Documentation ¶
Index ¶
- Variables
- func AvailableRolesSlice() (roles []string)
- func LabelsToRuleStructure(labels []Label) (results [][]Label, err error)
- func ParseObjectType(href string) string
- func ProtocolList() map[int]string
- func Ptr[T any](v T) *T
- func PtrToVal[T any](ptr *T) T
- type APIKey
- type APIResponse
- type Actors
- type Agent
- type AgentHealth
- type AgentHealthErrors
- type Assignment
- type AsyncTrafficQuery
- type AuthSecurityPrincipal
- type Authentication
- type BulkResponse
- type ChangeSubset
- type CompatibilityReport
- type Condition
- type Config
- type ConsumerOrProvider
- type ConsumingSecurityPrincipals
- type ContainerCluster
- type ContainerWorkloadProfile
- type DisplayInfo
- type Dst
- type EnforcementBoundary
- type Error
- type Event
- type EventCreatedBy
- type ExpSrv
- type ExplorerServices
- type FQDN
- type FirewallSettings
- type FlowFilter
- type FlowUploadResp
- type Href
- type IPAddress
- type IPList
- type IPRange
- type IPTablesRules
- type IllumioSecurityTemplate
- type IllumioSecurityTemplateFile
- type IncludeOrExclude
- type IncreaseTrafficUpdateReq
- type Info
- type IngressServices
- type Interface
- type Label
- type LabelDimension
- type LabelDimensionUsage
- type LabelGroup
- type LabelUsage
- type LatestEvent
- type LoadInput
- type Network
- type Notifications
- type OpenServicePort
- type Org
- type PCE
- func (p *PCE) BulkVS(virtualServices []VirtualService, method string, stdoutLogs bool) ([]APIResponse, error)
- func (p *PCE) BulkWorkload(workloads []Workload, method string, stdoutLogs bool) ([]APIResponse, error)
- func (p *PCE) CreateADUserGroup(group ConsumingSecurityPrincipals) (createdGroup ConsumingSecurityPrincipals, api APIResponse, err error)
- func (p *PCE) CreateAsyncTrafficRequest(t TrafficAnalysisRequest) (asyncQuery AsyncTrafficQuery, api APIResponse, err error)
- func (p *PCE) CreateAuthSecurityPrincipal(authSecPrincipal AuthSecurityPrincipal) (createdAuthSecPrincipal AuthSecurityPrincipal, api APIResponse, err error)
- func (p *PCE) CreateEnforcementBoundary(eb EnforcementBoundary) (createdEB EnforcementBoundary, api APIResponse, err error)
- func (p *PCE) CreateFlowFilter(flowFilter FlowFilter) (createdFlowFilter FlowFilter, api APIResponse, err error)
- func (p *PCE) CreateIPList(ipList IPList) (createdIPL IPList, api APIResponse, err error)
- func (p *PCE) CreateLabel(label Label) (createdLabel Label, api APIResponse, err error)
- func (p *PCE) CreateLabelDimension(labelDimension LabelDimension) (createdLabelDimension LabelDimension, api APIResponse, err error)
- func (p *PCE) CreateLabelGroup(labelGroup LabelGroup) (createdLabelGroup LabelGroup, api APIResponse, err error)
- func (p *PCE) CreatePairingKey(pairingProfile PairingProfile) (pairingKey PairingKey, api APIResponse, err error)
- func (p *PCE) CreatePairingProfile(pairingProfile PairingProfile) (createdPairingProfile PairingProfile, api APIResponse, err error)
- func (p *PCE) CreatePermission(permission Permission) (createdPermission Permission, api APIResponse, err error)
- func (p *PCE) CreateRule(rulesetHref string, rule Rule) (createdRule Rule, api APIResponse, err error)
- func (p *PCE) CreateRuleset(rs RuleSet) (createdRS RuleSet, api APIResponse, err error)
- func (p *PCE) CreateService(service Service) (createdService Service, api APIResponse, err error)
- func (p *PCE) CreateServiceBinding(serviceBindings []ServiceBinding) (createdServiceBindings []ServiceBinding, api APIResponse, err error)
- func (p *PCE) CreateTrafficRequest(t TrafficAnalysisRequest) (returnedTraffic []TrafficAnalysis, api APIResponse, err error)
- func (p *PCE) CreateTrafficRequestCsv(t TrafficAnalysisRequest, draftResults bool) (returnedTraffic [][]string, api APIResponse, err error)
- func (p *PCE) CreateVirtualService(virtualService VirtualService) (createdVirtualService VirtualService, api APIResponse, err error)
- func (p *PCE) CreateWkld(wkld Workload) (createdWkld Workload, api APIResponse, err error)
- func (p *PCE) DeleteEnforcementBoundary(eb EnforcementBoundary) (APIResponse, error)
- func (p *PCE) DeleteHref(href string) (APIResponse, error)
- func (p *PCE) ExpandLabelGroup(href string) (labelHrefs []string)
- func (p *PCE) FindObject(href string) (key, name string, err error)
- func (p *PCE) GetADUserGroups(queryParameters map[string]string) (api APIResponse, err error)
- func (p *PCE) GetAllAPIKeys(userHref string) ([]APIKey, APIResponse, error)
- func (p *PCE) GetAsyncQueries(queryParameters map[string]string) (asyncQueries []AsyncTrafficQuery, api APIResponse, err error)
- func (p *PCE) GetAsyncQueryResults(aq AsyncTrafficQuery) (returnedTraffic []TrafficAnalysis, api APIResponse, err error)
- func (p *PCE) GetAsyncQueryResultsCsv(aq AsyncTrafficQuery, draftPolicy bool) (csvData [][]string, api APIResponse, err error)
- func (p *PCE) GetAuthSecurityPrincipal(queryParameters map[string]string) (api APIResponse, err error)
- func (p *PCE) GetCollection(endpoint string, async bool, queryParameters map[string]string, ...) (APIResponse, error)
- func (p *PCE) GetCollectionHeaders(endpoint string, async bool, queryParameters, headers map[string]string, ...) (APIResponse, error)
- func (p *PCE) GetCompatibilityReport(w Workload) (cr CompatibilityReport, api APIResponse, err error)
- func (p *PCE) GetContainerClusters(queryParameters map[string]string) (api APIResponse, err error)
- func (p *PCE) GetContainerWkldProfiles(queryParameters map[string]string, containerClusterID string) (api APIResponse, err error)
- func (p *PCE) GetContainerWklds(queryParameters map[string]string) (api APIResponse, err error)
- func (p *PCE) GetEnforcementBoundaries(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
- func (p *PCE) GetEnforcementBoundaryByHref(href string) (eb EnforcementBoundary, api APIResponse, err error)
- func (p *PCE) GetEvents(queryParameters map[string]string) (events []Event, api APIResponse, err error)
- func (p *PCE) GetHref(href string, response interface{}) (APIResponse, error)
- func (p *PCE) GetIPListByName(name string, pStatus string) (IPList, APIResponse, error)
- func (p *PCE) GetIPLists(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
- func (p *PCE) GetLabelByHref(href string) (Label, APIResponse, error)
- func (p *PCE) GetLabelByKeyValue(key, value string) (Label, APIResponse, error)
- func (p *PCE) GetLabelDimensions(queryParameters map[string]string) (api APIResponse, err error)
- func (p *PCE) GetLabelGroups(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
- func (p *PCE) GetLabels(queryParameters map[string]string) (api APIResponse, err error)
- func (p *PCE) GetPairingProfiles(queryParameters map[string]string) (pairingProfiles []PairingProfile, api APIResponse, err error)
- func (p *PCE) GetPendingChanges() (cs ChangeSubset, api APIResponse, err error)
- func (p *PCE) GetPermissions(queryParameters map[string]string) (api APIResponse, err error)
- func (p *PCE) GetRoles(queryParameters map[string]string) (api APIResponse, err error)
- func (p *PCE) GetRuleByHref(href string) (rule Rule, api APIResponse, err error)
- func (p *PCE) GetRulesetByHref(href string) (ruleset RuleSet, api APIResponse, err error)
- func (p *PCE) GetRulesets(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
- func (p *PCE) GetServiceBindings(queryParameters map[string]string) (serviceBindings []ServiceBinding, api APIResponse, err error)
- func (p *PCE) GetServices(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
- func (p *PCE) GetTrafficAnalysis(q TrafficQuery) (returnedTraffic []TrafficAnalysis, api APIResponse, err error)
- func (p *PCE) GetTrafficAnalysisCsv(q TrafficQuery, draftResults bool) (returnedTraffic [][]string, api APIResponse, err error)
- func (p *PCE) GetVenByHostname(hostname string) (VEN, APIResponse, error)
- func (p *PCE) GetVenByHref(href string) (ven VEN, api APIResponse, err error)
- func (p *PCE) GetVens(queryParameters map[string]string) (api APIResponse, err error)
- func (p *PCE) GetVersion() (version Version, api APIResponse, err error)
- func (p *PCE) GetVirtualServers(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
- func (p *PCE) GetVirtualServiceByHref(href string) (virtualService VirtualService, api APIResponse, err error)
- func (p *PCE) GetVirtualServiceByName(name string, pStatus string) (VirtualService, APIResponse, error)
- func (p *PCE) GetVirtualServices(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
- func (p *PCE) GetVulnReports(queryParameters map[string]string) (vulnReports []VulnerabilityReport, api APIResponse, err error)
- func (p *PCE) GetVulns(queryParameters map[string]string) (vulns []Vulnerability, api APIResponse, err error)
- func (p *PCE) GetWkldByHostname(hostname string) (wkld Workload, api APIResponse, err error)
- func (p *PCE) GetWkldByHref(href string) (wkld Workload, api APIResponse, err error)
- func (p *PCE) GetWklds(queryParameters map[string]string) (api APIResponse, err error)
- func (p *PCE) GetWkldsByHrefList(hrefs []string, single bool) (apiResps []APIResponse, err error)
- func (p *PCE) IncreaseTrafficUpdateRate(wklds []Workload) (APIResponse, error)
- func (p *PCE) Load(l LoadInput, multiThread bool) (apiResps map[string]APIResponse, err error)
- func (p *PCE) Login(user, password, loginServer string) (UserLogin, []APIResponse, error)
- func (p *PCE) LoginAPIKey(user, password, name, desc, loginServer string) (UserLogin, []APIResponse, error)
- func (p *PCE) Post(endpoint string, object, createdObject interface{}) (api APIResponse, err error)
- func (p *PCE) ProvisionCS(cs ChangeSubset, comment string) (api APIResponse, err error)
- func (p *PCE) ProvisionHref(hrefs []string, comment string) (APIResponse, error)
- func (p *PCE) Put(object interface{}) (api APIResponse, err error)
- func (p *PCE) UpdateADUserGroup(group ConsumingSecurityPrincipals) (APIResponse, error)
- func (p *PCE) UpdateContainerWkldProfiles(cp ContainerWorkloadProfile) (APIResponse, error)
- func (p *PCE) UpdateEnforcementBoundary(eb EnforcementBoundary) (APIResponse, error)
- func (p *PCE) UpdateIPList(ipList IPList) (APIResponse, error)
- func (p *PCE) UpdateLabel(label Label) (APIResponse, error)
- func (p *PCE) UpdateLabelDimension(labelDimension LabelDimension) (APIResponse, error)
- func (p *PCE) UpdateLabelGroup(labelGroup LabelGroup) (APIResponse, error)
- func (p *PCE) UpdatePermission(permission Permission) (APIResponse, error)
- func (p *PCE) UpdateRule(rule Rule) (APIResponse, error)
- func (p *PCE) UpdateRuleset(ruleset RuleSet) (APIResponse, error)
- func (p *PCE) UpdateService(service Service) (APIResponse, error)
- func (p *PCE) UpdateVen(ven VEN) (api APIResponse, err error)
- func (p *PCE) UpdateVirtualService(virtualService VirtualService) (APIResponse, error)
- func (p *PCE) UpdateWkld(workload Workload) (APIResponse, error)
- func (p *PCE) UpgradeVENs(vens []VEN, release string) (resp VenUpgradeResponse, api APIResponse, err error)
