github.com/akamai/AkamaiOPEN-edgegrid-golang/v5@v5.0.0/pkg/appsec/security_policy.go (about) 1 package appsec 2 3 import ( 4 "context" 5 "fmt" 6 "net/http" 7 8 validation "github.com/go-ozzo/ozzo-validation/v4" 9 ) 10 11 type ( 12 // The SecurityPolicy interface supports creating, retrieving, modifying and removing security policies. 13 SecurityPolicy interface { 14 // GetSecurityPolicies returns a list of security policies available for the specified security configuration. 15 // 16 // See: https://techdocs.akamai.com/application-security/reference/get-policies 17 GetSecurityPolicies(ctx context.Context, params GetSecurityPoliciesRequest) (*GetSecurityPoliciesResponse, error) 18 19 // GetSecurityPolicy returns the specified security policy. 20 // 21 // See: https://techdocs.akamai.com/application-security/reference/get-policy 22 GetSecurityPolicy(ctx context.Context, params GetSecurityPolicyRequest) (*GetSecurityPolicyResponse, error) 23 24 // CreateSecurityPolicy creates a new copy of an existing security policy or creates a new security policy from scratch 25 // when you don't specify a policy to clone in the request. 26 // 27 // See: https://techdocs.akamai.com/application-security/reference/post-policy 28 CreateSecurityPolicy(ctx context.Context, params CreateSecurityPolicyRequest) (*CreateSecurityPolicyResponse, error) 29 30 // UpdateSecurityPolicy updates the name of a specific security policy. 31 // 32 // See: https://techdocs.akamai.com/application-security/reference/put-policy 33 UpdateSecurityPolicy(ctx context.Context, params UpdateSecurityPolicyRequest) (*UpdateSecurityPolicyResponse, error) 34 35 // RemoveSecurityPolicy deletes the specified security policy. 36 // 37 // See: https://techdocs.akamai.com/application-security/reference/delete-policy 38 RemoveSecurityPolicy(ctx context.Context, params RemoveSecurityPolicyRequest) (*RemoveSecurityPolicyResponse, error) 39 } 40 41 // GetSecurityPoliciesRequest is used to retrieve the security policies for a configuration. 42 GetSecurityPoliciesRequest struct { 43 ConfigID int `json:"configId"` 44 Version int `json:"version"` 45 PolicyName string `json:"-"` 46 } 47 48 // GetSecurityPoliciesResponse is returned from a call to GetSecurityPolicies. 49 GetSecurityPoliciesResponse struct { 50 ConfigID int `json:"configId,omitempty"` 51 Version int `json:"version,omitempty"` 52 Policies []struct { 53 PolicyID string `json:"policyId,omitempty"` 54 PolicyName string `json:"policyName,omitempty"` 55 HasRatePolicyWithAPIKey bool `json:"hasRatePolicyWithApiKey,omitempty"` 56 PolicySecurityControls *SecurityControls `json:"policySecurityControls,omitempty"` 57 } `json:"policies,omitempty"` 58 } 59 60 // GetSecurityPolicyRequest is used to retrieve information about a security policy. 61 GetSecurityPolicyRequest struct { 62 ConfigID int `json:"configId"` 63 Version int `json:"version"` 64 PolicyID string `json:"policyId"` 65 } 66 67 // GetSecurityPolicyResponse is returned from a call to GetSecurityPolicy. 68 GetSecurityPolicyResponse struct { 69 ConfigID int `json:"configId,omitempty"` 70 PolicyID string `json:"policyId,omitempty"` 71 PolicyName string `json:"policyName,omitempty"` 72 DefaultSettings bool `json:"defaultSettings,omitempty"` 73 PolicySecurityControls *SecurityControls `json:"policySecurityControls,omitempty"` 74 Version int `json:"version,omitempty"` 75 } 76 77 // CreateSecurityPolicyRequest is used to create a ecurity policy. 78 CreateSecurityPolicyRequest struct { 79 ConfigID int `json:"-"` 80 Version int `json:"-"` 81 PolicyID string `json:"-"` 82 PolicyName string `json:"policyName"` 83 PolicyPrefix string `json:"policyPrefix"` 84 DefaultSettings bool `json:"defaultSettings"` 85 } 86 87 // CreateSecurityPolicyResponse is returned from a call to CreateSecurityPolicy. 88 CreateSecurityPolicyResponse struct { 89 ConfigID int `json:"configId"` 90 PolicyID string `json:"policyId"` 91 PolicyName string `json:"policyName"` 92 DefaultSettings bool `json:"defaultSettings,omitempty"` 93 PolicySecurityControls *SecurityControls `json:"policySecurityControls,omitempty"` 94 Version int `json:"version"` 95 } 96 97 // UpdateSecurityPolicyRequest is used to modify a security policy. 