github.com/GoogleCloudPlatform/terraformer@v0.8.18/providers/ibm/cis.go (about) 1 // Copyright 2019 The Terraformer Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package ibm 16 17 import ( 18 "fmt" 19 "os" 20 "strconv" 21 "strings" 22 23 "github.com/GoogleCloudPlatform/terraformer/terraformutils" 24 bluemix "github.com/IBM-Cloud/bluemix-go" 25 "github.com/IBM-Cloud/bluemix-go/api/resource/resourcev1/catalog" 26 "github.com/IBM-Cloud/bluemix-go/api/resource/resourcev2/controllerv2" 27 "github.com/IBM-Cloud/bluemix-go/session" 28 "github.com/IBM/go-sdk-core/v3/core" 29 "github.com/IBM/networking-go-sdk/custompagesv1" 30 "github.com/IBM/networking-go-sdk/dnsrecordsv1" 31 "github.com/IBM/networking-go-sdk/edgefunctionsapiv1" 32 "github.com/IBM/networking-go-sdk/filtersv1" 33 "github.com/IBM/networking-go-sdk/globalloadbalancermonitorv1" 34 "github.com/IBM/networking-go-sdk/globalloadbalancerpoolsv0" 35 "github.com/IBM/networking-go-sdk/globalloadbalancerv1" 36 "github.com/IBM/networking-go-sdk/pageruleapiv1" 37 "github.com/IBM/networking-go-sdk/rangeapplicationsv1" 38 "github.com/IBM/networking-go-sdk/routingv1" 39 "github.com/IBM/networking-go-sdk/sslcertificateapiv1" 40 "github.com/IBM/networking-go-sdk/useragentblockingrulesv1" 41 "github.com/IBM/networking-go-sdk/wafrulegroupsapiv1" 42 "github.com/IBM/networking-go-sdk/wafrulepackagesapiv1" 43 "github.com/IBM/networking-go-sdk/zonefirewallaccessrulesv1" 44 "github.com/IBM/networking-go-sdk/zonelockdownv1" 45 "github.com/IBM/networking-go-sdk/zoneratelimitsv1" 46 "github.com/IBM/networking-go-sdk/zonesv1" 47 ) 48 49 // CISGenerator .. 50 type CISGenerator struct { 51 IBMService 52 } 53 54 func (g CISGenerator) loadInstances(crn, name, resGrpID string) terraformutils.Resource { 55 resource := terraformutils.NewResource( 56 crn, 57 normalizeResourceName(name, false), 58 "ibm_cis", 59 "ibm", 60 map[string]string{ 61 "resource_group_id": resGrpID, 62 }, 63 []string{}, 64 map[string]interface{}{}) 65 return resource 66 } 67 68 func (g CISGenerator) loadDomains(crn, domainID string, dependsOn []string) terraformutils.Resource { 69 resource := terraformutils.NewResource( 70 fmt.Sprintf("%s:%s", domainID, crn), 71 normalizeResourceName("ibm_cis_domain", true), 72 "ibm_cis_domain", 73 "ibm", 74 map[string]string{}, 75 []string{}, 76 map[string]interface{}{ 77 "depends_on": dependsOn, 78 }) 79 return resource 80 } 81 82 func (g CISGenerator) loadDNSRecords(crn, domainID, dnsRecordID string, dependsOn []string) terraformutils.Resource { 83 resources := terraformutils.NewResource( 84 fmt.Sprintf("%s:%s:%s", dnsRecordID, domainID, crn), 85 normalizeResourceName("ibm_cis_dns_record", true), 86 "ibm_cis_dns_record", 87 "ibm", 88 map[string]string{}, 89 []string{}, 90 map[string]interface{}{ 91 "depends_on": dependsOn, 92 }) 93 return resources 94 } 95 96 func (g CISGenerator) loadFirewall(crn, domainID, fID, fType string, dependsOn []string) terraformutils.Resource { 97 resource := terraformutils.NewResource( 98 fmt.Sprintf("%s:%s:%s:%s", fType, fID, domainID, crn), 99 normalizeResourceName("ibm_cis_firewall", true), 100 "ibm_cis_firewall", 101 "ibm", 102 map[string]string{}, 103 []string{}, 104 map[string]interface{}{ 105 "depends_on": dependsOn, 106 }) 107 return resource 108 } 109 110 func (g