Adds account level and workspace level operations for ngwaf rules using json file inputs #1605
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
anthony-gomez-fastly
force-pushed
the
CDTOOL-1222-ngwaf-rules
branch
5 times, most recently
from
95435c5 to
fabc92c
Compare
…for ngwaf rules using json file inputs
anthony-gomez-fastly
force-pushed
the
CDTOOL-1222-ngwaf-rules
branch
from
fabc92c to
ca877a2
Compare
rcaril
reviewed
Jan 5, 2026
| return fmt.Errorf("failed to read json file: %v", err) | ||
| } | ||
|
|
||
| if err := json.Unmarshal(byteValue, input); err != nil { |
Contributor
There was a problem hiding this comment.
When I did some testing with a simple rule payload, a rule was created with no issues. However, when I attempted to use a more complex payload that contained several group operators, some nested fields were mapped as null.
I used this arbitrary payload:
{
"type": "request",
"description": "complex_test",
"enabled": true,
"expires_at": "",
"group_operator": "all",
"conditions": [
{
"type": "single",
"field": "ip",
"operator": "equals",
"value": "1.2.3.4"
},
{
"type": "single",
"field": "country",
"operator": "equals",
"value": "AE"
},
{
"type": "group",
"group_operator": "all",
"conditions": [
{
"type": "single",
"field": "ip",
"operator": "equals",
"value": "2.4.5.6"
},
{
"type": "single",
"field": "country",
"operator": "equals",
"value": "AD"
}
]
},
{
"type": "group",
"group_operator": "all",
"conditions": [
{
"type": "single",
"field": "domain",
"operator": "equals",
"value": "test.com"
},
{
"type": "single",
"field": "agent_name",
"operator": "equals",
"value": "test"
}
]
}
],
"actions": [
{
"type": "browser_challenge",
"allow_interactive": true,
"signal": ""
}
],
"request_logging": "none"
}
The following was sent to the API, which resulted in an error.
{
"actions": [
{
"allow_interactive": true,
"signal": "",
"type": "browser_challenge"
}
],
"conditions": [
{
"type": "single",
"field": "ip",
"operator": "equals",
"value": "1.2.3.4"
},
{
"type": "single",
"field": "country",
"operator": "equals",
"value": "AE"
},
{
"type": "single",
"field": null,
"operator": null,
"value": null
},
{
"type": "single",
"field": null,
"operator": null,
"value": null
}
],
"description": "complex_test",
"enabled": true,
"scope": {
"type": "workspace",
"applies_to": ["nBw2ENWfOY1M2dpSwK1l5R"]
},
"type": "request"
}
You can see here that some fields were not parsed correctly. I believe we need to do some custom unmarshaling here to handle the group conditions.
Contributor
There was a problem hiding this comment.
I think we need to map top level "type": "group", to GroupConditions in go-fastly and top level "type": "single", to Condiitons.
Contributor
Author
There was a problem hiding this comment.
ah rats, i'll get on that. TY!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Change summary
Add support for NGWAF rule manipulation.
createandupdateare handled by allowing the user to proved a valid json that can be unmarshalled to the matching structure for the given rule level.All Submissions:
New Feature Submissions:
Changes to Core Features: