feat: Change AdditionalTargetAttributes.Value from string type to interface type

tyao117 commented 5 months ago

PR summary

Changes:

Changed the AdditionalTargetAttributes field Value from string to type interface{} #142

Added:

Adding an example to the README.md

PR Checklist

Please make sure that your PR fulfills the following requirements:

[ ] The commit message follows the Angular Commit Message Guidelines.
[ ] Tests for the changes have been added (for bug fixes / features)
[ ] Docs have been added / updated (for bug fixes / features)

Current vs new behavior

Current Behavior:

Start main
{
    "StatusCode": 200,
    "Headers": {
        "Cache-Control": [
            "no-store"
        ],
        "Cf-Cache-Status": [
            "DYNAMIC"
        ],
        "Cf-Ray": [
            "880b038c5dcc2f75-LAX"
        ],
        "Content-Type": [
            "application/json; charset=utf-8"
        ],
        "Date": [
            "Wed, 08 May 2024 17:01:49 GMT"
        ],
        "Etag": [
            "W/\"8-7477f4840c6619850a6b787ac171f04a\""
        ],
        "Server": [
            "cloudflare"
        ],
        "Strict-Transport-Security": [
            "max-age=31536000; includeSubDomains"
        ],
        "Transaction-Id": [
            "b2419077-c619-41b1-adfb-bffd7ad25f39"
        ],
        "X-Content-Type-Options": [
            "nosniff"
        ],
        "X-Correlation-Id": [
            "b2419077-c619-41b1-adfb-bffd7ad25f39"
        ],
        "X-Envoy-Upstream-Service-Time": [
            "382"
        ],
        "X-Ratelimit-Limit": [
            "5"
        ],
        "X-Ratelimit-Remaining": [
            "4"
        ],
        "X-Ratelimit-Reset": [
            "1715187710"
        ],
        "X-Request-Id": [
            "0a2f96e2-f707-4c1d-8835-6c5d33d5424d"
        ]
    },
    "Result": {
        "account_id": "IBM",
        "created_by": "IBM",
        "created_on": "2022-11-17T10:23:49Z",
        "description": "Check whether Virtual Private Cloud (VPC) network access control lists don't allow ingress from wildcard IP addresses to SSH port",
        "id": "rule-f9137be8-2490-4afb-8cd5-a201cb167eb2",
        "import": {
            "parameters": [
                {
                    "name": "ssh_port",
                    "display_name": "Network ACL rule for allowed IPs to SSH port",
                    "description": "",
                    "type": "numeric"
                }
            ]
        },
        "labels": [],
        "required_config": {
            "or": [
                {
                    "property": "source_cidr_block",
                    "operator": "is_empty"
                },
                {
                    "property": "source_cidr_block",
                    "operator": "ips_not_equals",
                    "value": [
                        "0.0.0.0/0"
                    ]
                },
                {
                    "property": "match_traffic_allow",
                    "operator": "string_not_equals",
                    "value": "allow"
                },
                {
                    "or": [
                        {
                            "property": "destination_port_min",
                            "operator": "num_greater_than",
                            "value": "${ssh_port}"
                        },
                        {
                            "property": "destination_port_max",
                            "operator": "num_less_than",
                            "value": "${ssh_port}"
                        }
                    ]
                }
            ]
        },
        "target": {
            "service_name": "is.network-acl",
            "service_display_name": "Network ACL",
            "resource_kind": "rule",
            "additional_target_attributes": [
                {
                    "name": "traffic_direction",
                    "operator": "string_equals",
                    "value": "inbound"
                },
                {
                    "name": "protocol",
                    "operator": "string_equals",
                    "value": [
                        "tcp",
                        "udp"
                    ]
                }
            ]
        },
        "type": "system_defined",
        "updated_by": "IBM",
        "updated_on": "2024-04-23T03:46:20Z",
        "version": "1.0.4"
    },
    "RawResult": null
}

panic: error unmarshalling securityandcompliancecenterapiv3.Rule: error unmarshalling property 'target' as securityandcompliancecenterapiv3.Target: error unmarshalling property 'additional_target_attributes' as []securityandcompliancecenterapiv3.AdditionalTargetAttribute: error unmarshalling property 'value': json: cannot unmarshal array into Go value of type string

goroutine 1 [running]:
main.main()
        /Users/timothyyao/workspace/sandbox/sysdig-temp/main.go:37 +0x284
exit status 2

