Merge branch 'main' into synthesisInfraStruct

np-guard · Dec 16, 2024 · 2d12ffe · 2d12ffe
2 parents a1430d5 + 1756bdc
commit 2d12ffe
Show file tree

Hide file tree

Showing 5 changed files with 2,627 additions and 1,315 deletions.
diff --git a/pkg/collector/collector.go b/pkg/collector/collector.go
@@ -13,26 +13,31 @@ import (
 )
 
 const (
-	domainsQuery               = "policy/api/v1/infra/domains"
-	servicesQuery              = "policy/api/v1/infra/services"
-	segmentsQuery              = "policy/api/v1/infra/segments"
-	segmentPortsQuery          = "policy/api/v1/infra/segments/%s/ports"
-	tier0Query                 = "policy/api/v1/infra/tier-0s"
-	tier1Query                 = "policy/api/v1/infra/tier-1s"
-	virtualMachineQuery        = "api/v1/fabric/virtual-machines"
-	virtualInterfaceQuery      = "api/v1/fabric/vifs"
-	groupsQuery                = "policy/api/v1/infra/domains/%s/groups"
-	groupQuery                 = "policy/api/v1/infra/domains/%s/groups/%s"
-	groupMembersVMQuery        = "policy/api/v1/infra/domains/%s/groups/%s/members/virtual-machines"
-	groupMembersVIFQuery       = "policy/api/v1/infra/domains/%s/groups/%s/members/vifs"
-	groupMembersIPAddressQuery = "policy/api/v1/infra/domains/%s/groups/%s/members/ip-addresses"
-	securityPoliciesQuery      = "policy/api/v1/infra/domains/%s/security-policies"
-	securityPolicyRulesQuery   = "policy/api/v1/infra/domains/%s/security-policies/%s"
-	securityPolicyRuleQuery    = "policy/api/v1/infra/domains/%s/security-policies/%s/rules/%s"
-	gatewayPoliciesQuery       = "policy/api/v1/infra/domains/%s/gateway-policies"
-	gatewayPolicyRulesQuery    = "policy/api/v1/infra/domains/%s/gateway-policies/%s"
-	gatewayPolicyRuleQuery     = "policy/api/v1/infra/domains/%s/gateway-policies/%s/rules/%s"
-	firewallRuleQuery          = "api/v1/firewall/rules/%d"
+	domainsQuery                = "policy/api/v1/infra/domains"
+	servicesQuery               = "policy/api/v1/infra/services"
+	segmentsQuery               = "policy/api/v1/infra/segments"
+	segmentPortsQuery           = "policy/api/v1/infra/segments/%s/ports"
+	tier0Query                  = "policy/api/v1/infra/tier-0s"
+	tier1Query                  = "policy/api/v1/infra/tier-1s"
+	tierNatQuery                = "%s/%s/nat"
+	tierNatRuleQuery            = "%s/%s/nat/%s/nat-rules"
+	virtualMachineQuery         = "api/v1/fabric/virtual-machines"
+	virtualInterfaceQuery       = "api/v1/fabric/vifs"
+	groupsQuery                 = "policy/api/v1/infra/domains/%s/groups"
+	groupQuery                  = "policy/api/v1/infra/domains/%s/groups/%s"
+	groupMembersVMQuery         = "policy/api/v1/infra/domains/%s/groups/%s/members/virtual-machines"
+	groupMembersVIFQuery        = "policy/api/v1/infra/domains/%s/groups/%s/members/vifs"
+	groupMembersIPAddressQuery  = "policy/api/v1/infra/domains/%s/groups/%s/members/ip-addresses"
+	securityPoliciesQuery       = "policy/api/v1/infra/domains/%s/security-policies"
+	securityPolicyRulesQuery    = "policy/api/v1/infra/domains/%s/security-policies/%s"
+	securityPolicyRuleQuery     = "policy/api/v1/infra/domains/%s/security-policies/%s/rules/%s"
+	gatewayPoliciesQuery        = "policy/api/v1/infra/domains/%s/gateway-policies"
+	gatewayPolicyRulesQuery     = "policy/api/v1/infra/domains/%s/gateway-policies/%s"
+	gatewayPolicyRuleQuery      = "policy/api/v1/infra/domains/%s/gateway-policies/%s/rules/%s"
+	redirectionPoliciesQuery    = "policy/api/v1/infra/domains/%s/redirection-policies"
+	redirectionPolicyRulesQuery = "policy/api/v1/infra/domains/%s/redirection-policies/%s"
+	redirectionPolicyRuleQuery  = "policy/api/v1/infra/domains/%s/redirection-policies/%s/rules/%s"
+	firewallRuleQuery           = "api/v1/firewall/rules/%d"
 
