"`
	EnforcementBoundaries []*EnforcementBoundary   `json:"enforcement_boundaries,omitempty"`
}

ChangeSubset Hash of pending hrefs, organized by model

type CompatibilityReport

type CompatibilityReport struct {
	LastUpdatedAt time.Time `json:"last_updated_at"`
	Results       Results   `json:"results"`
	QualifyStatus string    `json:"qualify_status"`
}

CompatibilityReport is a compatibility report for a VEN in Idle status

type Config

type Config struct {
	LogTraffic               bool   `json:"log_traffic"`
	Mode                     string `json:"mode,omitempty"`
	SecurityPolicyUpdateMode string `json:"security_policy_update_mode,omitempty"`
	VisibilityLevel          string `json:"visibility_level,omitempty"`
}

Config represents the Configuration of an Agent on a Workload

type Consumers

type Consumers struct {
	Actors         string          `json:"actors,omitempty"`
	IPList         *IPList         `json:"ip_list,omitempty"`
	Label          *Label          `json:"label,omitempty"`
	LabelGroup     *LabelGroup     `json:"label_group,omitempty"`
	VirtualService *VirtualService `json:"virtual_service,omitempty"`
	Workload       *Workload       `json:"workload,omitempty"`
}

Consumers - more info to follow

type ConsumingSecurityPrincipals

type ConsumingSecurityPrincipals struct {
	Actors        []*Actors     `json:"actors,omitempty"`
	Deleted       bool          `json:"deleted,omitempty"`
	Description   string        `json:"description,omitempty"`
	Enabled       bool          `json:"enabled,omitempty"`
	Href          string        `json:"href,omitempty"`
	IPVersion     string        `json:"ip_version,omitempty"`
	Statements    []*Statements `json:"statements,omitempty"`
	Name          string        `json:"name,omitempty"`
	SID           string        `json:"sid,omitempty"`
	UsedByRuleSet bool          `json:"used_by_ruleset,omitempty"`
}

ConsumingSecurityPrincipals - more info to follow

type CreatedBy

type CreatedBy struct {
	Href string `json:"href"`
}

CreatedBy represents the CreatedBy property of an object

type DeletedBy

type DeletedBy struct {
	Href string `json:"href,omitempty"`
}

DeletedBy represents the Deleted By property of an object

type Destinations

type Destinations struct {
	Include [][]Include `json:"include"`
	Exclude []Exclude   `json:"exclude"`
}

Destinations represents the destination query portion of the explorer API

type DiscoveredVirtualServer

type DiscoveredVirtualServer struct {
	Href string `json:"href"`
}

DiscoveredVirtualServer is part of a Virtual Server

type Dst

type Dst struct {
	IP       string     `json:"ip"`
	Workload *Workload  `json:"workload,omitempty"`
	FQDN     string     `json:"fqdn,omitempty"`
	IPLists  *[]*IPList `json:"ip_lists"`
}

Dst is the provider workload details

type EnforcementBoundary added in v1.25.0

type EnforcementBoundary struct {
	Href            string            `json:"href,omitempty"`
	Name            string            `json:"name,omitempty"`
	Providers       []Providers       `json:"providers,omitempty"`
	Consumers       []Consumers       `json:"consumers,omitempty"`
	IngressServices []IngressServices `json:"ingress_services,omitempty"`
}

type Error added in v1.12.0

type Error struct {
	Token   string `json:"token"`
	Message string `json:"message"`
}

type Exclude

type Exclude struct {
	Label          *Label     `json:"label,omitempty"`
	Workload       *Workload  `json:"workload,omitempty"`
	IPList         *IPList    `json:"ip_list,omitempty"`
	IPAddress      *IPAddress `json:"ip_address,omitempty"`
	Port           int        `json:"port,omitempty"`
	ToPort         int        `json:"to_port,omitempty"`
	Proto          int        `json:"proto,omitempty"`
	Process        string     `json:"process_name,omitempty"`
	WindowsService string     `json:"windows_service_name,omitempty"`
	Transmission   string     `json:"transmission,omitempty"`
}

Exclude represents the type of objects used in an include query. The exclude struct should only have the following combinations: label only, workload only, IP address only, Port and/or protocol only. Example - Label and Workload cannot both be non-nil Example - Port and Proto can both be non-nil (e.g., port 3306 and proto 6)

type ExpSrv

type ExpSrv struct {
	Port           int    `json:"port,omitempty"`
	Proto          int    `json:"proto,omitempty"`
	Process        string `json:"process_name,omitempty"`
	User           string `json:"user_name,omitempty"`
	WindowsService string `json:"windows_service_name,omitempty"`
}

ExpSrv is a service in the explorer response

type ExplorerServices

type ExplorerServices struct {
	Include []Include `json:"include"`
	Exclude []Exclude `json:"exclude"`
}

ExplorerServices represent services to be included or excluded in the explorer query

type FQDN

type FQDN struct {
	FQDN string `json:"fqdn"`
}

FQDN represents an FQDN in an IPList

type FirewallSettings

type FirewallSettings struct {
	Href string `json:"href"`
}

FirewallSettings are a provisionable object

type FlowUploadResp

type FlowUploadResp struct {
	NumFlowsReceived int       `json:"num_flows_received"`
	NumFlowsFailed   int       `json:"num_flows_failed"`
	FailedFlows      []*string `json:"failed_flows,omitempty"`
}

FlowUploadResp is the response from the traffic upload API

type IPAddress

type IPAddress struct {
	Value string `json:"value,omitempty"`
}

IPAddress represents an IP Address

type IPList

type IPList struct {
	CreatedAt             string     `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy `json:"created_by,omitempty"`
	DeletedAt             string     `json:"deleted_at,omitempty"`
	DeletedBy             *DeletedBy `json:"deleted_by,omitempty"`
	Description           string     `json:"description,omitempty"`
	ExternalDataReference string     `json:"external_data_reference,omitempty"`
	ExternalDataSet       string     `json:"external_data_set,omitempty"`
	FQDNs                 []*FQDN    `json:"fqdns,omitempty"`
	Href                  string     `json:"href,omitempty"`
	IPRanges              []*IPRange `json:"ip_ranges,omitempty"`
	Name                  string     `json:"name,omitempty"`
	UpdatedAt             string     `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy `json:"updated_by,omitempty"`
	Size                  int        `json:"size,omitempty"`
}

IPList represents an IP List in the Illumio PCE.

type IPRange

type IPRange struct {
	Description string `json:"description,omitempty"`
	Exclusion   bool   `json:"exclusion,omitempty"`
	FromIP      string `json:"from_ip,omitempty"`
	ToIP        string `json:"to_ip,omitempty"`
}

IPRange repsents one of the IP ranges of an IP List.

type IPTablesRules

type IPTablesRules struct {
	Actors      []*Actors     `json:"actors"`
	Description string        `json:"description,omitempty"`
	Enabled     bool          `json:"enabled"`
	Href        string        `json:"href"`
	IPVersion   string        `json:"ip_version"`
	Statements  []*Statements `json:"statements"`
}

IPTablesRules - more info to follow

type IllumioSecurityTemplate

type IllumioSecurityTemplate struct {
	Name                  string     `json:"name"`
	Version               int        `json:"version"`
	OsFamily              string     `json:"os_family"`
	Icon                  string     `json:"icon"`
	CompatiblePceVersions []int      `json:"compatible_pce_versions"`
	Labels                []*Label   `json:"labels,omitempty"`
	IPLists               []*IPList  `json:"ip_lists,omitempty"`
	Services              []*Service `json:"services,omitempty"`
}

IllumioSecurityTemplate contains Labels, IP Lists, Services

type IllumioSecurityTemplateFile

type IllumioSecurityTemplateFile struct {
	IllumioSecurityTemplates []*IllumioSecurityTemplate `json:"illumio_security_templates"`
}

IllumioSecurityTemplateFile is a file with a slice of templates

func ParseTemplateFile

func ParseTemplateFile(filename string) (IllumioSecurityTemplateFile, error)

