implement posture checks update and request validation

This commit is contained in:
bcmmbaga 2023-12-22 00:23:32 +03:00
parent c0e51377af
commit 3d9d93e15c
No known key found for this signature in database
GPG Key ID: 7249A19D20613553
3 changed files with 71 additions and 12 deletions

View File

@ -784,8 +784,11 @@ components:
type: array
items:
$ref: '#/components/schemas/PolicyRuleUpdate'
postureCheck:
$ref: '#/components/schemas/PostureCheck'
required:
- rules
- PostureCheck
Policy:
allOf:
- $ref: '#/components/schemas/PolicyMinimum'
@ -796,11 +799,11 @@ components:
type: array
items:
$ref: '#/components/schemas/PolicyRule'
PostureCheck:
postureCheck:
$ref: '#/components/schemas/PostureCheck'
required:
- rules
- PostureCheck
- postureCheck
RouteRequest:
type: object
properties:

View File

@ -567,9 +567,6 @@ type PersonalAccessTokenRequest struct {
// Policy defines model for Policy.
type Policy struct {
// PostureCheck Policy poster check
PostureCheck PostureCheck `json:"PostureCheck"`
// Description Policy friendly description
Description string `json:"description"`
@ -582,6 +579,9 @@ type Policy struct {
// Name Policy name identifier
Name string `json:"name"`
// PostureCheck Policy poster check
PostureCheck PostureCheck `json:"postureCheck"`
// Query Policy Rego query
Query string `json:"query"`
@ -732,6 +732,9 @@ type PolicyUpdate struct {
// Name Policy name identifier
Name string `json:"name"`
// PostureCheck Policy poster check
PostureCheck *PostureCheck `json:"postureCheck,omitempty"`
// Query Policy Rego query
Query string `json:"query"`

View File

@ -9,6 +9,7 @@ import (
"github.com/rs/xid"
"github.com/netbirdio/netbird/management/server"
"github.com/netbirdio/netbird/management/server/checks"
"github.com/netbirdio/netbird/management/server/http/api"
"github.com/netbirdio/netbird/management/server/http/util"
"github.com/netbirdio/netbird/management/server/jwtclaims"
@ -117,13 +118,8 @@ func (h *Policies) savePolicy(
return
}
if req.Name == "" {
util.WriteError(status.Errorf(status.InvalidArgument, "policy name shouldn't be empty"), w)
return
}
if len(req.Rules) == 0 {
util.WriteError(status.Errorf(status.InvalidArgument, "policy rules shouldn't be empty"), w)
if err := validatePolicyUpdateReq(req); err != nil {
util.WriteError(err, w)
return
}
@ -206,6 +202,35 @@ func (h *Policies) savePolicy(
policy.Rules = append(policy.Rules, &pr)
}
if req.PostureCheck != nil {
var (
osVersionPostureCheck checks.OSVersionPostureCheck
nbVersionPostureCheck checks.NBVersionPostureCheck
)
osVersionPostureCheckReq := req.PostureCheck.OsVersionPostureCheck
if enabled := osVersionPostureCheckReq.Enabled; enabled != nil {
osVersionPostureCheck.Enabled = *enabled
}
if minAllowedVersionReq := osVersionPostureCheckReq.MinimumVersionAllowed; minAllowedVersionReq != nil {
osVersionPostureCheck.MinimumVersionAllowed = *minAllowedVersionReq
}
nbVersionPostureCheckReq := req.PostureCheck.NbVersionPostureCheck
if enabled := nbVersionPostureCheckReq.Enabled; enabled != nil {
nbVersionPostureCheck.Enabled = *enabled
}
if minAllowedVersionReq := nbVersionPostureCheckReq.MinimumVersionAllowed; minAllowedVersionReq != nil {
nbVersionPostureCheck.MinimumVersionAllowed = *minAllowedVersionReq
}
policy.PostureCheck = checks.PostureCheck{
ID: policyID,
NBVersionCheck: nbVersionPostureCheck,
OSVersionCheck: osVersionPostureCheck,
}
}
if err := h.accountManager.SavePolicy(account.Id, user.Id, &policy); err != nil {
util.WriteError(err, w)
return
@ -365,3 +390,31 @@ func groupMinimumsToStrings(account *server.Account, gm []string) []string {
}
return result
}
func validatePolicyUpdateReq(req api.PutApiPoliciesPolicyIdJSONRequestBody) error {
if req.Name == "" {
return status.Errorf(status.InvalidArgument, "policy name shouldn't be empty")
}
if len(req.Rules) == 0 {
return status.Errorf(status.InvalidArgument, "policy rules shouldn't be empty")
}
if req.PostureCheck == nil {
return status.Errorf(status.InvalidArgument, "policy posture checks shouldn't be empty")
}
if enabled := req.PostureCheck.NbVersionPostureCheck.Enabled; enabled != nil && *enabled {
if minVersion := req.PostureCheck.NbVersionPostureCheck.MinimumVersionAllowed; minVersion == nil || *minVersion == "" {
return status.Errorf(status.InvalidArgument, "netbird version posture check is enabled, minimum version allowed shouldn't be empty")
}
}
if enabled := req.PostureCheck.OsVersionPostureCheck.Enabled; enabled != nil && *enabled {
if minVersion := req.PostureCheck.OsVersionPostureCheck.MinimumVersionAllowed; minVersion == nil || *minVersion == "" {
return status.Errorf(status.InvalidArgument, "os version posture check is enabled, minimum version allowed shouldn't be empty")
}
}
return nil
}