-
Notifications
You must be signed in to change notification settings - Fork 13
/
securitypolicy_types_functions.go
218 lines (190 loc) · 7.21 KB
/
securitypolicy_types_functions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
package securitypolicy
import (
"encoding/xml"
"errors"
"fmt"
)
func (sp SecurityPolicy) String() string {
return fmt.Sprintf("SecurityPolicy with objectId: %s", sp.ObjectID)
}
// MarshalToXML converts the object into XML
func (sp SecurityPolicy) MarshalToXML() string {
xmlBytes, _ := xml.Marshal(sp)
return string(xmlBytes)
}
// AddSecurityGroupBinding - Adds security group to list of SecurityGroupBinding if it doesn't exists.
func (sp *SecurityPolicy) AddSecurityGroupBinding(objectID string) {
for _, secGroup := range sp.SecurityGroupBinding {
if secGroup.ObjectID == objectID {
return
}
}
// if we reached here that means we couldn't find one, and let's add the sec group.
sp.SecurityGroupBinding = append(sp.SecurityGroupBinding, SecurityGroup{ObjectID: objectID})
return
}
// RemoveSecurityGroupBinding - Adds security group to list of SecurityGroupBinding if it doesn't exists.
func (sp *SecurityPolicy) RemoveSecurityGroupBinding(objectID string) {
for idx, secGroup := range sp.SecurityGroupBinding {
if secGroup.ObjectID == objectID {
sp.SecurityGroupBinding = append(sp.SecurityGroupBinding[:idx], sp.SecurityGroupBinding[idx+1:]...)
return
}
}
return
}
// CheckFirewallRuleByUUID - Checks if the rule with UUID exists in the firewall rules of security policy.
func (sp *SecurityPolicy) CheckFirewallRuleByUUID(uuid string) bool {
for _, action := range sp.ActionsByCategory.Actions {
if action.VsmUUID == uuid {
return true
}
}
return false
}
// GetFirewallRuleByName - Checks if the rule with given name exists in the firewall rules of security policy.
func (sp *SecurityPolicy) GetFirewallRuleByName(name string) *Action {
var actionFound Action
for _, action := range sp.ActionsByCategory.Actions {
if action.Name == name {
actionFound = action
break
}
}
return &actionFound
}
// GetFirewallRuleByUUID - Checks if the rule with given name exists in the firewall rules of security policy.
func (sp *SecurityPolicy) GetFirewallRuleByUUID(uuid string) *Action {
var actionFound Action
for _, action := range sp.ActionsByCategory.Actions {
if action.VsmUUID == uuid {
actionFound = action
break
}
}
return &actionFound
}
// RemoveFirewallActionByName - Removes the firewalla ction from security policy object if it exists.
func (sp *SecurityPolicy) RemoveFirewallActionByName(actionName string) {
for idx, action := range sp.ActionsByCategory.Actions {
if action.Name == actionName {
sp.ActionsByCategory.Actions = append(sp.ActionsByCategory.Actions[:idx], sp.ActionsByCategory.Actions[idx+1:]...)
return
}
}
}
// RemoveFirewallActionByUUID - Removes the firewall action from security policy object if it exists by it's UUID.
func (sp *SecurityPolicy) RemoveFirewallActionByUUID(uuid string) {
for idx, action := range sp.ActionsByCategory.Actions {
if action.VsmUUID == uuid {
sp.ActionsByCategory.Actions = append(sp.ActionsByCategory.Actions[:idx], sp.ActionsByCategory.Actions[idx+1:]...)
return
}
}
}
// AddOutboundFirewallAction adds outbound firewall action rule into security policy.
func (sp *SecurityPolicy) AddOutboundFirewallAction(name, action, direction string, secGroupObjectIDs, applicationObjectIDs []string) error {
if action != "allow" && action != "block" {
return errors.New("Action can be only 'allow' or 'block'")
}
if direction != "outbound" {
return errors.New("Direction can only be 'outbound'")
}
var secondarySecurityGroupList = []SecurityGroup{}
for _, secGroupID := range secGroupObjectIDs {
securityGroup := SecurityGroup{ObjectID: secGroupID}
secondarySecurityGroupList = append(secondarySecurityGroupList, securityGroup)
}
var secondaryApplicationsList = &Applications{}
if applicationObjectIDs[0] != "any" {
var secondaryApplicationList = []Application{}
for _, applicationObjectID := range applicationObjectIDs {
application := Application{ObjectID: applicationObjectID}
secondaryApplicationList = append(secondaryApplicationList, application)
}
secondaryApplicationsList.Applications = secondaryApplicationList
} else {
secondaryApplicationsList = nil
}
newAction := Action{
Class: "firewallSecurityAction",
Name: name,
Action: action,
Category: "firewall",
Direction: direction,
IsEnabled: true,
SecondarySecurityGroup: secondarySecurityGroupList,
Applications: secondaryApplicationsList,
}
if sp.ActionsByCategory.Category == "firewall" && len(sp.ActionsByCategory.Actions) >= 1 {
sp.ActionsByCategory.Actions = append(sp.ActionsByCategory.Actions, newAction)
return nil
}
// Build actionsByCategory list.
actionsByCategory := ActionsByCategory{Category: "firewall"}
actionsByCategory.Actions = []Action{newAction}
sp.ActionsByCategory = actionsByCategory
return nil
}
// AddInboundFirewallAction adds outbound firewall action rule into security policy.
func (sp *SecurityPolicy) AddInboundFirewallAction(name, action, direction string, applicationObjectIDs []string) error {
if action != "allow" && action != "block" {
return errors.New("Action can be only 'allow' or 'block'")
}
if direction != "inbound" {
return errors.New("Direction can only be 'inbound'")
}
var secondaryApplicationsList = &Applications{}
if applicationObjectIDs[0] != "any" {
var secondaryApplicationList = []Application{}
for _, applicationObjectID := range applicationObjectIDs {
application := Application{ObjectID: applicationObjectID}
secondaryApplicationList = append(secondaryApplicationList, application)
}
secondaryApplicationsList.Applications = secondaryApplicationList
} else {
secondaryApplicationsList = nil
}
newAction := Action{
Class: "firewallSecurityAction",
Name: name,
Action: action,
Category: "firewall",
Direction: direction,
IsEnabled: true,
Applications: secondaryApplicationsList,
}
if sp.ActionsByCategory.Category == "firewall" && len(sp.ActionsByCategory.Actions) >= 1 {
sp.ActionsByCategory.Actions = append(sp.ActionsByCategory.Actions, newAction)
return nil
}
// Build actionsByCategory list.
actionsByCategory := ActionsByCategory{Category: "firewall"}
actionsByCategory.Actions = []Action{newAction}
sp.ActionsByCategory = actionsByCategory
return nil
}
func (spList SecurityPolicies) String() string {
return fmt.Sprint("SecurityPolicies object, contains security policy objects.")
}
// FilterByName returns a single security policy object if it matches the name in SecurityPolicies list.
func (spList SecurityPolicies) FilterByName(name string) *SecurityPolicy {
var securityPolicyFound SecurityPolicy
for _, securityPolicy := range spList.SecurityPolicies {
if securityPolicy.Name == name {
securityPolicyFound = securityPolicy
break
}
}
return &securityPolicyFound
}
// RemoveSecurityPolicyByName - Removes the SecurityPolicy from a list of SecurityPolicies provided it matches the given name.
func (spList SecurityPolicies) RemoveSecurityPolicyByName(policyName string) *SecurityPolicies {
for idx, securityPolicy := range spList.SecurityPolicies {
if securityPolicy.Name == policyName {
spList.SecurityPolicies = append(spList.SecurityPolicies[:idx], spList.SecurityPolicies[idx+1:]...)
break
}
}
return &spList
}