github.com/akamai/AkamaiOPEN-edgegrid-golang/v2@v2.17.0/pkg/appsec/security_policy.go (about) 1 package appsec 2 3 import ( 4 "context" 5 "fmt" 6 "net/http" 7 8 validation "github.com/go-ozzo/ozzo-validation/v4" 9 ) 10 11 type ( 12 // The SecurityPolicy interface supports creating, retrieving, modifying and removing security policies. 13 // 14 // https://developer.akamai.com/api/cloud_security/application_security/v1.html#securitypolicy 15 SecurityPolicy interface { 16 // https://developer.akamai.com/api/cloud_security/application_security/v1.html#getsecuritypolicies 17 GetSecurityPolicies(ctx context.Context, params GetSecurityPoliciesRequest) (*GetSecurityPoliciesResponse, error) 18 19 // https://developer.akamai.com/api/cloud_security/application_security/v1.html#getsecuritypolicy 20 GetSecurityPolicy(ctx context.Context, params GetSecurityPolicyRequest) (*GetSecurityPolicyResponse, error) 21 22 // https://developer.akamai.com/api/cloud_security/application_security/v1.html#postsecuritypolicies 23 CreateSecurityPolicy(ctx context.Context, params CreateSecurityPolicyRequest) (*CreateSecurityPolicyResponse, error) 24 25 // https://developer.akamai.com/api/cloud_security/application_security/v1.html#putsecuritypolicy 26 UpdateSecurityPolicy(ctx context.Context, params UpdateSecurityPolicyRequest) (*UpdateSecurityPolicyResponse, error) 27 28 // https://developer.akamai.com/api/cloud_security/application_security/v1.html#deletesecuritypolicy 29 RemoveSecurityPolicy(ctx context.Context, params RemoveSecurityPolicyRequest) (*RemoveSecurityPolicyResponse, error) 30 } 31 32 // GetSecurityPoliciesRequest is used to retrieve the security policies for a configuration. 33 GetSecurityPoliciesRequest struct { 34 ConfigID int `json:"configId"` 35 Version int `json:"version"` 36 PolicyName string `json:"-"` 37 } 38 39 // GetSecurityPoliciesResponse is returned from a call to GetSecurityPolicies. 40 GetSecurityPoliciesResponse struct { 41 ConfigID int `json:"configId,omitempty"` 42 Version int `json:"version,omitempty"` 43 Policies []struct { 44 PolicyID string `json:"policyId,omitempty"` 45 PolicyName string `json:"policyName,omitempty"` 46 HasRatePolicyWithAPIKey bool `json:"hasRatePolicyWithApiKey,omitempty"` 47 PolicySecurityControls struct { 48 ApplyApplicationLayerControls bool `json:"applyApplicationLayerControls,omitempty"` 49 ApplyNetworkLayerControls bool `json:"applyNetworkLayerControls,omitempty"` 50 ApplyRateControls bool `json:"applyRateControls,omitempty"` 51 ApplyReputationControls bool `json:"applyReputationControls,omitempty"` 52 ApplyBotmanControls bool `json:"applyBotmanControls,omitempty"` 53 ApplyAPIConstraints bool `json:"applyApiConstraints,omitempty"` 54 ApplySlowPostControls bool `json:"applySlowPostControls,omitempty"` 55 } `json:"policySecurityControls,omitempty"` 56 } `json:"policies,omitempty"` 57 } 58 59 // GetSecurityPolicyRequest is used to retrieve information about a security policy. 60 GetSecurityPolicyRequest struct { 61 ConfigID int `json:"configId"` 62 Version int `json:"version"` 63 PolicyID string `json:"policyId"` 64 } 65 66 // GetSecurityPolicyResponse is returned from a call to GetSecurityPolicy. 