Merge pull request #28 from CheckPointSW/advanced-proxy-settings

add advanced proxy settings - additional instructions blocks, custom headers, redirect to https and access log

Author: chkp-omerma

docs/resources/inext_log_trigger.md

@@ -30,8 +30,8 @@ provider "inext" {
 
 resource "inext_log_trigger" "mytrigger" {
   name                             = "mytrigger"
-  acesss_control_allow_events      = false
-  acesss_control_drop_events       = true
+  access_control_allow_events      = false
+  access_control_drop_events       = true
   threat_prevention_detect_events  = true
   threat_prevention_prevent_events = true
   web_body                         = false
@@ -46,13 +46,13 @@ resource "inext_log_trigger" "mytrigger" {
   log_to_agent                     = false
   log_to_cef                       = false
   cef_ip_address                   = "10.0.0.1"
-  cef_port_num                     = 2000
+  cef_port                         = 2000
   cef_protocol                     = "TCP" # enum of ["TCP", "UDP"]
   log_to_cloud                     = true
   log_to_syslog                    = true
   syslog_ip_address                = "10.10.10.10"
   syslog_protocol                  = "TCP" # enum of ["TCP", "UDP"]
-  syslog_port_num                  = 5004
+  syslog_port                      = 5004
   compliance_violations            = true
   compliance_warnings              = true
   verbosity                        = "Standard" # enum of ["Minimal", "Standard", "Extended"]

docs/resources/inext_web_api_asset.md

@@ -63,6 +63,19 @@ resource "inext_web_api_asset" "my-webapi-asset" {
     type             = "client"
     enable           = true
   }
+  additional_instructions_blocks {
+    filename      = "location.json"
+    filename_type = ".json"
+    data          = "location data"
+    type          = "location_instructions"
+    enable        = true
+  }
+  redirect_to_https = "true"
+  access_log        = "true"
+  custom_headers {
+    name  = "header1"
+    value = "value1"
+  }
 }
 ```
 
@@ -76,21 +89,27 @@ resource "inext_web_api_asset" "my-webapi-asset" {
 
 ### Optional
 
+- `access_log` (Boolean) Advanced Proxy Setting - Activate access log on gateway.
+- `additional_instructions_blocks` (Block Set) The additional instructions blocks settings - location or server blocks (see [below for nested schema](#nestedblock--additional_instructions_blocks))
 - `behaviors` (Set of String) behaviors used by the asset
+- `custom_headers` (Block Set) Advanced Proxy Settings - The custom headers settings (see [below for nested schema](#nestedblock--custom_headers))
 - `mtls` (Block Set) The MTLS settings (see [below for nested schema](#nestedblock--mtls))
 - `practice` (Block Set) The practices used by the asset (see [below for nested schema](#nestedblock--practice))
 - `profiles` (Set of String) Profiles linked to the asset
 - `proxy_setting` (Block Set) Settings for the proxy (see [below for nested schema](#nestedblock--proxy_setting))
+- `redirect_to_https` (Boolean) Advanced Proxy Setting - Redirect incoming HTTP requests to the same URL using HTTPS. (The configured application URLs for this asset must include both the HTTP and the HTTPS version of each URL)
 - `source_identifier` (Block Set) Defines how the source identifier values of the asset are retrieved (see [below for nested schema](#nestedblock--source_identifier))
 - `state` (String)
 - `tags` (Block Set) The tags used by the asset (see [below for nested schema](#nestedblock--tags))
 - `upstream_url` (String) The URL of the application's backend server to which the reverse proxy redirects the relevant traffic sent to the exposed URL
 
 ### Read-Only
 
+- `access_log_id` (String)
 - `asset_type` (String)
 - `category` (String)
 - `class` (String)
+- `custom_headers_id` (String)
 - `family` (String)
 - `group` (String)
 - `id` (String, Sensitive) The ID of this resource.
@@ -100,9 +119,44 @@ resource "inext_web_api_asset" "my-webapi-asset" {
 - `main_attributes` (String)
 - `order` (String)
 - `read_only` (Boolean)
+- `redirect_to_https_id` (String)
 - `sources` (String)
 - `urls_ids` (Set of String)
 
+<a id="nestedblock--additional_instructions_blocks"></a>
+### Nested Schema for `additional_instructions_blocks`
+
+Required:
+
+- `type` (String) The type of the additional instructions block - location_instructions or server_instructions
+
+Optional:
+
+- `data` (String, Sensitive) The instructions block data
+- `enable` (Boolean) Whether the instructions block is enabled
+- `filename` (String) The name of the instructions block file
+- `filename_type` (String) The type of the instructions block file - .json, .yml
+
+Read-Only:
+
+- `data_id` (String)
+- `enable_id` (String)
+- `filename_id` (String)
+
+
+<a id="nestedblock--custom_headers"></a>
+### Nested Schema for `custom_headers`
+
+Required:
+
+- `name` (String)
+- `value` (String)
+
+Read-Only:
+
+- `header_id` (String)
+
+
 <a id="nestedblock--mtls"></a>
 ### Nested Schema for `mtls`
 

docs/resources/inext_web_api_practice.md

@@ -60,7 +60,7 @@ resource "inext_web_api_practice" "my-webapi-practice" {
     allow_file_size_limit        = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
     file_size_limit              = 10
     file_size_limit_unit         = "MB"                  # enum of ["Bytes","KB", "MB", "GB"]
-    file_without_name            = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
+    files_without_name           = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
     required_archive_extraction  = true
     archive_file_size_limit      = 100
     archive_file_size_limit_unit = "MB"                  # enum of ["Bytes","KB", "MB", "GB"]

docs/resources/inext_web_app_asset.md

@@ -63,6 +63,19 @@ resource "inext_web_app_asset" "my-webapp-asset" {
     type             = "client"
     enable           = true
   }
+  additional_instructions_blocks {
+    filename      = "location.json"
+    filename_type = ".json"
+    data          = "location data"
+    type          = "location_instructions"
+    enable        = true
+  }
+  redirect_to_https = "true"
+  access_log        = "true"
+  custom_headers {
+    name  = "header1"
+    value = "value1"
+  }
 }
 ```
 
