README
¶
go-ftd for Firepower 6.7
Go Bindings for Cisco FirePower NGFW. These bindings talk to Firepower Device Manager.
Added
This fork of Remi's code now adds the deployment API wrapper
Example
Open a Session using env vars:
params := make(map[string]string)
params["grant_type"] = "password"
params["username"] = os.Getenv("FTD_USER")
params["password"] = os.Getenv("FTD_PASSWORD")
params["debug"] = "true"
params["insecure"] = "true"
ftd, err := NewFTD(os.Getenv("FTD_HOST"), params)
if err != nil {
glog.Errorf("error: %s\n", err)
return nil, err
}
return ftd, nil
Creating a Network Object:
// Create a Network Object for a single host 1.1.1.1
n := new(NetworkObject)
n.Name = "testObj001"
n.SubType = "HOST"
n.Value = "1.1.1.1"
err = ftd.CreateNetworkObject(n, DuplicateActionReplace)
if err != nil {
glog.Errorf("error: %s\n", err)
return
}
Creating an Access Rule:
// Allow any traffic between any and network object n1 and network object group g1
a := new(AccessRule)
a.Name = "testPolicy001"
a.RuleAction = RuleActionPermit
a.EventLogAction = LogActionNone
// n1.Refence() returns a reference object of a Network Object
a.DestinationNetworks = append(a.DestinationNetworks, n1.Reference())
// g1.Refence() returns a reference object of a Network Object Group
a.DestinationNetworks = append(a.DestinationNetworks, g1.Reference())
err = ftd.CreateAccessRule(a, "default")
if err != nil {
glog.Errorf("error: %s\n", err)
return
}
Authors
- Remi Philippe - Initial work - remiphilippe
See also the list of contributors who participated in this project.
License
This project is licensed under the Apache 2 License - see the LICENSE file for details
Documentation
¶
Index ¶
- Constants
- type AccessPolicy
- type AccessRule
- type DeployObject
- type FTD
- func (f *FTD) AddToNetworkObjectGroup(g *NetworkObjectGroup, n *NetworkObject) error
- func (f *FTD) AddToPortObjectGroup(g *PortObjectGroup, p *PortObject) error
- func (f *FTD) CreateAccessRule(n *AccessRule, policy string) error
- func (f *FTD) CreateNetworkObject(n *NetworkObject, duplicateAction int) error
- func (f *FTD) CreateNetworkObjectGroup(n *NetworkObjectGroup, duplicateAction int) error
- func (f *FTD) CreateNetworkObjectGroupFromIPs(name string, ips []string, duplicateAction int) (*NetworkObjectGroup, error)
- func (f *FTD) CreateNetworkObjectsFromIPs(ips []string) ([]*NetworkObject, error)
- func (f *FTD) CreatePortObjectGroup(g *PortObjectGroup, duplicateAction int) error
- func (f *FTD) CreateTCPPortObject(p *PortObject, duplicateAction int) error
- func (f *FTD) CreateUDPPortObject(p *PortObject, duplicateAction int) error
- func (f *FTD) Delete(endpoint string) (err error)
- func (f *FTD) DeleteAccessRule(n *AccessRule) error
- func (f *FTD) DeleteFromNetworkObjectGroup(g *NetworkObjectGroup, n *NetworkObject) error
- func (f *FTD) DeleteFromPortObjectGroup(g *PortObjectGroup, p *PortObject) error
- func (f *FTD) DeleteNetworkObject(n *NetworkObject) error
- func (f *FTD) DeleteNetworkObjectByID(id string) error
- func (f *FTD) DeleteNetworkObjectGroup(n *NetworkObjectGroup) error
- func (f *FTD) DeletePortObject(p *PortObject) error