ParseTemplateFile imports a JSON template file into the PCE

type Include

type Include struct {
	Label          *Label     `json:"label,omitempty"`
	Workload       *Workload  `json:"workload,omitempty"`
	IPList         *IPList    `json:"ip_list,omitempty"`
	IPAddress      *IPAddress `json:"ip_address,omitempty"`
	Port           int        `json:"port,omitempty"`
	ToPort         int        `json:"to_port,omitempty"`
	Proto          int        `json:"proto,omitempty"`
	Process        string     `json:"process_name,omitempty"`
	WindowsService string     `json:"windows_service_name,omitempty"`
}

Include represents the type of objects used in an include query. The include struct should be label only, workload only, IP address only, Port and/or protocol only. Example - Label and Workload cannot both be non-nil Example - Port and Proto can both be non-nil (e.g., port 3306 and proto 6)

type IncraseTrafficUpdateReq added in v1.27.0

type IncraseTrafficUpdateReq struct {
	Workloads []Workload `json:"workloads"`
}

type IngressServices

type IngressServices struct {
	Port     *int    `json:"port,omitempty"`
	Protocol *int    `json:"proto,omitempty"`
	ToPort   *int    `json:"to_port,omitempty"`
	Href     *string `json:"href,omitempty"`
}

IngressServices - more info to follow

type Interface

type Interface struct {
	Address               string `json:"address,omitempty"`
	CidrBlock             *int   `json:"cidr_block,omitempty"`
	DefaultGatewayAddress string `json:"default_gateway_address,omitempty"`
	FriendlyName          string `json:"friendly_name,omitempty"`
	LinkState             string `json:"link_state,omitempty"`
	Name                  string `json:"name,omitempty"`
}

An Interface represent the Interfaces of a Workload

type Label

type Label struct {
	CreatedAt             string      `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy  `json:"created_by,omitempty"`
	Deleted               bool        `json:"deleted,omitempty"`
	ExternalDataReference string      `json:"external_data_reference,omitempty"`
	ExternalDataSet       string      `json:"external_data_set,omitempty"`
	Href                  string      `json:"href,omitempty"`
	Key                   string      `json:"key,omitempty"`
	UpdatedAt             string      `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy  `json:"updated_by,omitempty"`
	Value                 string      `json:"value,omitempty"`
	LabelUsage            *LabelUsage `json:"usage,omitempty"`
}

A Label represents an Illumio Label.

type LabelGroup

type LabelGroup struct {
	Description           string       `json:"description,omitempty"`
	ExternalDataReference string       `json:"external_data_reference,omitempty"`
	ExternalDataSet       string       `json:"external_data_set,omitempty"`
	Href                  string       `json:"href,omitempty"`
	Key                   string       `json:"key,omitempty"`
	Labels                []*Label     `json:"labels,omitempty"`
	Name                  string       `json:"name,omitempty"`
	SubGroups             []*SubGroups `json:"sub_groups,omitempty"`
	Usage                 *Usage       `json:"usage,omitempty"`
}

LabelGroup represents a Label Group in the Illumio PCE

type LabelUsage added in v1.22.0

type LabelUsage struct {
	VirtualServer                     bool `json:"virtual_server"`
	LabelGroup                        bool `json:"label_group"`
	Ruleset                           bool `json:"ruleset"`
	StaticPolicyScopes                bool `json:"static_policy_scopes"`
	PairingProfile                    bool `json:"pairing_profile"`
	Permission                        bool `json:"permission"`
	Workload                          bool `json:"workload"`
	ContainerWorkload                 bool `json:"container_workload"`
	FirewallCoexistenceScope          bool `json:"firewall_coexistence_scope"`
	ContainersInheritHostPolicyScopes bool `json:"containers_inherit_host_policy_scopes"`
	ContainerWorkloadProfile          bool `json:"container_workload_profile"`
	BlockedConnectionRejectScope      bool `json:"blocked_connection_reject_scope"`
	EnforcementBoundary               bool `json:"enforcement_boundary"`
	LoopbackInterfacesInPolicyScopes  bool `json:"loopback_interfaces_in_policy_scopes"`
	VirtualService                    bool `json:"virtual_service"`
}

type LoadInput added in v1.6.0

type LoadInput struct {
	ProvisionStatus             string // Must be draft or active. Blank value is draft
	Labels                      bool
	LabelGroups                 bool
	IPLists                     bool
	Workloads                   bool
	WorkloadsQueryParameters    map[string]string
	VirtualServices             bool
	VirtualServers              bool
	Services                    bool
	ConsumingSecurityPrincipals bool
	RuleSets                    bool
}

LoadInput tells the p.Load method what objects to load

type Network

type Network struct {
	Href string `json:"href,omitempty"`
	Name string `json:"name,omitempty"`
}

Network represents a network in the PCE

type OpenServicePorts

type OpenServicePorts struct {
	Address        string `json:"address,omitempty"`
	Package        string `json:"package,omitempty"`
	Port           int    `json:"port,omitempty"`
	ProcessName    string `json:"process_name,omitempty"`
	Protocol       int    `json:"protocol,omitempty"`
	User           string `json:"user,omitempty"`
	WinServiceName string `json:"win_service_name,omitempty"`
}

OpenServicePorts represents open ports for a service running on a workload

type Org

type Org struct {
	Href        string `json:"href"`
	DisplayName string `json:"display_name"`
	ID          int    `json:"org_id"`
}

Org is an an organization in a SaaS PCE

type PCE

type PCE struct {
	FriendlyName                string
	FQDN                        string
	Port                        int
	Org                         int
	User                        string
	Key                         string
	DisableTLSChecking          bool
	LabelsSlice                 []Label                                // All labels stored in a slice
	Labels                      map[string]Label                       // Labels can be looked up by href or key+value (no character between key and value)
	LabelGroups                 map[string]LabelGroup                  // Label Groups can be looked up by href or name
	IPLists                     map[string]IPList                      // IP Lists can be looked up by href or name
	IPListsSlice                []IPList                               // All IP Lists stored in a slice
	Workloads                   map[string]Workload                    // Workloads can be looked up by href, hostname, or names
	WorkloadsSlice              []Workload                             // All Workloads stored in a slice
	VirtualServices             map[string]VirtualService              // VirtualServices can be looked up by href or name
	VirtualServers              map[string]VirtualServer               // VirtualServers can be looked up by href or name
	Services                    map[string]Service                     // Services can be looked up by href or name
	ServicesSlice               []Service                              // All services stored in a slice
	ConsumingSecurityPrincipals map[string]ConsumingSecurityPrincipals // ConsumingSecurityPrincipals can be loooked up by href or name
	RuleSets                    map[string]RuleSet                     // RuleSets can be looked up by href or name
}

PCE represents an Illumio PCE and the necessary info to authenticate. The policy objects are maps for lookups. ] Each map will have multiple look up keys so the length of the map will be larger than the total objects. For example, each label will be in the map for an HREF and a key value. Policy objects should be called by their corresponding PCE method if you need to iterate or count them (e.g., pce.GetAllLabels)

func (*PCE) BulkVS

func (p *PCE) BulkVS(virtualServices []VirtualService, method string) ([]APIResponse, error)

BulkVS takes a bulk action on an array of workloads. Method must be create, update, or delete

func (*PCE) BulkWorkload

func (p *PCE) BulkWorkload(workloads []Workload, method string, stdoutLogs bool) ([]APIResponse, error)

BulkWorkload takes a bulk action on an array of workloads. Method must be create, update, or delete

func (*PCE) CreateADUserGroup

CreateADUserGroup creates a user group policy object in the PCE

func (*PCE) CreateEnforcementBoundary added in v1.25.0

func (p *PCE) CreateEnforcementBoundary(enforcementBoundary EnforcementBoundary) (EnforcementBoundary, APIResponse, error)

CreateEnforcementBoundary creates a new enforcement boundary in the Illumio PCE

func (*PCE) CreateIPList

func (p *PCE) CreateIPList(ipList IPList) (IPList, APIResponse, error)

CreateIPList creates a new IP List in the Illumio PCE.

