Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CIS Firewall development #2025

Merged
merged 2 commits into from
Nov 25, 2020
Merged

CIS Firewall development #2025

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7da1db3
CIS Firewall vendor changes
KumarGanesanIBM Nov 10, 2020
2eaf1da
CIS Firewall resource changes
KumarGanesanIBM Nov 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 16 additions & 2 deletions examples/ibm-cis/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -367,8 +367,19 @@ Customise the variables in `variables.tf` to your local environment and chosen D
| record\_content | DNS Record Content | `string` | yes |
| firewall\_type | Firewall Type | `string` | yes |
| lockdown\_url | Lockdown URL | `string` | yes |
| lockdown\_target | Lockdown Configuration target | `string` | yes |
| lockdown\_value | Lockdown Configuration Value | `string` | yes |
| lockdown\_paused | Locdown rule paused or not | `boolean` | no
| lockdown\_description | Lockdown description | `string` | no
| lockdown\_priority | Lockdown priority | `integer` | no
| lockdown\_configurations\_target | Lockdown Configuration target | `string` | yes |
| lockdown\_configurations\_value | Lockdown Configuration Value | `string` | yes |
| access_rule\_notes | Access rule notes | `string` | no
| access_rule\_mode | Access rule mode | `string` | yes
| access_rule\_configuration\_target | Access rule configuration target | `string` | yes |
| access_rule\_configuration\_value | Access rule configuration Value | `string` | yes |
| ua_rule\_description | User Agent rule description | `string` | no
| ua_rule\_mode | User Agent rule mode | `string` | yes
| ua_rule\_configuration\_target | User Agent rule configuration target | `string` | yes |
| ua_rule\_configuration\_value | User Agent rule configuration Value | `string` | yes |
| threshold | Rate Limiting Threshold | `number` | yes |
| period | Rate Limiting Period | `number` | yes |
| match\_request\_url | URL pattern of matching request | `string` | no |
Expand Down Expand Up @@ -413,6 +424,9 @@ Customise the variables in `variables.tf` to your local environment and chosen D
| edge_functions_action_id | Resource ID. It is combination of `action_name`:`domain_id`:`cis_id`|
| edge_functions_trigger_id | Resource ID. It is combination of `trigger_id`:`domain_id`:`cis_id`|
| page_id | Custom Page ID |
| lockdown\_lockdown_id | Firewall Lockdown ID
| access_rule\_access_rule_id | Firewall Access rule ID
| ua_rule\_ua_rule_id | Firewall User Agent rule ID

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

Expand Down
9 changes: 8 additions & 1 deletion examples/ibm-cis/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ resource "ibm_cis_dns_record" "example" {

}

# CIS Firewall - Present resource supports only lockdown
# CIS Firewall
resource "ibm_cis_firewall" "lockdown" {
cis_id = ibm_cis.web_domain.id
domain_id = ibm_cis_domain.web_domain.id
Expand All @@ -121,6 +121,13 @@ resource "ibm_cis_firewall" "lockdown" {
}
}

# CIS Firewall data source
data "ibm_cis_firewall" "ua_rules" {
cis_id = ibm_cis.web_domain.id
domain_id = ibm_cis_domain.web_domain.id
firewall_type = "ua_rules"
}

#CIS Rate Limit
resource "ibm_cis_rate_limit" "ratelimit" {
cis_id = data.ibm_cis.web_domain.id
Expand Down
4 changes: 4 additions & 0 deletions examples/ibm-cis/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,7 @@ output "cache_settings" {
output "ibm_cis_custom_page_output" {
value = ibm_cis_custom_page.custom_page
}

output "ibm_cis_firewall_ouput" {
value = ibm_cis_firewall.lockdown
}
1 change: 1 addition & 0 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ require (
github.com/IBM/apigateway-go-sdk v0.0.0-20200414212859-416e5948678a
github.com/IBM/go-sdk-core v1.1.0
github.com/IBM/go-sdk-core/v3 v3.3.1
github.com/IBM/go-sdk-core/v4 v4.5.1
github.com/IBM/ibm-cos-sdk-go v1.3.1
github.com/IBM/ibm-cos-sdk-go-config v1.0.1
github.com/IBM/networking-go-sdk v0.12.0
Expand Down
82 changes: 82 additions & 0 deletions ibm/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ import (
cisroutingv1 "github.com/IBM/networking-go-sdk/routingv1"
cissslv1 "github.com/IBM/networking-go-sdk/sslcertificateapiv1"
tg "github.com/IBM/networking-go-sdk/transitgatewayapisv1"
cisuarulev1 "github.com/IBM/networking-go-sdk/useragentblockingrulesv1"
cisaccessrulev1 "github.com/IBM/networking-go-sdk/zonefirewallaccessrulesv1"
cislockdownv1 "github.com/IBM/networking-go-sdk/zonelockdownv1"
cisratelimitv1 "github.com/IBM/networking-go-sdk/zoneratelimitsv1"
cisdomainsettingsv1 "github.com/IBM/networking-go-sdk/zonessettingsv1"
ciszonesv1 "github.com/IBM/networking-go-sdk/zonesv1"
Expand Down Expand Up @@ -205,6 +208,9 @@ type ClientSession interface {
CisRoutingClientSession() (*cisroutingv1.RoutingV1, error)
CisCacheClientSession() (*ciscachev1.CachingApiV1, error)
CisCustomPageClientSession() (*ciscustompagev1.CustomPagesV1, error)
CisAccessRuleClientSession() (*cisaccessrulev1.ZoneFirewallAccessRulesV1, error)
CisUARuleClientSession() (*cisuarulev1.UserAgentBlockingRulesV1, error)
CisLockdownClientSession() (*cislockdownv1.ZoneLockdownV1, error)
}

type clientSession struct {
Expand Down Expand Up @@ -368,6 +374,18 @@ type clientSession struct {
// CIS Custom Pages service options
cisCustomPageErr error
cisCustomPageClient *ciscustompagev1.CustomPagesV1

