Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added support for aws waf v2 #974

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions libraries/aws_backend.rb
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
require "aws-sdk-securityhub"
require "aws-sdk-ses"
require "aws-sdk-waf"
require "aws-sdk-wafv2"
require "aws-sdk-synthetics"
require "aws-sdk-apigatewayv2"

Expand Down Expand Up @@ -330,6 +331,10 @@ def waf_client
aws_client(Aws::WAF::Client)
end

def waf_client_v2
aws_client(Aws::WAFWAFV2::Client)
Copy link

@aaronlippold aaronlippold Dec 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like there is an extra 'WAF' here -

Aws::WAFV2::Client

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

end

def synthetics_client
aws_client(Aws::Synthetics::Client)
end
Expand Down
66 changes: 66 additions & 0 deletions libraries/aws_wafv2_byte_match_set.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
require "aws_backend"

class AWSWAFV2ByteMatchSet < AwsResourceBase
name "aws_wafv2_byte_match_set"
desc "Describes one WAF byte set."

example "
describe aws_wafv2_byte_match_set(byte_match_set_id: 'BYTE_MATCH_SET_ID') do
it { should exits }
end
"

def initialize(opts = {})
opts = { byte_match_set_id: opts } if opts.is_a?(String)
super(opts)
validate_parameters(required: %i(byte_match_set_id))
raise ArgumentError, "#{@__resource_name__}: byte_match_set_id must be provided" unless opts[:byte_match_set_id] && !opts[:byte_match_set_id].empty?
@display_name = opts[:byte_match_set_id]
catch_aws_errors do
resp = @aws.waf_client_v2.get_byte_match_set({ byte_match_set_id: opts[:byte_match_set_id] })
@resp = resp.byte_match_set.to_h
create_resource_methods(@resp)
end
end

def byte_match_set_id
return nil unless exists?
@resp[:byte_match_set_id]
end

def exists?
[email protected]? && [email protected]?
end

def to_s
"Byte Match Set ID: #{@display_name}"
end

def byte_match_tuples_field_to_matches
byte_match_tuples.map(&:field_to_match)
end

def byte_match_tuples_field_to_match_types
byte_match_tuples.map(&:field_to_match).map(&:type)
end

def byte_match_tuples_field_to_match_data
byte_match_tuples.map(&:field_to_match).map(&:data)
end

def byte_match_tuples_target_strings
byte_match_tuples.map(&:target_string)
end

def byte_match_tuples_text_transformations
byte_match_tuples.map(&:text_transformation)
end

def byte_match_tuples_positional_constraints
byte_match_tuples.map(&:positional_constraint)
end

def resource_id
@display_name
end
end
37 changes: 37 additions & 0 deletions libraries/aws_wafv2_byte_match_sets.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
require "aws_backend"

class AWSWAFV2ByteMatchSets < AwsResourceBase
name "aws_wafv2_byte_match_sets"
desc "Verifies settings for all the WAF rules."

example "
describe aws_wafv2_byte_match_sets do
it { should exist }
end
"

attr_reader :table

def initialize(opts = {})
super(opts)
validate_parameters
@table = fetch_data
end

FilterTable.create
.register_column(:byte_match_set_ids, field: :byte_match_set_id, style: :simple)
.register_column(:names, field: :name, style: :simple)
.install_filter_methods_on_resource(self, :table)

def fetch_data
catch_aws_errors do
@resp = @aws.waf_client_v2.list_byte_match_sets.map do |table|
table.map { |table_name| {
byte_match_set_id: table_name.byte_match_sets.map(&:byte_match_set_id),
name: table_name.byte_match_sets.map(&:name),
}
}
end.flatten
end
end
end
50 changes: 50 additions & 0 deletions libraries/aws_wafv2_ip_set.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
require "aws_backend"

class AWSWAFV2IPSet < AwsResourceBase
name "aws_wafv2_ip_set"
desc "Describes one WAF IP set."

example "
describe aws_wafv2_ip_set(ip_set_id: 'IP_SET_ID') do
it { should exits }
end
"

def initialize(opts = {})
opts = { ip_set_id: opts } if opts.is_a?(String)
super(opts)
validate_parameters(required: %i(ip_set_id))
raise ArgumentError, "#{@__resource_name__}: ip_set_id must be provided" unless opts[:ip_set_id] && !opts[:ip_set_id].empty?
@display_name = opts[:ip_set_id]
catch_aws_errors do
resp = @aws.waf_client_v2.get_ip_set({ ip_set_id: opts[:ip_set_id] })
@resp = resp.ip_set.to_h
create_resource_methods(@resp)
end
end

def ip_set_id
return nil unless exists?
@resp[:ip_set_id]
end

def exists?
[email protected]? && [email protected]?
end

def to_s
"IP Set ID: #{@display_name}"
end

def ip_set_descriptors_types
ip_set_descriptors.map(&:type)
end

def ip_set_descriptors_values
ip_set_descriptors.map(&:value)
end

def resource_id
@display_name
end
end
37 changes: 37 additions & 0 deletions libraries/aws_wafv2_ip_sets.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
require "aws_backend"

class AWSWAFV2IPSets < AwsResourceBase
name "aws_wafv2_ip_sets"
desc "Verifies settings for all the IP sets."

