illumioapi

package module
v2.0.0-beta.40 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 21, 2024 License: MIT Imports: 18 Imported by: 1

README

Illumio API Package

GoDoc

Description

Go package to interact with the Illumio API.

Version 2 Announcement

The new default branch is v2. The v1 branch will be minimally maintained. Version 1 was built as needed and as it evolved there were many things that would have bee done differently from the start. Version 2 looks to address a lot of these. See below for a non-exhaustive list of the major changes:

  • Version 2 aims for better consistency for when pointers are used in structs. Pointers are used for custom types, slices, and booleans as well as any integer or string that could need to be cleared in the PCE. For example, an href never can be cleared in the PCE so it is a string. A description could be cleared (e.g., send a PUT request to remove a description). In that case it's a *string so you can send a blank string with omitempty to clear it or a nil value to have it omitted.
  • Version 2 has some helper functions to deal with all of the pointers in the data structure. PtrToVal can be used on any pointer to return its value or blank value if it's nil. The goal is to reduce the checking of nil before doing a comparison or using a value where appropriate.
  • Version 2 does not return slices for getting policy objects. For example pce.GetWklds will return just the API type and an err. The policy objects are populated into the pce slices and maps.

Example Code

All interactions with the PCE are done via methods on the pce type. For example, the code below prints all hostnames:

// Create PCE
pce := illumioapi.PCE{
   FQDN: "bp-lab.poc.segmentationpov.com",
   Port: 8443,
   DisableTLSChecking: true}

// Login and ignore error checking for example
pce.Login("brian@email.com", "Password123")

// Get all workloads
api, err := pce.GetWklds(nil)
fmt.Println(api.StatusCode)
if err != nil {
    log.Fatal(err)
}

// Iterate through workloads and print hostname
for _, w := range pce.WorkloadsSlice {
    fmt.Println(w.Hostname)
}

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var AvailableRoles = map[string]bool{
	"read_only":                 true,
	"admin":                     true,
	"owner":                     true,
	"ruleset_manager":           true,
	"ruleset_provisioner":       true,
	"global_object_provisioner": true,
	"limited_ruleset_manager":   true,
	"workload_manager":          true,
	"ruleset_viewer":            true,
}

Avaiable roles

View Source 
var Verbose bool

Functions

func AvailableRolesSlice 

func AvailableRolesSlice() (roles []string)

func LabelsToRuleStructure 

func LabelsToRuleStructure(labels []Label) (results [][]Label, err error)

LabelsToRuleStructure takes a slice of labels and returns a slice of slices for how the labels would be organized as read by the PCE rule processing. For example {"A-ERP", "A-CRM", "E-PROD"} will return [{"A-ERP, E-PROD"}. {"A-CRM", "E-PROD"}]

func ParseObjectType 

func ParseObjectType(href string) string

ParseObjectType takes an href and returns one of the following options: iplist, label, label_group, virtual_service, workload, or unknown.

func ProtocolList 

func ProtocolList() map[int]string

ProtocolList returns a map for the IANA protocol numbers.

func Ptr 

func Ptr[T any](v T) *T

Ptr returns a pointer to any object

func PtrToVal 

func PtrToVal[T any](ptr *T) T

PtrToVal returns the value of a pointer If the pointer is nil, a blank value is returned

Types

type APIKey 

type APIKey struct {
	Href         string `json:"href,omitempty"`
	KeyID        string `json:"key_id,omitempty"`
	AuthUsername string `json:"auth_username,omitempty"`
	CreatedAt    string `json:"created_at,omitempty"`
	Name         string `json:"name,omitempty"`
	Description  string `json:"description,omitempty"`
	Secret       string `json:"secret,omitempty"`
}

APIKey represents an API Key

type APIResponse 

type APIResponse struct {
	RespBody   string
	StatusCode int
	Header     http.Header
	Request    *http.Request
	ReqBody    string
	Warnings   []string
}

APIResponse contains the information from the response of the API

type Actors 

type Actors struct {
	Actors     *string     `json:"actors,omitempty"`
	Label      *Label      `json:"label,omitempty"`
	LabelGroup *LabelGroup `json:"label_group,omitempty"`
	Workload   *Workload   `json:"workload,omitempty"`
}

Actors are part of consumer or providers for rules and boundaries.

type Agent 

type Agent struct {
	Href          string         `json:"href,omitempty"`
	ActivePceFqdn string         `json:"active_pce_fqdn,omitempty"`
	TargetPceFqdn string         `json:"target_pce_fqdn,omitempty"`
	Config        *Config        `json:"config,omitempty"`
	SecureConnect *SecureConnect `json:"secure_connect,omitempty"`
	Status        *Status        `json:"status,omitempty"`
	Hostname      string         `json:"hostname,omitempty"` // Added this for events
}

An Agent is an Agent on a Workload

func (*Agent) GetID 

func (a *Agent) GetID() string

GetID returns the ID from the Href of an Agent

type AgentHealth 

type AgentHealth struct {
	AuditEvent string `json:"audit_event,omitempty"`
	Severity   string `json:"severity,omitempty"`
	Type       string `json:"type,omitempty"`
}

AgentHealth represents the Agent Health of the Status of a Workload

type AgentHealthErrors 

type AgentHealthErrors struct {
	Errors   []string `json:"errors,omitempty"`
	Warnings []string `json:"warnings,omitempty"`
}

AgentHealthErrors represents the Agent Health Errors of the Status of a Workload This is depreciated - use AgentHealth

type Assignment 

type Assignment struct {
	Href  string `json:"href,omitempty"`
	Value string `json:"value,omitempty"`
}

type AsyncTrafficQuery 

type AsyncTrafficQuery struct {
	CreatedAt       string                  `json:"created_at,omitempty"` // Timestamp in UTC when this query was created
	CreatedBy       *Href                   `json:"created_by,omitempty"`
	FlowsCount      int                     `json:"flows_count,omitempty"`   // result count after query limits and RBAC filtering are applied
	Href            string                  `json:"href,omitempty"`          // Query URI
	MatchesCount    int                     `json:"matches_count,omitempty"` // query result count
	QueryParameters *TrafficAnalysisRequest `json:"query_parameters"`        // Explorer query parameters
	Regions         *[]RegionsItems         `json:"regions,omitempty"`       // Region-specific response metadata
	Result          string                  `json:"result,omitempty"`        // Result download URI, availble only if status is completed
	Status          string                  `json:"status"`                  // Current query status
	UpdatedAt       string                  `json:"updated_at,omitempty"`    // Timestamp in UTC when this async query was last updated.
	Rules           string                  `json:"rules,omitempty"`
}

Root Asynchronous explorer query status

type AuthSecurityPrincipal 

type AuthSecurityPrincipal struct {
	Href        string `json:"href,omitempty"`
	Name        string `json:"name,omitempty"`
	DisplayName string `json:"display_name,omitempty"`
	Type        string `json:"type,omitempty"`
}

type Authentication 

type Authentication struct {
	AuthToken string `json:"auth_token"`
}

Authentication represents the response of the Authenticate API

type BulkResponse 

type BulkResponse struct {
	Href    string  `json:"href"`
	Status  string  `json:"status"`
	Token   string  `json:"token"`
	Message string  `json:"message"`
	Errors  []Error `json:"errors"`
}

BulkResponse is the data structure for the bulk response API

type ChangeSubset 

type ChangeSubset struct {
	FirewallSettings      []*FirewallSettings      `json:"firewall_settings,omitempty"`
	IPLists               []*IPList                `json:"ip_lists,omitempty"`
	LabelGroups           []*LabelGroup            `json:"label_groups,omitempty"`
	RuleSets              []*RuleSet               `json:"rule_sets,omitempty"`
	SecureConnectGateways []*SecureConnectGateways `json:"secure_connect_gateways,omitempty"`
	Services              []*Service               `json:"services,omitempty"`
	VirtualServers        []*VirtualServer         `json:"virtual_servers,omitempty"`
	VirtualServices       []*VirtualService        `json:"virtual_services,omitempty"`
	EnforcementBoundaries []*EnforcementBoundary   `json:"enforcement_boundaries,omitempty"`
}

ChangeSubset Hash of pending hrefs, organized by model

type CompatibilityReport 

type CompatibilityReport struct {
	Results       *Results `json:"results"`
	LastUpdatedAt string   `json:"last_updated_at"`
	QualifyStatus string   `json:"qualify_status"`
}

CompatibilityReport is available in idle workloads. A CompatibilityReport is never created or updated.

type Condition 

type Condition struct {
	FirstReportedTimestamp time.Time    `json:"first_reported_timestamp"`
	LatestEvent            *LatestEvent `json:"latest_event"`
}

A condition is used by the VEN Conditions are never created or upgraded

type Config 

type Config struct {
	LogTraffic               bool   `json:"log_traffic"`
	Mode                     string `json:"mode,omitempty"`
	SecurityPolicyUpdateMode string `json:"security_policy_update_mode,omitempty"`
	VisibilityLevel          string `json:"visibility_level,omitempty"`
}

Config represents the Configuration of an Agent on a Workload

type ConsumerOrProvider 

type ConsumerOrProvider struct {
	Actors         *string         `json:"actors,omitempty"`
	IPList         *IPList         `json:"ip_list,omitempty"`
	Label          *Label          `json:"label,omitempty"`
	LabelGroup     *LabelGroup     `json:"label_group,omitempty"`
	VirtualServer  *VirtualServer  `json:"virtual_server,omitempty"`
	VirtualService *VirtualService `json:"virtual_service,omitempty"`
	Workload       *Workload       `json:"workload,omitempty"`
	Exclusion      *bool           `json:"exclusion,omitempty"`
}

ConsumerOrProvider is used by rules and enforcement boundaries.

type ConsumingSecurityPrincipals 

type ConsumingSecurityPrincipals struct {
	Deleted       bool   `json:"deleted,omitempty"`
	Description   string `json:"description,omitempty"`
	Href          string `json:"href,omitempty"`
	Name          string `json:"name,omitempty"`
	SID           string `json:"sid,omitempty"`
	UsedByRuleSet bool   `json:"used_by_ruleset,omitempty"`
}

ConsumingSecurityPrincipals are AD user groups

type ContainerCluster 

type ContainerCluster struct {
	Href             string  `json:"href,omitempty"`
	Name             string  `json:"name,omitempty"`
	Description      *string `json:"description,omitempty"`
	ContainerRuntime string  `json:"container_runtime,omitempty"`
	ManagerType      string  `json:"manager_type,omitempty"`
	Online           *bool   `json:"online,omitempty"`
	KubelinkVersion  string  `json:"kubelink_version,omitempty"`
	PceFqdn          string  `json:"pce_fqdn,omitempty"`
}

ContainerCluster represents a Kubernetes cluster

func (*ContainerCluster) ID 

func (c *ContainerCluster) ID() string

type ContainerWorkloadProfile 

type ContainerWorkloadProfile struct {
	Href            string   `json:"href,omitempty"`
	Name            *string  `json:"name"` // API expects null for name to remove it. Always sent.
	Namespace       string   `json:"namespace,omitempty"`
	Description     *string  `json:"description,omitempty"`
	Labels          *[]Label `json:"labels,omitempty"`
	EnforcementMode *string  `json:"enforcement_mode,omitempty"`
	VisibilityLevel *string  `json:"visibility_level,omitempty"`
	Managed         *bool    `json:"managed,omitempty"`
	Linked          *bool    `json:"linked,omitempty"`
	ClusterName     string   `json:"-"`
	CreatedAt       string   `json:"created_at,omitempty"`
	CreatedBy       *Href    `json:"created_by,omitempty"`
	UpdatedAt       string   `json:"updated_at,omitempty"`
	UpdatedBy       *Href    `json:"updated_by,omitempty"`
}

