feat(CIS) - Bot Management & Bot Analytics (IBM-Cloud#4603)

* (feat) CIS - Bot Management * doc changes * doc changes * version revert * doc changes * addressed PR comments * resolved conflicts * corrected variables * added crn and domain --------- Co-authored-by: Arpit Srivastava <arpit-mac@Arpits-MacBook-Pro-6.local>
ocofaigh · Jun 20, 2023 · 9edee33 · 9edee33
1 parent 56898c0
commit 9edee33
Show file tree

Hide file tree

Showing 10 changed files with 606 additions and 139 deletions.
diff --git a/examples/ibm-cis/main.tf b/examples/ibm-cis/main.tf
@@ -483,6 +483,23 @@ data "ibm_cis_mtls_apps" "test" {
   domain_id = data.ibm_cis_domain.cis_domain.domain_id
 }
 
+# CIS Bot Management data source
+data "ibm_cis_botmanagements" "tests" {
+  cis_id    = data.ibm_cis.cis.id
+  domain = data.ibm_cis_domain.cis_domain.domain
+}
+# CIS Bot Management resource
+resource "ibm_cis_botmanagement" "test" {
+    cis_id                          = data.ibm_cis.cis.id
+    domain = data.ibm_cis_domain.cis_domain.domain
+    fight_mode				= false
+    session_score			= false
+    enable_js				= false
+    auth_id_logging			= false
+    use_latest_model 		= false
+
+}
+
 # CIS Logpush Job
 resource "ibm_cis_logpush_job" "test" {
     cis_id          = data.ibm_cis.cis.id

diff --git a/go.sum b/go.sum
diff --git a/ibm/conns/config.go b/ibm/conns/config.go
@@ -31,6 +31,7 @@ import (
 	kp "github.com/IBM/keyprotect-go-client"
 	cisalertsv1 "github.com/IBM/networking-go-sdk/alertsv1"
 	cisoriginpull "github.com/IBM/networking-go-sdk/authenticatedoriginpullapiv1"
+	cisbotmanagementv1 "github.com/IBM/networking-go-sdk/botmanagementv1"
 	ciscachev1 "github.com/IBM/networking-go-sdk/cachingapiv1"
 	cisipv1 "github.com/IBM/networking-go-sdk/cisipapiv1"
 	ciscustompagev1 "github.com/IBM/networking-go-sdk/custompagesv1"
@@ -270,6 +271,7 @@ type ClientSession interface {
 	CisWAFGroupClientSession() (*ciswafgroupv1.WafRuleGroupsApiV1, error)
 	CisCacheClientSession() (*ciscachev1.CachingApiV1, error)
 	CisMtlsSession() (*cismtlsv1.MtlsV1, error)
+	CisBotManagementSession() (*cisbotmanagementv1.BotManagementV1, error)
 	CisWebhookSession() (*ciswebhooksv1.WebhooksV1, error)
 	CisCustomPageClientSession() (*ciscustompagev1.CustomPagesV1, error)
 	CisAccessRuleClientSession() (*cisaccessrulev1.ZoneFirewallAccessRulesV1, error)
@@ -566,6 +568,10 @@ type clientSession struct {
 	cisMtlsClient *cismtlsv1.MtlsV1
 	cisMtlsErr    error
 
+	// Bot Management options
+	cisBotManagementClient *cisbotmanagementv1.BotManagementV1
+	cisBotManagementErr    error
+
 	// CIS Webhooks options
 	cisWebhooksClient *ciswebhooksv1.WebhooksV1
 	cisWebhooksErr    error
@@ -1119,6 +1125,14 @@ func (sess clientSession) CisMtlsSession() (*cismtlsv1.MtlsV1, error) {
 	return sess.cisMtlsClient.Clone(), nil
 }
 
+//CIS Bot Management
+func (sess clientSession) CisBotManagementSession() (*cisbotmanagementv1.BotManagementV1, error) {
+	if sess.cisBotManagementErr != nil {
+		return sess.cisBotManagementClient, sess.cisBotManagementErr
+	}
+	return sess.cisBotManagementClient.Clone(), nil
+}
+
 // CIS Webhooks
 func (sess clientSession) CisWebhookSession() (*ciswebhooksv1.WebhooksV1, error) {
 	if sess.cisWebhooksErr != nil {
@@ -2788,6 +2802,25 @@ func (c *Config) ClientSession() (interface{}, error) {
 		})
 	}
 