New Behavior:

{
  "created_on": "2022-11-17T10:23:49.000Z",
  "created_by": "IBM",
  "updated_on": "2024-04-23T03:46:20.000Z",
  "updated_by": "IBM",
  "id": "rule-f9137be8-2490-4afb-8cd5-a201cb167eb2",
  "account_id": "IBM",
  "description": "Check whether Virtual Private Cloud (VPC) network access control lists don't allow ingress from wildcard IP addresses to SSH port",
  "type": "system_defined",
  "version": "1.0.4",
  "import": {
    "parameters": [
      {
        "name": "ssh_port",
        "display_name": "Network ACL rule for allowed IPs to SSH port",
        "description": "",
        "type": "numeric"
      }
    ]
  },
  "target": {
    "service_name": "is.network-acl",
    "service_display_name": "Network ACL",
    "resource_kind": "rule",
    "additional_target_attributes": [
      {
        "name": "traffic_direction",
        "operator": "string_equals",
        "value": "inbound"
      },
      {
        "name": "protocol",
        "operator": "string_equals",
        "value": [
          "tcp",
          "udp"
        ]
      }
    ]
  },
  "required_config": {
    "or": [
      {
        "property": "source_cidr_block",
        "operator": "is_empty"
      },
      {
        "property": "source_cidr_block",
        "operator": "ips_not_equals",
        "value": [
          "0.0.0.0/0"
        ]
      },
      {
        "property": "match_traffic_allow",
        "operator": "string_not_equals",
        "value": "allow"
      },
      {
        "or": [
          {
            "property": "destination_port_min",
            "operator": "num_greater_than",
            "value": "${ssh_port}"
          },
          {
            "property": "destination_port_max",
            "operator": "num_less_than",
            "value": "${ssh_port}"
          }
        ]
      }
    ]
  },
  "labels": []
}

Does this PR introduce a breaking change?

[X] Yes
[ ] No

AdditionalTargetAttributes.Value would change from being *string to being interface{}. This will imply that there will be a code change needed to infer the type coming back

Other information

tyao117 commented 5 months ago

sample code to test behavior:

  s, err := scc.NewSecurityAndComplianceCenterApiV3(
    &scc.SecurityAndComplianceCenterApiV3Options{
      URL: "https://us-south.compliance.cloud.ibm.com",
      Authenticator: &core.IamAuthenticator{
        ApiKey: APIKEY,
      },
    },
  )
  if err != nil {
    panic(err)
  }
  gro := scc.GetRuleOptions{
    InstanceID: &instance_id,
    RuleID: &rule_id,
  }
  rule, response, err := s.GetRule(&gro)
  if err != nil {
    fmt.Println(response)
    panic(err)
  }
  b, _ := json.MarshalIndent(rule, "", "  ")
  fmt.Println(string(b))

tyao117 commented 5 months ago

previous behavior:

