Merge pull request #38 from fastly/update_usage_and_examples

Update usage and examples
fastly · Jul 31, 2018 · abf6911 · abf6911
2 parents fbc4625 + 4960c19
commit abf6911
Show file tree

Hide file tree

Showing 8 changed files with 48 additions and 231 deletions.
diff --git a/Documentation/EXAMPLES.md b/Documentation/EXAMPLES.md
@@ -15,4 +15,13 @@
 `./waflyctl -apikey $FASTLY_TOKEN -domain myexample.com -owasp`
 
 ## Disable a WAF, stop it for blocking traffic if something goes horribly wrong
-`./waflyctl -apikey $FASTLY_TOKEN -serviceid 7YCnicdpjTvxR2JdzNxxxx -status disable`
+
+## Listing all configuration sets available on the fastly platform
+`./waflyctl -apikey $FASTLY_TOKEN -serviceid 7YCnicdpjTvxR2JdzNxxxx -list-configuration-sets`
+
+## Listing all rules available under a configuration set
+`./waflyctl -apikey $FASTLY_TOKEN -serviceid 7YCnicdpjTvxR2JdzNxxxx -list-all-rules 552NEtnDyzucKd3vTjLgFC`
+
+## Listing all rules and their status for a service
+`./waflyctl -apikey $FASTLY_TOKEN -serviceid 7YCnicdpjTvxR2JdzNxxxx -list-rules`
+
diff --git a/Documentation/USAGE.md b/Documentation/USAGE.md
@@ -2,33 +2,39 @@
 waflyctl configuration file contains the default parameters to build and also managed a WAF. 
 If needed please adjust them in waflyctl.toml, and or pass them via command line.
 ```
-
-A domain or service ID is required!
-
+Usage of waflyctl:
   -action string
-        Select what action to take on the rules list and rule tags. Also overwrites action defined in config file, choices are: disabled, block, log.
+    	Select what action to take on the rules list and rule tags. Also overwrites action defined in config file, choices are: disabled, block, log.
   -apiendpoint string
-        Fastly API endpoin, defaults to https://api.fastly.com (default "https://api.fastly.com")
+    	Fastly API endpoint to use. (default "https://api.fastly.com")
   -apikey string
-        [Required] API Key to use
+    	[Required] API Key to use
   -config string
-        Location of configuration file for waflyctl, defaults to waflyctl.toml (default "waflyctl.toml")
+    	Location of configuration file for waflyctl. (default "/Users/jhernandez/.waflyctl.toml")
   -delete
-        When set removes a WAF configuration created with waflyctl.
+    	When set removes a WAF configuration created with waflyctl.
   -delete-logs
-        When set removes WAF logging configuration.
+    	When set removes WAF logging configuration.
   -domain string
-        [Required] Domain to Provision, you can use Service ID alternatively
+    	[Required] Domain to Provision, you can use Service ID alternatively
+  -enable-logs-only
+    	Add logging configuration only to the service, the tool will not make any other changes, can be paired with-perimeterx
+  -list-all-rules string
+    	List all rules available on the Fastly platform for a given configuration set. Must pass a configuration set ID
+  -list-configuration-sets
+    	List all configuration sets and their status
+  -list-rules
+    	List current WAF rules and their status
   -owasp
-        When set edits the OWASP object base on the settings in the configuration file.
+    	When set edits the OWASP object base on the settings in the configuration file.
   -rules string
-        Which rules to apply action on in a comma delimited fashion, overwrites ruleid defined in config file, example: 94011,93110,1000101..
+    	Which rules to apply action on in a comma delimited fashion, overwrites ruleid defined in config file, example: 94011,93110,1000101..
   -serviceid string
-        [Required] Service ID to Provision
+    	[Required] Service ID to Provision
   -status string
-        Disable or Enable the WAF. A disabled WAF will not block any traffic.
+    	Disable or Enable the WAF. A disabled WAF will not block any traffic, also disabling a WAF does not change rule statuses on its configure policy.
   -tags string
-        Which rules tags to add to the ruleset in a comma delimited fashion, overwrites tags defined in config file, example: OWASP,wordpress,php
+    	Which rules tags to add to the ruleset in a comma delimited fashion, overwrites tags defined in config file, example: OWASP,wordpress,php
   -with-perimeterx
-        Enable if the customer has perimeterX enabled on the service as well as WAF. Helps fix null value logging.
+    	Enable if the customer has perimeterX enabled on the service as well as WAF. Helps fix null value logging.
 ```
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/config_examples/waflyctl.toml.example b/config_examples/waflyctl.toml.example
@@ -42,7 +42,7 @@ XSSScoreThreshold = 5
 [weblog]
 name = "weblogs"
 address = "address"
-port = "514"
+port = 514
 format = '''{\"type\":\"req\",\"service_id\":\"%{req.service_id}V\",\"request_id\":\"%{req.http.fastly-soc-x-request-id}V\",\"start_time\":\"%{time.start.sec}V\",\"fastly_info\":\"%{fastly_info.state}V\",\"datacenter\":\"%{server.datacenter}V\",\"client_ip\":\"%a\",\"req_method\":\"%m\",\"req_uri\":\"%{cstr_escape(req.url)}V\",\"req_h_host\":\"%{cstr_escape(req.http.Host)}V\",\"req_h_user_agent\":\"%{cstr_escape(req.http.User-Agent)}V\",\"req_h_accept_encoding\":\"%{cstr_escape(req.http.Accept-Encoding)}V\",\"req_header_bytes\":\"%{req.header_bytes_read}V\",\"req_body_bytes\":\"%{req.body_bytes_read}V\",\"waf_logged\":\"%{waf.logged}V\",\"waf_blocked\":\"%{waf.blocked}V\",\"waf_failures\":\"%{waf.failures}V\",\"waf_executed\":\"%{waf.executed}V\",\"anomaly_score\":\"%{waf.anomaly_score}V\",\"sql_injection_score\":\"%{waf.sql_injection_score}V\",\"rfi_score\":\"%{waf.rfi_score}V\",\"lfi_score\":\"%{waf.lfi_score}V\",\"rce_score\":\"%{waf.rce_score}V\",\"php_injection_score\":\"%{waf.php_injection_score}V\",\"session_fixation_score\":\"%{waf.session_fixation_score}V\",\"http_violation_score\":\"%{waf.http_violation_score}V\",\"xss_score\":\"%{waf.xss_score}V\",\"resp_status\":\"%{resp.status}V\",\"resp_bytes\":\"%{resp.bytes_written}V\",\"resp_header_bytes\":\"%{resp.header_bytes_written}V\",\"resp_body_bytes\":\"%{resp.body_bytes_written}V\"}'''
 
