DXE-3169 Merge pull request #197 from akamai/release/v7.5.0

DXE-3169 Release/v7.5.0
akamai · Nov 28, 2023 · 8f8b577 · 8f8b577
2 parents bb2c04f + 696bec8
commit 8f8b577
Show file tree

Hide file tree

Showing 8 changed files with 469 additions and 55 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,15 @@
 # EDGEGRID GOLANG RELEASE NOTES
 
+## 7.5.0 (November 28, 2023)
+
+#### FEATURES/ENHANCEMENTS:
+
+* APPSEC
+  * Added `ASNControls` field to `UpdateIPGeoRequest` and `IPGeoFirewall` structs to support firewall blocking by ASN client lists
+
+* BOTMAN
+  * Added API support for Custom Code - read and update
+
 ## 7.4.0 (October 24, 2023)
 
 #### FEATURES/ENHANCEMENTS:
@@ -12,7 +22,7 @@
 
 * IAM
   * Phone number is no longer required for IAM user for `CreateUser` and `UpdateUserInfo` methods
-  
+
 ## 7.3.0 (September 19, 2023)
 
 #### FEATURES/ENHANCEMENTS:

diff --git a/pkg/appsec/ip_geo.go b/pkg/appsec/ip_geo.go
@@ -40,7 +40,12 @@ type (
 		BlockedIPNetworkLists *IPGeoNetworkLists `json:"blockedIPNetworkLists,omitempty"`
 	}
 
-	// IPGeoIPControls is used to specify IP or GEO network lists to be blocked or allowed.
+	// IPGeoASNControls is used to specify ASN network lists to be blocked.
+	IPGeoASNControls struct {
+		BlockedIPNetworkLists *IPGeoNetworkLists `json:"blockedIPNetworkLists,omitempty"`
+	}
+
+	// IPGeoIPControls is used to specify IP, GEO or ASN network lists to be blocked or allowed.
 	IPGeoIPControls struct {
 		AllowedIPNetworkLists *IPGeoNetworkLists `json:"allowedIPNetworkLists,omitempty"`
 		BlockedIPNetworkLists *IPGeoNetworkLists `json:"blockedIPNetworkLists,omitempty"`
@@ -59,6 +64,7 @@ type (
 		Block              string             `json:"block"`
 		GeoControls        *IPGeoGeoControls  `json:"geoControls,omitempty"`
 		IPControls         *IPGeoIPControls   `json:"ipControls,omitempty"`
+		ASNControls        *IPGeoASNControls  `json:"asnControls,omitempty"`
 		UkraineGeoControls *UkraineGeoControl `json:"ukraineGeoControl,omitempty"`
 	}
 
@@ -67,6 +73,7 @@ type (
 		Block              string             `json:"block"`
 		GeoControls        *IPGeoGeoControls  `json:"geoControls,omitempty"`
 		IPControls         *IPGeoIPControls   `json:"ipControls,omitempty"`
+		ASNControls        *IPGeoASNControls  `json:"asnControls,omitempty"`
 		UkraineGeoControls *UkraineGeoControl `json:"ukraineGeoControl,omitempty"`
 	}
 

diff --git a/pkg/appsec/ip_geo_test.go b/pkg/appsec/ip_geo_test.go
@@ -2,7 +2,6 @@ package appsec
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"net/http"
 	"net/http/httptest"
@@ -15,13 +14,6 @@ import (
 