The function will not remove properties not in the POST schema (e.g., CreatedAt)

func (*PCE) CreateLabel

func (p *PCE) CreateLabel(label Label) (Label, APIResponse, error)

CreateLabel creates a new Label in the Illumio PCE.

func (*PCE) CreateLabelGroup

func (p *PCE) CreateLabelGroup(labelGroup LabelGroup) (LabelGroup, APIResponse, error)

CreateLabelGroup creates a new Label Group in the Illumio PCE.

The function will remove properties not in the POST schema

func (*PCE) CreatePairingKey

func (p *PCE) CreatePairingKey(pairingProfile PairingProfile) (PairingKey, APIResponse, error)

CreatePairingKey creates a pairing key from a pairing profile.

func (*PCE) CreatePairingProfile

func (p *PCE) CreatePairingProfile(pairingProfile PairingProfile) (APIResponse, error)

CreatePairingProfile creates a new pairing profile in the Illumio PCE.

func (*PCE) CreateRuleSet

func (p *PCE) CreateRuleSet(rs RuleSet) (RuleSet, APIResponse, error)

CreateRuleSet creates a new ruleset in the Illumio PCE

func (*PCE) CreateRuleSetRule

func (p *PCE) CreateRuleSetRule(rulesetHref string, rule Rule) (Rule, APIResponse, error)

CreateRuleSetRule adds a rule to a RuleSet in the Illumio PCE.

The provided RuleSet struct must include an Href.

func (*PCE) CreateService

func (p *PCE) CreateService(service Service) (Service, APIResponse, error)

CreateService creates a new service in the Illumio PCE

func (*PCE) CreateServiceBinding

func (p *PCE) CreateServiceBinding(serviceBindings []ServiceBinding, virtualService VirtualService) ([]ServiceBinding, APIResponse, error)

CreateServiceBinding binds new workloads to a virtual service

func (*PCE) CreateVirtualService

func (p *PCE) CreateVirtualService(virtualService VirtualService) (VirtualService, APIResponse, error)

CreateVirtualService creates a new virtual service in the Illumio PCE.

func (*PCE) CreateWorkload

func (p *PCE) CreateWorkload(workload Workload) (Workload, APIResponse, error)

CreateWorkload creates a new unmanaged workload in the Illumio PCE

func (*PCE) DeleteHref

func (p *PCE) DeleteHref(href string) (APIResponse, error)

DeleteHref deletes an existing object in the PCE based on its href.

func (*PCE) ExpandLabelGroup

func (p *PCE) ExpandLabelGroup(href string) (labelHrefs []string)

ExpandLabelGroup returns a string of label hrefs in a label group Every subgroup (and nested subgroup) is expanded

func (*PCE) FindObject

func (p *PCE) FindObject(href string) (key, name string, err error)

FindObject takes an href and returns what it is and the name

func (*PCE) GetAllADUserGroups

func (p *PCE) GetAllADUserGroups() ([]ConsumingSecurityPrincipals, APIResponse, error)

GetAllADUserGroups gets all user groups in the PCE

func (*PCE) GetAllAPIKeys

func (p *PCE) GetAllAPIKeys(userHref string) ([]APIKey, APIResponse, error)

GetAllAPIKeys gets all the APIKeys associated with a user

func (*PCE) GetAllActiveIPLists

func (p *PCE) GetAllActiveIPLists() ([]IPList, APIResponse, error)

GetAllActiveIPLists returns a slice of draft IPLists If there are more than 500 IP Lists, async will run.

func (*PCE) GetAllDraftIPLists

func (p *PCE) GetAllDraftIPLists() ([]IPList, APIResponse, error)

GetAllDraftIPLists returns a slice of draft IPLists If there are more than 500 IP Lists, async will run.

func (*PCE) GetAllIPLists

func (p *PCE) GetAllIPLists() ([]IPList, []APIResponse, error)

GetAllIPLists returns a slice of all IPLists in the PCE. The function combines the query to get draft and active IP Lists. If there are more than 500 of either, async queries will run. The []APIResponse will have two entries - first is for draft, second for active. The HREF will indicate if it's active or draft.

func (*PCE) GetAllLabelGroups

func (p *PCE) GetAllLabelGroups(provisionStatus string) ([]LabelGroup, APIResponse, error)

GetAllLabelGroups returns a slice of all Label Groups of a specific provision status in the Illumio PCE.

The pvoision status must be "draft" or "active". The first call does not use the async option. If the response array length is >=500, it is re-run enabling async.

func (*PCE) GetAllLabels

func (p *PCE) GetAllLabels() ([]Label, APIResponse, error)

GetAllLabels returns a slice of all Labels in the Illumio PCE. The first API call to the PCE does not use the async option. If the array length is >=500, it re-runs with async.

func (*PCE) GetAllLabelsQP added in v1.22.0

func (p *PCE) GetAllLabelsQP(queryParameters map[string]string) ([]Label, APIResponse, error)

func (*PCE) GetAllPairingProfiles

func (p *PCE) GetAllPairingProfiles() ([]PairingProfile, APIResponse, error)

GetAllPairingProfiles gets all pairing profiles in the Illumio PCE.

func (*PCE) GetAllPending

func (p *PCE) GetAllPending() (ChangeSubset, APIResponse, error)

GetAllPending gets all the items pending provisioning

func (*PCE) GetAllRuleSets

func (p *PCE) GetAllRuleSets(provisionStatus string) ([]RuleSet, APIResponse, error)

GetAllRuleSets returns a slice of Rulesets for all RuleSets in the Illumio PCE

func (*PCE) GetAllServiceBindings

func (p *PCE) GetAllServiceBindings(virtualService VirtualService) ([]ServiceBinding, APIResponse, error)

GetAllServiceBindings returns a slice of all workload bindings for a virtual service.

The first call does not use the async option. If the response array length is >=500, it is re-run enabling async.

func (*PCE) GetAllServices

func (p *PCE) GetAllServices(provisionStatus string) ([]Service, APIResponse, error)

GetAllServices returns a slice of Services for each Service in the Illumio PCE. provisionStatus must either be "draft" or "active". The first API call to the PCE does not use the async option. If the array length is >=500, it re-runs with async.

func (*PCE) GetAllVirtualServers

func (p *PCE) GetAllVirtualServers(provisionStatus string) ([]VirtualServer, APIResponse, error)

GetAllVirtualServers returns a slice of virtual servers in the Illumio PCE. provisionStatus must be "draft" or "active" The first API call to the PCE does not use the async option. If the array length is >=500, it re-runs with async.

func (*PCE) GetAllVirtualServices

func (p *PCE) GetAllVirtualServices(queryParameters map[string]string, provisionStatus string) ([]VirtualService, APIResponse, error)

GetAllVirtualServices returns a slice of all Virtual services of a specific provision status in the Illumio PCE.

