-
Notifications
You must be signed in to change notification settings - Fork 0
/
wafv2_helper.go
148 lines (127 loc) · 4.58 KB
/
wafv2_helper.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
package tests
import (
"fmt"
"testing"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/wafv2"
"github.com/stretchr/testify/assert"
)
// ValidateWAFV2WebACL validate base parameters of a WAFv2 Web ACL
func ValidateWAFV2WebACL(t *testing.T, svc *wafv2.WAFV2, webACLID string, webACLName string, webACLScope string, webACLARN string, verboseOutput bool) {
t.Helper()
getWebACLResult, err := svc.GetWebACL(
&wafv2.GetWebACLInput{
Id: aws.String(webACLID),
Name: aws.String(webACLName),
Scope: aws.String(webACLScope),
},
)
if err != nil {
if aerr, ok := err.(awserr.Error); ok {
switch aerr.Code() {
case wafv2.ErrCodeWAFInternalErrorException:
fmt.Println(wafv2.ErrCodeWAFInternalErrorException, aerr.Error())
case wafv2.ErrCodeWAFNonexistentItemException:
fmt.Println(wafv2.ErrCodeWAFNonexistentItemException, aerr.Error())
case wafv2.ErrCodeWAFInvalidParameterException:
fmt.Println(wafv2.ErrCodeWAFInvalidParameterException, aerr.Error())
case wafv2.ErrCodeWAFUnavailableEntityException:
fmt.Println(wafv2.ErrCodeWAFUnavailableEntityException, aerr.Error())
case wafv2.ErrCodeWAFInvalidOperationException:
fmt.Println(wafv2.ErrCodeWAFInvalidOperationException, aerr.Error())
default:
fmt.Println(aerr.Error())
}
} else {
fmt.Println(err.Error())
}
t.Logf("Failing test.")
t.Fail()
return
}
if verboseOutput {
fmt.Println(getWebACLResult.String())
}
assert.Equal(t, webACLARN, *getWebACLResult.WebACL.ARN)
assert.Equal(t, webACLID, *getWebACLResult.WebACL.Id)
assert.Equal(t, webACLName, *getWebACLResult.WebACL.Name)
}
// ValidateWAFV2WebACLRulesByName validate the expected names of rules are associated to a WAFv2 Web ACL
func ValidateWAFV2WebACLRulesByName(t *testing.T, svc *wafv2.WAFV2, webACLID string, webACLName string, webACLScope string, expectedRuleNameList []string, verboseOutput bool) {
t.Helper()
getWebACLResult, err := svc.GetWebACL(
&wafv2.GetWebACLInput{
Id: aws.String(webACLID),
Name: aws.String(webACLName),
Scope: aws.String(webACLScope),
},
)
if err != nil {
if aerr, ok := err.(awserr.Error); ok {
switch aerr.Code() {
case wafv2.ErrCodeWAFInternalErrorException:
fmt.Println(wafv2.ErrCodeWAFInternalErrorException, aerr.Error())
case wafv2.ErrCodeWAFNonexistentItemException:
fmt.Println(wafv2.ErrCodeWAFNonexistentItemException, aerr.Error())
case wafv2.ErrCodeWAFInvalidParameterException:
fmt.Println(wafv2.ErrCodeWAFInvalidParameterException, aerr.Error())
case wafv2.ErrCodeWAFUnavailableEntityException:
fmt.Println(wafv2.ErrCodeWAFUnavailableEntityException, aerr.Error())
case wafv2.ErrCodeWAFInvalidOperationException:
fmt.Println(wafv2.ErrCodeWAFInvalidOperationException, aerr.Error())
default:
fmt.Println(aerr.Error())
}
} else {
fmt.Println(err.Error())
}
t.Logf("Failing test.")
t.Fail()
return
}
if verboseOutput {
fmt.Println(getWebACLResult.String())
}
resultRuleNameList := []string{}
for _, rule := range getWebACLResult.WebACL.Rules {
resultRuleNameList = append(resultRuleNameList, *rule.Name)
}
assert.ElementsMatch(t, expectedRuleNameList, resultRuleNameList)
}
// ValidateResourceAssociatedToWAFV2WebACL validate a REGIONAL qualified resource ARN is associated to a WAFv2 Web ACL
func ValidateResourceAssociatedToWAFV2WebACL(t *testing.T, svc *wafv2.WAFV2, resourceARN string, webACLARN string, verboseOutput bool) {
t.Helper()
getWebACLForResourceResult, err := svc.GetWebACLForResource(
&wafv2.GetWebACLForResourceInput{
ResourceArn: aws.String(resourceARN),
},
)
if err != nil {
if aerr, ok := err.(awserr.Error); ok {
switch aerr.Code() {
case wafv2.ErrCodeWAFInternalErrorException:
fmt.Println(wafv2.ErrCodeWAFInternalErrorException, aerr.Error())
case wafv2.ErrCodeWAFNonexistentItemException:
fmt.Println(wafv2.ErrCodeWAFNonexistentItemException, aerr.Error())
case wafv2.ErrCodeWAFInvalidParameterException:
fmt.Println(wafv2.ErrCodeWAFInvalidParameterException, aerr.Error())
case wafv2.ErrCodeWAFUnavailableEntityException:
fmt.Println(wafv2.ErrCodeWAFUnavailableEntityException, aerr.Error())
case wafv2.ErrCodeWAFInvalidOperationException:
fmt.Println(wafv2.ErrCodeWAFInvalidOperationException, aerr.Error())
default:
fmt.Println(aerr.Error())
}
} else {
fmt.Println(err.Error())
}
t.Logf("Failing test.")
t.Fail()
return
}
if verboseOutput {
fmt.Println(fmt.Println(getWebACLForResourceResult.String()))
}
assert.Equal(t, webACLARN, *getWebACLForResourceResult.WebACL.ARN)
}