Documentation ¶
Index ¶
- Constants
- Variables
- func AddManagedRuleExclusion(cliInput *AddManagedRuleExclusionCLIInput) (err error)
- func BackupPolicies(in *BackupPoliciesInput) error
- func BackupPolicy(p *WrappedPolicy, containerURL *azblob.ContainerURL, failFast, quiet bool, ...) (err error)
- func Confirm(item, request string) bool
- func ConvertToResourceIDs(ids []string, subID string) (rids []config.ResourceID, err error)
- func CopyPolicy(original armfrontdoor.WebApplicationFirewallPolicy) (armfrontdoor.WebApplicationFirewallPolicy, error)
- func CopyRules(i CopyRulesInput) error
- func CustomRuleHasDefaultDeny(c *armfrontdoor.CustomRule) (defaultDeny bool)
- func DeleteCustomRulesCLI(cliInput *DeleteCustomRulesCLIInput) (err error)
- func DeleteCustomRulesPrefixes(in DeleteCustomRulesPrefixesInput) (modified bool, err error)
- func DeleteManagedRuleExclusion(dmreci *DeleteManagedRuleExclusionCLIInput) (err error)
- func DisplayPolicyDiff(original, latest interface{}) error
- func DisplayStringDiffWithDiffTool(orig, updated string) error
- func GenCustomRulesFromIPNets(in GenCustomRulesFromIPNetsInput) ([]*armfrontdoor.CustomRule, error)
- func GetAddManagedRuleExclusionProcessScope(amrei AddManagedRuleExclusionInput) (scope string, err error)
- func GetAllPolicies(s *session.Session, i GetWrappedPoliciesInput) ([]resources.GenericResourceExpanded, error)
- func GetDeleteManagedRuleExclusionProcessScope(input *DeleteManagedRuleExclusionInput) (scope string, err error)
- func GetFrontDoorIDs(s *session.Session, subID string) (ids []string, err error)
- func GetFunctionName() string
- func GetPoliciesToRestore(s *session.Session, policyBackups []WrappedPolicy, i *RestorePoliciesInput) (policiesToRestore []policyToRestore, err error)
- func GetPolicyRIDByHash(s *session.Session, subID, hash string) (string, error)
- func GetPolicyResourceIDByHash(s *session.Session, subID, hash string) (config.ResourceID, error)
- func GetRawPolicy(s *session.Session, subscription, resourceGroup, name string) (*armfrontdoor.WebApplicationFirewallPolicy, error)
- func GetRawPolicyCustomRuleByID(s *session.Session, policyID config.ResourceID, customRuleName string) (armfrontdoor.CustomRule, error)
- func GetRuleSetDefinitionsMatchingPolicy(s *session.Session, policy *armfrontdoor.WebApplicationFirewallPolicy) (rsds []*armfrontdoor.ManagedRuleSetDefinition, err error)
- func GetWAFPolicyResourceID(s *session.Session, in GetWAFPolicyResourceIDInput) (config.ResourceID, error)
- func GetWAFResourceIDFromCacheByHash(s *session.Session, hash string) (string, error)
- func HasCustomRules(p *armfrontdoor.WebApplicationFirewallPolicy) (ok bool, noRuleSets int)
- func HasMatchingExclusions(one, two *armfrontdoor.ManagedRuleExclusion) bool
- func HasRuleSets(p *armfrontdoor.WebApplicationFirewallPolicy) (ok bool, noRuleSets int)
- func HaveEqualRuleSets(one, two *armfrontdoor.WebApplicationFirewallPolicy) bool
- func Int32ToPointer(i int32) (p *int32)
- func IsIPv4(address string) bool
- func IsIPv6(address string) bool
- func IsRIDHash(s string) bool
- func IsValidExclusionRuleVariable(v armfrontdoor.ManagedRuleExclusionMatchVariable, ci bool) bool
- func ListFrontDoors(subID string) error
- func ListPolicies(in ListPoliciesInput) error
- func LoadPolicyFromFile(f string) (armfrontdoor.WebApplicationFirewallPolicy, error)
- func MatchConditionHasDefaultUnknown(mc *armfrontdoor.MatchCondition) (result bool)
- func MatchValuesHasMatchAll(mvs []*string, matchVariable armfrontdoor.MatchVariable, ...) (res bool)
- func Normalise(iPrefixes []netip.Prefix) ([]netip.Prefix, error)
- func NormaliseExclusionInput(inVar, inOp string) (outVar armfrontdoor.ManagedRuleExclusionMatchVariable, ...)
