Documentation ¶
Index ¶
- Constants
- Variables
- func ExtractServerCert(host string, port int) ([]byte, error)
- func FixJson(data []byte, st interface{}) error
- func GetEndpointUrl(endpointName string) string
- func GetSessionRestUrl(services []Services) (string, string, error)
- func IsFileExist(filePath string) bool
- func NewADConnector() (*ldap.Conn, error)
- func ProcessSessions(sessions *IseSessions, timeStampFilePath string, ...) error
- func SessionListener(secret, restUrl, timeStampFilePath string, controller *Controller, ...) error
- func SetupCloseHandler()
- func ValidateUsernamePassword() error
- type AccessSecretInput
- type AccessSecretOutput
- type AccountActivate
- type AllUsers
- type Attributes
- type Config
- type Controller
- type CreateClient
- type FUIDController
- func (f *FUIDController) GetTLSConfig() (*tls.Config, error)
- func (f *FUIDController) GetUser(userNTLMIdentity string) (*FUIDUser, error)
- func (f *FUIDController) PostUser(userEntity *LdapElement, sess *Sessions, displayProcess bool) error
- func (f *FUIDController) PutUser(user *FUIDUser, sess *Sessions, displayProcess bool) error
- func (f *FUIDController) SendRequest(endPoint, parameters string, requestBody interface{}, requestMethod string) (*http.Response, error)
- func (f *FUIDController) UserManager(sess *Sessions, displayProcess bool) error
- type FUIDUser
- type ISEClient
- type IseSessions
- type KeyValue
- type LdapElement
- type LdapEntity
- type ReadSessionInput
- type ServiceLookupInput
- type ServiceLookupOutput
- type ServiceProperties
- type Services
- type Sessions
Constants ¶
const ( RequestTimeoutValue = 5 //the timeout in seconds for ISE requests AccessLanguage = "application/json" ContentType = "application/json" PxGridCreateClientEndPoint = "pxgrid/control/AccountCreate" PxGridAccountActivateEndPoint = "pxgrid/control/AccountActivate" ServiceLookup = "pxgrid/control/ServiceLookup" ServiceLookupSessions = "com.cisco.ise.session" AccessSecretEndpoint = "pxgrid/control/AccessSecret" NoServiceAvailable = "no service available" Enabled = "ENABLED" GetSessionEndpoint = "getSessions" //FUID UserNtlmIdentityEndpoint = "user/ntlm-identity" UserEndpoint = "user" FuidAllUsers = "users" AUTHENTICATED = "AUTHENTICATED" AUTHENTICATING = "AUTHENTICATING" POSTURED = "POSTURED" DISCONNECTED = "DISCONNECTED" ChangeTypeAdd = "add" ChangeTypeModify = "modify" ChangeTypeDelete = "delete" )
Variables ¶
var (
NotFound error = errors.New("User Not Found in FUID Database")
)
Functions ¶
func GetEndpointUrl ¶
func GetSessionRestUrl ¶
GetSessionRestUrl extract the Session REST API URL from a service
func IsFileExist ¶
func NewADConnector ¶
func NewADConnector() (*ldap.Conn, error)
func ProcessSessions ¶
func ProcessSessions(sessions *IseSessions, timeStampFilePath string, fuidController *FUIDController, displayProcess bool) error
ProcessSessions process list of session events
func SessionListener ¶
func SessionListener(secret, restUrl, timeStampFilePath string, controller *Controller, fuidController *FUIDController, displayProcess bool) error
SessionListener listen to session events
func SetupCloseHandler ¶
func SetupCloseHandler()
func ValidateUsernamePassword ¶
func ValidateUsernamePassword() error
ValidateUsernamePassword ensure the yaml config file contains ISE Credentials
Types ¶
type AccessSecretInput ¶
type AccessSecretInput struct {
PeerNodeName string `json:"peerNodeName"`
}
type AccessSecretOutput ¶
type AccessSecretOutput struct {
Secret string `json:"secret"`
}
func AccessSecret ¶
func AccessSecret(peerNodeName string, controller *Controller) (*AccessSecretOutput, error)
AccessSecret return an access secret for a service provider
type AccountActivate ¶
type Attributes ¶
type Controller ¶
type Controller struct {
// contains filtered or unexported fields
}
func GetController ¶
func GetController() (*Controller, error)
func NewControl ¶
func NewControl(config *Config) (*Controller, error)
NewControl create a new controller for ISE API
func (*Controller) GetTlsConfig ¶
func (c *Controller) GetTlsConfig() *tls.Config
GetTlsConfig return the controller TLS config
func (*Controller) ReadSessions ¶
func (c *Controller) ReadSessions(secret, url string, requestBody interface{}) (*http.Response, error)
ReadSessions Read session events from PxGrid
func (*Controller) SendRequest ¶
func (c *Controller) SendRequest(url string, requestBody interface{}, requestMethod string, requireAuth bool) (*http.Response, error)
SendRequest Send request to ISE API
type CreateClient ¶
type CreateClient struct {
NodeName string `json:"nodeName"`
}
func (*CreateClient) AccountActivate ¶
func (c *CreateClient) AccountActivate(controller *Controller) (*AccountActivate, error)
AccountActivate Activate ISE Client Account
func (*CreateClient) Create ¶
func (c *CreateClient) Create(controller *Controller) (*ISEClient, error)
Create create a ISE Client Account
type FUIDController ¶
type FUIDController struct {
// contains filtered or unexported fields
}
func NewFUIDController ¶
func NewFUIDController() (*FUIDController, error)
NewFUIDController Create a Controller for FUID API
func (*FUIDController) GetTLSConfig ¶
func (f *FUIDController) GetTLSConfig() (*tls.Config, error)
GetTLSConfig Get TLS Config for FUID API
func (*FUIDController) GetUser ¶
func (f *FUIDController) GetUser(userNTLMIdentity string) (*FUIDUser, error)
GetUser Search for a specific use in FUID Database
func (*FUIDController) PostUser ¶
func (f *FUIDController) PostUser(userEntity *LdapElement, sess *Sessions, displayProcess bool) error
PostUser Create a user in FUID Database.