Start main
{
    "StatusCode": 200,
    "Headers": {
        "Cache-Control": [
            "no-store"
        ],
        "Cf-Cache-Status": [
            "DYNAMIC"
        ],
        "Cf-Ray": [
            "880b038c5dcc2f75-LAX"
        ],
        "Content-Type": [
            "application/json; charset=utf-8"
        ],
        "Date": [
            "Wed, 08 May 2024 17:01:49 GMT"
        ],
        "Etag": [
            "W/\"8-7477f4840c6619850a6b787ac171f04a\""
        ],
        "Server": [
            "cloudflare"
        ],
        "Strict-Transport-Security": [
            "max-age=31536000; includeSubDomains"
        ],
        "Transaction-Id": [
            "b2419077-c619-41b1-adfb-bffd7ad25f39"
        ],
        "X-Content-Type-Options": [
            "nosniff"
        ],
        "X-Correlation-Id": [
            "b2419077-c619-41b1-adfb-bffd7ad25f39"
        ],
        "X-Envoy-Upstream-Service-Time": [
            "382"
        ],
        "X-Ratelimit-Limit": [
            "5"
        ],
        "X-Ratelimit-Remaining": [
            "4"
        ],
        "X-Ratelimit-Reset": [
            "1715187710"
        ],
        "X-Request-Id": [
            "0a2f96e2-f707-4c1d-8835-6c5d33d5424d"
        ]
    },
    "Result": {
        "account_id": "IBM",
        "created_by": "IBM",
        "created_on": "2022-11-17T10:23:49Z",
        "description": "Check whether Virtual Private Cloud (VPC) network access control lists don't allow ingress from wildcard IP addresses to SSH port",
        "id": "rule-f9137be8-2490-4afb-8cd5-a201cb167eb2",
        "import": {
            "parameters": [
                {
                    "name": "ssh_port",
                    "display_name": "Network ACL rule for allowed IPs to SSH port",
                    "description": "",
                    "type": "numeric"
                }
            ]
        },
        "labels": [],
        "required_config": {
            "or": [
                {
                    "property": "source_cidr_block",
                    "operator": "is_empty"
                },
                {
                    "property": "source_cidr_block",
                    "operator": "ips_not_equals",
                    "value": [
                        "0.0.0.0/0"
                    ]
                },
                {
                    "property": "match_traffic_allow",
                    "operator": "string_not_equals",
                    "value": "allow"
                },
                {
                    "or": [
                        {
                            "property": "destination_port_min",
                            "operator": "num_greater_than",
                            "value": "${ssh_port}"
                        },
                        {
                            "property": "destination_port_max",
                            "operator": "num_less_than",
                            "value": "${ssh_port}"
                        }
                    ]
                }
            ]
        },
        "target": {
            "service_name": "is.network-acl",
            "service_display_name": "Network ACL",
            "resource_kind": "rule",
            "additional_target_attributes": [
                {
                    "name": "traffic_direction",
                    "operator": "string_equals",
                    "value": "inbound"
                },
                {
                    "name": "protocol",
                    "operator": "string_equals",
                    "value": [
                        "tcp",
                        "udp"
                    ]
                }
            ]
        },
        "type": "system_defined",
        "updated_by": "IBM",
        "updated_on": "2024-04-23T03:46:20Z",
        "version": "1.0.4"
    },
    "RawResult": null
}

panic: error unmarshalling securityandcompliancecenterapiv3.Rule: error unmarshalling property 'target' as securityandcompliancecenterapiv3.Target: error unmarshalling property 'additional_target_attributes' as []securityandcompliancecenterapiv3.AdditionalTargetAttribute: error unmarshalling property 'value': json: cannot unmarshal array into Go value of type string

goroutine 1 [running]:
main.main()
        /Users/timothyyao/workspace/sandbox/sysdig-temp/main.go:37 +0x284
exit status 2

tyao117 commented 5 months ago

PR output:

Start main
{
  "created_on": "2022-11-17T10:23:49.000Z",
  "created_by": "IBM",
  "updated_on": "2024-04-23T03:46:20.000Z",
  "updated_by": "IBM",
  "id": "rule-f9137be8-2490-4afb-8cd5-a201cb167eb2",
  "account_id": "IBM",
  "description": "Check whether Virtual Private Cloud (VPC) network access control lists don't allow ingress from wildcard IP addresses to SSH port",
  "type": "system_defined",
  "version": "1.0.4",
  "import": {
    "parameters": [
      {
        "name": "ssh_port",
        "display_name": "Network ACL rule for allowed IPs to SSH port",
        "description": "",
        "type": "numeric"
      }
    ]
  },
  "target": {
    "service_name": "is.network-acl",
    "service_display_name": "Network ACL",
    "resource_kind": "rule",
    "additional_target_attributes": [
      {
        "name": "traffic_direction",
        "operator": "string_equals",
        "value": "inbound"
      },
      {
        "name": "protocol",
        "operator": "string_equals",
        "value": [
          "tcp",
          "udp"
        ]
      }
    ]
  },
  "required_config": {
    "or": [
      {
        "property": "source_cidr_block",
        "operator": "is_empty"
      },
      {
        "property": "source_cidr_block",
        "operator": "ips_not_equals",
        "value": [
          "0.0.0.0/0"
        ]
      },
      {
        "property": "match_traffic_allow",
        "operator": "string_not_equals",
        "value": "allow"
      },
      {
        "or": [
          {
            "property": "destination_port_min",
            "operator": "num_greater_than",
            "value": "${ssh_port}"
          },
          {
            "property": "destination_port_max",
            "operator": "num_less_than",
            "value": "${ssh_port}"
          }
        ]
      }
    ]
  },
  "labels": []
}

archanaponnada commented 5 months ago

:tada: This PR is included in version 5.2.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket:

IBM / scc-go-sdk