CISGenerator) loadDomainSettings(crn, dID string, dependsOn []string) terraformutils.Resource { 111 resource := terraformutils.NewResource( 112 fmt.Sprintf("%s:%s", dID, crn), 113 normalizeResourceName("ibm_cis_domain_settings", true), 114 "ibm_cis_domain_settings", 115 "ibm", 116 map[string]string{}, 117 []string{}, 118 map[string]interface{}{ 119 "depends_on": dependsOn, 120 }) 121 return resource 122 } 123 124 func (g CISGenerator) loadGlobalBalancer(crn, dID, gID string, dependsOn []string) terraformutils.Resource { 125 resource := terraformutils.NewResource( 126 fmt.Sprintf("%s:%s:%s", gID, dID, crn), 127 normalizeResourceName("ibm_cis_global_load_balancer", true), 128 "ibm_cis_global_load_balancer", 129 "ibm", 130 map[string]string{}, 131 []string{}, 132 map[string]interface{}{ 133 "depends_on": dependsOn, 134 }) 135 136 // Conflicts with proxied attribute 137 resource.IgnoreKeys = append(resource.IgnoreKeys, 138 "^ttl$", 139 ) 140 return resource 141 } 142 143 func (g CISGenerator) loadGlobalBalancerPool(crn, pID, pName string, dependsOn []string) terraformutils.Resource { 144 resource := terraformutils.NewResource( 145 fmt.Sprintf("%s:%s", pID, crn), 146 normalizeResourceName(pName, true), 147 "ibm_cis_origin_pool", 148 g.ProviderName, 149 map[string]string{}, 150 []string{}, 151 map[string]interface{}{ 152 "depends_on": dependsOn, 153 }) 154 return resource 155 } 156 157 func (g CISGenerator) loadGlobalBalancerMonitor(crn, gblmID, port string, dependsOn []string) terraformutils.Resource { 158 resource := terraformutils.NewResource( 159 fmt.Sprintf("%s:%s", gblmID, crn), 160 normalizeResourceName("ibm_cis_healthcheck", true), 161 "ibm_cis_healthcheck", 162 "ibm", 163 map[string]string{ 164 "port": port, 165 }, 166 []string{}, 167 map[string]interface{}{ 168 "depends_on": dependsOn, 169 }) 170 return resource 171 } 172 173 func (g CISGenerator) loadRateLimit(crn, dID, rID string, dependsOn []string) terraformutils.Resource { 174 resource := terraformutils.NewResource( 175 fmt.Sprintf("%s:%s:%s", rID, dID, crn), 176 normalizeResourceName("ibm_cis_rate_limit", true), 177 "ibm_cis_rate_limit", 178 "ibm", 179 map[string]string{}, 180 []string{}, 181 map[string]interface{}{ 182 "depends_on": dependsOn, 183 }) 184 return resource 185 } 186 187 func (g CISGenerator) loadEdgeFunctionAction(crn, dID, actionID string, dependsOn []string) terraformutils.Resource { 188 resource := terraformutils.NewResource( 189 fmt.Sprintf("%s:%s:%s", actionID, dID, crn), 190 normalizeResourceName("ibm_cis_edge_functions_action", true), 191 "ibm_cis_edge_functions_action", 192 "ibm", 193 map[string]string{}, 194 []string{}, 195 map[string]interface{}{ 196 "depends_on": dependsOn, 197 }) 198 return resource 199 } 200 201 func (g CISGenerator) loadEdgeFunctionTrigger(crn, dID, triggerID string, dependsOn []string) terraformutils.Resource { 202 resource := terraformutils.NewResource( 203 fmt.Sprintf("%s:%s:%s", triggerID, dID, crn), 204 normalizeResourceName("ibm_cis_edge_functions_trigger", true), 205 "ibm_cis_edge_functions_trigger", 206 "ibm", 207 map[string]string{}, 208 []string{}, 209 map[string]interface{}{ 210 "depends_on": dependsOn, 211 }) 212 return resource 213 } 214 215 func (g CISGenerator) loadWafRulePackage(crn, dID, pkgID, actionMode, sensitivity string, dependsOn []string) terraformutils.Resource { 216 resource := terraformutils.NewResource( 217 fmt.Sprintf("%s:%s:%s", pkgID, dID, crn), 218 normalizeResourceName("ibm_cis_waf_package", true), 219 "ibm_cis_waf_package", 220 "ibm", 221 map[string]string{ 222 "action_mode": actionMode, 223 "sensitivity": sensitivity, 224 }, 225 []string{}, 226 map[string]interface{}{ 227 "depends_on": dependsOn, 228 }) 229 return resource 230 } 231 232 func (g CISGenerator) loadWafGroups(crn, dID, pkgID, grpID string, dependsOn []string) terraformutils.Resource { 233 resource := terraformutils.NewResource( 234 fmt.Sprintf("%s:%s:%s:%s", grpID, pkgID, dID, crn), 235 normalizeResourceName("ibm_cis_waf_group", true), 236 "ibm_cis_waf_group", 237 "ibm", 238 map[string]string{}, 239 []string{}, 240 map[string]interface{}{ 241 "depends_on": dependsOn, 242 }) 243 return resource 244 } 245 246 func (g CISGenerator) loadPageRule(crn, dID, ruleID string, dependsOn []string) terraformutils.Resource { 247 resource := terraformutils.NewResource( 248 fmt.Sprintf("%s:%s:%s", ruleID, dID, crn), 249 normalizeResourceName("ibm_cis_page_rule", true), 250 "ibm_cis_page_rule", 251 "ibm", 252 map[string]string{}, 253 []string{}, 254 map[string]interface{}{ 255 "depends_on": dependsOn, 256 }) 257 return resource 258 } 259 260 func (g CISGenerator) loadCustomPage(crn, dID, cpID, url string, dependsOn []string) terraformutils.Resource { 261 resource := terraformutils.NewResource( 262 fmt.Sprintf("%s:%s:%s", cpID, dID, crn), 263 normalizeResourceName("ibm_cis_custom_page", true), 264 "ibm_cis_custom_page", 265 "ibm", 266 map[string]string{ 267 "url": url, 268 }, 269 []string{}, 270 map[string]interface{}{ 271 "depends_on": dependsOn, 272 }) 273 return resource 274 } 275 276 func (g CISGenerator) loadRangeApp(crn, dID, appID string, dependsOn []string) terraformutils.Resource { 277 resource := terraformutils.NewResource( 278 fmt.Sprintf("%s:%s:%s", appID, dID, crn), 279 normalizeResourceName("ibm_cis_range_app", true), 280 "ibm_cis_range_app", 281 "ibm", 282 map[string]string{}, 283 []string{}, 284 map[string]interface{}{ 285 "depends_on": dependsOn, 286 }) 287 return resource 288 } 289 290 func (g CISGenerator) loadSSLCertificates(crn, dID, cID string, dependsOn []string) terraformutils.Resource { 291 resource := terraformutils.NewResource( 292 fmt.Sprintf("%s:%s:%s", cID, dID, crn), 293 normalizeResourceName("ibm_cis_certificate_order", true), 294 "ibm_cis_certificate_order", 295 "ibm", 296 map[string]string{}, 297 []string{}, 298 map[string]interface{}{ 299 "depends_on": dependsOn, 300 }) 301 return resource 302 } 303 304 func (g CISGenerator) loadCISRouting(crn, dID string, dependsOn []string) terraformutils.Resource { 305 resource := terraformutils.NewResource( 306 fmt.Sprintf("%s:%s", dID, crn), 307 normalizeResourceName("ibm_cis_routing", true), 308 "ibm_cis_routing", 309 "ibm", 310 map[string]string{}, 311 []string{}, 312 map[string]interface{}{ 313 "depends_on": dependsOn, 314 }) 315 return resource 316 } 317 318 func (g CISGenerator) loadCacheSettings(crn, dID string, dependsOn []string) terraformutils.Resource { 319 resource := terraformutils.NewResource( 320 fmt.Sprintf("%s:%s", dID, crn), 321 normalizeResourceName("ibm_cis_cache_settings", true), 322 "ibm_cis_cache_settings", 323 "ibm", 