98 UpdateSecurityPolicyRequest struct { 99 ConfigID int `json:"-"` 100 Version int `json:"-"` 101 PolicyID string `json:"-"` 102 PolicyName string `json:"policyName"` 103 } 104 105 // UpdateSecurityPolicyResponse is returned from a call to UpdateSecurityPolicy. 106 UpdateSecurityPolicyResponse struct { 107 ConfigID int `json:"configId"` 108 PolicyID string `json:"policyId"` 109 PolicyName string `json:"policyName"` 110 DefaultSettings bool `json:"defaultSettings,omitempty"` 111 PolicySecurityControls *SecurityControls `json:"policySecurityControls,omitempty"` 112 Version int `json:"version"` 113 } 114 115 // RemoveSecurityPolicyRequest is used to remove a security policy. 116 RemoveSecurityPolicyRequest struct { 117 ConfigID int `json:"configId"` 118 Version int `json:"version"` 119 PolicyID string `json:"policyId"` 120 } 121 122 // RemoveSecurityPolicyResponse is returned from a call to RemoveSecurityPolicy. 123 RemoveSecurityPolicyResponse struct { 124 ConfigID int `json:"configId"` 125 PolicyID string `json:"policyId"` 126 PolicyName string `json:"policyName"` 127 PolicySecurityControls *SecurityControls `json:"policySecurityControls,omitempty"` 128 Version int `json:"version"` 129 } 130 131 // SecurityControls is returned as part of GetSecurityPoliciesResponse and similar responses. 132 SecurityControls struct { 133 ApplyApplicationLayerControls bool `json:"applyApplicationLayerControls,omitempty"` 134 ApplyAPIConstraints bool `json:"applyApiConstraints,omitempty"` 135 ApplyBotmanControls bool `json:"applyBotmanControls,omitempty"` 136 ApplyNetworkLayerControls bool `json:"applyNetworkLayerControls,omitempty"` 137 ApplyRateControls bool `json:"applyRateControls,omitempty"` 138 ApplyReputationControls bool `json:"applyReputationControls,omitempty"` 139 ApplySlowPostControls bool `json:"applySlowPostControls,omitempty"` 140 } 141 ) 142 143 // Validate validates a GetSecurityPolicyRequest. 144 func (v GetSecurityPolicyRequest) Validate() error { 145 return validation.Errors{ 146 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 147 "Version": validation.Validate(v.Version, validation.Required), 148 }.Filter() 149 } 150 151 // Validate validates a GetSecurityPolicysRequest. 152 func (v GetSecurityPoliciesRequest) Validate() error { 153 return validation.Errors{ 154 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 155 "Version": validation.Validate(v.Version, validation.Required), 156 }.Filter() 157 } 158 159 // Validate validates a CreateSecurityPolicyRequest. 160 func (v CreateSecurityPolicyRequest) Validate() error { 161 return validation.Errors{ 162 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 163 "Version": validation.Validate(v.Version, validation.Required), 164 }.Filter() 165 } 166 167 // Validate validates an UpdateSecurityPolicyRequest. 168 func (v UpdateSecurityPolicyRequest) Validate() error { 169 return validation.Errors{ 170 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 171 "Version": validation.Validate(v.Version, validation.Required), 172 "PolicyID": validation.Validate(v.PolicyID, validation.Required), 173 }.Filter() 174 } 175 176 // Validate validates a RemoveSecurityPolicyRequest. 177 func (v RemoveSecurityPolicyRequest) Validate() error { 178 return validation.Errors{ 179 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 180 "Version": validation.Validate(v.Version, validation.Required), 181 "PolicyID": validation.Validate(v.PolicyID, validation.Required), 182 }.Filter() 183 } 184 185 func (p *appsec) GetSecurityPolicies(ctx context.Context, params GetSecurityPoliciesRequest) (*GetSecurityPoliciesResponse, error) { 186 logger := p.Log(ctx) 187 logger.Debug("GetSecurityPolicies") 188 189 uri := fmt.Sprintf( 190 "/appsec/v1/configs/%d/versions/%d/security-policies", 191 params.ConfigID, 192 params.Version) 193 194 req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil) 195 if err != nil { 196 return nil, fmt.Errorf("failed to create GetSecurityPolicies request: %w", err) 197 } 198 199 var result GetSecurityPoliciesResponse 200 resp, err := p.Exec(req, &result) 201 if err != nil { 202 return nil, fmt.Errorf("get security policies