ContainerWorkloadProfile is a Kubernetes namespace

func (*ContainerWorkloadProfile) GetLabelByKey 

func (c *ContainerWorkloadProfile) GetLabelByKey(key string) string

GetLabelByKey returns the value for a provided label key

func (*ContainerWorkloadProfile) RemoveLabel 

func (c *ContainerWorkloadProfile) RemoveLabel(key string) error

SetLabelByKey sets the specified label

func (*ContainerWorkloadProfile) SanitizeContainerWorkloadProfilePut 

func (c *ContainerWorkloadProfile) SanitizeContainerWorkloadProfilePut()

SanitizeContainerWorkloadProfilePut removes fields not acceptable to the put method.

func (*ContainerWorkloadProfile) SetLabel 

func (c *ContainerWorkloadProfile) SetLabel(label Label, pce *PCE) error

SetLabelByKey sets the specified label

type DisplayInfo 

type DisplayInfo struct {
	BackgroundColor   string `json:"background_color,omitempty"`
	Icon              string `json:"icon,omitempty"`
	ForegroundColor   string `json:"foreground_color,omitempty"`
	Initial           string `json:"initial,omitempty"`
	DisplayNamePlural string `json:"display_name_plural,omitempty"`
}

type Dst 

type Dst struct {
	IP       string     `json:"ip"`
	Workload *Workload  `json:"workload,omitempty"`
	FQDN     string     `json:"fqdn,omitempty"`
	IPLists  *[]*IPList `json:"ip_lists"`
}

Dst is the provider workload details

type EnforcementBoundary 

type EnforcementBoundary struct {
	Href            string                `json:"href,omitempty"`
	Name            string                `json:"name,omitempty"`
	Providers       *[]ConsumerOrProvider `json:"providers,omitempty"`
	Consumers       *[]ConsumerOrProvider `json:"consumers,omitempty"`
	IngressServices *[]IngressServices    `json:"ingress_services,omitempty"`
	Enabled         *bool                 `json:"enabled,omitempty"`
	NetworkType     string                `json:"network_type,omitempty"` //  ["brn", "non_brn", "all"]
	CreatedAt       string                `json:"created_at,omitempty"`
	CreatedBy       *Href                 `json:"created_by,omitempty"`
	DeletedAt       string                `json:"deleted_at,omitempty"`
	DeletedBy       *Href                 `json:"deleted_by,omitempty"`
	UpdateType      string                `json:"update_type,omitempty"`
	UpdatedAt       string                `json:"updated_at,omitempty"`
	UpdatedBy       *Href                 `json:"updated_by,omitempty"`
}

An EnforcementBoundary is part of Illumio policy to dicated where policy is enforced.

type Error 

type Error struct {
	Token   string `json:"token"`
	Message string `json:"message"`
}

type Event 

type Event struct {
	Href            string             `json:"href"`
	Timestamp       time.Time          `json:"timestamp"`
	PceFqdn         string             `json:"pce_fqdn"`
	EventCreatedBy  *EventCreatedBy    `json:"created_by"`
	EventType       string             `json:"event_type"`
	Status          string             `json:"status"`
	Severity        string             `json:"severity"`
	Notifications   *[]Notifications   `json:"notifications"`
	ResourceChanges *[]ResourceChanges `json:"resource_changes,omitempty"`
}

Event represents an auditable event in the Illumio PCE Events cannot be created or updated.

func (*Event) PopulateCreatedBy 

func (e *Event) PopulateCreatedBy()

type EventCreatedBy 

type EventCreatedBy struct {
	Agent            Agent            `json:"agent"`
	User             UserLogin        `json:"user"`
	ContainerCluster ContainerCluster `json:"container_cluster"`
	System           System           `json:"system,omitempty"`
	Name             string
	Href             string
}

EventCreatedBy is who created the event

type ExpSrv 

type ExpSrv struct {
	Port           int    `json:"port,omitempty"`
	Proto          int    `json:"proto,omitempty"`
	Process        string `json:"process_name,omitempty"`
	User           string `json:"user_name,omitempty"`
	WindowsService string `json:"windows_service_name,omitempty"`
}

ExpSrv is a service in the explorer response

type ExplorerServices 

type ExplorerServices struct {
	Include []IncludeOrExclude `json:"include"`
	Exclude []IncludeOrExclude `json:"exclude"`
}

ExplorerServices represent services to be included or excluded in the explorer query

type FQDN 

type FQDN struct {
	FQDN string `json:"fqdn,omitempty"`
}

FQDN represents an FQDN in an IPList

type FirewallSettings 

type FirewallSettings struct {
	Href string `json:"href"`
}

FirewallSettings are a provisionable object

type FlowFilter 

type FlowFilter struct {
	Href         string  `json:"href,omitempty"`
	Action       string  `json:"action,omitempty"`       // drop or aggregate
	Transmission string  `json:"transmission,omitempty"` // broadcast, multicast, unicast
	Target       *Target `json:"target,omitempty"`
}

A flowfilter is a collector filter

type FlowUploadResp 

type FlowUploadResp struct {
	NumFlowsReceived int       `json:"num_flows_received"`
	NumFlowsFailed   int       `json:"num_flows_failed"`
	FailedFlows      []*string `json:"failed_flows,omitempty"`
}

FlowUploadResp is the response from the traffic upload API

type Href 

type Href struct {
	Href string `json:"href"`
}

Href is used for CreatedBy, UpdatedBy, etc. that require just an href.

type IPAddress 

type IPAddress struct {
	Value string `json:"value,omitempty"`
}

IPAddress represents an IP Address

type IPList 

type IPList struct {
	Href                  string     `json:"href,omitempty"`
	Name                  string     `json:"name,omitempty"`
	Description           *string    `json:"description,omitempty"`
	IPRanges              *[]IPRange `json:"ip_ranges,omitempty"`
	FQDNs                 *[]FQDN    `json:"fqdns,omitempty"`
	Size                  int        `json:"size,omitempty"`
	ExternalDataReference *string    `json:"external_data_reference,omitempty"`
	ExternalDataSet       *string    `json:"external_data_set,omitempty"`
	CreatedAt             string     `json:"created_at,omitempty"`
	CreatedBy             *Href      `json:"created_by,omitempty"`
	DeletedAt             string     `json:"deleted_at,omitempty"`
	DeletedBy             *Href      `json:"deleted_by,omitempty"`
	UpdatedAt             string     `json:"updated_at,omitempty"`
	UpdatedBy             *Href      `json:"updated_by,omitempty"`
}

IPList represents an IP List in the PCE.

type IPRange 

type IPRange struct {
	Description string `json:"description,omitempty"`
	Exclusion   bool   `json:"exclusion,omitempty"`
	FromIP      string `json:"from_ip,omitempty"`
	ToIP        string `json:"to_ip,omitempty"`
}

IPRange repsents one of the IP ranges of an IP List. IPRanges are never updated in place (not using pointers)

type IPTablesRules 

type IPTablesRules struct {
	Actors      *[]Actors     `json:"actors"`
	Description *string       `json:"description,omitempty"`
	Enabled     *bool         `json:"enabled"`
	Href        string        `json:"href"`
	IPVersion   string        `json:"ip_version"`
	Statements  *[]Statements `json:"statements"`
}

IPTablesRules - more info to follow

type IllumioSecurityTemplate 

type IllumioSecurityTemplate struct {
	Name                  string     `json:"name"`
	Version               int        `json:"version"`
	OsFamily              string     `json:"os_family"`
	Icon                  string     `json:"icon"`
	CompatiblePceVersions *[]int     `json:"compatible_pce_versions"`
	Labels                *[]Label   `json:"labels,omitempty"`
	IPLists               *[]IPList  `json:"ip_lists,omitempty"`
	Services              *[]Service `json:"services,omitempty"`
}

IllumioSecurityTemplate contains Labels, IP Lists, Services

type IllumioSecurityTemplateFile 

type IllumioSecurityTemplateFile struct {
	IllumioSecurityTemplates []*IllumioSecurityTemplate `json:"illumio_security_templates"`
}

IllumioSecurityTemplateFile is a file with a slice of templates

func ParseTemplateFile 

func ParseTemplateFile(filename string) (IllumioSecurityTemplateFile, error)

ParseTemplateFile imports a JSON template file into the PCE

type IncludeOrExclude 

type IncludeOrExclude struct {
	Actors         string     `json:"actors,omitempty"`
	Label          *Label     `json:"label,omitempty"`
	Workload       *Workload  `json:"workload,omitempty"`
	IPList         *IPList    `json:"ip_list,omitempty"`
	IPAddress      *IPAddress `json:"ip_address,omitempty"`
	Port           int        `json:"port,omitempty"`
	ToPort         int        `json:"to_port,omitempty"`
	Proto          int        `json:"proto,omitempty"`
	Process        string     `json:"process_name,omitempty"`
	WindowsService string     `json:"windows_service_name,omitempty"`
	Transmission   string     `json:"transmission,omitempty"`
}

IncludeOrExclude is used in traffic queries.

func CreateIncludeOrExclude 

func CreateIncludeOrExclude(objects []string, include bool) (IncOrExc []IncludeOrExclude, err error)

type IncreaseTrafficUpdateReq 

type IncreaseTrafficUpdateReq struct {
	Workloads []Workload `json:"workloads"`
}

type Info 

type Info struct {
	APIEndpoint string `json:"api_endpoint"`
	APIMethod   string `json:"api_method"`
	SrcIP       string `json:"src_ip"`
	VEN         *VEN   `json:"ven,omitempty"`
	Agent       *Agent `json:"agent,omitempty"`
}

Info are notification info

type IngressServices 

type IngressServices struct {
	Port     *int   `json:"port,omitempty"`
	Protocol *int   `json:"proto,omitempty"`
	ToPort   *int   `json:"to_port,omitempty"`
	Href     string `json:"href,omitempty"`
}

IngressServices - more info to follow

type Interface 

type Interface struct {
	Name                  string `json:"name,omitempty"`
	FriendlyName          string `json:"friendly_name,omitempty"`
	Address               string `json:"address,omitempty"`
	CidrBlock             *int   `json:"cidr_block,omitempty"` // Pointer to handle /0 vs. no Cidr provided
	DefaultGatewayAddress string `json:"default_gateway_address,omitempty"`
	LinkState             string `json:"link_state,omitempty"`
}

An Interface represent the network interface of a workload An interface can never be updated or created

type Label 

type Label struct {
	Href                  string         `json:"href,omitempty"`
	Key                   string         `json:"key,omitempty"`
	Value                 string         `json:"value,omitempty"`
	LabelUsage            *LabelUsage    `json:"usage,omitempty"`
	Assignment            *Assignment    `json:"assignment,omitempty"`
	Restriction           *[]Restriction `json:"restriction,omitempty"`
	Deleted               *bool          `json:"deleted,omitempty"`
	ExternalDataReference *string        `json:"external_data_reference,omitempty"`
	ExternalDataSet       *string        `json:"external_data_set,omitempty"`
	CreatedAt             string         `json:"created_at,omitempty"`
	CreatedBy             *Href          `json:"created_by,omitempty"`
	UpdatedAt             string         `json:"updated_at,omitempty"`
	UpdatedBy             *Href          `json:"updated_by,omitempty"`
}