324 map[string]string{}, 325 []string{}, 326 map[string]interface{}{ 327 "depends_on": dependsOn, 328 }) 329 return resource 330 } 331 332 func (g CISGenerator) loadTLSSettings(crn, dID string, dependsOn []string) terraformutils.Resource { 333 resource := terraformutils.NewResource( 334 fmt.Sprintf("%s:%s", dID, crn), 335 normalizeResourceName("ibm_cis_tls_settings", true), 336 "ibm_cis_tls_settings", 337 "ibm", 338 map[string]string{}, 339 []string{}, 340 map[string]interface{}{ 341 "depends_on": dependsOn, 342 }) 343 return resource 344 } 345 346 func (g CISGenerator) loadFilters(crn, dID, fID string, dependsOn []string) terraformutils.Resource { 347 resource := terraformutils.NewResource( 348 fmt.Sprintf("%s:%s:%s", fID, dID, crn), 349 normalizeResourceName("ibm_cis_filter", true), 350 "ibm_cis_filter", 351 "ibm", 352 map[string]string{}, 353 []string{}, 354 map[string]interface{}{ 355 "depends_on": dependsOn, 356 }) 357 return resource 358 } 359 360 // InitResources .. 361 func (g *CISGenerator) InitResources() error { 362 DefaultCisURL := "https://api.cis.cloud.ibm.com" 363 364 bmxConfig := &bluemix.Config{ 365 BluemixAPIKey: os.Getenv("IC_API_KEY"), 366 } 367 368 sess, err := session.New(bmxConfig) 369 if err != nil { 370 return err 371 } 372 373 err = authenticateAPIKey(sess) 374 if err != nil { 375 return err 376 } 377 378 bluemixToken := "" 379 if strings.HasPrefix(sess.Config.IAMAccessToken, "Bearer") { 380 bluemixToken = sess.Config.IAMAccessToken[7:len(sess.Config.IAMAccessToken)] 381 } else { 382 bluemixToken = sess.Config.IAMAccessToken 383 } 384 385 catalogClient, err := catalog.New(sess) 386 if err != nil { 387 return err 388 } 389 390 controllerClient, err := controllerv2.New(sess) 391 if err != nil { 392 return err 393 } 394 395 serviceID, err := catalogClient.ResourceCatalog().FindByName("internet-svcs", true) 396 if err != nil { 397 return err 398 } 399 400 query := controllerv2.ServiceInstanceQuery{ 401 ServiceID: serviceID[0].ID, 402 } 403 cisInstances, err := controllerClient.ResourceServiceInstanceV2().ListInstances(query) 404 if err != nil { 405 return err 406 } 407 408 for _, c := range cisInstances { 409 // Instance 410 crn := c.Crn.String() 411 g.Resources = append(g.Resources, g.loadInstances(crn, c.Name, c.ResourceGroupID)) 412 resourceName := g.Resources[len(g.Resources)-1:][0].ResourceName 413 414 var cisDependsOn []string 415 cisDependsOn = append(cisDependsOn, 416 "ibm_cis."+resourceName) 417 418 // Domain 419 zoneOpts := &zonesv1.ZonesV1Options{ 420 URL: DefaultCisURL, 421 Authenticator: &core.BearerTokenAuthenticator{ 422 BearerToken: bluemixToken, 423 }, 424 Crn: &crn, 425 } 426 427 zService, err := zonesv1.NewZonesV1(zoneOpts) 428 if err != nil { 429 return err 430 } 431 432 domainOpts := zService.NewListZonesOptions() 433 domainOpts.SetPage(1) // list all zones in one page 434 domainOpts.SetPerPage(1000) // maximum allowed limit is 1000 per page 435 436 zoneList, _, err := zService.ListZones(domainOpts) 437 if err != nil { 438 return err 439 } 440 441 // Origin pool 442 gblOpts := &globalloadbalancerpoolsv0.GlobalLoadBalancerPoolsV0Options{ 443 URL: DefaultCisURL, 444 Authenticator: &core.BearerTokenAuthenticator{BearerToken: bluemixToken}, 445 Crn: &crn, 446 } 447 448 gblService, err := globalloadbalancerpoolsv0.NewGlobalLoadBalancerPoolsV0(gblOpts) 449 if err != nil { 450 return err 451 } 452 453 gblPoolList, _, err := gblService.ListAllLoadBalancerPools(&globalloadbalancerpoolsv0.ListAllLoadBalancerPoolsOptions{}) 454 if err != nil { 455 return err 456 } 457 458 for _, gbl := range gblPoolList.Result { 459 if gbl.ID != nil { 460 g.Resources = append(g.Resources, g.loadGlobalBalancerPool(crn, *gbl.ID, *gbl.Name, cisDependsOn)) 461 } 462 } 463 464 // Health Monitor 465 gblmOpts := &globalloadbalancermonitorv1.GlobalLoadBalancerMonitorV1Options{ 466 URL: DefaultCisURL, 467 Authenticator: &core.BearerTokenAuthenticator{BearerToken: bluemixToken}, 468 Crn: &crn, 469 } 470 471 gblmService, err := globalloadbalancermonitorv1.NewGlobalLoadBalancerMonitorV1(gblmOpts) 472 if err != nil { 473 return err 474 } 475 476 gblmList, _, err := gblmService.ListAllLoadBalancerMonitors(&globalloadbalancermonitorv1.ListAllLoadBalancerMonitorsOptions{}) 477 if err != nil { 478 return err 479 } 480 for _, gblm := range gblmList.Result { 481 if gblm.Port != nil { 482 port := strconv.FormatInt(*gblm.Port, 10) 483 g.Resources = append(g.Resources, g.loadGlobalBalancerMonitor(crn, *gblm.ID, port, cisDependsOn)) 484 } 485 } 486 487 for _, z := range zoneList.Result { 488 var domainDependsOn []string 489 domainDependsOn = append(domainDependsOn, 490 "ibm_cis."+resourceName) 491 492 g.Resources = append(g.Resources, g.loadDomains(crn, *z.ID, domainDependsOn)) 493 zoneResourceName := g.Resources[len(g.Resources)-1:][0].ResourceName 494 domainDependsOn = append(domainDependsOn, 495 "ibm_cis_domain."+zoneResourceName) 496 497 // DNS Record 498 zoneID := *z.ID 499 dnsOpts := &dnsrecordsv1.DnsRecordsV1Options{ 500 URL: DefaultCisURL, 501 Authenticator: &core.BearerTokenAuthenticator{ 502 BearerToken: bluemixToken, 503 }, 504 Crn: &crn, 505 ZoneIdentifier: &zoneID, 506 } 507 508 // Domain Setting 509 g.Resources = append(g.Resources, g.loadDomainSettings(crn, *z.ID, domainDependsOn)) 510 511 // DNS Records 512 dnsService, err := dnsrecordsv1.NewDnsRecordsV1(dnsOpts) 513 if err != nil { 514 return err 515 } 516 517 dOpts := &dnsrecordsv1.ListAllDnsRecordsOptions{} 518 dnsList, _, err := dnsService.ListAllDnsRecords(dOpts) 519 if err != nil { 520 return err 521 } 522 523 // IBM Network CIS WAF Package 524 cisWAFPackagesOpt := &wafrulepackagesapiv1.WafRulePackagesApiV1Options{ 525 URL: DefaultCisURL, 526 Authenticator: &core.BearerTokenAuthenticator{ 527 BearerToken: bluemixToken, 528 }, 529 Crn: &crn, 530 ZoneID: &zoneID, 531 } 532 cisWAFPackageClient, _ := wafrulepackagesapiv1.NewWafRulePackagesApiV1(cisWAFPackagesOpt) 533 wasPkgList, _, err := cisWAFPackageClient.ListWafPackages(&wafrulepackagesapiv1.ListWafPackagesOptions{}) 534 if err != nil { 535 return err 536 } 537 538 for _, wafPkg := range wasPkgList.Result { 539 cisWAFPackageOpt := &wafrulepackagesapiv1.GetWafPackageOptions{ 540 PackageID: wafPkg.ID, 541 } 542 wafPkg, _, err := cisWAFPackageClient.GetWafPackage(cisWAFPackageOpt) 543 if err != nil { 544 return err 545 } 546 547 if wafPkg.Result != nil && wafPkg.Result.ActionMode != nil { 548 g.Resources = append(g.Resources, g.loadWafRulePackage(crn, *z.ID, *wafPkg.Result.ID, *wafPkg.Result.ActionMode, *wafPkg.Result.Sensitivity, domainDependsOn)) 549 550 // CIS waf-groups 551 