Skip to content

Commit

Permalink
Revert "Revert "Extend site ssl settings resource with inbound tls se…
Browse files Browse the repository at this point in the history 
…ttings (imperva#360)" (imperva#386)"

This reverts commit 64f99d8.
  • Loading branch information
@Pavel-Koev
Pavel-Koev committed Mar 26, 2024
1 parent 794637c commit eacec81
Show file tree
Hide file tree
Showing 4 changed files with 249 additions and 45 deletions.
49 changes: 30 additions & 19 deletions incapsula/client_site_ssl_settings.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,27 +15,38 @@ type HSTSConfiguration struct {
PreLoaded bool `json:"preLoaded"`
}

type Data struct {
HstsConfiguration HSTSConfiguration `json:"hstsConfiguration"`
type InboundTLSSettingsConfiguration struct {
ConfigurationProfile string `json:"configurationProfile"`
TLSConfigurations []TLSConfiguration `json:"tlsConfiguration"`
}

type TLSConfiguration struct {
TLSVersion string `json:"tlsVersion"`
CiphersSupport []string `json:"ciphersSupport"`
}

type SSLSettingsDTO struct {
Data []Data `json:"data"`
HstsConfiguration HSTSConfiguration `json:"hstsConfiguration"`
InboundTLSSettingsConfiguration *InboundTLSSettingsConfiguration `json:"inboundTlsSettings,omitempty"`
}

type SSLSettingsResponse struct {
Data []SSLSettingsDTO `json:"data"`
}

func (c *Client) UpdateSiteSSLSettings(siteID int, mySSLSettings SSLSettingsDTO) (*SSLSettingsDTO, error) {
func (c *Client) UpdateSiteSSLSettings(siteID int, mySSLSettings SSLSettingsResponse) (*SSLSettingsResponse, error) {
log.Printf("[INFO] Updating Incapsula Site SSL settings for Site ID %d\n", siteID)

requestJSON, err := json.Marshal(mySSLSettings)
if err != nil {
return nil, fmt.Errorf("failed to JSON marshal HSTSConfiguration: %s", err)
return nil, fmt.Errorf("failed to JSON marshal SSLSettings: %s", err)
}

// Put request to Incapsula
reqURL := fmt.Sprintf("%s/sites/%d/settings/TLSConfiguration", c.config.BaseURLRev3, siteID)
log.Printf("[INFO] HSTS request json looks like this %s\n", requestJSON)
log.Printf("[INFO] HSTS request URL looks like this %s\n", reqURL)
resp, err := c.DoJsonRequestWithHeaders(http.MethodPost, reqURL, requestJSON, UpdateSiteSSLSettings)
// Patch request to Incapsula
reqURL := fmt.Sprintf("%s/sites-mgmt/v3/sites/%d/settings/TLSConfiguration", c.config.BaseURLAPI, siteID)
log.Printf("[INFO] SSL Settings request json looks like this %s\n", requestJSON)
log.Printf("[INFO] SSL Settings request URL looks like this %s\n", reqURL)
resp, err := c.DoJsonRequestWithHeaders(http.MethodPatch, reqURL, requestJSON, UpdateSiteSSLSettings)
if err != nil {
return nil, fmt.Errorf("error from Incapsula service when updating Site SSL settings %s for Site ID %d: %s", requestJSON, siteID, err)
}
Expand All @@ -53,20 +64,20 @@ func (c *Client) UpdateSiteSSLSettings(siteID int, mySSLSettings SSLSettingsDTO)
}

// Parse the JSON
var sslSettingsDTO SSLSettingsDTO
err = json.Unmarshal([]byte(responseBody), &sslSettingsDTO)
var sslSettingsResponse SSLSettingsResponse
err = json.Unmarshal([]byte(responseBody), &sslSettingsResponse)
if err != nil {
return nil, fmt.Errorf("Error parsing Incap Site settings JSON response for Site ID %d: %s\nresponse: %s", siteID, err, string(responseBody))
}

return &sslSettingsDTO, nil
return &sslSettingsResponse, nil
}

func (c *Client) ReadSiteSSLSettings(siteID int) (*SSLSettingsDTO, int, error) {
func (c *Client) ReadSiteSSLSettings(siteID int) (*SSLSettingsResponse, int, error) {
log.Printf("[INFO] Getting Incapsula Incap SSL settings for Site ID %d\n", siteID)

// Post form to Incapsula
reqURL := fmt.Sprintf("%s/sites/%d/settings/TLSConfiguration", c.config.BaseURLRev3, siteID)
// Get form to Incapsula
reqURL := fmt.Sprintf("%s/sites-mgmt/v3/sites/%d/settings/TLSConfiguration", c.config.BaseURLAPI, siteID)
resp, err := c.DoJsonRequestWithHeaders(http.MethodGet, reqURL, nil, ReadSiteSSLSettings)
if err != nil {
return nil, 0, fmt.Errorf("error from Incapsula service when reading SSL Settings for Site ID %d: %s", siteID, err)
Expand All @@ -85,11 +96,11 @@ func (c *Client) ReadSiteSSLSettings(siteID int) (*SSLSettingsDTO, int, error) {
}