 [waflog]

diff --git a/vendor/github.com/mitchellh/go-homedir/LICENSE b/vendor/github.com/mitchellh/go-homedir/LICENSE
diff --git a/vendor/github.com/mitchellh/go-homedir/README.md b/vendor/github.com/mitchellh/go-homedir/README.md
diff --git a/vendor/github.com/mitchellh/go-homedir/homedir.go b/vendor/github.com/mitchellh/go-homedir/homedir.go
diff --git a/waflyctl.go b/waflyctl.go
@@ -484,8 +484,8 @@ func vclSnippet(serviceID, apiKey string, version int, config TOMLConfig) bool {
 
 }
 
-// FastlySOCLogging configures the logging endpoints for the customer
-func FastlySOCLogging(client fastly.Client, serviceID string, version int, config TOMLConfig) bool {
+// FastlyLogging configures the logging endpoints for the customer
+func FastlyLogging(client fastly.Client, serviceID string, version int, config TOMLConfig) bool {
 	//add logging logic to service
 	// create req logging endpoint
 	_, err := client.CreateSyslog(&fastly.CreateSyslogInput{
@@ -506,7 +506,7 @@ func FastlySOCLogging(client fastly.Client, serviceID string, version int, confi
 		fmt.Print(err)
 		return false
 	}
-	Info.Println("Created SOC request logging endpoint: " + config.Weblog.Name)
+	Info.Println("Created request logging endpoint: " + config.Weblog.Name)
 
 	// create waf logging endpoint
 	_, err = client.CreateSyslog(&fastly.CreateSyslogInput{
@@ -528,7 +528,7 @@ func FastlySOCLogging(client fastly.Client, serviceID string, version int, confi
 		fmt.Print(err)
 		return false
 	}
-	Info.Println("Created SOC WAF logging endpoint: " + config.Waflog.Name)
+	Info.Println("Created WAF logging endpoint: " + config.Waflog.Name)
 	return true
 }
 
@@ -827,12 +827,11 @@ func DeprovisionWAF(client fastly.Client, serviceID, apiKey string, config TOMLC
 
 	for index, waf := range wafs {
 
-		//remove WAF SOC Logging
+		//remove WAF Logging
 		result := DeleteLogsCall(client, serviceID, apiKey, config, version)
-		Info.Printf("Deleting WAF #%v SOC Logging", index+1)
+		Info.Printf("Deleting WAF #%v Logging", index+1)
 		if !result {
-			Error.Print(err)
-			return false
+			Error.Printf("Deleting WAF #%v Logging: %s", index+1, err)
 		}
 
 		Info.Printf("Deleting WAF #%v Container", index+1)
@@ -882,8 +881,7 @@ func DeprovisionWAF(client fastly.Client, serviceID, apiKey string, config TOMLC
 
 		//check if we had an issue with our call
 		if err != nil {
-			Error.Println("Error with API call: " + apiCall)
-			os.Exit(1)
+			Error.Printf("Deleting WAF #%v VCL Snippet", index+1)
 		}
 
 	}
@@ -932,10 +930,10 @@ func provisionWAF(client fastly.Client, serviceID, apiKey string, config TOMLCon
 	}
 
 	//set logging parameters
-	if FastlySOCLogging(client, serviceID, version, config) {
-		Info.Println("successfully created SOC logging settings")
+	if FastlyLogging(client, serviceID, version, config) {
+		Info.Println("successfully created logging settings")
 	} else {
-		Error.Printf("Fatal issue creating SOC logging settings..")
+		Error.Printf("Fatal issue creating logging settings..")
 		os.Exit(1)
 	}
 
@@ -1843,10 +1841,10 @@ func main() {
 		}
 
 		//set logging parameters
-		if FastlySOCLogging(*client, *serviceID, version, config) {
-			Info.Println("successfully created SOC logging settings")
+		if FastlyLogging(*client, *serviceID, version, config) {
+			Info.Println("successfully created logging settings")
 		} else {
-			Error.Printf("Fatal issue creating SOC logging settings..")
+			Error.Printf("Fatal issue creating logging settings..")
 			os.Exit(1)
 		}