github.com/akamai/AkamaiOPEN-edgegrid-golang/v8@v8.1.0/pkg/appsec/ip_geo.go (about) 1 package appsec 2 3 import ( 4 "context" 5 "fmt" 6 "net/http" 7 8 validation "github.com/go-ozzo/ozzo-validation/v4" 9 ) 10 11 type ( 12 // The IPGeo interface supports querying which network lists are used in the IP/Geo firewall settings, 13 // as well as updating the method and which network lists are used for IP/Geo firewall blocking. 14 IPGeo interface { 15 // GetIPGeo lists which network lists are used in the IP/Geo Firewall settings. 16 // 17 // See: https://techdocs.akamai.com/application-security/reference/get-policy-ip-geo-firewall 18 GetIPGeo(ctx context.Context, params GetIPGeoRequest) (*GetIPGeoResponse, error) 19 20 // UpdateIPGeo updates the method and which network lists to use for IP/Geo firewall blocking. 21 // 22 // See: https://techdocs.akamai.com/application-security/reference/put-policy-ip-geo-firewall 23 UpdateIPGeo(ctx context.Context, params UpdateIPGeoRequest) (*UpdateIPGeoResponse, error) 24 } 25 26 // GetIPGeoRequest is used to retrieve the network lists used in IP/Geo firewall settings. 27 GetIPGeoRequest struct { 28 ConfigID int `json:"-"` 29 Version int `json:"-"` 30 PolicyID string `json:"-"` 31 } 32 33 // IPGeoNetworkLists is used to specify IP or GEO network lists to be blocked or allowed. 34 IPGeoNetworkLists struct { 35 NetworkList []string `json:"networkList,omitempty"` 36 } 37 38 // IPGeoGeoControls is used to specify GEO network lists to be blocked. 39 IPGeoGeoControls struct { 40 BlockedIPNetworkLists *IPGeoNetworkLists `json:"blockedIPNetworkLists,omitempty"` 41 } 42 43 // IPGeoASNControls is used to specify ASN network lists to be blocked. 44 IPGeoASNControls struct { 45 BlockedIPNetworkLists *IPGeoNetworkLists `json:"blockedIPNetworkLists,omitempty"` 46 } 47 48 // IPGeoIPControls is used to specify IP, GEO or ASN network lists to be blocked or allowed. 49 IPGeoIPControls struct { 50 AllowedIPNetworkLists *IPGeoNetworkLists `json:"allowedIPNetworkLists,omitempty"` 51 BlockedIPNetworkLists *IPGeoNetworkLists `json:"blockedIPNetworkLists,omitempty"` 52 } 53 54 // UkraineGeoControl is used to specify specific action for Ukraine. 55 UkraineGeoControl struct { 56 Action string `json:"action"` 57 } 58 59 // UpdateIPGeoRequest is used to update the method and which network lists are used for IP/Geo firewall blocking. 60 UpdateIPGeoRequest struct { 61 ConfigID int `json:"-"` 62 Version int `json:"-"` 63 PolicyID string `json:"-"` 64 Block string `json:"block"` 65 GeoControls *IPGeoGeoControls `json:"geoControls,omitempty"` 66 IPControls *IPGeoIPControls `json:"ipControls,omitempty"` 67 ASNControls *IPGeoASNControls `json:"asnControls,omitempty"` 68 UkraineGeoControls *UkraineGeoControl `json:"ukraineGeoControl,omitempty"` 69 } 70 71 // IPGeoFirewall is used to describe an IP/Geo firewall. 72 IPGeoFirewall struct { 73 Block string `json:"block"` 74 GeoControls *IPGeoGeoControls `json:"geoControls,omitempty"` 75 IPControls *IPGeoIPControls `json:"ipControls,omitempty"` 76 ASNControls *IPGeoASNControls `json:"asnControls,omitempty"` 77 UkraineGeoControls *UkraineGeoControl `json:"ukraineGeoControl,omitempty"` 78 } 79 80 // GetIPGeoResponse is returned from a call to GetIPGeo 81 GetIPGeoResponse IPGeoFirewall 82 83 // UpdateIPGeoResponse is returned from a call to UpdateIPGeo 84 UpdateIPGeoResponse IPGeoFirewall 85 ) 86 87 // Validate validates a GetIPGeoRequest. 88 func (v GetIPGeoRequest) Validate() error { 89 return validation.Errors{ 90 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 91 "Version": validation.Validate(v.Version, validation.Required), 92 "PolicyID": validation.Validate(v.PolicyID, validation.Required), 93 }.Filter() 94 } 95 96 // Validate validates an UpdateIPGeoRequest. 97 func (v UpdateIPGeoRequest) Validate() error { 98 return validation.Errors{ 99 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 100 "Version": validation.Validate(v.Version, validation.Required), 101 "PolicyID": validation.Validate(v.PolicyID, validation.Required), 102 }.Filter() 103 } 104 105 func (p *appsec) GetIPGeo(ctx context.Context, params GetIPGeoRequest) (*GetIPGeoResponse, error) { 106 logger := p.Log(ctx) 107 logger.Debug("GetIPGeo") 108 109 if err := params.Validate(); err != nil { 110 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 111 } 112 113 uri := fmt.Sprintf( 114 "/appsec/v1/configs/%d/versions/%d/security-policies/%s/ip-geo-firewall", 115 params.ConfigID, 116 params.Version, 117 params.PolicyID) 118 119 req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil) 120 if err != nil { 121 return nil, fmt.Errorf("failed to create GetIPGeo request: %w", err) 122 } 123 124 var result GetIPGeoResponse 125 resp, err := p.Exec(req, &result) 126 if err != nil { 127 return nil, fmt.Errorf("get IPGeo request failed: %w", err) 128 } 129 if resp.StatusCode != http.StatusOK { 130 return nil, p.Error(resp) 131 } 132 133 return &result, nil 134 } 135 136 func (p *appsec) UpdateIPGeo(ctx context.Context, params UpdateIPGeoRequest) (*UpdateIPGeoResponse, error) { 137 logger := p.Log(ctx) 138 logger.Debug("UpdateIPGeo") 139 140 if err := params.Validate(); err != nil { 141 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 142 } 143 144 uri := fmt.Sprintf( 145 "/appsec/v1/configs/%d/versions/%d/security-policies/%s/ip-geo-firewall", 146 params.ConfigID, 147 params.Version, 148 params.PolicyID, 149 ) 150 151 req, err := http.NewRequestWithContext(ctx, http.MethodPut, uri, nil) 152 if err != nil { 153 return nil, fmt.Errorf("failed to create UpdateIPGeo request: %w", err) 154 } 155 156 var result UpdateIPGeoResponse 157 resp, err := p.Exec(req, &result, params) 158 if err != nil { 159 return nil, fmt.Errorf("update IPGeo request failed: %w", err) 160 } 161 if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated { 162 return nil, p.Error(resp) 163 } 164 165 return &result, nil 166 }