diff --git a/.changelog/1397.txt b/.changelog/1397.txt new file mode 100644 index 000000000000..a3954f447355 --- /dev/null +++ b/.changelog/1397.txt @@ -0,0 +1,3 @@ +```release_note:enhancement +api_shield: Add support for Get/Post/Delete operations in API Shield Endpoint Management +``` \ No newline at end of file diff --git a/api_shield_operations.go b/api_shield_operations.go new file mode 100644 index 000000000000..708a684a1507 --- /dev/null +++ b/api_shield_operations.go @@ -0,0 +1,220 @@ +package cloudflare + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "net/url" + "strconv" + "strings" + "time" +) + +// APIShieldCreateOperation should be used when creating an operation in API Shield Endpoint Management +type APIShieldCreateOperation struct { + Method string `json:"method"` + Host string `json:"host"` + Endpoint string `json:"endpoint"` +} + +// APIShieldOperation represents an operation stored in API Shield Endpoint Management +type APIShieldOperation struct { + APIShieldCreateOperation + ID string `json:"operation_id"` + LastUpdated time.Time `json:"last_updated"` + Features map[string]any `json:"features,omitempty"` +} + +// APIShieldGetOperationParams represents the query parameters to set when retrieving an operation +// +// See API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-an-operation +type APIShieldGetOperationParams struct { + // Features represents a set of features to return in `features` object when + // performing making read requests against an Operation or listing operations. + Features []string +} + +// APIShieldGetOperationsParams represents the query parameters to set when retrieving operations +// +// See API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-all-operations-on-a-zone +type APIShieldGetOperationsParams struct { + // Features represents a set of features to return in `features` object when + // performing making read requests against an Operation or listing operations. + Features []string + // Direction to order results. + Direction string + // OrderBy when requesting a feature, the feature keys are available for ordering as well, e.g., thresholds.suggested_threshold. + OrderBy string + // Filters to only return operations that match filtering criteria, see APIShieldGetOperationsFilters + Filters *APIShieldGetOperationsFilters + // Pagination options to apply to the request. + Pagination *PaginationOptions +} + +// APIShieldGetOperationsFilters represents the filtering query parameters to set when retrieving operations +// +// See API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-all-operations-on-a-zone +type APIShieldGetOperationsFilters struct { + // Host filters results to only include the specified hosts. + Hosts []string + // Host filters results to only include the specified methods. + Methods []string + // Endpoint filter results to only include endpoints containing this pattern. + Endpoint string +} + +// APIShieldGetOperationResponse represents the response from the api_gateway/operations/{id} endpoint. +type APIShieldGetOperationResponse struct { + Result APIShieldOperation `json:"result"` + Response +} + +// APIShieldGetOperationsResponse represents the response from the api_gateway/operations endpoint. +type APIShieldGetOperationsResponse struct { + Result []APIShieldOperation `json:"result"` + Response +} + +// APIShieldDeleteOperationResponse represents the response from the api_gateway/operations/{id} endpoint (DELETE) +type APIShieldDeleteOperationResponse struct { + Result interface{} `json:"result"` + Response +} + +// GetAPIShieldOperation returns information about an operation +// +// API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-an-operation +func (api *API) GetAPIShieldOperation(ctx context.Context, rc *ResourceContainer, operationID string, params *APIShieldGetOperationParams) (*APIShieldOperation, error) { + uri := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", rc.Identifier, operationID) + + if params != nil { + uri = strings.Join([]string{uri, params.Encode()}, "?") + } + + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return nil, err + } + + var asResponse APIShieldGetOperationResponse + err = json.Unmarshal(res, &asResponse) + if err != nil { + return nil, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return &asResponse.Result, nil +} + +// GetAPIShieldOperations retrieve information about all operations on a zone +// +// API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-all-operations-on-a-zone +func (api *API) GetAPIShieldOperations(ctx context.Context, rc *ResourceContainer, opts *APIShieldGetOperationsParams) ([]APIShieldOperation, error) { + uri := fmt.Sprintf("/zones/%s/api_gateway/operations", rc.Identifier) + if opts != nil { + uri = strings.Join([]string{uri, opts.Encode()}, "?") + } + + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return nil, err + } + + var asResponse APIShieldGetOperationsResponse + err = json.Unmarshal(res, &asResponse) + if err != nil { + return nil, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return asResponse.Result, nil +} + +// PostAPIShieldOperations add one or more operations to a zone. +// +// API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-add-operations-to-a-zone +func (api *API) PostAPIShieldOperations(ctx context.Context, rc *ResourceContainer, operations []APIShieldCreateOperation) ([]APIShieldOperation, error) { + uri := fmt.Sprintf("/zones/%s/api_gateway/operations", rc.Identifier) + + res, err := api.makeRequestContext(ctx, http.MethodPost, uri, operations) + if err != nil { + return nil, err + } + + // Result should be all the operations added to the zone, similar to doing GetAPIShieldOperations + var asResponse APIShieldGetOperationsResponse + err = json.Unmarshal(res, &asResponse) + if err != nil { + return nil, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return asResponse.Result, nil +} + +// DeleteAPIShieldOperation deletes a single operation +// +// API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-delete-an-operation +func (api *API) DeleteAPIShieldOperation(ctx context.Context, rc *ResourceContainer, operationID string) error { + uri := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", rc.Identifier, operationID) + + res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil) + if err != nil { + return err + } + + var asResponse APIShieldDeleteOperationResponse + err = json.Unmarshal(res, &asResponse) + if err != nil { + return fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return nil +} + +// Encode is a custom method for encoding APIShieldGetOperationParams into a usable HTTP +// query parameter string. +func (a APIShieldGetOperationParams) Encode() string { + v := url.Values{} + for _, f := range a.Features { + v.Add("feature", f) + } + + return v.Encode() +} + +// Encode is a custom method for encoding APIShieldGetOperationsParams into a usable HTTP +// query parameter string. +func (a APIShieldGetOperationsParams) Encode() string { + v := url.Values{} + for _, f := range a.Features { + v.Add("feature", f) + } + + if a.Direction != "" { + v.Set("direction", a.Direction) + } + + if a.OrderBy != "" { + v.Set("order", a.OrderBy) + } + + if a.Pagination != nil { + v.Set("page", strconv.Itoa(a.Pagination.Page)) + v.Set("per_page", strconv.Itoa(a.Pagination.PerPage)) + } + + if a.Filters != nil { + if a.Filters.Endpoint != "" { + v.Set("endpoint", a.Filters.Endpoint) + } + + for _, h := range a.Filters.Hosts { + v.Add("host", h) + } + + for _, m := range a.Filters.Methods { + v.Add("method", m) + } + } + + return v.Encode() +} diff --git a/api_shield_operations_test.go b/api_shield_operations_test.go new file mode 100644 index 000000000000..f9e384c5aae3 --- /dev/null +++ b/api_shield_operations_test.go @@ -0,0 +1,460 @@ +package cloudflare + +import ( + "context" + "fmt" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "io" + "net/http" + "net/url" + "testing" + "time" +) + +func TestGetAPIShieldOperation(t *testing.T) { + setup() + t.Cleanup(teardown) + + operationID := "9def2cb0-3ed0-4737-92ca-f09efa4718fd" + endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", testZoneID, operationID) + response := `{ + "success" : true, + "errors": [], + "messages": [], + "result": { + "operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd", + "method": "POST", + "host": "api.cloudflare.com", + "endpoint": "/client/v4/zones", + "last_updated": "2023-03-02T15:46:06.000000Z" + } + }` + + handler := func(w http.ResponseWriter, r *http.Request) { + require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method) + require.Empty(t, r.URL.Query()) + w.Header().Set("content-type", "application/json") + fmt.Fprintf(w, response) + } + + mux.HandleFunc(endpoint, handler) + + actual, err := client.GetAPIShieldOperation( + context.Background(), + ZoneIdentifier(testZoneID), + operationID, + nil, + ) + + expected := &APIShieldOperation{ + APIShieldCreateOperation: APIShieldCreateOperation{ + Method: "POST", + Host: "api.cloudflare.com", + Endpoint: "/client/v4/zones", + }, + ID: operationID, + LastUpdated: time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC), + Features: nil, + } + + if assert.NoError(t, err) { + assert.Equal(t, expected, actual) + } +} + +func TestGetAPIShieldOperationWithOptions(t *testing.T) { + operationID := "9def2cb0-3ed0-4737-92ca-f09efa4718fd" + endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", testZoneID, operationID) + response := `{ + "success" : true, + "errors": [], + "messages": [], + "result": { + "operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd", + "method": "POST", + "host": "api.cloudflare.com", + "endpoint": "/client/v4/zones", + "last_updated": "2023-03-02T15:46:06.000000Z", + "features":{ + "thresholds":{}, + "parameter_schemas":{} + } + } + }` + + tests := []struct { + name string + getOptions *APIShieldGetOperationParams + expectedParams url.Values + }{ + { + name: "one feature", + getOptions: &APIShieldGetOperationParams{ + Features: []string{"thresholds"}, + }, + expectedParams: url.Values{ + "feature": []string{"thresholds"}, + }, + }, + { + name: "more than one feature", + getOptions: &APIShieldGetOperationParams{ + Features: []string{"thresholds", "parameter_schemas"}, + }, + expectedParams: url.Values{ + "feature": []string{"thresholds", "parameter_schemas"}, + }, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + setup() + t.Cleanup(teardown) + handler := func(w http.ResponseWriter, r *http.Request) { + require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method) + require.Equal(t, test.expectedParams, r.URL.Query()) + w.Header().Set("content-type", "application/json") + fmt.Fprintf(w, response) + } + + mux.HandleFunc(endpoint, handler) + + actual, err := client.GetAPIShieldOperation( + context.Background(), + ZoneIdentifier(testZoneID), + operationID, + test.getOptions, + ) + + expected := &APIShieldOperation{ + APIShieldCreateOperation: APIShieldCreateOperation{ + Method: "POST", + Host: "api.cloudflare.com", + Endpoint: "/client/v4/zones", + }, + ID: "9def2cb0-3ed0-4737-92ca-f09efa4718fd", + LastUpdated: time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC), + Features: map[string]any{ + "thresholds": map[string]any{}, + "parameter_schemas": map[string]any{}, + }, + } + + if assert.NoError(t, err) { + assert.Equal(t, expected, actual) + } + }) + } +} + +func TestGetAPIShieldOperations(t *testing.T) { + endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations", testZoneID) + response := `{ + "success" : true, + "errors": [], + "messages": [], + "result": [ + { + "operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd", + "method": "POST", + "host": "api.cloudflare.com", + "endpoint": "/client/v4/zones", + "last_updated": "2023-03-02T15:46:06.000000Z" + } + ] + }` + + setup() + t.Cleanup(teardown) + handler := func(w http.ResponseWriter, r *http.Request) { + require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method) + require.Empty(t, r.URL.Query()) + w.Header().Set("content-type", "application/json") + fmt.Fprintf(w, response) + } + + mux.HandleFunc(endpoint, handler) + + actual, err := client.GetAPIShieldOperations( + context.Background(), + ZoneIdentifier(testZoneID), + nil, + ) + + expected := []APIShieldOperation{ + { + APIShieldCreateOperation: APIShieldCreateOperation{ + Method: "POST", + Host: "api.cloudflare.com", + Endpoint: "/client/v4/zones", + }, + ID: "9def2cb0-3ed0-4737-92ca-f09efa4718fd", + LastUpdated: time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC), + Features: nil, + }, + } + + if assert.NoError(t, err) { + assert.Equal(t, expected, actual) + } +} + +func TestGetAPIShieldOperationsWithOptions(t *testing.T) { + endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations", testZoneID) + response := `{ + "success" : true, + "errors": [], + "messages": [], + "result": [ + { + "operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd", + "method": "POST", + "host": "api.cloudflare.com", + "endpoint": "/client/v4/zones", + "last_updated": "2023-03-02T15:46:06.000000Z", + "features": { + "thresholds": {} + } + } + ] + }` + + tests := []struct { + name string + params *APIShieldGetOperationsParams + expectedParams url.Values + }{ + { + name: "all params", + params: &APIShieldGetOperationsParams{ + Features: []string{"thresholds", "parameter_schemas"}, + Direction: "desc", + OrderBy: "host", + Filters: &APIShieldGetOperationsFilters{ + Hosts: []string{"api.cloudflare.com", "developers.cloudflare.com"}, + Methods: []string{"GET", "PUT"}, + Endpoint: "/client", + }, + Pagination: &PaginationOptions{ + Page: 1, + PerPage: 25, + }, + }, + expectedParams: url.Values{ + "feature": []string{"thresholds", "parameter_schemas"}, + "direction": []string{"desc"}, + "order": []string{"host"}, + "host": []string{"api.cloudflare.com", "developers.cloudflare.com"}, + "method": []string{"GET", "PUT"}, + "endpoint": []string{"/client"}, + "page": []string{"1"}, + "per_page": []string{"25"}, + }, + }, + { + name: "features only", + params: &APIShieldGetOperationsParams{ + Features: []string{"thresholds", "parameter_schemas"}, + }, + expectedParams: url.Values{ + "feature": []string{"thresholds", "parameter_schemas"}, + }, + }, + { + name: "direction only", + params: &APIShieldGetOperationsParams{ + Direction: "desc", + }, + expectedParams: url.Values{ + "direction": []string{"desc"}, + }, + }, + { + name: "order only", + params: &APIShieldGetOperationsParams{ + OrderBy: "host", + }, + expectedParams: url.Values{ + "order": []string{"host"}, + }, + }, + { + name: "hosts only", + params: &APIShieldGetOperationsParams{ + Filters: &APIShieldGetOperationsFilters{ + Hosts: []string{"api.cloudflare.com", "developers.cloudflare.com"}, + }, + }, + expectedParams: url.Values{ + "host": []string{"api.cloudflare.com", "developers.cloudflare.com"}, + }, + }, + { + name: "methods only", + params: &APIShieldGetOperationsParams{ + Filters: &APIShieldGetOperationsFilters{ + Methods: []string{"GET", "PUT"}, + }, + }, + expectedParams: url.Values{ + "method": []string{"GET", "PUT"}, + }, + }, + { + name: "endpoint only", + params: &APIShieldGetOperationsParams{ + Filters: &APIShieldGetOperationsFilters{ + Endpoint: "/client", + }, + }, + expectedParams: url.Values{ + "endpoint": []string{"/client"}, + }, + }, + { + name: "pagination only", + params: &APIShieldGetOperationsParams{ + Pagination: &PaginationOptions{ + Page: 1, + PerPage: 25, + }, + }, + expectedParams: url.Values{ + "page": []string{"1"}, + "per_page": []string{"25"}, + }, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + setup() + t.Cleanup(teardown) + handler := func(w http.ResponseWriter, r *http.Request) { + require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method) + require.Equal(t, test.expectedParams, r.URL.Query()) + w.Header().Set("content-type", "application/json") + fmt.Fprintf(w, response) + } + + mux.HandleFunc(endpoint, handler) + + actual, err := client.GetAPIShieldOperations( + context.Background(), + ZoneIdentifier(testZoneID), + test.params, + ) + + expected := []APIShieldOperation{ + { + APIShieldCreateOperation: APIShieldCreateOperation{ + Method: "POST", + Host: "api.cloudflare.com", + Endpoint: "/client/v4/zones", + }, + ID: "9def2cb0-3ed0-4737-92ca-f09efa4718fd", + LastUpdated: time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC), + Features: map[string]any{ + "thresholds": map[string]any{}, + }, + }, + } + + if assert.NoError(t, err) { + assert.Equal(t, expected, actual) + } + }) + } + +} + +func TestPostAPIShieldOperations(t *testing.T) { + setup() + t.Cleanup(teardown) + + endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations", testZoneID) + response := `{ + "success" : true, + "errors": [], + "messages": [], + "result": [ + { + "operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd", + "method": "POST", + "host": "api.cloudflare.com", + "endpoint": "/client/v4/zones", + "last_updated": "2023-03-02T15:46:06.000000Z" + } + ] + }` + + handler := func(w http.ResponseWriter, r *http.Request) { + require.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method) + + body, err := io.ReadAll(r.Body) + require.NoError(t, err) + require.Equal(t, []byte(`[{"method":"POST","host":"api.cloudflare.com","endpoint":"/client/v4/zones"}]`), body) + + w.Header().Set("content-type", "application/json") + fmt.Fprintf(w, response) + } + + mux.HandleFunc(endpoint, handler) + + actual, err := client.PostAPIShieldOperations( + context.Background(), + ZoneIdentifier(testZoneID), + []APIShieldCreateOperation{ + { + Method: "POST", + Host: "api.cloudflare.com", + Endpoint: "/client/v4/zones", + }, + }, + ) + + expected := []APIShieldOperation{ + { + APIShieldCreateOperation: APIShieldCreateOperation{ + Method: "POST", + Host: "api.cloudflare.com", + Endpoint: "/client/v4/zones", + }, + ID: "9def2cb0-3ed0-4737-92ca-f09efa4718fd", + LastUpdated: time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC), + Features: nil, + }, + } + + if assert.NoError(t, err) { + assert.Equal(t, expected, actual) + } +} + +func TestDeleteAPIShieldOperation(t *testing.T) { + setup() + t.Cleanup(teardown) + + operationID := "9def2cb0-3ed0-4737-92ca-f09efa4718fd" + endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", testZoneID, operationID) + response := `{"result":{},"success":true,"errors":[],"messages":[]}` + + handler := func(w http.ResponseWriter, r *http.Request) { + require.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method) + require.Empty(t, r.URL.Query()) + w.Header().Set("content-type", "application/json") + fmt.Fprintf(w, response) + } + + mux.HandleFunc(endpoint, handler) + + err := client.DeleteAPIShieldOperation( + context.Background(), + ZoneIdentifier(testZoneID), + operationID, + ) + + assert.NoError(t, err) +}