Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Account export capability for ATO #430

Merged
merged 2 commits into from
Jun 13, 2024
Merged

Account export capability for ATO #430

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c27eb75
Adding account export capability for ATO
Kapkan-hash Jun 4, 2024
74131ad
Formatting logs to be consistent across the source code
Kapkan-hash Jun 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions incapsula/client_ato_allowlist.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,9 @@ func (c *Client) GetAtoSiteAllowlist(accountId, siteId int) (*ATOAllowlistDTO, i
} else {
reqURL = fmt.Sprintf("%s%s/%d%s?caid=%d", c.config.BaseURLAPI, endpointATOSiteBase, siteId, endpointAtoAllowlist, accountId)
}

log.Printf("[INFO] fetching ATO Allowlist for siteId: %d, accountId: %d, BaseURLAPI: %s, endpointATOSiteBase: %s, endpointAtoAllowlist: %s, reqURL: %s\n", siteId, accountId, c.config.BaseURLAPI, endpointATOSiteBase, endpointAtoAllowlist, reqURL)

resp, err := c.DoJsonRequestWithHeaders(http.MethodGet, reqURL, nil, ReadATOSiteAllowlistOperation)
if err != nil {
return nil, 0, fmt.Errorf("[Error] Error executing get ATO allowlist request for site with id %d: %s", siteId, err)
Expand Down
2 changes: 1 addition & 1 deletion incapsula/resource_ato_endpoint_mitigation_configuration.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ func ATOEndpointMitigationConfiguration() *schema.Resource {
if err != nil {
return nil, fmt.Errorf("failed to convert site ID from import command, actual value: %s, expected numeric id", keyParts[1])
}
endpointId := keyParts[1]
endpointId := keyParts[2]

d.Set("account_id", accountId)
d.Set("site_id", siteId)
Expand Down
27 changes: 26 additions & 1 deletion incapsula/resource_ato_site_allowlist.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"log"
"net/http"
"strconv"
"strings"
)

func resourceATOSiteAllowlist() *schema.Resource {
Expand All @@ -16,10 +17,34 @@ func resourceATOSiteAllowlist() *schema.Resource {
Delete: resourceATOSiteAllowlistDelete,
Importer: &schema.ResourceImporter{
State: func(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {

// If this id is of form <account_id>/<site_id> extract the sub account Id as well
if strings.Contains(d.Id(), "/") {
keyParts := strings.Split(d.Id(), "/")
print("id is %s", d.Id())
if len(keyParts) != 2 {
return nil, fmt.Errorf("Error parsing ID, actual value: %s, expected 2 numeric IDs seperated by '/'\n", d.Id())
}
accountId, err := strconv.Atoi(keyParts[0])
if err != nil {
return nil, fmt.Errorf("[ERROR] failed to convert account ID from import command, actual value: %s, expected numeric id", keyParts[0])
}
siteId, err := strconv.Atoi(keyParts[1])
if err != nil {
return nil, fmt.Errorf("[ERROR] failed to convert site ID from import command, actual value: %s, expected numeric id", keyParts[1])
}

d.Set("account_id", accountId)
d.Set("site_id", siteId)
d.Set("id", d.Id())
log.Printf("[DEBUG] To Import ATO allowlsit configuration for account ID %d , site ID %d", accountId, siteId)
return []*schema.ResourceData{d}, nil
}

siteId, err := strconv.Atoi(d.Id())
err = d.Set("site_id", siteId)
if err != nil {
return nil, fmt.Errorf("failed to extract site ID from import command, actual value: %s, error : %s", d.Id(), err)
return nil, fmt.Errorf("[ERROR] failed to extract site ID from import command, actual value: %s, error : %s", d.Id(), err)
}
log.Printf("[DEBUG] Import ATO allowlist for site ID %d", siteId)
return []*schema.ResourceData{d}, nil
Expand Down
13 changes: 7 additions & 6 deletions incapsula/resource_ato_site_allowlist_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ func testCheckATOSiteAllowlistConfigExists(name string) resource.TestCheckFunc {
// Fetch the resource from the current state
res, ok := state.RootModule().Resources[name]
if !ok {
return fmt.Errorf("Incapsula ATO Site allowlist resource not found: %s", name)
return fmt.Errorf("[ERROR] incapsula ATO Site allowlist resource not found: %s", name)
}

// Extract accountId and siteId from teh terraform state
Expand All @@ -63,13 +63,13 @@ func testCheckATOSiteAllowlistConfigExists(name string) resource.TestCheckFunc {
var siteIdString = res.Primary.Attributes["site_id"]
siteId, err := strconv.Atoi(siteIdString)
if err != nil {
fmt.Errorf("failed to convert site ID from import command, actual value: %s, expected numeric ID", siteIdString)
return fmt.Errorf("[ERROR] failed to convert site ID from import command, actual value: %s, expected numeric ID", siteIdString)
}

client := testAccProvider.Meta().(*Client)
aTOAllowlistDTO, _, err := client.GetAtoSiteAllowlistWithRetries(accountId, siteId)
if err != nil {
return fmt.Errorf("Error in fetching ATO allowlist for site ID %d, Error : %s", siteId, err)
return fmt.Errorf("[ERROR] cannot fetch ATO allowlist for site ID %d, Error : %s", siteId, err)
}
if aTOAllowlistDTO == nil || aTOAllowlistDTO.Allowlist == nil {
return fmt.Errorf("ATO site allowlist is not present for site ID %d", siteId)
Expand All @@ -90,12 +90,12 @@ func testACCStateATOSiteAllowlistID(s *terraform.State) (string, error) {

if strings.Compare(schemaId, resourceId) != 0 {
// if newID != resourceID {
return "", fmt.Errorf("Incapsula ATO Site allowlist Config does not exist")
return "", fmt.Errorf("[ERROR] incapsula ATO Site allowlist Config does not exist")
}

return schemaId, nil
}
return "", fmt.Errorf("Error finding correct resource %s", atoSiteAllowlistConfigResource)
return "", fmt.Errorf("[ERROR] finding correct resource %s", atoSiteAllowlistConfigResource)
}

func testACCStateATOSiteAllowlistConfigDestroy(s *terraform.State) error {
Expand Down Expand Up @@ -131,10 +131,11 @@ func testACCStateATOSiteAllowlistConfigDestroy(s *terraform.State) error {
func testAccCheckATOSiteAllowlistConfigBasic(t *testing.T) string {
return testAccCheckIncapsulaSiteConfigBasic(GenerateTestDomain(t)) + fmt.Sprintf(`
resource "%s" "%s" {
account_id = %s.account_id
site_id = %s.id
allowlist = [ { "ip": "192.10.20.0", "mask": "24", "desc": "Test IP 1"}, { "ip": "192.10.20.1", "mask": "8", "desc": "Test IP 2" } ]
depends_on = ["%s"]
}`,
atoSiteAllowlistResourceType, atoSiteAllowlistResourceName, siteResourceName, siteResourceName,
atoSiteAllowlistResourceType, atoSiteAllowlistResourceName, siteResourceName, siteResourceName, siteResourceName,
)
}
4 changes: 2 additions & 2 deletions website/docs/r/resource_ato_site_allowlist.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,8 @@ The following arguments are supported:

## Import

ATO Site allowlist configuration can be imported using the site_id
ATO Site allowlist configuration can be imported using the <account_id>/<site_id>

```
$ terraform import incapsula_ato_site_allowlist.demo-terraform-ato-site-allowlist 1234
$ terraform import incapsula_ato_site_allowlist.demo-terraform-ato-site-allowlist 1234/4567
```