From 0e8bc3465430d9f3572fe382e5ca0254685382dc Mon Sep 17 00:00:00 2001 From: Zhenguo Niu Date: Tue, 28 May 2019 15:28:38 +0800 Subject: [PATCH] Add WAF --- openstack/client.go | 7 ++ openstack/waf/v1/certificates/requests.go | 85 ++++++++++++++++ openstack/waf/v1/certificates/results.go | 51 ++++++++++ openstack/waf/v1/certificates/urls.go | 11 ++ openstack/waf/v1/domains/requests.go | 110 ++++++++++++++++++++ openstack/waf/v1/domains/results.go | 84 +++++++++++++++ openstack/waf/v1/domains/urls.go | 11 ++ openstack/waf/v1/policies/requests.go | 118 ++++++++++++++++++++++ openstack/waf/v1/policies/results.go | 93 +++++++++++++++++ openstack/waf/v1/policies/urls.go | 15 +++ 10 files changed, 585 insertions(+) create mode 100644 openstack/waf/v1/certificates/requests.go create mode 100644 openstack/waf/v1/certificates/results.go create mode 100644 openstack/waf/v1/certificates/urls.go create mode 100644 openstack/waf/v1/domains/requests.go create mode 100644 openstack/waf/v1/domains/results.go create mode 100644 openstack/waf/v1/domains/urls.go create mode 100644 openstack/waf/v1/policies/requests.go create mode 100644 openstack/waf/v1/policies/results.go create mode 100644 openstack/waf/v1/policies/urls.go diff --git a/openstack/client.go b/openstack/client.go index 6583c4f27..290b49803 100644 --- a/openstack/client.go +++ b/openstack/client.go @@ -956,6 +956,13 @@ func NewCCE(client *golangsdk.ProviderClient, eo golangsdk.EndpointOpts) (*golan return sc, err } +// NewWAF creates a ServiceClient that may be used to access the WAF service. +func NewWAFV1(client *golangsdk.ProviderClient, eo golangsdk.EndpointOpts) (*golangsdk.ServiceClient, error) { + sc, err := initClientOpts(client, eo, "waf") + sc.ResourceBase = sc.Endpoint + "v1/" + client.ProjectID + "/waf/" + return sc, err +} + func NewSDKClient(c *golangsdk.ProviderClient, eo golangsdk.EndpointOpts, serviceType string) (*golangsdk.ServiceClient, error) { switch serviceType { case "mls": diff --git a/openstack/waf/v1/certificates/requests.go b/openstack/waf/v1/certificates/requests.go new file mode 100644 index 000000000..3451255bf --- /dev/null +++ b/openstack/waf/v1/certificates/requests.go @@ -0,0 +1,85 @@ +package certificates + +import ( + "github.com/huaweicloud/golangsdk" +) + +var RequestOpts golangsdk.RequestOpts = golangsdk.RequestOpts{ + MoreHeaders: map[string]string{"Content-Type": "application/json", "X-Language": "en-us"}, +} + +// CreateOptsBuilder allows extensions to add additional parameters to the +// Create request. +type CreateOptsBuilder interface { + ToCertCreateMap() (map[string]interface{}, error) +} + +// CreateOpts contains all the values needed to create a new certificate. +type CreateOpts struct { + //Certificate name + Name string `json:"name" required:"true"` + //Certificate content + Content string `json:"content" required:"true"` + //Private Key + Key string `json:"key" required:"true"` +} + +// ToCertCreateMap builds a create request body from CreateOpts. +func (opts CreateOpts) ToCertCreateMap() (map[string]interface{}, error) { + return golangsdk.BuildRequestBody(opts, "") +} + +// Create will create a new certificate based on the values in CreateOpts. +func Create(c *golangsdk.ServiceClient, opts CreateOptsBuilder) (r CreateResult) { + b, err := opts.ToCertCreateMap() + if err != nil { + r.Err = err + return + } + reqOpt := &golangsdk.RequestOpts{OkCodes: []int{200}} + _, r.Err = c.Post(rootURL(c), b, &r.Body, reqOpt) + return +} + +// UpdateOptsBuilder allows extensions to add additional parameters to the +// Update request. +type UpdateOptsBuilder interface { + ToCertUpdateMap() (map[string]interface{}, error) +} + +// UpdateOpts