A Label represents an Illumio Label.

type LabelDimension 

type LabelDimension struct {
	Href                  string               `json:"href,omitempty"`
	Key                   string               `json:"key,omitempty"`
	DisplayName           string               `json:"display_name,omitempty"`
	DisplayInfo           *DisplayInfo         `json:"display_info,omitempty"`
	Usage                 *LabelDimensionUsage `json:"usage,omitempty"`
	Caps                  *[]string            `json:"caps,omitempty"`
	ExternalDataSet       *string              `json:"external_data_set,omitempty"`
	ExternalDataReference *string              `json:"external_data_reference,omitempty"`
	Deleted               *bool                `json:"deleted,omitempty"`
	CreatedAt             string               `json:"created_at,omitempty"`
	CreatedBy             *Href                `json:"created_by,omitempty"`
	UpdatedAt             string               `json:"updated_at,omitempty"`
	UpdatedBy             *Href                `json:"updated_by,omitempty"`
	DeletedAt             string               `json:"deleted_at,omitempty"`
	DeletedBy             *Href                `json:"deleted_by,omitempty"`
}

type LabelDimensionUsage 

type LabelDimensionUsage struct {
	Labels      bool `json:"labels"`
	LabelGroups bool `json:"label_groups"`
}

type LabelGroup 

type LabelGroup struct {
	Href                  string       `json:"href,omitempty"`
	Name                  string       `json:"name,omitempty"`
	Description           *string      `json:"description,omitempty"`
	Key                   string       `json:"key,omitempty"`
	Labels                *[]Label     `json:"labels,omitempty"`
	SubGroups             *[]SubGroups `json:"sub_groups,omitempty"`
	Usage                 *Usage       `json:"usage,omitempty"`
	ExternalDataReference *string      `json:"external_data_reference,omitempty"`
	ExternalDataSet       *string      `json:"external_data_set,omitempty"`
}

LabelGroup represents a Label Group in the PCE.

type LabelUsage 

type LabelUsage struct {
	VirtualServer                     bool `json:"virtual_server"`
	LabelGroup                        bool `json:"label_group"`
	Ruleset                           bool `json:"ruleset"`
	StaticPolicyScopes                bool `json:"static_policy_scopes"`
	PairingProfile                    bool `json:"pairing_profile"`
	Permission                        bool `json:"permission"`
	Workload                          bool `json:"workload"`
	ContainerWorkload                 bool `json:"container_workload"`
	FirewallCoexistenceScope          bool `json:"firewall_coexistence_scope"`
	ContainersInheritHostPolicyScopes bool `json:"containers_inherit_host_policy_scopes"`
	ContainerWorkloadProfile          bool `json:"container_workload_profile"`
	BlockedConnectionRejectScope      bool `json:"blocked_connection_reject_scope"`
	EnforcementBoundary               bool `json:"enforcement_boundary"`
	LoopbackInterfacesInPolicyScopes  bool `json:"loopback_interfaces_in_policy_scopes"`
	VirtualService                    bool `json:"virtual_service"`
}

LabelUsage shows how labels are used in the PCE LabelUsage is never created or updated

type LatestEvent 

type LatestEvent struct {
	NotificationType string    `json:"notification_type"`
	Severity         string    `json:"severity"`
	Href             string    `json:"href"`
	Info             Info      `json:"info"`
	Timestamp        time.Time `json:"timestamp"`
}

A LatestEvent is for a condition LatestEvents are never created or updated.

type LoadInput 

type LoadInput struct {
	ProvisionStatus             string // Must be draft or active. Blank value is draft
	LabelDimensions             bool
	Labels                      bool
	LabelGroups                 bool
	IPLists                     bool
	Workloads                   bool
	WorkloadsQueryParameters    map[string]string
	VirtualServices             bool
	VirtualServers              bool
	Services                    bool
	ConsumingSecurityPrincipals bool
	RuleSets                    bool
	VENs                        bool
	ContainerClusters           bool
	ContainerWorkloads          bool
	ContainerWorkloadProfiles   bool
	EnforcementBoundaries       bool
	Version                     bool
	AuthSecurityPrincipals      bool
	Permissions                 bool
	Roles                       bool
}

LoadInput tells the p.Load method what objects to load

type Network 

type Network struct {
	Href string `json:"href,omitempty"`
	Name string `json:"name,omitempty"`
}

Networks are used by ServiceAddresses

type Notifications 

type Notifications struct {
	UUID             string `json:"uuid"`
	NotificationType string `json:"notification_type"`
	Info             *Info  `json:"info"`
}

Notifications are event notifications

type OpenServicePort 

type OpenServicePort struct {
	Address        string `json:"address,omitempty"`
	Package        string `json:"package,omitempty"`
	Port           int    `json:"port,omitempty"`
	ProcessName    string `json:"process_name,omitempty"`
	Protocol       int    `json:"protocol,omitempty"`
	User           string `json:"user,omitempty"`
	WinServiceName string `json:"win_service_name,omitempty"`
}

OpenServicePorts represents open ports for a service running on a workload

type Org 

type Org struct {
	Href        string `json:"href"`
	DisplayName string `json:"display_name"`
	ID          int    `json:"org_id"`
}

Org is an an organization in a SaaS PCE

type PCE 

type PCE struct {
	FriendlyName                     string
	FQDN                             string
	Port                             int
	Org                              int
	User                             string
	Key                              string
	Proxy                            string
	DisableTLSChecking               bool
	Version                          Version
	Labels                           map[string]Label // Labels can be looked up by href or concatenated key and value (no character between key and value)
	LabelsSlice                      []Label
	LabelDimensions                  map[string]LabelDimension // LabelDimensions can be looked up by href or key
	LabelDimensionsSlice             []LabelDimension
	LabelGroups                      map[string]LabelGroup // Label Groups can be looked up by href or name
	LabelGroupsSlice                 []LabelGroup
	IPLists                          map[string]IPList // IP Lists can be looked up by href or name
	IPListsSlice                     []IPList
	Workloads                        map[string]Workload // Workloads can be looked up by href, hostname, name, or concatenated external dataset and reference (no character between)
	WorkloadsSlice                   []Workload
	VirtualServices                  map[string]VirtualService // VirtualServices can be looked up by href or name
	VirtualServicesSlice             []VirtualService
	VirtualServers                   map[string]VirtualServer // VirtualServers can be looked up by href or name
	VirtualServersSlice              []VirtualServer
	Services                         map[string]Service // Services can be looked up by href or name
	ServicesSlice                    []Service
	ConsumingSecurityPrincipals      map[string]ConsumingSecurityPrincipals // ConsumingSecurityPrincipals can be loooked up by href or name
	ConsumingSecurityPrincipalsSlice []ConsumingSecurityPrincipals
	RuleSets                         map[string]RuleSet // RuleSets can be looked up by href or name
	RuleSetsSlice                    []RuleSet
	VENs                             map[string]VEN // VENs can be looked up by href or name
	VENsSlice                        []VEN
	ContainerClusters                map[string]ContainerCluster
	ContainerClustersSlice           []ContainerCluster
	ContainerWorkloads               map[string]Workload
	ContainerWorkloadsSlice          []Workload
	ContainerWorkloadProfiles        map[string]ContainerWorkloadProfile
	ContainerWorkloadProfilesSlice   []ContainerWorkloadProfile
	EnforcementBoundaries            map[string]EnforcementBoundary
	EnforcementBoundariesSlice       []EnforcementBoundary
	PermissionsSlice                 []Permission
	Permissions                      map[string]Permission
	AuthSecurityPrincipalsSlices     []AuthSecurityPrincipal
	AuthSecurityPrincipals           map[string]AuthSecurityPrincipal
	Roles                            map[string]Role
	RolesSlice                       []Role
}

PCE represents an Illumio PCE. All API calls are methods on the PCE. Each policy object is a map for lookups by various identifiers (href, name, etc.) so the length of the map will be some multiple of the total number of objects. There is also a slice for each object.

func (*PCE) BulkVS 

func (p *PCE) BulkVS(virtualServices []VirtualService, method string, stdoutLogs bool) ([]APIResponse, error)

BulkVS takes a bulk action on an array of workloads. Method must be create, update, or delete

func (*PCE) BulkWorkload 

func (p *PCE) BulkWorkload(workloads []Workload, method string, stdoutLogs bool) ([]APIResponse, error)

BulkWorkload takes a bulk action on an array of workloads. Method must be create, update, or delete

func (*PCE) CreateADUserGroup 

func (p *PCE) CreateADUserGroup(group ConsumingSecurityPrincipals) (createdGroup ConsumingSecurityPrincipals, api APIResponse, err error)

CreateADUserGroup creates a user group policy object in the PCE

func (*PCE) CreateAsyncTrafficRequest 

func (p *PCE) CreateAsyncTrafficRequest(t TrafficAnalysisRequest) (asyncQuery AsyncTrafficQuery, api APIResponse, err error)

CreateAsyncTrafficRequest makes a traffic request and returns the async query to look up later

func (*PCE) CreateAuthSecurityPrincipal 

func (p *PCE) CreateAuthSecurityPrincipal(authSecPrincipal AuthSecurityPrincipal) (createdAuthSecPrincipal AuthSecurityPrincipal, api APIResponse, err error)

CreateAuthSecurityPrincipal creates a new authorized security principal in the PCE.

func (*PCE) CreateEnforcementBoundary 

func (p *PCE) CreateEnforcementBoundary(eb EnforcementBoundary) (createdEB EnforcementBoundary, api APIResponse, err error)

CreateEnforcementBoundary creates a new enforcement boundary in the Illumio PCE

func (*PCE) CreateFlowFilter 

func (p *PCE) CreateFlowFilter(flowFilter FlowFilter) (createdFlowFilter FlowFilter, api APIResponse, err error)

CreateLabel creates a new Label in the PCE.

func (*PCE) CreateIPList 

func (p *PCE) CreateIPList(ipList IPList) (createdIPL IPList, api APIResponse, err error)

CreateIPList creates a new IP List in the PCE.

func (*PCE) CreateLabel 

func (p *PCE) CreateLabel(label Label) (createdLabel Label, api APIResponse, err error)

CreateLabel creates a new Label in the PCE.

func (*PCE) CreateLabelDimension 

func (p *PCE) CreateLabelDimension(labelDimension LabelDimension) (createdLabelDimension LabelDimension, api APIResponse, err error)

CreateLabelDimensions creates a new label dimension in the PCE.

func (*PCE) CreateLabelGroup 

func (p *PCE) CreateLabelGroup(labelGroup LabelGroup) (createdLabelGroup LabelGroup, api APIResponse, err error)

CreateLabelGroup creates a new label group in the PCE.

func (*PCE) CreatePairingKey 

func (p *PCE) CreatePairingKey(pairingProfile PairingProfile) (pairingKey PairingKey, api APIResponse, err error)

CreatePairingKey creates a pairing key from a pairing profile.