- func (p *PCE) UploadTraffic(filename string, headerLine bool) (UploadFlowResults, error)
- func (p *PCE) VensUnpair(vens []VEN, restore string) ([]APIResponse, error)
- func (p *PCE) WorkloadQueryLabelParameter(labelSlices [][]string) (queryParameter string, err error)
- func (p *PCE) WorkloadUpgrade(wkldHref, targetVersion string) (APIResponse, error)
- func (p *PCE) WorkloadsUnpair(wklds []Workload, restore string) ([]APIResponse, error)
- type PairingKey
- type PairingProfile
- type Permission
- type PortOverrides
- type PortProtos
- type Provision
- type QualifyTest
- type Ransomware
- type RegionsItems
- type ResolveLabelsAs
- type Resource
- type ResourceChanges
- type Restriction
- type Results
- type RiskDetail
- type RiskSummary
- type Role
- type Rule
- type RuleSet
- type Scopes
- type SecureConnect
- type SecureConnectGateways
- type Service
- type ServiceAddresses
- type ServiceBinding
- type ServicePort
- type Src
- type SrcOrDst
- type Statements
- type Status
- type SubGroups
- type System
- type Target
- type TimestampRange
- type TrafficAnalysis
- type TrafficAnalysisRequest
- type TrafficQuery
- type Unpair
- type UploadFlowResults
- type Usage
- type UserLogin
- type VEN
- type VenUpgradeError
- type VenUpgradeRequest
- type VenUpgradeResponse
- type Version
- type VirtualServer
- type VirtualService
- type Vulnerability
- type VulnerabilityReport
- type VulnerabilitySummary
- type VulnerablePortWideExposure
- type WindowsService
- type WkldRansomware
- type WkldServices
- type Workload
- func (w *Workload) ChangeLabel(pce PCE, targetKey, newValue string) (PCE, error)
- func (w *Workload) GetAppGroup(labelMap map[string]Label) string
- func (w *Workload) GetAppGroupL(labelMap map[string]Label) string
- func (w *Workload) GetCIDR(ip string) string
- func (w *Workload) GetDefaultGW() string
- func (w *Workload) GetIPWithDefaultGW() string
- func (w *Workload) GetInterfaceName(ip string) string
- func (w *Workload) GetIsPWithDefaultGW() (ipAddresses []string)
- func (w *Workload) GetLabelByKey(key string, labelMap map[string]Label) Label
- func (w *Workload) GetMode() string
- func (w *Workload) GetNetMask(ip string) string
- func (w *Workload) GetNetMaskWithDefaultGW() string
- func (w *Workload) GetNetwork(ip string) string
- func (w *Workload) GetNetworkWithDefaultGateway() string
- func (w *Workload) GetVisibilityLevel() string
- func (w *Workload) HoursSinceLastHeartBeat() float64
- func (w *Workload) SanitizeBulkUpdate()
- func (w *Workload) SanitizePut()
- func (w *Workload) SetMode(m string) error
- func (w *Workload) SetVisibilityLevel(v string) error
Constants ¶
This section is empty.
Variables ¶
var AvailableRoles = map[string]bool{ "read_only": true, "admin": true, "owner": true, "ruleset_manager": true, "ruleset_provisioner": true, "global_object_provisioner": true, "limited_ruleset_manager": true, "workload_manager": true, "ruleset_viewer": true, }
Avaiable roles
var Verbose bool
Functions ¶
func AvailableRolesSlice ¶
func AvailableRolesSlice() (roles []string)
func LabelsToRuleStructure ¶
LabelsToRuleStructure takes a slice of labels and returns a slice of slices for how the labels would be organized as read by the PCE rule processing. For example {"A-ERP", "A-CRM", "E-PROD"} will return [{"A-ERP, E-PROD"}. {"A-CRM", "E-PROD"}]
func ParseObjectType ¶
ParseObjectType takes an href and returns one of the following options: iplist, label, label_group, virtual_service, workload, or unknown.
func ProtocolList ¶
ProtocolList returns a map for the IANA protocol numbers.
Types ¶
type APIKey ¶
type APIKey struct { Href string `json:"href,omitempty"` KeyID string `json:"key_id,omitempty"` AuthUsername string `json:"auth_username,omitempty"` CreatedAt string `json:"created_at,omitempty"` Name string `json:"name,omitempty"` Description string `json:"description,omitempty"` Secret string `json:"secret,omitempty"` }
APIKey represents an API Key
type APIResponse ¶
type APIResponse struct { RespBody string StatusCode int Header http.Header Request *http.Request ReqBody string Warnings []string }
APIResponse contains the information from the response of the API
type Actors ¶
type Actors struct { Actors *string `json:"actors,omitempty"` Label *Label `json:"label,omitempty"` LabelGroup *LabelGroup `json:"label_group,omitempty"` Workload *Workload `json:"workload,omitempty"` }
Actors are part of consumer or providers for rules and boundaries.
type Agent ¶
type Agent struct { Href string `json:"href,omitempty"` ActivePceFqdn string `json:"active_pce_fqdn,omitempty"` TargetPceFqdn string `json:"target_pce_fqdn,omitempty"` Config *Config `json:"config,omitempty"` SecureConnect *SecureConnect `json:"secure_connect,omitempty"` Status *Status `json:"status,omitempty"` Hostname string `json:"hostname,omitempty"` // Added this for events }
An Agent is an Agent on a Workload
type AgentHealth ¶
type AgentHealth struct { AuditEvent string `json:"audit_event,omitempty"` Severity string `json:"severity,omitempty"` Type string `json:"type,omitempty"` }
AgentHealth represents the Agent Health of the Status of a Workload
type AgentHealthErrors ¶
type AgentHealthErrors struct { Errors []string `json:"errors,omitempty"` Warnings []string `json:"warnings,omitempty"` }
AgentHealthErrors represents the Agent Health Errors of the Status of a Workload This is depreciated - use AgentHealth
type Assignment ¶
type AsyncTrafficQuery ¶
type AsyncTrafficQuery struct { CreatedAt string `json:"created_at,omitempty"` // Timestamp in UTC when this query was created CreatedBy *Href `json:"created_by,omitempty"` FlowsCount int `json:"flows_count,omitempty"` // result count after query limits and RBAC filtering are applied Href string `json:"href,omitempty"` // Query URI MatchesCount int `json:"matches_count,omitempty"` // query result count QueryParameters *TrafficAnalysisRequest `json:"query_parameters"` // Explorer query parameters Regions *[]RegionsItems `json:"regions,omitempty"` // Region-specific response metadata Result string `json:"result,omitempty"` // Result download URI, availble only if status is completed Status string `json:"status"` // Current query status UpdatedAt string `json:"updated_at,omitempty"` // Timestamp in UTC when this async query was last updated. Rules string `json:"rules,omitempty"` }
Root Asynchronous explorer query status
type AuthSecurityPrincipal ¶
type Authentication ¶
type Authentication struct {
AuthToken string `json:"auth_token"`
}
Authentication represents the response of the Authenticate API
type BulkResponse ¶
type BulkResponse struct { Href string `json:"href"` Status string `json:"status"` Token string `json:"token"` Message string `json:"message"` Errors []Error `json:"errors"` }
BulkResponse is the data structure for the bulk response API
type ChangeSubset ¶
type ChangeSubset struct { FirewallSettings []*FirewallSettings `json:"firewall_settings,omitempty"` IPLists []*IPList `json:"ip_lists,omitempty"` LabelGroups []*LabelGroup `json:"label_groups,omitempty"` RuleSets []*RuleSet `json:"rule_sets,omitempty"` SecureConnectGateways []*SecureConnectGateways `json:"secure_connect_gateways,omitempty"` Services []*Service `json:"services,omitempty"` VirtualServers []*VirtualServer `json:"virtual_servers,omitempty"` VirtualServices []*VirtualService `json:"virtual_services,omitempty"` EnforcementBoundaries []*EnforcementBoundary `json:"enforcement_boundaries,omitempty"` }
ChangeSubset Hash of pending hrefs, organized by model
type CompatibilityReport ¶
type CompatibilityReport struct { Results *Results `json:"results"` LastUpdatedAt string `json:"last_updated_at"` QualifyStatus string `json:"qualify_status"` }
CompatibilityReport is available in idle workloads. A CompatibilityReport is never created or updated.
type Condition ¶
type Condition struct { FirstReportedTimestamp time.Time `json:"first_reported_timestamp"` LatestEvent *LatestEvent `json:"latest_event"` }
A condition is used by the VEN Conditions are never created or upgraded
type Config ¶
type Config struct { LogTraffic bool `json:"log_traffic"` Mode string `json:"mode,omitempty"` SecurityPolicyUpdateMode string `json:"security_policy_update_mode,omitempty"` VisibilityLevel string `json:"visibility_level,omitempty"` }
Config represents the Configuration of an Agent on a Workload
type ConsumerOrProvider ¶
type ConsumerOrProvider struct { Actors *string `json:"actors,omitempty"` IPList *IPList `json:"ip_list,omitempty"` Label *Label `json:"label,omitempty"` LabelGroup *LabelGroup `json:"label_group,omitempty"` VirtualServer *VirtualServer `json:"virtual_server,omitempty"` VirtualService *VirtualService `json:"virtual_service,omitempty"` Workload *Workload `json:"workload,omitempty"` Exclusion *bool `json:"exclusion,omitempty"` }
ConsumerOrProvider is used by rules and enforcement boundaries.
type ConsumingSecurityPrincipals ¶
type ConsumingSecurityPrincipals struct { Deleted bool `json:"deleted,omitempty"` Description string `json:"description,omitempty"` Href string `json:"href,omitempty"` Name string `json:"name,omitempty"` SID string `json:"sid,omitempty"` UsedByRuleSet bool `json:"used_by_ruleset,omitempty"` }
ConsumingSecurityPrincipals are AD user groups
type ContainerCluster ¶
type ContainerCluster struct { Href string `json:"href,omitempty"` Name string `json:"name,omitempty"` Description *string `json:"description,omitempty"` ContainerRuntime string `json:"container_runtime,omitempty"` ManagerType string `json:"manager_type,omitempty"` Online *bool `json:"online,omitempty"` KubelinkVersion string `json:"kubelink_version,omitempty"` PceFqdn string `json:"pce_fqdn,omitempty"` }
ContainerCluster represents a Kubernetes cluster
func (*ContainerCluster) ID ¶
func (c *ContainerCluster) ID() string
type ContainerWorkloadProfile ¶
type ContainerWorkloadProfile struct { Href string `json:"href,omitempty"` Name *string `json:"name"` // API expects null for name to remove it. Always sent. Namespace string `json:"namespace,omitempty"` Description *string `json:"description,omitempty"` Labels *[]Label `json:"labels,omitempty"` EnforcementMode *string `json:"enforcement_mode,omitempty"` VisibilityLevel *string `json:"visibility_level,omitempty"` Managed *bool `json:"managed,omitempty"` Linked *bool `json:"linked,omitempty"` ClusterName string `json:"-"` CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` }
ContainerWorkloadProfile is a Kubernetes namespace
func (*ContainerWorkloadProfile) GetLabelByKey ¶
func (c *ContainerWorkloadProfile) GetLabelByKey(key string) string
GetLabelByKey returns the value for a provided label key
func (*ContainerWorkloadProfile) RemoveLabel ¶
func (c *ContainerWorkloadProfile) RemoveLabel(key string) error
SetLabelByKey sets the specified label
func (*ContainerWorkloadProfile) SanitizeContainerWorkloadProfilePut ¶
func (c *ContainerWorkloadProfile) SanitizeContainerWorkloadProfilePut()
SanitizeContainerWorkloadProfilePut removes fields not acceptable to the put method.