67 GetSecurityPolicyResponse struct { 68 ConfigID int `json:"configId,omitempty"` 69 PolicyID string `json:"policyId,omitempty"` 70 PolicyName string `json:"policyName,omitempty"` 71 DefaultSettings bool `json:"defaultSettings,omitempty"` 72 PolicySecurityControls struct { 73 ApplyAPIConstraints bool `json:"applyApiConstraints,omitempty"` 74 ApplyApplicationLayerControls bool `json:"applyApplicationLayerControls,omitempty"` 75 ApplyBotmanControls bool `json:"applyBotmanControls,omitempty"` 76 ApplyNetworkLayerControls bool `json:"applyNetworkLayerControls,omitempty"` 77 ApplyRateControls bool `json:"applyRateControls,omitempty"` 78 ApplyReputationControls bool `json:"applyReputationControls,omitempty"` 79 ApplySlowPostControls bool `json:"applySlowPostControls,omitempty"` 80 } `json:"policySecurityControls,omitempty"` 81 Version int `json:"version,omitempty"` 82 } 83 84 // CreateSecurityPolicyRequest is used to create a ecurity policy. 85 CreateSecurityPolicyRequest struct { 86 ConfigID int `json:"-"` 87 Version int `json:"-"` 88 PolicyID string `json:"-"` 89 PolicyName string `json:"policyName"` 90 PolicyPrefix string `json:"policyPrefix"` 91 DefaultSettings bool `json:"defaultSettings"` 92 } 93 94 // CreateSecurityPolicyResponse is returned from a call to CreateSecurityPolicy. 95 CreateSecurityPolicyResponse struct { 96 ConfigID int `json:"configId"` 97 PolicyID string `json:"policyId"` 98 PolicyName string `json:"policyName"` 99 DefaultSettings bool `json:"defaultSettings,omitempty"` 100 PolicySecurityControls struct { 101 ApplyAPIConstraints bool `json:"applyApiConstraints"` 102 ApplyApplicationLayerControls bool `json:"applyApplicationLayerControls"` 103 ApplyBotmanControls bool `json:"applyBotmanControls"` 104 ApplyNetworkLayerControls bool `json:"applyNetworkLayerControls"` 105 ApplyRateControls bool `json:"applyRateControls"` 106 ApplyReputationControls bool `json:"applyReputationControls"` 107 ApplySlowPostControls bool `json:"applySlowPostControls"` 108 } `json:"policySecurityControls"` 109 Version int `json:"version"` 110 } 111 112 // UpdateSecurityPolicyRequest is used to modify a security policy. 113 UpdateSecurityPolicyRequest struct { 114 ConfigID int `json:"-"` 115 Version int `json:"-"` 116 PolicyID string `json:"-"` 117 PolicyName string `json:"policyName"` 118 } 119 120 // UpdateSecurityPolicyResponse is returned from a call to UpdateSecurityPolicy. 121 UpdateSecurityPolicyResponse struct { 122 ConfigID int `json:"configId"` 123 PolicyID string `json:"policyId"` 124 PolicyName string `json:"policyName"` 125 DefaultSettings bool `json:"defaultSettings,omitempty"` 126 PolicySecurityControls struct { 127 ApplyAPIConstraints bool `json:"applyApiConstraints"` 128 ApplyApplicationLayerControls bool `json:"applyApplicationLayerControls"` 129 ApplyBotmanControls bool `json:"applyBotmanControls"` 130 ApplyNetworkLayerControls bool `json:"applyNetworkLayerControls"` 131 ApplyRateControls bool `json:"applyRateControls"` 132 ApplyReputationControls bool `json:"applyReputationControls"` 133 ApplySlowPostControls bool `json:"applySlowPostControls"` 134 } `json:"policySecurityControls"` 135 Version int `json:"version"` 136 } 137 138 // RemoveSecurityPolicyRequest is used to remove a security policy. 139 RemoveSecurityPolicyRequest struct { 140 ConfigID int `json:"configId"` 141 Version int `json:"version"` 142 PolicyID string `json:"policyId"` 143 } 144 145 // RemoveSecurityPolicyResponse is returned from a call to RemoveSecurityPolicy. 