/
api_types.go
3396 lines (3052 loc) · 127 KB
/
api_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
package wafregional
import (
"fmt"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/internal/awsutil"
)
var _ aws.Config
var _ = awsutil.Prettify
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// The ActivatedRule object in an UpdateWebACL request specifies a Rule that
// you want to insert or delete, the priority of the Rule in the WebACL, and
// the action that you want AWS WAF to take when a web request matches the Rule
// (ALLOW, BLOCK, or COUNT).
//
// To specify whether to insert or delete a Rule, use the Action parameter in
// the WebACLUpdate data type.
type ActivatedRule struct {
_ struct{} `type:"structure"`
// Specifies the action that CloudFront or AWS WAF takes when a web request
// matches the conditions in the Rule. Valid values for Action include the following:
//
// * ALLOW: CloudFront responds with the requested object.
//
// * BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code.
//
// * COUNT: AWS WAF increments a counter of requests that match the conditions
// in the rule and then continues to inspect the web request based on the
// remaining rules in the web ACL.
//
// ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup
// to a WebACL. In this case, you do not use ActivatedRule|Action. For all other
// update requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.
Action *WafAction `type:"structure"`
// An array of rules to exclude from a rule group. This is applicable only when
// the ActivatedRule refers to a RuleGroup.
//
// Sometimes it is necessary to troubleshoot rule groups that are blocking traffic
// unexpectedly (false positives). One troubleshooting technique is to identify
// the specific rule within the rule group that is blocking the legitimate traffic
// and then disable (exclude) that particular rule. You can exclude rules from
// both your own rule groups and AWS Marketplace rule groups that have been
// associated with a web ACL.
//
// Specifying ExcludedRules does not remove those rules from the rule group.
// Rather, it changes the action for the rules to COUNT. Therefore, requests
// that match an ExcludedRule are counted but not blocked. The RuleGroup owner
// will receive COUNT metrics for each ExcludedRule.
//
// If you want to exclude rules from a rule group that is already associated
// with a web ACL, perform the following steps:
//
// Use the AWS WAF logs to identify the IDs of the rules that you want to exclude.
// For more information about the logs, see Logging Web ACL Traffic Information
// (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html).
//
// Submit an UpdateWebACL request that has two actions:
//
// * The first action deletes the existing rule group from the web ACL. That
// is, in the UpdateWebACL request, the first Updates:Action should be DELETE
// and Updates:ActivatedRule:RuleId should be the rule group that contains
// the rules that you want to exclude.
//
// * The second action inserts the same rule group back in, but specifying
// the rules to exclude. That is, the second Updates:Action should be INSERT,
// Updates:ActivatedRule:RuleId should be the rule group that you just removed,
// and ExcludedRules should contain the rules that you want to exclude.
ExcludedRules []ExcludedRule `type:"list"`
// Use the OverrideAction to test your RuleGroup.
//
// Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction
// to None, the RuleGroup will block a request if any individual rule in the
// RuleGroup matches the request and is configured to block that request. However
// if you first want to test the RuleGroup, set the OverrideAction to Count.
// The RuleGroup will then override any block action specified by individual
// rules contained within the group. Instead of blocking matching requests,
// those requests will be counted. You can view a record of counted requests
// using GetSampledRequests.
//
// ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup
// to a WebACL. In this case you do not use ActivatedRule|Action. For all other
// update requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.
OverrideAction *WafOverrideAction `type:"structure"`
// Specifies the order in which the Rules in a WebACL are evaluated. Rules with
// a lower value for Priority are evaluated before Rules with a higher value.
// The value must be a unique integer. If you add multiple Rules to a WebACL,
// the values don't need to be consecutive.
//
// Priority is a required field
Priority *int64 `type:"integer" required:"true"`
// The RuleId for a Rule. You use RuleId to get more information about a Rule
// (see GetRule), update a Rule (see UpdateRule), insert a Rule into a WebACL
// or delete a one from a WebACL (see UpdateWebACL), or delete a Rule from AWS
// WAF (see DeleteRule).
//
// RuleId is returned by CreateRule and by ListRules.