// Parse the JSON
var sslSettingsDTO SSLSettingsDTO
err = json.Unmarshal([]byte(responseBody), &sslSettingsDTO)
var sslSettingsResponse SSLSettingsResponse
err = json.Unmarshal([]byte(responseBody), &sslSettingsResponse)
if err != nil {
return nil, resp.StatusCode, fmt.Errorf("error parsing Site SSL settings JSON response for Site ID %d: %s\nresponse: %s", siteID, err, string(responseBody))
}

return &sslSettingsDTO, resp.StatusCode, nil
return &sslSettingsResponse, resp.StatusCode, nil
}
58 changes: 45 additions & 13 deletions incapsula/client_site_ssl_settings_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (

func TestUpdateSiteSSLSettingsHandleBadConnection(t *testing.T) {
// arrange
config := &Config{APIID: "foo", APIKey: "bar", BaseURLRev3: "badness.incapsula.com"}
config := &Config{APIID: "foo", APIKey: "bar", BaseURLRev3: "badness.incapsula.com", BaseURLAPI: "badness.incapsula.com"}
client := &Client{config: config, httpClient: &http.Client{Timeout: time.Millisecond * 1}}
sslSettingsDTO := getUpdateSiteSSLSettingsDTO()

Expand All @@ -34,7 +34,7 @@ func TestUpdateSiteSSLSettingsHandleResponseCodeNotSuccess(t *testing.T) {
apiKey := "bar"
siteID := 42

endpoint := fmt.Sprintf("/sites/%d/settings/TLSConfiguration", siteID)
endpoint := fmt.Sprintf("/sites-mgmt/v3/sites/%d/settings/TLSConfiguration", siteID)

server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
rw.WriteHeader(406)
Expand Down Expand Up @@ -71,7 +71,7 @@ func TestUpdateSiteSSLSettingsHandleInvalidResponseBody(t *testing.T) {
apiKey := "bar"
siteID := 42

endpoint := fmt.Sprintf("/sites/%d/settings/TLSConfiguration", siteID)
endpoint := fmt.Sprintf("/sites-mgmt/v3/sites/%d/settings/TLSConfiguration", siteID)
server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
rw.WriteHeader(200)

Expand Down Expand Up @@ -110,7 +110,7 @@ func TestUpdateSiteSSLSettingsSuccess(t *testing.T) {

validResponse := getValidJSONResponse()

endpoint := fmt.Sprintf("/sites/%d/settings/TLSConfiguration", siteID)
endpoint := fmt.Sprintf("/sites-mgmt/v3/sites/%d/settings/TLSConfiguration", siteID)
server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
rw.WriteHeader(200)

Expand Down Expand Up @@ -163,7 +163,7 @@ func TestReadSiteSSLSettingsHandleResponseCodeNotSuccess(t *testing.T) {
apiKey := "bar"
siteID := 42

endpoint := fmt.Sprintf("/sites/%d/settings/TLSConfiguration", siteID)
endpoint := fmt.Sprintf("/sites-mgmt/v3/sites/%d/settings/TLSConfiguration", siteID)

server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
rw.WriteHeader(406)
Expand Down Expand Up @@ -199,7 +199,7 @@ func TestReadSiteSSLSettingsHandleInvalidResponseBody(t *testing.T) {
apiKey := "bar"
siteID := 42

endpoint := fmt.Sprintf("/sites/%d/settings/TLSConfiguration", siteID)
endpoint := fmt.Sprintf("/sites-mgmt/v3/sites/%d/settings/TLSConfiguration", siteID)
server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
rw.WriteHeader(200)

Expand Down Expand Up @@ -237,7 +237,7 @@ func TestReadSiteSSLSettingsSuccess(t *testing.T) {

var validResponse = getValidJSONResponse()

endpoint := fmt.Sprintf("/sites/%d/settings/TLSConfiguration", siteID)
endpoint := fmt.Sprintf("/sites-mgmt/v3/sites/%d/settings/TLSConfiguration", siteID)
server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
rw.WriteHeader(200)

Expand Down Expand Up @@ -265,20 +265,40 @@ func TestReadSiteSSLSettingsSuccess(t *testing.T) {
}
}

func getUpdateSiteSSLSettingsDTO() SSLSettingsDTO {
var sslSettingsDTO = SSLSettingsDTO{
Data: []Data{
func getUpdateSiteSSLSettingsDTO() SSLSettingsResponse {
var sslSettingsDTO = SSLSettingsResponse{
Data: []SSLSettingsDTO{
{
HstsConfiguration: HSTSConfiguration{
PreLoaded: true,
MaxAge: 1237,
SubDomainsIncluded: true,
IsEnabled: true,
},
InboundTLSSettingsConfiguration: &InboundTLSSettingsConfiguration{
ConfigurationProfile: "CUSTOM",
TLSConfigurations: []TLSConfiguration{
{
TLSVersion: "TLS 1.1",
CiphersSupport: []string{
"TLS_AES_128_GCM_SHA256",
"TLS_AES_128_GCM_SHA256",
},
},
{
TLSVersion: "TLS 1.2",
CiphersSupport: []string{
"TLS_AES_128_GCM_SHA256",
"TLS_AES_128_GCM_SHA256",
},
},
},
},
// add more setting types here
},
},
}

return sslSettingsDTO
}

Expand All @@ -295,17 +315,29 @@ func getClientTestConfig(apiID string, apiKey string, server *httptest.Server) *
}

func getValidJSONResponse() string {
var invalidResponse = `{
var validResponse = `{
"data":[
{
"hstsConfiguration":{
"isEnabled":true,
"maxAge":31536000,
"subDomainsIncluded":true,
"preLoaded":false
}
},
"inboundTlsSettings": {
"configurationProfile": "CUSTOM",
"tlsConfiguration": [
{
"tlsVersion": "TLS 1.1",
"ciphersSupport": [
"TLS_AES_128_GCM_SHA256",
"TLS_AES_128_GCM_SHA256"
]
}
]
}
}
]
}`
return invalidResponse
return validResponse
}
Loading

0 comments on commit eacec81

Please sign in to comment.