-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathvirtualservices.go
279 lines (248 loc) · 10.2 KB
/
virtualservices.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
package illumioapi
import (
"encoding/json"
"errors"
"fmt"
"math"
"net/url"
"strconv"
"strings"
"time"
)
// A VirtualService represents a Virtual Service in the Illumio PCE
type VirtualService struct {
Href string `json:"href,omitempty"`
Name string `json:"name,omitempty"`
Description *string `json:"description,omitempty"`
Labels *[]Label `json:"labels,omitempty"`
Service *Service `json:"service,omitempty"`
ServicePorts *[]ServicePort `json:"service_ports,omitempty"`
ServiceAddresses *[]ServiceAddresses `json:"service_addresses,omitempty"`
IPOverrides *[]string `json:"ip_overrides,omitempty"`
PceFqdn string `json:"pce_fqdn,omitempty"`
ApplyTo string `json:"apply_to,omitempty"`
ExternalDataReference string `json:"external_data_reference,omitempty"`
ExternalDataSet string `json:"external_data_set,omitempty"`
UpdateType string `json:"update_type,omitempty"`
CreatedAt string `json:"created_at,omitempty"`
CreatedBy *Href `json:"created_by,omitempty"`
DeletedAt string `json:"deleted_at,omitempty"`
DeletedBy *Href `json:"deleted_by,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
UpdatedBy *Href `json:"updated_by,omitempty"`
}
// ServiceAddresses are FQDNs for Virtual Services
type ServiceAddresses struct {
IP string `json:"ip,omitempty"`
Network *Network `json:"network,omitempty"`
Fqdn string `json:"fqdn,omitempty"`
Description string `json:"description,omitempty"`
}
// Networks are used by ServiceAddresses
type Network struct {
Href string `json:"href,omitempty"`
Name string `json:"name,omitempty"`
}
// A ServiceBinding binds a worklad to a Virtual Service
type ServiceBinding struct {
Href string `json:"href,omitempty"`
VirtualService *VirtualService `json:"virtual_service"`
Workload *Workload `json:"workload"`
PortOverrides *[]PortOverrides `json:"port_overrides,omitempty"`
}
// PortOverrides override a port on a virtual service binding.
type PortOverrides struct {
Port int `json:"port"`
Proto int `json:"proto"`
NewPort int `json:"new_port"`
}
// GetVirtualServices returns a slice of IP lists from the PCE. pStatus must be "draft" or "active".
// queryParameters can be used for filtering in the form of ["parameter"]="value".
// The first API call to the PCE does not use the async option.
// If the slice length is >=500, it re-runs with async.
func (p *PCE) GetVirtualServices(queryParameters map[string]string, pStatus string) (api APIResponse, err error) {
// Validate pStatus
pStatus = strings.ToLower(pStatus)
if pStatus != "active" && pStatus != "draft" {
return api, fmt.Errorf("invalid pStatus")
}
api, err = p.GetCollection("sec_policy/"+pStatus+"/virtual_services", false, queryParameters, &p.VirtualServicesSlice)
if len(p.VirtualServicesSlice) >= 500 {
p.VirtualServicesSlice = nil
api, err = p.GetCollection("sec_policy/"+pStatus+"/virtual_services", true, queryParameters, &p.VirtualServicesSlice)
}
// Populate the map
p.VirtualServices = make(map[string]VirtualService)
for _, vs := range p.VirtualServicesSlice {
p.VirtualServices[vs.Name] = vs
p.VirtualServices[vs.Href] = vs
}
return api, err
}
// GetVirtualServiceByName returns the virtual service based on name.
// Uses GetVirtualServices for virtual services slices and maps are replaced.
// A blank virtual service is return if no exact match.
func (p *PCE) GetVirtualServiceByName(name string, pStatus string) (VirtualService, APIResponse, error) {
api, err := p.GetVirtualServices(map[string]string{"name": name}, pStatus)
if err != nil {
return VirtualService{}, api, err
}
for _, vs := range p.VirtualServicesSlice {
if vs.Name == name {
return vs, api, nil
}
}
return VirtualService{}, api, nil
}
// GetVirtualServiceByHref returns the virtualservice with a specific href
func (p *PCE) GetVirtualServiceByHref(href string) (virtualService VirtualService, api APIResponse, err error) {
api, err = p.GetHref(href, &virtualService)
return virtualService, api, err
}
// CreateVirtualService creates a new virtual service in the Illumio PCE.
func (p *PCE) CreateVirtualService(virtualService VirtualService) (createdVirtualService VirtualService, api APIResponse, err error) {
virtualService.Sanitize()
virtualService.Href = ""
api, err = p.Post("sec_policy/draft/virtual_services", &virtualService, &createdVirtualService)
return createdVirtualService, api, err
}
// UpdateVirtualService updates an existing virtual service in the PCE.
// The provided virtual service must include an Href.
// Properties that cannot be included in the PUT method will be ignored.
func (p *PCE) UpdateVirtualService(virtualService VirtualService) (APIResponse, error) {
virtualService.Sanitize()
return p.Put(&virtualService)
}
// GetServiceBindings returns a slice of service bindings from the PCE.
// queryParameters can be used for filtering in the form of ["parameter"]="value".
// The first API call to the PCE does not use the async option.
