diff --git a/go.mod b/go.mod index 76c50e7c..d3c40102 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/ThalesIgnite/crypto11 v1.2.5 github.com/cloudflare/backoff v0.0.0-20161212185259-647f3cdfc87a github.com/cloudflare/cfssl v1.6.5 - github.com/cloudflare/cloudflare-go v0.94.0 + github.com/cloudflare/cloudflare-go v0.100.0 github.com/cloudflare/go-metrics v0.0.0-20151117154305-6a9aea36fb41 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc github.com/google/uuid v1.6.0 @@ -57,7 +57,7 @@ require ( github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/goccy/go-json v0.10.2 // indirect + github.com/goccy/go-json v0.10.3 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect diff --git a/go.sum b/go.sum index 2678e19f..fe325aaf 100644 --- a/go.sum +++ b/go.sum @@ -54,8 +54,8 @@ github.com/cloudflare/backoff v0.0.0-20161212185259-647f3cdfc87a h1:8d1CEOF1xlde github.com/cloudflare/backoff v0.0.0-20161212185259-647f3cdfc87a/go.mod h1:rzgs2ZOiguV6/NpiDgADjRLPNyZlApIWxKpkT+X8SdY= github.com/cloudflare/cfssl v1.6.5 h1:46zpNkm6dlNkMZH/wMW22ejih6gIaJbzL2du6vD7ZeI= github.com/cloudflare/cfssl v1.6.5/go.mod h1:Bk1si7sq8h2+yVEDrFJiz3d7Aw+pfjjJSZVaD+Taky4= -github.com/cloudflare/cloudflare-go v0.94.0 h1:WADmVhCdnn1A9sm5NU08by49Vbh4Lj/JBgTWTr7q7Qc= -github.com/cloudflare/cloudflare-go v0.94.0/go.mod h1:N1u1cLZ4lG6NeezGOWi7P6aq1DK2iVYg9ze7GZbUmZE= +github.com/cloudflare/cloudflare-go v0.100.0 h1:4iCUI2ZoIhRMyd7Z1TDsHhH1OhkgHC83eYbPlSgTRjo= +github.com/cloudflare/cloudflare-go v0.100.0/go.mod h1:VQ1t9Mvgdu4VFLx6uwQgFC10XxcCRIUuvkYGc9daMRU= github.com/cloudflare/go-metrics v0.0.0-20151117154305-6a9aea36fb41 h1:/8sZyuGTAU2+fYv0Sz9lBcipqX0b7i4eUl8pSStk/4g= github.com/cloudflare/go-metrics v0.0.0-20151117154305-6a9aea36fb41/go.mod h1:eaZPlJWD+G9wseg1BuRXlHnjntPMrywMsyxf+LTOdP4= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -82,8 +82,8 @@ github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= -github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= +github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= diff --git a/vendor/github.com/cloudflare/cloudflare-go/CHANGELOG.md b/vendor/github.com/cloudflare/cloudflare-go/CHANGELOG.md index 33dfc8b0..d7b8fa65 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/CHANGELOG.md +++ b/vendor/github.com/cloudflare/cloudflare-go/CHANGELOG.md @@ -1,4 +1,91 @@ -## 0.95.0 (Unreleased) +## 0.101.0 (Unreleased) + +## 0.100.0 (July 18th, 2024) + +BREAKING CHANGES: + +* teams_accounts: rename `TeamsCertificate` in `TeamsAccountConfiguration` to `TeamsCertificateSetting` ([#2754](https://github.com/cloudflare/cloudflare-go/issues/2754)) + +ENHANCEMENTS: + +* Add CloudConnectorAPI Client ([#2698](https://github.com/cloudflare/cloudflare-go/issues/2698)) +* gateway_categories: add ListGatewayCategories which returns all gateway categories. ([#2722](https://github.com/cloudflare/cloudflare-go/issues/2722)) +* teams_certificates: add `TeamsCertificate` resource to manage gateway certificates ([#2754](https://github.com/cloudflare/cloudflare-go/issues/2754)) + +DEPENDENCIES: + +* deps: bumps dependabot/fetch-metadata from 2.1.0 to 2.2.0 ([#2727](https://github.com/cloudflare/cloudflare-go/issues/2727)) +* deps: bumps golang.org/x/net from 0.26.0 to 0.27.0 ([#2726](https://github.com/cloudflare/cloudflare-go/issues/2726)) + +## 0.99.0 (July 3rd, 2024) + +ENHANCEMENTS: + +* teams: added per account certificate setting to teams gateway configuration ([#2713](https://github.com/cloudflare/cloudflare-go/issues/2713)) +* teams_list: Added description to ZT list item ([#2621](https://github.com/cloudflare/cloudflare-go/issues/2621)) +* teams_rules: Added ZT rule settings `ignore_cname_category_matches` ([#2621](https://github.com/cloudflare/cloudflare-go/issues/2621)) + +DEPENDENCIES: + +* deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.7 ([#2699](https://github.com/cloudflare/cloudflare-go/issues/2699)) + +## 0.98.0 (June 19th, 2024) + +ENHANCEMENTS: + +* access_application: Add support for SaaS OIDC Access Token Lifetime ([#2455](https://github.com/cloudflare/cloudflare-go/issues/2455)) + +DEPENDENCIES: + +* deps: bumps golang.org/x/net from 0.25.0 to 0.26.0 ([#2364](https://github.com/cloudflare/cloudflare-go/issues/2364)) +* deps: bumps goreleaser/goreleaser-action from 5.1.0 to 6.0.0 ([#2365](https://github.com/cloudflare/cloudflare-go/issues/2365)) + +## 0.97.0 (June 5th, 2024) + +ENHANCEMENTS: + +* access_application: Add support for Hybrid/Implicit flows and options ([#2131](https://github.com/cloudflare/cloudflare-go/issues/2131)) +* teams_account: Add Zero Trust connectivity settings ([#2165](https://github.com/cloudflare/cloudflare-go/issues/2165)) +* teams_accounts: Add `use_zt_virtual_ip` attribute ([#2126](https://github.com/cloudflare/cloudflare-go/issues/2126)) + +DEPENDENCIES: + +* deps: bumps `github.com/goccy/go-json` from 0.10.2 to 0.10.3 ([#2107](https://github.com/cloudflare/cloudflare-go/issues/2107)) +* deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7 ([#2249](https://github.com/cloudflare/cloudflare-go/issues/2249)) + +## 0.96.0 (May 22nd, 2024) + +ENHANCEMENTS: + +* access_application: Add Refresh Token, Custom Claims, and PKCE Without Client Secret support for OIDC SaaS configurations ([#1981](https://github.com/cloudflare/cloudflare-go/issues/1981)) +* ruleset: add support for action parameters `fonts` and `disable_rum` ([#1832](https://github.com/cloudflare/cloudflare-go/issues/1832)) + +DEPENDENCIES: + +* deps: bumps bflad/action-milestone-comment from 1 to 2 ([#1991](https://github.com/cloudflare/cloudflare-go/issues/1991)) +* deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.6 ([#1993](https://github.com/cloudflare/cloudflare-go/issues/1993)) +* deps: bumps goreleaser/goreleaser-action from 5.0.0 to 5.1.0 ([#1992](https://github.com/cloudflare/cloudflare-go/issues/1992)) + +## 0.95.0 (May 8th, 2024) + +ENHANCEMENTS: + +* access_application: add support for `policies` array ([#1956](https://github.com/cloudflare/cloudflare-go/issues/1956)) +* access_application: add support for `scim_config` ([#1921](https://github.com/cloudflare/cloudflare-go/issues/1921)) +* access_policy: add support for reusable policies ([#1956](https://github.com/cloudflare/cloudflare-go/issues/1956)) +* dlp: add support for zt risk behavior configuration ([#1887](https://github.com/cloudflare/cloudflare-go/issues/1887)) + +BUG FIXES: + +* access_application: fix scim configuration authentication json marshalling ([#1959](https://github.com/cloudflare/cloudflare-go/issues/1959)) + +DEPENDENCIES: + +* deps: bumps dependabot/fetch-metadata from 2.0.0 to 2.1.0 ([#1839](https://github.com/cloudflare/cloudflare-go/issues/1839)) +* deps: bumps github.com/urfave/cli/v2 from 2.27.1 to 2.27.2 ([#1861](https://github.com/cloudflare/cloudflare-go/issues/1861)) +* deps: bumps golang.org/x/net from 0.24.0 to 0.25.0 ([#1974](https://github.com/cloudflare/cloudflare-go/issues/1974)) +* deps: bumps golangci/golangci-lint-action from 4 to 5 ([#1845](https://github.com/cloudflare/cloudflare-go/issues/1845)) +* deps: bumps golangci/golangci-lint-action from 5 to 6 ([#1975](https://github.com/cloudflare/cloudflare-go/issues/1975)) ## 0.94.0 (April 24th, 2024) diff --git a/vendor/github.com/cloudflare/cloudflare-go/access_application.go b/vendor/github.com/cloudflare/cloudflare-go/access_application.go index fa426643..bdeaf79c 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/access_application.go +++ b/vendor/github.com/cloudflare/cloudflare-go/access_application.go @@ -2,6 +2,7 @@ package cloudflare import ( "context" + "errors" "fmt" "net/http" "time" @@ -56,6 +57,8 @@ type AccessApplication struct { OptionsPreflightBypass *bool `json:"options_preflight_bypass,omitempty"` CustomPages []string `json:"custom_pages,omitempty"` Tags []string `json:"tags,omitempty"` + SCIMConfig *AccessApplicationSCIMConfig `json:"scim_config,omitempty"` + Policies []AccessPolicy `json:"policies,omitempty"` AccessAppLauncherCustomization } @@ -76,6 +79,96 @@ type AccessApplicationCorsHeaders struct { MaxAge int `json:"max_age,omitempty"` } +// AccessApplicationSCIMConfig represents the configuration for provisioning to an Access Application via SCIM. +type AccessApplicationSCIMConfig struct { + Enabled *bool `json:"enabled,omitempty"` + RemoteURI string `json:"remote_uri,omitempty"` + Authentication *AccessApplicationScimAuthenticationJson `json:"authentication,omitempty"` + IdPUID string `json:"idp_uid,omitempty"` + DeactivateOnDelete *bool `json:"deactivate_on_delete,omitempty"` + Mappings []*AccessApplicationScimMapping `json:"mappings,omitempty"` +} + +type AccessApplicationScimAuthenticationScheme string + +const ( + AccessApplicationScimAuthenticationSchemeHttpBasic AccessApplicationScimAuthenticationScheme = "httpbasic" + AccessApplicationScimAuthenticationSchemeOauthBearerToken AccessApplicationScimAuthenticationScheme = "oauthbearertoken" + AccessApplicationScimAuthenticationSchemeOauth2 AccessApplicationScimAuthenticationScheme = "oauth2" +) + +type AccessApplicationScimAuthenticationJson struct { + Value AccessApplicationScimAuthentication +} + +func (a *AccessApplicationScimAuthenticationJson) UnmarshalJSON(buf []byte) error { + var scheme baseScimAuthentication + if err := json.Unmarshal(buf, &scheme); err != nil { + return err + } + + switch scheme.Scheme { + case AccessApplicationScimAuthenticationSchemeHttpBasic: + a.Value = new(AccessApplicationScimAuthenticationHttpBasic) + case AccessApplicationScimAuthenticationSchemeOauthBearerToken: + a.Value = new(AccessApplicationScimAuthenticationOauthBearerToken) + case AccessApplicationScimAuthenticationSchemeOauth2: + a.Value = new(AccessApplicationScimAuthenticationOauth2) + default: + return errors.New("invalid authentication scheme") + } + + return json.Unmarshal(buf, a.Value) +} + +func (a *AccessApplicationScimAuthenticationJson) MarshalJSON() ([]byte, error) { + return json.Marshal(a.Value) +} + +type AccessApplicationScimAuthentication interface { + isScimAuthentication() +} + +type baseScimAuthentication struct { + Scheme AccessApplicationScimAuthenticationScheme `json:"scheme"` +} + +func (baseScimAuthentication) isScimAuthentication() {} + +type AccessApplicationScimAuthenticationHttpBasic struct { + baseScimAuthentication + User string `json:"user"` + Password string `json:"password"` +} + +type AccessApplicationScimAuthenticationOauthBearerToken struct { + baseScimAuthentication + Token string `json:"token"` +} + +type AccessApplicationScimAuthenticationOauth2 struct { + baseScimAuthentication + ClientID string `json:"client_id"` + ClientSecret string `json:"client_secret"` + AuthorizationURL string `json:"authorization_url"` + TokenURL string `json:"token_url"` + Scopes []string `json:"scopes,omitempty"` +} + +type AccessApplicationScimMapping struct { + Schema string `json:"schema"` + Enabled *bool `json:"enabled,omitempty"` + Filter string `json:"filter,omitempty"` + TransformJsonata string `json:"transform_jsonata,omitempty"` + Operations *AccessApplicationScimMappingOperations `json:"operations,omitempty"` +} + +type AccessApplicationScimMappingOperations struct { + Create *bool `json:"create,omitempty"` + Update *bool `json:"update,omitempty"` + Delete *bool `json:"delete,omitempty"` +} + // AccessApplicationListResponse represents the response from the list // access applications endpoint. type AccessApplicationListResponse struct { @@ -106,6 +199,22 @@ type SAMLAttributeConfig struct { Source SourceConfig `json:"source"` } +type OIDCClaimConfig struct { + Name string `json:"name,omitempty"` + Source SourceConfig `json:"source"` + Required *bool `json:"required,omitempty"` + Scope string `json:"scope,omitempty"` +} + +type RefreshTokenOptions struct { + Lifetime string `json:"lifetime,omitempty"` +} + +type AccessApplicationHybridAndImplicitOptions struct { + ReturnIDTokenFromAuthorizationEndpoint *bool `json:"return_id_token_from_authorization_endpoint,omitempty"` + ReturnAccessTokenFromAuthorizationEndpoint *bool `json:"return_access_token_from_authorization_endpoint,omitempty"` +} + type SaasApplication struct { // Items common to both SAML and OIDC AppID string `json:"app_id,omitempty"` @@ -126,13 +235,18 @@ type SaasApplication struct { SamlAttributeTransformJsonata string `json:"saml_attribute_transform_jsonata"` // OIDC saas app - ClientID string `json:"client_id,omitempty"` - ClientSecret string `json:"client_secret,omitempty"` - RedirectURIs []string `json:"redirect_uris,omitempty"` - GrantTypes []string `json:"grant_types,omitempty"` - Scopes []string `json:"scopes,omitempty"` - AppLauncherURL string `json:"app_launcher_url,omitempty"` - GroupFilterRegex string `json:"group_filter_regex,omitempty"` + ClientID string `json:"client_id,omitempty"` + ClientSecret string `json:"client_secret,omitempty"` + RedirectURIs []string `json:"redirect_uris,omitempty"` + GrantTypes []string `json:"grant_types,omitempty"` + Scopes []string `json:"scopes,omitempty"` + AppLauncherURL string `json:"app_launcher_url,omitempty"` + GroupFilterRegex string `json:"group_filter_regex,omitempty"` + CustomClaims []OIDCClaimConfig `json:"custom_claims,omitempty"` + AllowPKCEWithoutClientSecret *bool `json:"allow_pkce_without_client_secret,omitempty"` + RefreshTokenOptions *RefreshTokenOptions `json:"refresh_token_options,omitempty"` + HybridAndImplicitOptions *AccessApplicationHybridAndImplicitOptions `json:"hybrid_and_implicit_options,omitempty"` + AccessTokenLifetime string `json:"access_token_lifetime,omitempty"` } type AccessAppLauncherCustomization struct { @@ -155,6 +269,7 @@ type AccessLandingPageDesign struct { ButtonColor string `json:"button_color"` ButtonTextColor string `json:"button_text_color"` } + type ListAccessApplicationsParams struct { ResultInfo } @@ -187,6 +302,9 @@ type CreateAccessApplicationParams struct { AllowAuthenticateViaWarp *bool `json:"allow_authenticate_via_warp,omitempty"` CustomPages []string `json:"custom_pages,omitempty"` Tags []string `json:"tags,omitempty"` + SCIMConfig *AccessApplicationSCIMConfig `json:"scim_config,omitempty"` + // List of policy ids to link to this application in ascending order of precedence. + Policies []string `json:"policies,omitempty"` AccessAppLauncherCustomization } @@ -219,6 +337,11 @@ type UpdateAccessApplicationParams struct { OptionsPreflightBypass *bool `json:"options_preflight_bypass,omitempty"` CustomPages []string `json:"custom_pages,omitempty"` Tags []string `json:"tags,omitempty"` + SCIMConfig *AccessApplicationSCIMConfig `json:"scim_config,omitempty"` + // List of policy ids to link to this application in ascending order of precedence. + // Can reference reusable policies and policies specific to this application. + // If this field is not provided, the existing policies will not be modified. + Policies *[]string `json:"policies,omitempty"` AccessAppLauncherCustomization } diff --git a/vendor/github.com/cloudflare/cloudflare-go/access_policy.go b/vendor/github.com/cloudflare/cloudflare-go/access_policy.go index 0e1ae41c..a70ceede 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/access_policy.go +++ b/vendor/github.com/cloudflare/cloudflare-go/access_policy.go @@ -2,7 +2,6 @@ package cloudflare import ( "context" - "errors" "fmt" "net/http" "time" @@ -10,10 +9,6 @@ import ( "github.com/goccy/go-json" ) -var ( - ErrMissingApplicationID = errors.New("missing required application ID") -) - type AccessApprovalGroup struct { EmailListUuid string `json:"email_list_uuid,omitempty"` EmailAddresses []string `json:"email_addresses,omitempty"` @@ -23,11 +18,16 @@ type AccessApprovalGroup struct { // AccessPolicy defines a policy for allowing or disallowing access to // one or more Access applications. type AccessPolicy struct { - ID string `json:"id,omitempty"` + ID string `json:"id,omitempty"` + // Precedence is the order in which the policy is executed in an Access application. + // As a general rule, lower numbers take precedence over higher numbers. + // This field can only be zero when a reusable policy is requested outside the context + // of an Access application. Precedence int `json:"precedence"` Decision string `json:"decision"` CreatedAt *time.Time `json:"created_at"` UpdatedAt *time.Time `json:"updated_at"` + Reusable *bool `json:"reusable,omitempty"` Name string `json:"name"` IsolationRequired *bool `json:"isolation_required,omitempty"` @@ -68,18 +68,28 @@ type AccessPolicyDetailResponse struct { } type ListAccessPoliciesParams struct { + // ApplicationID is the application ID to list attached access policies for. + // If omitted, only reusable policies for the account are returned. ApplicationID string `json:"-"` ResultInfo } type GetAccessPolicyParams struct { + PolicyID string `json:"-"` + // ApplicationID is the application ID for which to scope the policy for. + // Optional, but if included, the policy returned will include its execution precedence within the application. ApplicationID string `json:"-"` - PolicyID string `json:"-"` } type CreateAccessPolicyParams struct { + // ApplicationID is the application ID for which to create the policy for. + // Pass an empty value to create a reusable policy. ApplicationID string `json:"-"` + // Precedence is the order in which the policy is executed in an Access application. + // As a general rule, lower numbers take precedence over higher numbers. + // This field is ignored when creating a reusable policy. + // Read more here https://developers.cloudflare.com/cloudflare-one/policies/access/#order-of-execution Precedence int `json:"precedence"` Decision string `json:"decision"` Name string `json:"name"` @@ -105,9 +115,14 @@ type CreateAccessPolicyParams struct { } type UpdateAccessPolicyParams struct { + // ApplicationID is the application ID that owns the existing policy. + // Pass an empty value if the existing policy is reusable. ApplicationID string `json:"-"` PolicyID string `json:"-"` + // Precedence is the order in which the policy is executed in an Access application. + // As a general rule, lower numbers take precedence over higher numbers. + // This field is ignored when updating a reusable policy. Precedence int `json:"precedence"` Decision string `json:"decision"` Name string `json:"name"` @@ -133,26 +148,33 @@ type UpdateAccessPolicyParams struct { } type DeleteAccessPolicyParams struct { + // ApplicationID is the application ID the policy belongs to. + // If the existing policy is reusable, this field must be omitted. Otherwise, it is required. ApplicationID string `json:"-"` PolicyID string `json:"-"` } -// ListAccessPolicies returns all access policies for an access application. +// ListAccessPolicies returns all access policies that match the parameters. // // Account API reference: https://developers.cloudflare.com/api/operations/access-policies-list-access-policies // Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-list-access-policies func (api *API) ListAccessPolicies(ctx context.Context, rc *ResourceContainer, params ListAccessPoliciesParams) ([]AccessPolicy, *ResultInfo, error) { - if params.ApplicationID == "" { - return []AccessPolicy{}, &ResultInfo{}, ErrMissingApplicationID + var baseURL string + if params.ApplicationID != "" { + baseURL = fmt.Sprintf( + "/%s/%s/access/apps/%s/policies", + rc.Level, + rc.Identifier, + params.ApplicationID, + ) + } else { + baseURL = fmt.Sprintf( + "/%s/%s/access/policies", + rc.Level, + rc.Identifier, + ) } - baseURL := fmt.Sprintf( - "/%s/%s/access/apps/%s/policies", - rc.Level, - rc.Identifier, - params.ApplicationID, - ) - autoPaginate := true if params.PerPage >= 1 || params.Page >= 1 { autoPaginate = false @@ -194,13 +216,23 @@ func (api *API) ListAccessPolicies(ctx context.Context, rc *ResourceContainer, p // Account API reference: https://developers.cloudflare.com/api/operations/access-policies-get-an-access-policy // Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-get-an-access-policy func (api *API) GetAccessPolicy(ctx context.Context, rc *ResourceContainer, params GetAccessPolicyParams) (AccessPolicy, error) { - uri := fmt.Sprintf( - "/%s/%s/access/apps/%s/policies/%s", - rc.Level, - rc.Identifier, - params.ApplicationID, - params.PolicyID, - ) + var uri string + if params.ApplicationID != "" { + uri = fmt.Sprintf( + "/%s/%s/access/apps/%s/policies/%s", + rc.Level, + rc.Identifier, + params.ApplicationID, + params.PolicyID, + ) + } else { + uri = fmt.Sprintf( + "/%s/%s/access/policies/%s", + rc.Level, + rc.Identifier, + params.PolicyID, + ) + } res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) if err != nil { @@ -221,12 +253,21 @@ func (api *API) GetAccessPolicy(ctx context.Context, rc *ResourceContainer, para // Account API reference: https://developers.cloudflare.com/api/operations/access-policies-create-an-access-policy // Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-create-an-access-policy func (api *API) CreateAccessPolicy(ctx context.Context, rc *ResourceContainer, params CreateAccessPolicyParams) (AccessPolicy, error) { - uri := fmt.Sprintf( - "/%s/%s/access/apps/%s/policies", - rc.Level, - rc.Identifier, - params.ApplicationID, - ) + var uri string + if params.ApplicationID != "" { + uri = fmt.Sprintf( + "/%s/%s/access/apps/%s/policies", + rc.Level, + rc.Identifier, + params.ApplicationID, + ) + } else { + uri = fmt.Sprintf( + "/%s/%s/access/policies", + rc.Level, + rc.Identifier, + ) + } res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params) if err != nil { @@ -251,13 +292,23 @@ func (api *API) UpdateAccessPolicy(ctx context.Context, rc *ResourceContainer, p return AccessPolicy{}, fmt.Errorf("access policy ID cannot be empty") } - uri := fmt.Sprintf( - "/%s/%s/access/apps/%s/policies/%s", - rc.Level, - rc.Identifier, - params.ApplicationID, - params.PolicyID, - ) + var uri string + if params.ApplicationID != "" { + uri = fmt.Sprintf( + "/%s/%s/access/apps/%s/policies/%s", + rc.Level, + rc.Identifier, + params.ApplicationID, + params.PolicyID, + ) + } else { + uri = fmt.Sprintf( + "/%s/%s/access/policies/%s", + rc.Level, + rc.Identifier, + params.PolicyID, + ) + } res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params) if err != nil { @@ -278,13 +329,23 @@ func (api *API) UpdateAccessPolicy(ctx context.Context, rc *ResourceContainer, p // Account API reference: https://developers.cloudflare.com/api/operations/access-policies-delete-an-access-policy // Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-delete-an-access-policy func (api *API) DeleteAccessPolicy(ctx context.Context, rc *ResourceContainer, params DeleteAccessPolicyParams) error { - uri := fmt.Sprintf( - "/%s/%s/access/apps/%s/policies/%s", - rc.Level, - rc.Identifier, - params.ApplicationID, - params.PolicyID, - ) + var uri string + if params.ApplicationID != "" { + uri = fmt.Sprintf( + "/%s/%s/access/apps/%s/policies/%s", + rc.Level, + rc.Identifier, + params.ApplicationID, + params.PolicyID, + ) + } else { + uri = fmt.Sprintf( + "/%s/%s/access/policies/%s", + rc.Level, + rc.Identifier, + params.PolicyID, + ) + } _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil) if err != nil { diff --git a/vendor/github.com/cloudflare/cloudflare-go/cloud_connector.go b/vendor/github.com/cloudflare/cloudflare-go/cloud_connector.go new file mode 100644 index 00000000..8c6e3b96 --- /dev/null +++ b/vendor/github.com/cloudflare/cloudflare-go/cloud_connector.go @@ -0,0 +1,71 @@ +package cloudflare + +import ( + "context" + "fmt" + "net/http" + + "github.com/goccy/go-json" +) + +type CloudConnectorRulesResponse struct { + Response + Result []CloudConnectorRule `json:"result"` +} + +type CloudConnectorRuleParameters struct { + Host string `json:"host"` +} + +type CloudConnectorRule struct { + ID string `json:"id"` + Enabled *bool `json:"enabled,omitempty"` + Expression string `json:"expression"` + Provider string `json:"provider"` + Parameters CloudConnectorRuleParameters `json:"parameters"` + Description string `json:"description"` +} + +func (api *API) ListZoneCloudConnectorRules(ctx context.Context, rc *ResourceContainer) ([]CloudConnectorRule, error) { + if rc.Identifier == "" { + return nil, ErrMissingZoneID + } + + uri := buildURI(fmt.Sprintf("/zones/%s/cloud_connector/rules", rc.Identifier), nil) + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return nil, err + } + + result := CloudConnectorRulesResponse{} + if err := json.Unmarshal(res, &result); err != nil { + return nil, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return result.Result, nil +} + +func (api *API) UpdateZoneCloudConnectorRules(ctx context.Context, rc *ResourceContainer, params []CloudConnectorRule) ([]CloudConnectorRule, error) { + if rc.Identifier == "" { + return nil, ErrMissingZoneID + } + + uri := fmt.Sprintf("/zones/%s/cloud_connector/rules", rc.Identifier) + + payload, err := json.Marshal(params) + if err != nil { + return nil, err + } + + res, err := api.makeRequestContext(ctx, http.MethodPut, uri, payload) + if err != nil { + return nil, err + } + + result := CloudConnectorRulesResponse{} + if err := json.Unmarshal(res, &result); err != nil { + return nil, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return result.Result, nil +} diff --git a/vendor/github.com/cloudflare/cloudflare-go/gateway_categories.go b/vendor/github.com/cloudflare/cloudflare-go/gateway_categories.go new file mode 100644 index 00000000..da23a74e --- /dev/null +++ b/vendor/github.com/cloudflare/cloudflare-go/gateway_categories.go @@ -0,0 +1,54 @@ +package cloudflare + +import ( + "context" + "fmt" + "net/http" + + "github.com/goccy/go-json" +) + +// GatewayCategory represents a single gateway category. +type GatewayCategory struct { + Beta *bool `json:"beta,omitempty"` + Class string `json:"class"` + Description string `json:"description"` + ID int `json:"id"` + Name string `json:"name"` + Subcategories []GatewayCategory `json:"subcategories"` +} + +// GatewayCategoriesResponse represents the response from the list +// gateway categories endpoint. +type GatewayCategoriesResponse struct { + Success bool `json:"success"` + Result []GatewayCategory `json:"result"` + Errors []string `json:"errors"` + Messages []string `json:"messages"` + ResultInfo ResultInfo `json:"result_info"` +} + +// ListGatewayCategoriesParams represents the parameters for listing gateway categories. +type ListGatewayCategoriesParams struct { + ResultInfo +} + +// ListGatewayCategories returns all gateway categories within an account. +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-gateway-categories-list-categories +func (api *API) ListGatewayCategories(ctx context.Context, rc *ResourceContainer, params ListGatewayCategoriesParams) ([]GatewayCategory, ResultInfo, error) { + uri := fmt.Sprintf("/accounts/%s/gateway/categories", rc.Identifier) + + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return []GatewayCategory{}, ResultInfo{}, err + } + + var gResponse GatewayCategoriesResponse + err = json.Unmarshal(res, &gResponse) + if err != nil { + return []GatewayCategory{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return gResponse.Result, gResponse.ResultInfo, nil +} diff --git a/vendor/github.com/cloudflare/cloudflare-go/hyperdrive.go