contains all the values needed to update a certificate. +type UpdateOpts struct { + //Certificate name + Name string `json:"name,omitempty"` +} + +// ToCertUpdateMap builds a update request body from UpdateOpts. +func (opts UpdateOpts) ToCertUpdateMap() (map[string]interface{}, error) { + return golangsdk.BuildRequestBody(opts, "") +} + +// Update accepts a UpdateOpts struct and uses the values to update a certificate.The response code from api is 200 +func Update(c *golangsdk.ServiceClient, certID string, opts UpdateOptsBuilder) (r UpdateResult) { + b, err := opts.ToCertUpdateMap() + if err != nil { + r.Err = err + return + } + reqOpt := &golangsdk.RequestOpts{OkCodes: []int{200}} + _, r.Err = c.Put(resourceURL(c, certID), b, nil, reqOpt) + return +} + +// Get retrieves a particular certificate based on its unique ID. +func Get(c *golangsdk.ServiceClient, id string) (r GetResult) { + _, r.Err = c.Get(resourceURL(c, id), &r.Body, &RequestOpts) + return +} + +// Delete will permanently delete a particular certificate based on its unique ID. +func Delete(c *golangsdk.ServiceClient, id string) (r DeleteResult) { + reqOpt := &golangsdk.RequestOpts{OkCodes: []int{204}, + MoreHeaders: RequestOpts.MoreHeaders} + _, r.Err = c.Delete(resourceURL(c, id), reqOpt) + return +} diff --git a/openstack/waf/v1/certificates/results.go b/openstack/waf/v1/certificates/results.go new file mode 100644 index 000000000..f6cdb4c67 --- /dev/null +++ b/openstack/waf/v1/certificates/results.go @@ -0,0 +1,51 @@ +package certificates + +import ( + "time" + + "github.com/huaweicloud/golangsdk" +) + +type Certificate struct { + //Certificate ID + Id string `json:"id"` + //Certificate Name + Name string `json:"name"` + //When the certificate expires + ExpireTime time.Time `json:"expireTime"` +} + +type commonResult struct { + golangsdk.Result +} + +// Extract is a function that accepts a result and extracts a certificate. +func (r commonResult) Extract() (*Certificate, error) { + var response Certificate + err := r.ExtractInto(&response) + return &response, err +} + +// CreateResult represents the result of a create operation. Call its Extract +// method to interpret it as a Certificate. +type CreateResult struct { + commonResult +} + +// UpdateResult represents the result of a update operation. Call its Extract +// method to interpret it as a Certificate. +type UpdateResult struct { + commonResult +} + +// GetResult represents the result of a get operation. Call its Extract +// method to interpret it as a Certificate. +type GetResult struct { + commonResult +} + +// DeleteResult represents the result of a delete operation. Call its ExtractErr +// method to determine if the request succeeded or failed. +type DeleteResult struct { + golangsdk.ErrResult +} diff --git a/openstack/waf/v1/certificates/urls.go b/openstack/waf/v1/certificates/urls.go new file mode 100644 index 000000000..ad8fb975f --- /dev/null +++ b/openstack/waf/v1/certificates/urls.go @@ -0,0 +1,11 @@ +package certificates + +import "github.com/huaweicloud/golangsdk" + +func rootURL(c *golangsdk.ServiceClient) string { + return c.ServiceURL("certificate") +} + +func resourceURL(c *golangsdk.ServiceClient, id string) string { + return c.ServiceURL("certificate", id) +} diff --git a/openstack/waf/v1/domains/requests.go b/openstack/waf/v1/domains/requests.go new file mode 100644 index 000000000..afb95ef8b --- /dev/null +++ b/openstack/waf/v1/domains/requests.go @@ -0,0 +1,110 @@ +package domains + +import ( + "github.com/huaweicloud/golangsdk" +) + +var RequestOpts golangsdk.RequestOpts = golangsdk.RequestOpts{ + MoreHeaders: map[string]string{"Content-Type": "application/json", "X-Language": "en-us"}, +} + +// CreateOptsBuilder