Documentation
¶
Index ¶
- Constants
- Variables
- func FindPolicyByIntent(node firewall.FirewallNode, intent *policy.Intent, fromZone, toZone string, ...) []firewall.FirewallPolicy
- func GenerateObjectName(auto *keys.AutoIncrementKeys, obj interface{}, ...) (keys.Keys, bool, error)
- func GenerateObjectNameWithStarlark(auto *keys.AutoIncrementKeys, obj interface{}, ...) (keys.Keys, bool, error)
- type Field
- type IDTemplate
- func (pt *IDTemplate) Extract(policy string) (map[string]string, error)
- func (pt *IDTemplate) Generate(variables map[string]interface{}) (int, string)
- func (pt *IDTemplate) GetLastSequence(name string) int
- func (pt *IDTemplate) Initialize() *IDTemplate
- func (pt *IDTemplate) SetLastSequence(name string, value int)
- func (pt *IDTemplate) WithCurrentTime(t time.Time) *IDTemplate
- func (pt *IDTemplate) WithCustomIDExtractor(extractor func(string) int) *IDTemplate
- func (pt *IDTemplate) WithCustomValidator(validator func(string) bool) *IDTemplate
- func (pt *IDTemplate) WithLastDate(name string, t time.Time) *IDTemplate
- func (pt *IDTemplate) WithMaxRetries(maxRetries int) *IDTemplate
- type MatchConfig
- type NamingTemplates
- type ObjectNameManager
- type ObjectStatus
- type StarlarkExecutor
Constants ¶
View Source
const ( // FlyObjectNetwork 网络对象(地址对象、地址组)的CLI字符串 FlyObjectNetwork = "NETWORK" // FlyObjectService 服务对象(服务对象、服务组)的CLI字符串 FlyObjectService = "SERVICE" // FlyObjectNat NAT规则的CLI字符串(统一字段) FlyObjectNat = "NAT" // FlyObjectPool SNAT池对象的CLI字符串 FlyObjectPool = "POOL" // FlyObjectSecurityPolicy 安全策略的CLI字符串 FlyObjectSecurityPolicy = "SECURITY_POLICY" )
核心标准字段(所有防火墙通用)
View Source
const ( // FlyObjectAcl ACL规则的CLI字符串(SecPath, Common V2) FlyObjectAcl = "ACL" // FlyObjectVip VIP对象的CLI字符串(Common V2, FortiGate使用STATIC_NAT) FlyObjectVip = "VIP" // FlyObjectMip MIP对象的CLI字符串(Common V2) FlyObjectMip = "MIP" // FlyObjectStaticNat 静态NAT规则(Sangfor, FortiGate) FlyObjectStaticNat = "STATIC_NAT" // FlyObjectDynamicNat 动态NAT规则(Sangfor, FortiGate) FlyObjectDynamicNat = "DYNAMIC_NAT" )
扩展字段(部分防火墙使用)
View Source
const ( // FlyObjectNetworkObjectGroup 网络对象组(FortiGate) FlyObjectNetworkObjectGroup = "NETWORK_OBJECT_GROUP" // FlyObjectServiceGroup 服务对象组(FortiGate) FlyObjectServiceGroup = "SERVICE_GROUP" // FlyObjectClis CLI命令列表(FortiGate) FlyObjectClis = "CLIS" )
FortiGate特定扩展字段
View Source
const ( // FlyObjectNetworkIPv4Object IPv4网络对象(SecPath XML格式) FlyObjectNetworkIPv4Object = "NETWORK_IPv4_OBJECT" // FlyObjectNetworkIPv6Object IPv6网络对象(SecPath XML格式) FlyObjectNetworkIPv6Object = "NETWORK_IPv6_OBJECT" // FlyObjectNetworkIPv4Group IPv4网络组(SecPath XML格式) FlyObjectNetworkIPv4Group = "NETWORK_IPv4_GROUP" // FlyObjectNetworkIPv6Group IPv6网络组(SecPath XML格式) FlyObjectNetworkIPv6Group = "NETWORK_IPv6_GROUP" // FlyObjectServerOnInterface 接口上的服务器(SecPath XML格式) FlyObjectServerOnInterface = "SERVER_ON_INTERFACE" // FlyObjectNatPolicy NAT策略(SecPath XML格式) FlyObjectNatPolicy = "NAT_POLICY" )
SecPath特定扩展字段(XML格式)
View Source
const ( RetryMethodNext = "next" RetryMethodSuffix = "suffix" )
Variables ¶
View Source
var DefaultTemplates = NamingTemplates{
NetworkTemplate: `ADDR_{if:isHost=="true"}HOST_{ip}{else if:isNetwork="true"}NET_{ip}_{mask}{else}RANGE_{start}_{end}{endif}`,
L3ProtocolTemplate: "SVC_L3_{protocol}",
ICMPTemplate: "SVC_ICMP_{type}_{code}",
