uidmonitor

package

Version: v0.0.3 Latest Latest Go to latest Published: Apr 10, 2021 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more

Repository

github.com/xhoms/panoslib

Links

Documentation ¶

Overview ¶

package uidmonitor is a Monitor implementation that simulates PAN-OS user-id enforcement in a memory-only (ephimeral) implementation.

Its common use case is to be able to simulate how entries (user-to-ip, user-to-group and ip-to-tag) would expire inside the PAN-OS NGFW.

It is just a simulation that expires entries based on local clock so it would eventually go out of sync for long or never expiring mappings

Examples ¶

MemMonitor.Dump
MemMonitor.GroupIP
MemMonitor.TagIP
MemMonitor.UserIP
NewMemMonitor

Constants ¶

This section is empty.

Variables ¶

View Source

var MSIZE = ""

View Source

var MTOUT = ""

Functions ¶

This section is empty.

Types ¶

type MemMonitor ¶

type MemMonitor struct {
	// contains filtered or unexported fields
}

MemMonitor implements the uid.Monitor interface. Use an initialized version as provided by NewMemMonitor()

func NewMemMonitor ¶

func NewMemMonitor() (m *MemMonitor)

NewMemMonitor returns a ready-to-consume MemMonitor

Example ¶

package main

import (
	"fmt"
	"time"

	"github.com/xhoms/panoslib/uid"
	"github.com/xhoms/panoslib/uidmonitor"
)

func main() {
	now := time.Now()
	t1 := now.Add(10 * time.Second)
	var tout uint = 9
	var err error
	c := uidmonitor.NewMemMonitor()
	if _, err = uid.NewUIDBuilder().
		RegisterIP("1.1.1.1", "good", nil).
		RegisterIP("2.2.2.2", "good", &tout).
		RegisterIP("3.3.3.3", "good", &tout).
		Payload(c); err == nil {
		if len(c.TagIP("good")) == 3 { // at this point he have three entries
			if _, err = uid.NewUIDBuilder().
				UnregisterIP("3.3.3.3", "good").
				Payload(c); err == nil {
				if len(c.TagIP("good")) == 2 { // one entry lost due to explicit unregister
					/*
						purge at t1 (10 seconds after) will remove the entry
						that expires at 9 seconds
					*/
					c.CleanUp(t1)
					fmt.Println(len(c.TagIP("good")))
				}
			}
		}
	}
}

Output:

1

func (*MemMonitor) CleanUp ¶

func (m *MemMonitor) CleanUp(t time.Time)

CleanUp triggers tge garbage collector (removes expired entries at t)

func (*MemMonitor) Dump ¶

func (m *MemMonitor) Dump() (out string)

Dump is a convenience method that dumps the memory database for troubleshooting purposes

Example ¶

package main

import (
	"fmt"

	"github.com/xhoms/panoslib/uid"
	"github.com/xhoms/panoslib/uidmonitor"
)

func main() {
	var tout uint = 60
	c := uidmonitor.NewMemMonitor()
	if _, err := uid.NewUIDBuilder().
		RegisterIP("1.1.1.1", "good", &tout).
		LoginUser("foo@test.local", "1.1.1.1", &tout).
		GroupUser("admin", "foo@test.local", &tout).
		Payload(c); err == nil {
		fmt.Println(c.Dump())
	}
}

Output:

func (*MemMonitor) GroupIP ¶

func (m *MemMonitor) GroupIP(group string) (out []string)

GroupIP returns the list of IP's for a given group of users

Example ¶

package main

import (
	"fmt"

	"github.com/xhoms/panoslib/uid"
	"github.com/xhoms/panoslib/uidmonitor"
)

func main() {
	c := uidmonitor.NewMemMonitor()
	if _, err := uid.NewUIDBuilder().
		LoginUser("foo@test.local", "1.1.1.1", nil).
		GroupUser("foo@test.local", "admin", nil).
		Payload(c); err == nil {
		fmt.Println(c.GroupIP("admin"))
	}
}

Output:

[1.1.1.1]

func (*MemMonitor) Log ¶

func (m *MemMonitor) Log(op uid.Operation, subject, value string, tout *uint)

Log will process transactions generated by the UserID payload processing

func (*MemMonitor) TagIP ¶

func (m *MemMonitor) TagIP(tag string) []string

UserIP returns the list of IP's for a given Tag

Example ¶

package main

import (
	"fmt"

	"github.com/xhoms/panoslib/uid"
	"github.com/xhoms/panoslib/uidmonitor"
)

func main() {
	c := uidmonitor.NewMemMonitor()
	if _, err := uid.NewUIDBuilder().
		RegisterIP("1.1.1.1", "windows", nil).
		Payload(c); err == nil {
		fmt.Println(c.TagIP("windows"))
	}
}

Output:

[1.1.1.1]

func (*MemMonitor) UserIP ¶

func (m *MemMonitor) UserIP(user string) []string

UserIP returns the list of IP's for a given user

Example ¶

package main

import (
	"fmt"

	"github.com/xhoms/panoslib/uid"
	"github.com/xhoms/panoslib/uidmonitor"
)

func main() {
	c := uidmonitor.NewMemMonitor()
	if _, err := uid.NewUIDBuilder().
		LoginUser("foo@test.local", "1.1.1.1", nil).
		Payload(c); err == nil {
		fmt.Println(c.UserIP("foo@test.local"))
	}
}

Output:

[1.1.1.1]

Source Files ¶

View all

monitor.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL