Documentation
¶
Overview ¶
package uid provides a code library to generate PAN-OS XML API User-ID payloads as well as utility functions to validate the API responses
Index ¶
- func Validate(resp *http.Response, resperr error) (apiResp *x.APIResponse, err error)
- type Client
- type IPTag
- type Monitor
- type Operation
- type UIDBuilder
- func (mp UIDBuilder) Add(mpB UIDBuilder) (mpC UIDBuilder)
- func (mp UIDBuilder) Group(dug []UserGroup) (mpB UIDBuilder)
- func (mp UIDBuilder) GroupUser(user, group string, tout *uint) (mpB UIDBuilder)
- func (mp UIDBuilder) Login(uid []UserMap) (mpB UIDBuilder)
- func (mp UIDBuilder) LoginUser(user, ip string, tout *uint) (mpB UIDBuilder)
- func (mp UIDBuilder) Logout(uid []UserMap) (mpB UIDBuilder)
- func (mp UIDBuilder) LogoutUser(user, ip string) (mpB UIDBuilder)
- func (mp UIDBuilder) Payload(m Monitor) (p *x.UIDMsgPayload, err error)
- func (mp UIDBuilder) Push(hostport, apikey string, c Client, m Monitor) (resp *http.Response, err error)
- func (mp UIDBuilder) Register(dag []IPTag) (mpB UIDBuilder)
- func (mp UIDBuilder) RegisterIP(ip, tag string, tout *uint) (mpB UIDBuilder)
- func (mp UIDBuilder) UIDMessage(m Monitor) (u *x.UIDMessage, err error)
- func (mp UIDBuilder) Ungroup(dug []UserGroup) (mpB UIDBuilder)
- func (mp UIDBuilder) UngroupUser(user, group string) (mpB UIDBuilder)
- func (mp UIDBuilder) Unregister(dag []IPTag) (mpB UIDBuilder)
- func (mp UIDBuilder) UnregisterIP(ip, tag string) (mpB UIDBuilder)
- type UserGroup
- type UserMap
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Validate ¶
Validate provides PAN-OS XML User-ID API response validation. Error will be raised either by underlying http/net errors of because the PAN-OS User-ID response contains a non "success" status code
Example ¶
Create a User-ID payload with a single IP-to-tag entry, push the message to the PAN-OS device using the default http client and parse the response.
package main import ( "fmt" "net/http" "github.com/xhoms/panoslib/uid" ) func main() { var tout uint = 60 resp, err := uid.NewUIDBuilder(). RegisterIP("1.1.1.1", "windows", &tout). Push("10.1.1.1:443", "<my-api-key>", http.DefaultClient, nil) if apiResp, err := uid.Validate(resp, err); err == nil { fmt.Println(apiResp.Status) } else { fmt.Println(err) } }
Output:
Types ¶
type Monitor ¶
Monitor interface describes an entity capable of processing log activity generated by the UserID Builder. See package github.com/xhoms/panoslib/uid/memmonitor documentation for additional details
type UIDBuilder ¶
type UIDBuilder struct {
// contains filtered or unexported fields
}
UIDBuilder provides a "functional programming"-like constructor to build a PAN-OS XML User-ID API Payload. Methods for UIDBuilder are not thread safe. All operations between NewUIDBuilder() and the final action (Payload(), UIDMessage() or Push()) must happen inside the same goroutine
Example ¶
Create a PAN-OS XML User-ID compatible message from a list of user-to-ip maps, user-to-group maps and a list of ip-to-tag maps. Notice timeouts are passed as pointers to distinguish between zero and not-present
package main import ( "encoding/xml" "log" "github.com/xhoms/panoslib/uid" ) func main() { var tout uint = 60 login := []uid.UserMap{ {User: "foo@test.local", IP: "1.1.1.1", Tout: &tout}, {User: "bar@test.local", IP: "2.2.2.2"}, } group := []uid.UserGroup{ {Group: "admin", User: "foo@test.local"}, {Group: "devops", User: "bar@test.local", Tout: &tout}, } tag := []uid.IPTag{ {Tag: "windows", IP: "1.1.1.1"}, {Tag: "linux", IP: "2.2.2.2"}, {Tag: "avscanned", IP: "2.2.22", Tout: &tout}, } if uidmsg, err := uid.NewUIDBuilder(). Login(login). Group(group). Register(tag). UIDMessage(nil); err == nil { if msg, err := xml.MarshalIndent(uidmsg, "", " "); err == nil { log.Println(string(msg)) } } }
Output:
func NewBuilderFromPayload ¶
func NewBuilderFromPayload(p *x.UIDMsgPayload) (mp UIDBuilder)
NewBuilderFromPayload returns an initialized UIDBuilder struct with data contained in the provided message payload. Its common use case is to provide augmentation to an existing message of for "man-in-the-middle" applications. For the latter see additional details in the MemMonitor type
func NewUIDBuilder ¶
func NewUIDBuilder() (mp UIDBuilder)
NewUIDBuilder returns an uninitialized UIDBuilder struct. Functional equivalent to UIDBuilder{}
func (UIDBuilder) Add ¶
func (mp UIDBuilder) Add(mpB UIDBuilder) (mpC UIDBuilder)
Add merges data from mpB builder into this builder
func (UIDBuilder) Group ¶
func (mp UIDBuilder) Group(dug []UserGroup) (mpB UIDBuilder)
Group is used to add a list of user-to-group (DUG) entries into the User-ID payload
func (UIDBuilder) GroupUser ¶
func (mp UIDBuilder) GroupUser(user, group string, tout *uint) (mpB UIDBuilder)
GroupUser is used to add a single user-to-group (DUG) entry into the User-ID payload
Example ¶
Create a User-ID payload with a single user-to-group (DUG) entry
