Merge pull request #33 from akamai/release/2.3.0

Release/2.3.0 => master (Releasing v2.3.0)

CHANGELOG.md

@@ -1,3 +1,10 @@
+## 2.3.0 (July Release)
+
+- WAP Plus support for selected-hostnames, modify-hostnames, and network-lists
+- Added "mode" parameter to support ASE (Auto and Manual) for the "start-eval" command
+- Added "threat-intel", "enable-threat-intel", and "disable-threat-intel" commands
+- Support for including hostnames ("--include-hostnames) and contract-group ("--include-contract-group") in the "configs" command
+
 ## 2.2.0 (May Release)
 
 - CLI Enhancements - adding "--query", "--fields", "--raw", and "--sort" flags.

README.md

@@ -1,4 +1,3 @@
-**__This is a Beta Software__**
 # Akamai CLI for Application Security
 
 *NOTE:* This tool is intended to be installed via the Akamai CLI package manager, which can be retrieved from the releases page of the [Akamai CLI](https://github.com/akamai/cli) tool.

bin/commands/bypassnetworklist.js

@@ -21,6 +21,12 @@ class BypassNLCommand {
         desc:
           "Version Number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If not provided, latest version is assumed.",
         group: 'Options:'
+      })
+      .string('--policy <id>', {
+        desc:
+          'Policy ID. If not provided, we try to use the policy available on file. If you have more than one policy, this option must be provided.',
+        group: 'Optional:',
+        required: false
       });
   }
 

bin/commands/configs.js

@@ -8,6 +8,21 @@ class ConfigsCommand {
     this.flags = 'configs';
     this.desc = 'List all available configurations.';
     this.run = this.run.bind(this);
+    this.setup = this.setup.bind(this);
+  }
+
+  setup(sywac) {
+    sywac
+      .boolean('--include-hostnames', {
+        desc: 'Specify whether to include staging and production hostnames. Defaults to false.',
+        group: 'Optional:',
+        required: false
+      })
+      .boolean('--include-contract-group', {
+        desc: 'Specify whether to include contract and group ID. Defaults to false.',
+        group: 'Optional:',
+        required: false
+      });
   }
 
   run(options) {

bin/commands/eval.start.js

@@ -27,10 +27,19 @@ class EnableEvalRuleCommand {
           'Policy ID. If not provided, we try to use the policy available on file. If you have more than one policy, this option must be provided.',
         group: 'Optional:',
         required: false
-      });
+      })
+        .string('--mode <mode>', {
+          desc:
+              'Evaluation mode  KRS2_AUTO or KRS2_MANUAL. Used only for ASE(KRS 2) evaluation rulesets. Defaults to KRS2_MANUAL',
+          group: 'Optional:',
+          required: false
+        })
+     ;
   }
 
   run(options) {
+    options.mode = options['mode'];
+
     out.print({
       promise: new EvalRules(options).startEval(),
       args: options,

bin/commands/evalhosts.js

@@ -23,6 +23,12 @@ class EvalHostsCommand {
           "Version Number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If not provided, latest version is assumed.",
         group: 'Options:',
         required: false
+      })
+      .string('--policy <id>', {
+        desc:
+          'Policy ID. If not provided, we try to use the policy available on file. If you have more than one policy, this option must be provided.',
+        group: 'Optional:',
+        required: false
       });
   }
 

bin/commands/evalhosts.modify.js

@@ -27,6 +27,27 @@ class ModifyEvalHostsCommand {
         group: 'Options:',
         required: false
       })
+      .string('--policy <id>', {
+        desc:
+          'Policy ID. If not provided, we try to use the policy available on file. If you have more than one policy, this option must be provided.',
+        group: 'Optional:',
+        required: false
+      })
+      .boolean('--append', {
+        desc: 'Appends the hostnames provided to the existing selected hostnames.',
+        group: 'Optional:',
+        required: false
+      })
+      .boolean('--remove', {
+        desc: 'Removes the hostnames provided from the existing selected hostnames.',
+        group: 'Optional:',
+        required: false
+      })
+      .boolean('--replace', {
+        desc: 'Replaces the existing selected hostnames with the hostnames provided.',
+        group: 'Optional:',
+        required: false
+      })
       .check((argv, context) => {
         if (!argv['@path'].startsWith('@')) {
           return context.cliMessage("ERROR: Invalid file name, should start with '@'");

