/
access_rule_criteria.go
196 lines (179 loc) · 13.9 KB
/
access_rule_criteria.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
// Code generated. DO NOT EDIT.
// Web Application Acceleration and Security Services API
//
// OCI Web Application Acceleration and Security Services
//
package waas
import (
"fmt"
"github.com/oracle/oci-go-sdk/v65/common"
"strings"
)
// AccessRuleCriteria When defined, the parent challenge would be applied only for the requests that matched all the listed conditions.
type AccessRuleCriteria struct {
// The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
// - **URL_IS:** Matches if the concatenation of request URL path and query is identical to the contents of the `value` field. URL must start with a `/`.
// - **URL_IS_NOT:** Matches if the concatenation of request URL path and query is not identical to the contents of the `value` field. URL must start with a `/`.
// - **URL_STARTS_WITH:** Matches if the concatenation of request URL path and query starts with the contents of the `value` field. URL must start with a `/`.
// - **URL_PART_ENDS_WITH:** Matches if the concatenation of request URL path and query ends with the contents of the `value` field.
// - **URL_PART_CONTAINS:** Matches if the concatenation of request URL path and query contains the contents of the `value` field.
// - **URL_REGEX:** Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
// - **URL_DOES_NOT_MATCH_REGEX:** Matches if the concatenation of request URL path and query is not described by the regular expression in the `value` field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
// - **URL_DOES_NOT_START_WITH:** Matches if the concatenation of request URL path and query does not start with the contents of the `value` field.
// - **URL_PART_DOES_NOT_CONTAIN:** Matches if the concatenation of request URL path and query does not contain the contents of the `value` field.
// - **URL_PART_DOES_NOT_END_WITH:** Matches if the concatenation of request URL path and query does not end with the contents of the `value` field.
// - **IP_IS:** Matches if the request originates from one of the IP addresses contained in the defined address list. The `value` in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n
// *Example:* "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
// - **IP_IS_NOT:** Matches if the request does not originate from any of the IP addresses contained in the defined address list. The `value` in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n
// *Example:* "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
// - **IP_IN_LIST:** Matches if the request originates from one of the IP addresses contained in the referenced address list. The `value` in this case is OCID of the address list.
// - **IP_NOT_IN_LIST:** Matches if the request does not originate from any IP address contained in the referenced address list. The `value` field in this case is OCID of the address list.
// - **HTTP_HEADER_CONTAINS:** The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. `host:test.example.com` is an example of a criteria value where `host` is the header field name and `test.example.com` is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match.
// *Example:* With a criteria value of `host:test.example.com`, where `host` is the name of the field and `test.example.com` is the value of the host field, a request with the header values, `Host: www.test.example.com` will match, where as a request with header values of `host: www.example.com` or `host: test.sub.example.com` will not match.
// - **HTTP_METHOD_IS:** Matches if the request method is identical to one of the values listed in field. The `value` in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH`
// *Example:* "GET\nPOST"
// - **HTTP_METHOD_IS_NOT:** Matches if the request is not identical to any of the contents of the `value` field. The `value` in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH`
// *Example:* "GET\nPOST"
// - **COUNTRY_IS:** Matches if the request originates from one of countries in the `value` field. The `value` in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website (https://www.iso.org/obp/ui/#search/code/).
// *Example:* "AL\nDZ\nAM"
// - **COUNTRY_IS_NOT:** Matches if the request does not originate from any of countries in the `value` field. The `value` in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website (https://www.iso.org/obp/ui/#search/code/).
// *Example:* "AL\nDZ\nAM"
// - **USER_AGENT_IS:** Matches if the requesting user agent is identical to the contents of the `value` field.
// *Example:* `Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0`
// - **USER_AGENT_IS_NOT:** Matches if the requesting user agent is not identical to the contents of the `value` field.
// *Example:* `Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0`
Condition AccessRuleCriteriaConditionEnum `mandatory:"true" json:"condition"`
// The criteria value.
Value *string `mandatory:"true" json:"value"`
// When enabled, the condition will be matched with case-sensitive rules.