//
// RuleId is a required field
RuleId *string `min:"1" type:"string" required:"true"`
// The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined
// by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR.
// Although this field is optional, be aware that if you try to add a RATE_BASED
// rule to a web ACL without setting the type, the UpdateWebACL request will
// fail because the request tries to add a REGULAR rule with the specified ID,
// which does not exist.
Type WafRuleType `type:"string" enum:"true"`
}
// String returns the string representation
func (s ActivatedRule) String() string {
return awsutil.Prettify(s)
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ActivatedRule) Validate() error {
invalidParams := aws.ErrInvalidParams{Context: "ActivatedRule"}
if s.Priority == nil {
invalidParams.Add(aws.NewErrParamRequired("Priority"))
}
if s.RuleId == nil {
invalidParams.Add(aws.NewErrParamRequired("RuleId"))
}
if s.RuleId != nil && len(*s.RuleId) < 1 {
invalidParams.Add(aws.NewErrParamMinLen("RuleId", 1))
}
if s.Action != nil {
if err := s.Action.Validate(); err != nil {
invalidParams.AddNested("Action", err.(aws.ErrInvalidParams))
}
}
if s.ExcludedRules != nil {
for i, v := range s.ExcludedRules {
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ExcludedRules", i), err.(aws.ErrInvalidParams))
}
}
}
if s.OverrideAction != nil {
if err := s.OverrideAction.Validate(); err != nil {
invalidParams.AddNested("OverrideAction", err.(aws.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// In a GetByteMatchSet request, ByteMatchSet is a complex type that contains
// the ByteMatchSetId and Name of a ByteMatchSet, and the values that you specified
// when you updated the ByteMatchSet.
//
// A complex type that contains ByteMatchTuple objects, which specify the parts
// of web requests that you want AWS WAF to inspect and the values that you
// want AWS WAF to search for. If a ByteMatchSet contains more than one ByteMatchTuple
// object, a request needs to match the settings in only one ByteMatchTuple
// to be considered a match.
type ByteMatchSet struct {
_ struct{} `type:"structure"`
// The ByteMatchSetId for a ByteMatchSet. You use ByteMatchSetId to get information
// about a ByteMatchSet (see GetByteMatchSet), update a ByteMatchSet (see UpdateByteMatchSet),
// insert a ByteMatchSet into a Rule or delete one from a Rule (see UpdateRule),
// and delete a ByteMatchSet from AWS WAF (see DeleteByteMatchSet).
//
// ByteMatchSetId is returned by CreateByteMatchSet and by ListByteMatchSets.
//
// ByteMatchSetId is a required field
ByteMatchSetId *string `min:"1" type:"string" required:"true"`
// Specifies the bytes (typically a string that corresponds with ASCII characters)
// that you want AWS WAF to search for in web requests, the location in requests
// that you want AWS WAF to search, and other settings.
//
// ByteMatchTuples is a required field
ByteMatchTuples []ByteMatchTuple `type:"list" required:"true"`
// A friendly name or description of the ByteMatchSet. You can't change Name
// after you create a ByteMatchSet.
Name *string `min:"1" type:"string"`
}
// String returns the string representation
func (s ByteMatchSet) String() string {
return awsutil.Prettify(s)
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// Returned by ListByteMatchSets. Each ByteMatchSetSummary object includes the
// Name and ByteMatchSetId for one ByteMatchSet.
type ByteMatchSetSummary struct {
_ struct{} `type:"structure"`
// The ByteMatchSetId for a ByteMatchSet. You use ByteMatchSetId to get information
// about a ByteMatchSet, update a ByteMatchSet, remove a ByteMatchSet from a
// Rule, and delete a ByteMatchSet from AWS WAF.
//
// ByteMatchSetId is returned by CreateByteMatchSet and by ListByteMatchSets.