- func NormaliseMatchOperator(mo string) (match bool, result armfrontdoor.ManagedRuleExclusionSelectorMatchOperator)
- func NormaliseMatchVariable(mr string) (match bool, result armfrontdoor.ManagedRuleExclusionMatchVariable)
- func OutputManagedRuleExclusions(in *OutputManagedRuleInput)
- func OutputManagedRuleExclusionsTable(in *OutputManagedRuleExclusionsTableInput)
- func OutputManagedRuleGroupExclusions(in *OutputManagedRuleInput)
- func OutputManagedRuleSetExclusions(in *OutputManagedRuleInput)
- func OutputManagedRuleSetExclusionsTable(in *OutputManagedRuleExclusionsTableInput)
- func OutputPolicy(input OutputPolicyInput)
- func OutputPolicyMetaData(policy *armfrontdoor.WebApplicationFirewallPolicy)
- func PadToWidth(input, char string, inputLengthOverride int, trimToWidth bool) (output string)
- func PrintPolicy(policyID, subscriptionID, configPath string) error
- func PrintPolicyCustomRule(subscriptionID, extendedID, config string) error
- func ProcessPolicyChanges(input *ProcessPolicyChangesInput) error
- func PushPolicy(s *session.Session, i *PushPolicyInput) error
- func RestorePolicies(i *RestorePoliciesInput) (err error)
- func SaveWAFResourceIDHashMap(s *session.Session, res []resources.GenericResourceExpanded) error
- func ShowExclusions(in *ShowExclusionsCLIInput) error
- func ShowManagedRuleExclusions(ruleID string, policyID config.ResourceID) error
- func ShowManagedRuleGroupExclusions(ruleGroup string, policyID config.ResourceID) error
- func ShowManagedRuleSetExclusions(ruleSetType, ruleSetVersion string, policyID config.ResourceID) error
- func ShowPolicy(in ShowPolicyInput) error
- func TrimString(in string, maxLen int, suffix string) string
- func ValidateResourceID(rawID string, extended bool) error
- func ValidateResourceIDs(ids []string) error
- type Action
- type AddCustomRulesPrefixesInput
- type AddManagedRuleExclusionCLIInput
- type AddManagedRuleExclusionInput
- type ApplyRemoveNetsInput
- type ApplyRemoveNetsResult
- type ApplyRemoveNetsResults
- type BackupPoliciesInput
- type BaseCLIInput
- type BotRuleSetStatsOutput
- type CopyRulesInput
- type DeleteCustomRulesCLIInput
- type DeleteCustomRulesPrefixesInput
- type DeleteManagedRuleExclusionCLIInput
- type DeleteManagedRuleExclusionInput
- type FrontDoor
- type FrontDoorEndpoint
- type FrontDoors
- type GenCustomRulesFromIPNetsInput
- type GeneratePolicyPatchInput
- type GeneratePolicyPatchOutput
- type GetPolicyInput
- type GetPolicyOutput
- type GetWAFPolicyResourceIDInput
- type GetWrappedPoliciesInput
- type GetWrappedPoliciesOutput
- type IPNets
- type ListPoliciesInput
- type LogIPsInput
- type OutputManagedRuleExclusionsTableInput
- type OutputManagedRuleInput
- type OutputPolicyInput
- type ProcessPolicyChangesInput
- type PushPolicyInput
- type RemoveNetsInput
- type RestorePoliciesInput
- type RuleNamePrefix
- type RuleSetStatsOutput
- type ShowExclusionsCLIInput
- type ShowPolicyInput
- type UpdatePolicyCustomRulesIPMatchPrefixesInput
- type WAFResourceIDHashMap
- type WAFResourceIDHashMapEntry
- type WrappedManagedRuleSet
- type WrappedPolicy
- func CopyWrappedPolicy(original *WrappedPolicy) (*WrappedPolicy, error)
- func GeneratePolicyToRestore(existing, backup *WrappedPolicy, i *RestorePoliciesInput) WrappedPolicy
- func LoadBackupsFromPath(path string) ([]WrappedPolicy, error)
- func LoadBackupsFromPaths(paths []string) ([]WrappedPolicy, error)
- func LoadWrappedPolicyFromFile(f string) (WrappedPolicy, error)
- func MatchExistingPolicyByID(targetPolicyID string, existingPolicies []WrappedPolicy) (bool, WrappedPolicy)
Constants ¶
const ( PushPolicyTimeout = 120 PushPolicyPollFrequency = 20 )