@@ -76,21 +89,27 @@ resource "inext_web_app_asset" "my-webapp-asset" {
 
 ### Optional
 
+- `access_log` (Boolean) Advanced Proxy Setting - Activate access log on gateway.
+- `additional_instructions_blocks` (Block Set) The additional instructions blocks settings - location or server blocks (see [below for nested schema](#nestedblock--additional_instructions_blocks))
 - `behaviors` (Set of String) behaviors used by the asset
+- `custom_headers` (Block Set) Advanced Proxy Settings - The custom headers settings (see [below for nested schema](#nestedblock--custom_headers))
 - `mtls` (Block Set) The mutual TLS settings (see [below for nested schema](#nestedblock--mtls))
 - `practice` (Block Set) The practices used by the asset (see [below for nested schema](#nestedblock--practice))
 - `profiles` (Set of String) Profiles linked to the asset
 - `proxy_setting` (Block Set) Settings for the proxy (see [below for nested schema](#nestedblock--proxy_setting))
+- `redirect_to_https` (Boolean) Advanced Proxy Setting - Redirect incoming HTTP requests to the same URL using HTTPS. (The configured application URLs for this asset must include both the HTTP and the HTTPS version of each URL)
 - `source_identifier` (Block Set) Defines how the source identifier values of the asset are retrieved (see [below for nested schema](#nestedblock--source_identifier))
 - `state` (String)
 - `tags` (Block Set) The tags used by the asset (see [below for nested schema](#nestedblock--tags))
 - `upstream_url` (String) The URL of the application's backend server to which the reverse proxy redirects the relevant traffic sent to the exposed URL
 