 // Test IPGeo
 func TestAppSec_GetIPGeo(t *testing.T) {
-
-	result := GetIPGeoResponse{}
-
-	respData := compactJSON(loadFixtureBytes("testdata/TestIPGeo/IPGeo.json"))
-	err := json.Unmarshal([]byte(respData), &result)
-	require.NoError(t, err)
-
 	tests := map[string]struct {
 		params           GetIPGeoRequest
 		responseStatus   int
@@ -36,10 +28,64 @@ func TestAppSec_GetIPGeo(t *testing.T) {
 				Version:  15,
 				PolicyID: "AAAA_81230",
 			},
-			responseStatus:   http.StatusOK,
-			responseBody:     respData,
-			expectedPath:     "/appsec/v1/configs/43253/versions/15/security-policies/AAAA_81230/ip-geo-firewall",
-			expectedResponse: &result,
+			responseStatus: http.StatusOK,
+			responseBody: `{
+				"block": "blockSpecificIPGeo",
+				"asnControls": {
+					"blockedIPNetworkLists": {
+						"networkList": [
+							"12345_ASNTEST"
+						]
+					}
+				},
+				"geoControls": {
+					"blockedIPNetworkLists": {
+						"networkList": [
+							"72138_TEST1"
+						]
+					}
+				},
+				"ipControls": {
+					"allowedIPNetworkLists": {
+						"networkList": [
+							"56921_TEST"
+						]
+					},
+					"blockedIPNetworkLists": {
+						"networkList": [
+							"53712_TESTLIST123"
+						]
+					}
+				},
+				"ukraineGeoControl": {
+					"action": "alert"
+				}
+			}`,
+			expectedPath: "/appsec/v1/configs/43253/versions/15/security-policies/AAAA_81230/ip-geo-firewall",
+			expectedResponse: &GetIPGeoResponse{
+				Block: "blockSpecificIPGeo",
+				GeoControls: &IPGeoGeoControls{
+					BlockedIPNetworkLists: &IPGeoNetworkLists{
+						NetworkList: []string{"72138_TEST1"},
+					},
+				},
+				IPControls: &IPGeoIPControls{
+					AllowedIPNetworkLists: &IPGeoNetworkLists{
+						NetworkList: []string{"56921_TEST"},
+					},
+					BlockedIPNetworkLists: &IPGeoNetworkLists{
+						NetworkList: []string{"53712_TESTLIST123"},
+					},
+				},
+				ASNControls: &IPGeoASNControls{
+					BlockedIPNetworkLists: &IPGeoNetworkLists{
+						NetworkList: []string{"12345_ASNTEST"},
+					},
+				},
+				UkraineGeoControls: &UkraineGeoControl{
+					Action: "alert",
+				},
+			},
 		},
 		"500 internal server error": {
 			params: GetIPGeoRequest{
@@ -87,18 +133,6 @@ func TestAppSec_GetIPGeo(t *testing.T) {
 
 // Test Update IPGeo.
 func TestAppSec_UpdateIPGeo(t *testing.T) {
-	result := UpdateIPGeoResponse{}
-
-	respData := compactJSON(loadFixtureBytes("testdata/TestIPGeo/IPGeo.json"))
-	err := json.Unmarshal([]byte(respData), &result)
-	require.NoError(t, err)
-
-	req := UpdateIPGeoRequest{}
-
-	reqData := compactJSON(loadFixtureBytes("testdata/TestIPGeo/IPGeo.json"))
-	err = json.Unmarshal([]byte(reqData), &req)
-	require.NoError(t, err)
-
 	tests := map[string]struct {
 		params           UpdateIPGeoRequest
 		responseStatus   int
@@ -117,10 +151,64 @@ func TestAppSec_UpdateIPGeo(t *testing.T) {
 			headers: http.Header{
 				"Content-Type": []string{"application/json;charset=UTF-8"},
 			},
-			responseStatus:   http.StatusCreated,
-			responseBody:     respData,
-			expectedResponse: &result,
-			expectedPath:     "/appsec/v1/configs/43253/versions/15/security-policies/AAAA_81230/ip-geo-firewall",
+			responseStatus: http.StatusCreated,
+			responseBody: `{
+				"block": "blockSpecificIPGeo",
+				"asnControls": {
+					"blockedIPNetworkLists": {
+						"networkList": [
+							"12345_ASNTEST"
+						]
+					}
+				},
+				"geoControls": {
+					"blockedIPNetworkLists": {
+						"networkList": [
+							"72138_TEST1"
+						]
+					}
+				},
+				"ipControls": {
+					"allowedIPNetworkLists": {
+						"networkList": [
+							"56921_TEST"
+						]
+					},
+					"blockedIPNetworkLists": {
+						"networkList": [
+							"53712_TESTLIST123"
+						]
+					}
+				},
+				"ukraineGeoControl": {
+					"action": "alert"
+				}
+			}`,
+			expectedResponse: &UpdateIPGeoResponse{
+				Block: "blockSpecificIPGeo",
+				GeoControls: &IPGeoGeoControls{
+					BlockedIPNetworkLists: &IPGeoNetworkLists{
+						NetworkList: []string{"72138_TEST1"},
+					},
+				},
+				IPControls: &IPGeoIPControls{
+					AllowedIPNetworkLists: &IPGeoNetworkLists{
+						NetworkList: []string{"56921_TEST"},
+					},
+					BlockedIPNetworkLists: &IPGeoNetworkLists{
+						NetworkList: []string{"53712_TESTLIST123"},
+					},
+				},
+				ASNControls: &IPGeoASNControls{
+					BlockedIPNetworkLists: &IPGeoNetworkLists{
+						NetworkList: []string{"12345_ASNTEST"},
+					},
+				},
+				UkraineGeoControls: &UkraineGeoControl{
+					Action: "alert",
+				},
+			},
+			expectedPath: "/appsec/v1/configs/43253/versions/15/security-policies/AAAA_81230/ip-geo-firewall",
 		},
 		"500 internal server error": {
 			params: UpdateIPGeoRequest{

