controller

package
v1.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 18, 2026 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	FeatureZoneBasedFirewall = "ZONE_BASED_FIREWALL"
)

featureFlags maps known feature names to API detection logic. When FIREWALL_MODE=auto, EnsureInfrastructure calls HasFeature.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthConfig 

type AuthConfig struct {
	BaseURL       string
	Username      string
	Password      string
	APIKey        string
	ReauthTimeout time.Duration
	ReauthMinGap  time.Duration
}

AuthConfig holds credentials for session management.

type ClientConfig 

type ClientConfig struct {
	BaseURL      string
	Username     string
	Password     string
	APIKey       string
	VerifyTLS    bool
	CACertPath   string
	Timeout      time.Duration
	Debug        bool
	ReauthMinGap time.Duration // thundering-herd guard: skip re-auth if last one was < this ago
	EnableIPv6   bool          // dial IPv6 — false by default, set true only with working IPv6 path
}

ClientConfig holds parameters for constructing a UniFi HTTP client.

type Controller 

type Controller interface {
	// Firewall Groups (address lists) — legacy mode only
	ListFirewallGroups(ctx context.Context, site string) ([]FirewallGroup, error)
	CreateFirewallGroup(ctx context.Context, site string, g FirewallGroup) (FirewallGroup, error)
	UpdateFirewallGroup(ctx context.Context, site string, g FirewallGroup) error
	DeleteFirewallGroup(ctx context.Context, site string, id string) error

	// Legacy Rules (WAN_IN / WANv6_IN) — legacy mode only
	ListFirewallRules(ctx context.Context, site string) ([]FirewallRule, error)
	CreateFirewallRule(ctx context.Context, site string, r FirewallRule) (FirewallRule, error)
	UpdateFirewallRule(ctx context.Context, site string, r FirewallRule) error
	DeleteFirewallRule(ctx context.Context, site string, id string) error

	// Zone-Based Policies — integration v1
	ListZonePolicies(ctx context.Context, site string) ([]ZonePolicy, error)
	CreateZonePolicy(ctx context.Context, site string, p ZonePolicy) (ZonePolicy, error)
	UpdateZonePolicy(ctx context.Context, site string, p ZonePolicy) error
	DeleteZonePolicy(ctx context.Context, site string, id string) error
	GetPolicyOrdering(ctx context.Context, site, srcZoneID, dstZoneID string) (PolicyOrdering, error)
	SetPolicyOrdering(ctx context.Context, site, srcZoneID, dstZoneID string, ordering PolicyOrdering) error

	// Traffic Matching Lists — integration v1, zone mode only
	ListTrafficMatchingLists(ctx context.Context, site string) ([]TrafficMatchingList, error)
	CreateTrafficMatchingList(ctx context.Context, site string, list TrafficMatchingList) (TrafficMatchingList, error)
	UpdateTrafficMatchingList(ctx context.Context, site string, list TrafficMatchingList) error
	DeleteTrafficMatchingList(ctx context.Context, site string, id string) error

	// Site and Zone Resolution — integration v1
	GetSiteID(ctx context.Context, siteName string) (string, error)
	GetZoneID(ctx context.Context, site, zoneName string) (string, error)
	DiscoverZones(ctx context.Context, site string) ([]Zone, error)
	DiscoverSites(ctx context.Context) ([]string, error)

	// InvalidateZoneCache evicts all cached zone IDs, site IDs, and feature flags
	// for the given site. Call before re-resolving zone names to ensure fresh data.
	InvalidateZoneCache(site string)

	// Feature Detection
	HasFeature(ctx context.Context, site string, feature string) (bool, error)

	// Session
	Ping(ctx context.Context) error
	Close() error
}

Controller is the UniFi API seam. All methods accept context for deadline control.

func NewClient 

func NewClient(ctx context.Context, cfg ClientConfig, log zerolog.Logger) (Controller, error)

NewClient constructs a new Controller client and performs initial login.

type ErrConflict 

type ErrConflict struct {
	Msg string
}

ErrConflict is returned when a create operation would cause a duplicate.

func (*ErrConflict) Error 

func (e *ErrConflict) Error() string

type ErrNotFound 

type ErrNotFound struct {
	URL string
}

ErrNotFound is returned when a resource does not exist.

func (*ErrNotFound) Error 

func (e *ErrNotFound) Error() string

type ErrRateLimit 

type ErrRateLimit struct {
	RetryAfter time.Duration
}

ErrRateLimit is returned when the controller signals rate limiting.

func (*ErrRateLimit) Error 

func (e *ErrRateLimit) Error() string

type ErrUnauthorized 

type ErrUnauthorized struct {
	Msg string
}

ErrUnauthorized is returned on HTTP 401 responses.

func (*ErrUnauthorized) Error 

func (e *ErrUnauthorized) Error() string

type FirewallGroup 

type FirewallGroup struct {
	ID           string
	Name         string
	GroupType    string // "address-group" or "ipv6-address-group"
	GroupMembers []string
}

FirewallGroup represents a UniFi address-list group.

type FirewallRule 

type FirewallRule struct {
	ID                  string
	Name                string
	Enabled             bool
	RuleIndex           int
	Action              string // "drop" or "reject"
	Ruleset             string // "WAN_IN", "WANv6_IN", etc.
	Description         string
	Logging             bool
	Protocol            string
	SrcFirewallGroupIDs []string
}

FirewallRule represents a UniFi firewall rule (legacy mode).

type PolicyOrdering added in v1.1.7 

type PolicyOrdering struct {
	BeforeSystemDefined []string
	AfterSystemDefined  []string
}

PolicyOrdering holds the sorted list of user-defined policy IDs for a specific source/destination zone pair.

type TrafficMatchingList 

type TrafficMatchingList struct {
	ID        string
	Type      string // "IPV4_ADDRESSES", "IPV6_ADDRESSES", "PORTS"
	Name      string
	GroupType string // legacy compat hint: "address-group", "ipv6-address-group"
	Items     []TrafficMatchingListItem
}

TrafficMatchingList represents an integration v1 IP/port list (zone mode).

type TrafficMatchingListItem 

type TrafficMatchingListItem struct {
	Type  string `json:"-"` // "IP_ADDRESS", "SUBNET", "PORT_NUMBER"; omitted from JSON to match wire format
	Value string
}

TrafficMatchingListItem is one entry in a TrafficMatchingList.

type Zone 

type Zone struct {
	ID     string
	Name   string
	Origin string // metadata.origin from integration v1 API, e.g. "USER_DEFINED"
}

Zone represents a UniFi network zone (topology discovery).

type ZonePolicy 

type ZonePolicy struct {
	ID                     string
	Name                   string
	Enabled                bool
	Action                 string // "BLOCK", "ALLOW", "REJECT"
	AllowReturnTraffic     bool   // only valid for ALLOW action
	Description            string
	SrcZone                string
	DstZone                string
	IPVersion              string   // "IPV4", "IPV6", "BOTH"
	TrafficMatchingListIDs []string // proxy API: source.ip_group_id (single ID)
	Predefined             bool     // true for built-in policies managed by UniFi
	ConnectionStateFilter  []string // e.g. ["NEW", "INVALID"]
	LoggingEnabled         bool
	SrcPortTMLID           string // TML of type "PORTS" for source port filter (empty = any)
	DstPortTMLID           string // TML of type "PORTS" for destination port filter (empty = any)
	DstIPTMLID             string // TML of type IPV4_ADDRESSES or IPV6_ADDRESSES for dst IP filter (empty = any)
}

ZonePolicy represents a UniFi zone-based firewall policy.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.