func (*PCE) CreatePairingProfile 

func (p *PCE) CreatePairingProfile(pairingProfile PairingProfile) (createdPairingProfile PairingProfile, api APIResponse, err error)

CreatePairingProfile creates a new pairing profile in the PCE.

func (*PCE) CreatePermission 

func (p *PCE) CreatePermission(permission Permission) (createdPermission Permission, api APIResponse, err error)

CreatePermission creates a new authorized security principal in the PCE.

func (*PCE) CreateRule 

func (p *PCE) CreateRule(rulesetHref string, rule Rule) (createdRule Rule, api APIResponse, err error)

CreateRule creates a new rule in the PCE.

func (*PCE) CreateRuleset 

func (p *PCE) CreateRuleset(rs RuleSet) (createdRS RuleSet, api APIResponse, err error)

CreateRuleSet creates a new ruleset in the PCE.

func (*PCE) CreateService 

func (p *PCE) CreateService(service Service) (createdService Service, api APIResponse, err error)

CreateService creates a new service in the PCE.

func (*PCE) CreateServiceBinding 

func (p *PCE) CreateServiceBinding(serviceBindings []ServiceBinding) (createdServiceBindings []ServiceBinding, api APIResponse, err error)

CreateServiceBinding binds new workloads to a virtual service

func (*PCE) CreateTrafficRequest 

func (p *PCE) CreateTrafficRequest(t TrafficAnalysisRequest) (returnedTraffic []TrafficAnalysis, api APIResponse, err error)

CreateTrafficRequest makes a traffic request and waits for the results

func (*PCE) CreateTrafficRequestCsv 

func (p *PCE) CreateTrafficRequestCsv(t TrafficAnalysisRequest, draftResults bool) (returnedTraffic [][]string, api APIResponse, err error)

CreateTrafficRequest makes a traffic request and waits for the results

func (*PCE) CreateVirtualService 

func (p *PCE) CreateVirtualService(virtualService VirtualService) (createdVirtualService VirtualService, api APIResponse, err error)

CreateVirtualService creates a new virtual service in the Illumio PCE.

func (*PCE) CreateWkld 

func (p *PCE) CreateWkld(wkld Workload) (createdWkld Workload, api APIResponse, err error)

CreateWkld creates a new unmanaged workload in the Illumio PCE

func (*PCE) DeleteEnforcementBoundary 

func (p *PCE) DeleteEnforcementBoundary(eb EnforcementBoundary) (APIResponse, error)

DeleteEnforcementBoundary removes an enforcement boundary from the PCE. The provided enforcement boundary object must include an Href.

func (*PCE) DeleteHref 

func (p *PCE) DeleteHref(href string) (APIResponse, error)

DeleteHref deletes an existing object in the PCE based on its href.

func (*PCE) ExpandLabelGroup 

func (p *PCE) ExpandLabelGroup(href string) (labelHrefs []string)

ExpandLabelGroup returns a string of label hrefs in a label group Every subgroup (and nested subgroup) is expanded

func (*PCE) FindObject 

func (p *PCE) FindObject(href string) (key, name string, err error)

FindObject takes an href and returns what it is and the name

func (*PCE) GetADUserGroups 

func (p *PCE) GetADUserGroups(queryParameters map[string]string) (api APIResponse, err error)

GetADUserGroups returns a slice of AD user groups from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetAllAPIKeys 

func (p *PCE) GetAllAPIKeys(userHref string) ([]APIKey, APIResponse, error)

GetAllAPIKeys gets all the APIKeys associated with a user

func (*PCE) GetAsyncQueries 

func (p *PCE) GetAsyncQueries(queryParameters map[string]string) (asyncQueries []AsyncTrafficQuery, api APIResponse, err error)

func (*PCE) GetAsyncQueryResults 

func (p *PCE) GetAsyncQueryResults(aq AsyncTrafficQuery) (returnedTraffic []TrafficAnalysis, api APIResponse, err error)

func (*PCE) GetAsyncQueryResultsCsv 

func (p *PCE) GetAsyncQueryResultsCsv(aq AsyncTrafficQuery, draftPolicy bool) (csvData [][]string, api APIResponse, err error)

func (*PCE) GetAuthSecurityPrincipal 

func (p *PCE) GetAuthSecurityPrincipal(queryParameters map[string]string) (api APIResponse, err error)

GetAuthSecurityPrincipalermissions returns a slice of AuthSecurityPrincipals from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetCollection 

func (p *PCE) GetCollection(endpoint string, async bool, queryParameters map[string]string, response interface{}) (APIResponse, error)

GetCollection returns a collection of Illumio objects GetCollection uses a single header of Content-Type:application/json To customize the header, use GetCollectionHeaders

func (*PCE) GetCollectionHeaders 

func (p *PCE) GetCollectionHeaders(endpoint string, async bool, queryParameters, headers map[string]string, response interface{}) (APIResponse, error)

GetCollectionHeaders returns a collection of Illumio objects and allows for customizing headers of HTTP request

func (*PCE) GetCompatibilityReport 

func (p *PCE) GetCompatibilityReport(w Workload) (cr CompatibilityReport, api APIResponse, err error)

GetCompatibilityReport returns the compatibility report for a VEN

func (*PCE) GetContainerClusters 

func (p *PCE) GetContainerClusters(queryParameters map[string]string) (api APIResponse, err error)

GetContainerClusters returns a slice of ContainerCluster in the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetContainerWkldProfiles 

func (p *PCE) GetContainerWkldProfiles(queryParameters map[string]string, containerClusterID string) (api APIResponse, err error)

GetContainerWkldProfiles returns a slice of container workload profiles from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetContainerWklds 

func (p *PCE) GetContainerWklds(queryParameters map[string]string) (api APIResponse, err error)

GetContainerWklds returns a slice of container workloads from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetEnforcementBoundaries 

func (p *PCE) GetEnforcementBoundaries(queryParameters map[string]string, pStatus string) (api APIResponse, err error)

GetEnforcementBoundaries returns a slice of enforcement boundaries from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetEnforcementBoundaryByHref 

func (p *PCE) GetEnforcementBoundaryByHref(href string) (eb EnforcementBoundary, api APIResponse, err error)

GetEnforcementBoundaryByHref returns the enforcement boundary with the specified HREF

func (*PCE) GetEvents 

func (p *PCE) GetEvents(queryParameters map[string]string) (events []Event, api APIResponse, err error)

GetEvents returns a slice of events from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetHref 

func (p *PCE) GetHref(href string, response interface{}) (APIResponse, error)

GetHref returns the Illumio object with a specific href

func (*PCE) GetIPListByName 

func (p *PCE) GetIPListByName(name string, pStatus string) (IPList, APIResponse, error)

GetIPListByName queries returns the IP List based on name. A blank IP List is return if no exact match. This method leverages GetIPLists. Any matching named IP lists will be stored in the PCE object.

func (*PCE) GetIPLists 

func (p *PCE) GetIPLists(queryParameters map[string]string, pStatus string) (api APIResponse, err error)

GetIPLists returns a slice of IP lists from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetLabelByHref 

func (p *PCE) GetLabelByHref(href string) (Label, APIResponse, error)

GetLabelbyHref returns a label based on the provided HREF.

func (*PCE) GetLabelByKeyValue 

func (p *PCE) GetLabelByKeyValue(key, value string) (Label, APIResponse, error)

GetLabelByKeyValue finds a label based on the key and value. A blank label is return if no exact match. This method uses GetLabels so the PCE label maps and slices will be updated with all labels matching the criteria. Only exact label is returned.

func (*PCE) GetLabelDimensions 

func (p *PCE) GetLabelDimensions(queryParameters map[string]string) (api APIResponse, err error)

GetLabelDimensions returns a slice of label tpes from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetLabelGroups 

func (p *PCE) GetLabelGroups(queryParameters map[string]string, pStatus string) (api APIResponse, err error)

GetLabelGroups returns a slice of label groups from the PCE. pStatus must be "draft" or "active" queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetLabels 

func (p *PCE) GetLabels(queryParameters map[string]string) (api APIResponse, err error)

GetLabels returns a slice of labels from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetPairingProfiles 

func (p *PCE) GetPairingProfiles(queryParameters map[string]string) (pairingProfiles []PairingProfile, api APIResponse, err error)

GetPairingProfiles returns a slice of pairing profiles from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetPendingChanges 

func (p *PCE) GetPendingChanges() (cs ChangeSubset, api APIResponse, err error)

GetPending returns a slice of pending changes from the PCE.

func (*PCE) GetPermissions 

func (p *PCE) GetPermissions(queryParameters map[string]string) (api APIResponse, err error)

GetPermissions returns a slice of permissions from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetRoles 

func (p *PCE) GetRoles(queryParameters map[string]string) (api APIResponse, err error)

GetRoles returns a slice of roles from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetRuleByHref 

func (p *PCE) GetRuleByHref(href string) (rule Rule, api APIResponse, err error)

GetRuleByHref returns the rule with a specific href

func (*PCE) GetRulesetByHref 

func (p *PCE) GetRulesetByHref(href string) (ruleset RuleSet, api APIResponse, err error)

GetRulesetByHref returns the rule with a specific href

func (*PCE) GetRulesets 

func (p *PCE) GetRulesets(queryParameters map[string]string, pStatus string) (api APIResponse, err error)

GetRulesets returns a slice of rulesets from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetServiceBindings 

func (p *PCE) GetServiceBindings(queryParameters map[string]string) (serviceBindings []ServiceBinding, api APIResponse, err error)

GetServiceBindings returns a slice of service bindings from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetServices 

func (p *PCE) GetServices(queryParameters map[string]string, pStatus string) (api APIResponse, err error)

GetServices returns a slice of IP lists from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetTrafficAnalysis 

func (p *PCE) GetTrafficAnalysis(q TrafficQuery) (returnedTraffic []TrafficAnalysis, api APIResponse, err error)

GetTrafficAnalysis gets flow data from Explorer.

func (*PCE) GetTrafficAnalysisCsv 

func (p *PCE) GetTrafficAnalysisCsv(q TrafficQuery, draftResults bool) (returnedTraffic [][]string, api APIResponse, err error)

GetTrafficAnalysisCsv gets flow data from Explorer in CSV Format.

func (*PCE) GetVenByHostname 

func (p *PCE) GetVenByHostname(hostname string) (VEN, APIResponse, error)

GetVenByHostname gets a VEN by the hostname Returns a blank VEN if no exact matches Uses GetVens so PCE VEN map and slice will be cleared.

func (*PCE) GetVenByHref 

func (p *PCE) GetVenByHref(href string) (ven VEN, api APIResponse, err error)

GetVenByHref returns the VEN with a specific href

func (*PCE) GetVens 

func (p *PCE) GetVens(queryParameters map[string]string) (api APIResponse, err error)

GetVens returns a slice of VENs from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value" The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetVersion 

func (p *PCE) GetVersion() (version Version, api APIResponse, err error)

GetVersion returns the version of the PCE

func (*PCE) GetVirtualServers 

func (p *PCE) GetVirtualServers(queryParameters map[string]string, pStatus string) (api APIResponse, err error)

GetVirtualServers returns a slice of IP lists from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetVirtualServiceByHref 

func (p *PCE) GetVirtualServiceByHref(href string) (virtualService VirtualService, api APIResponse, err error)

