account onboarding APIs

PaloAltoNetworks · May 20, 2024 · f5c395e · f5c395e
1 parent 37921c8
commit f5c395e
Show file tree

Hide file tree

Showing 12 changed files with 453 additions and 74 deletions.
diff --git a/api/account.go b/api/account.go
@@ -0,0 +1,39 @@
+package api
+
+import (
+	"context"
+
+	"github.com/paloaltonetworks/cloud-ngfw-aws-go/api/account"
+)
+
+func (c *ApiClient) CreateAccount(ctx context.Context, input account.CreateInput) (account.CreateOutput, error) {
+	out, err := c.client.CreateAccount(ctx, input)
+	if err != nil {
+		return account.CreateOutput{}, err
+	}
+	return out, nil
+}
+
+func (c *ApiClient) ReadAccount(ctx context.Context, input account.ReadInput) (account.ReadOutput, error) {
+	out, err := c.client.ReadAccount(ctx, input)
+	if err != nil {
+		return account.ReadOutput{}, err
+	}
+	return out, nil
+}
+
+func (c *ApiClient) ListAccounts(ctx context.Context, a account.ListInput) (account.ListOutput, error) {
+	out, err := c.client.ListAccounts(ctx, a)
+	if err != nil {
+		return account.ListOutput{}, err
+	}
+	return out, nil
+}
+
+func (c *ApiClient) DeleteAccount(ctx context.Context, input account.DeleteInput) error {
+	err := c.client.DeleteAccount(ctx, input)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/api/account/structs.go b/api/account/structs.go
@@ -0,0 +1,84 @@
+package account
+
+import (
+	"github.com/paloaltonetworks/cloud-ngfw-aws-go/api/response"
+)
+
+// V1 create.
+type CreateInput struct {
+	AccountId string `json:"AccountId,omitempty"`
+	Origin    string `json:"Origin,omitempty"`
+}
+
+type Info struct {
+	TrustedAccount string `json:"ServiceAccountId,omitempty"`
+	ExternalId     string `json:"ExternalId,omitempty"`
+	SNSTopicArn    string `json:"SNSTopicArn,omitempty"`
+	Origin         string `json:"Origin,omitempty"`
+}
+
+type CreateOutput struct {
+	Response Info            `json:"Response"`
+	Status   response.Status `json:"ResponseStatus"`
+}
+
+// V1 read.
+type ReadInput struct {
+	AccountId string `json:"AccountId,omitempty"`
+}
+
+type ReadOutput struct {
+	Response ReadResponse    `json:"Response"`
+	Status   response.Status `json:"ResponseStatus"`
+}
+
+func (o ReadOutput) Failed() *response.Status {
+	return o.Status.Failed()
+}
+
+func (o CreateOutput) Failed() *response.Status {
+	return o.Status.Failed()
+}
+
+type AccountDetail struct {
+	AccountId                 string `json:"AccountId,omitempty"`
+	CloudFormationTemplateURL string `json:"CloudFormationTemplateURL,omitempty"`
+	OnboardingStatus          string `json:"OnboardingStatus,omitempty"`
+	ExternalId                string `json:"ExternalId,omitempty"`
+	ServiceAccountId          string `json:"ServiceAccountId,omitempty"`
+	SNSTopicArn               string `json:"SNSTopicArn,omitempty"`
+}
+
+type ReadResponse struct {
+	AccountDetail
+	UpdateToken string `json:"UpdateToken,omitempty"`
+}
+
+type ListInput struct {
+	Describe   bool   `json:"Describe,omitempty"`
+	MaxResults int    `json:"MaxResults,omitempty"`
+	NextToken  string `json:"NextToken,omitempty"`
+}
+
+type ListAccount struct {
+	AccountId string
+}
+
+type ListResponse struct {
+	AccountIds     []string        `json:"AccountIds"`
+	AccountDetails []AccountDetail `json:"AccountDetails,omitempty"`
+	NextToken      string          `json:"NextToken,omitempty"`
+}
+
+type ListOutput struct {
+	Response ListResponse    `json:"Response"`
+	Status   response.Status `json:"ResponseStatus"`
+}
+
+func (o ListOutput) Failed() *response.Status {
+	return o.Status.Failed()
+}
+
+type DeleteInput struct {
+	AccountId string `json:"AccountId"`
+}
diff --git a/api/client.go b/api/client.go
@@ -6,6 +6,7 @@ import (
 	"go.uber.org/zap"
 	"log"
 