//
// ByteMatchSetId is a required field
ByteMatchSetId *string `min:"1" type:"string" required:"true"`
// A friendly name or description of the ByteMatchSet. You can't change Name
// after you create a ByteMatchSet.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation
func (s ByteMatchSetSummary) String() string {
return awsutil.Prettify(s)
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// In an UpdateByteMatchSet request, ByteMatchSetUpdate specifies whether to
// insert or delete a ByteMatchTuple and includes the settings for the ByteMatchTuple.
type ByteMatchSetUpdate struct {
_ struct{} `type:"structure"`
// Specifies whether to insert or delete a ByteMatchTuple.
//
// Action is a required field
Action ChangeAction `type:"string" required:"true" enum:"true"`
// Information about the part of a web request that you want AWS WAF to inspect
// and the value that you want AWS WAF to search for. If you specify DELETE
// for the value of Action, the ByteMatchTuple values must exactly match the
// values in the ByteMatchTuple that you want to delete from the ByteMatchSet.
//
// ByteMatchTuple is a required field
ByteMatchTuple *ByteMatchTuple `type:"structure" required:"true"`
}
// String returns the string representation
func (s ByteMatchSetUpdate) String() string {
return awsutil.Prettify(s)
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ByteMatchSetUpdate) Validate() error {
invalidParams := aws.ErrInvalidParams{Context: "ByteMatchSetUpdate"}
if len(s.Action) == 0 {
invalidParams.Add(aws.NewErrParamRequired("Action"))
}
if s.ByteMatchTuple == nil {
invalidParams.Add(aws.NewErrParamRequired("ByteMatchTuple"))
}
if s.ByteMatchTuple != nil {
if err := s.ByteMatchTuple.Validate(); err != nil {
invalidParams.AddNested("ByteMatchTuple", err.(aws.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// The bytes (typically a string that corresponds with ASCII characters) that
// you want AWS WAF to search for in web requests, the location in requests
// that you want AWS WAF to search, and other settings.
type ByteMatchTuple struct {
_ struct{} `type:"structure"`
// The part of a web request that you want AWS WAF to search, such as a specified
// header or a query string. For more information, see FieldToMatch.
//
// FieldToMatch is a required field
FieldToMatch *FieldToMatch `type:"structure" required:"true"`
// Within the portion of a web request that you want to search (for example,
// in the query string, if any), specify where you want AWS WAF to search. Valid
// values include the following:
//
// CONTAINS
//
// The specified part of the web request must include the value of TargetString,
// but the location doesn't matter.
//
// CONTAINS_WORD
//
// The specified part of the web request must include the value of TargetString,
// and TargetString must contain only alphanumeric characters or underscore
// (A-Z, a-z, 0-9, or _). In addition, TargetString must be a word, which means
// one of the following:
//
// * TargetString exactly matches the value of the specified part of the
// web request, such as the value of a header.
//
// * TargetString is at the beginning of the specified part of the web request
// and is followed by a character other than an alphanumeric character or
// underscore (_), for example, BadBot;.
//
// * TargetString is at the end of the specified part of the web request
// and is preceded by a character other than an alphanumeric character or
// underscore (_), for example, ;BadBot.
//
// * TargetString is in the middle of the specified part of the web request
// and is preceded and followed by characters other than alphanumeric characters
// or underscore (_), for example, -BadBot;.
//
// EXACTLY
//
// The value of the specified part of the web request must exactly match the
// value of TargetString.
//
// STARTS_WITH
//
// The value of TargetString must appear at the beginning of the specified part
// of the web request.
//
// ENDS_WITH
//
// The value of TargetString must appear at the end of the specified part of
// the web request.
//
// PositionalConstraint is a required field
PositionalConstraint PositionalConstraint `type:"string" required:"true" enum:"true"`
// The value that you want AWS WAF to search for. AWS WAF searches for the specified
// string in the part of web requests that you specified in FieldToMatch. The
// maximum length of the value is 50 bytes.
//
// Valid values depend on the values that you specified for FieldToMatch:
//
// * HEADER: The value that you want AWS WAF to search for in the request
// header that you specified in FieldToMatch, for example, the value of the
// User-Agent or Referer header.
//
// * METHOD: The HTTP method, which indicates the type of operation specified
// in the request. CloudFront supports the following methods: DELETE, GET,
// HEAD, OPTIONS, PATCH, POST, and PUT.