GetVirtualServiceByHref returns the virtualservice with a specific href

func (*PCE) GetVirtualServiceByName 

func (p *PCE) GetVirtualServiceByName(name string, pStatus string) (VirtualService, APIResponse, error)

GetVirtualServiceByName returns the virtual service based on name. Uses GetVirtualServices for virtual services slices and maps are replaced. A blank virtual service is return if no exact match.

func (*PCE) GetVirtualServices 

func (p *PCE) GetVirtualServices(queryParameters map[string]string, pStatus string) (api APIResponse, err error)

GetVirtualServices returns a slice of IP lists from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetVulnReports 

func (p *PCE) GetVulnReports(queryParameters map[string]string) (vulnReports []VulnerabilityReport, api APIResponse, err error)

GetVulnReports returns a slice of vulnerabilities from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetVulns 

func (p *PCE) GetVulns(queryParameters map[string]string) (vulns []Vulnerability, api APIResponse, err error)

GetVulns returns a slice of vulnerabilities from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetWkldByHostname 

func (p *PCE) GetWkldByHostname(hostname string) (wkld Workload, api APIResponse, err error)

GetWkldByHostname gets a workload based on the hostname. GetWkldByBostname calls GetWklds which will replace the workload slice and maps An empty workload is returned if there is no exact match.

func (*PCE) GetWkldByHref 

func (p *PCE) GetWkldByHref(href string) (wkld Workload, api APIResponse, err error)

GetWkldByHref returns the workload with a specific href

func (*PCE) GetWklds 

func (p *PCE) GetWklds(queryParameters map[string]string) (api APIResponse, err error)

GetWklds returns a slice of workloads from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value" The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.

func (*PCE) GetWkldsByHrefList 

func (p *PCE) GetWkldsByHrefList(hrefs []string, single bool) (apiResps []APIResponse, err error)

Get workloads by href list Entries that do not contain "/orgs/" will be skipped. Single makes individual calls for each workload

func (*PCE) IncreaseTrafficUpdateRate 

func (p *PCE) IncreaseTrafficUpdateRate(wklds []Workload) (APIResponse, error)

IncreaseTrafficUpdateRate increases the VEN traffic update rate

func (*PCE) Load 

func (p *PCE) Load(l LoadInput, multiThread bool) (apiResps map[string]APIResponse, err error)

Load gets the objects specified in the LoadInput

func (*PCE) Login 

func (p *PCE) Login(user, password, loginServer string) (UserLogin, []APIResponse, error)

Login authenticates to the PCE. Login will populate the User, Key, and Org fields in the PCE instance. Login will use a temporary session token that expires after 10 minutes. Login server is usually be "". Specify when needed. You can also use ILLUMIO_LOGIN_SERVER environment variable.

func (*PCE) LoginAPIKey 

func (p *PCE) LoginAPIKey(user, password, name, desc, loginServer string) (UserLogin, []APIResponse, error)

LoginAPIKey authenticates to the PCE. Login will populate the User, Key, and Org fields in the PCE instance. LoginAPIKey will create a permanent API Key with the provided name and description fields. Login server is usually be "". Specify when needed. You can also use ILLUMIO_LOGIN_SERVER environment variable.

func (*PCE) Post 

func (p *PCE) Post(endpoint string, object, createdObject interface{}) (api APIResponse, err error)

Post sends a POST request to the PCE

func (*PCE) ProvisionCS 

func (p *PCE) ProvisionCS(cs ChangeSubset, comment string) (api APIResponse, err error)

ProvisionCS provisions a ChangeSubset

func (*PCE) ProvisionHref 

func (p *PCE) ProvisionHref(hrefs []string, comment string) (APIResponse, error)

ProvisionHref provisions a slice of HREFs

func (*PCE) Put 

func (p *PCE) Put(object interface{}) (api APIResponse, err error)

Put sends a PUT request to the PCE. The object must include an Href field.

func (*PCE) UpdateADUserGroup 

func (p *PCE) UpdateADUserGroup(group ConsumingSecurityPrincipals) (APIResponse, error)

UpdateADUserGroup updates an existing AD user group in the PCE. The provided ad user group must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateContainerWkldProfiles 

func (p *PCE) UpdateContainerWkldProfiles(cp ContainerWorkloadProfile) (APIResponse, error)

UpdateContainerWkldProfiles updates an existing container workload profile in the Illumio PCE The provided container workload profile struct must include an href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateEnforcementBoundary 

func (p *PCE) UpdateEnforcementBoundary(eb EnforcementBoundary) (APIResponse, error)

UpdateEnforcementBoundary updates an existing enforcement boundary in the PCE. The provided enforcement boundary object must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateIPList 

func (p *PCE) UpdateIPList(ipList IPList) (APIResponse, error)

UpdateIPList updates an existing IP List in the PCE. The provided IP List must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateLabel 

func (p *PCE) UpdateLabel(label Label) (APIResponse, error)

UpdateLabel updates an existing label in the PCE. The provided label must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateLabelDimension 

func (p *PCE) UpdateLabelDimension(labelDimension LabelDimension) (APIResponse, error)

UpdateLabelDimension updates an existing label dimension in the PCE. The provided label dimension must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateLabelGroup 

func (p *PCE) UpdateLabelGroup(labelGroup LabelGroup) (APIResponse, error)

UpdateLabelGroup updates an existing label group in the PCE. The provided label group must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdatePermission 

func (p *PCE) UpdatePermission(permission Permission) (APIResponse, error)

UpdatePermission updates an existing permission in the PCE. The provided permission must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateRule 

func (p *PCE) UpdateRule(rule Rule) (APIResponse, error)

UpdateRule updates an existing rule in the PCE. The provided rule must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateRuleset 

func (p *PCE) UpdateRuleset(ruleset RuleSet) (APIResponse, error)

UpdateRuleset updates an existing ruleset in the PCE. The provided ruleset must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateService 

func (p *PCE) UpdateService(service Service) (APIResponse, error)

UpdateService updates an existing service object in the Illumio PCE

func (*PCE) UpdateVen 

func (p *PCE) UpdateVen(ven VEN) (api APIResponse, err error)

UpdateVEN updates an existing ven in the Illumio PCE The provided ven struct must include an href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateVirtualService 

func (p *PCE) UpdateVirtualService(virtualService VirtualService) (APIResponse, error)

UpdateVirtualService updates an existing virtual service in the PCE. The provided virtual service must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpdateWkld 

func (p *PCE) UpdateWkld(workload Workload) (APIResponse, error)

UpdateWorkload updates an existing workload in the Illumio PCE The provided workload struct must include an Href. Properties that cannot be included in the PUT method will be ignored.

func (*PCE) UpgradeVENs 

func (p *PCE) UpgradeVENs(vens []VEN, release string) (resp VenUpgradeResponse, api APIResponse, err error)

func (*PCE) UploadTraffic 

func (p *PCE) UploadTraffic(filename string, headerLine bool) (UploadFlowResults, error)

UploadTraffic uploads a csv to the PCE with traffic flows. filename should be the path to a csv file with 4 cols: src_ip, dst_ip, port, protocol (IANA numerical format 6=TCP, 17=UDP) When headerLine = true, the first line of the CSV is skipped. If there are more than 999 entries in the CSV, it creates chunks of 999

func (*PCE) VensUnpair 

func (p *PCE) VensUnpair(vens []VEN, restore string) ([]APIResponse, error)

VensUnpair unpairs workloads. There is no limit to the length of []Workloads. The method chunks the API calls into groups of 1,000 to conform to the Illumio API.

func (*PCE) WorkloadQueryLabelParameter 

func (p *PCE) WorkloadQueryLabelParameter(labelSlices [][]string) (queryParameter string, err error)

WorkloadQueryLabelParameter takes [][]string (example for after parsing a CSV). The first slice must be the label key headers (e.g., role, app, env, bu, etc.) Returns the query parameter for those labels. Each inner slice is an "AND" query The slices are put together using "OR" The PCE must be loaded with the labels

func (*PCE) WorkloadUpgrade 

func (p *PCE) WorkloadUpgrade(wkldHref, targetVersion string) (APIResponse, error)

WorkloadUpgrade upgrades the VEN version on the workload

func (*PCE) WorkloadsUnpair 

func (p *PCE) WorkloadsUnpair(wklds []Workload, restore string) ([]APIResponse, error)

WorkloadsUnpair unpairs workloads. There is no limit to the length of []Workloads. The method chunks the API calls into groups of 1,000 to conform to the Illumio API.

type PairingKey 

type PairingKey struct {
	ActivationCode string `json:"activation_code,omitempty"`
}

PairingKey represents a VEN pairing key

type PairingProfile 

type PairingProfile struct {
	Href                  string   `json:"href,omitempty"`
	Name                  string   `json:"name,omitempty"`
	VenType               string   `json:"ven_type,omitempty"`
	Description           *string  `json:"description,omitempty"`
	IsDefault             *bool    `json:"is_default,omitempty"`
	Enabled               *bool    `json:"enabled,omitempty"`
	Mode                  string   `json:"mode,omitempty"`
	VisibilityLevel       string   `json:"visibility_level,omitempty"`
	Labels                *[]Label `json:"labels,omitempty"`
	AllowedUsesPerKey     string   `json:"allowed_uses_per_key,omitempty"`
	LogTraffic            *bool    `json:"log_traffic,omitempty"`
	AppLabelLock          *bool    `json:"app_label_lock,omitempty"`
	EnvLabelLock          *bool    `json:"env_label_lock,omitempty"`
	LocLabelLock          *bool    `json:"loc_label_lock,omitempty"`
	RoleLabelLock         *bool    `json:"role_label_lock,omitempty"`
	ModeLock              *bool    `json:"mode_lock,omitempty"`
	VisibilityLevelLock   *bool    `json:"visibility_level_lock,omitempty"`
	LogTrafficLock        *bool    `json:"log_traffic_lock,omitempty"`
	KeyLifespan           string   `json:"key_lifespan,omitempty"`
	TotalUseCount         int      `json:"total_use_count,omitempty"`
	ExternalDataReference *string  `json:"external_data_reference,omitempty"`
	ExternalDataSet       *string  `json:"external_data_set,omitempty"`
	LastPairingAt         string   `json:"last_pairing_at,omitempty"`
	CreatedAt             string   `json:"created_at,omitempty"`
	CreatedBy             *Href    `json:"created_by,omitempty"`
	UpdatedAt             string   `json:"updated_at,omitempty"`
	UpdatedBy             *Href    `json:"updated_by,omitempty"`
}

PairingProfile is a pairing profile in PCE.

type Permission 

type Permission struct {
	Href                  string                 `json:"href,omitempty"`
	Role                  *Role                  `json:"role,omitempty"`
	Scope                 *[]Scopes              `json:"scope,omitempty"`
	AuthSecurityPrincipal *AuthSecurityPrincipal `json:"auth_security_principal,omitempty"`
}

type PortOverrides 

type PortOverrides struct {
	Port    int `json:"port"`
	Proto   int `json:"proto"`
	NewPort int `json:"new_port"`
}

PortOverrides override a port on a virtual service binding.

type PortProtos 

type PortProtos struct {
	Include []IncludeOrExclude `json:"include"`
	Exclude []IncludeOrExclude `json:"exclude"`
}