example "
describe aws_wafv2_ip_sets do
it { should exist }
end
"

attr_reader :table

def initialize(opts = {})
super(opts)
validate_parameters
@table = fetch_data
end

FilterTable.create
.register_column(:ip_set_ids, field: :ip_set_id, style: :simple)
.register_column(:names, field: :name, style: :simple)
.install_filter_methods_on_resource(self, :table)

def fetch_data
catch_aws_errors do
@resp = @aws.waf_client_v2.list_ip_sets.map do |table|
table.map { |table_name| {
name: table_name.ip_sets.map(&:name),
ip_set_id: table_name.ip_sets.map(&:ip_set_id),
}
}
end.flatten
end
end
end
54 changes: 54 additions & 0 deletions libraries/aws_wafv2_rule.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
require "aws_backend"

class AWSWAFV2Rule < AwsResourceBase
name "aws_wafv2_rule"
desc "Describes one WAF rule."

example "
describe aws_wafv2_rule(rule_id: 'RULE_ID') do
it { should exits }
end
"

def initialize(opts = {})
opts = { rule_id: opts } if opts.is_a?(String)
super(opts)
validate_parameters(required: %i(rule_id))
raise ArgumentError, "#{@__resource_name__}: rule_id must be provided" unless opts[:rule_id] && !opts[:rule_id].empty?
@display_name = opts[:rule_id]
catch_aws_errors do
resp = @aws.waf_client_v2.get_rule({ rule_id: opts[:rule_id] })
@resp = resp.rule.to_h
create_resource_methods(@resp)
end
end

def rule_id
return nil unless exists?
@resp[:rule_id]
end

def exists?
[email protected]? && [email protected]?
end

def to_s
"Rule ID: #{@display_name}"
end

def predicates_negated
predicates.map(&:negated)
end

def predicates_type
predicates.map(&:type)
end

def predicates_data_id
predicates.map(&:data_id)
end

def resource_id
@display_name
end
end
37 changes: 37 additions & 0 deletions libraries/aws_wafv2_rules.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
require "aws_backend"

class AWSWAFV2Rules < AwsResourceBase
name "aws_wafv2_rules"
desc "Verifies settings for all the WAF rules."

example "
describe aws_wafv2_rules do
it { should exist }
end
"

attr_reader :table

def initialize(opts = {})
super(opts)
validate_parameters
@table = fetch_data
end

FilterTable.create
.register_column(:rule_ids, field: :rule_id)
.register_column(:names, field: :name)
.install_filter_methods_on_resource(self, :table)

def fetch_data
catch_aws_errors do
@resp = @aws.waf_client_v2.list_rules.map do |table|
table.rules.map { |table_name| {
rule_id: table_name[:rule_id],
name: table_name[:name],
}
}
end.flatten
end
end
end
62 changes: 62 additions & 0 deletions libraries/aws_wafv2_size_constraint_set.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
require "aws_backend"

class AWSWAFV2SizeConstraintSet < AwsResourceBase
name "aws_wafv2_size_constraint_set"
desc "Describes one WAF size constraint set."

example "
describe aws_wafv2_size_constraint_set(size_constraint_set_id: 'SIZE_CONSTRAINT_SET_ID') do
it { should exits }
end
"

def initialize(opts = {})
opts = { size_constraint_set_id: opts } if opts.is_a?(String)
super(opts)
validate_parameters(required: %i(size_constraint_set_id))
raise ArgumentError, "#{@__resource_name__}: size_constraint_set_id must be provided" unless opts[:size_constraint_set_id] && !opts[:size_constraint_set_id].empty?
@display_name = opts[:size_constraint_set_id]
catch_aws_errors do
resp = @aws.waf_client_v2.get_size_constraint_set({ size_constraint_set_id: opts[:size_constraint_set_id] })
@resp = resp.size_constraint_set.to_h
create_resource_methods(@resp)
end
end

def size_constraint_set_id
return nil unless exists?
@resp[:size_constraint_set_id]
end

def exists?
[email protected]? && [email protected]?
end

def to_s
"Size Constraint Set ID: #{@display_name}"
end

def size_constraints_field_to_match_types
size_constraints.map(&:field_to_match).map(&:type)
end

def size_constraints_field_to_match_data
size_constraints.map(&:field_to_match).map(&:data)
end

def size_constraints_text_transformations
size_constraints.map(&:text_transformation)
end

def size_constraints_comparison_operators
size_constraints.map(&:comparison_operator)
end

def size_constraints_sizes
size_constraints.map(&:size)
end

def resource_id
@display_name
end
end
Loading