//
// * QUERY_STRING: The value that you want AWS WAF to search for in the query
// string, which is the part of a URL that appears after a ? character.
//
// * URI: The value that you want AWS WAF to search for in the part of a
// URL that identifies a resource, for example, /images/daily-ad.jpg.
//
// * BODY: The part of a request that contains any additional data that you
// want to send to your web server as the HTTP request body, such as data
// from a form. The request body immediately follows the request headers.
// Note that only the first 8192 bytes of the request body are forwarded
// to AWS WAF for inspection. To allow or block requests based on the length
// of the body, you can create a size constraint set. For more information,
// see CreateSizeConstraintSet.
//
// * SINGLE_QUERY_ARG: The parameter in the query string that you will inspect,
// such as UserName or SalesRegion. The maximum length for SINGLE_QUERY_ARG
// is 30 characters.
//
// * ALL_QUERY_ARGS: Similar to SINGLE_QUERY_ARG, but instead of inspecting
// a single parameter, AWS WAF inspects all parameters within the query string
// for the value or regex pattern that you specify in TargetString.
//
// If TargetString includes alphabetic characters A-Z and a-z, note that the
// value is case sensitive.
//
// If you're using the AWS WAF API
//
// Specify a base64-encoded version of the value. The maximum length of the
// value before you base64-encode it is 50 bytes.
//
// For example, suppose the value of Type is HEADER and the value of Data is
// User-Agent. If you want to search the User-Agent header for the value BadBot,
// you base64-encode BadBot using MIME base64-encoding and include the resulting
// value, QmFkQm90, in the value of TargetString.
//
// If you're using the AWS CLI or one of the AWS SDKs
//
// The value that you want AWS WAF to search for. The SDK automatically base64
// encodes the value.
//
// TargetString is automatically base64 encoded/decoded by the SDK.
//
// TargetString is a required field
TargetString []byte `type:"blob" required:"true"`
// Text transformations eliminate some of the unusual formatting that attackers
// use in web requests in an effort to bypass AWS WAF. If you specify a transformation,
// AWS WAF performs the transformation on FieldToMatch before inspecting it
// for a match.
//
// You can only specify a single type of TextTransformation.
//
// CMD_LINE
//
// When you're concerned that attackers are injecting an operating system command
// line command and using unusual formatting to disguise some or all of the
// command, use this option to perform the following transformations:
//
// * Delete the following characters: \ " ' ^
//
// * Delete spaces before the following characters: / (
//
// * Replace the following characters with a space: , ;
//
// * Replace multiple spaces with one space
//
// * Convert uppercase letters (A-Z) to lowercase (a-z)
//
// COMPRESS_WHITE_SPACE
//
// Use this option to replace the following characters with a space character
// (decimal 32):
//
// * \f, formfeed, decimal 12
//
// * \t, tab, decimal 9
//
// * \n, newline, decimal 10
//
// * \r, carriage return, decimal 13
//
// * \v, vertical tab, decimal 11
//
// * non-breaking space, decimal 160
//
// COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.
//
// HTML_ENTITY_DECODE
//
// Use this option to replace HTML-encoded characters with unencoded characters.
// HTML_ENTITY_DECODE performs the following operations:
//
// * Replaces (ampersand)quot; with "
//
// * Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
//
// * Replaces (ampersand)lt; with a "less than" symbol
//
// * Replaces (ampersand)gt; with >
//
// * Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;,
// with the corresponding characters
//
// * Replaces characters that are represented in decimal format, (ampersand)#nnnn;,
// with the corresponding characters
//
// LOWERCASE
//
// Use this option to convert uppercase letters (A-Z) to lowercase (a-z).
//
// URL_DECODE
//
// Use this option to decode a URL-encoded value.
//
// NONE
//
// Specify NONE if you don't want to perform any text transformations.