The queryParameters are map["parameter"]="value" (e.g., queryParameters["name"]="name123") The provision status must be "draft" or "active". The first call does not use the async option. If the response array length is >=500, it is re-run enabling async.

func (*PCE) GetAllVulnReports

func (p *PCE) GetAllVulnReports() ([]VulnerabilityReport, APIResponse, error)

GetAllVulnReports returns a slice of all Vulnerability Reports in the Illumio PCE. The first call does not use the async option. If the response slice length is >=500, it is re-run enabling async.

func (*PCE) GetAllVulns

func (p *PCE) GetAllVulns() ([]Vulnerability, APIResponse, error)

GetAllVulns returns a slice of all Vulnerabilities in the Illumio PCE. The first call does not use the async option. If the response slice length is >=500, it is re-run enabling async.

func (*PCE) GetAllWorkloads

func (p *PCE) GetAllWorkloads() ([]Workload, APIResponse, error)

GetAllWorkloads returns an slice of workloads in the Illumio PCE. The first API call to the PCE does not use the async option. If the array length is >=500, it re-runs with async.

func (*PCE) GetAllWorkloadsQP

func (p *PCE) GetAllWorkloadsQP(queryParameters map[string]string) ([]Workload, APIResponse, error)

GetAllWorkloadsQP returns a slice of workloads in the Illumio PCE. The first API call to the PCE does not use the async option. If the array length is >=500, it re-runs with async. QueryParameters can be passed as a map of [key]=vale

func (*PCE) GetCompatibilityReport

func (p *PCE) GetCompatibilityReport(w Workload) (CompatibilityReport, APIResponse, error)

GetCompatibilityReport returns the compatibility report for a VEN

func (*PCE) GetIPList

func (p *PCE) GetIPList(name string) (IPList, APIResponse, error)

GetIPList queries returns the IP List based on name. Provisioned IP lists checked before draft

func (*PCE) GetLabelbyHref

func (p *PCE) GetLabelbyHref(href string) (Label, APIResponse, error)

GetLabelbyHref returns a label based on the provided HREF.

func (*PCE) GetLabelbyKeyValue

func (p *PCE) GetLabelbyKeyValue(key, value string) (Label, APIResponse, error)

GetLabelbyKeyValue finds a label based on the key and value. It will only return one Label that is an exact match.

func (*PCE) GetRuleSetMapName

func (p *PCE) GetRuleSetMapName(provisionStatus string) (map[string]RuleSet, APIResponse, error)

GetRuleSetMapName returns a map of all rulesets with the name as a key

func (*PCE) GetTrafficAnalysis

func (p *PCE) GetTrafficAnalysis(q TrafficQuery) ([]TrafficAnalysis, APIResponse, error)

GetTrafficAnalysis gets flow data from Explorer.

func (*PCE) GetTrafficAnalysisAPI added in v1.6.0

func (p *PCE) GetTrafficAnalysisAPI(t TrafficAnalysisRequest) ([]TrafficAnalysis, APIResponse, error)

GetTrafficAnalysisAPI gets flow data from Explorer.

func (*PCE) GetVersion

func (p *PCE) GetVersion() (Version, error)

GetVersion returns the version of the PCE

func (*PCE) GetVirtualServiceByName

func (p *PCE) GetVirtualServiceByName(name string, provisionStatus string) (VirtualService, APIResponse, error)

GetVirtualServiceByName returns a single Virtual Service that matches the name Using the queryParameters in GetAllVirtualServices reports partial matches on name values This method only returns a single value for exact match.

func (*PCE) GetWkldByHref

func (p *PCE) GetWkldByHref(href string) (Workload, APIResponse, error)

GetWkldByHref returns the workload with a specific href

func (*PCE) GetWkldHostMap

func (p *PCE) GetWkldHostMap() (map[string]Workload, APIResponse, error)

GetWkldHostMap returns a map of all workloads with the hostname as the key.

func (*PCE) GetWkldHrefMap

func (p *PCE) GetWkldHrefMap() (map[string]Workload, APIResponse, error)

GetWkldHrefMap returns a map of all workloads with the Href as the key.

func (*PCE) IncreaseTrafficUpdateRate added in v1.27.0

func (p *PCE) IncreaseTrafficUpdateRate(wklds []Workload) (APIResponse, error)

IncreaseTrafficUpdateRate increases the VEN traffic update rate

func (*PCE) IterateTraffic

func (p *PCE) IterateTraffic(q TrafficQuery, stdout bool) ([]TrafficAnalysis, error)

IterateTraffic returns an array of traffic analysis . The iterative query starts by running a blank explorer query. If the results are over 90K, it queries again by TCP, UDP, and other. If either protocol-specific query is over 90K, it queries again by TCP and UDP port.

func (*PCE) IterateTrafficJString

func (p *PCE) IterateTrafficJString(q TrafficQuery, stdout bool) (string, error)

IterateTrafficJString returns the combined JSON output from an iterative exlplorer query. The iterative query starts by running a blank explorer query. If the results are over threshold, it queries again by TCP, UDP, and other. If either protocol-specific query is over 90K, it queries again by TCP and UDP port.

func (*PCE) Load

func (p *PCE) Load(l LoadInput) error

Load fills the PCE object maps provisionStatus must be "draft" or "active"

func (*PCE) Login

func (p *PCE) Login(user, password string) (UserLogin, []APIResponse, error)

Login authenticates to the PCE. Login will populate the User, Key, and Org fields in the PCE instance. Login will use a temporary session token that expires after 10 minutes.

func (*PCE) LoginAPIKey

func (p *PCE) LoginAPIKey(user, password, name, desc string) (UserLogin, []APIResponse, error)

LoginAPIKey authenticates to the PCE. Login will populate the User, Key, and Org fields in the PCE instance. LoginAPIKey will create a permanent API Key with the provided name and description fields.

func (*PCE) ProvisionCS

func (p *PCE) ProvisionCS(cs ChangeSubset, comment string) (APIResponse, error)

ProvisionCS provisions a ChangeSubset

func (*PCE) ProvisionHref

func (p *PCE) ProvisionHref(hrefs []string, comment string) (APIResponse, error)

ProvisionHref provisions a slice of HREFs

func (*PCE) UpdateIPList

func (p *PCE) UpdateIPList(iplist IPList) (APIResponse, error)

UpdateIPList updates an existing IP List in the Illumio PCE.

The provided IPList struct must include an Href. The function will remove properties not included in the PUT schema.

func (*PCE) UpdateLabel

func (p *PCE) UpdateLabel(label Label) (APIResponse, error)

UpdateLabel updates an existing label in the Illumio PCE. The provided label struct must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateLabelGroup

func (p *PCE) UpdateLabelGroup(labelGroup LabelGroup) (APIResponse, error)

UpdateLabelGroup updates an existing Label Group in the Illumio PCE.

The provided Label Group struct must include an Href. The function will remove properties not included in the PUT schema.

func (*PCE) UpdateRuleSetRules

func (p *PCE) UpdateRuleSetRules(rule Rule) (APIResponse, error)

UpdateRuleSetRules updates a rule in the Illumio PCE.

The provided Rule struct must include an Href. The function will remove properties not included in the PUT schema.

func (*PCE) UpdateService

func (p *PCE) UpdateService(service Service) (APIResponse, error)

UpdateService updates an existing service object in the Illumio PCE

func (*PCE) UpdateVirtualService

func (p *PCE) UpdateVirtualService(virtualService VirtualService) (APIResponse, error)

UpdateVirtualService updates an existing virtual service in the Illumio PCE.

The provided Virtual Service struct must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateWorkload

func (p *PCE) UpdateWorkload(workload Workload) (APIResponse, error)

UpdateWorkload updates an existing workload in the Illumio PCE The provided workload struct must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UploadTraffic

func (p *PCE) UploadTraffic(filename string, headerLine bool) (UploadFlowResults, error)

UploadTraffic uploads a csv to the PCE with traffic flows. filename should be the path to a csv file with 4 cols: src_ip, dst_ip, port, protocol (IANA numerical format 6=TCP, 17=UDP) When headerLine = true, the first line of the CSV is skipped. If there are more than 999 entries in the CSV, it creates chunks of 999

func (*PCE) WorkloadQueryLabelParameter added in v1.14.0

func (p *PCE) WorkloadQueryLabelParameter(data [][]string) (string, error)

WorkloadQueryLabelParameter takes [][]string (example for after parsing a CSV). The first slice must be the label key headers: role, app, env, and loc Each inner slice is an "AND" query The slices are pieces together using "OR" The PCE must be loaded with the labels

func (*PCE) WorkloadUpgrade

func (p *PCE) WorkloadUpgrade(wkldHref, targetVersion string) (APIResponse, error)