bin/commands/evalhosts.protect.js

@@ -27,6 +27,12 @@ class ProtectEvalHostsCommand {
         group: 'Options:',
         required: false
       })
+      .string('--policy <id>', {
+        desc:
+          'Policy ID. If not provided, we try to use the policy available on file. If you have more than one policy, this option must be provided.',
+        group: 'Optional:',
+        required: false
+      })
       .check((argv, context) => {
         if (!argv['@path'].startsWith('@')) {
           return context.cliMessage("ERROR: Invalid file name, should start with '@'");

bin/commands/hosts.modify.js

@@ -28,6 +28,12 @@ class AddHostsCommand {
         group: 'Optional:',
         required: false
       })
+      .string('--policy <id>', {
+        desc:
+          'Policy ID. If not provided, we try to use the policy available on file. If you have more than one policy, this option must be provided.',
+        group: 'Optional:',
+        required: false
+      })
       .boolean('--append', {
         desc: 'Appends the hostnames provided to the existing selected hostnames.',
         group: 'Optional:',

bin/commands/hosts.selected.js

@@ -23,6 +23,12 @@ class SelectableHostsCommand {
           "Version Number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If not provided, latest version is assumed.",
         group: 'Optional:',
         required: false
+      })
+      .string('--policy <id>', {
+        desc:
+          'Policy ID. If not provided, we try to use the policy available on file. If you have more than one policy, this option must be provided.',
+        group: 'Optional:',
+        required: false
       });
   }
 

bin/commands/threatintel.disable.js

@@ -0,0 +1,44 @@
+let ThreatIntel = require('../../src/threatintel').threatIntel;
+let out = require('./lib/out');
+
+class EnableThreatIntelCommand {
+  constructor() {
+    this.flags = 'disable-threat-intel';
+    this.desc = 'Disable Threat Intelligence.';
+    this.setup = this.setup.bind(this);
+    this.run = this.run.bind(this);
+  }
+
+  setup(sywac) {
+    sywac
+      .number('--config <id>', {
+        desc: 'Configuration ID. Mandatory if you have more than one configuration.',
+        group: 'Optional:',
+        required: false
+      })
+      .string('--version <id>', {
+        desc:
+          "Version Number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If not provided, latest version is assumed.",
+        group: 'Optional:',
+        required: false
+      })
+      .string('--policy <id>', {
+        desc:
+          'Policy ID. If not provided, we try to use the policy available on file. If you have more than one policy, this option must be provided.',
+        group: 'Optional:',
+        required: false
+      });
+  }
+
+  run(options) {
+    out.print({
+      promise: new ThreatIntel(options).toggleThreatIntel("off"),
+      args: options,
+      success: (args, data) => {
+        return JSON.stringify(data);
+      }
+    });
+  }
+}
+
+module.exports = new EnableThreatIntelCommand();

bin/commands/threatintel.enable.js

@@ -0,0 +1,44 @@
+let ThreatIntel = require('../../src/threatintel').threatIntel;
+let out = require('./lib/out');
+
+class EnableThreatIntelCommand {
+  constructor() {
+    this.flags = 'enable-threat-intel';
+    this.desc = 'Enable Threat Intelligence.';
+    this.setup = this.setup.bind(this);
+    this.run = this.run.bind(this);
+  }
+
+  setup(sywac) {
+    sywac
+      .number('--config <id>', {
+        desc: 'Configuration ID. Mandatory if you have more than one configuration.',
+        group: 'Optional:',
+        required: false
+      })
+      .string('--version <id>', {
+        desc:
+          "Version Number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If not provided, latest version is assumed.",
+        group: 'Optional:',
+        required: false
+      })
+      .string('--policy <id>', {
+        desc:
+          'Policy ID. If not provided, we try to use the policy available on file. If you have more than one policy, this option must be provided.',
+        group: 'Optional:',
+        required: false
+      });
+  }
+
+  run(options) {
+    out.print({
+      promise: new ThreatIntel(options).toggleThreatIntel("on"),
+      args: options,
+      success: (args, data) => {
+        return JSON.stringify(data);
+      }
+    });
+  }
+}
+
+module.exports = new EnableThreatIntelCommand();