+	"github.com/paloaltonetworks/cloud-ngfw-aws-go/api/account"
 	"github.com/paloaltonetworks/cloud-ngfw-aws-go/api/appid"
 	"github.com/paloaltonetworks/cloud-ngfw-aws-go/api/certificate"
 	"github.com/paloaltonetworks/cloud-ngfw-aws-go/api/country"
@@ -40,7 +41,6 @@ type Client interface {
 	ExportRuleStackXML(ctx context.Context, input stack.ReadInput) (stack.ExportRulestackXmlOutput, error)
 	SaveRuleStackXML(ctx context.Context, input stack.SaveRulestackXmlInput) error
 	UpdateRuleStack(ctx context.Context, input stack.Info) error
-	CreateSCMRuleStack(ctx context.Context, input stack.CreateSCMRuleStackInput) error
 	DeleteRuleStack(ctx context.Context, input stack.SimpleInput) error
 	CommitRuleStack(ctx context.Context, input stack.SimpleInput) error
 	PollCommitRuleStack(ctx context.Context, input stack.SimpleInput) (stack.CommitStatus, error)
@@ -92,7 +92,7 @@ type Client interface {
 
 	ListFirewall(ctx context.Context, input firewall.ListInput) (firewall.ListOutput, error)
 	CreateFirewall(ctx context.Context, input firewall.Info) (firewall.CreateOutput, error)
-	ModifyFirewall(ctx context.Context, input firewall.Info) error
+	ModifyFirewall(ctx context.Context, input firewall.Info) (bool, error)
 	ReadFirewall(ctx context.Context, input firewall.ReadInput) (firewall.ReadOutput, error)
 	UpdateFirewallDescription(ctx context.Context, input firewall.UpdateDescriptionInput) error
 	UpdateFirewallContentVersion(ctx context.Context, input firewall.UpdateContentVersionInput) error
@@ -106,8 +106,13 @@ type Client interface {
 	DisAssociateGlobalRuleStack(ctx context.Context, input firewall.DisAssociateInput) (firewall.DisAssociateOutput, error)
 	SetEndpoint(ctx context.Context, input EndPointInput) error
 	GetCloudNGFWServiceToken(ctx context.Context, info stack.AuthInput) (stack.AuthOutput, error)
+	CreateAccount(ctx context.Context, input account.CreateInput) (account.CreateOutput, error)
+	ReadAccount(ctx context.Context, input account.ReadInput) (account.ReadOutput, error)
+	ListAccounts(ctx context.Context, input account.ListInput) (account.ListOutput, error)
+	DeleteAccount(ctx context.Context, input account.DeleteInput) error
 	IsSyncModeEnabled(ctx context.Context) bool
 	GetResourceTimeout(ctx context.Context) int
+	GetMPRegion(ctx context.Context) string
 }
 
 type ApiClient struct {
@@ -140,6 +145,10 @@ func (c *ApiClient) GetResourceTimeout(ctx context2.Context) int {
 	return c.client.GetResourceTimeout(ctx)
 }
 
+func (c *ApiClient) GetMPRegion(ctx context2.Context) string {
+	return c.client.GetMPRegion(ctx)
+}
+
 // sdk consumers instantiate APIClient using NewAPIClient() and invoke APIs under api directory
 func NewAPIClient(client Client, ctx context.Context, maxGortns int, XSLPath string, mock bool) *ApiClient {
 	if !mock && Logger == nil {

diff --git a/api/firewall.go b/api/firewall.go
@@ -24,11 +24,12 @@ func (c *ApiClient) CreateFirewall(ctx context.Context, input firewall.Info) (fi
 	return out, nil
 }
 
-func (c *ApiClient) ModifyFirewall(ctx context.Context, input firewall.Info) error {
-	if err := c.client.ModifyFirewall(ctx, input); err != nil {
-		return err
+func (c *ApiClient) ModifyFirewall(ctx context.Context, input firewall.Info) (bool, error) {
+	waitForUpdate, err := c.client.ModifyFirewall(ctx, input)
+	if err != nil {
+		return waitForUpdate, err
 	}
-	return nil
+	return waitForUpdate, nil
 }
 
 func (c *ApiClient) ReadFirewall(ctx context.Context, input firewall.ReadInput) (firewall.ReadOutput, error) {

diff --git a/api/logprofile/structs.go b/api/logprofile/structs.go
@@ -13,6 +13,8 @@ type Info struct {
 	Firewall                  string           `json:"FirewallName,omitempty"`
 	LogDestinations           []LogDestination `json:"LogDestinationConfigs"`
 	CloudWatchMetricNamespace string           `json:"CloudWatchMetricNamespace,omitempty"`
+	AdvancedThreatLog         bool             `json:"AdvancedThreatLog,omitempty"`
+	CloudWatchMetricsFields   []string         `json:"CloudWatchMetricsFields,omitempty"`
 }
 
 type LogDestination struct {

diff --git a/api/stack.go b/api/stack.go
@@ -84,18 +84,6 @@ func (c *ApiClient) CreateRuleStack(ctx context.Context, input stack.Info) error
 	return nil
 }
 