WorkloadUpgrade upgrades the VEN version on the workload

func (*PCE) WorkloadsUnpair

func (p *PCE) WorkloadsUnpair(wklds []Workload, ipTablesRestore string) ([]APIResponse, error)

WorkloadsUnpair unpairs workloads. There is no limit to the length of []Workloads. The method chunks the API calls into groups of 1,000 to conform to the Illumio API.

type PairingKey

type PairingKey struct {
	ActivationCode string `json:"activation_code,omitempty"`
}

PairingKey represents a VEN pairing key

type PairingProfile

type PairingProfile struct {
	AllowedUsesPerKey     string     `json:"allowed_uses_per_key,omitempty"`
	AppLabelLock          bool       `json:"app_label_lock"`
	CreatedAt             string     `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy `json:"created_by,omitempty"`
	Description           string     `json:"description,omitempty"`
	Enabled               bool       `json:"enabled"`
	EnvLabelLock          bool       `json:"env_label_lock"`
	ExternalDataReference string     `json:"external_data_reference,omitempty"`
	ExternalDataSet       string     `json:"external_data_set,omitempty"`
	Href                  string     `json:"href,omitempty"`
	IsDefault             bool       `json:"is_default,omitempty"`
	KeyLifespan           string     `json:"key_lifespan,omitempty"`
	Labels                []*Label   `json:"labels,omitempty"`
	LastPairingAt         string     `json:"last_pairing_at,omitempty"`
	LocLabelLock          bool       `json:"loc_label_lock"`
	LogTraffic            bool       `json:"log_traffic"`
	LogTrafficLock        bool       `json:"log_traffic_lock"`
	Mode                  string     `json:"mode,omitempty"`
	ModeLock              bool       `json:"mode_lock"`
	Name                  string     `json:"name,omitempty"`
	RoleLabelLock         bool       `json:"role_label_lock"`
	TotalUseCount         int        `json:"total_use_count,omitempty"`
	UpdatedAt             string     `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy `json:"updated_by,omitempty"`
	VisibilityLevel       string     `json:"visibility_level,omitempty"`
	VisibilityLevelLock   bool       `json:"visibility_level_lock"`
}

PairingProfile represents a pairing profile in the Illumio PCE

type PortOverrides

type PortOverrides struct {
	Port    int `json:"port"`
	Proto   int `json:"proto"`
	NewPort int `json:"new_port"`
}

PortOverrides override a port on a virtual service binding.

type PortProtos

type PortProtos struct {
	Include []Include `json:"include"`
	Exclude []Exclude `json:"exclude"`
}

PortProtos represents the ports and protocols query portion of the exporer API

type ProductVersion

type ProductVersion struct {
	Build           int    `json:"build,omitempty"`
	EngineeringInfo string `json:"engineering_info,omitempty"`
	LongDisplay     string `json:"long_display,omitempty"`
	ReleaseInfo     string `json:"release_info,omitempty"`
	ShortDisplay    string `json:"short_display,omitempty"`
	Version         string `json:"version,omitempty"`
}

ProductVersion represents the version of the product

type Providers

type Providers struct {
	Actors         string          `json:"actors,omitempty"`
	IPList         *IPList         `json:"ip_list,omitempty"`
	Label          *Label          `json:"label,omitempty"`
	LabelGroup     *LabelGroup     `json:"label_group,omitempty"`
	VirtualServer  *VirtualServer  `json:"virtual_server,omitempty"`
	VirtualService *VirtualService `json:"virtual_service,omitempty"`
	Workload       *Workload       `json:"workload,omitempty"`
}

Providers - more info to follow

type Provision

type Provision struct {
	ChangeSubset      *ChangeSubset `json:"change_subset,omitempty"`
	UpdateDescription string        `json:"update_description,omitempty"`
}

Provision is sent to the PCE to provision policy objects

type QualifyTest

type QualifyTest struct {
	Status                    *string   `json:"status"`
	IpsecServiceEnabled       *string   `json:"ipsec_service_enabled"` // Using a string to differentiate between false and empty
	Ipv4ForwardingEnabled     *string   `json:"ipv4_forwarding_enabled"`
	Ipv4ForwardingPktCnt      *string   `json:"ipv4_forwarding_pkt_cnt"`
	IptablesRuleCnt           *string   `json:"iptables_rule_cnt"`
	Ipv6GlobalScope           *string   `json:"ipv6_global_scope"`
	Ipv6ActiveConnCnt         *string   `json:"ipv6_active_conn_cnt"`
	IP6TablesRuleCnt          *string   `json:"ip6tables_rule_cnt"`
	RoutingTableConflict      *string   `json:"routing_table_conflict"`
	IPv6Enabled               *string   `json:"IPv6_enabled"`
	UnwantedNics              *string   `json:"Unwanted_nics"`
	GroupPolicy               *string   `json:"Group_policy"`
	RequiredPackagesInstalled *string   `json:"required_packages_installed"` // Using a string to differentiate between false and empty
	RequiredPackagesMissing   *[]string `json:"required_packages_missing"`
}

QualifyTest is part of compatibility report

type ResolveLabelsAs

type ResolveLabelsAs struct {
	Consumers []string `json:"consumers"`
	Providers []string `json:"providers"`
}

ResolveLabelsAs - more info to follow

type Results

type Results struct {
	QualifyTests []QualifyTest `json:"qualify_tests"`
}

Results are the list of qualify tests

type Rule

type Rule struct {
	CreatedAt                   string                         `json:"created_at,omitempty"`
	CreatedBy                   *CreatedBy                     `json:"created_by,omitempty"`
	DeletedAt                   string                         `json:"deleted_at,omitempty"`
	DeletedBy                   *DeletedBy                     `json:"deleted_by,omitempty"`
	Consumers                   []*Consumers                   `json:"consumers,omitempty"`
	ConsumingSecurityPrincipals []*ConsumingSecurityPrincipals `json:"consuming_security_principals,omitempty"`
	Description                 string                         `json:"description,omitempty"`
	Enabled                     *bool                          `json:"enabled,omitempty"`
	ExternalDataReference       string                         `json:"external_data_reference,omitempty"`
	ExternalDataSet             string                         `json:"external_data_set,omitempty"`
	Href                        string                         `json:"href,omitempty"`
	IngressServices             *[]*IngressServices            `json:"ingress_services,omitempty"`
	Providers                   []*Providers                   `json:"providers,omitempty"`
	ResolveLabelsAs             *ResolveLabelsAs               `json:"resolve_labels_as,omitempty"`
	SecConnect                  *bool                          `json:"sec_connect,omitempty"`
	Stateless                   *bool                          `json:"stateless,omitempty"`
	MachineAuth                 *bool                          `json:"machine_auth,omitempty"`
	UnscopedConsumers           *bool                          `json:"unscoped_consumers,omitempty"`
	UpdateType                  string                         `json:"update_type,omitempty"`
	UpdatedAt                   string                         `json:"updated_at,omitempty"`
	UpdatedBy                   *UpdatedBy                     `json:"updated_by,omitempty"`
}

Rule - more info to follow

func (*Rule) GetRuleSetHrefFromRuleHref

func (r *Rule) GetRuleSetHrefFromRuleHref() string

GetRuleSetHrefFromRuleHref returns the href of a ruleset based on the rule's href

type RuleSet

type RuleSet struct {
	CreatedAt             string           `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy       `json:"created_by,omitempty"`
	DeletedAt             string           `json:"deleted_at,omitempty"`
	DeletedBy             *DeletedBy       `json:"deleted_by,omitempty"`
	Description           string           `json:"description,omitempty"`
	Enabled               *bool            `json:"enabled,omitempty"`
	ExternalDataReference string           `json:"external_data_reference,omitempty"`
	ExternalDataSet       string           `json:"external_data_set,omitempty"`
	Href                  string           `json:"href,omitempty"`
	IPTablesRules         []*IPTablesRules `json:"ip_tables_rules,omitempty"`
	Name                  string           `json:"name,omitempty"`
	Rules                 []*Rule          `json:"rules,omitempty"`
	Scopes                [][]*Scopes      `json:"scopes,omitempty"`
	UpdateType            string           `json:"update_type,omitempty"`
	UpdatedAt             string           `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy       `json:"updated_by,omitempty"`
}

