NVSHAS-10016: UI for supporting export response rules (as CRD)

Author: xingzhang-suse

admin/src/main/scala/com/neu/api/policy/PolicyApi.scala

@@ -53,36 +53,61 @@ class PolicyApi(resourceService: PolicyService) extends BaseApi {
             }
           }
         } ~
-        path("responsePolicy") {
-          get {
-            parameter(Symbol("scope").?) { scope =>
-              Utils.respondWithWebServerHeaders() {
-                resourceService.getResponsePolicy(tokenId, scope)
+        pathPrefix("responsePolicy") {
+          pathEnd {
+            get {
+              parameter(Symbol("scope").?) { scope =>
+                Utils.respondWithWebServerHeaders() {
+                  resourceService.getResponsePolicy(tokenId, scope)
+                }
               }
-            }
-          } ~
-          post {
-            entity(as[ResponseRulesWrap]) { responseRulesWrap =>
-              Utils.respondWithWebServerHeaders() {
-                resourceService.insertResponseRules(tokenId, responseRulesWrap)
+            } ~
+            post {
+              entity(as[ResponseRulesWrap]) { responseRulesWrap =>
+                Utils.respondWithWebServerHeaders() {
+                  resourceService.insertResponseRules(tokenId, responseRulesWrap)
+                }
+              }
+            } ~
+            patch {
+              entity(as[ResponseRuleConfig]) { responseRuleConfig =>
+                Utils.respondWithWebServerHeaders() {
+                  resourceService.updateResponsePolicy(tokenId, responseRuleConfig)
+                }
+              }
+            } ~
+            delete {
+              parameter(Symbol("scope").?, Symbol("id").?) { (scope, id) =>
+                Utils.respondWithWebServerHeaders() {
+                  resourceService.deleteResponseRule(
+                    tokenId,
+                    scope,
+                    id
+                  )
+                }
               }
             }
           } ~
-          patch {
-            entity(as[ResponseRuleConfig]) { responseRuleConfig =>
-              Utils.respondWithWebServerHeaders() {
-                resourceService.updateResponsePolicy(tokenId, responseRuleConfig)
+          path("export") {
+            post {
+              entity(as[ExportedResponseRuleList]) { exportedResponseRuleList =>
+                Utils.respondWithWebServerHeaders() {
+                  resourceService.exportResponseRuleConfig(tokenId, exportedResponseRuleList)
+                }
               }
             }
           } ~
-          delete {
-            parameter(Symbol("scope").?, Symbol("id").?) { (scope, id) =>
-              Utils.respondWithWebServerHeaders() {
-                resourceService.deleteResponseRule(
-                  tokenId,
-                  scope,
-                  id
-                )
+          path("import") {
+            post {
+              headerValueByName("X-Transaction-Id") { transactionId =>
+                Utils.respondWithWebServerHeaders() {
+                  resourceService.importResponseRuleConfig(tokenId, transactionId)
+                }
+              } ~
+              entity(as[String]) { formData =>
+                Utils.respondWithWebServerHeaders() {
+                  resourceService.importResponseRuleConfigByFormData(tokenId, formData)
+                }
               }
             }
           }

admin/src/main/scala/com/neu/model/Policy.scala

@@ -355,3 +355,8 @@ case class WorkloadV2(
 case class WorkloadsWrapV2(
   workloads: Array[WorkloadV2]
 )
+
+case class ExportedResponseRuleList(
+  ids: Array[Int],
+  remote_export_options: Option[RemoteExportOptions] = None
+)

admin/src/main/scala/com/neu/model/PolicyJsonProtocol.scala

@@ -72,20 +72,26 @@ object PolicyJsonProtocol extends DefaultJsonProtocol with LazyLogging {
   given ruleIdsFormat: RootJsonFormat[RuleIds]                                   = jsonFormat1(RuleIds.apply)
   given promoteConfigFormat: RootJsonFormat[PromoteConfig]                       = jsonFormat1(PromoteConfig.apply)
 
-  given workloadBriefV2Format: RootJsonFormat[WorkloadBriefV2]           = jsonFormat14(
+  given workloadBriefV2Format: RootJsonFormat[WorkloadBriefV2]                = jsonFormat14(
     WorkloadBriefV2.apply
   )
-  given workloadSecurityV2Format: RootJsonFormat[WorkloadSecurityV2]     = jsonFormat10(
+  given workloadSecurityV2Format: RootJsonFormat[WorkloadSecurityV2]          = jsonFormat10(
     WorkloadSecurityV2.apply
   )
-  given workloadRtAttribesV2Format: RootJsonFormat[WorkloadRtAttribesV2] = jsonFormat12(
+  given workloadRtAttribesV2Format: RootJsonFormat[WorkloadRtAttribesV2]      = jsonFormat12(
     WorkloadRtAttribesV2.apply
   )
-  given workloadV2ChildFormat: RootJsonFormat[WorkloadV2Child]           = jsonFormat12(
+  given workloadV2ChildFormat: RootJsonFormat[WorkloadV2Child]                = jsonFormat12(
     WorkloadV2Child.apply
   )
-  given workloadV2Format: RootJsonFormat[WorkloadV2]                     = jsonFormat13(WorkloadV2.apply)
-  given workloadsWrapV2Format: RootJsonFormat[WorkloadsWrapV2]           = jsonFormat1(WorkloadsWrapV2.apply)
+  given workloadV2Format: RootJsonFormat[WorkloadV2]                          = jsonFormat13(WorkloadV2.apply)
+  given workloadsWrapV2Format: RootJsonFormat[WorkloadsWrapV2]                = jsonFormat1(WorkloadsWrapV2.apply)
+  given remoteExportOptionsFormat: RootJsonFormat[RemoteExportOptions]        = jsonFormat3(
+    RemoteExportOptions.apply
+  )
+  given exportedResponseRuleListFmt: RootJsonFormat[ExportedResponseRuleList] = jsonFormat2(
+    ExportedResponseRuleList.apply
+  )
 