const ( // MaxPoliciesToFetch is the maximum number to attempt to retrieve (not an Azure limit) MaxPoliciesToFetch = 200 // MaxFrontDoorsToFetch is the maximum number to attempt to retrieve (not an Azure limit) MaxFrontDoorsToFetch = 100 // MaxCustomRules is the hard limit on the number of allowed Custom rules MaxCustomRules = 90 // MaxLogNetsRules is the maximum number of Custom rules to create from Azure's hard limit of 90 per Policy MaxLogNetsRules = 10 // MaxBlockNetsRules is the maximum number of Custom rules to create from Azure's hard limit of 90 per Policy MaxBlockNetsRules = 40 // MaxAllowNetsRules is the maximum number of Custom rules to create from Azure's hard limit of 90 per Policy MaxAllowNetsRules = 10 // MaxIPMatchValues is Azure's hard limit on IPMatch values per rule MaxIPMatchValues = 600 // LogNetsPrefix is the prefix for Custom Rules used for logging IP networks LogNetsPrefix = "LogNets" // LogNetsPriorityStart is the first Custom rule priority number // Manual log rules should be numbered below 1000 LogNetsPriorityStart = 1000 // AllowNetsPrefix is the prefix for Custom Rules used for allowing IP networks AllowNetsPrefix = "AllowNets" // AllowNetsPriorityStart is the first Custom rule priority number // Manual allow rules should be numbered 2000-2999 AllowNetsPriorityStart = 3000 BlockNetsPriorityStart = 5000 // MaxMatchValuesPerColumn is the number of match values to output per column when showing policies and rules MaxMatchValuesPerColumn = 3 // MaxMatchValuesOutput is the maximum number of match values to output when showing policies and rules MaxMatchValuesOutput = 9 )
const ( // Azure limits - https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-front-door-classic-limits MaxConditionsPerCustomRule = 10 ScopeRuleSet = "ruleSet" ScopeRuleGroup = "ruleGroup" ScopeRule = "rule" WAFResourceIDHashMapName = "WAFResourceIDHashMap" )
Variables ¶
var (
ErrInvalidRuleType = errors.New("invalid rule type")
)
var ValidRuleExclusionMatchOperators = [...]string{
"Contains",
"EndsWith",
"Equals",
"EqualsAny",
"StartsWith",
}
var ValidRuleExclusionMatchVariables = [...]string{
"RequestCookieNames",
"RequestHeaderNames",
"QueryStringArgNames",
"RequestBodyPostArgNames",
"RequestBodyJsonArgNames",
}
Functions ¶
func AddManagedRuleExclusion ¶
func AddManagedRuleExclusion(cliInput *AddManagedRuleExclusionCLIInput) (err error)
func BackupPolicies ¶
func BackupPolicies(in *BackupPoliciesInput) error
BackupPolicies retrieves policies within a subscription and writes them, with meta-data, to individual json files
func BackupPolicy ¶
func BackupPolicy(p *WrappedPolicy, containerURL *azblob.ContainerURL, failFast, quiet bool, path string) (err error)
BackupPolicy takes a WrappedPolicy as input and creates a json file that can later be restored
func ConvertToResourceIDs ¶
func ConvertToResourceIDs(ids []string, subID string) (rids []config.ResourceID, err error)
ConvertToResourceIDs accepts a slice of strings representing resource ids and/or hashes and returns a slice of matching resource ids
func CopyPolicy ¶
func CopyPolicy(original armfrontdoor.WebApplicationFirewallPolicy) (armfrontdoor.WebApplicationFirewallPolicy, error)
CopyPolicy takes an instance of a policy and returns a duplicate
func CopyRules ¶
func CopyRules(i CopyRulesInput) error
CopyRules copies managed and custom rules between policies with matching rule sets
func CustomRuleHasDefaultDeny ¶
func CustomRuleHasDefaultDeny(c *armfrontdoor.CustomRule) (defaultDeny bool)
func DeleteCustomRulesCLI ¶
func DeleteCustomRulesCLI(cliInput *DeleteCustomRulesCLIInput) (err error)
func DeleteCustomRulesPrefixes ¶
func DeleteCustomRulesPrefixes(in DeleteCustomRulesPrefixesInput) (modified bool, err error)
func DeleteManagedRuleExclusion ¶
func DeleteManagedRuleExclusion(dmreci *DeleteManagedRuleExclusionCLIInput) (err error)
func DisplayPolicyDiff ¶
func DisplayPolicyDiff(original, latest interface{}) error
func GenCustomRulesFromIPNets ¶
func GenCustomRulesFromIPNets(in GenCustomRulesFromIPNetsInput) ([]*armfrontdoor.CustomRule, error)
GenCustomRulesFromIPNets accepts two lists of IPs (positive and negative), plus the action to be taken with them, and the maximum number of rules to create and then returns a slice of CustomRules
func GetAddManagedRuleExclusionProcessScope ¶
func GetAddManagedRuleExclusionProcessScope(amrei AddManagedRuleExclusionInput) (scope string, err error)