package main import ( "encoding/xml" "fmt" "github.com/xhoms/panoslib/uid" ) func main() { var tout uint = 60 if p, err := uid.NewUIDBuilder(). GroupUser("foo@test.local", "admin", &tout). Payload(nil); err == nil { if b, err := xml.Marshal(p); err == nil { fmt.Println(string(b)) } } }
Output: <payload><register-user><entry user="foo@test.local"><tag><member timeout="60">admin</member></tag></entry></register-user></payload>
func (UIDBuilder) Login ¶
func (mp UIDBuilder) Login(uid []UserMap) (mpB UIDBuilder)
Login is used to add a list of user-to-ip entries into the User-ID payload
func (UIDBuilder) LoginUser ¶
func (mp UIDBuilder) LoginUser(user, ip string, tout *uint) (mpB UIDBuilder)
LoginUser is used to add as single user-to-ip entry in the User-ID payload
Example ¶
Create a User-ID payload with a single user-to-IP entry
package main import ( "encoding/xml" "fmt" "github.com/xhoms/panoslib/uid" ) func main() { var tout uint = 60 if p, err := uid.NewUIDBuilder(). LoginUser("foo@test.local", "1.1.1.1", &tout). Payload(nil); err == nil { if b, err := xml.Marshal(p); err == nil { fmt.Println(string(b)) } } }
Output: <payload><login><entry name="foo@test.local" ip="1.1.1.1" timeout="60"></entry></login></payload>
func (UIDBuilder) Logout ¶
func (mp UIDBuilder) Logout(uid []UserMap) (mpB UIDBuilder)
Logout is used to add a list of user-to-ip entries in the "logout" section into the User-ID payload
func (UIDBuilder) LogoutUser ¶
func (mp UIDBuilder) LogoutUser(user, ip string) (mpB UIDBuilder)
LogoutUser is used to add a single user-to-ip entry in the "logout" section into the User-ID payload
func (UIDBuilder) Payload ¶
func (mp UIDBuilder) Payload(m Monitor) (p *x.UIDMsgPayload, err error)
Payload is a final action. It merges all accumulated data into a PAN-OS XML User-ID API payload
If a variable implementing the Monitor interface is provided then a log entry will be issued to it for every entry in the payload. Order of log entries will be unregister > unregister-user > logout > login > register-user > register
func (UIDBuilder) Push ¶
func (mp UIDBuilder) Push( hostport, apikey string, c Client, m Monitor) (resp *http.Response, err error)
Push is a final action. It merges all accumulated data into a ready-to use PAN-OS XML User-ID API message and sends it to the device leveraging a provided http.Client.
If a variable implementing the Monitor interface is provided then a log entry will be issued to it for every entry in the payload. Order of log entries will be unregister > unregister-user > logout > login > register-user > register
Example ¶
Create a User-ID payload with a single IP-to-tag entry, push the message to the PAN-OS device using the default http client and parse the response.
package main import ( "fmt" "net/http" "github.com/xhoms/panoslib/uid" ) func main() { var tout uint = 60 resp, err := uid.NewUIDBuilder(). RegisterIP("1.1.1.1", "windows", &tout). Push("10.1.1.1:443", "<my-api-key>", http.DefaultClient, nil) if apiResp, err := uid.Validate(resp, err); err == nil { fmt.Println(apiResp.Status) } else { fmt.Println(err) } }
Output:
func (UIDBuilder) Register ¶
func (mp UIDBuilder) Register(dag []IPTag) (mpB UIDBuilder)
Register is used to add a list of ip-to-tag entries into the User-ID payload
func (UIDBuilder) RegisterIP ¶
func (mp UIDBuilder) RegisterIP(ip, tag string, tout *uint) (mpB UIDBuilder)
RegisterIP is used to add as single ip-to-tag entry in the User-ID payload
Example ¶
Create a User-ID payload with a single IP-to-tag entry
package main import ( "encoding/xml" "fmt" "github.com/xhoms/panoslib/uid" ) func main() { var tout uint = 60 if p, err := uid.NewUIDBuilder(). RegisterIP("1.1.1.1", "windows", &tout). Payload(nil); err == nil { if b, err := xml.Marshal(p); err == nil { fmt.Println(string(b)) } } }
Output: <payload><register><entry ip="1.1.1.1"><tag><member timeout="60">windows</member></tag></entry></register></payload>
func (UIDBuilder) UIDMessage ¶
func (mp UIDBuilder) UIDMessage(m Monitor) (u *x.UIDMessage, err error)
UIDMessage is a final action. It merges all accumulated data into a ready-to use PAN-OS XML User-ID API message
If a variable implementing the Monitor interface is provided then a log entry will be issued to it for every entry in the payload. Order of log entries will be unregister > unregister-user > logout > login > register-user > register
func (UIDBuilder) Ungroup ¶
func (mp UIDBuilder) Ungroup(dug []UserGroup) (mpB UIDBuilder)
Ungroup is used to add a list of user-to-group entries in the "unregister-user" section into the User-ID payload
func (UIDBuilder) UngroupUser ¶
func (mp UIDBuilder) UngroupUser(user, group string) (mpB UIDBuilder)
UngroupUser is used to add a single of user-to-group entry in the "unregister-user" section into the User-ID payload
func (UIDBuilder) Unregister ¶
func (mp UIDBuilder) Unregister(dag []IPTag) (mpB UIDBuilder)
Unregister is used to add a list of ip-to-tag entries in the "unregister" section into the User-ID payload
func (UIDBuilder) UnregisterIP ¶
func (mp UIDBuilder) UnregisterIP(ip, tag string) (mpB UIDBuilder)
UnregisterIP is used to add as single ip-to-tag entry in the "unregister" section into the User-ID payload