IsCaseSensitive *bool `mandatory:"false" json:"isCaseSensitive"`
}
func (m AccessRuleCriteria) String() string {
return common.PointerString(m)
}
// ValidateEnumValue returns an error when providing an unsupported enum value
// This function is being called during constructing API request process
// Not recommended for calling this function directly
func (m AccessRuleCriteria) ValidateEnumValue() (bool, error) {
errMessage := []string{}
if _, ok := GetMappingAccessRuleCriteriaConditionEnum(string(m.Condition)); !ok && m.Condition != "" {
errMessage = append(errMessage, fmt.Sprintf("unsupported enum value for Condition: %s. Supported values are: %s.", m.Condition, strings.Join(GetAccessRuleCriteriaConditionEnumStringValues(), ",")))
}
if len(errMessage) > 0 {
return true, fmt.Errorf(strings.Join(errMessage, "\n"))
}
return false, nil
}
// AccessRuleCriteriaConditionEnum Enum with underlying type: string
type AccessRuleCriteriaConditionEnum string
// Set of constants representing the allowable values for AccessRuleCriteriaConditionEnum
const (
AccessRuleCriteriaConditionUrlIs AccessRuleCriteriaConditionEnum = "URL_IS"
AccessRuleCriteriaConditionUrlIsNot AccessRuleCriteriaConditionEnum = "URL_IS_NOT"
AccessRuleCriteriaConditionUrlStartsWith AccessRuleCriteriaConditionEnum = "URL_STARTS_WITH"
AccessRuleCriteriaConditionUrlPartEndsWith AccessRuleCriteriaConditionEnum = "URL_PART_ENDS_WITH"
AccessRuleCriteriaConditionUrlPartContains AccessRuleCriteriaConditionEnum = "URL_PART_CONTAINS"
AccessRuleCriteriaConditionUrlRegex AccessRuleCriteriaConditionEnum = "URL_REGEX"
AccessRuleCriteriaConditionUrlDoesNotMatchRegex AccessRuleCriteriaConditionEnum = "URL_DOES_NOT_MATCH_REGEX"
AccessRuleCriteriaConditionUrlDoesNotStartWith AccessRuleCriteriaConditionEnum = "URL_DOES_NOT_START_WITH"
AccessRuleCriteriaConditionUrlPartDoesNotContain AccessRuleCriteriaConditionEnum = "URL_PART_DOES_NOT_CONTAIN"
AccessRuleCriteriaConditionUrlPartDoesNotEndWith AccessRuleCriteriaConditionEnum = "URL_PART_DOES_NOT_END_WITH"
AccessRuleCriteriaConditionIpIs AccessRuleCriteriaConditionEnum = "IP_IS"
AccessRuleCriteriaConditionIpIsNot AccessRuleCriteriaConditionEnum = "IP_IS_NOT"
AccessRuleCriteriaConditionIpInList AccessRuleCriteriaConditionEnum = "IP_IN_LIST"
AccessRuleCriteriaConditionIpNotInList AccessRuleCriteriaConditionEnum = "IP_NOT_IN_LIST"
AccessRuleCriteriaConditionHttpHeaderContains AccessRuleCriteriaConditionEnum = "HTTP_HEADER_CONTAINS"
AccessRuleCriteriaConditionHttpMethodIs AccessRuleCriteriaConditionEnum = "HTTP_METHOD_IS"
AccessRuleCriteriaConditionHttpMethodIsNot AccessRuleCriteriaConditionEnum = "HTTP_METHOD_IS_NOT"
AccessRuleCriteriaConditionCountryIs AccessRuleCriteriaConditionEnum = "COUNTRY_IS"
AccessRuleCriteriaConditionCountryIsNot AccessRuleCriteriaConditionEnum = "COUNTRY_IS_NOT"
AccessRuleCriteriaConditionUserAgentIs AccessRuleCriteriaConditionEnum = "USER_AGENT_IS"
AccessRuleCriteriaConditionUserAgentIsNot AccessRuleCriteriaConditionEnum = "USER_AGENT_IS_NOT"
)
var mappingAccessRuleCriteriaConditionEnum = map[string]AccessRuleCriteriaConditionEnum{
"URL_IS": AccessRuleCriteriaConditionUrlIs,
"URL_IS_NOT": AccessRuleCriteriaConditionUrlIsNot,
"URL_STARTS_WITH": AccessRuleCriteriaConditionUrlStartsWith,
"URL_PART_ENDS_WITH": AccessRuleCriteriaConditionUrlPartEndsWith,
"URL_PART_CONTAINS": AccessRuleCriteriaConditionUrlPartContains,
"URL_REGEX": AccessRuleCriteriaConditionUrlRegex,
"URL_DOES_NOT_MATCH_REGEX": AccessRuleCriteriaConditionUrlDoesNotMatchRegex,