- func (f *FTD) DeletePortObjectGroup(g *PortObjectGroup) error
- func (f *FTD) Get(endpoint string, uriQuery map[string]string) (bodyText []byte, err error)
- func (f *FTD) GetAccessPolicies(limit int) ([]*AccessPolicy, error)
- func (f *FTD) GetAccessPoliciesby(filterstring string, limit int) ([]*AccessPolicy, error)
- func (f *FTD) GetAccessRules(policy string, limit int) ([]*AccessRule, error)
- func (f *FTD) GetNetworkAny() (*NetworkObject, error)
- func (f *FTD) GetNetworkObjectByID(id string) (*NetworkObject, error)
- func (f *FTD) GetNetworkObjectGroupBy(filterString string) ([]*NetworkObjectGroup, error)
- func (f *FTD) GetNetworkObjectGroups(limit int) ([]*NetworkObjectGroup, error)
- func (f *FTD) GetNetworkObjects(limit int) ([]*NetworkObject, error)
- func (f *FTD) GetPortObjectGroupBy(filterString string) ([]*PortObjectGroup, error)
- func (f *FTD) GetPortObjectGroups(limit int) ([]*PortObjectGroup, error)
- func (f *FTD) GetTCPPortObjectByID(id string) (*PortObject, error)
- func (f *FTD) GetTCPPortObjects() ([]*PortObject, error)
- func (f *FTD) GetUDPPortObjectByID(id string) (*PortObject, error)
- func (f *FTD) GetUDPPortObjects() ([]*PortObject, error)
- func (f *FTD) ModifyAccessPolicy(n *AccessPolicy, policy string) error
- func (f *FTD) Post(endpoint string, ftdReq interface{}) (bodyText []byte, err error)
- func (f *FTD) PostDeploy(n *DeployObject) error
- func (f *FTD) Put(endpoint string, ftdReq interface{}) (bodyText []byte, err error)
- func (f *FTD) UpdateNetworkObject(n *NetworkObject) error
- func (f *FTD) UpdateNetworkObjectGroup(n *NetworkObjectGroup) error
- func (f *FTD) UpdatePortObject(p *PortObject) error
- func (f *FTD) UpdatePortObjectGroup(g *PortObjectGroup) error
- type FTDError
- type FTDMessage
- type Links
- type NetworkObject
- type NetworkObjectGroup
- type Paging
- type PortObject
- type PortObjectGroup
- type ReferenceObject
Constants ¶
View Source
const ( // TypeUDPPortObject object type udp port TypeUDPPortObject string = "udpportobject" // TypeTCPPortObject object type tcp port TypeTCPPortObject string = "tcpportobject" //DuplicateActionError Error on duplicate DuplicateActionError int = 0 //DuplicateActionDoNothing Don't do anything DuplicateActionDoNothing int = 1 //DuplicateActionReplace Replace DuplicateActionReplace int = 2 //LogActionNone LOG_NONE LogActionNone string = "LOG_NONE" //LogActionFlowStart LOG_FLOW_START LogActionFlowStart string = "LOG_FLOW_START" //RuleActionPermit PERMIT RuleActionPermit string = "PERMIT" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessPolicy ¶
type AccessPolicy struct {
ReferenceObject
AccessRuleIDs []int `json:"accessRuleIDs,omitempty"`
DefaultAction struct {
Action string
EventLogAction string
IntrusionPolicy *ReferenceObject `json:"intrusionPolicy,omitempty"`
SyslogServer *ReferenceObject `json:"syslogServer,omitempty"`
Type string
}
SSLPolicy *ReferenceObject `json:"sslPolicy,omitempty"`
Rules []*ReferenceObject `json:"rules,omitempty"`
IdentityPolicySetting *ReferenceObject `json:"identityPolicySetting,omitempty"`
SecurityIntelligence *ReferenceObject `json:"securityIntelligence,omitempty"`