func (*FUIDController) PutUser ¶
func (f *FUIDController) PutUser(user *FUIDUser, sess *Sessions, displayProcess bool) error
PutUser Update a user's IP addresses and Groups
func (*FUIDController) SendRequest ¶
func (f *FUIDController) SendRequest(endPoint, parameters string, requestBody interface{}, requestMethod string) (*http.Response, error)
SendRequest send a request to FUID API
func (*FUIDController) UserManager ¶
func (f *FUIDController) UserManager(sess *Sessions, displayProcess bool) error
UserManager manager a session, if your is not exists in FUID database, create it, otherwise update the user IP Addresses ang Groups
type FUIDUser ¶
type FUIDUser struct { Dn string `json:"dn,omitempty"` ChangeType string `json:"changetype,omitempty"` SAMAccountName string `json:"sAMAccountName,omitempty"` NTLMIdentity string `json:"NTLMIdentity,omitempty"` Mail string `json:"mail,omitempty"` Ipv4Addresses []string `json:"ipv4_addresses,omitempty"` Ipv6Addresses []string `json:"ipv6_addresses,omitempty"` ObjectGUID string `json:"objectGUID,omitempty"` Groups []string `json:"groups,omitempty"` Timestamp string `json:"timestamp,omitempty"` }
type IseSessions ¶
type IseSessions struct {
Sessions []Sessions `json:"sessions"`
}
type LdapElement ¶
type LdapElement struct { DN string `json:"DN"` Attributes Attributes }
LdapElement holds the DN and Attributes of an LDAP/AD entry.
func GetLdapElement ¶
func GetLdapElement(username string, ldapConnector *ldap.Conn) (*LdapElement, error)
func HandleElement ¶
func HandleElement(element LdapEntity) (*LdapElement, error)
type LdapEntity ¶
type ReadSessionInput ¶
func GetLatestSessionTimeStamp ¶
func GetLatestSessionTimeStamp(timeStampFilePAth string) (*ReadSessionInput, error)
GetLatestSessionTimeStamp get the timestamp for the latest processed session
type ServiceLookupInput ¶
type ServiceLookupInput struct {
Name string `json:"name"`
}
type ServiceLookupOutput ¶
type ServiceLookupOutput struct {
Services []Services `json:"services"`
}
func ServiceLookupRequest ¶
func ServiceLookupRequest(serviceName string, controller *Controller) (*ServiceLookupOutput, error)
type ServiceProperties ¶
type ServiceProperties struct { SessionTopic string `json:"sessionTopic,omitempty"` GroupTopic string `json:"groupTopic,omitempty"` WsPubSubService string `json:"wsPubsubService,omitempty"` RestBaseURL string `json:"restBaseURL,omitempty"` RestBaseUrl string `json:"restBaseUrl,omitempty"` WsUrl string `json:"wsUrl"` }
type Services ¶
type Services struct { Name string `json:"name,omitempty"` NodeName string `json:"nodeName,omitempty"` Properties ServiceProperties `json:"properties,omitempty"` }
type Sessions ¶
type Sessions struct { Timestamp *time.Time `json:"timestamp"` State string `json:"state"` Username string `json:"userName"` CallingStationId string `json:"callingStationId"` IpAddresses []string `json:"ipAddresses"` MacAddress string `json:"macAddress"` NasIpAddress string `json:"nasIpAddress"` NasIdentifier string `json:"nasIdentifier"` AdNormalizedUser string `json:"adNormalizedUser"` AdUserDomainName string `json:"adUserDomainName"` AdUserNetBiosName string `json:"adUserNetBiosName"` AdUserResolvedIdentities string `json:"adUserResolvedIdentities"` AdUserResolvedDns string `json:"adUserResolvedDns"` AdUserQualifiedName string `json:"adUserQualifiedName"` AdUserSamAccountName string `json:"adUserSamAccountName"` Providers []string `json:"providers"` EndpointCheckResult string `json:"endpointCheckResult"` IdentitySourcePortStart int `json:"identitySourcePortStart"` IdentitySourcePortEnd int `json:"identitySourcePortEnd"` IdentitySourcePortFirst int `json:"identitySourcePortFirst"` IsMachineAuthentication string `json:"isMachineAuthentication"` NetworkDeviceProfileName string `json:"networkDeviceProfileName"` MdmRegistered bool `json:"mdmRegistered"` MdmCompliant bool `json:"mdmCompliant"` MdmDiskEncrypted bool `json:"mdmDiskEncrypted"` MdmJailBroken bool `json:"mdmJailBroken"` MdmPinLocked bool `json:"mdmPinLocked"` }