allows extensions to add additional parameters to the +// Create request. +type CreateOptsBuilder interface { + ToDomainCreateMap() (map[string]interface{}, error) +} + +// CreateOpts contains all the values needed to create a new backup. +type CreateOpts struct { + //Domain name + HostName string `json:"hostname" required:"true"` + //Certificate ID + CertificateId string `json:"certificateid,omitempty"` + //The original server information + Server []ServerOpts `json:"server" required:"true"` + //Whether proxy is configured + Proxy *bool `json:"proxy" required:"true"` + //The type of the source IP header + SipHeaderName string `json:"sip_header_name,omitempty"` + //The HTTP request header for identifying the real source IP. + SipHeaderList []string `json:"sip_header_list,omitempty"` +} + +type ServerOpts struct { + //Protocol type of the client + FrontProtocol string `json:"front_protocol" required:"true"` + //Protocol used by WAF to forward client requests to the server + BackProtocol string `json:"back_protocol" required:"true"` + //IP address or domain name of the web server that the client accesses. + Address string `json:"address" required:"true"` + //Port number used by the web server + Port string `json:"port" required:"true"` +} + +// ToDomainCreateMap builds a create request body from CreateOpts. +func (opts CreateOpts) ToDomainCreateMap() (map[string]interface{}, error) { + return golangsdk.BuildRequestBody(opts, "") +} + +// Create will create a new Domain based on the values in CreateOpts. +func Create(c *golangsdk.ServiceClient, opts CreateOptsBuilder) (r CreateResult) { + b, err := opts.ToDomainCreateMap() + if err != nil { + r.Err = err + return + } + reqOpt := &golangsdk.RequestOpts{OkCodes: []int{200}} + _, r.Err = c.Post(rootURL(c), b, &r.Body, reqOpt) + return +} + +// UpdateOptsBuilder allows extensions to add additional parameters to the +// Update request. +type UpdateOptsBuilder interface { + ToDomainUpdateMap() (map[string]interface{}, error) +} + +// UpdateOpts contains all the values needed to update a Domain. +type UpdateOpts struct { + //Certificate ID + CertificateId string `json:"certificateid,omitempty"` + //The original server information + Server []ServerOpts `json:"server,omitempty"` + //Whether proxy is configured + Proxy *bool `json:"proxy,omitempty"` + //The type of the source IP header + SipHeaderName string `json:"sip_header_name,omitempty"` + //The HTTP request header for identifying the real source IP. + SipHeaderList []string `json:"sip_header_list,omitempty"` +} + +// ToDomainUpdateMap builds a update request body from UpdateOpts. +func (opts UpdateOpts) ToDomainUpdateMap() (map[string]interface{}, error) { + return golangsdk.BuildRequestBody(opts, "") +} + +// Update accepts a UpdateOpts struct and uses the values to update a Domain.The response code from api is 200 +func Update(c *golangsdk.ServiceClient, domainID string, opts UpdateOptsBuilder) (r UpdateResult) { + b, err := opts.ToDomainUpdateMap() + if err != nil { + r.Err = err + return + } + reqOpt := &golangsdk.RequestOpts{OkCodes: []int{200}} + _, r.Err = c.Put(resourceURL(c, domainID), b, nil, reqOpt) + return +} + +// Get retrieves a particular Domain based on its unique ID. +func Get(c *golangsdk.ServiceClient, id string) (r GetResult) { + _, r.Err = c.Get(resourceURL(c, id), &r.Body, &RequestOpts) + return +} + +// Delete will permanently delete a particular Domain based on its unique ID. +func Delete(c *golangsdk.ServiceClient, id string) (r DeleteResult) { + reqOpt := &golangsdk.RequestOpts{OkCodes: []int{204}, + MoreHeaders: RequestOpts.MoreHeaders} + _, r.Err = c.Delete(resourceURL(c, id), reqOpt) + return +} diff --git a/openstack/waf/v1/domains/results.go b/openstack/waf/v1/domains/results.go new file mode 100644 index 000000000..b72f4f85a --- /dev/null +++ b/openstack/waf/v1/domains/results.go @@ -0,0 +1,84 @@ +package domains + +import ( + "github.com/huaweicloud/golangsdk" +) + +type Domain struct { + //Domain ID + Id string `json:"id"` + //Domain name + HostName string `json:"hostname"` + //Access Code + AccessCode string `json:"access_code"` + //CNAME value + Cname string `json:"cname"` + //TXT record + TxtCode string `json:"txt_code"` + //Sub Domain name + SubDomain string `json:"sub_domain"` + //Policy ID + PolicyID string `json:"policy_id"` + //WAF mode + ProtectStatus int `json:"protect_status"` + //Whether a domain name is connected to WAF + AccessStatus int `json:"access_status"` + //Protocol type + Protocol string `json:"protocol"` + //Certificate ID + CertificateId string `json:"certificateid"` + //The original server information + Server []Server `json:"server"` + //Whether proxy is configured + Proxy bool `json:"proxy"` + //The type of the source IP header + SipHeaderName string `json:"sip_header_name"` + //The HTTP request header for identifying the real source IP. + SipHeaderList []string `json:"sip_header_list"` +} + +type Server struct { + //Protocol type of the client + FrontProtocol string `json:"front_protocol" required:"true"` + //Protocol used by WAF to forward client requests to the server + BackProtocol string `json:"back_protocol" required:"true"` + //IP address or domain name of the web server that the client accesses. + Address string `json:"address" required:"true"` + //Port number used by the web server + Port int `json:"port" required:"true"` +} + +type commonResult struct { + golangsdk.Result +} + +// Extract is a function that accepts a result and extracts a domain. +func (r commonResult) Extract() (*Domain, error) { + var response Domain + err := r.ExtractInto(&response) + return &response, err +} + +// CreateResult represents the result of a create operation. Call its Extract +// method to interpret it as a Domain. +type CreateResult struct { + commonResult +} + +// UpdateResult represents the result of a update operation. Call its Extract +// method to interpret it as a Domain. +type UpdateResult struct { + commonResult +} + +// GetResult represents the result of a get operation. Call its Extract +// method to interpret it as a Domain. +type GetResult struct { + commonResult +} + +// DeleteResult represents the result of a delete operation. Call its ExtractErr +// method to determine if the request succeeded or failed. +type DeleteResult struct { + golangsdk.ErrResult +} diff --git a/openstack/waf/v1/domains/urls.go b/openstack/waf/v1/domains/urls.go new file mode 100644 index 000000000..2209d3776 --- /dev/null +++ b/openstack/waf/v1/domains/urls.go @@ -0,0 +1,11 @@ +package domains + +import "github.com/huaweicloud/golangsdk" + +func rootURL(c *golangsdk.ServiceClient) string { + return c.ServiceURL("instance") +} + +func resourceURL(c *golangsdk.ServiceClient, id string) string { + return c.ServiceURL("instance", id) +} diff --git a/openstack/waf/v1/policies/requests.go b/openstack/waf/v1/policies/requests.go new file mode 100644 index 000000000..bc1c1338c --- /dev/null +++ b/openstack/waf/v1/policies/requests.go @@ -0,0 +1,118 @@ +package policies + +import ( + "github.com/huaweicloud/golangsdk" +) + +var RequestOpts golangsdk.RequestOpts = golangsdk.RequestOpts{ + MoreHeaders: map[string]string{"Content-Type": "application/json", "X-Language": "en-us"}, +} + +// CreateOptsBuilder allows extensions to add additional parameters to the +// Create