github.com/akamai/AkamaiOPEN-edgegrid-golang/v8@v8.1.0/pkg/appsec/security_policy.go (about) 1 package appsec 2 3 import ( 4 "context" 5 "fmt" 6 "net/http" 7 8 "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/edgegriderr" 9 validation "github.com/go-ozzo/ozzo-validation/v4" 10 ) 11 12 type ( 13 // The SecurityPolicy interface supports creating, retrieving, modifying and removing security policies. 14 SecurityPolicy interface { 15 // GetSecurityPolicies returns a list of security policies available for the specified security configuration. 16 // 17 // See: https://techdocs.akamai.com/application-security/reference/get-policies 18 GetSecurityPolicies(ctx context.Context, params GetSecurityPoliciesRequest) (*GetSecurityPoliciesResponse, error) 19 20 // GetSecurityPolicy returns the specified security policy. 21 // 22 // See: https://techdocs.akamai.com/application-security/reference/get-policy 23 GetSecurityPolicy(ctx context.Context, params GetSecurityPolicyRequest) (*GetSecurityPolicyResponse, error) 24 25 // CreateSecurityPolicy creates a new copy of an existing security policy or creates a new security policy from scratch 26 // when you don't specify a policy to clone in the request. 27 // Deprecated: this method will be removed in a future release. Use the CreateSecurityPolicyWithDefaultProtections method instead. 28 // 29 // See: https://techdocs.akamai.com/application-security/reference/post-policy 30 CreateSecurityPolicy(ctx context.Context, params CreateSecurityPolicyRequest) (*CreateSecurityPolicyResponse, error) 31 32 // CreateSecurityPolicyWithDefaultProtections creates a new security policy with a specified set of security protections. 33 // 34 // See: https://techdocs.akamai.com/application-security/reference/post-policy, https://techdocs.akamai.com/application-security/reference/put-policy-protections 35 CreateSecurityPolicyWithDefaultProtections(ctx context.Context, params CreateSecurityPolicyWithDefaultProtectionsRequest) (*CreateSecurityPolicyResponse, error) 36 37 // UpdateSecurityPolicy updates the name of a specific security policy. 38 // 39 // See: https://techdocs.akamai.com/application-security/reference/put-policy 40 UpdateSecurityPolicy(ctx context.Context, params UpdateSecurityPolicyRequest) (*UpdateSecurityPolicyResponse, error) 41 42 // RemoveSecurityPolicy deletes the specified security policy. 43 // 44 // See: https://techdocs.akamai.com/application-security/reference/delete-policy 45 RemoveSecurityPolicy(ctx context.Context, params RemoveSecurityPolicyRequest) (*RemoveSecurityPolicyResponse, error) 46 } 47 48 // GetSecurityPoliciesRequest is used to retrieve the security policies for a configuration. 49 GetSecurityPoliciesRequest struct { 50 ConfigID int `json:"configId"` 51 Version int `json:"version"` 52 PolicyName string `json:"-"` 53 } 54 55 // GetSecurityPoliciesResponse is returned from a call to GetSecurityPolicies. 56 GetSecurityPoliciesResponse struct { 57 ConfigID int `json:"configId,omitempty"` 58 Version int `json:"version,omitempty"` 59 Policies []struct { 60 PolicyID string `json:"policyId,omitempty"` 61 PolicyName string `json:"policyName,omitempty"` 62 HasRatePolicyWithAPIKey bool `json:"hasRatePolicyWithApiKey,omitempty"` 63 PolicySecurityControls *SecurityControls `json:"policySecurityControls,omitempty"` 64 } `json:"policies,omitempty"` 65 } 66 67 // GetSecurityPolicyRequest is used to retrieve information about a security policy. 68 GetSecurityPolicyRequest struct { 69 ConfigID int `json:"configId"` 70 Version int `json:"version"` 71 PolicyID string `json:"policyId"` 72 } 73 74 // GetSecurityPolicyResponse is returned from a call to GetSecurityPolicy. 