github.com/opentelekomcloud/gophertelekomcloud@v0.9.3/acceptance/openstack/waf-premium/v1/rule_test.go (about) 1 package v1 2 3 import ( 4 "os" 5 "testing" 6 7 "github.com/opentelekomcloud/gophertelekomcloud/acceptance/clients" 8 "github.com/opentelekomcloud/gophertelekomcloud/acceptance/tools" 9 "github.com/opentelekomcloud/gophertelekomcloud/openstack/common/pointerto" 10 "github.com/opentelekomcloud/gophertelekomcloud/openstack/waf-premium/v1/hosts" 11 "github.com/opentelekomcloud/gophertelekomcloud/openstack/waf-premium/v1/policies" 12 "github.com/opentelekomcloud/gophertelekomcloud/openstack/waf-premium/v1/rules" 13 th "github.com/opentelekomcloud/gophertelekomcloud/testhelper" 14 ) 15 16 func TestWafPremiumBlacklistRuleWorkflow(t *testing.T) { 17 region := os.Getenv("OS_REGION_NAME") 18 vpcID := os.Getenv("OS_VPC_ID") 19 if vpcID == "" && region == "" { 20 t.Skip("OS_REGION_NAME, OS_VPC_ID env vars is required for this test") 21 } 22 23 client, err := clients.NewWafdV1Client() 24 th.AssertNoErr(t, err) 25 26 policyName := tools.RandomString("waf-policy-", 3) 27 optsP := policies.CreateOpts{ 28 Name: policyName, 29 } 30 31 t.Logf("Attempting to create WAF Premium policy: %s", policyName) 32 policy, err := policies.Create(client, optsP) 33 th.AssertNoErr(t, err) 34 th.AssertEquals(t, policy.Name, policyName) 35 36 hostOpts := hosts.CreateOpts{ 37 Hostname: tools.RandomString("www.waf-demo.com", 3), 38 Proxy: pointerto.Bool(false), 39 PolicyId: policy.ID, 40 Server: []hosts.PremiumWafServer{{ 41 FrontProtocol: "HTTP", 42 BackProtocol: "HTTP", 43 Address: "192.168.1.110", 44 Port: 80, 45 Type: "ipv4", 46 VpcId: vpcID, 47 }}, 48 Description: "description", 49 } 50 t.Logf("Attempting to create WAF Premium host") 51 host, err := hosts.Create(client, hostOpts) 52 th.AssertNoErr(t, err) 53 54 t.Cleanup(func() { 55 t.Logf("Attempting to delete WAF Premium host: %s", host.ID) 56 th.AssertNoErr(t, hosts.Delete(client, host.ID, hosts.DeleteOpts{})) 57 t.Logf("Deleted WAF Premium host: %s", host.ID) 58 }) 59 60 blacklistName := tools.RandomString("waf-black-", 3) 61 blacklistOpts := rules.BlacklistCreateOpts{ 62 Name: blacklistName, 63 Description: "desc", 64 Addresses: "192.168.1.0/24", 65 Action: pointerto.Int(0), 66 } 67 t.Logf("Attempting to Create WAF Premium blacklist rule") 68 blacklist, err := rules.CreateBlacklist(client, policy.ID, blacklistOpts) 69 th.AssertNoErr(t, err) 70 th.AssertEquals(t, blacklist.Name, blacklistName) 71 th.AssertEquals(t, blacklist.Addresses, "192.168.1.0/24") 72 th.AssertEquals(t, blacklist.Description, "desc") 73 th.AssertEquals(t, *blacklist.Action, 0) 74 75 t.Cleanup(func() { 76 t.Logf("Attempting to delete WAF Premium blacklist rule: %s", blacklist.ID) 77 th.AssertNoErr(t, rules.DeleteBlacklistRule(client, policy.ID, blacklist.ID)) 78 t.Logf("Deleted WAF Premium blacklist rule: %s", blacklist.ID) 79 }) 80 81 t.Logf("Attempting to List WAF Premium blacklist rule") 82 listAntiCrawler, err := rules.ListBlacklists(client, policy.ID, rules.ListBlacklistOpts{}) 83 th.AssertNoErr(t, err) 84 if len(listAntiCrawler) < 1 { 85 t.Fatal("empty WAF Premium blacklist rule list") 86 } 87 88 t.Logf("Attempting to Update WAF Premium blacklist rule: %s", blacklist.ID) 89 updatedBl, err := rules.UpdateBlacklist(client, policy.ID, blacklist.ID, rules.UpdateBlacklistOpts{ 90 Name: blacklistName + "-updated", 91 Description: "updated", 92 Addresses: "10.1.100.0/24", 93 Action: pointerto.Int(2), 94 }) 95 