GetAddManagedRuleExclusionProcessScope returns the scope for deletion of Managed rule exclusions
func GetAllPolicies ¶
func GetAllPolicies(s *session.Session, i GetWrappedPoliciesInput) ([]resources.GenericResourceExpanded, error)
func GetDeleteManagedRuleExclusionProcessScope ¶
func GetDeleteManagedRuleExclusionProcessScope(input *DeleteManagedRuleExclusionInput) (scope string, err error)
GetDeleteManagedRuleExclusionProcessScope returns the scope for deletion of Managed rule exclusions
func GetFrontDoorIDs ¶
func GetFunctionName ¶
func GetFunctionName() string
func GetPoliciesToRestore ¶
func GetPoliciesToRestore(s *session.Session, policyBackups []WrappedPolicy, i *RestorePoliciesInput) (policiesToRestore []policyToRestore, err error)
func GetPolicyRIDByHash ¶
func GetRawPolicy ¶
func GetRawPolicy(s *session.Session, subscription, resourceGroup, name string) (*armfrontdoor.WebApplicationFirewallPolicy, error)
func GetRawPolicyCustomRuleByID ¶
func GetRawPolicyCustomRuleByID(s *session.Session, policyID config.ResourceID, customRuleName string) (armfrontdoor.CustomRule, error)
GetRawPolicyCustomRuleByID returns a Custom rule matching the resource id. The id is an extended resource id: <Policy>|<Custom rule name>.
func GetRuleSetDefinitionsMatchingPolicy ¶
func GetRuleSetDefinitionsMatchingPolicy(s *session.Session, policy *armfrontdoor.WebApplicationFirewallPolicy) (rsds []*armfrontdoor.ManagedRuleSetDefinition, err error)
func GetWAFPolicyResourceID ¶
func GetWAFPolicyResourceID(s *session.Session, in GetWAFPolicyResourceIDInput) (config.ResourceID, error)
func HasCustomRules ¶
func HasCustomRules(p *armfrontdoor.WebApplicationFirewallPolicy) (ok bool, noRuleSets int)
func HasMatchingExclusions ¶
func HasMatchingExclusions(one, two *armfrontdoor.ManagedRuleExclusion) bool
func HasRuleSets ¶
func HasRuleSets(p *armfrontdoor.WebApplicationFirewallPolicy) (ok bool, noRuleSets int)
func HaveEqualRuleSets ¶
func HaveEqualRuleSets(one, two *armfrontdoor.WebApplicationFirewallPolicy) bool
func Int32ToPointer ¶
func IsValidExclusionRuleVariable ¶
func IsValidExclusionRuleVariable(v armfrontdoor.ManagedRuleExclusionMatchVariable, ci bool) bool
func ListFrontDoors ¶
func ListPolicies ¶
func ListPolicies(in ListPoliciesInput) error
func LoadPolicyFromFile ¶
func LoadPolicyFromFile(f string) (armfrontdoor.WebApplicationFirewallPolicy, error)
func MatchConditionHasDefaultUnknown ¶
func MatchConditionHasDefaultUnknown(mc *armfrontdoor.MatchCondition) (result bool)
func MatchValuesHasMatchAll ¶
func MatchValuesHasMatchAll(mvs []*string, matchVariable armfrontdoor.MatchVariable, operator armfrontdoor.Operator) (res bool)
func Normalise ¶
Normalise accepts a slice of netip.Prefix and returns a unique slice of their string representations
func NormaliseExclusionInput ¶
func NormaliseExclusionInput(inVar, inOp string) (outVar armfrontdoor.ManagedRuleExclusionMatchVariable, outOp armfrontdoor.ManagedRuleExclusionSelectorMatchOperator, err error)
func NormaliseMatchOperator ¶
func NormaliseMatchOperator(mo string) (match bool, result armfrontdoor.ManagedRuleExclusionSelectorMatchOperator)
func NormaliseMatchVariable ¶
func NormaliseMatchVariable(mr string) (match bool, result armfrontdoor.ManagedRuleExclusionMatchVariable)
func OutputManagedRuleExclusions ¶
func OutputManagedRuleExclusions(in *OutputManagedRuleInput)
func OutputManagedRuleExclusionsTable ¶
func OutputManagedRuleExclusionsTable(in *OutputManagedRuleExclusionsTableInput)
func OutputManagedRuleGroupExclusions ¶
func OutputManagedRuleGroupExclusions(in *OutputManagedRuleInput)
func OutputManagedRuleSetExclusions ¶
func OutputManagedRuleSetExclusions(in *OutputManagedRuleInput)
func OutputManagedRuleSetExclusionsTable ¶
func OutputManagedRuleSetExclusionsTable(in *OutputManagedRuleExclusionsTableInput)
func OutputPolicy ¶
func OutputPolicy(input OutputPolicyInput)
func OutputPolicyMetaData ¶
func OutputPolicyMetaData(policy *armfrontdoor.WebApplicationFirewallPolicy)
func PadToWidth ¶
func PrintPolicy ¶
PrintPolicy outputs the raw json Policy with the provided resource id.