//
// TextTransformation is a required field
TextTransformation TextTransformation `type:"string" required:"true" enum:"true"`
}
// String returns the string representation
func (s ByteMatchTuple) String() string {
return awsutil.Prettify(s)
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ByteMatchTuple) Validate() error {
invalidParams := aws.ErrInvalidParams{Context: "ByteMatchTuple"}
if s.FieldToMatch == nil {
invalidParams.Add(aws.NewErrParamRequired("FieldToMatch"))
}
if len(s.PositionalConstraint) == 0 {
invalidParams.Add(aws.NewErrParamRequired("PositionalConstraint"))
}
if s.TargetString == nil {
invalidParams.Add(aws.NewErrParamRequired("TargetString"))
}
if len(s.TextTransformation) == 0 {
invalidParams.Add(aws.NewErrParamRequired("TextTransformation"))
}
if s.FieldToMatch != nil {
if err := s.FieldToMatch.Validate(); err != nil {
invalidParams.AddNested("FieldToMatch", err.(aws.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// The rule to exclude from a rule group. This is applicable only when the ActivatedRule
// refers to a RuleGroup. The rule must belong to the RuleGroup that is specified
// by the ActivatedRule.
type ExcludedRule struct {
_ struct{} `type:"structure"`
// The unique identifier for the rule to exclude from the rule group.
//
// RuleId is a required field
RuleId *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation
func (s ExcludedRule) String() string {
return awsutil.Prettify(s)
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ExcludedRule) Validate() error {
invalidParams := aws.ErrInvalidParams{Context: "ExcludedRule"}
if s.RuleId == nil {
invalidParams.Add(aws.NewErrParamRequired("RuleId"))
}
if s.RuleId != nil && len(*s.RuleId) < 1 {
invalidParams.Add(aws.NewErrParamMinLen("RuleId", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// Specifies where in a web request to look for TargetString.
type FieldToMatch struct {
_ struct{} `type:"structure"`
// When the value of Type is HEADER, enter the name of the header that you want
// AWS WAF to search, for example, User-Agent or Referer. The name of the header
// is not case sensitive.
//
// When the value of Type is SINGLE_QUERY_ARG, enter the name of the parameter
// that you want AWS WAF to search, for example, UserName or SalesRegion. The
// parameter name is not case sensitive.
//
// If the value of Type is any other value, omit Data.
Data *string `min:"1" type:"string"`
// The part of the web request that you want AWS WAF to search for a specified
// string. Parts of a request that you can search include the following:
//
// * HEADER: A specified request header, for example, the value of the User-Agent
// or Referer header. If you choose HEADER for the type, specify the name
// of the header in Data.
//
// * METHOD: The HTTP method, which indicated the type of operation that
// the request is asking the origin to perform. Amazon CloudFront supports
// the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.
//
// * QUERY_STRING: A query string, which is the part of a URL that appears
// after a ? character, if any.
//
// * URI: The part of a web request that identifies a resource, for example,
// /images/daily-ad.jpg.
//
// * BODY: The part of a request that contains any additional data that you
// want to send to your web server as the HTTP request body, such as data
// from a form. The request body immediately follows the request headers.
// Note that only the first 8192 bytes of the request body are forwarded
// to AWS WAF for inspection. To allow or block requests based on the length
// of the body, you can create a size constraint set. For more information,
// see CreateSizeConstraintSet.
//
// * SINGLE_QUERY_ARG: The parameter in the query string that you will inspect,
// such as UserName or SalesRegion. The maximum length for SINGLE_QUERY_ARG
// is 30 characters.
//
// * ALL_QUERY_ARGS: Similar to SINGLE_QUERY_ARG, but rather than inspecting
// a single parameter, AWS WAF will inspect all parameters within the query
// for the value or regex pattern that you specify in TargetString.
//
// Type is a required field
Type MatchFieldType `type:"string" required:"true" enum:"true"`
}
// String returns the string representation
func (s FieldToMatch) String() string {
return awsutil.Prettify(s)
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *FieldToMatch) Validate() error {
invalidParams := aws.ErrInvalidParams{Context: "FieldToMatch"}
if s.Data != nil && len(*s.Data) < 1 {
invalidParams.Add(aws.NewErrParamMinLen("Data", 1))
}
if len(s.Type) == 0 {
invalidParams.Add(aws.NewErrParamRequired("Type"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// The country from which web requests originate that you want AWS WAF to search
// for.
type GeoMatchConstraint struct {
_ struct{} `type:"structure"`
// The type of geographical area you want AWS WAF to search for. Currently Country
// is the only valid value.
//
// Type is a required field
Type GeoMatchConstraintType `type:"string" required:"true" enum:"true"`
// The country that you want AWS WAF to search for.
//
// Value is a required field
Value GeoMatchConstraintValue `type:"string" required:"true" enum:"true"`
}
// String returns the string representation
func (s GeoMatchConstraint) String() string {
return awsutil.Prettify(s)
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *GeoMatchConstraint) Validate() error {
invalidParams := aws.ErrInvalidParams{Context: "GeoMatchConstraint"}
if len(s.Type) == 0 {
invalidParams.Add(aws.NewErrParamRequired("Type"))
}
if len(s.Value) == 0 {
invalidParams.Add(aws.NewErrParamRequired("Value"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// Contains one or more countries that AWS WAF will search for.
type GeoMatchSet struct {
_ struct{} `type:"structure"`
// An array of GeoMatchConstraint objects, which contain the country that you
// want AWS WAF to search for.
//
// GeoMatchConstraints is a required field
GeoMatchConstraints []GeoMatchConstraint `type:"list" required:"true"`
// The GeoMatchSetId for an GeoMatchSet. You use GeoMatchSetId to get information
// about a GeoMatchSet (see GeoMatchSet), update a GeoMatchSet (see UpdateGeoMatchSet),
// insert a GeoMatchSet into a Rule or delete one from a Rule (see UpdateRule),
// and delete a GeoMatchSet from AWS WAF (see DeleteGeoMatchSet).
//
// GeoMatchSetId is returned by CreateGeoMatchSet and by ListGeoMatchSets.
//
// GeoMatchSetId is a required field
GeoMatchSetId *string `min:"1" type:"string" required:"true"`
// A friendly name or description of the GeoMatchSet. You can't change the name
// of an GeoMatchSet after you create it.
Name *string `min:"1" type:"string"`
}
// String returns the string representation
func (s GeoMatchSet) String() string {
return awsutil.Prettify(s)
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// Contains the identifier and the name of the GeoMatchSet.
type GeoMatchSetSummary struct {
_ struct{} `type:"structure"`
// The GeoMatchSetId for an GeoMatchSet. You can use GeoMatchSetId in a GetGeoMatchSet
// request to get detailed information about an GeoMatchSet.
//
// GeoMatchSetId is a required field
GeoMatchSetId *string `min:"1" type:"string" required:"true"`
// A friendly name or description of the GeoMatchSet. You can't change the name
// of an GeoMatchSet after you create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation
func (s GeoMatchSetSummary) String() string {
return awsutil.Prettify(s)
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// Specifies the type of update to perform to an GeoMatchSet with UpdateGeoMatchSet.
type GeoMatchSetUpdate struct {
_ struct{} `type:"structure"`
// Specifies whether to insert or delete a country with UpdateGeoMatchSet.
//
// Action is a required field
Action ChangeAction `type:"string" required:"true" enum:"true"`
// The country from which web requests originate that you want AWS WAF to search
// for.
//
// GeoMatchConstraint is a required field
GeoMatchConstraint *GeoMatchConstraint `type:"structure" required:"true"`
}
// String returns the string representation
func (s GeoMatchSetUpdate) String() string {
return awsutil.Prettify(s)
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *GeoMatchSetUpdate) Validate() error {
invalidParams := aws.ErrInvalidParams{Context: "GeoMatchSetUpdate"}
if len(s.Action) == 0 {
invalidParams.Add(aws.NewErrParamRequired("Action"))
}
if s.GeoMatchConstraint == nil {
invalidParams.Add(aws.NewErrParamRequired("GeoMatchConstraint"))
}
if s.GeoMatchConstraint != nil {
if err := s.GeoMatchConstraint.Validate(); err != nil {
invalidParams.AddNested("GeoMatchConstraint", err.(aws.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// The response from a GetSampledRequests request includes an HTTPHeader complex
// type that appears as Headers in the response syntax. HTTPHeader contains
// the names and values of all of the headers that appear in one of the web
// requests that were returned by GetSampledRequests.
type HTTPHeader struct {
_ struct{} `type:"structure"`
// The name of one of the headers in the sampled web request.