   def policyToJson(policy: Policy): String                                     = policy.toJson.compactPrint
   def policy2ToJson(policy2: Policy2): String                                  = policy2.toJson.compactPrint
@@ -118,6 +124,9 @@ object PolicyJsonProtocol extends DefaultJsonProtocol with LazyLogging {
   def jsonToWorkloadsWrapV2(response: String): WorkloadsWrapV2 =
     response.parseJson.convertTo[WorkloadsWrapV2]
 
+  def exportedResponseRuleToJson(list: ExportedResponseRuleList): String =
+    list.toJson.compactPrint
+
   def groupToNode(group: Group): Node =
     Node(
       group.name,

admin/src/main/scala/com/neu/service/policy/PolicyService.scala

@@ -168,6 +168,76 @@ class PolicyService() extends BaseService with DefaultJsonFormats with LazyLoggi
       )
     }
 
+  def exportResponseRuleConfig(
+    tokenId: String,
+    exportedResponseRuleList: ExportedResponseRuleList
+  ): Route = {
+    logger.info("Export sensors")
+    complete {
+      RestClient.httpRequestWithHeader(
+        s"${baseClusterUri(tokenId)}/file/dlp",
+        POST,
+        exportedResponseRuleToJson(exportedResponseRuleList),
+        tokenId
+      )
+    }
+  }
+
+  def importResponseRuleConfig(tokenId: String, transactionId: String): Route =
+    complete {
+      try {
+        val cachedBaseUrl = AuthenticationManager.getBaseUrl(tokenId)
+        val baseUrl       = cachedBaseUrl.fold {
+          baseClusterUri(tokenId)
+        }(cachedBaseUrl => cachedBaseUrl)
+        AuthenticationManager.setBaseUrl(tokenId, baseUrl)
+        logger.info("test baseUrl: {}", baseUrl)
+        logger.info("Transaction ID(Post): {}", transactionId)
+        RestClient.httpRequestWithHeader(
+          s"$baseUrl/file/response/rule/config",
+          POST,
+          "",
+          tokenId,
+          Some(transactionId)
+        )
+      } catch {
+        case NonFatal(e) =>
+          RestClient.handleError(
+            timeOutStatus,
+            authenticationFailedStatus,
+            serverErrorStatus,
+            e
+          )
+      }
+    }
+
+  def importResponseRuleConfigByFormData(tokenId: String, formData: String): Route =
+    complete {
+      try {
+        val baseUrl              = baseClusterUri(tokenId)
+        AuthenticationManager.setBaseUrl(tokenId, baseUrl)
+        logger.info("test baseUrl: {}", baseUrl)
+        logger.info("No Transaction ID(Post)")
+        val lines: Array[String] = formData.split("\n")
+        val contentLines         = lines.slice(4, lines.length - 1)
+        val bodyData             = contentLines.mkString("\n")
+        RestClient.httpRequestWithHeader(
+          s"$baseUrl/file/response/rule/config",
+          POST,
+          bodyData,
+          tokenId
+        )
+      } catch {
+        case NonFatal(e) =>
+          RestClient.handleError(
+            timeOutStatus,
+            authenticationFailedStatus,
+            serverErrorStatus,
+            e
+          )
+      }
+    }
+
   def getPolicy(
     tokenId: String,
     scope: Option[String],

admin/webapp/websrc/app/common/constants/global.constant.ts

@@ -281,6 +281,7 @@ export class GlobalConstant {
     WAF: 'cfgWafExport.yaml',
     COMPLIANCE_PROFILE: 'cfgComplianceProfileExport.yaml',
     VUL_PROFILE: 'cfgVulProfileExport.yaml',
+    RESPONSE_RULES: 'cfgReponseRulesExport.yaml',
   };
 