type DisplayInfo ¶
type Dst ¶
type Dst struct { IP string `json:"ip"` Workload *Workload `json:"workload,omitempty"` FQDN string `json:"fqdn,omitempty"` IPLists *[]*IPList `json:"ip_lists"` }
Dst is the provider workload details
type EnforcementBoundary ¶
type EnforcementBoundary struct { Href string `json:"href,omitempty"` Name string `json:"name,omitempty"` Providers *[]ConsumerOrProvider `json:"providers,omitempty"` Consumers *[]ConsumerOrProvider `json:"consumers,omitempty"` IngressServices *[]IngressServices `json:"ingress_services,omitempty"` Enabled *bool `json:"enabled,omitempty"` NetworkType string `json:"network_type,omitempty"` // ["brn", "non_brn", "all"] CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` DeletedAt string `json:"deleted_at,omitempty"` DeletedBy *Href `json:"deleted_by,omitempty"` UpdateType string `json:"update_type,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` }
An EnforcementBoundary is part of Illumio policy to dicated where policy is enforced.
type Event ¶
type Event struct { Href string `json:"href"` Timestamp time.Time `json:"timestamp"` PceFqdn string `json:"pce_fqdn"` EventCreatedBy *EventCreatedBy `json:"created_by"` EventType string `json:"event_type"` Status string `json:"status"` Severity string `json:"severity"` Notifications *[]Notifications `json:"notifications"` ResourceChanges *[]ResourceChanges `json:"resource_changes,omitempty"` }
Event represents an auditable event in the Illumio PCE Events cannot be created or updated.
func (*Event) PopulateCreatedBy ¶
func (e *Event) PopulateCreatedBy()
type EventCreatedBy ¶
type EventCreatedBy struct { Agent Agent `json:"agent"` User UserLogin `json:"user"` ContainerCluster ContainerCluster `json:"container_cluster"` System System `json:"system,omitempty"` Name string Href string }
EventCreatedBy is who created the event
type ExpSrv ¶
type ExpSrv struct { Port int `json:"port,omitempty"` Proto int `json:"proto,omitempty"` Process string `json:"process_name,omitempty"` User string `json:"user_name,omitempty"` WindowsService string `json:"windows_service_name,omitempty"` }
ExpSrv is a service in the explorer response
type ExplorerServices ¶
type ExplorerServices struct { Include []IncludeOrExclude `json:"include"` Exclude []IncludeOrExclude `json:"exclude"` }
ExplorerServices represent services to be included or excluded in the explorer query
type FQDN ¶
type FQDN struct {
FQDN string `json:"fqdn,omitempty"`
}
FQDN represents an FQDN in an IPList
type FirewallSettings ¶
type FirewallSettings struct {
Href string `json:"href"`
}
FirewallSettings are a provisionable object
type FlowFilter ¶
type FlowFilter struct { Href string `json:"href,omitempty"` Action string `json:"action,omitempty"` // drop or aggregate Transmission string `json:"transmission,omitempty"` // broadcast, multicast, unicast Target *Target `json:"target,omitempty"` }
A flowfilter is a collector filter
type FlowUploadResp ¶
type FlowUploadResp struct { NumFlowsReceived int `json:"num_flows_received"` NumFlowsFailed int `json:"num_flows_failed"` FailedFlows []*string `json:"failed_flows,omitempty"` }
FlowUploadResp is the response from the traffic upload API
type Href ¶
type Href struct {
Href string `json:"href"`
}
Href is used for CreatedBy, UpdatedBy, etc. that require just an href.
type IPAddress ¶
type IPAddress struct {
Value string `json:"value,omitempty"`
}
IPAddress represents an IP Address
type IPList ¶
type IPList struct { Href string `json:"href,omitempty"` Name string `json:"name,omitempty"` Description *string `json:"description,omitempty"` IPRanges *[]IPRange `json:"ip_ranges,omitempty"` FQDNs *[]FQDN `json:"fqdns,omitempty"` Size int `json:"size,omitempty"` ExternalDataReference *string `json:"external_data_reference,omitempty"` ExternalDataSet *string `json:"external_data_set,omitempty"` CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` DeletedAt string `json:"deleted_at,omitempty"` DeletedBy *Href `json:"deleted_by,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` }
IPList represents an IP List in the PCE.
type IPRange ¶
type IPRange struct { Description string `json:"description,omitempty"` Exclusion bool `json:"exclusion,omitempty"` FromIP string `json:"from_ip,omitempty"` ToIP string `json:"to_ip,omitempty"` }
IPRange repsents one of the IP ranges of an IP List. IPRanges are never updated in place (not using pointers)
type IPTablesRules ¶
type IPTablesRules struct { Actors *[]Actors `json:"actors"` Description *string `json:"description,omitempty"` Enabled *bool `json:"enabled"` Href string `json:"href"` IPVersion string `json:"ip_version"` Statements *[]Statements `json:"statements"` }
IPTablesRules - more info to follow
type IllumioSecurityTemplate ¶
type IllumioSecurityTemplate struct { Name string `json:"name"` Version int `json:"version"` OsFamily string `json:"os_family"` Icon string `json:"icon"` CompatiblePceVersions *[]int `json:"compatible_pce_versions"` Labels *[]Label `json:"labels,omitempty"` IPLists *[]IPList `json:"ip_lists,omitempty"` Services *[]Service `json:"services,omitempty"` }
IllumioSecurityTemplate contains Labels, IP Lists, Services
type IllumioSecurityTemplateFile ¶
type IllumioSecurityTemplateFile struct {
IllumioSecurityTemplates []*IllumioSecurityTemplate `json:"illumio_security_templates"`
}
IllumioSecurityTemplateFile is a file with a slice of templates
func ParseTemplateFile ¶
func ParseTemplateFile(filename string) (IllumioSecurityTemplateFile, error)
ParseTemplateFile imports a JSON template file into the PCE
type IncludeOrExclude ¶
type IncludeOrExclude struct { Actors string `json:"actors,omitempty"` Label *Label `json:"label,omitempty"` Workload *Workload `json:"workload,omitempty"` IPList *IPList `json:"ip_list,omitempty"` IPAddress *IPAddress `json:"ip_address,omitempty"` Port int `json:"port,omitempty"` ToPort int `json:"to_port,omitempty"` Proto int `json:"proto,omitempty"` Process string `json:"process_name,omitempty"` WindowsService string `json:"windows_service_name,omitempty"` Transmission string `json:"transmission,omitempty"` }
IncludeOrExclude is used in traffic queries.
func CreateIncludeOrExclude ¶
func CreateIncludeOrExclude(objects []string, include bool) (IncOrExc []IncludeOrExclude, err error)
type IncreaseTrafficUpdateReq ¶
type IncreaseTrafficUpdateReq struct {
Workloads []Workload `json:"workloads"`
}
type Info ¶
type Info struct { APIEndpoint string `json:"api_endpoint"` APIMethod string `json:"api_method"` SrcIP string `json:"src_ip"` VEN *VEN `json:"ven,omitempty"` Agent *Agent `json:"agent,omitempty"` }
Info are notification info
type IngressServices ¶
type IngressServices struct { Port *int `json:"port,omitempty"` Protocol *int `json:"proto,omitempty"` ToPort *int `json:"to_port,omitempty"` Href string `json:"href,omitempty"` }
IngressServices - more info to follow
type Interface ¶
type Interface struct { Name string `json:"name,omitempty"` FriendlyName string `json:"friendly_name,omitempty"` Address string `json:"address,omitempty"` CidrBlock *int `json:"cidr_block,omitempty"` // Pointer to handle /0 vs. no Cidr provided DefaultGatewayAddress string `json:"default_gateway_address,omitempty"` LinkState string `json:"link_state,omitempty"` }
An Interface represent the network interface of a workload An interface can never be updated or created
type Label ¶
type Label struct { Href string `json:"href,omitempty"` Key string `json:"key,omitempty"` Value string `json:"value,omitempty"` LabelUsage *LabelUsage `json:"usage,omitempty"` Assignment *Assignment `json:"assignment,omitempty"` Restriction *[]Restriction `json:"restriction,omitempty"` Deleted *bool `json:"deleted,omitempty"` ExternalDataReference *string `json:"external_data_reference,omitempty"` ExternalDataSet *string `json:"external_data_set,omitempty"` CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` }
A Label represents an Illumio Label.
type LabelDimension ¶
type LabelDimension struct { Href string `json:"href,omitempty"` Key string `json:"key,omitempty"` DisplayName string `json:"display_name,omitempty"` DisplayInfo *DisplayInfo `json:"display_info,omitempty"` Usage *LabelDimensionUsage `json:"usage,omitempty"` Caps *[]string `json:"caps,omitempty"` ExternalDataSet *string `json:"external_data_set,omitempty"` ExternalDataReference *string `json:"external_data_reference,omitempty"` Deleted *bool `json:"deleted,omitempty"` CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` DeletedAt string `json:"deleted_at,omitempty"` DeletedBy *Href `json:"deleted_by,omitempty"` }
type LabelDimensionUsage ¶
type LabelGroup ¶
type LabelGroup struct { Href string `json:"href,omitempty"` Name string `json:"name,omitempty"` Description *string `json:"description,omitempty"` Key string `json:"key,omitempty"` Labels *[]Label `json:"labels,omitempty"` SubGroups *[]SubGroups `json:"sub_groups,omitempty"` Usage *Usage `json:"usage,omitempty"` ExternalDataReference *string `json:"external_data_reference,omitempty"` ExternalDataSet *string `json:"external_data_set,omitempty"` }
LabelGroup represents a Label Group in the PCE.
type LabelUsage ¶
type LabelUsage struct { VirtualServer bool `json:"virtual_server"` LabelGroup bool `json:"label_group"` Ruleset bool `json:"ruleset"` StaticPolicyScopes bool `json:"static_policy_scopes"` PairingProfile bool `json:"pairing_profile"` Permission bool `json:"permission"` Workload bool `json:"workload"` ContainerWorkload bool `json:"container_workload"` FirewallCoexistenceScope bool `json:"firewall_coexistence_scope"` ContainersInheritHostPolicyScopes bool `json:"containers_inherit_host_policy_scopes"` ContainerWorkloadProfile bool `json:"container_workload_profile"` BlockedConnectionRejectScope bool `json:"blocked_connection_reject_scope"` EnforcementBoundary bool `json:"enforcement_boundary"` LoopbackInterfacesInPolicyScopes bool `json:"loopback_interfaces_in_policy_scopes"` VirtualService bool `json:"virtual_service"` }
LabelUsage shows how labels are used in the PCE LabelUsage is never created or updated
type LatestEvent ¶
type LatestEvent struct { NotificationType string `json:"notification_type"` Severity string `json:"severity"` Href string `json:"href"` Info Info `json:"info"` Timestamp time.Time `json:"timestamp"` }
A LatestEvent is for a condition LatestEvents are never created or updated.