PortProtos represents the ports and protocols query portion of the exporer API

type Provision 

type Provision struct {
	ChangeSubset      *ChangeSubset `json:"change_subset,omitempty"`
	UpdateDescription string        `json:"update_description,omitempty"`
}

Provision is sent to the PCE to provision policy objects

type QualifyTest 

type QualifyTest struct {
	Status                    string      `json:"status"`
	IpsecServiceEnabled       interface{} `json:"ipsec_service_enabled"`
	Ipv4ForwardingEnabled     interface{} `json:"ipv4_forwarding_enabled"`
	Ipv4ForwardingPktCnt      interface{} `json:"ipv4_forwarding_pkt_cnt"`
	IptablesRuleCnt           interface{} `json:"iptables_rule_cnt"`
	Ipv6GlobalScope           interface{} `json:"ipv6_global_scope"`
	Ipv6ActiveConnCnt         interface{} `json:"ipv6_active_conn_cnt"`
	IP6TablesRuleCnt          interface{} `json:"ip6tables_rule_cnt"`
	RoutingTableConflict      interface{} `json:"routing_table_conflict"`
	IPv6Enabled               interface{} `json:"IPv6_enabled"`
	UnwantedNics              interface{} `json:"Unwanted_nics"`
	GroupPolicy               interface{} `json:"Group_policy"`
	RequiredPackagesInstalled interface{} `json:"required_packages_installed"`
	RequiredPackagesMissing   *[]string   `json:"required_packages_missing"`
}

A QualifyTest is a test run by the compatibility check

type Ransomware 

type Ransomware struct {
	Category    string   `json:"category,omitempty"`
	Severity    string   `json:"severity,omitempty"`
	OsPlatforms []string `json:"os_platforms,omitempty"`
}

type RegionsItems 

type RegionsItems struct {
	FlowsCount   int    `json:"flows_count,omitempty"`   // region result count after query limits and RBAC filtering are applied
	MatchesCount int    `json:"matches_count,omitempty"` // region query result count
	PceFqdn      string `json:"pce_fqdn"`                // fqdn of PCE region
	Responded    bool   `json:"responded"`               // supercluster region responded with query results
}

RegionsItems

type ResolveLabelsAs 

type ResolveLabelsAs struct {
	Consumers *[]string `json:"consumers"`
	Providers *[]string `json:"providers"`
}

ResolveLabelsAs - more info to follow

type Resource 

type Resource struct {
	Workload Workload `json:"workload,omitempty"`
}

type ResourceChanges 

type ResourceChanges struct {
	UUID       string   `json:"uuid,omitempty"`
	Resource   Resource `json:"resource,omitempty"`
	ChangeType string   `json:"change_type,omitempty"`
}

type Restriction 

type Restriction struct {
	Href  string `json:"href,omitempty"`
	Value string `json:"value,omitempty"`
}

Restriction is used for container workload profile labels

type Results 

type Results struct {
	QualifyTests *[]QualifyTest `json:"qualify_tests"`
}

Results contain a lists of compatibility report qualifying tests

type RiskDetail 

type RiskDetail struct {
	Ransomware *Ransomware `json:"ransomware,omitempty"`
}

type RiskSummary 

type RiskSummary struct {
	Ransomware WkldRansomware `json:"ransomware,omitempty"`
}

type Role 

type Role struct {
	Href string `json:"href,omitempty"`
}

type Rule 

type Rule struct {
	Href                        string                         `json:"href,omitempty"`
	Description                 *string                        `json:"description,omitempty"`
	Enabled                     *bool                          `json:"enabled,omitempty"`
	Consumers                   *[]ConsumerOrProvider          `json:"consumers,omitempty"`
	Providers                   *[]ConsumerOrProvider          `json:"providers,omitempty"`
	ConsumingSecurityPrincipals *[]ConsumingSecurityPrincipals `json:"consuming_security_principals,omitempty"`
	IngressServices             *[]IngressServices             `json:"ingress_services,omitempty"`
	SecConnect                  *bool                          `json:"sec_connect,omitempty"`
	Stateless                   *bool                          `json:"stateless,omitempty"`
	MachineAuth                 *bool                          `json:"machine_auth,omitempty"`
	UnscopedConsumers           *bool                          `json:"unscoped_consumers,omitempty"`
	ResolveLabelsAs             *ResolveLabelsAs               `json:"resolve_labels_as,omitempty"`
	UseWorkloadSubnets          *[]string                      `json:"use_workload_subnets,omitempty"`
	NetworkType                 string                         `json:"network_type,omitempty"` //  ["brn", "non_brn", "all"]
	ExternalDataReference       *string                        `json:"external_data_reference,omitempty"`
	ExternalDataSet             *string                        `json:"external_data_set,omitempty"`
	CreatedAt                   string                         `json:"created_at,omitempty"`
	CreatedBy                   *Href                          `json:"created_by,omitempty"`
	DeletedAt                   string                         `json:"deleted_at,omitempty"`
	DeletedBy                   *Href                          `json:"deleted_by,omitempty"`
	UpdateType                  string                         `json:"update_type,omitempty"`
	UpdatedAt                   string                         `json:"updated_at,omitempty"`
	UpdatedBy                   *Href                          `json:"updated_by,omitempty"`
}

Rule - more info to follow

func (*Rule) GetRulesetHref 

func (r *Rule) GetRulesetHref() string

GetRulesetHref returns the href of a ruleset based on the rule's href

type RuleSet 

type RuleSet struct {
	Href                  string           `json:"href,omitempty"`
	Name                  string           `json:"name,omitempty"`
	Description           *string          `json:"description,omitempty"`
	Scopes                *[][]Scopes      `json:"scopes,omitempty"`
	Enabled               *bool            `json:"enabled,omitempty"`
	Rules                 *[]Rule          `json:"rules,omitempty"`
	IPTablesRules         *[]IPTablesRules `json:"ip_tables_rules,omitempty"`
	ExternalDataReference *string          `json:"external_data_reference,omitempty"`
	ExternalDataSet       *string          `json:"external_data_set,omitempty"`
	UpdateType            string           `json:"update_type,omitempty"`
	CreatedAt             string           `json:"created_at,omitempty"`
	CreatedBy             *Href            `json:"created_by,omitempty"`
	DeletedAt             string           `json:"deleted_at,omitempty"`
	DeletedBy             *Href            `json:"deleted_by,omitempty"`
	UpdatedAt             string           `json:"updated_at,omitempty"`
	UpdatedBy             *Href            `json:"updated_by,omitempty"`
}

RuleSet - more info to follow

type Scopes 

type Scopes struct {
	Label      *Label      `json:"label,omitempty"`
	LabelGroup *LabelGroup `json:"label_group,omitempty"`
}

Scopes - more info to follow

type SecureConnect 

type SecureConnect struct {
	MatchingIssuerName string `json:"matching_issuer_name,omitempty"`
}

SecureConnect represents SecureConnect for an Agent on a Workload

type SecureConnectGateways 

type SecureConnectGateways struct {
	Href string `json:"href"`
}

SecureConnectGateways represent SecureConnectGateways in provisioning

type Service 

type Service struct {
	Href                  string            `json:"href,omitempty"`
	Name                  string            `json:"name"`
	Description           string            `json:"description,omitempty"`
	ProcessName           string            `json:"process_name,omitempty"`
	ServicePorts          *[]ServicePort    `json:"service_ports,omitempty"`
	WindowsServices       *[]WindowsService `json:"windows_services,omitempty"`
	ExternalDataReference *string           `json:"external_data_reference,omitempty"`
	ExternalDataSet       *string           `json:"external_data_set,omitempty"`
	UpdateType            string            `json:"update_type,omitempty"`
	CreatedAt             string            `json:"created_at,omitempty"`
	CreatedBy             *Href             `json:"created_by,omitempty"`
	DeletedAt             string            `json:"deleted_at,omitempty"`
	DeletedBy             *Href             `json:"deleted_by,omitempty"`
	UpdatedAt             string            `json:"updated_at,omitempty"`
	UpdatedBy             *Href             `json:"updated_by,omitempty"`
	RiskDetails           *RiskDetail       `json:"risk_details,omitempty"`
}

Service represent a service in the PCE

func (*Service) ParseService 

func (s *Service) ParseService() (windowsServices, servicePorts []string)

ParseService returns a slice of WindowsServices and ServicePorts from an Illumio service object

func (*Service) ToExplorer 

func (s *Service) ToExplorer() ([]IncludeOrExclude, []IncludeOrExclude)

ToExplorer takes a service and returns an explorer query include and exclude

type ServiceAddresses 

type ServiceAddresses struct {
	IP          string   `json:"ip,omitempty"`
	Network     *Network `json:"network,omitempty"`
	Fqdn        string   `json:"fqdn,omitempty"`
	Description string   `json:"description,omitempty"`
}

ServiceAddresses are FQDNs for Virtual Services

type ServiceBinding 

type ServiceBinding struct {
	Href           string           `json:"href,omitempty"`
	VirtualService *VirtualService  `json:"virtual_service"`
	Workload       *Workload        `json:"workload"`
	PortOverrides  *[]PortOverrides `json:"port_overrides,omitempty"`
}

A ServiceBinding binds a worklad to a Virtual Service

type ServicePort 

type ServicePort struct {
	IcmpCode int  `json:"icmp_code,omitempty"`
	IcmpType int  `json:"icmp_type,omitempty"`
	ID       int  `json:"id,omitempty"`
	Port     *int `json:"port,omitempty"` // Pointer for 0 value
	Protocol int  `json:"proto,omitempty"`
	ToPort   int  `json:"to_port,omitempty"`
}

ServicePort represent port and protocol information for a non-Windows service

type Src 

type Src struct {
	IP       string     `json:"ip"`
	Workload *Workload  `json:"workload,omitempty"`
	FQDN     string     `json:"fqdn,omitempty"`
	IPLists  *[]*IPList `json:"ip_lists"`
}

Src is the consumer workload details

type SrcOrDst 

type SrcOrDst struct {
	Include [][]IncludeOrExclude `json:"include"`
	Exclude []IncludeOrExclude   `json:"exclude"`
}

Sources represents the sources query portion of the explorer API

type Statements 

type Statements struct {
	ChainName  string `json:"chain_name"`
	Parameters string `json:"parameters"`
	TableName  string `json:"table_name"`
}

Statements are part of a custom IPTables rule

type Status 

type Status struct {
	AgentHealth              *[]AgentHealth     `json:"agent_health,omitempty"`
	AgentHealthErrors        *AgentHealthErrors `json:"agent_health_errors,omitempty"`
	AgentVersion             string             `json:"agent_version,omitempty"`
	FirewallRuleCount        int                `json:"firewall_rule_count,omitempty"`
	FwConfigCurrent          bool               `json:"fw_config_current,omitempty"`
	InstanceID               string             `json:"instance_id,omitempty"`
	LastHeartbeatOn          string             `json:"last_heartbeat_on,omitempty"`
	ManagedSince             string             `json:"managed_since,omitempty"`
	SecurityPolicyAppliedAt  string             `json:"security_policy_applied_at,omitempty"`
	SecurityPolicyReceivedAt string             `json:"security_policy_received_at,omitempty"`
	SecurityPolicyRefreshAt  string             `json:"security_policy_refresh_at,omitempty"`
	SecurityPolicySyncState  string             `json:"security_policy_sync_state,omitempty"`
	Status                   string             `json:"status,omitempty"`
	UID                      string             `json:"uid,omitempty"`
	UptimeSeconds            int                `json:"uptime_seconds,omitempty"`
}

