github.com/akamai/AkamaiOPEN-edgegrid-golang/v8@v8.1.0/pkg/appsec/rule_upgrade.go (about) 1 package appsec 2 3 import ( 4 "context" 5 "fmt" 6 "net/http" 7 8 validation "github.com/go-ozzo/ozzo-validation/v4" 9 ) 10 11 type ( 12 // The RuleUpgrade interface supports verifying changes in Kona rule sets, and upgrading to the 13 // latest rules. 14 RuleUpgrade interface { 15 // GetRuleUpgrade only applies to Kona rule sets. The KRS rule sets are maintained by Akamai's security research team. 16 // 17 // See: https://techdocs.akamai.com/application-security/reference/get-rules-upgrade-details-1 18 GetRuleUpgrade(ctx context.Context, params GetRuleUpgradeRequest) (*GetRuleUpgradeResponse, error) 19 20 // UpdateRuleUpgrade upgrades to the most recent version of the KRS rule set. 21 // 22 // See: https://techdocs.akamai.com/application-security/reference/put-policy-rules-1 23 UpdateRuleUpgrade(ctx context.Context, params UpdateRuleUpgradeRequest) (*UpdateRuleUpgradeResponse, error) 24 } 25 26 // GetRuleUpgradeRequest is used to verify changes in the KRS rule sets. 27 GetRuleUpgradeRequest struct { 28 ConfigID int 29 Version int 30 PolicyID string 31 } 32 33 // GetRuleUpgradeResponse is returned from a call to GetRuleUpgrade. 34 GetRuleUpgradeResponse struct { 35 Current string `json:"current,omitempty"` 36 Evaluating string `json:"evaluating,omitempty"` 37 Latest string `json:"latest,omitempty"` 38 KRSToEvalUpdates *RulesetUpdateData `json:"KRSToEvalUpdates,omitempty"` 39 EvalToEvalUpdates *RulesetUpdateData `json:"EvalToEvalUpdates,omitempty"` 40 KRSToLatestUpdates *RulesetUpdateData `json:"KRSToLatestUpdates,omitempty"` 41 } 42 43 // RulesetUpdateData is used to report all updates to rules and attack groups in the ruleset. 44 RulesetUpdateData struct { 45 DeletedRules *RuleData `json:"deletedRules,omitempty"` 46 NewRules *RuleData `json:"newRules,omitempty"` 47 UpdatedRules *RuleData `json:"updatedRules,omitempty"` 48 DeletedAttackGroups *GroupData `json:"deletedAttackGroups,omitempty"` 49 UpdatedAttackGroups *GroupData `json:"updatedAttackGroups,omitempty"` 50 NewAttackGroups *GroupData `json:"newAttackGroups,omitempty"` 51 } 52 53 // RuleData contains updates to rules 54 RuleData []struct { 55 ID int `json:"id,omitempty"` 56 Title string `json:"title,omitempty"` 57 } 58 59 // GroupData contains updates to attack groups 60 GroupData []struct { 61 Group int `json:"group,omitempty"` 62 GroupName string `json:"groupName,omitempty"` 63 } 64 65 // UpdateRuleUpgradeRequest is used to upgrade to the most recent version of the KRS rule set. 66 UpdateRuleUpgradeRequest struct { 67 ConfigID int `json:"-"` 68 Version int `json:"-"` 69 PolicyID string `json:"-"` 70 Upgrade bool `json:"upgrade"` 71 Mode string `json:"mode,omitempty"` 72 } 73 74 // UpdateRuleUpgradeResponse is returned from a call to UpdateRuleUpgrade. 75 UpdateRuleUpgradeResponse struct { 76 Current string `json:"current"` 77 Mode string `json:"mode"` 78 Eval string `json:"eval"` 79 } 80 ) 81 82 // Validate validates a GetRuleUpgradeRequest. 83 func (v GetRuleUpgradeRequest) Validate() error { 84 return validation.Errors{ 85 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 86 "Version": validation.Validate(v.Version, validation.Required), 87 "PolicyID": validation.Validate(v.PolicyID, validation.Required), 88 }.Filter() 89 } 90 91 // Validate validates an UpdateRuleUpgradeRequest. 92 func (v UpdateRuleUpgradeRequest) Validate() error { 93 return validation.Errors{ 94 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 95 "Version": validation.Validate(v.Version, validation.Required), 96 "PolicyID": validation.Validate(v.PolicyID, validation.Required), 97 }.Filter() 98 } 99 100 func (p *appsec) GetRuleUpgrade(ctx context.Context, params GetRuleUpgradeRequest) (*GetRuleUpgradeResponse, error) { 101 logger := p.Log(ctx) 102 logger.Debug("GetRuleUpgrade") 103 104 if err := params.Validate(); err != nil { 105 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 106 } 107 108 uri := fmt.Sprintf( 109 "/appsec/v1/configs/%d/versions/%d/security-policies/%s/rules/upgrade-details", 110 params.ConfigID, 111 params.Version, 112 params.PolicyID, 113 ) 114 115 req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil) 116 if err != nil { 117 return nil, fmt.Errorf("failed to create GetRuleUpgrade request: %w", err) 118 } 119 120 var result GetRuleUpgradeResponse 121 resp, err := p.Exec(req, &result) 122 if err != nil { 123 return nil, fmt.Errorf("get rule upgrade request failed: %w", err) 124 } 125 if resp.StatusCode != http.StatusOK { 126 return nil, p.Error(resp) 127 } 128 129 return &result, nil 130 } 131 132 func (p *appsec) UpdateRuleUpgrade(ctx context.Context, params UpdateRuleUpgradeRequest) (*UpdateRuleUpgradeResponse, error) { 133 logger := p.Log(ctx) 134 logger.Debug("UpdateRuleUpgrade") 135 136 if err := params.Validate(); err != nil { 137 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 138 } 139 140 uri := fmt.Sprintf( 141 "/appsec/v1/configs/%d/versions/%d/security-policies/%s/rules", 142 params.ConfigID, 143 params.Version, 144 params.PolicyID, 145 ) 146 147 req, err := http.NewRequestWithContext(ctx, http.MethodPut, uri, nil) 148 if err != nil { 149 return nil, fmt.Errorf("failed to create UpdateRuleUpgrade request: %w", err) 150 } 151 152 var result UpdateRuleUpgradeResponse 153 resp, err := p.Exec(req, &result, params) 154 if err != nil { 155 return nil, fmt.Errorf("update rule upgrade request failed: %w", err) 156 } 157 if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated { 158 return nil, p.Error(resp) 159 } 160 161 return &result, nil 162 }