type LoadInput ¶
type LoadInput struct { ProvisionStatus string // Must be draft or active. Blank value is draft LabelDimensions bool Labels bool LabelGroups bool IPLists bool Workloads bool WorkloadsQueryParameters map[string]string VirtualServices bool VirtualServers bool Services bool ConsumingSecurityPrincipals bool RuleSets bool VENs bool ContainerClusters bool ContainerWorkloads bool ContainerWorkloadProfiles bool EnforcementBoundaries bool Version bool AuthSecurityPrincipals bool Permissions bool Roles bool }
LoadInput tells the p.Load method what objects to load
type Notifications ¶
type Notifications struct { UUID string `json:"uuid"` NotificationType string `json:"notification_type"` Info *Info `json:"info"` }
Notifications are event notifications
type OpenServicePort ¶
type OpenServicePort struct { Address string `json:"address,omitempty"` Package string `json:"package,omitempty"` Port int `json:"port,omitempty"` ProcessName string `json:"process_name,omitempty"` Protocol int `json:"protocol,omitempty"` User string `json:"user,omitempty"` WinServiceName string `json:"win_service_name,omitempty"` }
OpenServicePorts represents open ports for a service running on a workload
type Org ¶
type Org struct { Href string `json:"href"` DisplayName string `json:"display_name"` ID int `json:"org_id"` }
Org is an an organization in a SaaS PCE
type PCE ¶
type PCE struct { FriendlyName string FQDN string Port int Org int User string Key string Proxy string DisableTLSChecking bool Version Version Labels map[string]Label // Labels can be looked up by href or concatenated key and value (no character between key and value) LabelsSlice []Label LabelDimensions map[string]LabelDimension // LabelDimensions can be looked up by href or key LabelDimensionsSlice []LabelDimension LabelGroups map[string]LabelGroup // Label Groups can be looked up by href or name LabelGroupsSlice []LabelGroup IPLists map[string]IPList // IP Lists can be looked up by href or name IPListsSlice []IPList Workloads map[string]Workload // Workloads can be looked up by href, hostname, name, or concatenated external dataset and reference (no character between) WorkloadsSlice []Workload VirtualServices map[string]VirtualService // VirtualServices can be looked up by href or name VirtualServicesSlice []VirtualService VirtualServers map[string]VirtualServer // VirtualServers can be looked up by href or name VirtualServersSlice []VirtualServer Services map[string]Service // Services can be looked up by href or name ServicesSlice []Service ConsumingSecurityPrincipals map[string]ConsumingSecurityPrincipals // ConsumingSecurityPrincipals can be loooked up by href or name ConsumingSecurityPrincipalsSlice []ConsumingSecurityPrincipals RuleSets map[string]RuleSet // RuleSets can be looked up by href or name RuleSetsSlice []RuleSet VENs map[string]VEN // VENs can be looked up by href or name VENsSlice []VEN ContainerClusters map[string]ContainerCluster ContainerClustersSlice []ContainerCluster ContainerWorkloads map[string]Workload ContainerWorkloadsSlice []Workload ContainerWorkloadProfiles map[string]ContainerWorkloadProfile ContainerWorkloadProfilesSlice []ContainerWorkloadProfile EnforcementBoundaries map[string]EnforcementBoundary EnforcementBoundariesSlice []EnforcementBoundary PermissionsSlice []Permission Permissions map[string]Permission AuthSecurityPrincipalsSlices []AuthSecurityPrincipal AuthSecurityPrincipals map[string]AuthSecurityPrincipal Roles map[string]Role RolesSlice []Role }
PCE represents an Illumio PCE. All API calls are methods on the PCE. Each policy object is a map for lookups by various identifiers (href, name, etc.) so the length of the map will be some multiple of the total number of objects. There is also a slice for each object.
func (*PCE) BulkVS ¶
func (p *PCE) BulkVS(virtualServices []VirtualService, method string, stdoutLogs bool) ([]APIResponse, error)
BulkVS takes a bulk action on an array of workloads. Method must be create, update, or delete
func (*PCE) BulkWorkload ¶
func (p *PCE) BulkWorkload(workloads []Workload, method string, stdoutLogs bool) ([]APIResponse, error)
BulkWorkload takes a bulk action on an array of workloads. Method must be create, update, or delete
func (*PCE) CreateADUserGroup ¶
func (p *PCE) CreateADUserGroup(group ConsumingSecurityPrincipals) (createdGroup ConsumingSecurityPrincipals, api APIResponse, err error)
CreateADUserGroup creates a user group policy object in the PCE
func (*PCE) CreateAsyncTrafficRequest ¶
func (p *PCE) CreateAsyncTrafficRequest(t TrafficAnalysisRequest) (asyncQuery AsyncTrafficQuery, api APIResponse, err error)
CreateAsyncTrafficRequest makes a traffic request and returns the async query to look up later
func (*PCE) CreateAuthSecurityPrincipal ¶
func (p *PCE) CreateAuthSecurityPrincipal(authSecPrincipal AuthSecurityPrincipal) (createdAuthSecPrincipal AuthSecurityPrincipal, api APIResponse, err error)
CreateAuthSecurityPrincipal creates a new authorized security principal in the PCE.
func (*PCE) CreateEnforcementBoundary ¶
func (p *PCE) CreateEnforcementBoundary(eb EnforcementBoundary) (createdEB EnforcementBoundary, api APIResponse, err error)
CreateEnforcementBoundary creates a new enforcement boundary in the Illumio PCE
func (*PCE) CreateFlowFilter ¶
func (p *PCE) CreateFlowFilter(flowFilter FlowFilter) (createdFlowFilter FlowFilter, api APIResponse, err error)
CreateLabel creates a new Label in the PCE.
func (*PCE) CreateIPList ¶
func (p *PCE) CreateIPList(ipList IPList) (createdIPL IPList, api APIResponse, err error)
CreateIPList creates a new IP List in the PCE.
func (*PCE) CreateLabel ¶
func (p *PCE) CreateLabel(label Label) (createdLabel Label, api APIResponse, err error)
CreateLabel creates a new Label in the PCE.
func (*PCE) CreateLabelDimension ¶
func (p *PCE) CreateLabelDimension(labelDimension LabelDimension) (createdLabelDimension LabelDimension, api APIResponse, err error)
CreateLabelDimensions creates a new label dimension in the PCE.
func (*PCE) CreateLabelGroup ¶
func (p *PCE) CreateLabelGroup(labelGroup LabelGroup) (createdLabelGroup LabelGroup, api APIResponse, err error)
CreateLabelGroup creates a new label group in the PCE.
func (*PCE) CreatePairingKey ¶
func (p *PCE) CreatePairingKey(pairingProfile PairingProfile) (pairingKey PairingKey, api APIResponse, err error)
CreatePairingKey creates a pairing key from a pairing profile.
func (*PCE) CreatePairingProfile ¶
func (p *PCE) CreatePairingProfile(pairingProfile PairingProfile) (createdPairingProfile PairingProfile, api APIResponse, err error)
CreatePairingProfile creates a new pairing profile in the PCE.
func (*PCE) CreatePermission ¶
func (p *PCE) CreatePermission(permission Permission) (createdPermission Permission, api APIResponse, err error)
CreatePermission creates a new authorized security principal in the PCE.
func (*PCE) CreateRule ¶
func (p *PCE) CreateRule(rulesetHref string, rule Rule) (createdRule Rule, api APIResponse, err error)
CreateRule creates a new rule in the PCE.
func (*PCE) CreateRuleset ¶
func (p *PCE) CreateRuleset(rs RuleSet) (createdRS RuleSet, api APIResponse, err error)
CreateRuleSet creates a new ruleset in the PCE.
func (*PCE) CreateService ¶
func (p *PCE) CreateService(service Service) (createdService Service, api APIResponse, err error)
CreateService creates a new service in the PCE.
func (*PCE) CreateServiceBinding ¶
func (p *PCE) CreateServiceBinding(serviceBindings []ServiceBinding) (createdServiceBindings []ServiceBinding, api APIResponse, err error)
CreateServiceBinding binds new workloads to a virtual service
func (*PCE) CreateTrafficRequest ¶
func (p *PCE) CreateTrafficRequest(t TrafficAnalysisRequest) (returnedTraffic []TrafficAnalysis, api APIResponse, err error)
CreateTrafficRequest makes a traffic request and waits for the results
func (*PCE) CreateTrafficRequestCsv ¶
func (p *PCE) CreateTrafficRequestCsv(t TrafficAnalysisRequest, draftResults bool) (returnedTraffic [][]string, api APIResponse, err error)
CreateTrafficRequest makes a traffic request and waits for the results
func (*PCE) CreateVirtualService ¶
func (p *PCE) CreateVirtualService(virtualService VirtualService) (createdVirtualService VirtualService, api APIResponse, err error)
CreateVirtualService creates a new virtual service in the Illumio PCE.
func (*PCE) CreateWkld ¶
func (p *PCE) CreateWkld(wkld Workload) (createdWkld Workload, api APIResponse, err error)
CreateWkld creates a new unmanaged workload in the Illumio PCE
func (*PCE) DeleteEnforcementBoundary ¶
func (p *PCE) DeleteEnforcementBoundary(eb EnforcementBoundary) (APIResponse, error)
DeleteEnforcementBoundary removes an enforcement boundary from the PCE. The provided enforcement boundary object must include an Href.
func (*PCE) DeleteHref ¶
func (p *PCE) DeleteHref(href string) (APIResponse, error)
DeleteHref deletes an existing object in the PCE based on its href.