func PrintPolicyCustomRule ¶
PrintPolicyCustomRule outputs the Custom rule for a given resource. The id is an extended resource id: <Policy>|<Custom rule name>.
func ProcessPolicyChanges ¶
func ProcessPolicyChanges(input *ProcessPolicyChangesInput) error
func PushPolicy ¶
func PushPolicy(s *session.Session, i *PushPolicyInput) error
PushPolicy creates or updates a waf Policy with the provided Policy instance.
func RestorePolicies ¶
func RestorePolicies(i *RestorePoliciesInput) (err error)
RestorePolicies loads existing backup(s) from files and then adds/overwrites based on user's choices
func SaveWAFResourceIDHashMap ¶
func SaveWAFResourceIDHashMap(s *session.Session, res []resources.GenericResourceExpanded) error
func ShowExclusions ¶
func ShowExclusions(in *ShowExclusionsCLIInput) error
func ShowManagedRuleExclusions ¶
func ShowManagedRuleExclusions(ruleID string, policyID config.ResourceID) error
func ShowManagedRuleGroupExclusions ¶
func ShowManagedRuleGroupExclusions(ruleGroup string, policyID config.ResourceID) error
func ShowManagedRuleSetExclusions ¶
func ShowManagedRuleSetExclusions(ruleSetType, ruleSetVersion string, policyID config.ResourceID) error
func ShowPolicy ¶
func ShowPolicy(in ShowPolicyInput) error
func ValidateResourceID ¶
ValidateResourceID will tokenise and check the format is valid 'extended' parameter is used to indicate if pipe separated value follows id
func ValidateResourceIDs ¶
Types ¶
type AddCustomRulesPrefixesInput ¶
type AddCustomRulesPrefixesInput struct { BaseCLIInput Session *session.Session Policy *armfrontdoor.WebApplicationFirewallPolicy SubscriptionID string RawResourceID string ResourceID config.ResourceID Action armfrontdoor.ActionType Output bool DryRun bool Filepath string Addrs IPNets RuleNamePrefix RuleNamePrefix PriorityStart int // StartRuleNumber int MaxRules int // can be called from external so allow override LogLevel *logrus.Level }
type AddManagedRuleExclusionCLIInput ¶
type AddManagedRuleExclusionCLIInput struct { BaseCLIInput ShowDiff bool SubscriptionID string PolicyID string RID config.ResourceID RuleSet string RuleGroup string RuleID string ExclusionRuleVariable string ExclusionRuleOperator string ExclusionRuleSelector string }
func (*AddManagedRuleExclusionCLIInput) ParseConfig ¶
func (input *AddManagedRuleExclusionCLIInput) ParseConfig() (amrei *AddManagedRuleExclusionInput, err error)
type AddManagedRuleExclusionInput ¶
type AddManagedRuleExclusionInput struct { Session *session.Session // included for test injection only RuleSetDefinitions []*armfrontdoor.ManagedRuleSetDefinition DryRun bool AutoBackup bool RuleSets []*armfrontdoor.ManagedRuleSet PolicyResourceID config.ResourceID RuleSetType *string RuleSetVersion *string RuleGroup string RuleID string ExclusionRuleVariable armfrontdoor.ManagedRuleExclusionMatchVariable ExclusionRuleOperator armfrontdoor.ManagedRuleExclusionSelectorMatchOperator ExclusionRuleSelector string Debug bool ShowDiff bool AppVersion string // helper attribute: used to assess scope of change Scope string }
AddManagedRuleExclusionInput defines the exclusion to add to a managed rule set
type ApplyRemoveNetsInput ¶
type ApplyRemoveNetsInput struct { BaseCLIInput RID config.ResourceID MatchPrefix RuleNamePrefix Action *armfrontdoor.ActionType RuleType *armfrontdoor.RuleType Output bool DryRun bool Filepath string Addrs IPNets MaxRules int // can be called from external so allow override LogLevel *logrus.Level }
type ApplyRemoveNetsResult ¶
func ApplyRemoveAddrs ¶