RuleSet - more info to follow

type Scopes

type Scopes struct {
	Label      *Label      `json:"label,omitempty"`
	LabelGroup *LabelGroup `json:"label_group,omitempty"`
}

Scopes - more info to follow

type SecureConnect

type SecureConnect struct {
	MatchingIssuerName string `json:"matching_issuer_name,omitempty"`
}

SecureConnect represents SecureConnect for an Agent on a Workload

type SecureConnectGateways

type SecureConnectGateways struct {
	Href string `json:"href"`
}

SecureConnectGateways represent SecureConnectGateways in provisioning

type Service

type Service struct {
	CreatedAt             string            `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy        `json:"created_by,omitempty"`
	DeletedAt             string            `json:"deleted_at,omitempty"`
	DeletedBy             *DeletedBy        `json:"deleted_by,omitempty"`
	Description           string            `json:"description,omitempty"`
	DescriptionURL        string            `json:"description_url,omitempty"`
	ExternalDataReference string            `json:"external_data_reference,omitempty"`
	ExternalDataSet       string            `json:"external_data_set,omitempty"`
	Href                  string            `json:"href,omitempty"`
	Name                  string            `json:"name"`
	ProcessName           string            `json:"process_name,omitempty"`
	ServicePorts          []*ServicePort    `json:"service_ports,omitempty"`
	UpdateType            string            `json:"update_type,omitempty"`
	UpdatedAt             string            `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy        `json:"updated_by,omitempty"`
	WindowsServices       []*WindowsService `json:"windows_services,omitempty"`
}

Service represent a service in the Illumio PCE

func (*Service) ParseService

func (s *Service) ParseService() (windowsServices, servicePorts []string)

ParseService returns a slice of WindowsServices and ServicePorts from an Illumio service object

func (*Service) ToExplorer added in v1.6.0

func (s *Service) ToExplorer() ([]Include, []Exclude)

ToExplorer takes a service and returns an explorer query include and exclude

type ServiceAddresses

type ServiceAddresses struct {
	IP          string   `json:"ip,omitempty"`
	Network     *Network `json:"network,omitempty"`
	Fqdn        string   `json:"fqdn,omitempty"`
	Description string   `json:"description,omitempty"`
}

ServiceAddresses are FQDNs for Virtual Services

type ServiceBinding

type ServiceBinding struct {
	Href           string          `json:"href,omitempty"`
	VirtualService VirtualService  `json:"virtual_service"`
	Workload       Workload        `json:"workload"`
	PortOverrides  []PortOverrides `json:"port_overrides,omitempty"`
}

A ServiceBinding binds a worklad to a Virtual Service

type ServicePort

type ServicePort struct {
	IcmpCode int `json:"icmp_code,omitempty"`
	IcmpType int `json:"icmp_type,omitempty"`
	ID       int `json:"id,omitempty"`
	Port     int `json:"port,omitempty"`
	Protocol int `json:"proto,omitempty"`
	ToPort   int `json:"to_port,omitempty"`
}

ServicePort represent port and protocol information for a non-Windows service

type Services

type Services struct {
	CreatedAt        string              `json:"created_at,omitempty"`
	OpenServicePorts []*OpenServicePorts `json:"open_service_ports,omitempty"`
	UptimeSeconds    int                 `json:"uptime_seconds,omitempty"`
}

Services represent the Services running on a Workload

type Sources

type Sources struct {
	Include [][]Include `json:"include"`
	Exclude []Exclude   `json:"exclude"`
}

Sources represents the sources query portion of the explorer API

type Src

type Src struct {
	IP       string     `json:"ip"`
	Workload *Workload  `json:"workload,omitempty"`
	FQDN     string     `json:"fqdn,omitempty"`
	IPLists  *[]*IPList `json:"ip_lists"`
}

Src is the consumer workload details

type Statements

type Statements struct {
	ChainName  string `json:"chain_name"`
	Parameters string `json:"parameters"`
	TableName  string `json:"table_name"`
}

Statements are part of a custom IPTables rule

type Status

type Status struct {
	AgentHealth              []*AgentHealth     `json:"agent_health,omitempty"`
	AgentHealthErrors        *AgentHealthErrors `json:"agent_health_errors,omitempty"`
	AgentVersion             string             `json:"agent_version,omitempty"`
	FirewallRuleCount        int                `json:"firewall_rule_count,omitempty"`
	FwConfigCurrent          bool               `json:"fw_config_current,omitempty"`
	InstanceID               string             `json:"instance_id,omitempty"`
	LastHeartbeatOn          string             `json:"last_heartbeat_on,omitempty"`
	ManagedSince             string             `json:"managed_since,omitempty"`
	SecurityPolicyAppliedAt  string             `json:"security_policy_applied_at,omitempty"`
	SecurityPolicyReceivedAt string             `json:"security_policy_received_at,omitempty"`
	SecurityPolicyRefreshAt  string             `json:"security_policy_refresh_at,omitempty"`
	SecurityPolicySyncState  string             `json:"security_policy_sync_state,omitempty"`
	Status                   string             `json:"status,omitempty"`
	UID                      string             `json:"uid,omitempty"`
	UptimeSeconds            int                `json:"uptime_seconds,omitempty"`
}

Status represents the Status of an Agent on a Workload

type SubGroups

type SubGroups struct {
	Href string `json:"href"`
	Name string `json:"name,omitempty"`
}

SubGroups represent SubGroups for Label Groups

type TimestampRange

type TimestampRange struct {
	FirstDetected string `json:"first_detected"`
	LastDetected  string `json:"last_detected"`
}

TimestampRange is used to limit queries ranges for the flow detected

type TrafficAnalysis

type TrafficAnalysis struct {
	Dst            *Dst            `json:"dst"`
	NumConnections int             `json:"num_connections"`
	PolicyDecision string          `json:"policy_decision"`
	ExpSrv         *ExpSrv         `json:"service"`
	Src            *Src            `json:"src"`
	TimestampRange *TimestampRange `json:"timestamp_range"`
	Transmission   string          `json:"transmission"`
}

TrafficAnalysis represents the response from the explorer API

func DedupeExplorerTraffic

func DedupeExplorerTraffic(first, second []TrafficAnalysis) []TrafficAnalysis

DedupeExplorerTraffic takes two traffic responses and returns a de-duplicated result set

type TrafficAnalysisRequest

type TrafficAnalysisRequest struct {
	Sources                    Sources          `json:"sources"`
	Destinations               Destinations     `json:"destinations"`
	ExplorerServices           ExplorerServices `json:"services"`
	StartDate                  time.Time        `json:"start_date,omitempty"`
	EndDate                    time.Time        `json:"end_date,omitempty"`
	PolicyDecisions            []string         `json:"policy_decisions"`
	MaxResults                 int              `json:"max_results,omitempty"`
	SourcesDestinationsQueryOp string           `json:"sources_destinations_query_op,omitempty"`
}

TrafficAnalysisRequest represents the payload object for the traffic analysis POST request

type TrafficQuery

type TrafficQuery struct {
	SourcesInclude      [][]string
	SourcesExclude      []string
	DestinationsInclude [][]string
	DestinationsExclude []string
	// PortProtoInclude and PortProtoExclude entries should be in the format of [port, protocol]
	// Example [80, 6] is Port 80 TCP.
	PortProtoInclude [][2]int
	PortProtoExclude [][2]int
	// PortRangeInclude and PortRangeExclude entries should be of the format [fromPort, toPort, protocol]
	// Example - [1000, 2000, 6] is Ports 1000-2000 TCP.
	PortRangeInclude      [][3]int
	PortRangeExclude      [][3]int
	ProcessInclude        []string
	WindowsServiceInclude []string
	ProcessExclude        []string
	WindowsServiceExclude []string
	StartTime             time.Time
	EndTime               time.Time
	PolicyStatuses        []string
	MaxFLows              int
	TransmissionExcludes  []string // Example: []string{"broadcast", "multicast"} will only get unicast traffic
	QueryOperator         string   // Value should be "and" or "or". "and" is used by default
}