 	defaultForwardingUpTimer = 5
 )
@@ -48,22 +53,22 @@ func NewServerData(host, user, password string) ServerData {
 //nolint:funlen,gocyclo // just a long function
 func CollectResources(server ServerData) (*ResourcesContainerModel, error) {
 	res := NewResourcesContainerModel()
+	// vms:
 	err := collectResultList(server, virtualMachineQuery, &res.VirtualMachineList)
 	if err != nil {
 		return nil, err
 	}
+	// vnis:
 	err = collectResultList(server, virtualInterfaceQuery, &res.VirtualNetworkInterfaceList)
 	if err != nil {
 		return nil, err
 	}
+	// services:
 	err = collectResultList(server, servicesQuery, &res.ServiceList)
 	if err != nil {
 		return nil, err
 	}
-	err = collectResultList(server, domainsQuery, &res.DomainList)
-	if err != nil {
-		return nil, err
-	}
+	//segments:
 	err = collectResultList(server, segmentsQuery, &res.SegmentList)
 	if err != nil {
 		return nil, err
@@ -75,17 +80,39 @@ func CollectResources(server ServerData) (*ResourcesContainerModel, error) {
 			return nil, err
 		}
 	}
+	// tier0:
 	err = collectResultList(server, tier0Query, &res.Tier0List)
 	if err != nil {
 		return nil, err
 	}
+	for ti := range res.Tier0List {
+		tID := *res.Tier0List[ti].Id
+		err = collcetPolicyNats(server, tier0Query, tID, &res.Tier0List[ti].PolicyNats)
+		if err != nil {
+			return nil, err
+		}
+	}
+	// tier1:
 	err = collectResultList(server, tier1Query, &res.Tier1List)
 	if err != nil {
 		return nil, err
 	}
+	for ti := range res.Tier1List {
+		tID := *res.Tier1List[ti].Id
+		err = collcetPolicyNats(server, tier1Query, tID, &res.Tier1List[ti].PolicyNats)
+		if err != nil {
+			return nil, err
+		}
+	}
+	//domains:
+	err = collectResultList(server, domainsQuery, &res.DomainList)
+	if err != nil {
+		return nil, err
+	}
 	for di := range res.DomainList {
 		domainID := *res.DomainList[di].Id
 		domainResources := &res.DomainList[di].Resources
+		// groups:
 		err = collectResultList(server, fmt.Sprintf(groupsQuery, domainID), &domainResources.GroupList)
 		if err != nil {
 			return nil, err
@@ -114,6 +141,7 @@ func CollectResources(server ServerData) (*ResourcesContainerModel, error) {
 				return nil, err
 			}
 		}
+		// security policies:
 		err = collectResultList(server,
 			fmt.Sprintf(securityPoliciesQuery, domainID),
 			&domainResources.SecurityPolicyList)
@@ -144,10 +172,59 @@ func CollectResources(server ServerData) (*ResourcesContainerModel, error) {
 				if err != nil {
 					return nil, err
 				}
+				domainResources.SecurityPolicyList[si].Rules[ri].FirewallRule = &FirewallRule{}
 				err = collectResource(server,
 					fmt.Sprintf(firewallRuleQuery,
 						*domainResources.SecurityPolicyList[si].Rules[ri].RuleId),
-					&domainResources.SecurityPolicyList[si].Rules[ri].FirewallRule)
+					domainResources.SecurityPolicyList[si].Rules[ri].FirewallRule)
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+		// gateway policies:
+		err = collectResultList(server,
+			fmt.Sprintf(gatewayPoliciesQuery, domainID),
+			&domainResources.GatewayPolicyList)
+		if err != nil {
+			return nil, err
+		}
+		for gi := range domainResources.GatewayPolicyList {
+			err = collectResource(server,
+				fmt.Sprintf(gatewayPolicyRulesQuery, domainID, *domainResources.GatewayPolicyList[gi].Id),
+				&domainResources.GatewayPolicyList[gi])
+			if err != nil {
+				return nil, err
+			}
+			for ri := range domainResources.GatewayPolicyList[gi].Rules {
+				err = collectResource(server,
+					fmt.Sprintf(gatewayPolicyRuleQuery, domainID,
+						*domainResources.GatewayPolicyList[gi].Id, *domainResources.GatewayPolicyList[gi].Rules[ri].Id),
+					&domainResources.GatewayPolicyList[gi].Rules[ri])
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+		// redirection policies:
+		err = collectResultList(server,
+			fmt.Sprintf(redirectionPoliciesQuery, domainID),
+			&domainResources.RedirectionPolicyList)
+		if err != nil {
+			return nil, err
+		}
+		for gi := range domainResources.RedirectionPolicyList {
+			err = collectResource(server,
+				fmt.Sprintf(redirectionPolicyRulesQuery, domainID, *domainResources.RedirectionPolicyList[gi].Id),
+				&domainResources.RedirectionPolicyList[gi])
+			if err != nil {
+				return nil, err
+			}
+			for ri := range domainResources.RedirectionPolicyList[gi].RedirectionRules {
+				err = collectResource(server,
+					fmt.Sprintf(redirectionPolicyRuleQuery, domainID,
+						*domainResources.RedirectionPolicyList[gi].Id, *domainResources.RedirectionPolicyList[gi].RedirectionRules[ri].Id),
+					&domainResources.RedirectionPolicyList[gi].RedirectionRules[ri])
 				if err != nil {
 					return nil, err
 				}
@@ -181,6 +258,21 @@ func CollectResources(server ServerData) (*ResourcesContainerModel, error) {
 	return res, nil
 }
 