75 GetSecurityPolicyResponse struct { 76 ConfigID int `json:"configId,omitempty"` 77 PolicyID string `json:"policyId,omitempty"` 78 PolicyName string `json:"policyName,omitempty"` 79 DefaultSettings bool `json:"defaultSettings,omitempty"` 80 PolicySecurityControls *SecurityControls `json:"policySecurityControls,omitempty"` 81 Version int `json:"version,omitempty"` 82 } 83 84 // CreateSecurityPolicyRequest is used to create a security policy. 85 CreateSecurityPolicyRequest struct { 86 ConfigID int `json:"-"` 87 Version int `json:"-"` 88 PolicyID string `json:"-"` 89 PolicyName string `json:"policyName"` 90 PolicyPrefix string `json:"policyPrefix"` 91 DefaultSettings bool `json:"defaultSettings"` 92 } 93 94 // CreateSecurityPolicyWithDefaultProtectionsRequest is used to create a security policy with a specified set of protections. 95 CreateSecurityPolicyWithDefaultProtectionsRequest struct { 96 ConfigVersion 97 PolicyName string `json:"policyName"` 98 PolicyPrefix string `json:"policyPrefix"` 99 } 100 101 // CreateSecurityPolicyResponse is returned from a call to CreateSecurityPolicy. 102 CreateSecurityPolicyResponse struct { 103 ConfigID int `json:"configId"` 104 PolicyID string `json:"policyId"` 105 PolicyName string `json:"policyName"` 106 DefaultSettings bool `json:"defaultSettings,omitempty"` 107 PolicySecurityControls *SecurityControls `json:"policySecurityControls,omitempty"` 108 Version int `json:"version"` 109 } 110 111 // UpdateSecurityPolicyRequest is used to modify a security policy. 112 UpdateSecurityPolicyRequest struct { 113 ConfigID int `json:"-"` 114 Version int `json:"-"` 115 PolicyID string `json:"-"` 116 PolicyName string `json:"policyName"` 117 } 118 119 // UpdateSecurityPolicyResponse is returned from a call to UpdateSecurityPolicy. 120 UpdateSecurityPolicyResponse struct { 121 ConfigID int `json:"configId"` 122 PolicyID string `json:"policyId"` 123 PolicyName string `json:"policyName"` 124 DefaultSettings bool `json:"defaultSettings,omitempty"` 125 PolicySecurityControls *SecurityControls `json:"policySecurityControls,omitempty"` 126 Version int `json:"version"` 127 } 128 129 // RemoveSecurityPolicyRequest is used to remove a security policy. 130 RemoveSecurityPolicyRequest struct { 131 ConfigID int `json:"configId"` 132 Version int `json:"version"` 133 PolicyID string `json:"policyId"` 134 } 135 136 // RemoveSecurityPolicyResponse is returned from a call to RemoveSecurityPolicy. 137 RemoveSecurityPolicyResponse struct { 138 ConfigID int `json:"configId"` 139 PolicyID string `json:"policyId"` 140 PolicyName string `json:"policyName"` 141 PolicySecurityControls *SecurityControls `json:"policySecurityControls,omitempty"` 142 Version int `json:"version"` 143 } 144 145 // SecurityControls is returned as part of GetSecurityPoliciesResponse and similar responses. 146 SecurityControls struct { 147 ApplyAPIConstraints bool `json:"applyApiConstraints,omitempty"` 148 ApplyApplicationLayerControls bool `json:"applyApplicationLayerControls,omitempty"` 149 ApplyBotmanControls bool `json:"applyBotmanControls,omitempty"` 150 ApplyMalwareControls bool `json:"applyMalwareControls,omitempty"` 151 ApplyNetworkLayerControls bool `json:"applyNetworkLayerControls,omitempty"` 152 ApplyRateControls bool `json:"applyRateControls,omitempty"` 153 ApplyReputationControls bool `json:"applyReputationControls,omitempty"` 154 ApplySlowPostControls bool `json:"applySlowPostControls,omitempty"` 155 } 156 ) 157 158 // Validate validates a GetSecurityPolicyRequest. 159 func (v GetSecurityPolicyRequest) Validate() error { 160 return edgegriderr.ParseValidationErrors(validation.Errors{ 161 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 162 "Version": validation.Validate(v.Version, validation.Required), 163 }) 164 } 165 166 // Validate validates a GetSecurityPolicysRequest. 167 func (v GetSecurityPoliciesRequest) Validate() error { 168 return edgegriderr.ParseValidationErrors(validation.Errors{ 169 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 170 "Version": validation.Validate(v.Version, validation.Required), 171 }) 172 } 173 174 // Validate validates a CreateSecurityPolicyRequest. 