TrafficQuery is the struct to be passed to the GetTrafficAnalysis function

type Unpair

type Unpair struct {
	Workloads      []Workload `json:"workloads"`
	IPTableRestore string     `json:"ip_table_restore"`
}

Unpair is the payload for using the API to unpair workloads.

type UpdatedBy

type UpdatedBy struct {
	Href string `json:"href"`
}

UpdatedBy represents the UpdatedBy property of an object

type UploadFlowResults

type UploadFlowResults struct {
	FlowResps       []FlowUploadResp
	APIResps        []APIResponse
	TotalFlowsInCSV int
}

UploadFlowResults is the struct returned to the user when using the pce.UploadTraffic() method

type Usage

type Usage struct {
	LabelGroup         bool `json:"label_group"`
	Rule               bool `json:"rule"`
	Ruleset            bool `json:"ruleset"`
	StaticPolicyScopes bool `json:"static_policy_scopes,omitempty"`
}

Usage covers how a LabelGroup is used in the PCE

type UserLogin

type UserLogin struct {
	AuthUsername                string          `json:"auth_username,omitempty"`
	FullName                    string          `json:"full_name,omitempty"`
	Href                        string          `json:"href,omitempty"`
	InactivityExpirationMinutes int             `json:"inactivity_expiration_minutes,omitempty"`
	LastLoginIPAddress          string          `json:"last_login_ip_address,omitempty"`
	LastLoginOn                 string          `json:"last_login_on,omitempty"`
	ProductVersion              *ProductVersion `json:"product_version,omitempty"`
	SessionToken                string          `json:"session_token,omitempty"`
	TimeZone                    string          `json:"time_zone,omitempty"`
	Type                        string          `json:"type,omitempty"`
	Orgs                        []*Org          `json:"orgs,omitempty"`
}

UserLogin represents a user logging in via password to get a session key

type VEN added in v1.19.0

type VEN struct {
	Href     string `json:"href"`
	Hostname string `json:"hostname"`
	Name     string `json:"name"`
	Status   string `json:"status"`
}

type Version

type Version struct {
	Version      string `json:"version"`
	Build        int    `json:"build"`
	LongDisplay  string `json:"long_display"`
	ShortDisplay string `json:"short_display"`
	Major        int
	Minor        int
	Patch        int
}

Version represents the version of the PCE

type VirtualServer

type VirtualServer struct {
	Href                    string                   `json:"href,omitempty"`
	CreatedAt               string                   `json:"created_at,omitempty"`
	UpdatedAt               string                   `json:"updated_at,omitempty"`
	DeletedAt               string                   `json:"deleted_at,omitempty"`
	CreatedBy               *CreatedBy               `json:"created_by,omitempty"`
	UpdatedBy               *UpdatedBy               `json:"updated_by,omitempty"`
	DeletedBy               *DeletedBy               `json:"deleted_by,omitempty"`
	Name                    string                   `json:"name,omitempty"`
	Description             string                   `json:"description,omitempty"`
	DiscoveredVirtualServer *DiscoveredVirtualServer `json:"discovered_virtual_server,omitempty"`
	DvsName                 string                   `json:"dvs_name,omitempty"`
	DvsIdentifier           string                   `json:"dvs_identifier,omitempty"`
	Labels                  []*Label                 `json:"labels,omitempty"`
	Service                 *Service                 `json:"service,omitempty"`
	Providers               []interface{}            `json:"providers,omitempty"`
	Mode                    string                   `json:"mode,omitempty"`
}

VirtualServer represents a VirtualServer in the PCE

type VirtualServers

type VirtualServers struct {
	Href string `json:"href"`
}

VirtualServers reresent virtual servers in provisioning

type VirtualService

type VirtualService struct {
	ApplyTo               string              `json:"apply_to,omitempty"`
	CreatedAt             string              `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy          `json:"created_by,omitempty"`
	DeletedAt             string              `json:"deleted_at,omitempty"`
	DeletedBy             *DeletedBy          `json:"deleted_by,omitempty"`
	Description           string              `json:"description,omitempty"`
	ExternalDataReference string              `json:"external_data_reference,omitempty"`
	ExternalDataSet       string              `json:"external_data_set,omitempty"`
	Href                  string              `json:"href,omitempty"`
	IPOverrides           []string            `json:"ip_overrides,omitempty"`
	Labels                []*Label            `json:"labels,omitempty"`
	Name                  string              `json:"name,omitempty"`
	PceFqdn               string              `json:"pce_fqdn,omitempty"`
	Service               *Service            `json:"service,omitempty"`
	ServiceAddresses      []*ServiceAddresses `json:"service_addresses,omitempty"`
	ServicePorts          []*ServicePort      `json:"service_ports,omitempty"`
	UpdateType            string              `json:"update_type,omitempty"`
	UpdatedAt             string              `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy          `json:"updated_by,omitempty"`
}

A VirtualService represents a Virtual Service in the Illumio PCE

func (*VirtualService) Sanitize

func (vs *VirtualService) Sanitize()

Sanitize removes fields for an update

func (*VirtualService) SetActive

func (vs *VirtualService) SetActive() VirtualService

SetActive changes the HREF of the Virtual Service Object to Active

type Vulnerability

type Vulnerability struct {
	CreatedAt   string     `json:"created_at,omitempty"`
	CreatedBy   *CreatedBy `json:"created_by,omitempty"`
	CveIds      []string   `json:"cve_ids,omitempty"`
	Description string     `json:"description,omitempty"`
	Href        string     `json:"href,omitempty"`
	Name        string     `json:"name,omitempty"`
	Score       int        `json:"score,omitempty"`
	UpdatedAt   string     `json:"updated_at,omitempty"`
	UpdatedBy   *UpdatedBy `json:"updated_by,omitempty"`
}

Vulnerability represents a vulnerability in the Illumio PCE

type VulnerabilityReport

type VulnerabilityReport struct {
	Authoritative      bool       `json:"authoritative,omitempty"`
	CreatedAt          string     `json:"created_at,omitempty"`
	CreatedBy          *CreatedBy `json:"created_by,omitempty"`
	Href               string     `json:"href,omitempty"`
	Name               string     `json:"name,omitempty"`
	NumVulnerabilities int        `json:"num_vulnerabilities,omitempty"`
	ReportType         string     `json:"report_type,omitempty"`
	ScannedIps         []string   `json:"scanned_ips,omitempty"`
	UpdatedAt          string     `json:"updated_at,omitempty"`
	UpdatedBy          *UpdatedBy `json:"updated_by,omitempty"`
}

VulnerabilityReport represents a vulnerability report in the Illumio PCE

type WindowsService

type WindowsService struct {
	IcmpCode    int    `json:"icmp_code,omitempty"`
	IcmpType    int    `json:"icmp_type,omitempty"`
	Port        int    `json:"port,omitempty"`
	ProcessName string `json:"process_name,omitempty"`
	Protocol    int    `json:"proto,omitempty"`
	ServiceName string `json:"service_name,omitempty"`
	ToPort      int    `json:"to_port,omitempty"`
}

