aws

package
v1.0.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 30, 2024 License: MPL-2.0 Imports: 39 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultMPRegion     = "us-east-1"
	DefaultMPRegionHost = "api.us-east-1.aws.cloudngfw.paloaltonetworks.com"
)

AWS account onboarding related constants.

View Source 
const (
	PermissionFirewall        = "firewall"
	PermissionRulestack       = "rulestack"
	PermissionGlobalRulestack = "global rulestack"
	PermissionAccount         = "account admin"
	PermissionAccountAdminJWT = "account admin JWT"

	AuthTypeIAMRole    = "AuthTypeIAMRole"
	AuthTypeCognito    = "AuthTypeCognito"
	AuthTypeExternalID = "AuthTypeExternalID"
)
View Source 
const (
	LocalScope  = "Local"
	GlobalScope = "Global"
)

Variables

This section is empty.

Functions

func B64EncodeGzip 

func B64EncodeGzip(data []byte) (string, error)

func GetPermission 

func GetPermission(v string) (string, error)

Choose returns the correct JWT style for the given scope.

Types

type Client 

type Client struct {
	CognitoClient   *cognito.CognitoIdentityProvider
	Tenant          string            `json:"tenant"`
	ExternalID      string            `json:"externalID"`
	Region          string            `json:"region"`
	MPRegion        string            `json:"mp_region"`
	UserName        string            `json:"userName"`
	Password        string            `json:"b64"`
	UserPoolID      string            `json:"userPoolID"`
	AppClientID     string            `json:"appClientID"`
	AppClientSecret string            `json:"appClientSecret"`
	Host            string            `json:"host"`
	MPRegionHost    string            `json:"mp_region_host"`
	AccessKey       string            `json:"access-key"`
	Profile         string            `json:"profile"`
	SyncMode        bool              `json:"sync_mode"`
	SecretKey       string            `json:"secret-key"`
	Protocol        string            `json:"protocol"`
	Timeout         int               `json:"timeout"`
	ResourceTimeout int               `json:"resource_timeout"`
	Headers         map[string]string `json:"headers"`
	Agent           string            `json:"agent"`

	AuthType string `json:"-"`

	LfaArn       string `json:"lfa-arn"`
	LraArn       string `json:"lra-arn"`
	GraArn       string `json:"gra-arn"`
	AcctAdminArn string `json:"account-admin-arn"`
	Arn          string `json:"arn"`

	AuthFile         string `json:"auth-file"`
	CheckEnvironment bool   `json:"-"`

	SkipVerifyCertificate bool            `json:"skip-verify-certificate"`
	Transport             *http.Transport `json:"-"`

	// Various logging params.
	Logging               uint32   `json:"-"`
	LoggingFromInitialize []string `json:"logging"`

	// Configured by Initialize().
	FirewallAdminJwt               string     `json:"-"`
	FirewallAdminJwtExpTime        time.Time  `json:"-"`
	FirewallSubscriptionKey        string     `json:"-"`
	FirewallAdminMutex             sync.Mutex `json:"-"`
	RulestackAdminJwt              string     `json:"-"`
	RulestackAdminJwtExpTime       time.Time  `json:"-"`
	RulestackSubscriptionKey       string     `json:"-"`
	RulestackAdminMutex            sync.Mutex `json:"-"`
	GlobalRulestackAdminJwt        string     `json:"-"`
	GlobalRulestackAdminJwtExpTime time.Time  `json:"-"`
	GlobalRulestackSubscriptionKey string     `json:"-"`
	GlobalRulestackAdminMutex      sync.Mutex `json:"-"`
	CloudRulestackAdminJwt         string     `json:"-"`
	CloudRulestackAdminJwtExpTime  time.Time  `json:"-"`
	CloudRulestackSubscriptionKey  string     `json:"-"`
	CloudRulestackAdminMutex       sync.Mutex `json:"-"`
	AccountAdminJwt                string     `json:"-"`
	AccountAdminJwtExpTime         time.Time  `json:"-"`
	AccountAdminSubscriptionKey    string     `json:"-"`
	AccountAdminMutex              sync.Mutex `json:"-"`

	// Initialized during Setup().
	HttpClient       *http.Client
	SecureHttpClient *http.Client
	AuthURL          string

	// Used for unit tests
	Mock       bool
	MockedResp func() ([]byte, error)
	// contains filtered or unexported fields
}

Client is the client.

func (*Client) AddTagsForFirewall 

func (c *Client) AddTagsForFirewall(ctx context.Context, input firewall.AddTagsInput) error