+	// IBM Bot Management
+	cisBotManagementOpt := &cisbotmanagementv1.BotManagementV1Options{
+		URL:           cisEndPoint,
+		Crn:           core.StringPtr(""),
+		Authenticator: authenticator,
+	}
+	session.cisBotManagementClient, session.cisBotManagementErr = cisbotmanagementv1.NewBotManagementV1(cisBotManagementOpt)
+	if session.cisBotManagementErr != nil {
+		session.cisBotManagementErr =
+			fmt.Errorf("[ERROR] Error occured while configuring CIS Bot Management : %s",
+				session.cisBotManagementErr)
+	}
+	if session.cisBotManagementClient != nil && session.cisBotManagementClient.Service != nil {
+		session.cisBotManagementClient.Service.EnableRetries(c.RetryCount, c.RetryDelay)
+		session.cisBotManagementClient.SetDefaultHeaders(gohttp.Header{
+			"X-Original-User-Agent": {fmt.Sprintf("terraform-provider-ibm/%s", version.Version)},
+		})
+	}
+
 	// IBM Network CIS Webhooks
 	cisWebhooksOpt := &ciswebhooksv1.WebhooksV1Options{
 		URL:           cisEndPoint,

diff --git a/ibm/provider/provider.go b/ibm/provider/provider.go
@@ -275,6 +275,7 @@ func Provider() *schema.Provider {
 			"ibm_cis_origin_auths":                  cis.DataSourceIBMCISOriginAuthPull(),
 			"ibm_cis_mtlss":                         cis.DataSourceIBMCISMtls(),
 			"ibm_cis_mtls_apps":                     cis.DataSourceIBMCISMtlsApp(),
+			"ibm_cis_bot_managements":               cis.DataSourceIBMCISBotManagement(),
 			"ibm_cis_webhooks":                      cis.DataSourceIBMCISWebhooks(),
 			"ibm_cis_logpush_jobs":                  cis.DataSourceIBMCISLogPushJobs(),
 			"ibm_cis_edge_functions_actions":        cis.DataSourceIBMCISEdgeFunctionsActions(),
@@ -877,6 +878,7 @@ func Provider() *schema.Provider {
 			"ibm_cis_origin_auth":                       cis.ResourceIBMCISOriginAuthPull(),
 			"ibm_cis_mtls":                              cis.ResourceIBMCISMtls(),
 			"ibm_cis_mtls_app":                          cis.ResourceIBMCISMtlsApp(),
+			"ibm_cis_bot_management":                    cis.ResourceIBMCISBotManagement(),
 			"ibm_cis_logpush_job":                       cis.ResourceIBMCISLogPushJob(),
 			"ibm_cis_alert":                             cis.ResourceIBMCISAlert(),
 			"ibm_cis_routing":                           cis.ResourceIBMCISRouting(),
@@ -1348,6 +1350,7 @@ func Validator() validate.ValidatorDict {
 				"ibm_cis_logpush_job":             cis.ResourceIBMCISLogPushJobValidator(),
 				"ibm_cis_mtls_app":                cis.ResourceIBMCISMtlsAppValidator(),
 				"ibm_cis_mtls":                    cis.ResourceIBMCISMtlsValidator(),
+				"ibm_cis_bot_management":          cis.ResourceIBMCISBotManagementValidator(),
 				"ibm_cis_origin_auth":             cis.ResourceIBMCISOriginAuthPullValidator(),
 				"ibm_cis_origin_pool":             cis.ResourceIBMCISPoolValidator(),
 				"ibm_container_cluster":           kubernetes.ResourceIBMContainerClusterValidator(),
@@ -1564,6 +1567,7 @@ func Validator() validate.ValidatorDict {
 				"ibm_secrets_manager_secrets":     secretsmanager.DataSourceIBMSecretsManagerSecretsValidator(),
 				"ibm_cis_webhooks":                cis.DataSourceIBMCISAlertWebhooksValidator(),
 				"ibm_cis_alerts":                  cis.DataSourceIBMCISAlertsValidator(),
+				"ibm_cis_bot_managements":         cis.DataSourceIBMCISBotManagementValidator(),
 				"ibm_cis_cache_settings":          cis.DataSourceIBMCISCacheSettingsValidator(),
 				"ibm_cis_custom_certificates":     cis.DataSourceIBMCISCustomCertificatesValidator(),
 				"ibm_cis_custom_pages":            cis.DataSourceIBMCISCustomPagesValidator(),