WindowsService represents port and protocol information for a Windows service

type Workload

type Workload struct {
	Agent                 *Agent       `json:"agent,omitempty"`
	CreatedAt             string       `json:"created_at,omitempty"`
	CreatedBy             *CreatedBy   `json:"created_by,omitempty"`
	DataCenter            string       `json:"data_center,omitempty"`
	DataCenterZone        string       `json:"data_center_zone,omitempty"`
	DeleteType            string       `json:"delete_type,omitempty"`
	Deleted               *bool        `json:"deleted,omitempty"`
	DeletedAt             string       `json:"deleted_at,omitempty"`
	DeletedBy             *DeletedBy   `json:"deleted_by,omitempty"`
	Description           string       `json:"description,omitempty"`
	DistinguishedName     string       `json:"distinguished_name,omitempty"`
	EnforcementMode       string       `json:"enforcement_mode,omitempty"`
	ExternalDataReference string       `json:"external_data_reference,omitempty"`
	ExternalDataSet       string       `json:"external_data_set,omitempty"`
	Hostname              string       `json:"hostname,omitempty"`
	Href                  string       `json:"href,omitempty"`
	IgnoredInterfaceNames *[]string    `json:"ignored_interface_names,omitempty"`
	Interfaces            []*Interface `json:"interfaces,omitempty"`
	Labels                *[]*Label    `json:"labels,omitempty"` // This breaks the removing all labels
	Name                  string       `json:"name,omitempty"`
	Online                bool         `json:"online,omitempty"`
	OsDetail              string       `json:"os_detail,omitempty"`
	OsID                  string       `json:"os_id,omitempty"`
	PublicIP              string       `json:"public_ip,omitempty"`
	ServicePrincipalName  string       `json:"service_principal_name,omitempty"`
	ServiceProvider       string       `json:"service_provider,omitempty"`
	Services              *Services    `json:"services,omitempty"`
	UpdatedAt             string       `json:"updated_at,omitempty"`
	UpdatedBy             *UpdatedBy   `json:"updated_by,omitempty"`
	VEN                   *VEN         `json:"ven,omitempty"`
	VisibilityLevel       string       `json:"visibility_level,omitempty"`
}

A Workload represents a workload in the PCE

func (*Workload) ChangeLabel

func (w *Workload) ChangeLabel(pce PCE, targetKey, newValue string) (PCE, error)

ChangeLabel updates a workload struct with new label href. It does not call the Illumio API to update the workload in the PCE. Use pce.UpdateWorkload() or bulk update for that. The method returns the labelMapH in case it needs to create a new label.

func (*Workload) GetApp

func (w *Workload) GetApp(labelMap map[string]Label) Label

GetApp takes a map of labels with the href string as the key and returns the app label for a workload. To get the LabelMap call GetLabelMapH.

func (*Workload) GetAppGroup

func (w *Workload) GetAppGroup(labelMap map[string]Label) string

GetAppGroup returns the app group string of a workload in the format of App | Env. If the workload does not have an app or env label, "NO APP GROUP" is returned. Use GetAppGroupL to include the loc label in the app group.

func (*Workload) GetAppGroupL

func (w *Workload) GetAppGroupL(labelMap map[string]Label) string

GetAppGroupL returns the app group string of a workload in the format of App | Env | Loc. If the workload does not have an app, env, or loc label, "NO APP GROUP" is returned. Use GetAppGroup to only use app and env in App Group.

func (*Workload) GetCIDR

func (w *Workload) GetCIDR(ip string) string

GetCIDR returns the CIDR Block for a workload's IP address The CIDR value is returned as a string (e.g., "/24"). If the CIDR value is not known (e.g., unmanaged workloads) it returns "NA" If the provided IP address is not attached to the workload, GetCIDR returns "NA".

func (*Workload) GetDefaultGW

func (w *Workload) GetDefaultGW() string

GetDefaultGW returns the default gateway for a workload. If the workload does not have a default gateway (many unmanaged workloads) it will return "NA"

func (*Workload) GetEnv

func (w *Workload) GetEnv(labelMap map[string]Label) Label

GetEnv takes a map of labels with the href string as the key and returns the env label for a workload. To get the LabelMap call GetLabelMapH.

func (*Workload) GetIPWithDefaultGW

func (w *Workload) GetIPWithDefaultGW() string

GetIPWithDefaultGW returns the IP address of the interface that has the default gateway If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"

func (*Workload) GetInterfaceName

func (w *Workload) GetInterfaceName(ip string) string

GetInterfaceName returns the interface name for a workload's IP address If the provided IP address is not attached to the workload, GetInterfaceName returns "NA".

func (*Workload) GetLoc

func (w *Workload) GetLoc(labelMap map[string]Label) Label

GetLoc takes a map of labels with the href string as the key and returns the loc label for a workload. To get the LabelMap call GetLabelMapH.

func (*Workload) GetMode

func (w *Workload) GetMode() string

GetMode returns the mode of the workloads. The returned value in 20.2 and newer PCEs will be unmanaged, idle, visibility_only, full, or selective. For visibility levels, use the w.GetVisibilityLevel() method.

The returned value in 20.1 and lower PCEs will be unmanaged, idle, build, test, enforced-no, enforced-low, enforced-high. The enforced options represent no logging, low details, and high detail.

func (*Workload) GetNetMask

func (w *Workload) GetNetMask(ip string) string

GetNetMask returns the netmask for a workload's IP address The value is returned as a string (e.g., "255.0.0.0") If the value is not known (e.g., unmanaged workloads) it returns "NA" If the provided IP address is not attached to the workload, GetNetMask returns "NA".

func (*Workload) GetNetMaskWithDefaultGW

func (w *Workload) GetNetMaskWithDefaultGW() string

GetNetMaskWithDefaultGW returns the netmask of the ip address that has the default gateway If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"

func (*Workload) GetNetwork

func (w *Workload) GetNetwork(ip string) string

GetNetwork returns the network of a workload's IP address.

func (*Workload) GetNetworkWithDefaultGateway

func (w *Workload) GetNetworkWithDefaultGateway() string

GetNetworkWithDefaultGateway returns the CIDR notation of the network of the interface with the default gateway. If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"

func (*Workload) GetRole

func (w *Workload) GetRole(labelMap map[string]Label) Label

GetRole takes a map of labels with the href string as the key and returns the role label for a workload. To get the LabelMap call GetLabelMapH.

func (*Workload) GetVisibilityLevel added in v1.26.0

func (w *Workload) GetVisibilityLevel() string

func (*Workload) HoursSinceLastHeartBeat

func (w *Workload) HoursSinceLastHeartBeat() float64

HoursSinceLastHeartBeat returns the hours since the last beat. -9999 is returned for unmanaged workloads or when it cannot be calculated.

func (*Workload) LabelsMatch

func (w *Workload) LabelsMatch(role, app, env, loc string, labelMap map[string]Label) bool

LabelsMatch checks if the workload matches the provided labels. Blank values ("") for role, app, env, or loc mean no label assigned for that key. A single asterisk (*) can be used to represent any in a particular key. For example, using "*" for role will return true as long as the app, env, and loc match.

func (*Workload) SanitizeBulkUpdate

func (w *Workload) SanitizeBulkUpdate()

SanitizeBulkUpdate removes the properites necessary for a bulk update

func (*Workload) SanitizePut

func (w *Workload) SanitizePut()

SanitizePut removes the necessary properties to update an unmanaged and managed workload

func (*Workload) SetMode

func (w *Workload) SetMode(m string) error

SetMode adjusts the workload to reflect the assigned mode. Nothing is changed in the PCE. To reflect the change in the PCE use SetMode method followed by PCE.UpdateWorkload() method.

Valid options in 20.2 and newer PCEs are idle, visibility_only, full, and selective. For visibility levels, use the w.SetVisibilityLevel() method.

Valid options in 20.1 and lower PCEs are idle, build, test, enforced-no, enforced-low, enforced-high. The enforced options represent no logging, low details, and high detail.

func (*Workload) SetVisibilityLevel added in v1.19.0

func (w *Workload) SetVisibilityLevel(v string) error

SetVisibilityLevel adjusts the workload to reflect the assigned visibility level. Nothing is changed in the PCE. To reflect the change in the PCE use SetVisibilityLevel method followed by PCE.UpdateWorkload() method.

Valid options in 20.2 and newer PCEs are flow_summary, flow_drops, flow_off, or enhanced_data_collection

20.1 PCEs and lower do not use this method.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL