yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/multicloud/aws/shell/waf.go (about)

     1  // Copyright 2019 Yunion
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package shell
    16  
    17  import (
    18  	"fmt"
    19  	"io/ioutil"
    20  
    21  	"yunion.io/x/jsonutils"
    22  	"yunion.io/x/pkg/errors"
    23  
    24  	"yunion.io/x/cloudmux/pkg/cloudprovider"
    25  	"yunion.io/x/cloudmux/pkg/multicloud/aws"
    26  	"yunion.io/x/onecloud/pkg/util/shellutils"
    27  )
    28  
    29  func init() {
    30  	type WafRuleGroupListOptions struct {
    31  		Scope string `choices:"CLOUDFRONT|REGIONAL" default:"REGIONAL"`
    32  	}
    33  
    34  	shellutils.R(&WafRuleGroupListOptions{}, "waf-managed-rule-group-list", "List waf managed rule group", func(cli *aws.SRegion, args *WafRuleGroupListOptions) error {
    35  		groups, err := cli.ListAvailableManagedRuleGroups(args.Scope)
    36  		if err != nil {
    37  			return err
    38  		}
    39  		printList(groups, 0, 0, 0, []string{})
    40  		return nil
    41  	})
    42  
    43  	shellutils.R(&WafRuleGroupListOptions{}, "waf-rule-group-list", "List waf rule group", func(cli *aws.SRegion, args *WafRuleGroupListOptions) error {
    44  		groups, err := cli.ListRuleGroups(args.Scope)
    45  		if err != nil {
    46  			return err
    47  		}
    48  		printList(groups, 0, 0, 0, []string{})
    49  		return nil
    50  	})
    51  
    52  	type WafRuleGroupShowOptions struct {
    53  		ID    string
    54  		NAME  string
    55  		SCOPE string
    56  	}
    57  
    58  	shellutils.R(&WafRuleGroupShowOptions{}, "waf-rule-group-show", "Show waf rule group", func(cli *aws.SRegion, args *WafRuleGroupShowOptions) error {
    59  		group, err := cli.GetRuleGroup(args.ID, args.NAME, args.SCOPE)
    60  		if err != nil {
    61  			return err
    62  		}
    63  		printObject(group)
    64  		return nil
    65  	})
    66  
    67  	type WafManagedRuleGroupShowOptions struct {
    68  		NAME       string
    69  		SCOPE      string
    70  		VendorName string `default:"AWS"`
    71  	}
    72  
    73  	shellutils.R(&WafManagedRuleGroupShowOptions{}, "waf-managed-rule-group-show", "Show waf rule group", func(cli *aws.SRegion, args *WafManagedRuleGroupShowOptions) error {
    74  		group, err := cli.DescribeManagedRuleGroup(args.NAME, args.SCOPE, args.VendorName)
    75  		if err != nil {
    76  			return err
    77  		}
    78  		printObject(group)
    79  		return nil
    80  	})
    81  
    82  	type RuleGroupDeleteOptions struct {
    83  		ID         string
    84  		NAME       string
    85  		SCOPE      string
    86  		LOCK_TOKEN string
    87  	}
    88  
    89  	shellutils.R(&RuleGroupDeleteOptions{}, "waf-rule-group-delete", "Delete waf ip set", func(cli *aws.SRegion, args *RuleGroupDeleteOptions) error {
    90  		return cli.DeleteRuleGroup(args.ID, args.NAME, args.SCOPE, args.LOCK_TOKEN)
    91  	})
    92  
    93  	type IPSetListOptions struct {
    94  		Scope string `choices:"CLOUDFRONT|REGIONAL" default:"REGIONAL"`
    95  	}
    96  
    97  	shellutils.R(&IPSetListOptions{}, "waf-ipset-list", "List waf ip sets", func(cli *aws.SRegion, args *IPSetListOptions) error {
    98  		ipsets, err := cli.ListIPSets(args.Scope)
    99  		if err != nil {
   100  			return err
   101  		}
   102  		printList(ipsets, 0, 0, 0, []string{})
   103  		return nil
   104  	})
   105  
   106  	type WafIPSetShowOptions struct {
   107  		ID    string
   108  		NAME  string