AddTags adds the given tags to the firewall.

func (*Client) AddTagsRuleStack 

func (c *Client) AddTagsRuleStack(ctx context.Context, input stack.AddTagsInput) error

AddTags adds tags to the specified rulestack.

func (*Client) ApplyTagsRuleStack 

func (c *Client) ApplyTagsRuleStack(ctx context.Context, input stack.AddTagsInput) error

ApplyTags applies the tags to this rulestack, performing a create and delete if needed.

func (*Client) AssociateGlobalRuleStack 

func (c *Client) AssociateGlobalRuleStack(ctx context.Context, input firewall.AssociateInput) (firewall.AssociateOutput, error)

Associate Firewall to Global rulestack

func (*Client) CommitRuleStack 

func (c *Client) CommitRuleStack(ctx context.Context, input stack.SimpleInput) error

Commit commits the rulestack configuration.

func (*Client) CommitStatusRuleStack 

func (c *Client) CommitStatusRuleStack(ctx context.Context, input stack.SimpleInput) (stack.CommitStatus, error)

CommitStatus gets the commit status.

func (*Client) Communicate 

func (c *Client) Communicate(ctx context.Context, auth, method string, path []string, queryParams url.Values, input interface{}, output response.Failure, creds ...*sts.Credentials) (s []byte, e error)

Communicate sends information to the API.

Param auth should be one of the permissions constants or an empty string, which means not to add any JWTs to the API call.

Param method should be one of http.Method constants.

Param path should be a slice of path parts that will be joined together with the base apiPrefix to create the final API endpoint.

Param queryParams are the query params that should be appended to the API URL.

Param input is an interface that can be passed in to json.Marshal() to send to the API.

Param output is a pointer to a struct that will be filled with json.Unmarshal().

Param creds is only used internally for refreshing the JWTs and can otherwise be ignored.

This function returns the content of the body from the API call and any errors that may have been present. If this function got all the way to invoking the API and getting a response, then the error passed back will be a `api.Status` if an error was detected.

func (*Client) CreateAccount added in v1.0.5 

func (c *Client) CreateAccount(ctx context.Context, input account.CreateInput) (account.CreateOutput, error)

Create creates an object.

func (*Client) CreateCertificate 

func (c *Client) CreateCertificate(ctx context.Context, input certificate.Info) error

Create creates an object.

func (*Client) CreateFeed 

func (c *Client) CreateFeed(ctx context.Context, input feed.Info) error

Create creates an object.

func (*Client) CreateFirewall 

func (c *Client) CreateFirewall(ctx context.Context, input firewall.Info) (firewall.CreateOutput, error)

Create creates an object.

func (*Client) CreateFqdn 

func (c *Client) CreateFqdn(ctx context.Context, input fqdn.Info) error

Create creates an object.

func (*Client) CreatePrefixList 

func (c *Client) CreatePrefixList(ctx context.Context, input prefix.Info) error

Create creates an object.

func (*Client) CreateRuleStack 

func (c *Client) CreateRuleStack(ctx context.Context, input stack.Info) error

Create creates an object.

func (*Client) CreateSCMRuleStack 

func (c *Client) CreateSCMRuleStack(ctx context.Context, input stack.CreateSCMRuleStackInput) error

func (*Client) CreateSecurityRule 

func (c *Client) CreateSecurityRule(ctx context.Context, input security.Info) error

Create creates an object.

func (*Client) CreateUrlCustomCategory 

func (c *Client) CreateUrlCustomCategory(ctx context.Context, input url.Info) error

Create creates an object.

func (*Client) DeleteAccount added in v1.0.5 

func (c *Client) DeleteAccount(ctx context.Context, input account.DeleteInput) error

Delete the given account.

func (*Client) DeleteCertificate 

func (c *Client) DeleteCertificate(ctx context.Context, input certificate.DeleteInput) error

Delete removes the given object from the config.

func (*Client) DeleteFeed 

func (c *Client) DeleteFeed(ctx context.Context, input feed.DeleteInput) error

Delete removes the given object from the config.

func (*Client) DeleteFirewall 

func (c *Client) DeleteFirewall(ctx context.Context, input firewall.DeleteInput) error

Delete the given firewall.

func (*Client) DeleteFqdn 

func (c *Client) DeleteFqdn(ctx context.Context, input fqdn.DeleteInput) error

Delete removes the given object from the config.

func (*Client) DeletePrefixList 

func (c *Client) DeletePrefixList(ctx context.Context, input prefix.DeleteInput) error

