Merge pull request #256 from perfectsense/feature/additional-edge-sec…

…urity-policy-options Add option to configure edge security policy options
perfectsense · Jun 21, 2023 · ca3970f · ca3970f
2 parents 5f30b80 + d68b2fc
commit ca3970f
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 1 deletion.
diff --git a/src/main/java/gyro/google/compute/BackendBucketResource.java b/src/main/java/gyro/google/compute/BackendBucketResource.java
@@ -85,6 +85,8 @@ public class BackendBucketResource extends ComputeResource implements Copyable<B
 
     private List<BackendSignedUrlKey> signedUrlKey;
 
+    private SecurityPolicyResource securityPolicy;
+
     /**
      * Cloud Storage bucket name.
      */
@@ -179,6 +181,18 @@ public void setSignedUrlKey(List<BackendSignedUrlKey> signedUrlKey) {
         this.signedUrlKey = signedUrlKey;
     }
 
+    /**
+     * The security policy associated with this backend bucket.
+     */
+    @Updatable
+    public SecurityPolicyResource getSecurityPolicy() {
+        return securityPolicy;
+    }
+
+    public void setSecurityPolicy(SecurityPolicyResource securityPolicy) {
+        this.securityPolicy = securityPolicy;
+    }
+
     @Override
     public void copyFrom(BackendBucket model) {
         BucketResource bucketResource = null;
@@ -197,6 +211,10 @@ public void copyFrom(BackendBucket model) {
             setEnableCdn(model.getEnableCdn());
         }
 
+        if (model.hasEdgeSecurityPolicy()) {
+            setSecurityPolicy(findById(SecurityPolicyResource.class, model.getEdgeSecurityPolicy()));
+        }
+
         setCdnPolicy(null);
         if (model.hasCdnPolicy()) {
             BackendBucketCdnPolicy cp = newSubresource(BackendBucketCdnPolicy.class);
@@ -283,6 +301,10 @@ protected void doCreate(GyroUI ui, State state) throws Exception {
                 builder.setCdnPolicy(getCdnPolicy().toBackendBucketCdnPolicy());
             }
 
+            if (getSecurityPolicy() != null) {
+                builder.setEdgeSecurityPolicy(getSecurityPolicy().getName());
+            }
+
             Operation operation = client.insertCallable().call(InsertBackendBucketRequest.newBuilder()
                 .setProject(getProjectId())
                 .setBackendBucketResource(builder)

diff --git a/src/main/java/gyro/google/compute/SecurityPolicyResource.java b/src/main/java/gyro/google/compute/SecurityPolicyResource.java
@@ -37,6 +37,8 @@
 import gyro.core.scope.State;
 import gyro.core.validation.Regex;
 import gyro.core.validation.Required;
+import gyro.core.validation.ValidStrings;
+import gyro.core.validation.ValidationError;
 import gyro.google.Copyable;
 
 /**
@@ -221,6 +223,7 @@ public class SecurityPolicyResource extends ComputeResource implements Copyable<
     private SecurityPolicyRule defaultRule;
     private String fingerprint;
     private SecurityPolicyAdaptiveProtection adaptiveProtectionConfig;
+    private String securityPolicyType;
 
     // Not yet supported in UI
     private SecurityPolicyAdvancedOptions advancedOptionsConfig;
@@ -336,6 +339,19 @@ public void setDefaultRule(SecurityPolicyRule defaultRule) {
         this.defaultRule = defaultRule;
     }
 
+    /**
+     * The type of the security policy.
+     */
+    @ValidStrings({"CLOUD_ARMOR", "CLOUD_ARMOR_EDGE", "CLOUD_ARMOR_INTERNAL_SERVICE", "CLOUD_ARMOR_NETWORK"})
+    @Required
+    public String getSecurityPolicyType() {
+        return securityPolicyType;
+    }
+
+    public void setSecurityPolicyType(String securityPolicyType) {
+        this.securityPolicyType = securityPolicyType;
+    }
+
     @Override
     protected boolean doRefresh() throws Exception {
         try (SecurityPoliciesClient client = createClient(SecurityPoliciesClient.class)) {
@@ -396,6 +412,7 @@ public void copyFrom(SecurityPolicy model) {
         setDescription(model.getDescription());
         setSelfLink(model.getSelfLink());
         setFingerprint(model.getFingerprint());
+        setSecurityPolicyType(model.getType());
 
         getRule().clear();
         model.getRulesList().forEach(rule -> {
@@ -428,7 +445,7 @@ public void copyFrom(SecurityPolicy model) {
 
     private SecurityPolicy toSecurityPolicy() {
         SecurityPolicy.Builder builder = SecurityPolicy.newBuilder();
-        builder.setName(getName());
+        builder.setName(getName()).setType(getSecurityPolicyType());
 
         if (getDescription() != null) {
             builder.setDescription(getDescription());
@@ -466,4 +483,17 @@ private SecurityPolicy getSecurityPolicy(SecurityPoliciesClient client) {
 
         return route;
     }
+
+    @Override
+    public List<ValidationError> validate(Set<String> configuredFields) {
+        List<ValidationError> errors = new ArrayList<>();
+
+        if (configuredFields.contains("adaptive-protection-config")) {
+            if (getAdaptiveProtectionConfig() != null && !getSecurityPolicyType().equals("CLOUD_ARMOR")) {
+                errors.add(new ValidationError(this, "adaptive-protection-config", "'adaptive-protection-config' is not allowed when security-policy-type is not set to 'CLOUD_ARMOR'."));
+            }
+        }
+
+        return errors;
+    }
 }