cisWAFGroupOpt := &wafrulegroupsapiv1.WafRuleGroupsApiV1Options{ 552 URL: DefaultCisURL, 553 Authenticator: &core.BearerTokenAuthenticator{ 554 BearerToken: bluemixToken, 555 }, 556 Crn: &crn, 557 ZoneID: &zoneID, 558 } 559 cisWAFGroupClient, _ := wafrulegroupsapiv1.NewWafRuleGroupsApiV1(cisWAFGroupOpt) 560 wasGrpList, _, err := cisWAFGroupClient.ListWafRuleGroups(&wafrulegroupsapiv1.ListWafRuleGroupsOptions{ 561 PkgID: wafPkg.Result.ID, 562 }) 563 if err != nil { 564 return err 565 } 566 for _, wafGrp := range wasGrpList.Result { 567 g.Resources = append(g.Resources, g.loadWafGroups(crn, *z.ID, *wafPkg.Result.ID, *wafGrp.ID, domainDependsOn)) 568 } 569 } 570 } 571 572 // Rate Limit 573 rateLimitPoolOpts := &zoneratelimitsv1.ZoneRateLimitsV1Options{ 574 URL: DefaultCisURL, 575 Authenticator: &core.BearerTokenAuthenticator{BearerToken: bluemixToken}, 576 Crn: &crn, 577 ZoneIdentifier: &zoneID, 578 } 579 580 rateLimitService, _ := zoneratelimitsv1.NewZoneRateLimitsV1(rateLimitPoolOpts) 581 rateLimitList, _, err := rateLimitService.ListAllZoneRateLimits(&zoneratelimitsv1.ListAllZoneRateLimitsOptions{}) 582 if err != nil { 583 return err 584 } 585 586 for _, rl := range rateLimitList.Result { 587 g.Resources = append(g.Resources, g.loadRateLimit(crn, *z.ID, *rl.ID, domainDependsOn)) 588 } 589 590 // Firewall - Lockdown 591 firewallOpts := &zonelockdownv1.ZoneLockdownV1Options{ 592 URL: DefaultCisURL, 593 Authenticator: &core.BearerTokenAuthenticator{ 594 BearerToken: bluemixToken, 595 }, 596 Crn: &crn, 597 ZoneIdentifier: &zoneID, 598 } 599 600 fService, err := zonelockdownv1.NewZoneLockdownV1(firewallOpts) 601 if err != nil { 602 return err 603 } 604 605 firewallList, _, err := fService.ListAllZoneLockownRules(&zonelockdownv1.ListAllZoneLockownRulesOptions{}) 606 if err != nil { 607 return err 608 } 609 610 for _, f := range firewallList.Result { 611 g.Resources = append(g.Resources, g.loadFirewall(crn, *z.ID, *f.ID, "lockdowns", domainDependsOn)) 612 } 613 614 // Firewall - AccessRules 615 firewallAccessOpts := &zonefirewallaccessrulesv1.ZoneFirewallAccessRulesV1Options{ 616 URL: DefaultCisURL, 617 Authenticator: &core.BearerTokenAuthenticator{ 618 BearerToken: bluemixToken, 619 }, 620 Crn: &crn, 621 ZoneIdentifier: &zoneID, 622 } 623 624 fAccessService, err := zonefirewallaccessrulesv1.NewZoneFirewallAccessRulesV1(firewallAccessOpts) 625 if err != nil { 626 return err 627 } 628 629 firewalAccesslList, _, err := fAccessService.ListAllZoneAccessRules(&zonefirewallaccessrulesv1.ListAllZoneAccessRulesOptions{}) 630 if err != nil { 631 return err 632 } 633 634 for _, f := range firewalAccesslList.Result { 635 if f.Configuration.Target != nil { 636 g.Resources = append(g.Resources, g.loadFirewall(crn, *z.ID, *f.ID, "access_rules", domainDependsOn)) 637 } 638 } 639 640 // Useragent blocking rules 641 firewallUAOpts := &useragentblockingrulesv1.UserAgentBlockingRulesV1Options{ 642 URL: DefaultCisURL, 643 Authenticator: &core.BearerTokenAuthenticator{ 644 BearerToken: bluemixToken, 645 }, 646 Crn: &crn, 647 ZoneIdentifier: &zoneID, 648 } 649 650 fUAService, err := useragentblockingrulesv1.NewUserAgentBlockingRulesV1(firewallUAOpts) 651 if err != nil { 652 return err 653 } 654 655 firewalUAlList, _, err := fUAService.ListAllZoneUserAgentRules(&useragentblockingrulesv1.ListAllZoneUserAgentRulesOptions{}) 