// If the slice length is >=500, it re-runs with async.
func (p *PCE) GetServiceBindings(queryParameters map[string]string) (serviceBindings []ServiceBinding, api APIResponse, err error) {
api, err = p.GetCollection("service_bindings", false, queryParameters, &serviceBindings)
if len(serviceBindings) >= 500 {
serviceBindings = nil
api, err = p.GetCollection("service_bindings", true, queryParameters, &serviceBindings)
}
return serviceBindings, api, err
}
// CreateServiceBinding binds new workloads to a virtual service
func (p *PCE) CreateServiceBinding(serviceBindings []ServiceBinding) (createdServiceBindings []ServiceBinding, api APIResponse, err error) {
// Sanitize Bindings
sanSBs := []ServiceBinding{}
for _, sb := range serviceBindings {
sb.Href = ""
sb.VirtualService = &VirtualService{Href: sb.VirtualService.SetActive().Href}
sb.Workload = &Workload{Href: sb.Workload.Href}
sanSBs = append(sanSBs, sb)
}
serviceBindings = sanSBs
api, err = p.Post("service_bindings", &serviceBindings, &createdServiceBindings)
return createdServiceBindings, api, err
}
// BulkVS takes a bulk action on an array of workloads.
// Method must be create, update, or delete
func (p *PCE) BulkVS(virtualServices []VirtualService, method string, stdoutLogs bool) ([]APIResponse, error) {
var apiResps []APIResponse
var err error
// Check on method
method = strings.ToLower(method)
if method != "create" && method != "update" && method != "delete" {
return apiResps, errors.New("bulk vs error - method must be create, update, or delete")
}
// Sanitize update
if method == "update" {
sanitizedVSs := []VirtualService{}
for _, vs := range virtualServices {
vs.Sanitize()
sanitizedVSs = append(sanitizedVSs, vs)
}
virtualServices = sanitizedVSs
}
// Build the API URL
apiURL, err := url.Parse("https://" + p.cleanFQDN() + ":" + strconv.Itoa(p.Port) + "/api/v2/orgs/" + strconv.Itoa(p.Org) + "/sec_policy/draft/virtual_services/bulk_" + method)
if err != nil {
return apiResps, fmt.Errorf("bulk vs error - %s", err)
}
// If the method is delete, we can only send Hrefs
if method == "delete" {
hrefVSs := []VirtualService{}
for _, vs := range virtualServices {
hrefVSs = append(hrefVSs, VirtualService{Href: vs.Href})
}
// Re-assign virtual services to just the HREF
virtualServices = hrefVSs
}
// Figure out how many API calls we need to make
numAPICalls := int(math.Ceil(float64(len(virtualServices)) / 1000))
if stdoutLogs {
fmt.Printf("%s [INFO] - Bulk API actions happen in 1,000 virtual service chunks. %d %s calls will be required to process the %d workloads.\r\n", time.Now().Format("2006-01-02 15:04:05 "), numAPICalls, method, len(virtualServices))
}
// Build the array to be passed to the API
apiArrays := [][]VirtualService{}
for i := 0; i < numAPICalls; i++ {
// Get 1,000 elements if this is not the last array
if (i + 1) != numAPICalls {
apiArrays = append(apiArrays, virtualServices[i*1000:(1+i)*1000])
// Get the rest on the last array
} else {
apiArrays = append(apiArrays, virtualServices[i*1000:])
}
}
// Call the API for each array
for i, apiArray := range apiArrays {
vsJSON, err := json.Marshal(apiArray)
if err != nil {
return apiResps, fmt.Errorf("bulk vs error - %s", err)
}
api, err := p.httpReq("PUT", apiURL.String(), vsJSON, false, map[string]string{"Content-Type": "application/json"})
api.ReqBody = string(vsJSON)
apiResps = append(apiResps, api)
if stdoutLogs {
fmt.Printf("%s [INFO] - API Call %d of %d - complete - status code %d.\r\n", time.Now().Format("2006-01-02 15:04:05 "), i+1, numAPICalls, api.StatusCode)
}
if err != nil {
return apiResps, fmt.Errorf("bulk vs error - %s", err)
}
}
return apiResps, nil
}
// Sanitize removes fields for an update
func (vs *VirtualService) Sanitize() {
// Remove fields for marshaling an update
vs.CreatedAt = ""
vs.CreatedBy = nil
vs.DeletedAt = ""
vs.DeletedBy = nil
vs.UpdateType = ""
vs.UpdatedAt = ""
vs.UpdatedBy = nil
vs.PceFqdn = ""
// Make the service HREF only
if vs.Service != nil {
vs.Service = &Service{Href: vs.Service.Href}
}
// Adjust the labels and services to be HREF only
hrefOnlyLabels := []Label{}
for _, l := range PtrToVal(vs.Labels) {
hrefOnlyLabels = append(hrefOnlyLabels, Label{Href: l.Href})
}
vs.Labels = &hrefOnlyLabels
}
// SetActive changes the HREF of the Virtual Service Object to Active
func (vs *VirtualService) SetActive() VirtualService {
vs.Href = strings.ReplaceAll(vs.Href, "draft", "active")
return *vs
}
// GetLabelByKey returns the label object based on the provided key and label map
// A blank label is return if the label key is not used on the workload
func (vs *VirtualService) GetLabelByKey(key string, labelMap map[string]Label) Label {
if vs.Labels == nil {
return Label{}
}
for _, l := range *vs.Labels {
if strings.EqualFold(labelMap[l.Href].Key, key) {
return labelMap[l.Href]
}
}
return Label{}
}