+func collcetPolicyNats(server ServerData, tierQuery, tID string, policyNats *[]PolicyNat) error {
+	err := collectResultList(server, fmt.Sprintf(tierNatQuery, tierQuery, tID), policyNats)
+	if err != nil {
+		return err
+	}
+	for ni := range *policyNats {
+		nID := *(*policyNats)[ni].Id
+		err = collectResultList(server, fmt.Sprintf(tierNatRuleQuery, tierQuery, tID, nID), &(*policyNats)[ni].Rules)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func FixResourcesForJSON(res *ResourcesContainerModel) {
 	for i := range res.Tier0List {
 		if res.Tier0List[i].AdvancedConfig != nil {

diff --git a/pkg/collector/data_model.go b/pkg/collector/data_model.go
@@ -19,21 +19,22 @@ import (
 const (
 	rulesJSONEntry          = "rules"
 	membersJSONEntry        = "vm_members"
-	vifMembersJSONEntry     = "vfi_members"
-	addressMembersJSONEntry = "address_members"
+	vifMembersJSONEntry     = "vif_members"
+	addressMembersJSONEntry = "ips_members"
 	expressionJSONEntry     = "expression"
 	resourcesJSONEntry      = "resources"
 	serviceEntriesJSONEntry = "service_entries"
 	resourceTypeJSONEntry   = "resource_type"
 	defaultRuleJSONEntry    = "default_rule"
 	firewallRuleJSONEntry   = "firewall_rule"
 	segmentPortsJSONEntry   = "segment_ports"
+	policyNatsJSONEntry     = "policy_nats"
 )
 
 type Rule struct {
 	nsx.Rule
-	FirewallRule   FirewallRule   `json:"firewall_rule"`
-	ServiceEntries ServiceEntries `json:"service_entries"`
+	FirewallRule   *FirewallRule  `json:"firewall_rule,omitempty"`
+	ServiceEntries ServiceEntries `json:"service_entries,omitempty"`
 }
 
 func (rule *Rule) UnmarshalJSON(b []byte) error {
@@ -49,8 +50,8 @@ type FirewallRule struct {
 
 type SecurityPolicy struct {
 	nsx.SecurityPolicy
-	Rules       []Rule        `json:"rules"`
-	DefaultRule *FirewallRule `json:"default_rule"`
+	Rules       []Rule        `json:"rules,omitempty"`
+	DefaultRule *FirewallRule `json:"default_rule,omitempty"`
 }
 
 func (securityPolicy *SecurityPolicy) UnmarshalJSON(b []byte) error {
@@ -62,14 +63,36 @@ func (securityPolicy *SecurityPolicy) UnmarshalJSON(b []byte) error {
 // /////////////////////////////////////////////////////////////////////////////////////
 type GatewayPolicy struct {
 	nsx.GatewayPolicy
-	Rules []Rule `json:"rules"`
+	Rules []Rule `json:"rules,omitempty"`
 }
 
 func (gatewayPolicy *GatewayPolicy) UnmarshalJSON(b []byte) error {
 	return UnmarshalBaseStructAnd1Field(b, &gatewayPolicy.GatewayPolicy,
 		rulesJSONEntry, &gatewayPolicy.Rules)
 }
 
+// /////////////////////////////////////////////////////////////////////////////////////
+type RedirectionPolicy struct {
+	nsx.RedirectionPolicy
+	RedirectionRules []RedirectionRule `json:"rules,omitempty"`
+}
+
+func (redirectionPolicy *RedirectionPolicy) UnmarshalJSON(b []byte) error {
+	return UnmarshalBaseStructAnd1Field(b, &redirectionPolicy.RedirectionPolicy,
+		rulesJSONEntry, &redirectionPolicy.RedirectionRules)
+}
+
+type RedirectionRule struct {
+	nsx.RedirectionRule
+	ServiceEntries ServiceEntries `json:"service_entries,omitempty"`
+}
+
+func (rule *RedirectionRule) UnmarshalJSON(b []byte) error {
+	rule.ServiceEntries = ServiceEntries{}
+	return UnmarshalBaseStructAnd1Field(b, &rule.RedirectionRule,
+		serviceEntriesJSONEntry, &rule.ServiceEntries)
+}
+
 // /////////////////////////////////////////////////////////////////////////////////////
 type IPProtocolServiceEntry struct {
 	nsx.IPProtocolServiceEntry
@@ -227,7 +250,7 @@ func (s *ServiceEntries) UnmarshalJSON(b []byte) error {
 