656 if err != nil { 657 return err 658 } 659 660 for _, f := range firewalUAlList.Result { 661 if f.Configuration.Target != nil { 662 g.Resources = append(g.Resources, g.loadFirewall(crn, *z.ID, *f.ID, "ua_rules", domainDependsOn)) 663 } 664 } 665 666 // IBM Network CIS Edge Function Action & Triggers 667 cisEdgeFunctionOpt := &edgefunctionsapiv1.EdgeFunctionsApiV1Options{ 668 URL: DefaultCisURL, 669 Authenticator: &core.BearerTokenAuthenticator{ 670 BearerToken: bluemixToken, 671 }, 672 Crn: &crn, 673 ZoneIdentifier: &zoneID, 674 } 675 676 cisEdgeFunctionClient, _ := edgefunctionsapiv1.NewEdgeFunctionsApiV1(cisEdgeFunctionOpt) 677 edgeActionResonse, _, err := cisEdgeFunctionClient.ListEdgeFunctionsActions(&edgefunctionsapiv1.ListEdgeFunctionsActionsOptions{}) 678 if err != nil { 679 return err 680 } 681 682 for _, el := range edgeActionResonse.Result { 683 if el.Routes != nil { 684 for _, elT := range el.Routes { 685 g.Resources = append(g.Resources, g.loadEdgeFunctionAction(crn, *z.ID, *elT.Script, domainDependsOn)) 686 elResourceName := g.Resources[len(g.Resources)-1:][0].ResourceName 687 edgeFunctionActionDependsOn := makeDependsOn(domainDependsOn, 688 "ibm_cis_edge_functions_action."+elResourceName) 689 690 g.Resources = append(g.Resources, g.loadEdgeFunctionTrigger(crn, *z.ID, *elT.ID, edgeFunctionActionDependsOn)) 691 } 692 } 693 } 694 695 // Range app 696 rangeAppOpt := &rangeapplicationsv1.RangeApplicationsV1Options{ 697 URL: DefaultCisURL, 698 Authenticator: &core.BearerTokenAuthenticator{ 699 BearerToken: bluemixToken, 700 }, 701 Crn: &crn, 702 ZoneIdentifier: &zoneID, 703 } 704 705 rangeAppClient, _ := rangeapplicationsv1.NewRangeApplicationsV1(rangeAppOpt) 706 ranegAppList, _, err := rangeAppClient.ListRangeApps(&rangeapplicationsv1.ListRangeAppsOptions{}) 707 if err != nil { 708 return err 709 } 710 711 for _, r := range ranegAppList.Result { 712 g.Resources = append(g.Resources, g.loadRangeApp(crn, *z.ID, *r.ID, domainDependsOn)) 713 } 714 715 // Page Rules 716 pageRueleOpt := &pageruleapiv1.PageRuleApiV1Options{ 717 URL: DefaultCisURL, 718 Authenticator: &core.BearerTokenAuthenticator{ 719 BearerToken: bluemixToken, 720 }, 721 Crn: &crn, 722 ZoneID: &zoneID, 723 } 724 725 pageRuleClient, _ := pageruleapiv1.NewPageRuleApiV1(pageRueleOpt) 726 pageRuleList, _, err := pageRuleClient.ListPageRules(&pageruleapiv1.ListPageRulesOptions{}) 727 if err != nil { 728 return err 729 } 730 731 for _, p := range pageRuleList.Result { 732 g.Resources = append(g.Resources, g.loadPageRule(crn, *z.ID, *p.ID, domainDependsOn)) 733 } 734 735 // Custom Page 736 customPageOpt := &custompagesv1.CustomPagesV1Options{ 737 URL: DefaultCisURL, 738 Authenticator: &core.BearerTokenAuthenticator{ 739 BearerToken: bluemixToken, 740 }, 741 Crn: &crn, 742 ZoneIdentifier: &zoneID, 743 } 744 745 customPageClient, _ := custompagesv1.NewCustomPagesV1(customPageOpt) 746 customPageList, _, err := customPageClient.ListInstanceCustomPages(&custompagesv1.ListInstanceCustomPagesOptions{}) 747 if err != nil { 748 return err 749 } 750 751 for _, cp := range customPageList.Result { 752 if cp.URL != nil { 753 g.Resources = append(g.Resources, g.loadCustomPage(crn, *z.ID, *cp.ID, *cp.URL, domainDependsOn)) 754 } 755 } 756 757 // SSL