bin/commands/threatintel.js

@@ -0,0 +1,43 @@
+let ThreatIntel = require('../../src/threatintel').threatIntel;
+let out = require('./lib/out');
+
+class ThreatIntelCommand {
+  constructor() {
+    this.flags = 'threat-intel';
+    this.desc = 'Threat Intel setting for a policy';
+    this.setup = this.setup.bind(this);
+    this.run = this.run.bind(this);
+  }
+
+  setup(sywac) {
+    sywac
+      .number('--config <id>', {
+        desc: 'Configuration ID. Mandatory if you have more than one configuration.',
+        group: 'Optional:',
+        required: false
+      })
+      .string('--version <id>', {
+        desc:
+          "Version Number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If not provided, latest version is assumed.",
+        group: 'Optional:',
+        required: false
+      })
+      .string('--policy <id>', {
+        desc:
+          'Policy ID. If not provided, we try to use the policy available on file. If you have more than one policy, this option must be provided.',
+        group: 'Optional:',
+        required: false
+      });
+  }
+  run(options) {
+    out.print({
+      promise: new ThreatIntel(options).getThreatIntel(),
+      args: options,
+      success: (args, data) => {
+        return JSON.stringify(data);
+      }
+    });
+  }
+}
+
+module.exports = new ThreatIntelCommand();

cli.json

@@ -5,7 +5,7 @@
   "commands": [
     {
       "name": "appsec",
-      "version": "2.2.0",
+      "version": "2.3.0",
       "description": "Akamai Security tools for protecting websites."
       }
     ]

package.json

@@ -1,6 +1,6 @@
 {
   "name": "akamaicliappsec",
-  "version": "2.2.0",
+  "version": "2.3.0",
   "description": "A wrapping development kit to interface common tasks with akamai's Security {OPEN} API.",
   "repository": "https://github.com/akamai/cli-appsec",
   "license": "Apache-2.0",

src/bypassnl.js

@@ -5,18 +5,20 @@ let fs = require('fs');
 let untildify = require('untildify');
 let Config = require('./configprovider').configProvider;
 let Version = require('./versionsprovider').versionProvider;
+let PolicyProvider = require('./policy').policy;
 
 class BypassNL {
   constructor(options) {
     this._config = new Config(options);
     this._options = options;
     this._version = new Version(options);
+    this._policy = new PolicyProvider(options);
   }
 
   getBypassNetworkList() {
     let listUrl = URIs.BYPASS_NETWORK_LIST;
 
-    return this._version.readResource(listUrl, []);
+    return this._policy.readResource(listUrl, []);
   }
 
   updateBypassNetworkList() {
@@ -28,7 +30,7 @@ class BypassNL {
       } catch (err) {
         throw 'The input JSON is not valid';
       }
-      return this._version.updateResource(URIs.BYPASS_NETWORK_LIST, [], data);
+      return this._policy.updateResource(URIs.BYPASS_NETWORK_LIST, [], data);
     } else {
       throw `The file does not exists: ${this._options['file']}`;
     }

src/configprovider.js

@@ -72,7 +72,26 @@ class ConfigProvider {
    */
   configs() {
     logger.info('Fetching all available configurations..');
-    return this._edge.get(URIs.GET_CONFIGS);
+    this.includeHostnames = this._options['include-hostnames'] || false;
+    this.includeContractGroup = this._options['include-contract-group'] || false;
+    return this._edge.get(URIs.GET_CONFIGS, [this.includeHostnames, this.includeContractGroup]);
+  }
+
+  /**
+   * Returns a target product for the config ID
+   */
+  getTargetProduct() {
+    return this.getConfigId().then(() => {
+      return this._edge.get(URIs.GET_CONFIGS, [false, false]).then(configs => {
+        const config = configs.configurations.find(cfg => cfg.id === this._configId);
+        if (config) {
+          return config.targetProduct;
+        } else {
+          logger.error('No security configurations exist for this config ID - ' + this._configId);
+          throw `No security configurations exist for this config ID - ${this._configId}`;
+        }
+      });
+    });
   }
 
   /**