   109  		SCOPE string
   110  	}
   111  
   112  	shellutils.R(&WafIPSetShowOptions{}, "waf-ipset-show", "Show waf ip sets", func(cli *aws.SRegion, args *WafIPSetShowOptions) error {
   113  		ipset, err := cli.GetIPSet(args.ID, args.NAME, args.SCOPE)
   114  		if err != nil {
   115  			return err
   116  		}
   117  		printObject(ipset)
   118  		return nil
   119  	})
   120  
   121  	type WafIPSetDeleteOptions struct {
   122  		ID         string
   123  		NAME       string
   124  		SCOPE      string
   125  		LOCK_TOKEN string
   126  	}
   127  
   128  	shellutils.R(&WafIPSetDeleteOptions{}, "waf-ipset-delete", "Delete waf ip set", func(cli *aws.SRegion, args *WafIPSetDeleteOptions) error {
   129  		return cli.DeleteIPSet(args.ID, args.NAME, args.SCOPE, args.LOCK_TOKEN)
   130  	})
   131  
   132  	type WafListOptions struct {
   133  		Scope string `choices:"CLOUDFRONT|REGIONAL" default:"REGIONAL"`
   134  	}
   135  
   136  	shellutils.R(&WafListOptions{}, "waf-list", "List web acls", func(cli *aws.SRegion, args *WafListOptions) error {
   137  		acls, err := cli.ListWebACLs(args.Scope)
   138  		if err != nil {
   139  			return err
   140  		}
   141  		printList(acls, 0, 0, 0, []string{})
   142  		return nil
   143  	})
   144  
   145  	type WafShowOptions struct {
   146  		ID    string
   147  		NAME  string
   148  		SCOPE string
   149  	}
   150  
   151  	shellutils.R(&WafShowOptions{}, "waf-show", "Show web acl", func(cli *aws.SRegion, args *WafShowOptions) error {
   152  		webAcl, err := cli.GetWebAcl(args.ID, args.NAME, args.SCOPE)
   153  		if err != nil {
   154  			return err
   155  		}
   156  		printObject(webAcl)
   157  		return nil
   158  	})
   159  
   160  	type WafDeleteOptions struct {
   161  		ID         string
   162  		NAME       string
   163  		SCOPE      string
   164  		LOCK_TOKEN string
   165  	}
   166  
   167  	shellutils.R(&WafDeleteOptions{}, "waf-delete", "Delete web acl", func(cli *aws.SRegion, args *WafDeleteOptions) error {
   168  		return cli.DeleteWebAcl(args.ID, args.NAME, args.SCOPE, args.LOCK_TOKEN)
   169  	})
   170  
   171  	type WafResourceListOptions struct {
   172  		ResType string `choices:"APPLICATION_LOAD_BALANCER|API_GATEWAY|APPSYNC"`
   173  		ARN     string
   174  	}
   175  
   176  	shellutils.R(&WafResourceListOptions{}, "waf-res-list", "List web acl resource", func(cli *aws.SRegion, args *WafResourceListOptions) error {
   177  		res, err := cli.ListResourcesForWebACL(args.ResType, args.ARN)
   178  		if err != nil {
   179  			return err
   180  		}
   181  		fmt.Println("res:", res)
   182  		return nil
   183  	})
   184  
   185  	type WafAddRuleOptions struct {
   186  		WafShowOptions
   187  
   188  		RULE_FILE string
   189  	}
   190  
   191  	shellutils.R(&WafAddRuleOptions{}, "waf-add-rule", "Add web acl rule", func(cli *aws.SRegion, args *WafAddRuleOptions) error {
   192  		waf, err := cli.GetWebAcl(args.ID, args.NAME, args.SCOPE)
   193  		if err != nil {
   194  			return errors.Wrapf(err, "GetWebAcl")
   195  		}
   196  		data, err := ioutil.ReadFile(args.RULE_FILE)
   197  		if err != nil {
   198  			return errors.Wrapf(err, "ReadFile")
   199  		}
   200  		params, err := jsonutils.Parse(data)
   201  		if err != nil {
   202  			return errors.Wrapf(err, "Parse")
   203  		}
   204  		rule := &cloudprovider.SWafRule{}
   205  		params.Unmarshal(rule)
   206  		_, err = waf.AddRule(rule)
   207  		return err
   208  	})
   209  
   210  }