 ### Read-Only
 
+- `access_log_id` (String)
 - `asset_type` (String)
 - `category` (String)
 - `class` (String)
+- `custom_headers_id` (String)
 - `family` (String)
 - `group` (String)
 - `id` (String, Sensitive) The ID of this resource.
@@ -100,9 +119,44 @@ resource "inext_web_app_asset" "my-webapp-asset" {
 - `main_attributes` (String)
 - `order` (String)
 - `read_only` (Boolean)
+- `redirect_to_https_id` (String)
 - `sources` (String)
 - `urls_ids` (Set of String)
 
+<a id="nestedblock--additional_instructions_blocks"></a>
+### Nested Schema for `additional_instructions_blocks`
+
+Required:
+
+- `type` (String) The type of the additional instructions block - location_instructions or server_instructions
+
+Optional:
+
+- `data` (String, Sensitive) The instructions block data
+- `enable` (Boolean) Whether the instructions block is enabled
+- `filename` (String) The name of the instructions block file
+- `filename_type` (String) The type of the instructions block file - .json, .yml
+
+Read-Only:
+
+- `data_id` (String)
+- `enable_id` (String)
+- `filename_id` (String)
+
+
+<a id="nestedblock--custom_headers"></a>
+### Nested Schema for `custom_headers`
+
+Required:
+
+- `name` (String)
+- `value` (String)
+
+Read-Only:
+
+- `header_id` (String)
+
+
 <a id="nestedblock--mtls"></a>
 ### Nested Schema for `mtls`
 

docs/resources/inext_web_app_practice.md

@@ -64,7 +64,7 @@ resource "inext_web_app_practice" "my-webapp-practice" {
     allow_file_size_limit        = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
     file_size_limit              = 10
     file_size_limit_unit         = "MB"                  # enum of ["Bytes","KB", "MB", "GB"]
-    file_without_name            = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
+    files_without_name           = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
     required_archive_extraction  = true
     archive_file_size_limit      = 100
     archive_file_size_limit_unit = "MB"                  # enum of ["Bytes","KB", "MB", "GB"]

examples/provider/web-api-practice.tf

@@ -29,7 +29,7 @@ resource "inext_web_api_practice" "test" {
     allow_file_size_limit        = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
     file_size_limit              = 10
     file_size_limit_unit         = "MB"                  # enum of ["Bytes","KB", "MB", "GB"]
-    file_without_name            = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
+    files_without_name           = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
     required_archive_extraction  = true
     archive_file_size_limit      = 100
     archive_file_size_limit_unit = "MB"                  # enum of ["Bytes","KB", "MB", "GB"]

examples/provider/web-app-practice.tf

@@ -33,7 +33,7 @@ resource "inext_web_app_practice" "test" {
     allow_file_size_limit        = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
     file_size_limit              = 10
     file_size_limit_unit         = "MB"                  # enum of ["Bytes","KB", "MB", "GB"]
-    file_without_name            = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
+    files_without_name           = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
     required_archive_extraction  = true
     archive_file_size_limit      = 100
     archive_file_size_limit_unit = "MB"                  # enum of ["Bytes","KB", "MB", "GB"]

examples/resources/inext_log_trigger/resource.tf

@@ -15,8 +15,8 @@ provider "inext" {
 
 resource "inext_log_trigger" "mytrigger" {
   name                             = "mytrigger"
-  acesss_control_allow_events      = false
-  acesss_control_drop_events       = true
+  access_control_allow_events      = false
+  access_control_drop_events       = true
   threat_prevention_detect_events  = true
   threat_prevention_prevent_events = true
   web_body                         = false
@@ -31,13 +31,13 @@ resource "inext_log_trigger" "mytrigger" {
   log_to_agent                     = false
   log_to_cef                       = false
   cef_ip_address                   = "10.0.0.1"
-  cef_port_num                     = 2000
+  cef_port                         = 2000
   cef_protocol                     = "TCP" # enum of ["TCP", "UDP"]
   log_to_cloud                     = true
   log_to_syslog                    = true
   syslog_ip_address                = "10.10.10.10"
   syslog_protocol                  = "TCP" # enum of ["TCP", "UDP"]
-  syslog_port_num                  = 5004
+  syslog_port                      = 5004
   compliance_violations            = true
   compliance_warnings              = true
   verbosity                        = "Standard" # enum of ["Minimal", "Standard", "Extended"]