b/vendor/github.com/cloudflare/cloudflare-go/hyperdrive.go index c1ddbc9a..bd1912ef 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/hyperdrive.go +++ b/vendor/github.com/cloudflare/cloudflare-go/hyperdrive.go @@ -26,13 +26,21 @@ type HyperdriveConfig struct { Caching HyperdriveConfigCaching `json:"caching,omitempty"` } +type HyperdriveOriginType string + type HyperdriveConfigOrigin struct { - Database string `json:"database,omitempty"` - Password string `json:"password"` - Host string `json:"host,omitempty"` - Port int `json:"port,omitempty"` - Scheme string `json:"scheme,omitempty"` - User string `json:"user,omitempty"` + Database string `json:"database,omitempty"` + Host string `json:"host,omitempty"` + Port int `json:"port,omitempty"` + Scheme string `json:"scheme,omitempty"` + User string `json:"user,omitempty"` + AccessClientID string `json:"access_client_id,omitempty"` +} + +type HyperdriveConfigOriginWithSecrets struct { + HyperdriveConfigOrigin + Password string `json:"password"` + AccessClientSecret string `json:"access_client_secret,omitempty"` } type HyperdriveConfigCaching struct { @@ -47,9 +55,9 @@ type HyperdriveConfigListResponse struct { } type CreateHyperdriveConfigParams struct { - Name string `json:"name"` - Origin HyperdriveConfigOrigin `json:"origin"` - Caching HyperdriveConfigCaching `json:"caching,omitempty"` + Name string `json:"name"` + Origin HyperdriveConfigOriginWithSecrets `json:"origin"` + Caching HyperdriveConfigCaching `json:"caching,omitempty"` } type HyperdriveConfigResponse struct { @@ -58,10 +66,10 @@ type HyperdriveConfigResponse struct { } type UpdateHyperdriveConfigParams struct { - HyperdriveID string `json:"-"` - Name string `json:"name"` - Origin HyperdriveConfigOrigin `json:"origin"` - Caching HyperdriveConfigCaching `json:"caching,omitempty"` + HyperdriveID string `json:"-"` + Name string `json:"name"` + Origin HyperdriveConfigOriginWithSecrets `json:"origin"` + Caching HyperdriveConfigCaching `json:"caching,omitempty"` } type ListHyperdriveConfigParams struct{} diff --git a/vendor/github.com/cloudflare/cloudflare-go/rulesets.go b/vendor/github.com/cloudflare/cloudflare-go/rulesets.go index c8a47625..8b1ad430 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/rulesets.go +++ b/vendor/github.com/cloudflare/cloudflare-go/rulesets.go @@ -246,7 +246,9 @@ type RulesetRuleActionParameters struct { DisableApps *bool `json:"disable_apps,omitempty"` DisableZaraz *bool `json:"disable_zaraz,omitempty"` DisableRailgun *bool `json:"disable_railgun,omitempty"` + DisableRUM *bool `json:"disable_rum,omitempty"` EmailObfuscation *bool `json:"email_obfuscation,omitempty"` + Fonts *bool `json:"fonts,omitempty"` Mirage *bool `json:"mirage,omitempty"` OpportunisticEncryption *bool `json:"opportunistic_encryption,omitempty"` Polish *Polish `json:"polish,omitempty"` diff --git a/vendor/github.com/cloudflare/cloudflare-go/teams_accounts.go b/vendor/github.com/cloudflare/cloudflare-go/teams_accounts.go index a027dbee..dbded095 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/teams_accounts.go +++ b/vendor/github.com/cloudflare/cloudflare-go/teams_accounts.go @@ -47,6 +47,7 @@ type TeamsAccountSettings struct { BodyScanning *TeamsBodyScanning `json:"body_scanning,omitempty"` ExtendedEmailMatching *TeamsExtendedEmailMatching `json:"extended_email_matching,omitempty"` CustomCertificate *TeamsCustomCertificate `json:"custom_certificate,omitempty"` + Certificate *TeamsCertificateSetting `json:"certificate,omitempty"` } type BrowserIsolation struct { @@ -112,6 +113,10 @@ type TeamsCustomCertificate struct { UpdatedAt *time.Time `json:"updated_at,omitempty"` } +type TeamsCertificateSetting struct { + ID string `json:"id"` +} + type TeamsRuleType = string const ( @@ -131,9 +136,10 @@ type TeamsLoggingSettings struct { } type TeamsDeviceSettings struct { - GatewayProxyEnabled bool `json:"gateway_proxy_enabled"` - GatewayProxyUDPEnabled bool `json:"gateway_udp_proxy_enabled"` - RootCertificateInstallationEnabled bool `json:"root_certificate_installation_enabled"` + GatewayProxyEnabled bool `json:"gateway_proxy_enabled"` + GatewayProxyUDPEnabled bool `json:"gateway_udp_proxy_enabled"` + RootCertificateInstallationEnabled bool `json:"root_certificate_installation_enabled"` + UseZTVirtualIP *bool `json:"use_zt_virtual_ip"` } type TeamsDeviceSettingsResponse struct { @@ -146,6 +152,16 @@ type TeamsLoggingSettingsResponse struct { Result TeamsLoggingSettings `json:"result"` } +type TeamsConnectivitySettings struct { + ICMPProxyEnabled *bool `json:"icmp_proxy_enabled"` + OfframpWARPEnabled *bool `json:"offramp_warp_enabled"` +} + +type TeamsAccountConnectivitySettingsResponse struct { + Response + Result TeamsConnectivitySettings `json:"result"` +} + // TeamsAccount returns teams account information with internal and external ID. // // API reference: TBA. @@ -226,6 +242,26 @@ func (api *API) TeamsAccountLoggingConfiguration(ctx context.Context, accountID return teamsConfigResponse.Result, nil } +// TeamsAccountConnectivityConfiguration returns zero trust account connectivity settings. +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-accounts-get-connectivity-settings +func (api *API) TeamsAccountConnectivityConfiguration(ctx context.Context, accountID string) (TeamsConnectivitySettings, error) { + uri := fmt.Sprintf("/accounts/%s/zerotrust/connectivity_settings", accountID) + + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return TeamsConnectivitySettings{}, err + } + + var teamsConnectivityResponse TeamsAccountConnectivitySettingsResponse + err = json.Unmarshal(res, &teamsConnectivityResponse) + if err != nil { + return TeamsConnectivitySettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsConnectivityResponse.Result, nil +} + // TeamsAccountUpdateConfiguration updates a teams account configuration. // // API reference: TBA. @@ -285,3 +321,23 @@ func (api *API) TeamsAccountDeviceUpdateConfiguration(ctx context.Context, accou return teamsDeviceResponse.Result, nil } + +// TeamsAccountConnectivityUpdateConfiguration updates zero trust account connectivity settings. +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-accounts-patch-connectivity-settings +func (api *API) TeamsAccountConnectivityUpdateConfiguration(ctx context.Context, accountID string, settings TeamsConnectivitySettings) (TeamsConnectivitySettings, error) { + uri := fmt.Sprintf("/accounts/%s/zerotrust/connectivity_settings", accountID) + + res, err := api.makeRequestContext(ctx, http.MethodPut, uri, settings) + if err != nil { + return TeamsConnectivitySettings{}, err + } + + var teamsConnectivityResponse TeamsAccountConnectivitySettingsResponse + err = json.Unmarshal(res, &teamsConnectivityResponse) + if err != nil { + return TeamsConnectivitySettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsConnectivityResponse.Result, nil +} diff --git a/vendor/github.com/cloudflare/cloudflare-go/teams_certificates.go b/vendor/github.com/cloudflare/cloudflare-go/teams_certificates.go new file mode 100644 index 00000000..74267866 --- /dev/null +++ b/vendor/github.com/cloudflare/cloudflare-go/teams_certificates.go @@ -0,0 +1,158 @@ +package cloudflare + +import ( + "context" + "fmt" + "net/http" + "time" + + "github.com/goccy/go-json" +) + +type TeamsCertificate struct { + Enabled *bool `json:"enabled"` + ID string `json:"id"` + BindingStatus string `json:"binding_status"` + QsPackId string `json:"qs_pack_id"` + Type string `json:"type"` + UpdatedAt *time.Time `json:"updated_at"` + UploadedOn *time.Time `json:"uploaded_on"` + CreatedAt *time.Time `json:"created_at"` + ExpiresOn *time.Time `json:"expires_on"` +} + +type TeamsCertificateCreateRequest struct { + ValidityPeriodDays int `json:"validity_period_days,omitempty"` +} + +const DEFAULT_VALIDITY_PERIOD_DAYS = 1826 + +// TeamsCertificateResponse is the API response, containing a single certificate. +type TeamsCertificateResponse struct { + Response + Result TeamsCertificate `json:"result"` +} + +// TeamsCertificatesResponse is the API response, containing an array of certificates. +type TeamsCertificatesResponse struct { + Response + Result []TeamsCertificate `json:"result"` +} + +// TeamsCertificates returns all certificates in an account +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-certificates-list-zero-trust-certificates +func (api *API) TeamsCertificates(ctx context.Context, accountID string) ([]TeamsCertificate, error) { + uri := fmt.Sprintf("/accounts/%s/gateway/certificates", accountID) + + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return []TeamsCertificate{}, err + } + + var teamsCertificatesResponse TeamsCertificatesResponse + err = json.Unmarshal(res, &teamsCertificatesResponse) + if err != nil { + return []TeamsCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsCertificatesResponse.Result, nil +} + +// TeamsCertificate returns teams account certificate. +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-certificates-zero-trust-certificate-details +func (api *API) TeamsCertificate(ctx context.Context, accountID string, certificateId string) (TeamsCertificate, error) { + uri := fmt.Sprintf("/accounts/%s/gateway/certificates/%s", accountID, certificateId) + + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return TeamsCertificate{}, err + } + + var teamsCertificateResponse TeamsCertificateResponse + err = json.Unmarshal(res, &teamsCertificateResponse) + if err != nil { + return TeamsCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsCertificateResponse.Result, nil +} + +// TeamsGenerateCertificate generates a new gateway managed certificate +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-certificates-create-zero-trust-certificate +func (api *API) TeamsGenerateCertificate(ctx context.Context, accountID string, certificateRequest TeamsCertificateCreateRequest) (TeamsCertificate, error) { + uri := fmt.Sprintf("/accounts/%s/gateway/certificates", accountID) + + if certificateRequest.ValidityPeriodDays == 0 { + certificateRequest.ValidityPeriodDays = DEFAULT_VALIDITY_PERIOD_DAYS + } + + res, err := api.makeRequestContext(ctx, http.MethodPost, uri, certificateRequest) + if err != nil { + return TeamsCertificate{}, err + } + + var teamsCertResponse TeamsCertificateResponse + err = json.Unmarshal(res, &teamsCertResponse) + if err != nil { + return TeamsCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsCertResponse.Result, nil +} + +// TeamsActivateCertificate activates a certificate +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-certificates-activate-zero-trust-certificate +func (api *API) TeamsActivateCertificate(ctx context.Context, accountID string, certificateId string) (TeamsCertificate, error) { + uri := fmt.Sprintf("/accounts/%s/gateway/certificates/%s/activate", accountID, certificateId) + + res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil) + if err != nil { + return TeamsCertificate{}, err + } + + var teamsCertResponse TeamsCertificateResponse + err = json.Unmarshal(res, &teamsCertResponse) + if err != nil { + return TeamsCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsCertResponse.Result, nil +} + +// TeamsDectivateCertificate deactivates a certificate +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-certificates-deactivate-zero-trust-certificate +func (api *API) TeamsDeactivateCertificate(ctx context.Context, accountID string, certificateId string) (TeamsCertificate, error) { + uri := fmt.Sprintf("/accounts/%s/gateway/certificates/%s/deactivate", accountID, certificateId) + + res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil) + if err != nil { + return TeamsCertificate{}, err + } + + var teamsCertResponse TeamsCertificateResponse + err = json.Unmarshal(res, &teamsCertResponse) + if err != nil { + return TeamsCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsCertResponse.Result, nil +} + +// TeamsDeleteCertificate deletes a certificate. +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-certificates-delete-zero-trust-certificate +func (api *API) TeamsDeleteCertificate(ctx context.Context, accountID string, certificateId string) error { + uri := fmt.Sprintf("/accounts/%s/gateway/certificates/%s", accountID, certificateId) + + _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil) + if err != nil { + return err + } + + return nil +} diff --git a/vendor/github.com/cloudflare/cloudflare-go/teams_list.go b/vendor/github.com/cloudflare/cloudflare-go/teams_list.go index 066d7aff..61f160c8 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/teams_list.go +++ b/vendor/github.com/cloudflare/cloudflare-go/teams_list.go @@ -26,8 +26,9 @@ type TeamsList struct { // TeamsListItem represents a single list item. type TeamsListItem struct { - Value string `json:"value"` - CreatedAt *time.Time `json:"created_at,omitempty"` + Value string `json:"value"` + Description string `json:"description,omitempty"` + CreatedAt *time.Time `json:"created_at,omitempty"` } // PatchTeamsList represents a patch request for appending/removing list items. diff --git a/vendor/github.com/cloudflare/cloudflare-go/teams_rules.go b/vendor/github.com/cloudflare/cloudflare-go/teams_rules.go index b03c0121..38bfbcec 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/teams_rules.go +++ b/vendor/github.com/cloudflare/cloudflare-go/teams_rules.go @@ -49,6 +49,9 @@ type TeamsRuleSettings struct { // Turns on ip category based filter on dns if the rule contains dns category checks IPCategories bool `json:"ip_categories"` + // Turns on for explicitly ignoring cname domain category matches + IgnoreCNAMECategoryMatches *bool `json:"ignore_cname_category_matches"` + // Allow