"URL_DOES_NOT_START_WITH": AccessRuleCriteriaConditionUrlDoesNotStartWith,
"URL_PART_DOES_NOT_CONTAIN": AccessRuleCriteriaConditionUrlPartDoesNotContain,
"URL_PART_DOES_NOT_END_WITH": AccessRuleCriteriaConditionUrlPartDoesNotEndWith,
"IP_IS": AccessRuleCriteriaConditionIpIs,
"IP_IS_NOT": AccessRuleCriteriaConditionIpIsNot,
"IP_IN_LIST": AccessRuleCriteriaConditionIpInList,
"IP_NOT_IN_LIST": AccessRuleCriteriaConditionIpNotInList,
"HTTP_HEADER_CONTAINS": AccessRuleCriteriaConditionHttpHeaderContains,
"HTTP_METHOD_IS": AccessRuleCriteriaConditionHttpMethodIs,
"HTTP_METHOD_IS_NOT": AccessRuleCriteriaConditionHttpMethodIsNot,
"COUNTRY_IS": AccessRuleCriteriaConditionCountryIs,
"COUNTRY_IS_NOT": AccessRuleCriteriaConditionCountryIsNot,
"USER_AGENT_IS": AccessRuleCriteriaConditionUserAgentIs,
"USER_AGENT_IS_NOT": AccessRuleCriteriaConditionUserAgentIsNot,
}
var mappingAccessRuleCriteriaConditionEnumLowerCase = map[string]AccessRuleCriteriaConditionEnum{
"url_is": AccessRuleCriteriaConditionUrlIs,
"url_is_not": AccessRuleCriteriaConditionUrlIsNot,
"url_starts_with": AccessRuleCriteriaConditionUrlStartsWith,
"url_part_ends_with": AccessRuleCriteriaConditionUrlPartEndsWith,
"url_part_contains": AccessRuleCriteriaConditionUrlPartContains,
"url_regex": AccessRuleCriteriaConditionUrlRegex,
"url_does_not_match_regex": AccessRuleCriteriaConditionUrlDoesNotMatchRegex,
"url_does_not_start_with": AccessRuleCriteriaConditionUrlDoesNotStartWith,
"url_part_does_not_contain": AccessRuleCriteriaConditionUrlPartDoesNotContain,
"url_part_does_not_end_with": AccessRuleCriteriaConditionUrlPartDoesNotEndWith,
"ip_is": AccessRuleCriteriaConditionIpIs,
"ip_is_not": AccessRuleCriteriaConditionIpIsNot,
"ip_in_list": AccessRuleCriteriaConditionIpInList,
"ip_not_in_list": AccessRuleCriteriaConditionIpNotInList,
"http_header_contains": AccessRuleCriteriaConditionHttpHeaderContains,
"http_method_is": AccessRuleCriteriaConditionHttpMethodIs,
"http_method_is_not": AccessRuleCriteriaConditionHttpMethodIsNot,
"country_is": AccessRuleCriteriaConditionCountryIs,
"country_is_not": AccessRuleCriteriaConditionCountryIsNot,
"user_agent_is": AccessRuleCriteriaConditionUserAgentIs,
"user_agent_is_not": AccessRuleCriteriaConditionUserAgentIsNot,
}
// GetAccessRuleCriteriaConditionEnumValues Enumerates the set of values for AccessRuleCriteriaConditionEnum
func GetAccessRuleCriteriaConditionEnumValues() []AccessRuleCriteriaConditionEnum {
values := make([]AccessRuleCriteriaConditionEnum, 0)
for _, v := range mappingAccessRuleCriteriaConditionEnum {
values = append(values, v)
}
return values
}
// GetAccessRuleCriteriaConditionEnumStringValues Enumerates the set of values in String for AccessRuleCriteriaConditionEnum
func GetAccessRuleCriteriaConditionEnumStringValues() []string {
return []string{
"URL_IS",
"URL_IS_NOT",
"URL_STARTS_WITH",
"URL_PART_ENDS_WITH",
"URL_PART_CONTAINS",
"URL_REGEX",
"URL_DOES_NOT_MATCH_REGEX",
"URL_DOES_NOT_START_WITH",
"URL_PART_DOES_NOT_CONTAIN",
"URL_PART_DOES_NOT_END_WITH",
"IP_IS",
"IP_IS_NOT",
"IP_IN_LIST",
"IP_NOT_IN_LIST",
"HTTP_HEADER_CONTAINS",
"HTTP_METHOD_IS",
"HTTP_METHOD_IS_NOT",
"COUNTRY_IS",
"COUNTRY_IS_NOT",
"USER_AGENT_IS",
"USER_AGENT_IS_NOT",
}
}
// GetMappingAccessRuleCriteriaConditionEnum performs case Insensitive comparison on enum value and return the desired enum
func GetMappingAccessRuleCriteriaConditionEnum(val string) (AccessRuleCriteriaConditionEnum, bool) {
enum, ok := mappingAccessRuleCriteriaConditionEnumLowerCase[strings.ToLower(val)]
return enum, ok
}