Status represents the Status of an Agent on a Workload

type SubGroups 

type SubGroups struct {
	Href string `json:"href"`
	Name string `json:"name,omitempty"`
}

SubGroups are used by label groups.

type System 

type System struct{}

System is an empty struct for system-generated events

type Target 

type Target struct {
	Proto   int    `json:"proto,omitempty"`
	SrcIP   string `json:"src_ip,omitempty"`
	SrcPort int    `json:"src_port,omitempty"`
	DestIP  string `json:"dst_ip,omitempty"`
	DstPort int    `json:"dst_port,omitempty"`
}

Target is part of the collector flow filter

type TimestampRange 

type TimestampRange struct {
	FirstDetected string `json:"first_detected"`
	LastDetected  string `json:"last_detected"`
}

TimestampRange is used to limit queries ranges for the flow detected

type TrafficAnalysis 

type TrafficAnalysis struct {
	Dst            *Dst            `json:"dst"`
	NumConnections float64         `json:"num_connections"`
	PolicyDecision string          `json:"policy_decision"`
	ExpSrv         *ExpSrv         `json:"service"`
	Src            *Src            `json:"src"`
	TimestampRange *TimestampRange `json:"timestamp_range"`
	Transmission   string          `json:"transmission"`
}

TrafficAnalysis represents the response from the explorer API

func DedupeExplorerTraffic 

func DedupeExplorerTraffic(first, second []TrafficAnalysis) []TrafficAnalysis

DedupeExplorerTraffic takes two traffic responses and returns a de-duplicated result set

type TrafficAnalysisRequest 

type TrafficAnalysisRequest struct {
	QueryName                       *string           `json:"query_name,omitempty"` //Option to send blank query name
	Sources                         *SrcOrDst         `json:"sources"`
	Destinations                    *SrcOrDst         `json:"destinations"`
	ExplorerServices                *ExplorerServices `json:"services"`
	StartDate                       time.Time         `json:"start_date,omitempty"`
	EndDate                         time.Time         `json:"end_date,omitempty"`
	PolicyDecisions                 *[]string         `json:"policy_decisions"`
	MaxResults                      int               `json:"max_results,omitempty"`
	SourcesDestinationsQueryOp      string            `json:"sources_destinations_query_op,omitempty"`
	ExcludeWorkloadsFromIPListQuery *bool             `json:"exclude_workloads_from_ip_list_query,omitempty"`
}

TrafficAnalysisRequest is is to the traffic analysis POST request

type TrafficQuery 

type TrafficQuery struct {
	SourcesInclude      [][]string
	SourcesExclude      []string
	DestinationsInclude [][]string
	DestinationsExclude []string
	// PortProtoInclude and PortProtoExclude entries should be in the format of [port, protocol]
	// Example [80, 6] is Port 80 TCP.
	PortProtoInclude [][2]int
	PortProtoExclude [][2]int
	// PortRangeInclude and PortRangeExclude entries should be of the format [fromPort, toPort, protocol]
	// Example - [1000, 2000, 6] is Ports 1000-2000 TCP.
	PortRangeInclude                [][3]int
	PortRangeExclude                [][3]int
	ProcessInclude                  []string
	WindowsServiceInclude           []string
	ProcessExclude                  []string
	WindowsServiceExclude           []string
	StartTime                       time.Time
	EndTime                         time.Time
	PolicyStatuses                  []string
	MaxFLows                        int
	TransmissionExcludes            []string // Example: []string{"broadcast", "multicast"} will only get unicast traffic
	QueryOperator                   string   // Value should be "and" or "or". "and" is used by default
	ExcludeWorkloadsFromIPListQuery bool     // The PCE UI uses a value of true by default
}

TrafficQuery is the struct to be passed to the GetTrafficAnalysis function

type Unpair 

type Unpair struct {
	Workloads       []Workload `json:"workloads,omitempty"`        // Legacy workload endpoint
	IPTableRestore  string     `json:"ip_table_restore,omitempty"` // Legacy workload endpoint
	VENS            []VEN      `json:"vens,omitempty"`             // New VEN endpoint
	FirewallRestore string     `json:"firewall_restore,omitempty"` // New VEN endpoint
}

Unpair is the payload for using the API to unpair workloads.

type UploadFlowResults 

type UploadFlowResults struct {
	FlowResps       []FlowUploadResp
	APIResps        []APIResponse
	TotalFlowsInCSV int
}

UploadFlowResults is the struct returned to the user when using the pce.UploadTraffic() method

type Usage 

type Usage struct {
	LabelGroup         bool `json:"label_group"`
	Rule               bool `json:"rule"`
	Ruleset            bool `json:"ruleset"`
	StaticPolicyScopes bool `json:"static_policy_scopes,omitempty"`
}

Usage covers how a LabelGroup is used in the PCE. Usage is never created or updated.

type UserLogin 

type UserLogin struct {
	AuthUsername                string   `json:"auth_username,omitempty"`
	FullName                    string   `json:"full_name,omitempty"`
	Href                        string   `json:"href,omitempty"`
	InactivityExpirationMinutes int      `json:"inactivity_expiration_minutes,omitempty"`
	LastLoginIPAddress          string   `json:"last_login_ip_address,omitempty"`
	LastLoginOn                 string   `json:"last_login_on,omitempty"`
	ProductVersion              *Version `json:"product_version,omitempty"`
	SessionToken                string   `json:"session_token,omitempty"`
	TimeZone                    string   `json:"time_zone,omitempty"`
	Type                        string   `json:"type,omitempty"`
	Orgs                        []*Org   `json:"orgs,omitempty"`
	Username                    string   `json:"username,omitempty"` // Added for events
}

UserLogin represents a user logging in via password to get a session key

type VEN 

type VEN struct {
	Href             string            `json:"href,omitempty"`
	Name             *string           `json:"name,omitempty"`
	Description      *string           `json:"description,omitempty"`
	Hostname         *string           `json:"hostname,omitempty"`
	UID              string            `json:"uid,omitempty"`
	Status           string            `json:"status,omitempty"`
	Version          string            `json:"version,omitempty"`
	ActivationType   string            `json:"activation_type,omitempty"`
	ActivePceFqdn    string            `json:"active_pce_fqdn,omitempty"`
	TargetPceFqdn    *string           `json:"target_pce_fqdn,omitempty"`
	Workloads        *[]Workload       `json:"workloads,omitempty"`
	ContainerCluster *ContainerCluster `json:"container_cluster,omitempty"`
	VenType          string            `json:"ven_type,omitempty"`
	Conditions       *[]Condition      `json:"conditions,omitempty"`
	LastHeartBeatAt  string            `json:"last_heartbeat_at,omitempty"`
}

VEN is an Illumio agent. Duplicate workload fields have been left out

func (*VEN) HoursSinceLastHeartBeat 

func (v *VEN) HoursSinceLastHeartBeat() float64

HoursSinceLastHeartBeat returns the hours since the last beat. -1 is returned for unmanaged workloads or when it cannot be calculated.

type VenUpgradeError 

type VenUpgradeError struct {
	Token   string   `json:"token"`
	Message string   `json:"message"`
	Hrefs   []string `json:"hrefs"`
}

VenUpgradeError is used by VenUpgradeResponse

type VenUpgradeRequest 

type VenUpgradeRequest struct {
	VENs    []VEN  `json:"vens"`
	Release string `json:"release"`
	DryRun  bool   `json:"dry_run"`
}

VenUpgradeRequest is sent to the PCE to upgrade VENs

type VenUpgradeResponse 

type VenUpgradeResponse struct {
	VENUpgradeErrors []VenUpgradeError `json:"errors"`
}

VenUpgradeResponse is the PCE's response to a VEN upgrade request

type Version 

type Version struct {
	Version         string `json:"version"`
	Build           int    `json:"build"`
	LongDisplay     string `json:"long_display"`
	ShortDisplay    string `json:"short_display"`
	EngineeringInfo string `json:"engineering_info"`
	ReleaseInfo     string `json:"release_info,omitempty"`
	Major           int
	Minor           int
	Patch           int
}

Version is the PCE version Versions are never created or updated

type VirtualServer 

type VirtualServer struct {
	Href                    string              `json:"href,omitempty"`
	Name                    string              `json:"name,omitempty"`
	Description             *string             `json:"description,omitempty"`
	DiscoveredVirtualServer *Href               `json:"discovered_virtual_server,omitempty"`
	DvsName                 string              `json:"dvs_name,omitempty"`
	DvsIdentifier           string              `json:"dvs_identifier,omitempty"`
	Labels                  *[]Label            `json:"labels,omitempty"`
	Service                 *Service            `json:"service,omitempty"`
	Providers               *ConsumerOrProvider `json:"providers,omitempty"`
	Mode                    string              `json:"mode,omitempty"`
	CreatedAt               string              `json:"created_at,omitempty"`
	CreatedBy               *Href               `json:"created_by,omitempty"`
	DeletedAt               string              `json:"deleted_at,omitempty"`
	DeletedBy               *Href               `json:"deleted_by,omitempty"`
	UpdatedAt               string              `json:"updated_at,omitempty"`
	UpdatedBy               *Href               `json:"updated_by,omitempty"`
}

VirtualServer represents a VirtualServer in the PCE

type VirtualService 

type VirtualService struct {
	Href                  string              `json:"href,omitempty"`
	Name                  string              `json:"name,omitempty"`
	Description           *string             `json:"description,omitempty"`
	Labels                *[]Label            `json:"labels,omitempty"`
	Service               *Service            `json:"service,omitempty"`
	ServicePorts          *[]ServicePort      `json:"service_ports,omitempty"`
	ServiceAddresses      *[]ServiceAddresses `json:"service_addresses,omitempty"`
	IPOverrides           *[]string           `json:"ip_overrides,omitempty"`
	PceFqdn               string              `json:"pce_fqdn,omitempty"`
	ApplyTo               string              `json:"apply_to,omitempty"`
	ExternalDataReference string              `json:"external_data_reference,omitempty"`
	ExternalDataSet       string              `json:"external_data_set,omitempty"`
	UpdateType            string              `json:"update_type,omitempty"`
	CreatedAt             string              `json:"created_at,omitempty"`
	CreatedBy             *Href               `json:"created_by,omitempty"`
	DeletedAt             string              `json:"deleted_at,omitempty"`
	DeletedBy             *Href               `json:"deleted_by,omitempty"`
	UpdatedAt             string              `json:"updated_at,omitempty"`
	UpdatedBy             *Href               `json:"updated_by,omitempty"`
}

A VirtualService represents a Virtual Service in the Illumio PCE

func (*VirtualService) GetLabelByKey 

func (vs *VirtualService) GetLabelByKey(key string, labelMap map[string]Label) Label

GetLabelByKey returns the label object based on the provided key and label map A blank label is return if the label key is not used on the workload

func (*VirtualService) Sanitize 

func (vs *VirtualService) Sanitize()