Links *Links `json:"links,omitempty"`
Paging *Paging `json:"paging,omitempty"`
}
AccessPolicy Access Policy Object
func (*AccessPolicy) Reference ¶
func (a *AccessPolicy) Reference() *ReferenceObject
Reference Returns a reference object
type AccessRule ¶
type AccessRule struct {
ReferenceObject
RuleID int `json:"ruleId,omitempty"`
SourceZones []*ReferenceObject `json:"sourceZones,omitempty"`
DestinationZones []*ReferenceObject `json:"destinationZones,omitempty"`
SourceNetworks []*ReferenceObject `json:"sourceNetworks,omitempty"`
DestinationNetworks []*ReferenceObject `json:"destinationNetworks,omitempty"`
SourcePorts []*ReferenceObject `json:"sourcePorts,omitempty"`
DestinationPorts []*ReferenceObject `json:"destinationPorts,omitempty"`
RuleAction string `json:"ruleAction,omitempty"`
EventLogAction string `json:"eventLogAction,omitempty"`
VLANTags []*ReferenceObject `json:"vlanTags,omitempty"`
Users []*ReferenceObject `json:"users,omitempty"`
IntrusionPolicy *ReferenceObject `json:"intrusionPolicy,omitempty"`
FilePolicy *ReferenceObject `json:"filePolicy,omitempty"`
LogFiles bool `json:"logFiles,omitempty"`
SyslogServer *ReferenceObject `json:"syslogServer,omitempty"`
Links *Links `json:"links,omitempty"`
Parent string
}
AccessRule Access Rule Object
func (*AccessRule) Reference ¶
func (a *AccessRule) Reference() *ReferenceObject
Reference Returns a reference object
type DeployObject ¶
type DeployObject struct {
ReferenceObject
Description string `json:"description,omitempty"`
StatusMessage string `json:"subType"`
CliErrorMessage string `json:"value"`
State string `json:"isSystemDefined,omitempty"`
Links *Links `json:"links,omitempty"`
}
func (*DeployObject) Reference ¶
func (n *DeployObject) Reference() *ReferenceObject
Reference Returns a reference object
type FTD ¶
type FTD struct {
// Hostname or IP address
Hostname string
// Define authorization type as password or custom
GrantType string
Insecure bool
// contains filtered or unexported fields
}
FTD struct holding the FTD object
func (*FTD) AddToNetworkObjectGroup ¶
func (f *FTD) AddToNetworkObjectGroup(g *NetworkObjectGroup, n *NetworkObject) error
AddToNetworkObjectGroup Add a Network to an Object Group
func (*FTD) AddToPortObjectGroup ¶
func (f *FTD) AddToPortObjectGroup(g *PortObjectGroup, p *PortObject) error
AddToPortObjectGroup Add a Port to an Object Group
func (*FTD) CreateAccessRule ¶
func (f *FTD) CreateAccessRule(n *AccessRule, policy string) error
CreateAccessRule Create a new access rule
func (*FTD) CreateNetworkObject ¶
func (f *FTD) CreateNetworkObject(n *NetworkObject, duplicateAction int) error
CreateNetworkObject Create a new network object
func (*FTD) CreateNetworkObjectGroup ¶
func (f *FTD) CreateNetworkObjectGroup(n *NetworkObjectGroup, duplicateAction int) error
CreateNetworkObjectGroup Create a new network object
func (*FTD) CreateNetworkObjectGroupFromIPs ¶
func (f *FTD) CreateNetworkObjectGroupFromIPs(name string, ips []string, duplicateAction int) (*NetworkObjectGroup, error)
CreateNetworkObjectGroupFromIPs Create an object group from an array of ip address. Network objects = ip.