146 RemoveSecurityPolicyResponse struct { 147 ConfigID int `json:"configId"` 148 PolicyID string `json:"policyId"` 149 PolicyName string `json:"policyName"` 150 PolicySecurityControls struct { 151 ApplyAPIConstraints bool `json:"applyApiConstraints"` 152 ApplyApplicationLayerControls bool `json:"applyApplicationLayerControls"` 153 ApplyBotmanControls bool `json:"applyBotmanControls"` 154 ApplyNetworkLayerControls bool `json:"applyNetworkLayerControls"` 155 ApplyRateControls bool `json:"applyRateControls"` 156 ApplyReputationControls bool `json:"applyReputationControls"` 157 ApplySlowPostControls bool `json:"applySlowPostControls"` 158 } `json:"policySecurityControls"` 159 Version int `json:"version"` 160 } 161 ) 162 163 // Validate validates a GetSecurityPolicyRequest. 164 func (v GetSecurityPolicyRequest) Validate() error { 165 return validation.Errors{ 166 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 167 "Version": validation.Validate(v.Version, validation.Required), 168 }.Filter() 169 } 170 171 // Validate validates a GetSecurityPolicysRequest. 172 func (v GetSecurityPoliciesRequest) Validate() error { 173 return validation.Errors{ 174 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 175 "Version": validation.Validate(v.Version, validation.Required), 176 }.Filter() 177 } 178 179 // Validate validates a CreateSecurityPolicyRequest. 180 func (v CreateSecurityPolicyRequest) Validate() error { 181 return validation.Errors{ 182 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 183 "Version": validation.Validate(v.Version, validation.Required), 184 }.Filter() 185 } 186 187 // Validate validates an UpdateSecurityPolicyRequest. 188 func (v UpdateSecurityPolicyRequest) Validate() error { 189 return validation.Errors{ 190 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 191 "Version": validation.Validate(v.Version, validation.Required), 192 "PolicyID": validation.Validate(v.PolicyID, validation.Required), 193 }.Filter() 194 } 195 196 // Validate validates a RemoveSecurityPolicyRequest. 197 func (v RemoveSecurityPolicyRequest) Validate() error { 198 return validation.Errors{ 199 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 200 "Version": validation.Validate(v.Version, validation.Required), 201 "PolicyID": validation.Validate(v.PolicyID, validation.Required), 202 }.Filter() 203 } 204 205 func (p *appsec) GetSecurityPolicies(ctx context.Context, params GetSecurityPoliciesRequest) (*GetSecurityPoliciesResponse, error) { 206 logger := p.Log(ctx) 207 logger.Debug("GetSecurityPolicies") 208 209 uri := fmt.Sprintf( 210 "/appsec/v1/configs/%d/versions/%d/security-policies", 211 params.ConfigID, 212 params.Version) 213 214 req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil) 215 if err != nil { 216 return nil, fmt.Errorf("failed to create GetSecurityPolicies request: %w", err) 217 } 218 219 var result GetSecurityPoliciesResponse 220 resp, err := p.Exec(req, &result) 221 if err != nil { 222 return nil, fmt.Errorf("get security policies request failed: %w", err) 223 } 224 if resp.StatusCode != http.StatusOK { 225 return nil, p.Error(resp) 226 } 227 228 if params.PolicyName != "" { 229 var filteredResult GetSecurityPoliciesResponse 230 for _, val := range result.Policies { 231 if val.PolicyName == params.PolicyName { 232 filteredResult.Policies = append(filteredResult.Policies, val) 233 } 234 } 235 return &filteredResult, nil 236 } 237 238 return &result, nil 239 } 240 241 func (p *appsec) GetSecurityPolicy(ctx context.Context, params GetSecurityPolicyRequest) (*GetSecurityPolicyResponse, error) { 242 logger := p.Log(ctx) 243 logger.Debug("GetSecurityPolicy") 244 245 uri := fmt.Sprintf( 246 "/appsec/v1/configs/%d/versions/%d/security-policies/%s", 