Delete removes the given object from the config.

func (*Client) DeleteRuleStack 

func (c *Client) DeleteRuleStack(ctx context.Context, input stack.SimpleInput) error

Delete removes the given object from the config.

func (*Client) DeleteSecurityRule 

func (c *Client) DeleteSecurityRule(ctx context.Context, input security.DeleteInput) error

Delete removes the given object from the config.

func (*Client) DeleteUrlCustomCategory 

func (c *Client) DeleteUrlCustomCategory(ctx context.Context, input url.DeleteInput) error

Delete removes the given object from the config.

func (*Client) DescribeUrlCategoryActionOverride 

func (c *Client) DescribeUrlCategoryActionOverride(ctx context.Context, input predefinedurl.GetOverrideInput) (predefinedurl.GetOverrideOutput, error)

GetOverride returns the URL category override info.

func (*Client) DisAssociateGlobalRuleStack 

func (c *Client) DisAssociateGlobalRuleStack(ctx context.Context, input firewall.DisAssociateInput) (firewall.DisAssociateOutput, error)

Disassociate Firewall to Global rulestack

func (*Client) ExportRuleStackXML 

func (c *Client) ExportRuleStackXML(ctx context.Context, input stack.ReadInput) (stack.ExportRulestackXmlOutput, error)

export returns the rulestack XML.

func (*Client) GetCloudNGFWServiceToken 

func (c *Client) GetCloudNGFWServiceToken(ctx context.Context, info stack.AuthInput) (stack.AuthOutput, error)

func (*Client) GetMPRegion added in v1.0.5 

func (c *Client) GetMPRegion(ctx context.Context) string

func (*Client) GetProfile added in v1.0.7 

func (c *Client) GetProfile(ctx context.Context) string

func (*Client) GetResourceTimeout added in v1.0.1 

func (c *Client) GetResourceTimeout(ctx context.Context) int

func (*Client) IsSyncModeEnabled 

func (c *Client) IsSyncModeEnabled(ctx context.Context) bool

func (*Client) ListAccounts added in v1.0.5 

func (c *Client) ListAccounts(ctx context.Context, input account.ListInput) (account.ListOutput, error)

List returns a list of given objects.

func (*Client) ListAppID 

func (c *Client) ListAppID(ctx context.Context, input appid.ListInput) (appid.ListOutput, error)

List returns a list of objects.

func (*Client) ListCertificate 

func (c *Client) ListCertificate(ctx context.Context, input certificate.ListInput) (certificate.ListOutput, error)

ListCertificate returns a certificate.List of objects.

func (*Client) ListCountry 

func (c *Client) ListCountry(ctx context.Context, input country.ListInput) (country.ListOutput, error)

List returns a list of objects.

func (*Client) ListFeed 

func (c *Client) ListFeed(ctx context.Context, input feed.ListInput) (feed.ListOutput, error)

List returns a list of objects.

func (*Client) ListFirewall 

func (c *Client) ListFirewall(ctx context.Context, input firewall.ListInput) (firewall.ListOutput, error)

List returns a list of firewalls.

func (*Client) ListFqdn 

func (c *Client) ListFqdn(ctx context.Context, input fqdn.ListInput) (fqdn.ListOutput, error)

ListFqdn returns a fqdn.List of objects.

func (*Client) ListPrefixList 

func (c *Client) ListPrefixList(ctx context.Context, input prefix.ListInput) (prefix.ListOutput, error)

List returns a list of objects.

func (*Client) ListRuleStack 

func (c *Client) ListRuleStack(ctx context.Context, input stack.ListInput) (stack.ListOutput, error)

List returns a list of objects.

func (*Client) ListSecurityRule 

func (c *Client) ListSecurityRule(ctx context.Context, input security.ListInput) (security.ListOutput, error)

List returns a list of objects.

func (*Client) ListTagsForFirewall 

func (c *Client) ListTagsForFirewall(ctx context.Context, input firewall.ListTagsInput) (firewall.ListTagsOutput, error)

ListTags gets the tags for the given Firewall.

func (*Client) ListTagsRuleStack 

func (c *Client) ListTagsRuleStack(ctx context.Context, input stack.ListTagsInput) (stack.ListTagsOutput, error)

ListTags returns the list of tags for this rulestack.

func (*Client) ListUrlCategoriesActionOverride 

func (c *Client) ListUrlCategoriesActionOverride(ctx context.Context, input predefinedurl.ListOverridesInput) (predefinedurl.ListOverridesOutput, error)