th.AssertNoErr(t, err) 96 97 t.Logf("Attempting to Get WAF Premium blacklist rule: %s", blacklist.ID) 98 getBlacklist, err := rules.GetBlacklist(client, policy.ID, updatedBl.ID) 99 th.AssertNoErr(t, err) 100 th.AssertEquals(t, getBlacklist.Addresses, "10.1.100.0/24") 101 th.AssertEquals(t, getBlacklist.Description, "updated") 102 th.AssertEquals(t, *getBlacklist.Action, 2) 103 th.AssertEquals(t, getBlacklist.Name, blacklistName+"-updated") 104 } 105 106 func TestWafPremiumCcRuleWorkflow(t *testing.T) { 107 region := os.Getenv("OS_REGION_NAME") 108 vpcID := os.Getenv("OS_VPC_ID") 109 if vpcID == "" && region == "" { 110 t.Skip("OS_REGION_NAME, OS_VPC_ID env vars is required for this test") 111 } 112 113 client, err := clients.NewWafdV1Client() 114 th.AssertNoErr(t, err) 115 116 policyName := tools.RandomString("waf-policy-", 3) 117 opts := policies.CreateOpts{ 118 Name: policyName, 119 } 120 policy, err := policies.Create(client, opts) 121 th.AssertNoErr(t, err) 122 th.AssertEquals(t, policy.Name, policyName) 123 124 t.Cleanup(func() { 125 t.Logf("Attempting to delete WAF Premium policy: %s", policy.ID) 126 th.AssertNoErr(t, policies.Delete(client, policy.ID)) 127 t.Logf("Deleted WAF Premium policy: %s", policy.ID) 128 }) 129 130 ccOpts := rules.CreateCcOpts{ 131 Mode: pointerto.Int(0), 132 Url: "/path", 133 Description: "desc", 134 Action: &rules.CcActionObject{ 135 Category: "captcha", 136 }, 137 TagType: "ip", 138 LimitNum: 10, 139 LimitPeriod: 60, 140 } 141 t.Logf("Attempting to Create WAF Premium cc rule") 142 cc, err := rules.CreateCc(client, policy.ID, ccOpts) 143 th.AssertNoErr(t, err) 144 th.AssertEquals(t, cc.Mode, 0) 145 th.AssertEquals(t, cc.Url, "/path") 146 147 t.Cleanup(func() { 148 t.Logf("Attempting to delete WAF Premium cc rule: %s", cc.ID) 149 th.AssertNoErr(t, rules.DeleteCcRule(client, policy.ID, cc.ID)) 150 t.Logf("Deleted WAF Premium cc rule: %s", cc.ID) 151 }) 152 153 t.Logf("Attempting to List WAF Premium cc rule") 154 listCc, err := rules.ListCcs(client, policy.ID, rules.ListCcOpts{}) 155 th.AssertNoErr(t, err) 156 if len(listCc) < 1 { 157 t.Fatal("empty WAF Premium rule list") 158 } 159 160 t.Logf("Attempting to Update WAF Premium cc rule: %s", cc.ID) 161 updatedCc, err := rules.UpdateCc(client, policy.ID, cc.ID, rules.CreateCcOpts{ 162 Mode: pointerto.Int(0), 163 Url: "/path1", 164 Description: "updated", 165 Action: &rules.CcActionObject{ 166 Category: "log", 167 }, 168 TagType: "ip", 169 LimitNum: 10, 170 LimitPeriod: 60, 171 }) 172 th.AssertNoErr(t, err) 173 174 t.Logf("Attempting to Get WAF Premium cc rule: %s", updatedCc.ID) 175 getCc, err := rules.GetCc(client, policy.ID, updatedCc.ID) 176 th.AssertNoErr(t, err) 177 th.AssertEquals(t, getCc.Url, "/path1") 178 th.AssertEquals(t, getCc.Action.Category, "log") 179 } 180 181 func TestWafPremiumCustomRuleWorkflow(t *testing.T) { 182 region := os.Getenv("OS_REGION_NAME") 183 vpcID := os.Getenv("OS_VPC_ID") 184 if vpcID == "" && region == "" { 185 t.Skip("OS_REGION_NAME, OS_VPC_ID env vars is required for this test") 186 } 187 188 client, err := clients.NewWafdV1Client() 189 th.AssertNoErr(t, err) 190 191 policyName := tools.RandomString("waf-policy-", 3) 192 opts := policies.CreateOpts{ 193 Name: policyName, 194 } 195 policy, err := policies.Create(client, opts) 196 th.AssertNoErr(t, err) 197 th.AssertEquals(t, policy.Name, policyName) 198 199 t.Cleanup(func() { 200 t.Logf("Attempting to delete WAF Premium policy: %s", policy.ID) 201 th.AssertNoErr(t, policies.Delete(client, policy.ID)) 202 t.Logf("Deleted WAF Premium policy: %s", policy.ID) 203 }) 204 205 customOpts := rules.CreateCustomOpts{ 206 Time: pointerto.Bool(false), 207 Description: "desc", 208 Conditions: []rules.CustomConditionsObject{{ 209 Category: "url", 210 LogicOperation: "contain", 211 Contents: []string{"test"}, 212 }}, 213 Action: &rules.CustomActionObject{ 214 Category: "block", 215 }, 216 Priority: pointerto.Int(50), 217 } 218 t.Logf("Attempting to Create WAF Premium custom rule") 219 custom, err := rules.CreateCustom(client, policy.ID, customOpts) 220 th.AssertNoErr(t, err) 221 th.AssertEquals(t, custom.Priority, 50) 222 th.AssertEquals(t, custom.Conditions[0].Category, "url") 223 224 t.Cleanup(func() { 225 t.Logf("Attempting to delete WAF Premium custom rule: %s", custom.ID) 226 th.AssertNoErr(t, rules.DeleteCustomRule(client, policy.ID, custom.ID)) 227 t.Logf("Deleted WAF Premium custom rule: %s", custom.ID) 228 }) 229 230 t.Logf("Attempting to List WAF Premium custom rule") 231 listCc, err := rules.ListCustoms(client, policy.ID, rules.ListCustomOpts{}) 232 th.AssertNoErr(t, err) 233 if len(listCc) < 1 { 234 t.Fatal("empty WAF Premium rule list") 235 } 236 237 t.Logf("Attempting to Update WAF Premium custom rule: %s", custom.ID) 238 updatedCustom, err := rules.UpdateCustom(client, policy.ID, custom.ID, rules.CreateCustomOpts{ 239 Time: pointerto.Bool(false), 240 Description: "updated", 241 Action: &rules.CustomActionObject{ 242 Category: "pass", 243 }, 244 Conditions: []rules.CustomConditionsObject{{ 245 Category: "url", 246 LogicOperation: "contain", 247 Contents: []string{"test"}, 248 }}, 249 Priority: pointerto.Int(60), 250 }) 251 th.AssertNoErr(t, err) 252 253 t.Logf("Attempting to Get WAF Premium custom rule: %s", updatedCustom.ID) 254 getCustom, err := rules.GetCustom(client, policy.ID, updatedCustom.ID) 255 th.AssertNoErr(t, err) 256 th.AssertEquals(t, getCustom.Description, "updated") 257 th.AssertEquals(t, getCustom.Action.Category, "pass") 258 } 259 260 func TestWafPremiumAntiCrawlerRuleWorkflow(t *testing.T) { 261 region := os.Getenv("OS_REGION_NAME") 262 vpcID := os.Getenv("OS_VPC_ID") 263 if vpcID == "" && region == "" { 264 t.Skip("OS_REGION_NAME, OS_VPC_ID env vars is required for this test") 265 } 266 267 client, err := clients.NewWafdV1Client() 268 th.AssertNoErr(t, err) 269 270 policyName := tools.RandomString("waf-policy-", 3) 271 opts := policies.CreateOpts{ 272 Name: policyName, 273 } 274 policy, err := policies.Create(client, opts) 275 th.AssertNoErr(t, err) 276 th.AssertEquals(t, policy.Name, policyName) 277 278 t.Cleanup(func() { 279 t.Logf("Attempting to delete WAF Premium policy: %s", policy.ID) 280 th.AssertNoErr(t, policies.Delete(client, policy.ID)) 281 t.Logf("Deleted WAF Premium policy: %s", policy.ID) 282 }) 283 284 antiCrawlerName := tools.RandomString("waf-atc-", 3) 285 antiCrawlerOpts := rules.CreateAntiCrawlerOpts{ 286 Url: "/patent/id", 287 Logic: 3, 288 Name: antiCrawlerName, 289 Type: "anticrawler_except_url", 290 } 291 t.Logf("Attempting to Create WAF Premium anti crawler rule") 292 antiCrawler, err := rules.CreateAntiCrawler(client, policy.ID, antiCrawlerOpts) 293 th.AssertNoErr(t, err) 294 th.AssertEquals(t, antiCrawler.Name, antiCrawlerName) 295 296 t.Cleanup(func() { 297 t.Logf("Attempting to delete WAF Premium anti crawler rule: %s", antiCrawler.ID) 298 th.AssertNoErr(t, rules.DeleteAntiCrawlerRule(client, policy.ID, antiCrawler.ID)) 299 t.Logf("Deleted WAF Premium anti crawler rule: %s", antiCrawler.ID) 300 }) 301 302 t.Logf("Attempting to List WAF Premium anti crawler rule") 303 listAntiCrawler, err := rules.ListAntiCrawlers(client, policy.ID, rules.ListAntiCrawlerOpts{}) 304 th.AssertNoErr(t, err) 305 if len(listAntiCrawler) < 1 { 306 t.Fatal("empty WAF Premium rule list") 307 } 308 309 t.Logf("Attempting to Update WAF Premium anti crawler rule: %s", antiCrawler.ID) 310 updatedAntiCrawler, err := rules.UpdateAntiCrawler(client, policy.ID, antiCrawler.ID, rules.UpdateAntiCrawlerOpts{ 311 Url: "/patents/id", 312 Logic: 4, 313 Name: antiCrawlerName + "-updated", 314 }) 315 th.AssertNoErr(t, err) 316 317 t.Logf("Attempting to Get WAF Premium anti crawler rule: %s", antiCrawler.ID) 318 getAntiCrawler, err := rules.GetAntiCrawler(client, policy.ID, updatedAntiCrawler.ID) 319 th.AssertNoErr(t, err) 320 th.AssertEquals(t, getAntiCrawler.Logic, 4) 321 th.AssertEquals(t, getAntiCrawler.Url, "/patents/id") 322 th.AssertEquals(t, getAntiCrawler.Name, antiCrawlerName+"-updated") 323 } 324 325 func TestWafPremiumDataMaskingRuleWorkflow(t *testing.T) { 326 region := os.Getenv("OS_REGION_NAME") 327 vpcID := os.Getenv("OS_VPC_ID") 328 if vpcID == "" && region == "" { 329 t.Skip("OS_REGION_NAME, OS_VPC_ID env vars is required for this test") 330 } 331 332 client, err := clients.NewWafdV1Client() 333 th.AssertNoErr(t, err) 334 335 policyName := tools.RandomString("waf-policy-", 3) 336 opts := policies.CreateOpts{ 337 Name: policyName, 338 } 339 policy, err := policies.Create(client, opts) 340 th.AssertNoErr(t, err) 341 th.AssertEquals(t, policy.Name, policyName) 342 343 t.Cleanup(func() { 344 t.Logf("Attempting to delete WAF Premium policy: %s", policy.ID) 345 th.AssertNoErr(t, policies.Delete(client, policy.ID)) 346 t.Logf("Deleted WAF Premium policy: %s", policy.ID) 347 }) 348 349 privacyOpts := rules.CreatePrivacyOpts{ 350 Url: "/login", 351 Category: "params", 352 Name: "password", 353 Description: "desc", 354 } 355 t.Logf("Attempting to Create WAF Premium privacy rule") 356 privacy, err := rules.CreatePrivacy(client, policy.ID, privacyOpts) 357 th.AssertNoErr(t, err) 358 th.AssertEquals(t, privacy.Category, "params") 359 th.AssertEquals(t, privacy.Name, "password") 360 361 t.Cleanup(func() { 362 t.Logf("Attempting to delete WAF Premium privacy rule: %s", privacy.ID) 363 th.AssertNoErr(t, rules.DeletePrivacyRule(client, policy.ID, privacy.ID)) 364 t.Logf("Deleted WAF Premium privacy rule: %s", privacy.ID) 365 }) 366 367 t.Logf("Attempting to List WAF Premium privacy rule") 368 listCc, err := rules.ListPrivacy(client, policy.ID, rules.ListPrivacyOpts{}) 369 th.AssertNoErr(t, err) 370 if len(listCc) < 1 { 371 t.Fatal("empty WAF Premium rule list") 372 } 373 374 t.Logf("Attempting to Update WAF Premium privacy rule: %s", policy.ID) 375 updatedPrivacy, err := rules.UpdatePrivacy(client, policy.ID, privacy.ID, rules.UpdatePrivacyOpts{ 376 Url: "/path1", 377 Category: "header", 378 Name: "token", 379 Description: "updated", 380 }) 381 th.AssertNoErr(t, err) 382 383 t.Logf("Attempting to Get WAF Premium privacy rule: %s", updatedPrivacy.ID) 384 getPrivacy, err := rules.GetPrivacy(client, policy.ID, updatedPrivacy.ID) 385 th.AssertNoErr(t, err) 386 th.AssertEquals(t, getPrivacy.Name, "token") 387 th.AssertEquals(t, getPrivacy.Description, "updated") 388 th.AssertEquals(t, getPrivacy.Category, "header") 389 } 390 391 func TestWafPremiumKnownAttackRuleWorkflow(t *testing.T) { 392 region := os.Getenv("OS_REGION_NAME") 393 vpcID := os.Getenv("OS_VPC_ID") 394 if vpcID == "" && region == "" { 395 t.Skip("OS_REGION_NAME, OS_VPC_ID env vars is required for this test") 396 } 397 398 client, err := clients.NewWafdV1Client() 399 th.AssertNoErr(t, err) 400 401 policyName := tools.RandomString("waf-policy-", 3) 402 opts := policies.CreateOpts{ 403 Name: policyName, 404 } 405 policy, err := policies.Create(client, opts) 406 th.AssertNoErr(t, err) 407 th.AssertEquals(t, policy.Name, policyName) 408 409 t.Cleanup(func() { 410 t.Logf("Attempting to delete WAF Premium policy: %s", policy.ID) 411 th.AssertNoErr(t, policies.Delete(client, policy.ID)) 412 t.Logf("Deleted WAF Premium policy: %s", policy.ID) 413 }) 414 415 kasOpts := rules.CreateKnownAttackSourceOpts{ 416 BlockTime: pointerto.Int(300), 417 Category: "long_ip_block", 418 Description: "desc", 419 } 420 t.Logf("Attempting to Create WAF Premium known attack source rule") 421 kas, err := rules.CreateKnownAttackSource(client, policy.ID, kasOpts) 422 th.AssertNoErr(t, err) 423 th.AssertEquals(t, kas.Category, "long_ip_block") 424 th.AssertEquals(t, kas.Description, "desc") 425 th.AssertEquals(t, kas.BlockTime, 300) 426 427 t.Cleanup(func() { 428 t.Logf("Attempting to delete WAF Premium known attack source rule: %s", kas.ID) 429 th.AssertNoErr(t, rules.DeleteKnownAttackSourceRule(client, policy.ID, kas.ID)) 430 t.Logf("Deleted WAF Premium known attack source rule: %s", kas.ID) 431 }) 432 433 t.Logf("Attempting to List WAF Premium known attack source rule") 434 listKas, err := rules.ListKnownAttackSource(client, policy.ID, rules.ListKnownAttackSourceOpts{}) 435 th.AssertNoErr(t, err) 436 if len(listKas) < 1 { 437 t.Fatal("empty WAF Premium rule list") 438 } 439 440 t.Logf("Attempting to Update WAF Premium known attack source rule: %s", policy.ID) 441 updatedPrivacy, err := rules.UpdateKnownAttackSource(client, policy.ID, kas.ID, rules.UpdateKnownAttackSourceOpts{ 442 Description: "updated", 443 BlockTime: pointerto.Int(1200), 444 }) 445 th.AssertNoErr(t, err) 446 447 t.Logf("Attempting to Get WAF Premium known attack source rule: %s", updatedPrivacy.ID) 448 getKas, err := rules.GetKnownAttackSource(client, policy.ID, updatedPrivacy.ID) 449 th.AssertNoErr(t, err) 450 th.AssertEquals(t, getKas.Description, "updated") 451 th.AssertEquals(t, getKas.BlockTime, 1200) 452 } 453 454 func TestWafPremiumWebTamperRuleWorkflow(t *testing.T) { 455 region := os.Getenv("OS_REGION_NAME") 456 vpcID := os.Getenv("OS_VPC_ID") 457 if vpcID == "" && region == "" { 458 t.Skip("OS_REGION_NAME, OS_VPC_ID env vars is required for this test") 459 } 460 461 client, err := clients.NewWafdV1Client() 462 th.AssertNoErr(t, err) 463 464 policyName := tools.RandomString("waf-policy-", 3) 465 opts := policies.CreateOpts{ 466 Name: policyName, 467 } 468 policy, err := policies.Create(client, opts) 469 th.AssertNoErr(t, err) 470 th.AssertEquals(t, policy.Name, policyName) 471 472 t.Cleanup(func() { 473 t.Logf("Attempting to delete WAF Premium policy: %s", policy.ID) 474 th.AssertNoErr(t, policies.Delete(client, policy.ID)) 475 t.Logf("Deleted WAF Premium policy: %s", policy.ID) 476 }) 477 atOpts := rules.CreateAntiTamperOpts{ 478 Hostname: "www.domain.com", 479 Url: "/login", 480 Description: "desc", 481 } 482 t.Logf("Attempting to Create WAF Premium anti tamper rule") 483 at, err := rules.CreateAntiTamper(client, policy.ID, atOpts) 484 th.AssertNoErr(t, err) 485 th.AssertEquals(t, at.Hostname, "www.domain.com") 486 th.AssertEquals(t, at.Description, "desc") 487 th.AssertEquals(t, at.Url, "/login") 488 489 t.Cleanup(func() { 490 t.Logf("Attempting to delete WAF Premium anti tamper rule: %s", at.ID) 491 th.AssertNoErr(t, rules.DeleteAntiTamperRule(client, policy.ID, at.ID)) 492 t.Logf("Deleted WAF Premium anti tamper rule: %s", at.ID) 493 }) 494 495 t.Logf("Attempting to List WAF Premium anti tamper rule") 496 listAt, err := rules.ListAntiTamper(client, policy.ID, rules.ListAntiTamperOpts{}) 497 th.AssertNoErr(t, err) 498 if len(listAt) < 1 { 499 t.Fatal("empty WAF Premium rule list") 500 } 501 502 t.Logf("Attempting to Update WAF Premium anti tamper rule: %s", policy.ID) 503 _, err = rules.UpdateAntiTamperCache(client, policy.ID, at.ID) 504 th.AssertNoErr(t, err) 505 506 t.Logf("Attempting to Get WAF Premium anti tamper rule: %s", at.ID) 507 getAt, err := rules.GetAntiTamper(client, policy.ID, at.ID) 508 th.AssertNoErr(t, err) 509 th.AssertEquals(t, getAt.Description, "desc") 510 th.AssertEquals(t, *getAt.Status, 1) 511 } 512 513 func TestWafPremiumInformationLeakageProtectionRuleWorkflow(t *testing.T) { 514 region := os.Getenv("OS_REGION_NAME") 515 vpcID := os.Getenv("OS_VPC_ID") 516 if vpcID == "" && region == "" { 517 t.Skip("OS_REGION_NAME, OS_VPC_ID env vars is required for this test") 518 } 519 520 client, err := clients.NewWafdV1Client() 521 th.AssertNoErr(t, err) 522 523 policyName := tools.RandomString("waf-policy-", 3) 524 opts := policies.CreateOpts{ 525 Name: policyName, 526 } 527 policy, err := policies.Create(client, opts) 528 th.AssertNoErr(t, err) 529 th.AssertEquals(t, policy.Name, policyName) 530 531 t.Cleanup(func() { 532 t.Logf("Attempting to delete WAF Premium policy: %s", policy.ID) 533 th.AssertNoErr(t, policies.Delete(client, policy.ID)) 534 t.Logf("Deleted WAF Premium policy: %s", policy.ID) 535 }) 536 ilpOpts := rules.CreateAntiLeakageOpts{ 537 Url: "/attack", 538 Category: "sensitive", 539 Contents: []string{"id_card"}, 540 Description: "desc", 541 } 542 t.Logf("Attempting to Create WAF Premium information leakage protection rule") 543 ilp, err := rules.CreateAntiLeakage(client, policy.ID, ilpOpts) 544 th.AssertNoErr(t, err) 545 th.AssertEquals(t, ilp.Contents[0], "id_card") 546 th.AssertEquals(t, ilp.Description, "desc") 547 th.AssertEquals(t, ilp.Url, "/attack") 548 th.AssertEquals(t, ilp.Category, "sensitive") 549 550 t.Cleanup(func() { 551 t.Logf("Attempting to delete WAF Premium information leakage protection rule: %s", ilp.ID) 552 th.AssertNoErr(t, rules.DeleteAntiLeakageRule(client, policy.ID, ilp.ID)) 553 t.Logf("Deleted WAF Premium information leakage protection rule: %s", ilp.ID) 554 }) 555 556 t.Logf("Attempting to List WAF Premium information leakage protection rule") 557 listIlp, err := rules.ListAntiLeakage(client, policy.ID, rules.ListAntiLeakageOpts{}) 558 th.AssertNoErr(t, err) 559 if len(listIlp) < 1 { 560 t.Fatal("empty WAF Premium rule list") 561 } 562 563 t.Logf("Attempting to Update WAF Premium information leakage protection rule: %s", policy.ID) 564 ilpUpdated, err := rules.UpdateAntiLeakage(client, policy.ID, ilp.ID, rules.UpdateAntiLeakageOpts{ 565 Url: "/pass", 566 Category: "sensitive", 567 Contents: []string{"id_card"}, 568 Description: "updated", 569 }) 570 th.AssertNoErr(t, err) 571 572 t.Logf("Attempting to Get WAF Premium information leakage protection rule: %s", ilp.ID) 573 getIlp, err := rules.GetAntiLeakage(client, policy.ID, ilpUpdated.ID) 574 th.AssertNoErr(t, err) 575 th.AssertEquals(t, getIlp.Description, "updated") 576 th.AssertEquals(t, getIlp.Url, "/pass") 577 th.AssertEquals(t, getIlp.Contents[0], "id_card") 578 } 579 580 func TestWafPremiumAlarmMaskingRuleWorkflow(t *testing.T) { 581 region := os.Getenv("OS_REGION_NAME") 582 vpcID := os.Getenv("OS_VPC_ID") 583 if vpcID == "" && region == "" { 584 t.Skip("OS_REGION_NAME, OS_VPC_ID env vars is required for this test") 585 } 586 587 client, err := clients.NewWafdV1Client() 588 th.AssertNoErr(t, err) 589 590 policyName := tools.RandomString("waf-policy-", 3) 591 opts := policies.CreateOpts{ 592 Name: policyName, 593 } 594 policy, err := policies.Create(client, opts) 595 th.AssertNoErr(t, err) 596 th.AssertEquals(t, policy.Name, policyName) 597 598 t.Cleanup(func() { 599 t.Logf("Attempting to delete WAF Premium policy: %s", policy.ID) 600 th.AssertNoErr(t, policies.Delete(client, policy.ID)) 601 t.Logf("Deleted WAF Premium policy: %s", policy.ID) 602 }) 603 ignoreOpts := rules.CreateIgnoreOpts{ 604 Domains: []string{"www.example.com"}, 605 Conditions: []rules.IgnoreCondition{{ 606 Category: "url", 607 Contents: []string{"/login"}, 608 LogicOperation: "equal", 609 }}, 610 Mode: 1, 611 Rule: "all", 612 Description: "desc", 613 } 614 t.Logf("Attempting to Create WAF Premium alarm masking rule") 615 ignore, err := rules.CreateIgnore(client, policy.ID, ignoreOpts) 616 th.AssertNoErr(t, err) 617 th.AssertEquals(t, ignore.Description, "desc") 618 619 t.Cleanup(func() { 620 t.Logf("Attempting to delete WAF Premium alarm masking rule: %s", ignore.ID) 621 th.AssertNoErr(t, rules.DeleteIgnoreRule(client, policy.ID, ignore.ID)) 622 t.Logf("Deleted WAF Premium information leakage protection rule: %s", ignore.ID) 623 }) 624 625 t.Logf("Attempting to List WAF Premium alarm masking rule") 626 listIgnore, err := rules.ListIgnore(client, policy.ID, rules.ListIgnoreOpts{}) 627 th.AssertNoErr(t, err) 628 if len(listIgnore) < 1 { 629 t.Fatal("empty WAF Premium rule list") 630 } 631 632 t.Logf("Attempting to Update WAF Premium alarm masking rule: %s", policy.ID) 633 ignoreUpdated, err := rules.UpdateIgnore(client, policy.ID, ignore.ID, rules.CreateIgnoreOpts{ 634 Domains: []string{"www.example1.com"}, 635 Conditions: []rules.IgnoreCondition{{ 636 Category: "ip", 637 Contents: []string{"192.168.1.1"}, 638 LogicOperation: "equal", 639 }}, 640 Mode: 1, 641 Rule: "all", 642 Description: "updated", 643 }) 644 th.AssertNoErr(t, err) 645 646 t.Logf("Attempting to Get WAF Premium alarm masking rule: %s", ignore.ID) 647 getIgnore, err := rules.GetIgnore(client, policy.ID, ignoreUpdated.ID) 648 th.AssertNoErr(t, err) 649 th.AssertEquals(t, getIgnore.Description, "updated") 650 } 651 652 func TestWafPremiumGeoIpRuleWorkflow(t *testing.T) { 653 region := os.Getenv("OS_REGION_NAME") 654 vpcID := os.Getenv("OS_VPC_ID") 655 if vpcID == "" && region == "" { 656 t.Skip("OS_REGION_NAME, OS_VPC_ID env vars is required for this test") 657 } 658 659 client, err := clients.NewWafdV1Client() 660 th.AssertNoErr(t, err) 661 662 policyName := tools.RandomString("waf-policy-", 3) 663 opts := policies.CreateOpts{ 664 Name: policyName, 665 } 666 policy, err := policies.Create(client, opts) 667 th.AssertNoErr(t, err) 668 th.AssertEquals(t, policy.Name, policyName) 669 670 t.Cleanup(func() { 671 t.Logf("Attempting to delete WAF Premium policy: %s", policy.ID) 672 th.AssertNoErr(t, policies.Delete(client, policy.ID)) 673 t.Logf("Deleted WAF Premium