func (*PCE) ExpandLabelGroup ¶
ExpandLabelGroup returns a string of label hrefs in a label group Every subgroup (and nested subgroup) is expanded
func (*PCE) FindObject ¶
FindObject takes an href and returns what it is and the name
func (*PCE) GetADUserGroups ¶
func (p *PCE) GetADUserGroups(queryParameters map[string]string) (api APIResponse, err error)
GetADUserGroups returns a slice of AD user groups from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetAllAPIKeys ¶
func (p *PCE) GetAllAPIKeys(userHref string) ([]APIKey, APIResponse, error)
GetAllAPIKeys gets all the APIKeys associated with a user
func (*PCE) GetAsyncQueries ¶
func (p *PCE) GetAsyncQueries(queryParameters map[string]string) (asyncQueries []AsyncTrafficQuery, api APIResponse, err error)
func (*PCE) GetAsyncQueryResults ¶
func (p *PCE) GetAsyncQueryResults(aq AsyncTrafficQuery) (returnedTraffic []TrafficAnalysis, api APIResponse, err error)
func (*PCE) GetAsyncQueryResultsCsv ¶
func (p *PCE) GetAsyncQueryResultsCsv(aq AsyncTrafficQuery, draftPolicy bool) (csvData [][]string, api APIResponse, err error)
func (*PCE) GetAuthSecurityPrincipal ¶
func (p *PCE) GetAuthSecurityPrincipal(queryParameters map[string]string) (api APIResponse, err error)
GetAuthSecurityPrincipalermissions returns a slice of AuthSecurityPrincipals from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetCollection ¶
func (p *PCE) GetCollection(endpoint string, async bool, queryParameters map[string]string, response interface{}) (APIResponse, error)
GetCollection returns a collection of Illumio objects GetCollection uses a single header of Content-Type:application/json To customize the header, use GetCollectionHeaders
func (*PCE) GetCollectionHeaders ¶
func (p *PCE) GetCollectionHeaders(endpoint string, async bool, queryParameters, headers map[string]string, response interface{}) (APIResponse, error)
GetCollectionHeaders returns a collection of Illumio objects and allows for customizing headers of HTTP request
func (*PCE) GetCompatibilityReport ¶
func (p *PCE) GetCompatibilityReport(w Workload) (cr CompatibilityReport, api APIResponse, err error)
GetCompatibilityReport returns the compatibility report for a VEN
func (*PCE) GetContainerClusters ¶
func (p *PCE) GetContainerClusters(queryParameters map[string]string) (api APIResponse, err error)
GetContainerClusters returns a slice of ContainerCluster in the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetContainerWkldProfiles ¶
func (p *PCE) GetContainerWkldProfiles(queryParameters map[string]string, containerClusterID string) (api APIResponse, err error)
GetContainerWkldProfiles returns a slice of container workload profiles from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetContainerWklds ¶
func (p *PCE) GetContainerWklds(queryParameters map[string]string) (api APIResponse, err error)
GetContainerWklds returns a slice of container workloads from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetEnforcementBoundaries ¶
func (p *PCE) GetEnforcementBoundaries(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
GetEnforcementBoundaries returns a slice of enforcement boundaries from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetEnforcementBoundaryByHref ¶
func (p *PCE) GetEnforcementBoundaryByHref(href string) (eb EnforcementBoundary, api APIResponse, err error)
GetEnforcementBoundaryByHref returns the enforcement boundary with the specified HREF
func (*PCE) GetEvents ¶
func (p *PCE) GetEvents(queryParameters map[string]string) (events []Event, api APIResponse, err error)
GetEvents returns a slice of events from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetHref ¶
func (p *PCE) GetHref(href string, response interface{}) (APIResponse, error)
GetHref returns the Illumio object with a specific href
func (*PCE) GetIPListByName ¶
GetIPListByName queries returns the IP List based on name. A blank IP List is return if no exact match. This method leverages GetIPLists. Any matching named IP lists will be stored in the PCE object.
func (*PCE) GetIPLists ¶
func (p *PCE) GetIPLists(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
GetIPLists returns a slice of IP lists from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetLabelByHref ¶
func (p *PCE) GetLabelByHref(href string) (Label, APIResponse, error)
GetLabelbyHref returns a label based on the provided HREF.
func (*PCE) GetLabelByKeyValue ¶
func (p *PCE) GetLabelByKeyValue(key, value string) (Label, APIResponse, error)
GetLabelByKeyValue finds a label based on the key and value. A blank label is return if no exact match. This method uses GetLabels so the PCE label maps and slices will be updated with all labels matching the criteria. Only exact label is returned.
func (*PCE) GetLabelDimensions ¶
func (p *PCE) GetLabelDimensions(queryParameters map[string]string) (api APIResponse, err error)
GetLabelDimensions returns a slice of label tpes from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetLabelGroups ¶
func (p *PCE) GetLabelGroups(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
GetLabelGroups returns a slice of label groups from the PCE. pStatus must be "draft" or "active" queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetLabels ¶
func (p *PCE) GetLabels(queryParameters map[string]string) (api APIResponse, err error)
GetLabels returns a slice of labels from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetPairingProfiles ¶
func (p *PCE) GetPairingProfiles(queryParameters map[string]string) (pairingProfiles []PairingProfile, api APIResponse, err error)
GetPairingProfiles returns a slice of pairing profiles from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetPendingChanges ¶
func (p *PCE) GetPendingChanges() (cs ChangeSubset, api APIResponse, err error)
GetPending returns a slice of pending changes from the PCE.
func (*PCE) GetPermissions ¶
func (p *PCE) GetPermissions(queryParameters map[string]string) (api APIResponse, err error)
GetPermissions returns a slice of permissions from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetRoles ¶
func (p *PCE) GetRoles(queryParameters map[string]string) (api APIResponse, err error)
GetRoles returns a slice of roles from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetRuleByHref ¶
func (p *PCE) GetRuleByHref(href string) (rule Rule, api APIResponse, err error)
GetRuleByHref returns the rule with a specific href
func (*PCE) GetRulesetByHref ¶
func (p *PCE) GetRulesetByHref(href string) (ruleset RuleSet, api APIResponse, err error)
GetRulesetByHref returns the rule with a specific href
func (*PCE) GetRulesets ¶
func (p *PCE) GetRulesets(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
GetRulesets returns a slice of rulesets from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetServiceBindings ¶
func (p *PCE) GetServiceBindings(queryParameters map[string]string) (serviceBindings []ServiceBinding, api APIResponse, err error)
GetServiceBindings returns a slice of service bindings from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetServices ¶
func (p *PCE) GetServices(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
GetServices returns a slice of IP lists from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetTrafficAnalysis ¶
func (p *PCE) GetTrafficAnalysis(q TrafficQuery) (returnedTraffic []TrafficAnalysis, api APIResponse, err error)
GetTrafficAnalysis gets flow data from Explorer.
func (*PCE) GetTrafficAnalysisCsv ¶
func (p *PCE) GetTrafficAnalysisCsv(q TrafficQuery, draftResults bool) (returnedTraffic [][]string, api APIResponse, err error)
GetTrafficAnalysisCsv gets flow data from Explorer in CSV Format.
func (*PCE) GetVenByHostname ¶
func (p *PCE) GetVenByHostname(hostname string) (VEN, APIResponse, error)
GetVenByHostname gets a VEN by the hostname Returns a blank VEN if no exact matches Uses GetVens so PCE VEN map and slice will be cleared.
func (*PCE) GetVenByHref ¶
func (p *PCE) GetVenByHref(href string) (ven VEN, api APIResponse, err error)
GetVenByHref returns the VEN with a specific href
func (*PCE) GetVens ¶
func (p *PCE) GetVens(queryParameters map[string]string) (api APIResponse, err error)
GetVens returns a slice of VENs from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value" The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetVersion ¶
func (p *PCE) GetVersion() (version Version, api APIResponse, err error)
GetVersion returns the version of the PCE
func (*PCE) GetVirtualServers ¶
func (p *PCE) GetVirtualServers(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
GetVirtualServers returns a slice of IP lists from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetVirtualServiceByHref ¶
func (p *PCE) GetVirtualServiceByHref(href string) (virtualService VirtualService, api APIResponse, err error)
GetVirtualServiceByHref returns the virtualservice with a specific href
func (*PCE) GetVirtualServiceByName ¶
func (p *PCE) GetVirtualServiceByName(name string, pStatus string) (VirtualService, APIResponse, error)
GetVirtualServiceByName returns the virtual service based on name. Uses GetVirtualServices for virtual services slices and maps are replaced. A blank virtual service is return if no exact match.
func (*PCE) GetVirtualServices ¶
func (p *PCE) GetVirtualServices(queryParameters map[string]string, pStatus string) (api APIResponse, err error)
GetVirtualServices returns a slice of IP lists from the PCE. pStatus must be "draft" or "active". queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetVulnReports ¶
func (p *PCE) GetVulnReports(queryParameters map[string]string) (vulnReports []VulnerabilityReport, api APIResponse, err error)
GetVulnReports returns a slice of vulnerabilities from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetVulns ¶
func (p *PCE) GetVulns(queryParameters map[string]string) (vulns []Vulnerability, api APIResponse, err error)
GetVulns returns a slice of vulnerabilities from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value". The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetWkldByHostname ¶
func (p *PCE) GetWkldByHostname(hostname string) (wkld Workload, api APIResponse, err error)
GetWkldByHostname gets a workload based on the hostname. GetWkldByBostname calls GetWklds which will replace the workload slice and maps An empty workload is returned if there is no exact match.
func (*PCE) GetWkldByHref ¶
func (p *PCE) GetWkldByHref(href string) (wkld Workload, api APIResponse, err error)
GetWkldByHref returns the workload with a specific href
func (*PCE) GetWklds ¶
func (p *PCE) GetWklds(queryParameters map[string]string) (api APIResponse, err error)
GetWklds returns a slice of workloads from the PCE. queryParameters can be used for filtering in the form of ["parameter"]="value" The first API call to the PCE does not use the async option. If the slice length is >=500, it re-runs with async.
func (*PCE) GetWkldsByHrefList ¶
func (p *PCE) GetWkldsByHrefList(hrefs []string, single bool) (apiResps []APIResponse, err error)
Get workloads by href list Entries that do not contain "/orgs/" will be skipped. Single makes individual calls for each workload
func (*PCE) IncreaseTrafficUpdateRate ¶
func (p *PCE) IncreaseTrafficUpdateRate(wklds []Workload) (APIResponse, error)
IncreaseTrafficUpdateRate increases the VEN traffic update rate
func (*PCE) Login ¶
func (p *PCE) Login(user, password, loginServer string) (UserLogin, []APIResponse, error)
Login authenticates to the PCE. Login will populate the User, Key, and Org fields in the PCE instance. Login will use a temporary session token that expires after 10 minutes. Login server is usually be "". Specify when needed. You can also use ILLUMIO_LOGIN_SERVER environment variable.
func (*PCE) LoginAPIKey ¶
func (p *PCE) LoginAPIKey(user, password, name, desc, loginServer string) (UserLogin, []APIResponse, error)
LoginAPIKey authenticates to the PCE. Login will populate the User, Key, and Org fields in the PCE instance. LoginAPIKey will create a permanent API Key with the provided name and description fields. Login server is usually be "". Specify when needed. You can also use ILLUMIO_LOGIN_SERVER environment variable.
func (*PCE) Post ¶
func (p *PCE) Post(endpoint string, object, createdObject interface{}) (api APIResponse, err error)
Post sends a POST request to the PCE
func (*PCE) ProvisionCS ¶
func (p *PCE) ProvisionCS(cs ChangeSubset, comment string) (api APIResponse, err error)
ProvisionCS provisions a ChangeSubset
func (*PCE) ProvisionHref ¶
func (p *PCE) ProvisionHref(hrefs []string, comment string) (APIResponse, error)
ProvisionHref provisions a slice of HREFs
func (*PCE) Put ¶
func (p *PCE) Put(object interface{}) (api APIResponse, err error)
Put sends a PUT request to the PCE. The object must include an Href field.