247 params.ConfigID, 248 params.Version, 249 params.PolicyID) 250 251 req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil) 252 if err != nil { 253 return nil, fmt.Errorf("failed to create GetSecurityPolicy request: %w", err) 254 } 255 256 var result GetSecurityPolicyResponse 257 resp, err := p.Exec(req, &result) 258 if err != nil { 259 return nil, fmt.Errorf("get security policy request failed: %w", err) 260 } 261 if resp.StatusCode != http.StatusOK { 262 return nil, p.Error(resp) 263 } 264 265 return &result, nil 266 } 267 268 func (p *appsec) UpdateSecurityPolicy(ctx context.Context, params UpdateSecurityPolicyRequest) (*UpdateSecurityPolicyResponse, error) { 269 logger := p.Log(ctx) 270 logger.Debug("UpdateSecurityPolicy") 271 272 if err := params.Validate(); err != nil { 273 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 274 } 275 276 uri := fmt.Sprintf( 277 "/appsec/v1/configs/%d/versions/%d/security-policies/%s", 278 params.ConfigID, 279 params.Version, 280 params.PolicyID, 281 ) 282 283 req, err := http.NewRequestWithContext(ctx, http.MethodPut, uri, nil) 284 if err != nil { 285 return nil, fmt.Errorf("failed to create UpdateSecurityPolicy request: %w", err) 286 } 287 288 var result UpdateSecurityPolicyResponse 289 resp, err := p.Exec(req, &result, params) 290 if err != nil { 291 return nil, fmt.Errorf("update security policy request failed: %w", err) 292 } 293 if resp.StatusCode != http.StatusOK { 294 return nil, p.Error(resp) 295 } 296 297 return &result, nil 298 } 299 300 func (p *appsec) CreateSecurityPolicy(ctx context.Context, params CreateSecurityPolicyRequest) (*CreateSecurityPolicyResponse, error) { 301 logger := p.Log(ctx) 302 logger.Debug("CreateSecurityPolicy") 303 304 if err := params.Validate(); err != nil { 305 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 306 } 307 308 uri := fmt.Sprintf( 309 "/appsec/v1/configs/%d/versions/%d/security-policies", 310 params.ConfigID, 311 params.Version) 312 313 req, err := http.NewRequestWithContext(ctx, http.MethodPost, uri, nil) 314 if err != nil { 315 return nil, fmt.Errorf("failed to create CreateSecurityPolicy request: %w", err) 316 } 317 318 var result CreateSecurityPolicyResponse 319 resp, err := p.Exec(req, &result, params) 320 if err != nil { 321 return nil, fmt.Errorf("create security policy request failed: %w", err) 322 } 323 if resp.StatusCode != http.StatusOK { 324 return nil, p.Error(resp) 325 } 326 327 return &result, nil 328 } 329 330 func (p *appsec) RemoveSecurityPolicy(ctx context.Context, params RemoveSecurityPolicyRequest) (*RemoveSecurityPolicyResponse, error) { 331 logger := p.Log(ctx) 332 logger.Debug("RemoveSecurityPolicy") 333 334 if err := params.Validate(); err != nil { 335 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 336 } 337 338 uri := fmt.Sprintf("/appsec/v1/configs/%d/versions/%d/security-policies/%s", params.ConfigID, params.Version, params.PolicyID) 339 req, err := http.NewRequestWithContext(ctx, http.MethodDelete, uri, nil) 340 if err != nil { 341 return nil, fmt.Errorf("failed to create RemoveSecurityPolicy request: %w", err) 342 } 343 344 var result RemoveSecurityPolicyResponse 345 resp, err := p.Exec(req, &result) 346 if err != nil { 347 return nil, fmt.Errorf("remove security policy request failed: %w", err) 348 } 349 if resp.StatusCode != http.StatusNoContent && resp.StatusCode != http.StatusOK { 350 return nil, p.Error(resp) 351 } 352 353 return &result, nil 354 }