175 func (v CreateSecurityPolicyRequest) Validate() error { 176 return edgegriderr.ParseValidationErrors(validation.Errors{ 177 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 178 "Version": validation.Validate(v.Version, validation.Required), 179 "PolicyName": validation.Validate(v.PolicyName, validation.Required), 180 "PolicyPrefix": validation.Validate(v.PolicyPrefix, validation.Required), 181 }) 182 } 183 184 // Validate validates a CreateSecurityPolicyWithDefaultProtectionsRequest. 185 func (v CreateSecurityPolicyWithDefaultProtectionsRequest) Validate() error { 186 return edgegriderr.ParseValidationErrors(validation.Errors{ 187 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 188 "Version": validation.Validate(v.Version, validation.Required), 189 "PolicyName": validation.Validate(v.PolicyName, validation.Required), 190 "PolicyPrefix": validation.Validate(v.PolicyPrefix, validation.Required), 191 }) 192 } 193 194 // Validate validates an UpdateSecurityPolicyRequest. 195 func (v UpdateSecurityPolicyRequest) Validate() error { 196 return edgegriderr.ParseValidationErrors(validation.Errors{ 197 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 198 "Version": validation.Validate(v.Version, validation.Required), 199 "PolicyID": validation.Validate(v.PolicyID, validation.Required), 200 }) 201 } 202 203 // Validate validates a RemoveSecurityPolicyRequest. 204 func (v RemoveSecurityPolicyRequest) Validate() error { 205 return edgegriderr.ParseValidationErrors(validation.Errors{ 206 "ConfigID": validation.Validate(v.ConfigID, validation.Required), 207 "Version": validation.Validate(v.Version, validation.Required), 208 "PolicyID": validation.Validate(v.PolicyID, validation.Required), 209 }) 210 } 211 212 func (p *appsec) GetSecurityPolicies(ctx context.Context, params GetSecurityPoliciesRequest) (*GetSecurityPoliciesResponse, error) { 213 logger := p.Log(ctx) 214 logger.Debug("GetSecurityPolicies") 215 216 uri := fmt.Sprintf( 217 "/appsec/v1/configs/%d/versions/%d/security-policies", 218 params.ConfigID, 219 params.Version) 220 221 req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil) 222 if err != nil { 223 return nil, fmt.Errorf("failed to create GetSecurityPolicies request: %w", err) 224 } 225 226 var result GetSecurityPoliciesResponse 227 resp, err := p.Exec(req, &result) 228 if err != nil { 229 return nil, fmt.Errorf("get security policies request failed: %w", err) 230 } 231 if resp.StatusCode != http.StatusOK { 232 return nil, p.Error(resp) 233 } 234 235 if params.PolicyName != "" { 236 var filteredResult GetSecurityPoliciesResponse 237 for _, val := range result.Policies { 238 if val.PolicyName == params.PolicyName { 239 filteredResult.Policies = append(filteredResult.Policies, val) 240 } 241 } 242 return &filteredResult, nil 243 } 244 245 return &result, nil 246 } 247 248 func (p *appsec) GetSecurityPolicy(ctx context.Context, params GetSecurityPolicyRequest) (*GetSecurityPolicyResponse, error) { 249 logger := p.Log(ctx) 250 logger.Debug("GetSecurityPolicy") 251 252 uri := fmt.Sprintf( 253 "/appsec/v1/configs/%d/versions/%d/security-policies/%s", 254 params.ConfigID, 255 params.Version, 256 params.PolicyID) 257 258 req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil) 259 if err != nil { 260 return nil, fmt.Errorf("failed to create GetSecurityPolicy request: %w", err) 261 } 262 263 var result GetSecurityPolicyResponse 264 resp, err := p.Exec(req, &result) 265 if err != nil { 266 return nil, fmt.Errorf("get security policy request failed: %w", err) 267 } 268 if resp.StatusCode != http.StatusOK { 269 return nil, p.Error(resp) 270 } 271 272 return &result, nil 273 } 274 275 func (p *appsec) UpdateSecurityPolicy(ctx context.Context, params UpdateSecurityPolicyRequest) (*UpdateSecurityPolicyResponse, error) { 