diff --git a/pkg/appsec/testdata/TestIPGeo/IPGeo.json b/pkg/appsec/testdata/TestIPGeo/IPGeo.json
diff --git a/pkg/botman/botman.go b/pkg/botman/botman.go
@@ -37,6 +37,7 @@ type (
 		CustomClientSequence
 		CustomDefinedBot
 		CustomDenyAction
+		CustomCode
 		JavascriptInjection
 		RecategorizedAkamaiDefinedBot
 		ResponseAction

diff --git a/pkg/botman/custom_code.go b/pkg/botman/custom_code.go
@@ -0,0 +1,112 @@
+package botman
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	validation "github.com/go-ozzo/ozzo-validation/v4"
+)
+
+type (
+	// The CustomCode interface supports retrieving and updating custom code
+	CustomCode interface {
+		GetCustomCode(ctx context.Context, params GetCustomCodeRequest) (map[string]interface{}, error)
+
+		UpdateCustomCode(ctx context.Context, params UpdateCustomCodeRequest) (map[string]interface{}, error)
+	}
+
+	// GetCustomCodeRequest is used to retrieve custom code
+	GetCustomCodeRequest struct {
+		ConfigID int64
+		Version  int64
+	}
+
+	// UpdateCustomCodeRequest is used to modify custom code
+	UpdateCustomCodeRequest struct {
+		ConfigID    int64
+		Version     int64
+		JsonPayload json.RawMessage
+	}
+)
+
+// Validate validates a GetCustomCodeRequest.
+func (v GetCustomCodeRequest) Validate() error {
+	return validation.Errors{
+		"ConfigID": validation.Validate(v.ConfigID, validation.Required),
+		"Version":  validation.Validate(v.Version, validation.Required),
+	}.Filter()
+}
+
+// Validate validates an UpdateCustomCodeRequest.
+func (v UpdateCustomCodeRequest) Validate() error {
+	return validation.Errors{
+		"ConfigID":    validation.Validate(v.ConfigID, validation.Required),
+		"Version":     validation.Validate(v.Version, validation.Required),
+		"JsonPayload": validation.Validate(v.JsonPayload, validation.Required),
+	}.Filter()
+}
+
+func (b *botman) GetCustomCode(ctx context.Context, params GetCustomCodeRequest) (map[string]interface{}, error) {
+	logger := b.Log(ctx)
+	logger.Debug("GetCustomCode")
+
+	if err := params.Validate(); err != nil {
+		return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error())
+	}
+
+	uri := fmt.Sprintf(
+		"/appsec/v1/configs/%d/versions/%d/advanced-settings/transactional-endpoint-protection/custom-code",
+		params.ConfigID,
+		params.Version)
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create GetCustomCode request: %w", err)
+	}
+
+	var result map[string]interface{}
+	resp, err := b.Exec(req, &result)
+	if err != nil {
+		return nil, fmt.Errorf("GetCustomCode request failed: %w", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, b.Error(resp)
+	}
+
+	return result, nil
+}
+
+func (b *botman) UpdateCustomCode(ctx context.Context, params UpdateCustomCodeRequest) (map[string]interface{}, error) {
+	logger := b.Log(ctx)
+	logger.Debug("UpdateCustomCode")
+
+	if err := params.Validate(); err != nil {
+		return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error())
+	}
+
+	putURL := fmt.Sprintf(
+		"/appsec/v1/configs/%d/versions/%d/advanced-settings/transactional-endpoint-protection/custom-code",
+		params.ConfigID,
+		params.Version,
+	)
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPut, putURL, nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create UpdateCustomCode request: %w", err)
+	}
+
+	var result map[string]interface{}
+	resp, err := b.Exec(req, &result, params.JsonPayload)
+	if err != nil {
+		return nil, fmt.Errorf("UpdateCustomCode request failed: %w", err)
+	}
+
+	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated && resp.StatusCode != http.StatusNoContent {
+		return nil, b.Error(resp)
+	}
+
+	return result, nil
+}