Name *string `type:"string"`
// The value of one of the headers in the sampled web request.
Value *string `type:"string"`
}
// String returns the string representation
func (s HTTPHeader) String() string {
return awsutil.Prettify(s)
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// The response from a GetSampledRequests request includes an HTTPRequest complex
// type that appears as Request in the response syntax. HTTPRequest contains
// information about one of the web requests that were returned by GetSampledRequests.
type HTTPRequest struct {
_ struct{} `type:"structure"`
// The IP address that the request originated from. If the WebACL is associated
// with a CloudFront distribution, this is the value of one of the following
// fields in CloudFront access logs:
//
// * c-ip, if the viewer did not use an HTTP proxy or a load balancer to
// send the request
//
// * x-forwarded-for, if the viewer did use an HTTP proxy or a load balancer
// to send the request
ClientIP *string `type:"string"`
// The two-letter country code for the country that the request originated from.
// For a current list of country codes, see the Wikipedia entry ISO 3166-1 alpha-2
// (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).
Country *string `type:"string"`
// The HTTP version specified in the sampled web request, for example, HTTP/1.1.
HTTPVersion *string `type:"string"`
// A complex type that contains two values for each header in the sampled web
// request: the name of the header and the value of the header.
Headers []HTTPHeader `type:"list"`
// The HTTP method specified in the sampled web request. CloudFront supports
// the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.
Method *string `type:"string"`
// The part of a web request that identifies the resource, for example, /images/daily-ad.jpg.
URI *string `type:"string"`
}
// String returns the string representation
func (s HTTPRequest) String() string {
return awsutil.Prettify(s)
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// Contains one or more IP addresses or blocks of IP addresses specified in
// Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports IPv4 address
// ranges: /8 and any range between /16 through /32. AWS WAF supports IPv6 address
// ranges: /24, /32, /48, /56, /64, and /128.
//
// To specify an individual IP address, you specify the four-part IP address
// followed by a /32, for example, 192.0.2.0/32. To block a range of IP addresses,
// you can specify /8 or any range between /16 through /32 (for IPv4) or /24,
// /32, /48, /56, /64, or /128 (for IPv6). For more information about CIDR notation,
// see the Wikipedia entry Classless Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
type IPSet struct {
_ struct{} `type:"structure"`
// The IP address type (IPV4 or IPV6) and the IP address range (in CIDR notation)
// that web requests originate from. If the WebACL is associated with a CloudFront
// distribution and the viewer did not use an HTTP proxy or a load balancer
// to send the request, this is the value of the c-ip field in the CloudFront
// access logs.
//
// IPSetDescriptors is a required field
IPSetDescriptors []IPSetDescriptor `type:"list" required:"true"`
// The IPSetId for an IPSet. You use IPSetId to get information about an IPSet
// (see GetIPSet), update an IPSet (see UpdateIPSet), insert an IPSet into a
// Rule or delete one from a Rule (see UpdateRule), and delete an IPSet from
// AWS WAF (see DeleteIPSet).
//
// IPSetId is returned by CreateIPSet and by ListIPSets.
//
// IPSetId is a required field
IPSetId *string `min:"1" type:"string" required:"true"`
// A friendly name or description of the IPSet. You can't change the name of
// an IPSet after you create it.
Name *string `min:"1" type:"string"`
}
// String returns the string representation
func (s IPSet) String() string {
return awsutil.Prettify(s)
}
//
// This is AWS WAF Classic documentation. For more information, see AWS WAF
// Classic (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html)
// in the developer guide.
//
// For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
// WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
// With the latest version, AWS WAF has a single set of endpoints for regional
// and global use.
//
// Specifies the IP address type (IPV4 or IPV6) and the IP address range (in
// CIDR format) that web requests originate from.
type IPSetDescriptor struct {