parent MSP accounts to enable bypass their children's rules. Do not set them for non MSP accounts. AllowChildBypass *bool `json:"allow_child_bypass,omitempty"` diff --git a/vendor/github.com/cloudflare/cloudflare-go/zt_risk_behaviors.go b/vendor/github.com/cloudflare/cloudflare-go/zt_risk_behaviors.go new file mode 100644 index 00000000..370e3c3e --- /dev/null +++ b/vendor/github.com/cloudflare/cloudflare-go/zt_risk_behaviors.go @@ -0,0 +1,126 @@ +package cloudflare + +import ( + "context" + "fmt" + "net/http" + "strings" + + "github.com/goccy/go-json" +) + +// Behavior represents a single zt risk behavior config. +type Behavior struct { + Name string `json:"name,omitempty"` + Description string `json:"description,omitempty"` + RiskLevel RiskLevel `json:"risk_level"` + Enabled *bool `json:"enabled"` +} + +// Wrapper used to have full-fidelity repro of json structure. +type Behaviors struct { + Behaviors map[string]Behavior `json:"behaviors"` +} + +// BehaviorResponse represents the response from the zt risk scoring endpoint +// and contains risk behaviors for an account. +type BehaviorResponse struct { + Success bool `json:"success"` + Result Behaviors `json:"result"` + Errors []string `json:"errors"` + Messages []string `json:"messages"` +} + +// Behaviors returns all zero trust risk scoring behaviors for the provided account +// +// API reference: https://developers.cloudflare.com/api/operations/dlp-zt-risk-score-get-behaviors +func (api *API) Behaviors(ctx context.Context, accountID string) (Behaviors, error) { + uri := fmt.Sprintf("/accounts/%s/zt_risk_scoring/behaviors", accountID) + + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return Behaviors{}, err + } + + var r BehaviorResponse + err = json.Unmarshal(res, &r) + if err != nil { + return Behaviors{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + return r.Result, nil +} + +// UpdateBehaviors returns all zero trust risk scoring behaviors for the provided account +// NOTE: description/name updates are no-ops, risk_level [low medium high] and enabled [true/false] results in modifications +// +// API reference: https://developers.cloudflare.com/api/operations/dlp-zt-risk-score-put-behaviors +func (api *API) UpdateBehaviors(ctx context.Context, accountID string, behaviors Behaviors) (Behaviors, error) { + uri := fmt.Sprintf("/accounts/%s/zt_risk_scoring/behaviors", accountID) + + res, err := api.makeRequestContext(ctx, http.MethodPut, uri, behaviors) + if err != nil { + return Behaviors{}, err + } + + var r BehaviorResponse + err = json.Unmarshal(res, &r) + if err != nil { + return Behaviors{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return r.Result, nil +} + +type RiskLevel int + +const ( + _ RiskLevel = iota + Low + Medium + High +) + +func (p RiskLevel) MarshalJSON() ([]byte, error) { + return json.Marshal(p.String()) +} + +func (p RiskLevel) String() string { + return [...]string{"low", "medium", "high"}[p-1] +} + +func (p *RiskLevel) UnmarshalJSON(data []byte) error { + var ( + s string + err error + ) + err = json.Unmarshal(data, &s) + if err != nil { + return err + } + v, err := RiskLevelFromString(s) + if err != nil { + return err + } + *p = *v + return nil +} + +func RiskLevelFromString(s string) (*RiskLevel, error) { + s = strings.ToLower(s) + var v RiskLevel + switch s { + case "low": + v = Low + case "medium": + v = Medium + case "high": + v = High + default: + return nil, fmt.Errorf("unknown variant for risk level: %s", s) + } + return &v, nil +} + +func (p RiskLevel) IntoRef() *RiskLevel { + return &p +} diff --git a/vendor/github.com/goccy/go-json/.golangci.yml b/vendor/github.com/goccy/go-json/.golangci.yml index 57ae5a52..977accaa 100644 --- a/vendor/github.com/goccy/go-json/.golangci.yml +++ b/vendor/github.com/goccy/go-json/.golangci.yml @@ -56,6 +56,9 @@ linters: - cyclop - containedctx - revive + - nosnakecase + - exhaustruct + - depguard issues: exclude-rules: diff --git a/vendor/github.com/goccy/go-json/Makefile b/vendor/github.com/goccy/go-json/Makefile index 5bbfc4c9..c030577d 100644 --- a/vendor/github.com/goccy/go-json/Makefile +++ b/vendor/github.com/goccy/go-json/Makefile @@ -30,7 +30,7 @@ golangci-lint: | $(BIN_DIR) GOLANGCI_LINT_TMP_DIR=$$(mktemp -d); \ cd $$GOLANGCI_LINT_TMP_DIR; \ go mod init tmp; \ - GOBIN=$(BIN_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.48.0; \ + GOBIN=$(BIN_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2; \ rm -rf $$GOLANGCI_LINT_TMP_DIR; \ } diff --git a/vendor/github.com/goccy/go-json/encode.go b/vendor/github.com/goccy/go-json/encode.go index 4bd899f3..c5173825 100644 --- a/vendor/github.com/goccy/go-json/encode.go +++ b/vendor/github.com/goccy/go-json/encode.go @@ -52,7 +52,7 @@ func (e *Encoder) EncodeContext(ctx context.Context, v interface{}, optFuncs ... rctx.Option.Flag |= encoder.ContextOption rctx.Option.Context = ctx - err := e.encodeWithOption(rctx, v, optFuncs...) + err := e.encodeWithOption(rctx, v, optFuncs...) //nolint: contextcheck encoder.ReleaseRuntimeContext(rctx) return err @@ -120,7 +120,7 @@ func marshalContext(ctx context.Context, v interface{}, optFuncs ...EncodeOption optFunc(rctx.Option) } - buf, err := encode(rctx, v) + buf, err := encode(rctx, v) //nolint: contextcheck if err != nil { encoder.ReleaseRuntimeContext(rctx) return nil, err diff --git a/vendor/github.com/goccy/go-json/internal/decoder/ptr.go b/vendor/github.com/goccy/go-json/internal/decoder/ptr.go index de12e105..ae229946 100644 --- a/vendor/github.com/goccy/go-json/internal/decoder/ptr.go +++ b/vendor/github.com/goccy/go-json/internal/decoder/ptr.go @@ -85,6 +85,7 @@ func (d *ptrDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.P } c, err := d.dec.Decode(ctx, cursor, depth, newptr) if err != nil { + *(*unsafe.Pointer)(p) = nil return 0, err } cursor = c diff --git a/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_text.go b/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_text.go index 6d37993f..d711d0f8 100644 --- a/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_text.go +++ b/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_text.go @@ -147,7 +147,7 @@ func (d *unmarshalTextDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int return nil, 0, fmt.Errorf("json: unmarshal text decoder does not support decode path") } -func unquoteBytes(s []byte) (t []byte, ok bool) { +func unquoteBytes(s []byte) (t []byte, ok bool) { //nolint: nonamedreturns length := len(s) if length < 2 || s[0] != '"' || s[length-1] != '"' { return diff --git a/vendor/github.com/goccy/go-json/internal/encoder/compact.go b/vendor/github.com/goccy/go-json/internal/encoder/compact.go index 0eb9545d..e287a6c0 100644 --- a/vendor/github.com/goccy/go-json/internal/encoder/compact.go +++ b/vendor/github.com/goccy/go-json/internal/encoder/compact.go @@ -213,8 +213,8 @@ func compactString(dst, src []byte, cursor int64, escape bool) ([]byte, int64, e dst = append(dst, src[start:cursor]...) dst = append(dst, `\u202`...) dst = append(dst, hex[src[cursor+2]&0xF]) - cursor += 2 start = cursor + 3 + cursor += 2 } } switch c { diff --git a/vendor/github.com/goccy/go-json/internal/encoder/compiler.go b/vendor/github.com/goccy/go-json/internal/encoder/compiler.go index 3ae39ba8..37b7aa38 100644 --- a/vendor/github.com/goccy/go-json/internal/encoder/compiler.go +++ b/vendor/github.com/goccy/go-json/internal/encoder/compiler.go @@ -480,7 +480,7 @@ func (c *Compiler) mapCode(typ *runtime.Type) (*MapCode, error) { func (c *Compiler) listElemCode(typ *runtime.Type) (Code, error) { switch { - case c.isPtrMarshalJSONType(typ): + case c.implementsMarshalJSONType(typ) || c.implementsMarshalJSONType(runtime.PtrTo(typ)): return c.marshalJSONCode(typ) case !typ.Implements(marshalTextType) && runtime.PtrTo(typ).Implements(marshalTextType): return c.marshalTextCode(typ) diff --git a/vendor/github.com/goccy/go-json/internal/encoder/int.go b/vendor/github.com/goccy/go-json/internal/encoder/int.go index 85f07960..8b5febea 100644 --- a/vendor/github.com/goccy/go-json/internal/encoder/int.go +++ b/vendor/github.com/goccy/go-json/internal/encoder/int.go @@ -1,3 +1,27 @@ +// This files's processing codes are inspired by https://github.com/segmentio/encoding. +// The license notation is as follows. +// +// # MIT License +// +// Copyright (c) 2019 Segment.io, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. package encoder import ( diff --git a/vendor/github.com/goccy/go-json/internal/encoder/string.go b/vendor/github.com/goccy/go-json/internal/encoder/string.go index e4152b27..4abb8416 100644 --- a/vendor/github.com/goccy/go-json/internal/encoder/string.go +++ b/vendor/github.com/goccy/go-json/internal/encoder/string.go @@ -1,3 +1,27 @@ +// This files's string processing codes are inspired by https://github.com/segmentio/encoding. +// The license notation is as follows. +// +// # MIT License +// +// Copyright (c) 2019 Segment.io, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. package encoder import ( diff --git a/vendor/github.com/goccy/go-json/internal/runtime/rtype.go b/vendor/github.com/goccy/go-json/internal/runtime/rtype.go index 4db10deb..37cfe35a 100644 --- a/vendor/github.com/goccy/go-json/internal/runtime/rtype.go +++ b/vendor/github.com/goccy/go-json/internal/runtime/rtype.go @@ -252,7 +252,6 @@ func IfaceIndir(*Type) bool //go:noescape func RType2Type(t *Type) reflect.Type -//go:nolint structcheck type emptyInterface struct { _ *Type ptr unsafe.Pointer diff --git a/vendor/github.com/goccy/go-json/json.go b/vendor/github.com/goccy/go-json/json.go index 413cb20b..fb18065a 100644 --- a/vendor/github.com/goccy/go-json/json.go +++ b/vendor/github.com/goccy/go-json/json.go @@ -89,31 +89,31 @@ type UnmarshalerContext interface { // // Examples of struct field tags and their meanings: // -// // Field appears in JSON as key "myName". -// Field int `json:"myName"` +// // Field appears in JSON as key "myName". +// Field int `json:"myName"` // -// // Field appears in JSON as key "myName" and -// // the field is omitted from the object if its value is empty, -// // as defined above. -// Field int `json:"myName,omitempty"` +// // Field appears in JSON as key "myName" and +// // the field is omitted from the object if its value is empty, +// // as defined above. +// Field int `json:"myName,omitempty"` // -// // Field appears in JSON as key "Field" (the default), but -// // the field is skipped if empty. -// // Note the leading comma. -// Field int `json:",omitempty"` +// // Field appears in JSON as key "Field" (the default), but +// // the field is skipped if empty. +// // Note the leading comma. +// Field int `json:",omitempty"` // -// // Field is ignored by this package. -// Field int `json:"-"` +// // Field is ignored by this package. +// Field int `json:"-"` // -// // Field appears in JSON as key "-". -// Field int `json:"-,"` +// // Field appears in JSON as key "-". +// Field int `json:"-,"` // // The "string" option signals that a field is stored as JSON inside a // JSON-encoded string. It applies only to fields of string, floating point, // integer, or boolean types. This extra level of encoding is sometimes used // when communicating with JavaScript programs: // -// Int64String int64 `json:",string"` +// Int64String int64 `json:",string"` // // The key name will be used if it's a non-empty string consisting of // only Unicode letters, digits, and ASCII punctuation except quotation @@ -166,7 +166,6 @@ type UnmarshalerContext interface { // JSON cannot represent cyclic data structures and Marshal does not // handle them. Passing cyclic structures to Marshal will result in // an infinite recursion. -// func Marshal(v interface{}) ([]byte, error) { return MarshalWithOption(v) } @@ -264,14 +263,13 @@ func MarshalIndentWithOption(v interface{}, prefix, indent string, optFuncs ...E // // The JSON null value unmarshals into an interface, map, pointer, or slice // by setting that Go value to nil. Because null is often used in JSON to mean -// ``not present,'' unmarshaling a JSON null into any other Go type has no effect +// “not present,” unmarshaling a JSON null into any other Go type has no effect // on the value and produces no error. // // When unmarshaling quoted strings, invalid UTF-8 or // invalid UTF-16 surrogate pairs are not treated as an error. // Instead, they are replaced by the Unicode replacement // character U+FFFD. -// func Unmarshal(data []byte, v interface{}) error { return unmarshal(data, v) } @@ -299,7 +297,6 @@ func UnmarshalNoEscape(data []byte, v interface{}, optFuncs ...DecodeOptionFunc) // Number, for JSON numbers // string, for JSON string literals // nil, for JSON null -// type Token = json.Token // A Number represents a JSON number literal. diff --git a/vendor/modules.txt b/vendor/modules.txt index dcaaca1b..90e188cf 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -94,7 +94,7 @@ github.com/cloudflare/cfssl/errors github.com/cloudflare/cfssl/helpers github.com/cloudflare/cfssl/helpers/derhelpers github.com/cloudflare/cfssl/log -# github.com/cloudflare/cloudflare-go v0.94.0 +# github.com/cloudflare/cloudflare-go v0.100.0 ## explicit; go 1.19 github.com/cloudflare/cloudflare-go # github.com/cloudflare/go-metrics v0.0.0-20151117154305-6a9aea36fb41 @@ -121,8 +121,8 @@ github.com/go-logr/logr/funcr # github.com/go-logr/stdr v1.2.2 ## explicit; go 1.16 github.com/go-logr/stdr -# github.com/goccy/go-json v0.10.2 -## explicit; go 1.12 +# github.com/goccy/go-json v0.10.3 +## explicit; go 1.19 github.com/goccy/go-json github.com/goccy/go-json/internal/decoder github.com/goccy/go-json/internal/encoder