func (*PCE) UpdateADUserGroup ¶
func (p *PCE) UpdateADUserGroup(group ConsumingSecurityPrincipals) (APIResponse, error)
UpdateADUserGroup updates an existing AD user group in the PCE. The provided ad user group must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdateContainerWkldProfiles ¶
func (p *PCE) UpdateContainerWkldProfiles(cp ContainerWorkloadProfile) (APIResponse, error)
UpdateContainerWkldProfiles updates an existing container workload profile in the Illumio PCE The provided container workload profile struct must include an href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdateEnforcementBoundary ¶
func (p *PCE) UpdateEnforcementBoundary(eb EnforcementBoundary) (APIResponse, error)
UpdateEnforcementBoundary updates an existing enforcement boundary in the PCE. The provided enforcement boundary object must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdateIPList ¶
func (p *PCE) UpdateIPList(ipList IPList) (APIResponse, error)
UpdateIPList updates an existing IP List in the PCE. The provided IP List must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdateLabel ¶
func (p *PCE) UpdateLabel(label Label) (APIResponse, error)
UpdateLabel updates an existing label in the PCE. The provided label must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdateLabelDimension ¶
func (p *PCE) UpdateLabelDimension(labelDimension LabelDimension) (APIResponse, error)
UpdateLabelDimension updates an existing label dimension in the PCE. The provided label dimension must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdateLabelGroup ¶
func (p *PCE) UpdateLabelGroup(labelGroup LabelGroup) (APIResponse, error)
UpdateLabelGroup updates an existing label group in the PCE. The provided label group must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdatePermission ¶
func (p *PCE) UpdatePermission(permission Permission) (APIResponse, error)
UpdatePermission updates an existing permission in the PCE. The provided permission must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdateRule ¶
func (p *PCE) UpdateRule(rule Rule) (APIResponse, error)
UpdateRule updates an existing rule in the PCE. The provided rule must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdateRuleset ¶
func (p *PCE) UpdateRuleset(ruleset RuleSet) (APIResponse, error)
UpdateRuleset updates an existing ruleset in the PCE. The provided ruleset must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdateService ¶
func (p *PCE) UpdateService(service Service) (APIResponse, error)
UpdateService updates an existing service object in the Illumio PCE
func (*PCE) UpdateVen ¶
func (p *PCE) UpdateVen(ven VEN) (api APIResponse, err error)
UpdateVEN updates an existing ven in the Illumio PCE The provided ven struct must include an href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdateVirtualService ¶
func (p *PCE) UpdateVirtualService(virtualService VirtualService) (APIResponse, error)
UpdateVirtualService updates an existing virtual service in the PCE. The provided virtual service must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpdateWkld ¶
func (p *PCE) UpdateWkld(workload Workload) (APIResponse, error)
UpdateWorkload updates an existing workload in the Illumio PCE The provided workload struct must include an Href. Properties that cannot be included in the PUT method will be ignored.
func (*PCE) UpgradeVENs ¶
func (p *PCE) UpgradeVENs(vens []VEN, release string) (resp VenUpgradeResponse, api APIResponse, err error)
func (*PCE) UploadTraffic ¶
func (p *PCE) UploadTraffic(filename string, headerLine bool) (UploadFlowResults, error)
UploadTraffic uploads a csv to the PCE with traffic flows. filename should be the path to a csv file with 4 cols: src_ip, dst_ip, port, protocol (IANA numerical format 6=TCP, 17=UDP) When headerLine = true, the first line of the CSV is skipped. If there are more than 999 entries in the CSV, it creates chunks of 999
func (*PCE) VensUnpair ¶
func (p *PCE) VensUnpair(vens []VEN, restore string) ([]APIResponse, error)
VensUnpair unpairs workloads. There is no limit to the length of []Workloads. The method chunks the API calls into groups of 1,000 to conform to the Illumio API.
func (*PCE) WorkloadQueryLabelParameter ¶
func (p *PCE) WorkloadQueryLabelParameter(labelSlices [][]string) (queryParameter string, err error)
WorkloadQueryLabelParameter takes [][]string (example for after parsing a CSV). The first slice must be the label key headers (e.g., role, app, env, bu, etc.) Returns the query parameter for those labels. Each inner slice is an "AND" query The slices are put together using "OR" The PCE must be loaded with the labels
func (*PCE) WorkloadUpgrade ¶
func (p *PCE) WorkloadUpgrade(wkldHref, targetVersion string) (APIResponse, error)
WorkloadUpgrade upgrades the VEN version on the workload
func (*PCE) WorkloadsUnpair ¶
func (p *PCE) WorkloadsUnpair(wklds []Workload, restore string) ([]APIResponse, error)
WorkloadsUnpair unpairs workloads. There is no limit to the length of []Workloads. The method chunks the API calls into groups of 1,000 to conform to the Illumio API.
type PairingKey ¶
type PairingKey struct {
ActivationCode string `json:"activation_code,omitempty"`
}
PairingKey represents a VEN pairing key
type PairingProfile ¶
type PairingProfile struct { Href string `json:"href,omitempty"` Name string `json:"name,omitempty"` VenType string `json:"ven_type,omitempty"` Description *string `json:"description,omitempty"` IsDefault *bool `json:"is_default,omitempty"` Enabled *bool `json:"enabled,omitempty"` Mode string `json:"mode,omitempty"` VisibilityLevel string `json:"visibility_level,omitempty"` Labels *[]Label `json:"labels,omitempty"` AllowedUsesPerKey string `json:"allowed_uses_per_key,omitempty"` LogTraffic *bool `json:"log_traffic,omitempty"` AppLabelLock *bool `json:"app_label_lock,omitempty"` EnvLabelLock *bool `json:"env_label_lock,omitempty"` LocLabelLock *bool `json:"loc_label_lock,omitempty"` RoleLabelLock *bool `json:"role_label_lock,omitempty"` ModeLock *bool `json:"mode_lock,omitempty"` VisibilityLevelLock *bool `json:"visibility_level_lock,omitempty"` LogTrafficLock *bool `json:"log_traffic_lock,omitempty"` KeyLifespan string `json:"key_lifespan,omitempty"` TotalUseCount int `json:"total_use_count,omitempty"` ExternalDataReference *string `json:"external_data_reference,omitempty"` ExternalDataSet *string `json:"external_data_set,omitempty"` LastPairingAt string `json:"last_pairing_at,omitempty"` CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` }
PairingProfile is a pairing profile in PCE.
type Permission ¶
type Permission struct { Href string `json:"href,omitempty"` Role *Role `json:"role,omitempty"` Scope *[]Scopes `json:"scope,omitempty"` AuthSecurityPrincipal *AuthSecurityPrincipal `json:"auth_security_principal,omitempty"` }
type PortOverrides ¶
type PortOverrides struct { Port int `json:"port"` Proto int `json:"proto"` NewPort int `json:"new_port"` }
PortOverrides override a port on a virtual service binding.
type PortProtos ¶
type PortProtos struct { Include []IncludeOrExclude `json:"include"` Exclude []IncludeOrExclude `json:"exclude"` }
PortProtos represents the ports and protocols query portion of the exporer API
type Provision ¶
type Provision struct { ChangeSubset *ChangeSubset `json:"change_subset,omitempty"` UpdateDescription string `json:"update_description,omitempty"` }
Provision is sent to the PCE to provision policy objects
type QualifyTest ¶
type QualifyTest struct { Status string `json:"status"` IpsecServiceEnabled interface{} `json:"ipsec_service_enabled"` Ipv4ForwardingEnabled interface{} `json:"ipv4_forwarding_enabled"` Ipv4ForwardingPktCnt interface{} `json:"ipv4_forwarding_pkt_cnt"` IptablesRuleCnt interface{} `json:"iptables_rule_cnt"` Ipv6GlobalScope interface{} `json:"ipv6_global_scope"` Ipv6ActiveConnCnt interface{} `json:"ipv6_active_conn_cnt"` IP6TablesRuleCnt interface{} `json:"ip6tables_rule_cnt"` RoutingTableConflict interface{} `json:"routing_table_conflict"` IPv6Enabled interface{} `json:"IPv6_enabled"` UnwantedNics interface{} `json:"Unwanted_nics"` GroupPolicy interface{} `json:"Group_policy"` RequiredPackagesInstalled interface{} `json:"required_packages_installed"` RequiredPackagesMissing *[]string `json:"required_packages_missing"` }
A QualifyTest is a test run by the compatibility check
type Ransomware ¶
type RegionsItems ¶
type RegionsItems struct { FlowsCount int `json:"flows_count,omitempty"` // region result count after query limits and RBAC filtering are applied MatchesCount int `json:"matches_count,omitempty"` // region query result count PceFqdn string `json:"pce_fqdn"` // fqdn of PCE region Responded bool `json:"responded"` // supercluster region responded with query results }
RegionsItems
type ResolveLabelsAs ¶
type ResolveLabelsAs struct { Consumers *[]string `json:"consumers"` Providers *[]string `json:"providers"` }
ResolveLabelsAs - more info to follow
type ResourceChanges ¶
type Restriction ¶
type Restriction struct { Href string `json:"href,omitempty"` Value string `json:"value,omitempty"` }
Restriction is used for container workload profile labels
type Results ¶
type Results struct {
QualifyTests *[]QualifyTest `json:"qualify_tests"`
}
Results contain a lists of compatibility report qualifying tests
type RiskDetail ¶
type RiskDetail struct {
Ransomware *Ransomware `json:"ransomware,omitempty"`
}
type RiskSummary ¶
type RiskSummary struct {
Ransomware WkldRansomware `json:"ransomware,omitempty"`
}
type Rule ¶
type Rule struct { Href string `json:"href,omitempty"` Description *string `json:"description,omitempty"` Enabled *bool `json:"enabled,omitempty"` Consumers *[]ConsumerOrProvider `json:"consumers,omitempty"` Providers *[]ConsumerOrProvider `json:"providers,omitempty"` ConsumingSecurityPrincipals *[]ConsumingSecurityPrincipals `json:"consuming_security_principals,omitempty"` IngressServices *[]IngressServices `json:"ingress_services,omitempty"` SecConnect *bool `json:"sec_connect,omitempty"` Stateless *bool `json:"stateless,omitempty"` MachineAuth *bool `json:"machine_auth,omitempty"` UnscopedConsumers *bool `json:"unscoped_consumers,omitempty"` ResolveLabelsAs *ResolveLabelsAs `json:"resolve_labels_as,omitempty"` UseWorkloadSubnets *[]string `json:"use_workload_subnets,omitempty"` NetworkType string `json:"network_type,omitempty"` // ["brn", "non_brn", "all"] ExternalDataReference *string `json:"external_data_reference,omitempty"` ExternalDataSet *string `json:"external_data_set,omitempty"` CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` DeletedAt string `json:"deleted_at,omitempty"` DeletedBy *Href `json:"deleted_by,omitempty"` UpdateType string `json:"update_type,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` }