func (*FTD) CreateNetworkObjectsFromIPs ¶
func (f *FTD) CreateNetworkObjectsFromIPs(ips []string) ([]*NetworkObject, error)
CreateNetworkObjectsFromIPs Create Network objects from an array of IP
func (*FTD) CreatePortObjectGroup ¶
func (f *FTD) CreatePortObjectGroup(g *PortObjectGroup, duplicateAction int) error
CreatePortObjectGroup Create a new port object group
func (*FTD) CreateTCPPortObject ¶
func (f *FTD) CreateTCPPortObject(p *PortObject, duplicateAction int) error
CreateTCPPortObject Creates a new TCP port
func (*FTD) CreateUDPPortObject ¶
func (f *FTD) CreateUDPPortObject(p *PortObject, duplicateAction int) error
CreateUDPPortObject Creates a new UDP port
func (*FTD) DeleteAccessRule ¶
func (f *FTD) DeleteAccessRule(n *AccessRule) error
DeleteAccessRule Delete an access rule
func (*FTD) DeleteFromNetworkObjectGroup ¶
func (f *FTD) DeleteFromNetworkObjectGroup(g *NetworkObjectGroup, n *NetworkObject) error
DeleteFromNetworkObjectGroup Deletes a Network to an Object Group
func (*FTD) DeleteFromPortObjectGroup ¶
func (f *FTD) DeleteFromPortObjectGroup(g *PortObjectGroup, p *PortObject) error
DeleteFromPortObjectGroup Deletes a Port from an Object Group
func (*FTD) DeleteNetworkObject ¶
func (f *FTD) DeleteNetworkObject(n *NetworkObject) error
DeleteNetworkObject Delete a network object
func (*FTD) DeleteNetworkObjectByID ¶
DeleteNetworkObjectByID Delete a network object
func (*FTD) DeleteNetworkObjectGroup ¶
func (f *FTD) DeleteNetworkObjectGroup(n *NetworkObjectGroup) error
DeleteNetworkObjectGroup Delete a network object
func (*FTD) DeletePortObject ¶
func (f *FTD) DeletePortObject(p *PortObject) error
DeletePortObject Delete a port
func (*FTD) DeletePortObjectGroup ¶
func (f *FTD) DeletePortObjectGroup(g *PortObjectGroup) error
DeletePortObjectGroup Delete a port object group
func (*FTD) GetAccessPolicies ¶
func (f *FTD) GetAccessPolicies(limit int) ([]*AccessPolicy, error)
GetAccessPolicies Get a list of access policies
func (*FTD) GetAccessPoliciesby ¶
func (f *FTD) GetAccessPoliciesby(filterstring string, limit int) ([]*AccessPolicy, error)
func (*FTD) GetAccessRules ¶
func (f *FTD) GetAccessRules(policy string, limit int) ([]*AccessRule, error)
GetAccessRules Get a list of access rules
func (*FTD) GetNetworkAny ¶
func (f *FTD) GetNetworkAny() (*NetworkObject, error)
GetNetworkAny Returns the 0.0.0.0/0 object
func (*FTD) GetNetworkObjectByID ¶
func (f *FTD) GetNetworkObjectByID(id string) (*NetworkObject, error)
GetNetworkObjectByID Get a network object by ID
func (*FTD) GetNetworkObjectGroupBy ¶
func (f *FTD) GetNetworkObjectGroupBy(filterString string) ([]*NetworkObjectGroup, error)
func (*FTD) GetNetworkObjectGroups ¶
func (f *FTD) GetNetworkObjectGroups(limit int) ([]*NetworkObjectGroup, error)
GetNetworkObjectGroups Get a list of network objects
func (*FTD) GetNetworkObjects ¶
func (f *FTD) GetNetworkObjects(limit int) ([]*NetworkObject, error)
GetNetworkObjects Get a list of network objects
func (*FTD) GetPortObjectGroupBy ¶
func (f *FTD) GetPortObjectGroupBy(filterString string) ([]*PortObjectGroup, error)
func (*FTD) GetPortObjectGroups ¶
func (f *FTD) GetPortObjectGroups(limit int) ([]*PortObjectGroup, error)
GetPortObjectGroups Get all the port object groups within the limit specified
func (*FTD) GetTCPPortObjectByID ¶
func (f *FTD) GetTCPPortObjectByID(id string) (*PortObject, error)
GetTCPPortObjectByID Get a tcp port by ID
func (*FTD) GetTCPPortObjects ¶
func (f *FTD) GetTCPPortObjects() ([]*PortObject, error)
GetTCPPortObjects Get a list of tcp ports