Certificate - order 758 sslOpt := &sslcertificateapiv1.SslCertificateApiV1Options{ 759 URL: DefaultCisURL, 760 Authenticator: &core.BearerTokenAuthenticator{ 761 BearerToken: bluemixToken, 762 }, 763 Crn: &crn, 764 ZoneIdentifier: &zoneID, 765 } 766 sslClient, err := sslcertificateapiv1.NewSslCertificateApiV1(sslOpt) 767 if err != nil { 768 return err 769 } 770 sslList, _, err := sslClient.ListCertificates(&sslcertificateapiv1.ListCertificatesOptions{}) 771 if err != nil { 772 return err 773 } 774 for _, cert := range sslList.Result { 775 g.Resources = append(g.Resources, g.loadSSLCertificates(crn, *z.ID, *cert.ID, domainDependsOn)) 776 } 777 778 // routingv1 779 routingOpt := &routingv1.RoutingV1Options{ 780 URL: DefaultCisURL, 781 Authenticator: &core.BearerTokenAuthenticator{ 782 BearerToken: bluemixToken, 783 }, 784 Crn: &crn, 785 ZoneIdentifier: &zoneID, 786 } 787 788 routingClient, err := routingv1.NewRoutingV1(routingOpt) 789 if err != nil { 790 return err 791 } 792 routingList, _, err := routingClient.GetSmartRouting(&routingv1.GetSmartRoutingOptions{}) 793 if err != nil { 794 return err 795 } 796 if routingList != nil { 797 g.Resources = append(g.Resources, g.loadCISRouting(crn, *z.ID, domainDependsOn)) 798 } 799 800 // Filters 801 filterOpts := &filtersv1.FiltersV1Options{ 802 URL: DefaultCisURL, 803 Authenticator: &core.BearerTokenAuthenticator{ 804 BearerToken: bluemixToken, 805 }, 806 } 807 808 filterClient, err := filtersv1.NewFiltersV1(filterOpts) 809 if err != nil { 810 return err 811 } 812 813 filterList, _, err := filterClient.ListAllFilters(&filtersv1.ListAllFiltersOptions{ 814 Crn: &crn, 815 ZoneIdentifier: &zoneID, 816 XAuthUserToken: &bluemixToken, 817 }) 818 if err != nil { 819 return err 820 } 821 822 if filterList != nil { 823 for _, f := range filterList.Result { 824 g.Resources = append(g.Resources, g.loadFilters(crn, *z.ID, *f.ID, domainDependsOn)) 825 } 826 } 827 828 // Cache Settings 829 g.Resources = append(g.Resources, g.loadCacheSettings(crn, *z.ID, domainDependsOn)) 830 831 // TLS Settings 832 g.Resources = append(g.Resources, g.loadTLSSettings(crn, *z.ID, domainDependsOn)) 833 834 for _, d := range dnsList.Result { 835 g.Resources = append(g.Resources, g.loadDNSRecords(crn, *z.ID, *d.ID, domainDependsOn)) 836 dnsResourceName := g.Resources[len(g.Resources)-1:][0].ResourceName 837 dnsDependsOn := makeDependsOn(domainDependsOn, 838 "ibm_cis_dns_record."+dnsResourceName) 839 840 // Global Load Balancer 841 gblSetttingOpts := &globalloadbalancerv1.GlobalLoadBalancerV1Options{ 842 URL: DefaultCisURL, 843 Authenticator: &core.BearerTokenAuthenticator{ 844 BearerToken: bluemixToken, 845 }, 846 Crn: &crn, 847 ZoneIdentifier: &zoneID, 848 } 849 850 gblService, err := globalloadbalancerv1.NewGlobalLoadBalancerV1(gblSetttingOpts) 851 if err != nil { 852 return err 853 } 854 855 gblList, _, err := gblService.ListAllLoadBalancers(&globalloadbalancerv1.ListAllLoadBalancersOptions{}) 856 if err != nil { 857 return err 858 } 859 860 for _, gb := range gblList.Result { 861 g.Resources = append(g.Resources, g.loadGlobalBalancer(crn, *z.ID, *gb.ID, dnsDependsOn)) 862 } 863 } 864 } 865 } 866 867 return nil 868 } 869 870 func makeDependsOn(dependsOn []string, resource string) []string { 871 return append(dependsOn, resource) 872 }