examples/resources/inext_web_api_asset/resource.tf

@@ -48,4 +48,17 @@ resource "inext_web_api_asset" "my-webapi-asset" {
     type             = "client"
     enable           = true
   }
+  additional_instructions_blocks {
+    filename      = "location.json"
+    filename_type = ".json"
+    data          = "location data"
+    type          = "location_instructions"
+    enable        = true
+  }
+  redirect_to_https = "true"
+  access_log        = "true"
+  custom_headers {
+    name  = "header1"
+    value = "value1"
+  }
 }

examples/resources/inext_web_api_practice/resource.tf

@@ -45,7 +45,7 @@ resource "inext_web_api_practice" "my-webapi-practice" {
     allow_file_size_limit        = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
     file_size_limit              = 10
     file_size_limit_unit         = "MB"                  # enum of ["Bytes","KB", "MB", "GB"]
-    file_without_name            = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
+    files_without_name           = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
     required_archive_extraction  = true
     archive_file_size_limit      = 100
     archive_file_size_limit_unit = "MB"                  # enum of ["Bytes","KB", "MB", "GB"]

examples/resources/inext_web_app_asset/resource.tf

@@ -48,4 +48,17 @@ resource "inext_web_app_asset" "my-webapp-asset" {
     type             = "client"
     enable           = true
   }
+  additional_instructions_blocks {
+    filename      = "location.json"
+    filename_type = ".json"
+    data          = "location data"
+    type          = "location_instructions"
+    enable        = true
+  }
+  redirect_to_https = "true"
+  access_log        = "true"
+  custom_headers {
+    name  = "header1"
+    value = "value1"
+  }
 }

examples/resources/inext_web_app_practice/resource.tf

@@ -49,7 +49,7 @@ resource "inext_web_app_practice" "my-webapp-practice" {
     allow_file_size_limit        = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
     file_size_limit              = 10
     file_size_limit_unit         = "MB"                  # enum of ["Bytes","KB", "MB", "GB"]
-    file_without_name            = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
+    files_without_name           = "AccordingToPractice" # enum of ["Detect", "Prevent", "Inactive", "AccordingToPractice"]
     required_archive_extraction  = true
     archive_file_size_limit      = 100
     archive_file_size_limit_unit = "MB"                  # enum of ["Bytes","KB", "MB", "GB"]

internal/models/web-api-asset/input.go

@@ -1,6 +1,9 @@
 package models
 
-import "strings"
+import (
+	"fmt"
+	"strings"
+)
 
 // SourceIdentifierInput represents the api input for creating a source identifier field in the web API asset
 type SourceIdentifierInput struct {
@@ -111,3 +114,22 @@ func (mtlsInputs MTLSSchemas) ToIndicatorMap() map[string]MTLSSchema {
 
 	return mTLSs
 }
+
+func (blockInputs BlockSchemas) ToIndicatorMap() map[string]BlockSchema {
+	blocks := make(map[string]BlockSchema)
+	for _, block := range blockInputs {
+		blocks[block.Type] = block
+	}
+
+	return blocks
+}
+
+func (customHeadersInputs CustomHeadersSchemas) ToIndicatorMap() map[string]CustomHeaderSchema {
+	customHeaders := make(map[string]CustomHeaderSchema)
+	for _, customHeader := range customHeaders {
+		nameAndValue := fmt.Sprintf("%s:%s", customHeader.Name, customHeader.Value)
+		customHeaders[nameAndValue] = customHeader
+	}
+
+	return customHeaders
+}