forked from kubernetes-sigs/aws-load-balancer-controller
/
waf.go
88 lines (73 loc) · 2.53 KB
/
waf.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
package waf
import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/waf"
"github.com/aws/aws-sdk-go/service/wafregional"
"github.com/aws/aws-sdk-go/service/wafregional/wafregionaliface"
albprom "github.com/coreos/alb-ingress-controller/pkg/prometheus"
"github.com/prometheus/client_golang/prometheus"
)
// WAFRegionalsvc is a pointer to the awsutil WAFRegional service
var WAFRegionalsvc *WAFRegional
// WAFRegional is our extension to AWS's WAFRegional.wafregional
type WAFRegional struct {
Svc wafregionaliface.WAFRegionalAPI
}
// NewWAFRegional returns an WAFRegional based off of the provided aws.Config
func NewWAFRegional(awsSession *session.Session) {
WAFRegionalsvc = &WAFRegional{
wafregional.New(awsSession),
}
}
// WafAclExists checks whether the provided ID existing in AWS.
func (a *WAFRegional) WafAclExists(web_acl_id *string) (bool, error) {
params := &waf.GetWebACLInput{
WebACLId: web_acl_id,
}
_, err := a.Svc.GetWebACL(params)
if err != nil {
return false, err
}
return true, nil
}
// GetWebACLSummary return associated summary for resource.
func (a *WAFRegional) GetWebACLSummary(resourceArn *string) (*waf.WebACLSummary, error) {
params := &wafregional.GetWebACLForResourceInput{
ResourceArn: aws.String(*resourceArn),
}
result, err := a.Svc.GetWebACLForResource(params)
if err != nil {
albprom.AWSErrorCount.With(
prometheus.Labels{"service": "WAFRegional", "operation": "GetWebACLForResource"}).Add(float64(1))
return nil, err
}
return result.WebACLSummary, nil
}
// Associate WAF ACL to resource.
func (a *WAFRegional) Associate(resourceArn *string, wafAclId *string) (*wafregional.AssociateWebACLOutput, error) {
params := &wafregional.AssociateWebACLInput{
ResourceArn: aws.String(*resourceArn),
WebACLId: aws.String(*wafAclId),
}
result, err := a.Svc.AssociateWebACL(params)
if err != nil {
albprom.AWSErrorCount.With(
prometheus.Labels{"service": "WAFRegional", "operation": "AssociateWebACL"}).Add(float64(1))
return nil, err
}
return result, nil
}
// Disassociate WAF ACL from resource.
func (a *WAFRegional) Disassociate(resourceArn *string) (*wafregional.DisassociateWebACLOutput, error) {
params := &wafregional.DisassociateWebACLInput{
ResourceArn: aws.String(*resourceArn),
}
result, err := a.Svc.DisassociateWebACL(params)
if err != nil {
albprom.AWSErrorCount.With(
prometheus.Labels{"service": "WAFRegional", "operation": "DisassociateWebACL"}).Add(float64(1))
return nil, err
}
return result, nil
}