Rule - more info to follow
func (*Rule) GetRulesetHref ¶
GetRulesetHref returns the href of a ruleset based on the rule's href
type RuleSet ¶
type RuleSet struct { Href string `json:"href,omitempty"` Name string `json:"name,omitempty"` Description *string `json:"description,omitempty"` Scopes *[][]Scopes `json:"scopes,omitempty"` Enabled *bool `json:"enabled,omitempty"` Rules *[]Rule `json:"rules,omitempty"` IPTablesRules *[]IPTablesRules `json:"ip_tables_rules,omitempty"` ExternalDataReference *string `json:"external_data_reference,omitempty"` ExternalDataSet *string `json:"external_data_set,omitempty"` UpdateType string `json:"update_type,omitempty"` CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` DeletedAt string `json:"deleted_at,omitempty"` DeletedBy *Href `json:"deleted_by,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` }
RuleSet - more info to follow
type Scopes ¶
type Scopes struct { Label *Label `json:"label,omitempty"` LabelGroup *LabelGroup `json:"label_group,omitempty"` }
Scopes - more info to follow
type SecureConnect ¶
type SecureConnect struct {
MatchingIssuerName string `json:"matching_issuer_name,omitempty"`
}
SecureConnect represents SecureConnect for an Agent on a Workload
type SecureConnectGateways ¶
type SecureConnectGateways struct {
Href string `json:"href"`
}
SecureConnectGateways represent SecureConnectGateways in provisioning
type Service ¶
type Service struct { Href string `json:"href,omitempty"` Name string `json:"name"` Description string `json:"description,omitempty"` ProcessName string `json:"process_name,omitempty"` ServicePorts *[]ServicePort `json:"service_ports,omitempty"` WindowsServices *[]WindowsService `json:"windows_services,omitempty"` ExternalDataReference *string `json:"external_data_reference,omitempty"` ExternalDataSet *string `json:"external_data_set,omitempty"` UpdateType string `json:"update_type,omitempty"` CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` DeletedAt string `json:"deleted_at,omitempty"` DeletedBy *Href `json:"deleted_by,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` RiskDetails *RiskDetail `json:"risk_details,omitempty"` }
Service represent a service in the PCE
func (*Service) ParseService ¶
ParseService returns a slice of WindowsServices and ServicePorts from an Illumio service object
func (*Service) ToExplorer ¶
func (s *Service) ToExplorer() ([]IncludeOrExclude, []IncludeOrExclude)
ToExplorer takes a service and returns an explorer query include and exclude
type ServiceAddresses ¶
type ServiceAddresses struct { IP string `json:"ip,omitempty"` Network *Network `json:"network,omitempty"` Fqdn string `json:"fqdn,omitempty"` Description string `json:"description,omitempty"` }
ServiceAddresses are FQDNs for Virtual Services
type ServiceBinding ¶
type ServiceBinding struct { Href string `json:"href,omitempty"` VirtualService *VirtualService `json:"virtual_service"` Workload *Workload `json:"workload"` PortOverrides *[]PortOverrides `json:"port_overrides,omitempty"` }
A ServiceBinding binds a worklad to a Virtual Service
type ServicePort ¶
type ServicePort struct { IcmpCode int `json:"icmp_code,omitempty"` IcmpType int `json:"icmp_type,omitempty"` ID int `json:"id,omitempty"` Port *int `json:"port,omitempty"` // Pointer for 0 value Protocol int `json:"proto,omitempty"` ToPort int `json:"to_port,omitempty"` }
ServicePort represent port and protocol information for a non-Windows service
type Src ¶
type Src struct { IP string `json:"ip"` Workload *Workload `json:"workload,omitempty"` FQDN string `json:"fqdn,omitempty"` IPLists *[]*IPList `json:"ip_lists"` }
Src is the consumer workload details
type SrcOrDst ¶
type SrcOrDst struct { Include [][]IncludeOrExclude `json:"include"` Exclude []IncludeOrExclude `json:"exclude"` }
Sources represents the sources query portion of the explorer API
type Statements ¶
type Statements struct { ChainName string `json:"chain_name"` Parameters string `json:"parameters"` TableName string `json:"table_name"` }
Statements are part of a custom IPTables rule
type Status ¶
type Status struct { AgentHealth *[]AgentHealth `json:"agent_health,omitempty"` AgentHealthErrors *AgentHealthErrors `json:"agent_health_errors,omitempty"` AgentVersion string `json:"agent_version,omitempty"` FirewallRuleCount int `json:"firewall_rule_count,omitempty"` FwConfigCurrent bool `json:"fw_config_current,omitempty"` InstanceID string `json:"instance_id,omitempty"` LastHeartbeatOn string `json:"last_heartbeat_on,omitempty"` ManagedSince string `json:"managed_since,omitempty"` SecurityPolicyAppliedAt string `json:"security_policy_applied_at,omitempty"` SecurityPolicyReceivedAt string `json:"security_policy_received_at,omitempty"` SecurityPolicyRefreshAt string `json:"security_policy_refresh_at,omitempty"` SecurityPolicySyncState string `json:"security_policy_sync_state,omitempty"` Status string `json:"status,omitempty"` UID string `json:"uid,omitempty"` UptimeSeconds int `json:"uptime_seconds,omitempty"` }
Status represents the Status of an Agent on a Workload
type Target ¶
type Target struct { Proto int `json:"proto,omitempty"` SrcIP string `json:"src_ip,omitempty"` SrcPort int `json:"src_port,omitempty"` DestIP string `json:"dst_ip,omitempty"` DstPort int `json:"dst_port,omitempty"` }
Target is part of the collector flow filter
type TimestampRange ¶
type TimestampRange struct { FirstDetected string `json:"first_detected"` LastDetected string `json:"last_detected"` }
TimestampRange is used to limit queries ranges for the flow detected
type TrafficAnalysis ¶
type TrafficAnalysis struct { Dst *Dst `json:"dst"` NumConnections float64 `json:"num_connections"` PolicyDecision string `json:"policy_decision"` ExpSrv *ExpSrv `json:"service"` Src *Src `json:"src"` TimestampRange *TimestampRange `json:"timestamp_range"` Transmission string `json:"transmission"` }
TrafficAnalysis represents the response from the explorer API
func DedupeExplorerTraffic ¶
func DedupeExplorerTraffic(first, second []TrafficAnalysis) []TrafficAnalysis
DedupeExplorerTraffic takes two traffic responses and returns a de-duplicated result set
type TrafficAnalysisRequest ¶
type TrafficAnalysisRequest struct { QueryName *string `json:"query_name,omitempty"` //Option to send blank query name Sources *SrcOrDst `json:"sources"` Destinations *SrcOrDst `json:"destinations"` ExplorerServices *ExplorerServices `json:"services"` StartDate time.Time `json:"start_date,omitempty"` EndDate time.Time `json:"end_date,omitempty"` PolicyDecisions *[]string `json:"policy_decisions"` MaxResults int `json:"max_results,omitempty"` SourcesDestinationsQueryOp string `json:"sources_destinations_query_op,omitempty"` ExcludeWorkloadsFromIPListQuery *bool `json:"exclude_workloads_from_ip_list_query,omitempty"` }
TrafficAnalysisRequest is is to the traffic analysis POST request
type TrafficQuery ¶
type TrafficQuery struct { SourcesInclude [][]string SourcesExclude []string DestinationsInclude [][]string DestinationsExclude []string // PortProtoInclude and PortProtoExclude entries should be in the format of [port, protocol] // Example [80, 6] is Port 80 TCP. PortProtoInclude [][2]int PortProtoExclude [][2]int // PortRangeInclude and PortRangeExclude entries should be of the format [fromPort, toPort, protocol] // Example - [1000, 2000, 6] is Ports 1000-2000 TCP. PortRangeInclude [][3]int PortRangeExclude [][3]int ProcessInclude []string WindowsServiceInclude []string ProcessExclude []string WindowsServiceExclude []string StartTime time.Time EndTime time.Time PolicyStatuses []string MaxFLows int TransmissionExcludes []string // Example: []string{"broadcast", "multicast"} will only get unicast traffic QueryOperator string // Value should be "and" or "or". "and" is used by default ExcludeWorkloadsFromIPListQuery bool // The PCE UI uses a value of true by default }
TrafficQuery is the struct to be passed to the GetTrafficAnalysis function
type Unpair ¶
type Unpair struct { Workloads []Workload `json:"workloads,omitempty"` // Legacy workload endpoint IPTableRestore string `json:"ip_table_restore,omitempty"` // Legacy workload endpoint VENS []VEN `json:"vens,omitempty"` // New VEN endpoint FirewallRestore string `json:"firewall_restore,omitempty"` // New VEN endpoint }
Unpair is the payload for using the API to unpair workloads.
type UploadFlowResults ¶
type UploadFlowResults struct { FlowResps []FlowUploadResp APIResps []APIResponse TotalFlowsInCSV int }
UploadFlowResults is the struct returned to the user when using the pce.UploadTraffic() method
type Usage ¶
type Usage struct { LabelGroup bool `json:"label_group"` Rule bool `json:"rule"` Ruleset bool `json:"ruleset"` StaticPolicyScopes bool `json:"static_policy_scopes,omitempty"` }
Usage covers how a LabelGroup is used in the PCE. Usage is never created or updated.
type UserLogin ¶
type UserLogin struct { AuthUsername string `json:"auth_username,omitempty"` FullName string `json:"full_name,omitempty"` Href string `json:"href,omitempty"` InactivityExpirationMinutes int `json:"inactivity_expiration_minutes,omitempty"` LastLoginIPAddress string `json:"last_login_ip_address,omitempty"` LastLoginOn string `json:"last_login_on,omitempty"` ProductVersion *Version `json:"product_version,omitempty"` SessionToken string `json:"session_token,omitempty"` TimeZone string `json:"time_zone,omitempty"` Type string `json:"type,omitempty"` Orgs []*Org `json:"orgs,omitempty"` Username string `json:"username,omitempty"` // Added for events }
UserLogin represents a user logging in via password to get a session key
type VEN ¶
type VEN struct { Href string `json:"href,omitempty"` Name *string `json:"name,omitempty"` Description *string `json:"description,omitempty"` Hostname *string `json:"hostname,omitempty"` UID string `json:"uid,omitempty"` Status string `json:"status,omitempty"` Version string `json:"version,omitempty"` ActivationType string `json:"activation_type,omitempty"` ActivePceFqdn string `json:"active_pce_fqdn,omitempty"` TargetPceFqdn *string `json:"target_pce_fqdn,omitempty"` Workloads *[]Workload `json:"workloads,omitempty"` ContainerCluster *ContainerCluster `json:"container_cluster,omitempty"` VenType string `json:"ven_type,omitempty"` Conditions *[]Condition `json:"conditions,omitempty"` LastHeartBeatAt string `json:"last_heartbeat_at,omitempty"` }
VEN is an Illumio agent. Duplicate workload fields have been left out
func (*VEN) HoursSinceLastHeartBeat ¶
HoursSinceLastHeartBeat returns the hours since the last beat. -1 is returned for unmanaged workloads or when it cannot be calculated.