request. +type CreateOptsBuilder interface { + ToPolicyCreateMap() (map[string]interface{}, error) +} + +// CreateOpts contains all the values needed to create a new policy. +type CreateOpts struct { + //Policy name + Name string `json:"name" required:"true"` +} + +// ToPolicyCreateMap builds a create request body from CreateOpts. +func (opts CreateOpts) ToPolicyCreateMap() (map[string]interface{}, error) { + return golangsdk.BuildRequestBody(opts, "") +} + +// Create will create a new policy based on the values in CreateOpts. +func Create(c *golangsdk.ServiceClient, opts CreateOptsBuilder) (r CreateResult) { + b, err := opts.ToPolicyCreateMap() + if err != nil { + r.Err = err + return + } + reqOpt := &golangsdk.RequestOpts{OkCodes: []int{200}} + _, r.Err = c.Post(rootURL(c), b, &r.Body, reqOpt) + return +} + +// UpdateOptsBuilder allows extensions to add additional parameters to the +// Update request. +type UpdateOptsBuilder interface { + ToPolicyUpdateMap() (map[string]interface{}, error) +} + +// UpdateOpts contains all the values needed to update a policy. +type UpdateOpts struct { + //Policy name + Name string `json:"name,omitempty"` + //Protective Action + Action *Action `json:"action,omitempty"` + //Protection Switches + Options *Options `json:"options,omitempty"` + //Protection Level + Level int `json:"level,omitempty"` + //Detection Mode + FullDetection *bool `json:"full_detection,omitempty"` +} + +// ToPolicyUpdateMap builds a update request body from UpdateOpts. +func (opts UpdateOpts) ToPolicyUpdateMap() (map[string]interface{}, error) { + return golangsdk.BuildRequestBody(opts, "") +} + +// Update accepts a UpdateOpts struct and uses the values to update a policy.The response code from api is 200 +func Update(c *golangsdk.ServiceClient, policyID string, opts UpdateOptsBuilder) (r UpdateResult) { + b, err := opts.ToPolicyUpdateMap() + if err != nil { + r.Err = err + return + } + reqOpt := &golangsdk.RequestOpts{OkCodes: []int{200}} + _, r.Err = c.Put(resourceURL(c, policyID), b, nil, reqOpt) + return +} + +// UpdateHostsOptsBuilder allows extensions to add additional parameters to the +// Update request. +type UpdateHostsOptsBuilder interface { + ToPolicyHostsUpdateMap() (map[string]interface{}, error) +} + +// UpdateHostsOpts contains all the values needed to update a policy hosts. +type UpdateHostsOpts struct { + //Domain IDs + Hosts []string `json:"hosts" required:"true"` +} + +// ToPolicyHostsUpdateMap builds a update request body from UpdateHostsOpts. +func (opts UpdateHostsOpts) ToPolicyHostsUpdateMap() (map[string]interface{}, error) { + return golangsdk.BuildRequestBody(opts, "") +} + +// Update accepts a UpdateHostsOpts struct and uses the values to update a policy hosts.The response code from api is 200 +func UpdateHosts(c *golangsdk.ServiceClient, policyID string, opts UpdateHostsOptsBuilder) (r UpdateResult) { + b, err := opts.ToPolicyHostsUpdateMap() + if err != nil { + r.Err = err + return + } + reqOpt := &golangsdk.RequestOpts{OkCodes: []int{200}} + _, r.Err = c.Put(hostsURL(c, policyID), b, nil, reqOpt) + return +} + +// Get retrieves a particular policy based on its unique ID. +func Get(c *golangsdk.ServiceClient, id string) (r GetResult) { + _, r.Err = c.Get(resourceURL(c, id), &r.Body, &RequestOpts) + return +} + +// Delete will permanently delete a particular policy based on its unique ID. +func Delete(c *golangsdk.ServiceClient, id string) (r DeleteResult) { + reqOpt := &golangsdk.RequestOpts{OkCodes: []int{204}, + MoreHeaders: RequestOpts.MoreHeaders} + _, r.Err = c.Delete(resourceURL(c, id), reqOpt) + return +} diff --git a/openstack/waf/v1/policies/results.go b/openstack/waf/v1/policies/results.go