func ApplyRemoveAddrs(s *session.Session, input *ApplyRemoveNetsInput) ([]ApplyRemoveNetsResult, error)
ApplyRemoveAddrs removes selected networks from custom rules
func RemoveNets ¶
func RemoveNets(input *RemoveNetsInput) ([]ApplyRemoveNetsResult, error)
RemoveNets removes selected networks from custom rules
type ApplyRemoveNetsResults ¶
type ApplyRemoveNetsResults []ApplyRemoveNetsResult
type BackupPoliciesInput ¶
type BackupPoliciesInput struct { BaseCLIInput Path string RIDs []string StorageAccountResourceID string ContainerURL string FailFast bool }
BackupPoliciesInput are the arguments provided to the BackupPolicies function.
func (*BackupPoliciesInput) Validate ¶
func (in *BackupPoliciesInput) Validate() error
type BaseCLIInput ¶
type BotRuleSetStatsOutput ¶
type BotRuleSetStatsOutput struct { // rule set RuleSetType string RuleSetVersion string // rules Rules int RulesEnabled int RulesDisabled int BlockTotal int AllowTotal int LogTotal int RedirectTotal int GroupCount int // exclusions RuleSetScopeExclusionsTotal int RuleGroupScopeExclusionsTotal int RuleScopeExclusionsTotal int TotalExclusions int }
type CopyRulesInput ¶
type CopyRulesInput struct { BaseCLIInput SubscriptionID string Source string Target string CustomRulesOnly bool ManagedRulesOnly bool DryRun bool ShowDiff bool Debug bool Async bool Quiet bool AppVersion string }
CopyRulesInput are the arguments provided to the CopyRules function.
func (*CopyRulesInput) Validate ¶
func (c *CopyRulesInput) Validate() error
type DeleteCustomRulesCLIInput ¶
type DeleteCustomRulesCLIInput struct { BaseCLIInput BaseCLIInput SubscriptionID string PolicyID string DryRun bool ConfigPath string RID config.ResourceID Name string NameMatch *regexp.Regexp Priority string MaxRules int Debug bool }
func (*DeleteCustomRulesCLIInput) ParseConfig ¶
func (input *DeleteCustomRulesCLIInput) ParseConfig() (output DeleteCustomRulesPrefixesInput, err error)
func (*DeleteCustomRulesCLIInput) ProcessCLIInput ¶
func (input *DeleteCustomRulesCLIInput) ProcessCLIInput() (output DeleteCustomRulesPrefixesInput, err error)
type DeleteCustomRulesPrefixesInput ¶
type DeleteCustomRulesPrefixesInput struct { Policy *armfrontdoor.WebApplicationFirewallPolicy RID config.ResourceID Name string NameMatch *regexp.Regexp Priority int PrioritySet bool MaxRules int Debug bool }
type DeleteManagedRuleExclusionCLIInput ¶
type DeleteManagedRuleExclusionCLIInput struct { BaseCLIInput SubscriptionID string PolicyID string RID config.ResourceID RuleSet string RuleGroup string RuleID string ShowDiff bool ExclusionRuleVariable string ExclusionRuleOperator string ExclusionRuleSelector string Debug bool }
func (*DeleteManagedRuleExclusionCLIInput) ParseConfig ¶
func (input *DeleteManagedRuleExclusionCLIInput) ParseConfig() (dmrei *DeleteManagedRuleExclusionInput, err error)
type DeleteManagedRuleExclusionInput ¶
type DeleteManagedRuleExclusionInput struct { DryRun bool RID config.ResourceID RuleSetType *string RuleSetVersion *string RuleGroup string RuleID string ShowDiff bool ExclusionRuleVariable armfrontdoor.ManagedRuleExclusionMatchVariable ExclusionRuleOperator armfrontdoor.ManagedRuleExclusionSelectorMatchOperator ExclusionRuleSelector string Debug bool // helper attribute: used to assess scope of change Scope string }
type FrontDoorEndpoint ¶
type FrontDoorEndpoint struct {
// contains filtered or unexported fields
}
type FrontDoors ¶
type FrontDoors []FrontDoor
func GetFrontDoors ¶
func GetFrontDoors(s *session.Session, subID string) (frontDoors FrontDoors, err error)
type GenCustomRulesFromIPNetsInput ¶
