-
Notifications
You must be signed in to change notification settings - Fork 5
/
events.go
91 lines (81 loc) · 3 KB
/
events.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package illumioapi
import (
"time"
)
// Event represents an auditable event in the Illumio PCE
// Events cannot be created or updated.
type Event struct {
Href string `json:"href"`
Timestamp time.Time `json:"timestamp"`
PceFqdn string `json:"pce_fqdn"`
EventCreatedBy *EventCreatedBy `json:"created_by"`
EventType string `json:"event_type"`
Status string `json:"status"`
Severity string `json:"severity"`
Notifications *[]Notifications `json:"notifications"`
ResourceChanges *[]ResourceChanges `json:"resource_changes,omitempty"`
}
// EventCreatedBy is who created the event
type EventCreatedBy struct {
Agent Agent `json:"agent"`
User UserLogin `json:"user"`
ContainerCluster ContainerCluster `json:"container_cluster"`
System System `json:"system,omitempty"`
Name string
Href string
}
// System is an empty struct for system-generated events
type System struct{}
// Notifications are event notifications
type Notifications struct {
UUID string `json:"uuid"`
NotificationType string `json:"notification_type"`
Info *Info `json:"info"`
}
// Info are notification info
type Info struct {
APIEndpoint string `json:"api_endpoint"`
APIMethod string `json:"api_method"`
SrcIP string `json:"src_ip"`
VEN *VEN `json:"ven,omitempty"`
Agent *Agent `json:"agent,omitempty"`
}
type ResourceChanges struct {
UUID string `json:"uuid,omitempty"`
Resource Resource `json:"resource,omitempty"`
ChangeType string `json:"change_type,omitempty"`
}
type Resource struct {
Workload Workload `json:"workload,omitempty"`
}
// GetEvents returns a slice of events from the PCE.
// queryParameters can be used for filtering in the form of ["parameter"]="value".
// The first API call to the PCE does not use the async option.
// If the slice length is >=500, it re-runs with async.
func (p *PCE) GetEvents(queryParameters map[string]string) (events []Event, api APIResponse, err error) {
api, err = p.GetCollection("events", false, queryParameters, &events)
if len(events) >= 500 {
events = nil
api, err = p.GetCollection("events", true, queryParameters, &events)
}
for i, e := range events {
e.PopulateCreatedBy()
events[i] = e
}
return events, api, err
}
func (e *Event) PopulateCreatedBy() {
if e.EventCreatedBy.Agent.Href != "" {
e.EventCreatedBy.Href = e.EventCreatedBy.Agent.Href
e.EventCreatedBy.Name = e.EventCreatedBy.Agent.Hostname
} else if e.EventCreatedBy.User.Href != "" {
e.EventCreatedBy.Href = e.EventCreatedBy.User.Href
e.EventCreatedBy.Name = e.EventCreatedBy.User.Username
} else if e.EventCreatedBy.ContainerCluster.Href != "" {
e.EventCreatedBy.Href = e.EventCreatedBy.ContainerCluster.Href
e.EventCreatedBy.Name = e.EventCreatedBy.ContainerCluster.Name
} else {
e.EventCreatedBy.Href = "system"
e.EventCreatedBy.Name = "system"
}
}