ListOverrides returns URL categories with overrides specified.

func (*Client) ListUrlCustomCategory 

func (c *Client) ListUrlCustomCategory(ctx context.Context, input url.ListInput) (url.ListOutput, error)

List returns a list of objects.

func (*Client) ListUrlPredefinedCategories 

func (c *Client) ListUrlPredefinedCategories(ctx context.Context, input predefinedurl.ListInput) (predefinedurl.ListOutput, error)

List returns a list of objects.

func (*Client) Log 

func (c *Client) Log(method, msg string, i ...interface{})

Log logs an API action.

func (*Client) ModifyFirewall 

func (c *Client) ModifyFirewall(ctx context.Context, input firewall.Info) (bool, error)

Modify updates the modifiable parts of a NGFW.

This includes:

  • description
  • subnet mappings
  • app id version / automatic upgrade app id version
  • rulestack
  • tags

func (*Client) PollCommitRuleStack 

func (c *Client) PollCommitRuleStack(ctx context.Context, input stack.SimpleInput) (stack.CommitStatus, error)

PollCommit does the necessary looping to wait for a commit to complete.

func (*Client) ReadAccount added in v1.0.5 

func (c *Client) ReadAccount(ctx context.Context, input account.ReadInput) (account.ReadOutput, error)

Read returns information on the given object.

func (*Client) ReadAppID 

func (c *Client) ReadAppID(ctx context.Context, input appid.ReadInput) (appid.ReadOutput, error)

ReadAppId returns information on the given app-id version.

func (*Client) ReadApplication 

func (c *Client) ReadApplication(ctx context.Context, version, app string) (appid.ReadApplicationOutput, error)

ReadApplication returns information on the given application in the specified app-id.

func (*Client) ReadCertificate 

func (c *Client) ReadCertificate(ctx context.Context, input certificate.ReadInput) (certificate.ReadOutput, error)

Read returns information on the given object.

func (*Client) ReadFeed 

func (c *Client) ReadFeed(ctx context.Context, input feed.ReadInput) (feed.ReadOutput, error)

Read returns information on the given object.

func (*Client) ReadFirewall 

func (c *Client) ReadFirewall(ctx context.Context, input firewall.ReadInput) (firewall.ReadOutput, error)

Read returns information on the given object.

func (*Client) ReadFirewallLogprofile 

func (c *Client) ReadFirewallLogprofile(ctx context.Context, input logprofile.ReadInput) (logprofile.ReadOutput, error)

Read returns information on the given object.

func (*Client) ReadFqdn 

func (c *Client) ReadFqdn(ctx context.Context, input fqdn.ReadInput) (fqdn.ReadOutput, error)

Read returns information on the given object.

func (*Client) ReadPrefixList 

func (c *Client) ReadPrefixList(ctx context.Context, input prefix.ReadInput) (prefix.ReadOutput, error)

Read returns information on the given object.

func (*Client) ReadRuleStack 

func (c *Client) ReadRuleStack(ctx context.Context, input stack.ReadInput) (stack.ReadOutput, error)

Read returns information on the given object.

func (*Client) ReadSecurityRule 

func (c *Client) ReadSecurityRule(ctx context.Context, input security.ReadInput) (security.ReadOutput, error)

Read returns information on the given object.

func (*Client) ReadUrlCustomCategory 

func (c *Client) ReadUrlCustomCategory(ctx context.Context, input url.ReadInput) (url.ReadOutput, error)

Read returns information on the given object.

func (*Client) RefreshAccountAdminJwt added in v1.0.5 

func (c *Client) RefreshAccountAdminJwt(ctx context.Context) error

RefreshJwts refreshes all JWTs and stores them for future API calls.

func (*Client) RefreshCloudRulestackAdminJwt 

func (c *Client) RefreshCloudRulestackAdminJwt(ctx context.Context) error

func (*Client) RefreshFirewallAdminJwt 

func (c *Client) RefreshFirewallAdminJwt(ctx context.Context) error

RefreshJwts refreshes all JWTs and stores them for future API calls.

func (*Client) RefreshGlobalRulestackAdminJwt 

func (c *Client) RefreshGlobalRulestackAdminJwt(ctx context.Context) error

RefreshJwts refreshes all JWTs and stores them for future API calls.

func (*Client) RefreshRulestackAdminJwt 

func (c *Client) RefreshRulestackAdminJwt(ctx context.Context) error

RefreshJwts refreshes all JWTs and stores them for future API calls.