// CIS Firewall Access rule service option
cisAccessRuleErr error
cisAccessRuleClient *cisaccessrulev1.ZoneFirewallAccessRulesV1

// CIS User Agent Blocking Rule service option
cisUARuleErr error
cisUARuleClient *cisuarulev1.UserAgentBlockingRulesV1

// CIS Firewall Lockdwon Rule service option
cisLockdownErr error
cisLockdownClient *cislockdownv1.ZoneLockdownV1
}

// BluemixAcccountAPI ...
Expand Down Expand Up @@ -616,6 +634,21 @@ func (sess clientSession) CisCustomPageClientSession() (*ciscustompagev1.CustomP
return sess.cisCustomPageClient, sess.cisCustomPageErr
}

// CIS Firewall access rule
func (sess clientSession) CisAccessRuleClientSession() (*cisaccessrulev1.ZoneFirewallAccessRulesV1, error) {
return sess.cisAccessRuleClient, sess.cisAccessRuleErr
}

// CIS User Agent Blocking rule
func (sess clientSession) CisUARuleClientSession() (*cisuarulev1.UserAgentBlockingRulesV1, error) {
return sess.cisUARuleClient, sess.cisUARuleErr
}

// CIS Firewall Lockdown rule
func (sess clientSession) CisLockdownClientSession() (*cislockdownv1.ZoneLockdownV1, error) {
return sess.cisLockdownClient, sess.cisLockdownErr
}

// ClientSession configures and returns a fully initialized ClientSession
func (c *Config) ClientSession() (interface{}, error) {
sess, err := newSession(c)
Expand Down Expand Up @@ -680,6 +713,9 @@ func (c *Config) ClientSession() (interface{}, error) {
session.cisRoutingErr = errEmptyBluemixCredentials
session.cisCacheErr = errEmptyBluemixCredentials
session.cisCustomPageErr = errEmptyBluemixCredentials
session.cisAccessRuleErr = errEmptyBluemixCredentials
session.cisUARuleErr = errEmptyBluemixCredentials
session.cisLockdownErr = errEmptyBluemixCredentials

return session, nil
}
Expand Down Expand Up @@ -1172,13 +1208,59 @@ func (c *Config) ClientSession() (interface{}, error) {
ZoneIdentifier: core.StringPtr(""),
Authenticator: authenticator,
}

session.cisCustomPageClient, session.cisCustomPageErr =
ciscustompagev1.NewCustomPagesV1(cisCustomPageOpt)
if session.cisCustomPageErr != nil {
session.cisCustomPageErr =
fmt.Errorf("Error occured while configuring CIS Custom Pages service: %s",
session.cisCustomPageErr)
}

// IBM Network CIS Firewall Access rule
cisAccessRuleOpt := &cisaccessrulev1.ZoneFirewallAccessRulesV1Options{
URL: cisEndPoint,
Crn: core.StringPtr(""),
ZoneIdentifier: core.StringPtr(""),
Authenticator: authenticator,
}
session.cisAccessRuleClient, session.cisAccessRuleErr =
cisaccessrulev1.NewZoneFirewallAccessRulesV1(cisAccessRuleOpt)
if session.cisAccessRuleErr != nil {
session.cisAccessRuleErr =
fmt.Errorf("Error occured while configuring CIS Firewall Access Rule service: %s",
session.cisAccessRuleErr)
}

// IBM Network CIS Firewall User Agent Blocking rule
cisUARuleOpt := &cisuarulev1.UserAgentBlockingRulesV1Options{
URL: cisEndPoint,
Crn: core.StringPtr(""),
ZoneIdentifier: core.StringPtr(""),
Authenticator: authenticator,
}
session.cisUARuleClient, session.cisUARuleErr =
cisuarulev1.NewUserAgentBlockingRulesV1(cisUARuleOpt)
if session.cisUARuleErr != nil {
session.cisUARuleErr =
fmt.Errorf("Error occured while configuring CIS Firewall User Agent Blocking Rule service: %s",
session.cisUARuleErr)
}

// IBM Network CIS Firewall Lockdown rule
cisLockdownOpt := &cislockdownv1.ZoneLockdownV1Options{
URL: cisEndPoint,
Crn: core.StringPtr(""),
ZoneIdentifier: core.StringPtr(""),
Authenticator: authenticator,
}
session.cisLockdownClient, session.cisLockdownErr =
cislockdownv1.NewZoneLockdownV1(cisLockdownOpt)
if session.cisLockdownErr != nil {
session.cisLockdownErr =
fmt.Errorf("Error occured while configuring CIS Firewall Lockdown Rule service: %s",
session.cisLockdownErr)
}
return session, nil
}

Expand Down
Loading