type VenUpgradeError ¶
type VenUpgradeError struct { Token string `json:"token"` Message string `json:"message"` Hrefs []string `json:"hrefs"` }
VenUpgradeError is used by VenUpgradeResponse
type VenUpgradeRequest ¶
type VenUpgradeRequest struct { VENs []VEN `json:"vens"` Release string `json:"release"` DryRun bool `json:"dry_run"` }
VenUpgradeRequest is sent to the PCE to upgrade VENs
type VenUpgradeResponse ¶
type VenUpgradeResponse struct {
VENUpgradeErrors []VenUpgradeError `json:"errors"`
}
VenUpgradeResponse is the PCE's response to a VEN upgrade request
type Version ¶
type Version struct { Version string `json:"version"` Build int `json:"build"` LongDisplay string `json:"long_display"` ShortDisplay string `json:"short_display"` EngineeringInfo string `json:"engineering_info"` ReleaseInfo string `json:"release_info,omitempty"` Major int Minor int Patch int }
Version is the PCE version Versions are never created or updated
type VirtualServer ¶
type VirtualServer struct { Href string `json:"href,omitempty"` Name string `json:"name,omitempty"` Description *string `json:"description,omitempty"` DiscoveredVirtualServer *Href `json:"discovered_virtual_server,omitempty"` DvsName string `json:"dvs_name,omitempty"` DvsIdentifier string `json:"dvs_identifier,omitempty"` Labels *[]Label `json:"labels,omitempty"` Service *Service `json:"service,omitempty"` Providers *ConsumerOrProvider `json:"providers,omitempty"` Mode string `json:"mode,omitempty"` CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` DeletedAt string `json:"deleted_at,omitempty"` DeletedBy *Href `json:"deleted_by,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` }
VirtualServer represents a VirtualServer in the PCE
type VirtualService ¶
type VirtualService struct { Href string `json:"href,omitempty"` Name string `json:"name,omitempty"` Description *string `json:"description,omitempty"` Labels *[]Label `json:"labels,omitempty"` Service *Service `json:"service,omitempty"` ServicePorts *[]ServicePort `json:"service_ports,omitempty"` ServiceAddresses *[]ServiceAddresses `json:"service_addresses,omitempty"` IPOverrides *[]string `json:"ip_overrides,omitempty"` PceFqdn string `json:"pce_fqdn,omitempty"` ApplyTo string `json:"apply_to,omitempty"` ExternalDataReference string `json:"external_data_reference,omitempty"` ExternalDataSet string `json:"external_data_set,omitempty"` UpdateType string `json:"update_type,omitempty"` CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` DeletedAt string `json:"deleted_at,omitempty"` DeletedBy *Href `json:"deleted_by,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` }
A VirtualService represents a Virtual Service in the Illumio PCE
func (*VirtualService) GetLabelByKey ¶
func (vs *VirtualService) GetLabelByKey(key string, labelMap map[string]Label) Label
GetLabelByKey returns the label object based on the provided key and label map A blank label is return if the label key is not used on the workload
func (*VirtualService) Sanitize ¶
func (vs *VirtualService) Sanitize()
Sanitize removes fields for an update
func (*VirtualService) SetActive ¶
func (vs *VirtualService) SetActive() VirtualService
SetActive changes the HREF of the Virtual Service Object to Active
type Vulnerability ¶
type Vulnerability struct { Href string `json:"href,omitempty"` Name string `json:"name,omitempty"` Description string `json:"description,omitempty"` Score int `json:"score,omitempty"` CveIds []string `json:"cve_ids,omitempty"` CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` }
Vulnerabilities are part of vulnerability maps. They are never created or updated.
type VulnerabilityReport ¶
type VulnerabilityReport struct { Href string `json:"href,omitempty"` Name string `json:"name,omitempty"` Authoritative bool `json:"authoritative,omitempty"` NumVulnerabilities int `json:"num_vulnerabilities,omitempty"` ReportType string `json:"report_type,omitempty"` ScannedIps []string `json:"scanned_ips,omitempty"` CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` }
VulnerabilityReport are part of vulnerability maps. They are never created or updated.
type VulnerabilitySummary ¶
type VulnerabilitySummary struct { NumVulnerabilities int `json:"num_vulnerabilities,omitempty"` MaxVulnerabilityScore int `json:"max_vulnerability_score,omitempty"` VulnerabilityScore int `json:"vulnerability_score,omitempty"` VulnerablePortExposure int `json:"vulnerable_port_exposure,omitempty"` VulnerablePortWideExposure VulnerablePortWideExposure `json:"vulnerable_port_wide_exposure,omitempty"` VulnerabilityExposureScore int `json:"vulnerability_exposure_score,omitempty"` }
type WindowsService ¶
type WindowsService struct { IcmpCode int `json:"icmp_code,omitempty"` IcmpType int `json:"icmp_type,omitempty"` Port *int `json:"port,omitempty"` // Pointer for 0 value ProcessName string `json:"process_name,omitempty"` Protocol int `json:"proto,omitempty"` ServiceName string `json:"service_name,omitempty"` ToPort int `json:"to_port,omitempty"` }
WindowsService represents port, protocol, and process information for a Windows service
type WkldRansomware ¶
type WkldServices ¶
type WkldServices struct { OpenServicePorts *[]OpenServicePort `json:"open_service_ports,omitempty"` UptimeSeconds int `json:"uptime_seconds,omitempty"` CreatedAt string `json:"created_at,omitempty"` }
WkldServices represent the Services running on a Workload
type Workload ¶
type Workload struct { Href string `json:"href,omitempty"` Description *string `json:"description,omitempty"` Name *string `json:"name,omitempty"` Hostname *string `json:"hostname,omitempty"` Labels *[]Label `json:"labels,omitempty"` Interfaces *[]Interface `json:"interfaces,omitempty"` IgnoredInterfaceNames *[]string `json:"ignored_interface_names,omitempty"` PublicIP *string `json:"public_ip,omitempty"` Online *bool `json:"online,omitempty"` EnforcementMode *string `json:"enforcement_mode,omitempty"` VisibilityLevel *string `json:"visibility_level,omitempty"` OsDetail *string `json:"os_detail,omitempty"` OsID *string `json:"os_id,omitempty"` Services *WkldServices `json:"services,omitempty"` DistinguishedName *string `json:"distinguished_name,omitempty"` ServicePrincipalName *string `json:"service_principal_name,omitempty"` VEN *VEN `json:"ven,omitempty"` Agent *Agent `json:"agent,omitempty"` ServiceProvider *string `json:"service_provider,omitempty"` DataCenter *string `json:"data_center,omitempty"` DataCenterZone *string `json:"data_center_zone,omitempty"` Namespace *string `json:"namespace,omitempty"` // Only used in Container Workloads VulnerabilitySummary *VulnerabilitySummary `json:"vulnerability_summary,omitempty"` RiskSummary *RiskSummary `json:"risk_summary,omitempty"` ExternalDataReference *string `json:"external_data_reference,omitempty"` ExternalDataSet *string `json:"external_data_set,omitempty"` CreatedAt string `json:"created_at,omitempty"` CreatedBy *Href `json:"created_by,omitempty"` DeleteType string `json:"delete_type,omitempty"` Deleted *bool `json:"deleted,omitempty"` DeletedAt string `json:"deleted_at,omitempty"` DeletedBy *Href `json:"deleted_by,omitempty"` UpdatedAt string `json:"updated_at,omitempty"` UpdatedBy *Href `json:"updated_by,omitempty"` }
A Workload represents a workload in the PCE
func (*Workload) ChangeLabel ¶
ChangeLabel updates a workload struct with new label href. It does not call the Illumio API to update the workload in the PCE. Use pce.UpdateWorkload() or bulk update for that. The method returns the labelMapH in case it needs to create a new label.
func (*Workload) GetAppGroup ¶
GetAppGroup returns the app group string of a workload in the format of App | Env. If the workload does not have an app or env label, "NO APP GROUP" is returned. Use GetAppGroupL to include the loc label in the app group.
func (*Workload) GetAppGroupL ¶
GetAppGroupL returns the app group string of a workload in the format of App | Env | Loc. If the workload does not have an app, env, or loc label, "NO APP GROUP" is returned. Use GetAppGroup to only use app and env in App Group.
func (*Workload) GetCIDR ¶
GetCIDR returns the CIDR Block for a workload's IP address The CIDR value is returned as a string (e.g., "/24"). If the CIDR value is not known (e.g., unmanaged workloads) it returns "NA" If the provided IP address is not attached to the workload, GetCIDR returns "NA".
func (*Workload) GetDefaultGW ¶
GetDefaultGW returns the default gateway for a workload. If the workload does not have a default gateway (many unmanaged workloads) it will return "NA"
func (*Workload) GetIPWithDefaultGW ¶
GetIPWithDefaultGW returns the IP address of the interface that has the default gateway If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"
func (*Workload) GetInterfaceName ¶
GetInterfaceName returns the interface name for a workload's IP address If the provided IP address is not attached to the workload, GetInterfaceName returns "NA".
func (*Workload) GetIsPWithDefaultGW ¶
func (*Workload) GetLabelByKey ¶
GetLabelByKey returns the label object based on the provided key and label map A blank label is return if the label key is not used on the workload
func (*Workload) GetMode ¶
GetMode returns the mode of the workloads. The returned value in 20.2 and newer PCEs will be unmanaged, idle, visibility_only, full, or selective. For visibility levels, use the w.GetVisibilityLevel() method.
The returned value in 20.1 and lower PCEs will be unmanaged, idle, build, test, enforced-no, enforced-low, enforced-high. The enforced options represent no logging, low details, and high detail.
func (*Workload) GetNetMask ¶
GetNetMask returns the netmask for a workload's IP address The value is returned as a string (e.g., "255.0.0.0") If the value is not known (e.g., unmanaged workloads) it returns "NA" If the provided IP address is not attached to the workload, GetNetMask returns "NA".
func (*Workload) GetNetMaskWithDefaultGW ¶
GetNetMaskWithDefaultGW returns the netmask of the ip address that has the default gateway If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"
func (*Workload) GetNetwork ¶
GetNetwork returns the network of a workload's IP address.
func (*Workload) GetNetworkWithDefaultGateway ¶
GetNetworkWithDefaultGateway returns the CIDR notation of the network of the interface with the default gateway. If the workload does not have a default gateway (many unmanaged workloads), it will return "NA"
func (*Workload) GetVisibilityLevel ¶
GetVisibilityLevel returns unmanaged, blocked_allowed, blocked, or off.
func (*Workload) HoursSinceLastHeartBeat ¶
HoursSinceLastHeartBeat returns the hours since the last beat. -9999 is returned for unmanaged workloads or when it cannot be calculated.
func (*Workload) SanitizeBulkUpdate ¶
func (w *Workload) SanitizeBulkUpdate()
SanitizeBulkUpdate removes the properites necessary for a bulk update
func (*Workload) SanitizePut ¶
func (w *Workload) SanitizePut()
SanitizePut removes the necessary properties to update a workload.
func (*Workload) SetMode ¶
SetMode adjusts the workload to reflect the assigned mode. Nothing is changed in the PCE. To reflect the change in the PCE use SetMode method followed by PCE.UpdateWorkload() method.
Valid options in 20.2 and newer PCEs are idle, visibility_only, full, and selective. For visibility levels, use the w.SetVisibilityLevel() method.
Valid options in 20.1 and lower PCEs are idle, build, test, enforced-no, enforced-low, enforced-high. The enforced options represent no logging, low details, and high detail.
func (*Workload) SetVisibilityLevel ¶
SetVisibilityLevel adjusts the workload to reflect the assigned visibility level. Nothing is changed in the PCE. To reflect the change in the PCE use SetVisibilityLevel method followed by PCE.UpdateWorkload() method.
Valid options in 20.2 and newer PCEs are flow_summary (blocked_allowed), flow_drops (blocked), flow_off (off), or enhanced_data_collection. The options in paranthesis are the UI values. Both are acceptable.
20.1 PCEs and lower do not use this method.
Source Files ¶
- boundaries.go
- common.go
- compatibilityreport.go
- containercluster.go
- containerworkloadprofiles.go
- crud.go
- deprecated.go
- events.go
- flowfilter.go
- helper.go
- http.go
- iplists.go
- labeldimensions.go
- labelgroups.go
- labels.go
- pairing.go
- pce.go
- protocols.go
- provisioning.go
- rulesets.go
- secprincipals.go
- services.go
- template.go
- traffic.go
- usergroup.go
- userslogin.go
- ven.go
- version.go
- virtualserver.go
- virtualservices.go
- vulnerabilities.go
- workloads.go