func (*Client) RemoveTagsForFirewall 

func (c *Client) RemoveTagsForFirewall(ctx context.Context, input firewall.RemoveTagsInput) error

RemoveTags removes the given tags from the firewall.

func (*Client) RemoveTagsRuleStack 

func (c *Client) RemoveTagsRuleStack(ctx context.Context, input stack.RemoveTagsInput) error

RemoveTags removes the given tags from the resource.

func (*Client) RequestJwt 

func (c *Client) RequestJwt(ctx context.Context, method string, path []string, queryParams url.Values, input interface{}, output response.Failure, creds ...*sts.Credentials) ([]byte, error)

func (*Client) RevertRuleStack 

func (c *Client) RevertRuleStack(ctx context.Context, input stack.SimpleInput) error

Revert reverts to the last good config.

func (*Client) SaveRuleStackXML 

func (c *Client) SaveRuleStackXML(ctx context.Context, input stack.SaveRulestackXmlInput) error

savepanrs saves the panorama rulestack XML in S3 bucket.

func (*Client) SetEndpoint 

func (c *Client) SetEndpoint(ctx context.Context, input api.EndPointInput) error

func (*Client) Setup 

func (c *Client) Setup() error

Setup configures the HttpClient param according to the combination of locally defined params, environment variables, and the JSON config file.

func (*Client) UpdateCertificate 

func (c *Client) UpdateCertificate(ctx context.Context, input certificate.Info) error

Update updates the given object.

func (*Client) UpdateFeed 

func (c *Client) UpdateFeed(ctx context.Context, input feed.Info) error

Update updates the given object.

func (*Client) UpdateFirewallContentVersion 

func (c *Client) UpdateFirewallContentVersion(ctx context.Context, input firewall.UpdateContentVersionInput) error

UpdateContentVersion updates the content version of the firewall.

func (*Client) UpdateFirewallDescription 

func (c *Client) UpdateFirewallDescription(ctx context.Context, input firewall.UpdateDescriptionInput) error

UpdateDescription updates the description of the firewall.

func (*Client) UpdateFirewallLogprofile 

func (c *Client) UpdateFirewallLogprofile(ctx context.Context, input logprofile.Info) error

Update updates the given object.

func (*Client) UpdateFirewallRulestack 

func (c *Client) UpdateFirewallRulestack(ctx context.Context, input firewall.UpdateRulestackInput) error

UpdateRulestack updates the rulestack for the given firewall.

func (*Client) UpdateFirewallSubnetMappings 

func (c *Client) UpdateFirewallSubnetMappings(ctx context.Context, input firewall.UpdateSubnetMappingsInput) error

UpdateSubnetMappings updates the subnet mappings of the firewall.

func (*Client) UpdateFqdn 

func (c *Client) UpdateFqdn(ctx context.Context, input fqdn.Info) error

Update updates the given object.

func (*Client) UpdatePrefixList 

func (c *Client) UpdatePrefixList(ctx context.Context, input prefix.Info) error

Update updates the given object.

func (*Client) UpdateRuleStack 

func (c *Client) UpdateRuleStack(ctx context.Context, input stack.Info) error

Update updates the given object.

func (*Client) UpdateSecurityRule 

func (c *Client) UpdateSecurityRule(ctx context.Context, input security.Info) error

Update updates the given object.

func (*Client) UpdateUrlCategoryActionOverride 

func (c *Client) UpdateUrlCategoryActionOverride(ctx context.Context, input predefinedurl.OverrideInput) error

Override specifies an override for a predefined URL category.

func (*Client) UpdateUrlCustomCategory 

func (c *Client) UpdateUrlCustomCategory(ctx context.Context, input url.Info) error

Update updates the given object.

func (*Client) ValidateRuleStack 

func (c *Client) ValidateRuleStack(ctx context.Context, input stack.SimpleInput) error

Validate validates the rulestack config.

type NgfwAuthInput 

type NgfwAuthInput struct {
	ExternalID       string
	Timeout          int
	HttpClient       *http.Client
	SecureHttpClient *http.Client
	RegionURL        string
	AuthURL          string
}

NgfwAuthInput struct

type Response 

type Response struct {
	Status response.Status `json:"ResponseStatus"`
}

Response is a generic response container.

This is useful if you don't care about the response from the API, as long as there wasn't any errors.

func (Response) Failed 

func (o Response) Failed() *response.Status

type TagDetails 

type TagDetails struct {
	Key   string `json:"Key"`
	Value string `json:"Value"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.