 type Service struct {
 	nsx.Service
-	ServiceEntries ServiceEntries `json:"service_entries"`
+	ServiceEntries ServiceEntries `json:"service_entries,omitempty"`
 }
 
 func (service *Service) UnmarshalJSON(b []byte) error {
@@ -269,7 +292,7 @@ func (vni *VirtualNetworkInterface) UnmarshalJSON(b []byte) error {
 
 type Segment struct {
 	nsx.Segment
-	SegmentPorts []SegmentPort `json:"segment_ports"`
+	SegmentPorts []SegmentPort `json:"segment_ports,omitempty"`
 }
 
 func (segment *Segment) UnmarshalJSON(b []byte) error {
@@ -282,9 +305,33 @@ type SegmentPort struct {
 
 type Tier0 struct {
 	nsx.Tier0
+	PolicyNats []PolicyNat `json:"policy_nats,omitempty"`
 }
+
+func (t0 *Tier0) UnmarshalJSON(b []byte) error {
+	return UnmarshalBaseStructAnd1Field(b, &t0.Tier0, policyNatsJSONEntry, &t0.PolicyNats)
+}
+
 type Tier1 struct {
 	nsx.Tier1
+	PolicyNats []PolicyNat `json:"policy_nats,omitempty"`
+}
+
+func (t1 *Tier1) UnmarshalJSON(b []byte) error {
+	return UnmarshalBaseStructAnd1Field(b, &t1.Tier1, policyNatsJSONEntry, &t1.PolicyNats)
+}
+
+type PolicyNat struct {
+	nsx.PolicyNat
+	Rules []PolicyNatRule `json:"rules,omitempty"`
+}
+
+func (policyNat *PolicyNat) UnmarshalJSON(b []byte) error {
+	return UnmarshalBaseStructAnd1Field(b, &policyNat.PolicyNat, rulesJSONEntry, &policyNat.Rules)
+}
+
+type PolicyNatRule struct {
+	nsx.PolicyNatRule
 }
 
 type RealizedVirtualMachine struct {
@@ -369,10 +416,10 @@ func (e *Expression) UnmarshalJSON(b []byte) error {
 
 type Group struct {
 	nsx.Group
-	VMMembers      []RealizedVirtualMachine  `json:"vm_members"`
-	VIFMembers     []VirtualNetworkInterface `json:"vif_members"`
-	AddressMembers []nsx.IPElement           `json:"ips_members"`
-	Expression     Expression                `json:"expression"`
+	VMMembers      []RealizedVirtualMachine  `json:"vm_members,omitempty"`
+	VIFMembers     []VirtualNetworkInterface `json:"vif_members,omitempty"`
+	AddressMembers []nsx.IPElement           `json:"ips_members,omitempty"`
+	Expression     Expression                `json:"expression,omitempty"`
 }
 
 func (group *Group) UnmarshalJSON(b []byte) error {

diff --git a/pkg/collector/resources_container_model.go b/pkg/collector/resources_container_model.go
@@ -25,9 +25,10 @@ type ResourcesContainerModel struct {
 	DomainList                  []Domain                  `json:"domains"`
 }
 type DomainResources struct {
-	SecurityPolicyList []SecurityPolicy `json:"security_policies"`
-	GatewayPolicyList  []GatewayPolicy  `json:"gateway_policies"`
-	GroupList          []Group          `json:"groups"`
+	SecurityPolicyList    []SecurityPolicy    `json:"security_policies"`
+	GatewayPolicyList     []GatewayPolicy     `json:"gateway_policies"`
+	RedirectionPolicyList []RedirectionPolicy `json:"redirection_policies"`
+	GroupList             []Group             `json:"groups"`
 }
 
 // NewResourcesContainerModel creates an empty resources container
@@ -140,7 +141,7 @@ func (resources *ResourcesContainerModel) GetRule(id string) *FirewallRule {
 			}
 			for r := range resources.DomainList[d].Resources.SecurityPolicyList[s].Rules {
 				if *resources.DomainList[d].Resources.SecurityPolicyList[s].Rules[r].FirewallRule.Id == id {
-					return &resources.DomainList[d].Resources.SecurityPolicyList[s].Rules[r].FirewallRule
+					return resources.DomainList[d].Resources.SecurityPolicyList[s].Rules[r].FirewallRule
 				}
 			}
 		}