-func (c *ApiClient) CreateSCMRuleStack(ctx context.Context, input stack.CreateSCMRuleStackInput) error {
-	if err := c.client.CreateSCMRuleStack(ctx, input); err != nil {
-		return err
-	}
-
-	log.Printf(
-		"export rulestack:%s",
-		input.Name)
-
-	return nil
-}
-
 func (c *ApiClient) UpdateRuleStack(ctx context.Context, input stack.Info) error {
 	log.Printf(
 		"create rulestack %s",

diff --git a/api/stack/structs.go b/api/stack/structs.go
@@ -219,7 +219,7 @@ type SaveRulestackXmlInput struct {
 	Name              string          `json:"-"`
 	Scope             string          `json:"-"`
 	RuleStackEntryXml XmlString       `json:"RuleStackEntryXml"`
-	ReadOnly          bool            `json:"ReadOnly"`
+	ReadOnly          bool            `json:"ReadOnly,omitempty"`
 	Firewalls         []FirewallEntry `json:"Firewalls,omitempty"`
 	RulesStackType    string          `json:"RulesStackType,omitempty"`
 }
@@ -247,7 +247,8 @@ type CreateSCMRuleStackInput struct {
 
 type FirewallEntry struct {
 	Firewall  string `json:"Firewall"`
-	AccountId string `json:"AccountId"`
+	AccountId string `json:"AccountId,omitempty"`
+	ArmId     string `json:"ArmId,omitempty"`
 }
 
 type PushRulestackCMOutput struct {

diff --git a/ngfw/aws/account.go b/ngfw/aws/account.go
@@ -0,0 +1,79 @@
+package aws
+
+import (
+	"github.com/paloaltonetworks/cloud-ngfw-aws-go/api/account"
+	"context"
+	"net/http"
+)
+
+// Create creates an object.
+func (c *Client) CreateAccount(ctx context.Context, input account.CreateInput) (account.CreateOutput, error) {
+	c.Log(http.MethodPost, "create account")
+
+	var ans account.CreateOutput
+	_, err := c.Communicate(
+		ctx,
+		PermissionAccount,
+		http.MethodPost,
+		[]string{"v1", "mgmt", "linkaccounts"},
+		nil,
+		input,
+		&ans,
+	)
+
+	return ans, err
+}
+
+// Read returns information on the given object.
+func (c *Client) ReadAccount(ctx context.Context, input account.ReadInput) (account.ReadOutput, error) {
+	accountId := input.AccountId
+	c.Log(http.MethodGet, "describe account: %s", accountId)
+
+	var ans account.ReadOutput
+	_, err := c.Communicate(
+		ctx,
+		PermissionAccount,
+		http.MethodGet,
+		[]string{"v1", "mgmt", "linkaccounts", accountId},
+		nil,
+		nil,
+		&ans,
+	)
+
+	return ans, err
+}
+
+// List returns a list of given objects.
+func (c *Client) ListAccounts(ctx context.Context, input account.ListInput) (account.ListOutput, error) {
+	c.Log(http.MethodGet, "list accounts")
+
+	var ans account.ListOutput
+	_, err := c.Communicate(
+		ctx,
+		PermissionAccount,
+		http.MethodGet,
+		[]string{"v1", "mgmt", "linkaccounts"},
+		nil,
+		input,
+		&ans,
+	)
+
+	return ans, err
+}
+
+// Delete the given account.
+func (c *Client) DeleteAccount(ctx context.Context, input account.DeleteInput) error {
+	c.Log(http.MethodDelete, "delete account: %s", input.AccountId)
+
+	_, err := c.Communicate(
+		ctx,
+		PermissionAccount,
+		http.MethodDelete,
+		[]string{"v1", "mgmt", "linkaccounts", input.AccountId},
+		nil,
+		nil,
+		nil,
+	)
+
+	return err
+}