policy: %s", policy.ID) 674 }) 675 geoIpOpts := rules.CreateGeoIpOpts{ 676 GeoIp: "BR", 677 Action: pointerto.Int(0), 678 Name: "Test", 679 Description: "desc", 680 } 681 t.Logf("Attempting to Create WAF Premium geo ip rule") 682 geoIP, err := rules.CreateGeoIp(client, policy.ID, geoIpOpts) 683 th.AssertNoErr(t, err) 684 th.AssertEquals(t, geoIP.Description, "desc") 685 th.AssertEquals(t, geoIP.GeoIp, "BR") 686 th.AssertEquals(t, geoIP.Name, "Test") 687 th.AssertEquals(t, geoIP.Action, 0) 688 689 t.Cleanup(func() { 690 t.Logf("Attempting to delete WAF Premium geo ip rule: %s", geoIP.ID) 691 th.AssertNoErr(t, rules.DeleteGeoIpRule(client, policy.ID, geoIP.ID)) 692 t.Logf("Deleted WAF Premium geo ip rule: %s", geoIP.ID) 693 }) 694 695 t.Logf("Attempting to List WAF Premium geo ip rule") 696 listGeo, err := rules.ListGeoIp(client, policy.ID, rules.ListGeoIpOpts{}) 697 th.AssertNoErr(t, err) 698 if len(listGeo) < 1 { 699 t.Fatal("empty WAF Premium rule list") 700 } 701 702 t.Logf("Attempting to Update WAF Premium geo ip rule: %s", policy.ID) 703 geoUpdated, err := rules.UpdateGeoIp(client, policy.ID, geoIP.ID, rules.UpdateGeoIpOpts{ 704 GeoIp: "DE", 705 Action: pointerto.Int(1), 706 Name: "Updated", 707 Description: "updated", 708 }) 709 th.AssertNoErr(t, err) 710 711 t.Logf("Attempting to Get WAF Premium geo ip rule: %s", geoIP.ID) 712 getGeo, err := rules.GetGeoIp(client, policy.ID, geoUpdated.ID) 713 th.AssertNoErr(t, err) 714 th.AssertEquals(t, getGeo.Description, "updated") 715 th.AssertEquals(t, getGeo.GeoIp, "DE") 716 th.AssertEquals(t, getGeo.Action, 1) 717 th.AssertEquals(t, getGeo.Name, "Updated") 718 } 719 720 func TestWafPremiumRefTableWorkflow(t *testing.T) { 721 t.Skip("Deletion not working") 722 region := os.Getenv("OS_REGION_NAME") 723 vpcID := os.Getenv("OS_VPC_ID") 724 if vpcID == "" && region == "" { 725 t.Skip("OS_REGION_NAME, OS_VPC_ID env vars is required for this test") 726 } 727 728 client, err := clients.NewWafdV1Client() 729 th.AssertNoErr(t, err) 730 tableName := tools.RandomString("waf-table-", 3) 731 refTableOpts := rules.CreateReferenceTableOpts{ 732 Name: tableName, 733 Type: "url", 734 Values: []string{"/demo"}, 735 } 736 t.Logf("Attempting to Create WAF Premium ref table") 737 table, err := rules.CreateReferenceTable(client, refTableOpts) 738 th.AssertNoErr(t, err) 739 th.AssertEquals(t, table.Name, tableName) 740 741 t.Cleanup(func() { 742 t.Logf("Attempting to delete WAF Premium ref table: %s", table.ID) 743 th.AssertNoErr(t, rules.DeleteReferenceTable(client, table.ID)) 744 t.Logf("Deleted WAF Premium ref table: %s", table.ID) 745 }) 746 747 t.Logf("Attempting to List WAF Premium ref table") 748 listTable, err := rules.ListReferenceTable(client, rules.ListReferenceTableOpts{}) 749 th.AssertNoErr(t, err) 750 if len(listTable) < 1 { 751 t.Fatal("empty WAF Premium ref table list") 752 } 753 754 t.Logf("Attempting to Update WAF Premium ref table: %s", table.ID) 755 tableUpdated, err := rules.UpdateReferenceTable(client, table.ID, rules.UpdateReferenceTableOpts{ 756 Name: tableName + "-updated", 757 Type: "url", 758 Values: []string{"/demo"}, 759 Description: "updated", 760 }) 761 th.AssertNoErr(t, err) 762 763 t.Logf("Attempting to Get WAF Premium ref table: %s", table.ID) 764 getTable, err := rules.GetReferenceTable(client, tableUpdated.ID) 765 th.AssertNoErr(t, err) 766 th.AssertEquals(t, getTable.Description, "updated") 767 th.AssertEquals(t, getTable.Name, tableName+"-updated") 768 }