new file mode 100644 index 000000000..ccbe130c5 --- /dev/null +++ b/openstack/waf/v1/policies/results.go @@ -0,0 +1,93 @@ +package policies + +import ( + "github.com/huaweicloud/golangsdk" +) + +type Policy struct { + //Policy ID + Id string `json:"id"` + //Policy Name + Name string `json:"name"` + //Protective Action + Action Action `json:"action"` + //Protection Switches + Options Options `json:"options"` + //Protection Level + Level int `json:"level"` + //Detection Mode + FullDetection bool `json:"full_detection"` + //Domain IDs + Hosts []string `json:"hosts"` +} + +type Action struct { + //Protective Action + Category string `json:"category" required:"true"` +} + +type Options struct { + //Whether Basic Web Protection is enabled + WebAttack *bool `json:"webattack,omitempty"` + //Whether General Check in Basic Web Protection is enabled + Common *bool `json:"common,omitempty"` + //Whether the master crawler detection switch in Basic Web Protection is enabled + Crawler *bool `json:"crawler,omitempty"` + //Whether the Search Engine switch in Basic Web Protection is enabled + CrawlerEngine *bool `json:"crawler_engine,omitempty"` + //Whether the Scanner switch in Basic Web Protection is enabled + CrawlerScanner *bool `json:"crawler_scanner,omitempty"` + //Whether the Script Tool switch in Basic Web Protection is enabled + CrawlerScript *bool `json:"crawler_script,omitempty"` + //Whether detection of other crawlers in Basic Web Protection is enabled + CrawlerOther *bool `json:"crawler_other,omitempty"` + //Whether webshell detection in Basic Web Protection is enabled + WebShell *bool `json:"webshell,omitempty"` + //Whether CC Attack Protection is enabled + Cc *bool `json:"cc,omitempty"` + //Whether Precise Protection is enabled + Custom *bool `json:"custom,omitempty"` + //Whether Blacklist and Whitelist is enabled + WhiteblackIp *bool `json:"whiteblackip,omitempty"` + //Whether Data Masking is enabled + Privacy *bool `json:"privacy,omitempty"` + //Whether False Alarm Masking is enabled + Ignore *bool `json:"ignore,omitempty"` + //Whether Web Tamper Protection is enabled + AntiTamper *bool `json:"antitamper,omitempty"` +} + +type commonResult struct { + golangsdk.Result +} + +// Extract is a function that accepts a result and extracts a policy. +func (r commonResult) Extract() (*Policy, error) { + var response Policy + err := r.ExtractInto(&response) + return &response, err +} + +// CreateResult represents the result of a create operation. Call its Extract +// method to interpret it as a Policy. +type CreateResult struct { + commonResult +} + +// UpdateResult represents the result of a update operation. Call its Extract +// method to interpret it as a Policy. +type UpdateResult struct { + commonResult +} + +// GetResult represents the result of a get operation. Call its Extract +// method to interpret it as a Policy. +type GetResult struct { + commonResult +} + +// DeleteResult represents the result of a delete operation. Call its ExtractErr +// method to determine if the request succeeded or failed. +type DeleteResult struct { + golangsdk.ErrResult +} diff --git a/openstack/waf/v1/policies/urls.go b/openstack/waf/v1/policies/urls.go new file mode 100644 index 000000000..fed31fcac --- /dev/null +++ b/openstack/waf/v1/policies/urls.go @@ -0,0 +1,15 @@ +package policies + +import "github.com/huaweicloud/golangsdk" + +func rootURL(c *golangsdk.ServiceClient) string { + return c.ServiceURL("policy") +} + +func resourceURL(c *golangsdk.ServiceClient, id string) string { + return c.ServiceURL("policy", id) +} + +func hostsURL(c *golangsdk.ServiceClient, id string) string { + return c.ServiceURL("policy", id, "hosts") +}