L4Template: "SVC_{protocol}_{if:src_port!='0 65535'}SRC_{src_port}{endif}_DST_{dst_port}",
}
Functions ¶
func FindPolicyByIntent ¶
func FindPolicyByIntent(node firewall.FirewallNode, intent *policy.Intent, fromZone, toZone string, config MatchConfig) []firewall.FirewallPolicy
FindPolicyByIntent 通过intent寻找匹配的policy
func GenerateObjectName ¶
func GenerateObjectName(auto *keys.AutoIncrementKeys, obj interface{}, itFunc func() firewall.NamerIterator, node firewall.FirewallNode, templates *NamingTemplates, retryMethod string, onm *ObjectNameManager, useBaseFirst bool) (keys.Keys, bool, error)
func GenerateObjectNameWithStarlark ¶
func GenerateObjectNameWithStarlark(auto *keys.AutoIncrementKeys, obj interface{}, itFunc func() firewall.NamerIterator, node firewall.FirewallNode, templates *NamingTemplates, retryMethod string, onm *ObjectNameManager, useBaseFirst bool, starlarkExecutor StarlarkExecutor) (keys.Keys, bool, error)
GenerateObjectNameWithStarlark 生成对象名称(支持 Starlark 模板) starlarkExecutor: 可选的 Starlark 执行器,如果提供则使用 Starlark 模板生成名称
Types ¶
type IDTemplate ¶
type IDTemplate struct {
// contains filtered or unexported fields
}
func NewPolicyTemplate ¶
func NewPolicyTemplate(template string, getIterator func() firewall.NamerIterator) *IDTemplate
func (*IDTemplate) Extract ¶
func (pt *IDTemplate) Extract(policy string) (map[string]string, error)
func (*IDTemplate) Generate ¶
func (pt *IDTemplate) Generate(variables map[string]interface{}) (int, string)
func (*IDTemplate) GetLastSequence ¶
func (pt *IDTemplate) GetLastSequence(name string) int
func (*IDTemplate) Initialize ¶
func (pt *IDTemplate) Initialize() *IDTemplate
func (*IDTemplate) SetLastSequence ¶
func (pt *IDTemplate) SetLastSequence(name string, value int)
func (*IDTemplate) WithCurrentTime ¶
func (pt *IDTemplate) WithCurrentTime(t time.Time) *IDTemplate
func (*IDTemplate) WithCustomIDExtractor ¶
func (pt *IDTemplate) WithCustomIDExtractor(extractor func(string) int) *IDTemplate
func (*IDTemplate) WithCustomValidator ¶
func (pt *IDTemplate) WithCustomValidator(validator func(string) bool) *IDTemplate
func (*IDTemplate) WithLastDate ¶
func (pt *IDTemplate) WithLastDate(name string, t time.Time) *IDTemplate
func (*IDTemplate) WithMaxRetries ¶
func (pt *IDTemplate) WithMaxRetries(maxRetries int) *IDTemplate
type MatchConfig ¶
type MatchConfig struct {
MatchThreshold int // 匹配阈值,默认为2
MatchSrc bool // 是否匹配源地址
MatchDst bool // 是否匹配目标地址
MatchService bool // 是否匹配服务
StrictZone bool // 是否严格匹配zone(false则允许any匹配任何zone)
EmptyZoneMatchesAny *bool // 当zone列表为空时,是否匹配任何zone(nil表示未设置,默认为true)
}
MatchConfig 定义匹配配置
type NamingTemplates ¶
type ObjectNameManager ¶
type ObjectNameManager struct {
// contains filtered or unexported fields
}
func NewObjectNameManager ¶
func NewObjectNameManager() *ObjectNameManager
NewObjectNameManager 创建一个新的 ObjectNameManager
func (*ObjectNameManager) AddGeneratedName ¶
func (onm *ObjectNameManager) AddGeneratedName(name string)
AddGeneratedName 添加一个生成过的名称
func (*ObjectNameManager) IsNameGenerated ¶
func (onm *ObjectNameManager) IsNameGenerated(name string) bool
IsNameGenerated 检查名称是否已经生成过
type ObjectStatus ¶
type ObjectStatus int
const ( ObjectNotExist ObjectStatus = iota ObjectExistSame ObjectExistDifferent )
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.