diff --git a/.changelog/1608.txt b/.changelog/1608.txt new file mode 100644 index 00000000000..3025209f599 --- /dev/null +++ b/.changelog/1608.txt @@ -0,0 +1,3 @@ +```release-note:bug +teams_rules: add "resolve" to allowable actions +``` diff --git a/teams_rules.go b/teams_rules.go index 880c55ca880..b03c0121579 100644 --- a/teams_rules.go +++ b/teams_rules.go @@ -146,10 +146,11 @@ type TeamsFilterType string type TeamsGatewayAction string const ( - HttpFilter TeamsFilterType = "http" - DnsFilter TeamsFilterType = "dns" - L4Filter TeamsFilterType = "l4" - EgressFilter TeamsFilterType = "egress" + HttpFilter TeamsFilterType = "http" + DnsFilter TeamsFilterType = "dns" + L4Filter TeamsFilterType = "l4" + EgressFilter TeamsFilterType = "egress" + DnsResolverFilter TeamsFilterType = "dns_resolver" ) const ( @@ -167,6 +168,7 @@ const ( L4Override TeamsGatewayAction = "l4_override" // l4 Egress TeamsGatewayAction = "egress" // egress AuditSSH TeamsGatewayAction = "audit_ssh" // l4 + Resolve TeamsGatewayAction = "resolve" // resolve ) func TeamsRulesActionValues() []string { @@ -185,6 +187,7 @@ func TeamsRulesActionValues() []string { string(L4Override), string(Egress), string(AuditSSH), + string(Resolve), } } diff --git a/teams_rules_test.go b/teams_rules_test.go index 8bc93b98925..226ce50bb28 100644 --- a/teams_rules_test.go +++ b/teams_rules_test.go @@ -532,6 +532,75 @@ func TestTeamsCreateL4Rule(t *testing.T) { } } +func TestTeamsCreateResolverPolicy(t *testing.T) { + setup() + defer teardown() + + handler := func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method) + w.Header().Set("content-type", "application/json") + fmt.Fprintf(w, `{ + "success": true, + "errors": [], + "messages": [], + "result": { + "name": "resolve 4.4.4.4", + "description": "rule description", + "precedence": 1000, + "enabled": true, + "action": "resolve", + "filters": [ + "dns_resolver" + ], + "traffic": "any(dns.domains[*] == \"scottstots.com\")", + "identity": "", + "rule_settings": { + "audit_ssh": { "command_logging": true }, + "resolve_dns_through_cloudflare": true + } + } + } + `) + } + + want := TeamsRule{ + Name: "resolve 4.4.4.4", + Description: "rule description", + Precedence: 1000, + Enabled: true, + Action: Resolve, + Filters: []TeamsFilterType{DnsResolverFilter}, + Traffic: `any(dns.domains[*] == "scottstots.com")`, + Identity: "", + DevicePosture: "", + RuleSettings: TeamsRuleSettings{ + BlockPageEnabled: false, + BlockReason: "", + OverrideIPs: nil, + OverrideHost: "", + L4Override: nil, + AddHeaders: nil, + BISOAdminControls: nil, + CheckSession: nil, + InsecureDisableDNSSECValidation: false, + EgressSettings: nil, + AuditSSH: &AuditSSHRuleSettings{ + CommandLogging: true, + }, + ResolveDnsThroughCloudflare: BoolPtr(true), + }, + DeletedAt: nil, + } + + mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules", handler) + + actual, err := client.TeamsCreateRule(context.Background(), testAccountID, want) + + if assert.NoError(t, err) { + assert.Equal(t, want, actual) + } +} + func TestTeamsUpdateRule(t *testing.T) { setup() defer teardown()