type GenCustomRulesFromIPNetsInput struct { PositiveMatchNets IPNets NegativeMatchNets IPNets RuleType *armfrontdoor.RuleType RateLimitDurationInMinutes *int32 RateLimitThreshold *int32 Action *armfrontdoor.ActionType MaxRules int CustomNamePrefix RuleNamePrefix CustomPriorityStart int }
type GeneratePolicyPatchInput ¶
type GeneratePolicyPatchInput struct { Original interface{} New armfrontdoor.WebApplicationFirewallPolicy }
type GeneratePolicyPatchOutput ¶
type GeneratePolicyPatchOutput struct { TotalDifferences int TotalRuleDifferences int CustomRuleAdditions int CustomRuleChanges int CustomRuleRemovals int CustomRuleReplacements int ManagedRuleChanges int ManagedRuleAdditions int ManagedRuleRemovals int ManagedRuleReplacements int }
func GeneratePolicyPatch ¶
func GeneratePolicyPatch(i *GeneratePolicyPatchInput) (GeneratePolicyPatchOutput, error)
func UpdatePolicyCustomRulesIPMatchPrefixes ¶
func UpdatePolicyCustomRulesIPMatchPrefixes(in UpdatePolicyCustomRulesIPMatchPrefixesInput) (bool, GeneratePolicyPatchOutput, error)
UpdatePolicyCustomRulesIPMatchPrefixes updates an existing Custom Policy with prefixes matching the requested action
type GetPolicyInput ¶
type GetPolicyInput struct { Session *session.Session // CLIPolicyID string PolicyID config.ResourceID }
func (*GetPolicyInput) GetPolicy ¶
func (input *GetPolicyInput) GetPolicy() (output GetPolicyOutput, err error)
type GetPolicyOutput ¶
type GetPolicyOutput struct {
Policy *armfrontdoor.WebApplicationFirewallPolicy
}
type GetWrappedPoliciesInput ¶
type GetWrappedPoliciesOutput ¶
type GetWrappedPoliciesOutput struct {
Policies []WrappedPolicy
}
func GetWrappedPoliciesFromRawIDs ¶
func GetWrappedPoliciesFromRawIDs(s *session.Session, i GetWrappedPoliciesInput) (GetWrappedPoliciesOutput, error)
type ListPoliciesInput ¶
func (ListPoliciesInput) Validate ¶
func (in ListPoliciesInput) Validate() error
type LogIPsInput ¶
type OutputManagedRuleExclusionsTableInput ¶
type OutputManagedRuleExclusionsTableInput struct {
// contains filtered or unexported fields
}
type OutputManagedRuleInput ¶
type OutputManagedRuleInput struct { Policy *armfrontdoor.WebApplicationFirewallPolicy PolicyName string PolicyType string PolicyProvisioningState string PolicyResourceState *armfrontdoor.PolicyResourceState PolicyEnabledState string PolicySettingsMode string Rule *armfrontdoor.ManagedRuleOverride RuleGroupExclusions []*armfrontdoor.ManagedRuleExclusion RuleSetExclusions []*armfrontdoor.ManagedRuleExclusion RuleSetDefinition *armfrontdoor.ManagedRuleSetDefinition RuleGroupDefinition *armfrontdoor.ManagedRuleGroupDefinition RuleDefinition *armfrontdoor.ManagedRuleDefinition }
type OutputPolicyInput ¶
type OutputPolicyInput struct {
// contains filtered or unexported fields
}
type PushPolicyInput ¶
type PushPolicyInput struct { Name string Subscription string ResourceGroup string Policy armfrontdoor.WebApplicationFirewallPolicy Debug bool Timeout int64 Async bool }
PushPolicyInput defines the input for the pushPolicy function
type RemoveNetsInput ¶
type RemoveNetsInput struct { BaseCLIInput Session *session.Session RawResourceID string MatchPrefix RuleNamePrefix ResourceID config.ResourceID Action *armfrontdoor.ActionType Filepath string Nets []netip.Prefix MaxRules int // can be called from external so allow override LogLevel *logrus.Level }
type RestorePoliciesInput ¶
type RestorePoliciesInput struct { BaseCLIInput BackupsPaths []string CustomRulesOnly bool ManagedRulesOnly bool TargetPolicy string ResourceGroup string RIDs []config.ResourceID ShowDiff bool Force bool FailFast bool }
