-
Notifications
You must be signed in to change notification settings - Fork 70
/
Copy pathapi_constraints_protection.go
147 lines (122 loc) · 5.96 KB
/
api_constraints_protection.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
package appsec
import (
"context"
"fmt"
"net/http"
"github.com/akamai/AkamaiOPEN-edgegrid-golang/v10/pkg/session"
validation "github.com/go-ozzo/ozzo-validation/v4"
)
type (
// The ApiConstraintsProtection interface supports retrieving and updating API request constraints protection for a configuration and policy.
// Deprecated: this interface will be removed in a future release. Use the SecurityPolicy interface instead.
ApiConstraintsProtection interface {
// GetAPIConstraintsProtection retrieves the current API constraints protection setting for a configuration and policy.
// Deprecated: this method will be removed in a future release. Use the GetPolicyProtections method of the PolicyProtections interface instead.
//
// See: https://techdocs.akamai.com/application-security/reference/get-policy-protections
GetAPIConstraintsProtection(ctx context.Context, params GetAPIConstraintsProtectionRequest) (*GetAPIConstraintsProtectionResponse, error)
// UpdateAPIConstraintsProtection updates the API constraints protection setting for a configuration and policy.
// Deprecated: this method will be removed in a future release. Use the CreateSecurityPolicyWithDefaultProtections method of the SecurityPolicy interface instead.
//
// See: https://techdocs.akamai.com/application-security/reference/put-policy-protections
UpdateAPIConstraintsProtection(ctx context.Context, params UpdateAPIConstraintsProtectionRequest) (*UpdateAPIConstraintsProtectionResponse, error)
}
// GetAPIConstraintsProtectionRequest is used to retrieve the API constraints protection setting.
GetAPIConstraintsProtectionRequest struct {
ConfigID int `json:"-"`
Version int `json:"-"`
PolicyID string `json:"-"`
ApplyAPIConstraints bool `json:"applyApiConstraints"`
}
// ProtectionsResponse is returned from a call to GetAPIConstraintsProtection and similar security policy protection requests.
ProtectionsResponse struct {
ApplyAPIConstraints bool `json:"applyApiConstraints,omitempty"`
ApplyApplicationLayerControls bool `json:"applyApplicationLayerControls,omitempty"`
ApplyBotmanControls bool `json:"applyBotmanControls,omitempty"`
ApplyMalwareControls bool `json:"applyMalwareControls,omitempty"`
ApplyNetworkLayerControls bool `json:"applyNetworkLayerControls,omitempty"`
ApplyRateControls bool `json:"applyRateControls,omitempty"`
ApplyReputationControls bool `json:"applyReputationControls,omitempty"`
ApplySlowPostControls bool `json:"applySlowPostControls,omitempty"`
}
// GetAPIConstraintsProtectionResponse contains the status of various protection flags assigned to a security policy.
GetAPIConstraintsProtectionResponse ProtectionsResponse
// UpdateAPIConstraintsProtectionRequest is used to modify the API constraints protection setting.
UpdateAPIConstraintsProtectionRequest struct {
ConfigID int `json:"-"`
Version int `json:"-"`
PolicyID string `json:"-"`
ApplyAPIConstraints bool `json:"applyApiConstraints"`
}
// UpdateAPIConstraintsProtectionResponse is returned from a call to UpdateAPIConstraintsProtection.
UpdateAPIConstraintsProtectionResponse ProtectionsResponse
)
// Validate validates a GetAPIConstraintsProtectionRequest.
func (v GetAPIConstraintsProtectionRequest) Validate() error {
return validation.Errors{
"ConfigID": validation.Validate(v.ConfigID, validation.Required),
"Version": validation.Validate(v.Version, validation.Required),
"PolicyID": validation.Validate(v.PolicyID, validation.Required),
}.Filter()
}
// Validate validates an UpdateAPIConstraintsProtectionRequest.
func (v UpdateAPIConstraintsProtectionRequest) Validate() error {
return validation.Errors{
"ConfigID": validation.Validate(v.ConfigID, validation.Required),
"Version": validation.Validate(v.Version, validation.Required),
"PolicyID": validation.Validate(v.PolicyID, validation.Required),
}.Filter()
}
func (p *appsec) GetAPIConstraintsProtection(ctx context.Context, params GetAPIConstraintsProtectionRequest) (*GetAPIConstraintsProtectionResponse, error) {
logger := p.Log(ctx)
logger.Debug("GetAPIConstraintsProtection")
if err := params.Validate(); err != nil {
return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error())
}
uri := fmt.Sprintf(
"/appsec/v1/configs/%d/versions/%d/security-policies/%s/protections",
params.ConfigID,
params.Version,
params.PolicyID)
req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil)
if err != nil {
return nil, fmt.Errorf("failed to create GetAPIConstraintsProtection request: %w", err)
}
var result GetAPIConstraintsProtectionResponse
resp, err := p.Exec(req, &result)
if err != nil {
return nil, fmt.Errorf("get API constraints protection request failed: %w", err)
}
defer session.CloseResponseBody(resp)
if resp.StatusCode != http.StatusOK {
return nil, p.Error(resp)
}
return &result, nil
}
func (p *appsec) UpdateAPIConstraintsProtection(ctx context.Context, params UpdateAPIConstraintsProtectionRequest) (*UpdateAPIConstraintsProtectionResponse, error) {
logger := p.Log(ctx)
logger.Debug("UpdateAPIConstraintsProtection")
if err := params.Validate(); err != nil {
return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error())
}
uri := fmt.Sprintf(
"/appsec/v1/configs/%d/versions/%d/security-policies/%s/protections",
params.ConfigID,
params.Version,
params.PolicyID,
)
req, err := http.NewRequestWithContext(ctx, http.MethodPut, uri, nil)
if err != nil {
return nil, fmt.Errorf("failed to create UpdateAPIConstraintsProtection request: %w", err)
}
var result UpdateAPIConstraintsProtectionResponse
resp, err := p.Exec(req, &result, params)
if err != nil {
return nil, fmt.Errorf("update API constraints protection request failed: %w", err)
}
defer session.CloseResponseBody(resp)
if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated {
return nil, p.Error(resp)
}
return &result, nil
}