func (*FTD) GetUDPPortObjectByID ¶
func (f *FTD) GetUDPPortObjectByID(id string) (*PortObject, error)
GetUDPPortObjectByID Get a udp port by ID
func (*FTD) GetUDPPortObjects ¶
func (f *FTD) GetUDPPortObjects() ([]*PortObject, error)
GetUDPPortObjects Get a list of udp ports
func (*FTD) ModifyAccessPolicy ¶
func (f *FTD) ModifyAccessPolicy(n *AccessPolicy, policy string) error
ModifyAccessPolicy Modify access policy
func (*FTD) PostDeploy ¶
func (f *FTD) PostDeploy(n *DeployObject) error
func (*FTD) UpdateNetworkObject ¶
func (f *FTD) UpdateNetworkObject(n *NetworkObject) error
UpdateNetworkObject Updates a network object
func (*FTD) UpdateNetworkObjectGroup ¶
func (f *FTD) UpdateNetworkObjectGroup(n *NetworkObjectGroup) error
UpdateNetworkObjectGroup Updates a network object group
func (*FTD) UpdatePortObject ¶
func (f *FTD) UpdatePortObject(p *PortObject) error
UpdatePortObject Updates a port
func (*FTD) UpdatePortObjectGroup ¶
func (f *FTD) UpdatePortObjectGroup(g *PortObjectGroup) error
UpdatePortObjectGroup Updates a port object group
type FTDError ¶
type FTDError struct {
Severity string `json:"severity"`
Key string `json:"key"`
Message []FTDMessage `json:"messages"`
}
FTDError Error returned by API
type FTDMessage ¶
FTDMessage Error message returned by API
type NetworkObject ¶
type NetworkObject struct {
ReferenceObject
Description string `json:"description,omitempty"`
SubType string `json:"subType"`
Value string `json:"value"`
IsSystemDefined bool `json:"isSystemDefined,omitempty"`
Links *Links `json:"links,omitempty"`
}
NetworkObject An object represents the network (Note: The field level constraints listed here might not cover all the constraints on the field. Additional constraints might exist.)
func (*NetworkObject) Reference ¶
func (n *NetworkObject) Reference() *ReferenceObject
Reference Returns a reference object
type NetworkObjectGroup ¶
type NetworkObjectGroup struct {
ReferenceObject
Description string `json:"description,omitempty"`
IsSystemDefined bool `json:"isSystemDefined,omitempty"`
Objects []*ReferenceObject `json:"objects,omitempty"`
Links *Links `json:"links,omitempty"`
}
NetworkObjectGroup Network Object Group
func (*NetworkObjectGroup) Reference ¶
func (g *NetworkObjectGroup) Reference() *ReferenceObject
Reference Returns a reference object
type Paging ¶
type Paging struct {
Prev []string `json:"prev,omitempty"`
Next []string `json:"next,omitempty"`
Limit int `json:"limit,omitempty"`
Offset int `json:"offset,omitempty"`
Count int `json:"count,omitempty"`
Pages int `json:"pages,omitempty"`
}
Paging Paging Information
type PortObject ¶
type PortObject struct {
ReferenceObject
Description string `json:"description,omitempty"`
Port string `json:"port,omitempty"`
IsSystemDefined bool `json:"isSystemDefined,omitempty"`
Links *Links `json:"links,omitempty"`
}
PortObject Represents a TCP or UDP port
func (*PortObject) Reference ¶
func (p *PortObject) Reference() *ReferenceObject
Reference Returns a reference object
type PortObjectGroup ¶
type PortObjectGroup struct {
ReferenceObject
Description string `json:"description,omitempty"`
IsSystemDefined bool `json:"isSystemDefined,omitempty"`
Objects []*ReferenceObject `json:"objects,omitempty"`
Links *Links `json:"links,omitempty"`
}
PortObjectGroup Port Object Group
func (*PortObjectGroup) Reference ¶
func (p *PortObjectGroup) Reference() *ReferenceObject
Reference Returns a reference object
Source Files
Click to show internal directories.
Click to hide internal directories.