   public static SIGSTORE_ATTRIBUTE = {

admin/webapp/websrc/app/common/constants/path.constant.ts

@@ -73,6 +73,8 @@ export class PathConstant {
   public static SNIFF_URL = 'sniffer'; //graph
   public static SNIFF_PCAP_URL = 'sniffer/pcap'; //graph
   public static RESPONSE_POLICY_URL = 'responsePolicy'; //policy
+  public static RESPONSE_RULE_IMPORT_URL = 'responsePolicy/import';
+  public static RESPONSE_RULE_EXPORT_URL = 'responsePolicy/export';
   public static UNQUARANTINE_URL = 'unquarantine'; //policy
   public static CONDITION_OPTION_URL = 'conditionOption'; //policy
   public static RESPONSE_RULE_URL = 'responseRule'; //policy

admin/webapp/websrc/app/common/services/response-rules.service.ts

@@ -40,6 +40,23 @@ export class ResponseRulesService {
       {
         headerName: this.translate.instant('responsePolicy.gridHeader.ID'),
         field: 'id',
+        headerCheckboxSelection: params =>
+        source ===
+        GlobalConstant.NAV_SOURCE.SELF,
+        headerCheckboxSelectionFilteredOnly: params =>
+        params.context.componentParent.source ===
+        GlobalConstant.NAV_SOURCE.SELF,
+        cellRenderer: params => {
+          if (params.value)
+            return `<span class="${
+              source === GlobalConstant.NAV_SOURCE.SELF
+                ? 'left-margin-32'
+                : ''
+            }">
+                      ${params.value}
+                    </span>`;
+          return false;
+        },
         width: 80,
         minWidth: 80,
         maxWidth: 80,
@@ -101,13 +118,27 @@ export class ResponseRulesService {
       },
     ];
 
+    if (source === GlobalConstant.NAV_SOURCE.SELF) {
+      columnDefs[0]['checkboxSelection'] = params => {
+        if (params.data)
+          return (
+            params.context.componentParent.source ===
+              GlobalConstant.NAV_SOURCE.SELF &&
+            params.data.cfg_type !== GlobalConstant.CFG_TYPE.FED
+          );
+        return false;
+      };
+    }
+
     let gridOptions = this.utils.createGridOptions(columnDefs, this.$win);
     gridOptions.rowClassRules = {
       'disabled-row': params => {
         if (!params.data) return false;
         return !!params.data.disable;
       },
     };
+    gridOptions.rowSelection =
+      source === GlobalConstant.NAV_SOURCE.SELF ? 'multiple' : 'single';
     return gridOptions;
   }
 
@@ -402,4 +433,13 @@ export class ResponseRulesService {
       .pipe();
     return forkJoin([unquarantineReq, removeReq]).pipe();
   }
+
+  getResponseRuleConfigFileData(payload) {
+    return GlobalVariable.http
+      .post(PathConstant.RESPONSE_RULE_EXPORT_URL, payload, {
+        observe: 'response',
+        responseType: 'text',
+      })
+      .pipe();
+  }
 }

admin/webapp/websrc/app/routes/components/response-rules/response-rules.component.html

@@ -6,19 +6,38 @@ <h1 class="font-weight-light" id="response rules title">
       {{ 'responsePolicy.head.TITLE' | translate }}
     </h1>
   </div>
-  <app-loading-button
-    (btnClick)="refresh()"
-    [disabled]="!!(refreshing$ | async)"
-    [appearance]="'mat-button'"
-    [buttonClasses]="'d-flex justify-content-center align-items-center'"
-    [disabled]="false"
-    [iconClasses]="'eos-icons icon-18'"
-    [iconName]="'refresh'"
-    [id]="'response-rule-refresh-button'"
-    [loading]="!!(refreshing$ | async)"
-    [text]="'network.REFRESH' | translate"
-    [type]="'button'">
-  </app-loading-button>
+  <div class="d-flex align-items-center justify-content-end">
+    <button
+      mat-button
+      aria-label="export WAF SENSORS"
+      *appDisplayControl="'review_rule'"
+      [disabled]="!selectedRules || selectedRules.length === 0"
+      (click)="exportResponseRules()">
+      <em class="eos-icons icon-18">download</em>
+      {{ 'admissionControl.EXPORT' | translate }}
+    </button>
+    <button
+      mat-button
+      aria-label="import WAF SENSORS"
+      (click)="openImportResponseRulesModal()"
+      *appDisplayControl="'write_dlp_rule'">
+      <em class="eos-icons icon-18">upload</em>
+      {{ 'admissionControl.IMPORT' | translate }}
+    </button>
+    <app-loading-button
+      (btnClick)="refresh()"
+      [disabled]="!!(refreshing$ | async)"
+      [appearance]="'mat-button'"
+      [buttonClasses]="'d-flex justify-content-center align-items-center'"
+      [disabled]="false"
+      [iconClasses]="'eos-icons icon-18'"
+      [iconName]="'refresh'"
+      [id]="'response-rule-refresh-button'"
+      [loading]="!!(refreshing$ | async)"
+      [text]="'network.REFRESH' | translate"
+      [type]="'button'">
+    </app-loading-button>
+  </div>
 </div>
 <div>
   <div