mirror of
https://github.com/netbirdio/netbird.git
synced 2025-01-20 21:08:45 +01:00
implement posture checks update and request validation
This commit is contained in:
parent
c0e51377af
commit
3d9d93e15c
@ -784,8 +784,11 @@ components:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/PolicyRuleUpdate'
|
||||
postureCheck:
|
||||
$ref: '#/components/schemas/PostureCheck'
|
||||
required:
|
||||
- rules
|
||||
- PostureCheck
|
||||
Policy:
|
||||
allOf:
|
||||
- $ref: '#/components/schemas/PolicyMinimum'
|
||||
@ -796,11 +799,11 @@ components:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/PolicyRule'
|
||||
PostureCheck:
|
||||
postureCheck:
|
||||
$ref: '#/components/schemas/PostureCheck'
|
||||
required:
|
||||
- rules
|
||||
- PostureCheck
|
||||
- postureCheck
|
||||
RouteRequest:
|
||||
type: object
|
||||
properties:
|
||||
|
@ -567,9 +567,6 @@ type PersonalAccessTokenRequest struct {
|
||||
|
||||
// Policy defines model for Policy.
|
||||
type Policy struct {
|
||||
// PostureCheck Policy poster check
|
||||
PostureCheck PostureCheck `json:"PostureCheck"`
|
||||
|
||||
// Description Policy friendly description
|
||||
Description string `json:"description"`
|
||||
|
||||
@ -582,6 +579,9 @@ type Policy struct {
|
||||
// Name Policy name identifier
|
||||
Name string `json:"name"`
|
||||
|
||||
// PostureCheck Policy poster check
|
||||
PostureCheck PostureCheck `json:"postureCheck"`
|
||||
|
||||
// Query Policy Rego query
|
||||
Query string `json:"query"`
|
||||
|
||||
@ -732,6 +732,9 @@ type PolicyUpdate struct {
|
||||
// Name Policy name identifier
|
||||
Name string `json:"name"`
|
||||
|
||||
// PostureCheck Policy poster check
|
||||
PostureCheck *PostureCheck `json:"postureCheck,omitempty"`
|
||||
|
||||
// Query Policy Rego query
|
||||
Query string `json:"query"`
|
||||
|
||||
|
@ -9,6 +9,7 @@ import (
|
||||
"github.com/rs/xid"
|
||||
|
||||
"github.com/netbirdio/netbird/management/server"
|
||||
"github.com/netbirdio/netbird/management/server/checks"
|
||||
"github.com/netbirdio/netbird/management/server/http/api"
|
||||
"github.com/netbirdio/netbird/management/server/http/util"
|
||||
"github.com/netbirdio/netbird/management/server/jwtclaims"
|
||||
@ -117,13 +118,8 @@ func (h *Policies) savePolicy(
|
||||
return
|
||||
}
|
||||
|
||||
if req.Name == "" {
|
||||
util.WriteError(status.Errorf(status.InvalidArgument, "policy name shouldn't be empty"), w)
|
||||
return
|
||||
}
|
||||
|
||||
if len(req.Rules) == 0 {
|
||||
util.WriteError(status.Errorf(status.InvalidArgument, "policy rules shouldn't be empty"), w)
|
||||
if err := validatePolicyUpdateReq(req); err != nil {
|
||||
util.WriteError(err, w)
|
||||
return
|
||||
}
|
||||
|
||||
@ -206,6 +202,35 @@ func (h *Policies) savePolicy(
|
||||
policy.Rules = append(policy.Rules, &pr)
|
||||
}
|
||||
|
||||
if req.PostureCheck != nil {
|
||||
var (
|
||||
osVersionPostureCheck checks.OSVersionPostureCheck
|
||||
nbVersionPostureCheck checks.NBVersionPostureCheck
|
||||
)
|
||||
|
||||
osVersionPostureCheckReq := req.PostureCheck.OsVersionPostureCheck
|
||||
if enabled := osVersionPostureCheckReq.Enabled; enabled != nil {
|
||||
osVersionPostureCheck.Enabled = *enabled
|
||||
}
|
||||
if minAllowedVersionReq := osVersionPostureCheckReq.MinimumVersionAllowed; minAllowedVersionReq != nil {
|
||||
osVersionPostureCheck.MinimumVersionAllowed = *minAllowedVersionReq
|
||||
}
|
||||
|
||||
nbVersionPostureCheckReq := req.PostureCheck.NbVersionPostureCheck
|
||||
if enabled := nbVersionPostureCheckReq.Enabled; enabled != nil {
|
||||
nbVersionPostureCheck.Enabled = *enabled
|
||||
}
|
||||
if minAllowedVersionReq := nbVersionPostureCheckReq.MinimumVersionAllowed; minAllowedVersionReq != nil {
|
||||
nbVersionPostureCheck.MinimumVersionAllowed = *minAllowedVersionReq
|
||||
}
|
||||
|
||||
policy.PostureCheck = checks.PostureCheck{
|
||||
ID: policyID,
|
||||
NBVersionCheck: nbVersionPostureCheck,
|
||||
OSVersionCheck: osVersionPostureCheck,
|
||||
}
|
||||
}
|
||||
|
||||
if err := h.accountManager.SavePolicy(account.Id, user.Id, &policy); err != nil {
|
||||
util.WriteError(err, w)
|
||||
return
|
||||
@ -365,3 +390,31 @@ func groupMinimumsToStrings(account *server.Account, gm []string) []string {
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func validatePolicyUpdateReq(req api.PutApiPoliciesPolicyIdJSONRequestBody) error {
|
||||
if req.Name == "" {
|
||||
return status.Errorf(status.InvalidArgument, "policy name shouldn't be empty")
|
||||
}
|
||||
|
||||
if len(req.Rules) == 0 {
|
||||
return status.Errorf(status.InvalidArgument, "policy rules shouldn't be empty")
|
||||
}
|
||||
|
||||
if req.PostureCheck == nil {
|
||||
return status.Errorf(status.InvalidArgument, "policy posture checks shouldn't be empty")
|
||||
}
|
||||
|
||||
if enabled := req.PostureCheck.NbVersionPostureCheck.Enabled; enabled != nil && *enabled {
|
||||
if minVersion := req.PostureCheck.NbVersionPostureCheck.MinimumVersionAllowed; minVersion == nil || *minVersion == "" {
|
||||
return status.Errorf(status.InvalidArgument, "netbird version posture check is enabled, minimum version allowed shouldn't be empty")
|
||||
}
|
||||
}
|
||||
|
||||
if enabled := req.PostureCheck.OsVersionPostureCheck.Enabled; enabled != nil && *enabled {
|
||||
if minVersion := req.PostureCheck.OsVersionPostureCheck.MinimumVersionAllowed; minVersion == nil || *minVersion == "" {
|
||||
return status.Errorf(status.InvalidArgument, "os version posture check is enabled, minimum version allowed shouldn't be empty")
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user