diff --git a/ibm/service/cis/data_source_ibm_cis_bot_managements.go b/ibm/service/cis/data_source_ibm_cis_bot_managements.go
@@ -0,0 +1,118 @@
+// Copyright IBM Corp. 2017, 2021 All Rights Reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package cis
+
+import (
+	"log"
+
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/validate"
+	"github.com/IBM/go-sdk-core/v5/core"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	cisBotManagementFightMode      = "fight_mode"
+	cisBotManagementSessionScore   = "session_score"
+	cisBotManagementEnableJs       = "enable_js"
+	cisBotManagementAuthIdLogging  = "auth_id_logging"
+	cisBotManagementUseLatestModel = "use_latest_model"
+)
+
+func DataSourceIBMCISBotManagement() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceIBMCISBotManagementRead,
+
+		Schema: map[string]*schema.Schema{
+			cisID: {
+				Type:        schema.TypeString,
+				Description: "CIS instance crn",
+				Required:    true,
+				ValidateFunc: validate.InvokeDataSourceValidator(
+					"ibm_cis_bot_managements",
+					"cis_id"),
+			},
+			cisDomainID: {
+				Type:             schema.TypeString,
+				Description:      "Associated CIS domain",
+				Required:         true,
+				DiffSuppressFunc: suppressDomainIDDiff,
+			},
+			cisBotManagementFightMode: {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Fight Mode",
+			},
+			cisBotManagementSessionScore: {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Session Score",
+			},
+			cisBotManagementEnableJs: {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Enable JS",
+			},
+			cisBotManagementAuthIdLogging: {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Auth ID Logging",
+			},
+			cisBotManagementUseLatestModel: {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Use Latest Model",
+			},
+		},
+	}
+}
+
+func DataSourceIBMCISBotManagementValidator() *validate.ResourceValidator {
+
+	validateSchema := make([]validate.ValidateSchema, 0)
+
+	validateSchema = append(validateSchema,
+		validate.ValidateSchema{
+			Identifier:                 "cis_id",
+			ValidateFunctionIdentifier: validate.ValidateCloudData,
+			Type:                       validate.TypeString,
+			CloudDataType:              "resource_instance",
+			CloudDataRange:             []string{"service:internet-svcs"},
+			Required:                   true})
+
+	iBMCISBotManagementValidator := validate.ResourceValidator{
+		ResourceName: "ibm_cis_bot_managements",
+		Schema:       validateSchema}
+	return &iBMCISBotManagementValidator
+}
+
+func dataSourceIBMCISBotManagementRead(d *schema.ResourceData, meta interface{}) error {
+	cisClient, err := meta.(conns.ClientSession).CisBotManagementSession()
+	if err != nil {
+		return err
+	}
+
+	crn := d.Get(cisID).(string)
+	zoneName := d.Get(cisDomainID).(string)
+	cisClient.Crn = core.StringPtr(crn)
+	cisClient.ZoneIdentifier = core.StringPtr(zoneName)
+	opt := cisClient.NewGetBotManagementOptions()
+
+	result, resp, err := cisClient.GetBotManagement(opt)
+	if err != nil {
+		log.Printf("dataSourceIBMCISBotManagementRead - GetBotManagement Failed %s\n", resp)
+		return err
+	}
+
+	res := result.Result
+	d.Set(cisID, crn)
+	d.Set(cisDomainID, zoneName)
+	d.Set(cisBotManagementFightMode, res.FightMode)
+	d.Set(cisBotManagementSessionScore, res.SessionScore)
+	d.Set(cisBotManagementEnableJs, res.EnableJs)
+	d.Set(cisBotManagementAuthIdLogging, res.AuthIdLogging)
+	d.Set(cisBotManagementUseLatestModel, res.UseLatestModel)
+
+	return nil
+}
diff --git a/ibm/service/cis/data_source_ibm_cis_bot_managements_test.go b/ibm/service/cis/data_source_ibm_cis_bot_managements_test.go
@@ -0,0 +1,37 @@
+// Copyright IBM Corp. 2017, 2021 All Rights Reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package cis_test
+
+import (
+	"fmt"
+	"testing"
+
+	acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccIBMCisBotManagementDataSource_Basic(t *testing.T) {
+	name := "data.ibm_cis_bot_managements.test"
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheckCis(t) },
+		Providers: acc.TestAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckCisBotManagementDataSource_basic("test", acc.CisDomainStatic),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(name, "id"),
+				),
+			},
+		},
+	})
+}
+func testAccCheckCisBotManagementDataSource_basic(id, CisDomainStatic string) string {
+	return testAccCheckIBMCisDomainDataSourceConfigBasic1() + fmt.Sprintf(`
+	data "ibm_cis_bot_managements" "%[1]s" {
+		cis_id = data.ibm_cis.cis.id
+		domain_id = data.ibm_cis_domain.cis_domain.domain_id
+	  }
+`, id, acc.CisDomainStatic)
+}