request failed: %w", err) 203 } 204 if resp.StatusCode != http.StatusOK { 205 return nil, p.Error(resp) 206 } 207 208 if params.PolicyName != "" { 209 var filteredResult GetSecurityPoliciesResponse 210 for _, val := range result.Policies { 211 if val.PolicyName == params.PolicyName { 212 filteredResult.Policies = append(filteredResult.Policies, val) 213 } 214 } 215 return &filteredResult, nil 216 } 217 218 return &result, nil 219 } 220 221 func (p *appsec) GetSecurityPolicy(ctx context.Context, params GetSecurityPolicyRequest) (*GetSecurityPolicyResponse, error) { 222 logger := p.Log(ctx) 223 logger.Debug("GetSecurityPolicy") 224 225 uri := fmt.Sprintf( 226 "/appsec/v1/configs/%d/versions/%d/security-policies/%s", 227 params.ConfigID, 228 params.Version, 229 params.PolicyID) 230 231 req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil) 232 if err != nil { 233 return nil, fmt.Errorf("failed to create GetSecurityPolicy request: %w", err) 234 } 235 236 var result GetSecurityPolicyResponse 237 resp, err := p.Exec(req, &result) 238 if err != nil { 239 return nil, fmt.Errorf("get security policy request failed: %w", err) 240 } 241 if resp.StatusCode != http.StatusOK { 242 return nil, p.Error(resp) 243 } 244 245 return &result, nil 246 } 247 248 func (p *appsec) UpdateSecurityPolicy(ctx context.Context, params UpdateSecurityPolicyRequest) (*UpdateSecurityPolicyResponse, error) { 249 logger := p.Log(ctx) 250 logger.Debug("UpdateSecurityPolicy") 251 252 if err := params.Validate(); err != nil { 253 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 254 } 255 256 uri := fmt.Sprintf( 257 "/appsec/v1/configs/%d/versions/%d/security-policies/%s", 258 params.ConfigID, 259 params.Version, 260 params.PolicyID, 261 ) 262 263 req, err := http.NewRequestWithContext(ctx, http.MethodPut, uri, nil) 264 if err != nil { 265 return nil, fmt.Errorf("failed to create UpdateSecurityPolicy request: %w", err) 266 } 267 268 var result UpdateSecurityPolicyResponse 269 resp, err := p.Exec(req, &result, params) 270 if err != nil { 271 return nil, fmt.Errorf("update security policy request failed: %w", err) 272 } 273 if resp.StatusCode != http.StatusOK { 274 return nil, p.Error(resp) 275 } 276 277 return &result, nil 278 } 279 280 func (p *appsec) CreateSecurityPolicy(ctx context.Context, params CreateSecurityPolicyRequest) (*CreateSecurityPolicyResponse, error) { 281 logger := p.Log(ctx) 282 logger.Debug("CreateSecurityPolicy") 283 284 if err := params.Validate(); err != nil { 285 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 286 } 287 288 uri := fmt.Sprintf( 289 "/appsec/v1/configs/%d/versions/%d/security-policies", 290 params.ConfigID, 291 params.Version) 292 293 req, err := http.NewRequestWithContext(ctx, http.MethodPost, uri, nil) 294 if err != nil { 295 return nil, fmt.Errorf("failed to create CreateSecurityPolicy request: %w", err) 296 } 297 298 var result CreateSecurityPolicyResponse 299 resp, err := p.Exec(req, &result, params) 300 if err != nil { 301 return nil, fmt.Errorf("create security policy request failed: %w", err) 302 } 303 if resp.StatusCode != http.StatusOK { 304 return nil, p.Error(resp) 305 } 306 307 return &result, nil 308 } 309 310 func (p *appsec) RemoveSecurityPolicy(ctx context.Context, params RemoveSecurityPolicyRequest) (*RemoveSecurityPolicyResponse, error) { 311 logger := p.Log(ctx) 312 logger.Debug("RemoveSecurityPolicy") 313 314 if err := params.Validate(); err != nil { 315 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 316 } 317 318 uri := fmt.Sprintf("/appsec/v1/configs/%d/versions/%d/security-policies/%s", params.ConfigID, params.Version, params.PolicyID) 319 req, err := http.NewRequestWithContext(ctx, http.MethodDelete, uri, nil) 320 if err != nil { 321 return nil, fmt.Errorf("failed to create RemoveSecurityPolicy request: %w", err) 322 } 323 324 var result RemoveSecurityPolicyResponse 325 resp, err := p.Exec(req, &result) 326 if err != nil { 327 return nil, fmt.Errorf("remove security policy request failed: %w", err) 328 } 329 if resp.StatusCode != http.StatusNoContent && resp.StatusCode != http.StatusOK { 330 return nil, p.Error(resp) 331 } 332 333 return &result, nil 334 }