func (*RestorePoliciesInput) Validate ¶
func (i *RestorePoliciesInput) Validate() error
type RuleNamePrefix ¶
type RuleNamePrefix string
func (RuleNamePrefix) Check ¶
func (r RuleNamePrefix) Check() error
type RuleSetStatsOutput ¶
type RuleSetStatsOutput struct { // rule set RuleSetType string RuleSetVersion string // rules Rules int RulesEnabled int RulesDisabled int RulesDefaultEnabledStateOveridden int RulesDefaultActionOveridden int BlockTotal int AllowTotal int LogTotal int RedirectTotal int GroupCount int // exclusions RuleSetScopeExclusionsTotal int RuleGroupScopeExclusionsTotal int RuleScopeExclusionsTotal int TotalExclusions int }
type ShowExclusionsCLIInput ¶
type ShowExclusionsCLIInput struct { BaseCLIInput SubscriptionID string PolicyID string RuleSet string RuleGroup string RuleID string Shadows bool }
func (*ShowExclusionsCLIInput) Validate ¶
func (input *ShowExclusionsCLIInput) Validate() error
type ShowPolicyInput ¶
type ShowPolicyInput struct {
ConfigPath, SubscriptionID, PolicyID string
Full, Custom, Managed, Stats, Shadows bool
}
func (*ShowPolicyInput) Validate ¶
func (in *ShowPolicyInput) Validate() error
type UpdatePolicyCustomRulesIPMatchPrefixesInput ¶
type UpdatePolicyCustomRulesIPMatchPrefixesInput struct { BaseCLIInput Policy *armfrontdoor.WebApplicationFirewallPolicy SubscriptionID string RawResourceID string ResourceID config.ResourceID Action *armfrontdoor.ActionType Output bool Filepath string Addrs IPNets ExcludedAddrs IPNets RuleNamePrefix RuleNamePrefix RuleType *armfrontdoor.RuleType RateLimitDurationInMinutes *int32 RateLimitThreshold *int32 PriorityStart int // StartRuleNumber int MaxRules int // can be called from external so allow override LogLevel *logrus.Level }
type WAFResourceIDHashMap ¶
type WAFResourceIDHashMap struct {
Entries []WAFResourceIDHashMapEntry
}
func GetWAFResourceIDHashMap ¶
func GetWAFResourceIDHashMap(s *session.Session) (hashMap WAFResourceIDHashMap, err error)
type WrappedManagedRuleSet ¶
type WrappedManagedRuleSet struct { Date time.Time SubscriptionID string ResourceGroup string Name string ManagedRuleSet armfrontdoor.ManagedRuleSet PolicyID string AppVersion string }
type WrappedPolicy ¶
type WrappedPolicy struct { Date time.Time SubscriptionID string ResourceGroup string Name string Policy armfrontdoor.WebApplicationFirewallPolicy PolicyID string AppVersion string }
func CopyWrappedPolicy ¶
func CopyWrappedPolicy(original *WrappedPolicy) (*WrappedPolicy, error)
CopyWrappedPolicy takes an instance of a wrapped policy and returns a duplicate
func GeneratePolicyToRestore ¶
func GeneratePolicyToRestore(existing, backup *WrappedPolicy, i *RestorePoliciesInput) WrappedPolicy
GeneratePolicyToRestore accepts two Policies (Original and backup) and options on which parts (Custom and or Managed rules) to replace without options, the Original will have both Custom and Managed rules parts replaced options allow for Custom or Managed rules in Original to replaced with those in backup
func LoadBackupsFromPath ¶
func LoadBackupsFromPath(path string) ([]WrappedPolicy, error)
func LoadBackupsFromPaths ¶
func LoadBackupsFromPaths(paths []string) ([]WrappedPolicy, error)
func LoadWrappedPolicyFromFile ¶
func LoadWrappedPolicyFromFile(f string) (WrappedPolicy, error)
func MatchExistingPolicyByID ¶
func MatchExistingPolicyByID(targetPolicyID string, existingPolicies []WrappedPolicy) (bool, WrappedPolicy)
MatchExistingPolicyByID returns the raw Policy matched by the Policy id of its origin, e.g. where the backup was from