276 logger := p.Log(ctx) 277 logger.Debug("UpdateSecurityPolicy") 278 279 if err := params.Validate(); err != nil { 280 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 281 } 282 283 uri := fmt.Sprintf( 284 "/appsec/v1/configs/%d/versions/%d/security-policies/%s", 285 params.ConfigID, 286 params.Version, 287 params.PolicyID, 288 ) 289 290 req, err := http.NewRequestWithContext(ctx, http.MethodPut, uri, nil) 291 if err != nil { 292 return nil, fmt.Errorf("failed to create UpdateSecurityPolicy request: %w", err) 293 } 294 295 var result UpdateSecurityPolicyResponse 296 resp, err := p.Exec(req, &result, params) 297 if err != nil { 298 return nil, fmt.Errorf("update security policy request failed: %w", err) 299 } 300 if resp.StatusCode != http.StatusOK { 301 return nil, p.Error(resp) 302 } 303 304 return &result, nil 305 } 306 307 func (p *appsec) CreateSecurityPolicy(ctx context.Context, params CreateSecurityPolicyRequest) (*CreateSecurityPolicyResponse, error) { 308 logger := p.Log(ctx) 309 logger.Debug("CreateSecurityPolicy") 310 311 if err := params.Validate(); err != nil { 312 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 313 } 314 315 uri := fmt.Sprintf( 316 "/appsec/v1/configs/%d/versions/%d/security-policies", 317 params.ConfigID, 318 params.Version) 319 320 req, err := http.NewRequestWithContext(ctx, http.MethodPost, uri, nil) 321 if err != nil { 322 return nil, fmt.Errorf("failed to create CreateSecurityPolicy request: %w", err) 323 } 324 325 var result CreateSecurityPolicyResponse 326 resp, err := p.Exec(req, &result, params) 327 if err != nil { 328 return nil, fmt.Errorf("create security policy request failed: %w", err) 329 } 330 if resp.StatusCode != http.StatusOK { 331 return nil, p.Error(resp) 332 } 333 334 return &result, nil 335 } 336 337 func (p *appsec) CreateSecurityPolicyWithDefaultProtections(ctx context.Context, params CreateSecurityPolicyWithDefaultProtectionsRequest) (*CreateSecurityPolicyResponse, error) { 338 logger := p.Log(ctx) 339 logger.Debug("CreateSecurityPolicyWithDefaultProtections") 340 341 if err := params.Validate(); err != nil { 342 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 343 } 344 345 uri := fmt.Sprintf( 346 "/appsec/v1/configs/%d/versions/%d/security-policies/protections", 347 params.ConfigID, 348 params.Version) 349 350 req, err := http.NewRequestWithContext(ctx, http.MethodPost, uri, nil) 351 if err != nil { 352 return nil, fmt.Errorf("failed to create CreateSecurityPolicyWithDefaultProtections request: %w", err) 353 } 354 355 var result CreateSecurityPolicyResponse 356 resp, err := p.Exec(req, &result, params) 357 if err != nil { 358 return nil, fmt.Errorf("create security policy request failed: %w", err) 359 } 360 if resp.StatusCode != http.StatusOK { 361 return nil, p.Error(resp) 362 } 363 364 return &result, nil 365 } 366 367 func (p *appsec) RemoveSecurityPolicy(ctx context.Context, params RemoveSecurityPolicyRequest) (*RemoveSecurityPolicyResponse, error) { 368 logger := p.Log(ctx) 369 logger.Debug("RemoveSecurityPolicy") 370 371 if err := params.Validate(); err != nil { 372 return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error()) 373 } 374 375 uri := fmt.Sprintf("/appsec/v1/configs/%d/versions/%d/security-policies/%s", params.ConfigID, params.Version, params.PolicyID) 376 req, err := http.NewRequestWithContext(ctx, http.MethodDelete, uri, nil) 377 if err != nil { 378 return nil, fmt.Errorf("failed to create RemoveSecurityPolicy request: %w", err) 379 } 380 381 var result RemoveSecurityPolicyResponse 382 resp, err := p.Exec(req, &result) 383 if err != nil { 384 return nil, fmt.Errorf("remove security policy request failed: %w", err) 385 } 386 if resp.StatusCode != http.StatusNoContent && resp.StatusCode != http.StatusOK { 387 return nil, p.Error(resp) 388 } 389 390 return &result, nil 391 }