Sanitize removes fields for an update

func (*VirtualService) SetActive 

func (vs *VirtualService) SetActive() VirtualService

SetActive changes the HREF of the Virtual Service Object to Active

type Vulnerability 

type Vulnerability struct {
	Href        string   `json:"href,omitempty"`
	Name        string   `json:"name,omitempty"`
	Description string   `json:"description,omitempty"`
	Score       int      `json:"score,omitempty"`
	CveIds      []string `json:"cve_ids,omitempty"`
	CreatedAt   string   `json:"created_at,omitempty"`
	CreatedBy   *Href    `json:"created_by,omitempty"`
	UpdatedAt   string   `json:"updated_at,omitempty"`
	UpdatedBy   *Href    `json:"updated_by,omitempty"`
}

Vulnerabilities are part of vulnerability maps. They are never created or updated.

type VulnerabilityReport 

type VulnerabilityReport struct {
	Href               string   `json:"href,omitempty"`
	Name               string   `json:"name,omitempty"`
	Authoritative      bool     `json:"authoritative,omitempty"`
	NumVulnerabilities int      `json:"num_vulnerabilities,omitempty"`
	ReportType         string   `json:"report_type,omitempty"`
	ScannedIps         []string `json:"scanned_ips,omitempty"`
	CreatedAt          string   `json:"created_at,omitempty"`
	CreatedBy          *Href    `json:"created_by,omitempty"`
	UpdatedAt          string   `json:"updated_at,omitempty"`
	UpdatedBy          *Href    `json:"updated_by,omitempty"`
}

VulnerabilityReport are part of vulnerability maps. They are never created or updated.

type VulnerabilitySummary 

type VulnerabilitySummary struct {
	NumVulnerabilities         int                        `json:"num_vulnerabilities,omitempty"`
	MaxVulnerabilityScore      int                        `json:"max_vulnerability_score,omitempty"`
	VulnerabilityScore         int                        `json:"vulnerability_score,omitempty"`
	VulnerablePortExposure     int                        `json:"vulnerable_port_exposure,omitempty"`
	VulnerablePortWideExposure VulnerablePortWideExposure `json:"vulnerable_port_wide_exposure,omitempty"`
	VulnerabilityExposureScore int                        `json:"vulnerability_exposure_score,omitempty"`
}

type VulnerablePortWideExposure 

type VulnerablePortWideExposure struct {
	Any    bool `json:"any"`
	IPList bool `json:"ip_list"`
}

type WindowsService 

type WindowsService struct {
	IcmpCode    int    `json:"icmp_code,omitempty"`
	IcmpType    int    `json:"icmp_type,omitempty"`
	Port        *int   `json:"port,omitempty"` // Pointer for 0 value
	ProcessName string `json:"process_name,omitempty"`
	Protocol    int    `json:"proto,omitempty"`
	ServiceName string `json:"service_name,omitempty"`
	ToPort      int    `json:"to_port,omitempty"`
}

WindowsService represents port, protocol, and process information for a Windows service

type WkldRansomware 

type WkldRansomware struct {
	WorkloadExposureSeverity    string    `json:"workload_exposure_severity,omitempty"`
	RansomwareProtectionPercent float64   `json:"ransomware_protection_percent,omitempty"`
	LastUpdatedAt               time.Time `json:"last_updated_at,omitempty"`
}

type WkldServices 

type WkldServices struct {
	OpenServicePorts *[]OpenServicePort `json:"open_service_ports,omitempty"`
	UptimeSeconds    int                `json:"uptime_seconds,omitempty"`
	CreatedAt        string             `json:"created_at,omitempty"`
}

WkldServices represent the Services running on a Workload

type Workload 

type Workload struct {
	Href                  string                `json:"href,omitempty"`
	Description           *string               `json:"description,omitempty"`
	Name                  *string               `json:"name,omitempty"`
	Hostname              *string               `json:"hostname,omitempty"`
	Labels                *[]Label              `json:"labels,omitempty"`
	Interfaces            *[]Interface          `json:"interfaces,omitempty"`
	IgnoredInterfaceNames *[]string             `json:"ignored_interface_names,omitempty"`
	PublicIP              *string               `json:"public_ip,omitempty"`
	Online                *bool                 `json:"online,omitempty"`
	EnforcementMode       *string               `json:"enforcement_mode,omitempty"`
	VisibilityLevel       *string               `json:"visibility_level,omitempty"`
	OsDetail              *string               `json:"os_detail,omitempty"`
	OsID                  *string               `json:"os_id,omitempty"`
	Services              *WkldServices         `json:"services,omitempty"`
	DistinguishedName     *string               `json:"distinguished_name,omitempty"`
	ServicePrincipalName  *string               `json:"service_principal_name,omitempty"`
	VEN                   *VEN                  `json:"ven,omitempty"`
	Agent                 *Agent                `json:"agent,omitempty"`
	ServiceProvider       *string               `json:"service_provider,omitempty"`
	DataCenter            *string               `json:"data_center,omitempty"`
	DataCenterZone        *string               `json:"data_center_zone,omitempty"`
	Namespace             *string               `json:"namespace,omitempty"` // Only used in Container Workloads
	VulnerabilitySummary  *VulnerabilitySummary `json:"vulnerability_summary,omitempty"`
	RiskSummary           *RiskSummary          `json:"risk_summary,omitempty"`
	ExternalDataReference *string               `json:"external_data_reference,omitempty"`
	ExternalDataSet       *string               `json:"external_data_set,omitempty"`
	CreatedAt             string                `json:"created_at,omitempty"`
	CreatedBy             *Href                 `json:"created_by,omitempty"`
	DeleteType            string                `json:"delete_type,omitempty"`
	Deleted               *bool                 `json:"deleted,omitempty"`
	DeletedAt             string                `json:"deleted_at,omitempty"`
	DeletedBy             *Href                 `json:"deleted_by,omitempty"`
	UpdatedAt             string                `json:"updated_at,omitempty"`
	UpdatedBy             *Href                 `json:"updated_by,omitempty"`
}

A Workload represents a workload in the PCE

func (*Workload) ChangeLabel 

func (w *Workload) ChangeLabel(pce PCE, targetKey, newValue string) (PCE, error)

ChangeLabel updates a workload struct with new label href. It does not call the Illumio API to update the workload in the PCE. Use pce.UpdateWorkload() or bulk update for that. The method returns the labelMapH in case it needs to create a new label.

func (*Workload) GetAppGroup 

func (w *Workload) GetAppGroup(labelMap map[string]Label) string

GetAppGroup returns the app group string of a workload in the format of App | Env. If the workload does not have an app or env label, "NO APP GROUP" is returned. Use GetAppGroupL to include the loc label in the app group.

func (*Workload) GetAppGroupL 

func (w *Workload) GetAppGroupL(labelMap map[string]Label) string

GetAppGroupL returns the app group string of a workload in the format of App | Env | Loc. If the workload does not have an app, env, or loc label, "NO APP GROUP" is returned. Use GetAppGroup to only use app and env in App Group.

func (*Workload) GetCIDR 

func (w *Workload) GetCIDR(ip string) string

GetCIDR returns the CIDR Block for a workload's IP address The CIDR value is returned as a string (e.g., "/24"). If the CIDR value is not known (e.g., unmanaged workloads) it returns "NA" If the provided IP address is not attached to the workload, GetCIDR returns "NA".

func (*Workload) GetDefaultGW 

func (w *Workload) GetDefaultGW() string

GetDefaultGW returns the default gateway for a workload. If the workload does not have a default gateway (many unmanaged workloads) it will return "NA"

func (*Workload) GetIPWithDefaultGW 

func (w *Workload) GetIPWithDefaultGW() string

GetIPWithDefaultGW returns the IP address of the interface that has the default gateway If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"

func (*Workload) GetInterfaceName 

func (w *Workload) GetInterfaceName(ip string) string

GetInterfaceName returns the interface name for a workload's IP address If the provided IP address is not attached to the workload, GetInterfaceName returns "NA".

func (*Workload) GetIsPWithDefaultGW 

func (w *Workload) GetIsPWithDefaultGW() (ipAddresses []string)

func (*Workload) GetLabelByKey 

func (w *Workload) GetLabelByKey(key string, labelMap map[string]Label) Label

GetLabelByKey returns the label object based on the provided key and label map A blank label is return if the label key is not used on the workload

func (*Workload) GetMode 

func (w *Workload) GetMode() string

GetMode returns the mode of the workloads. The returned value in 20.2 and newer PCEs will be unmanaged, idle, visibility_only, full, or selective. For visibility levels, use the w.GetVisibilityLevel() method.

The returned value in 20.1 and lower PCEs will be unmanaged, idle, build, test, enforced-no, enforced-low, enforced-high. The enforced options represent no logging, low details, and high detail.

func (*Workload) GetNetMask 

func (w *Workload) GetNetMask(ip string) string

GetNetMask returns the netmask for a workload's IP address The value is returned as a string (e.g., "255.0.0.0") If the value is not known (e.g., unmanaged workloads) it returns "NA" If the provided IP address is not attached to the workload, GetNetMask returns "NA".

func (*Workload) GetNetMaskWithDefaultGW 

func (w *Workload) GetNetMaskWithDefaultGW() string

GetNetMaskWithDefaultGW returns the netmask of the ip address that has the default gateway If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"

func (*Workload) GetNetwork 

func (w *Workload) GetNetwork(ip string) string

GetNetwork returns the network of a workload's IP address.

func (*Workload) GetNetworkWithDefaultGateway 

func (w *Workload) GetNetworkWithDefaultGateway() string

GetNetworkWithDefaultGateway returns the CIDR notation of the network of the interface with the default gateway. If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"

func (*Workload) GetVisibilityLevel 

func (w *Workload) GetVisibilityLevel() string

GetVisibilityLevel returns unmanaged, blocked_allowed, blocked, or off.

func (*Workload) HoursSinceLastHeartBeat 

func (w *Workload) HoursSinceLastHeartBeat() float64

HoursSinceLastHeartBeat returns the hours since the last beat. -9999 is returned for unmanaged workloads or when it cannot be calculated.

func (*Workload) SanitizeBulkUpdate 

func (w *Workload) SanitizeBulkUpdate()

SanitizeBulkUpdate removes the properites necessary for a bulk update

func (*Workload) SanitizePut 

func (w *Workload) SanitizePut()

SanitizePut removes the necessary properties to update a workload.

func (*Workload) SetMode 

func (w *Workload) SetMode(m string) error

SetMode adjusts the workload to reflect the assigned mode. Nothing is changed in the PCE. To reflect the change in the PCE use SetMode method followed by PCE.UpdateWorkload() method.

Valid options in 20.2 and newer PCEs are idle, visibility_only, full, and selective. For visibility levels, use the w.SetVisibilityLevel() method.

Valid options in 20.1 and lower PCEs are idle, build, test, enforced-no, enforced-low, enforced-high. The enforced options represent no logging, low details, and high detail.

func (*Workload) SetVisibilityLevel 

func (w *Workload) SetVisibilityLevel(v string) error

SetVisibilityLevel adjusts the workload to reflect the assigned visibility level. Nothing is changed in the PCE. To reflect the change in the PCE use SetVisibilityLevel method followed by PCE.UpdateWorkload() method.

Valid options in 20.2 and newer PCEs are flow_summary (blocked_allowed), flow_drops (blocked), flow_off (off), or enhanced_data_collection. The options in paranthesis are the UI values. Both are acceptable.

20.1 PCEs and lower do not use this method.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.