Merge pull request #334 from ngrok/oz/policy-module

add policy module

api/ingress/v1alpha1/httpsedge_types.go

@@ -73,6 +73,8 @@ type HTTPSEdgeRouteSpec struct {
 
 	// WebhookVerification is webhook verification configuration to apply to this route
 	WebhookVerification *EndpointWebhookVerification `json:"webhookVerification,omitempty"`
+
+	Policy *EndpointPolicy `json:"policy,omitempty"`
 }
 
 // HTTPSEdgeSpec defines the desired state of HTTPSEdge

api/ingress/v1alpha1/ngrok_common.go

@@ -1,6 +1,8 @@
 package v1alpha1
 
 import (
+	"encoding/json"
+
 	"github.com/ngrok/ngrok-api-go/v5"
 	"k8s.io/apimachinery/pkg/api/resource"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -428,3 +430,87 @@ func (amazon *EndpointOAuthAmazon) ToNgrok(clientSecret *string) *ngrok.Endpoint
 	}
 	return mod
 }
+
+type EndpointPolicy struct {
+	// Determines if the rule will be applied to traffic
+	Enabled *bool `json:"enabled,omitempty"`
+	// Inbound traffic rule
+	Inbound []EndpointRule `json:"inbound,omitempty"`
+	// Outbound traffic rule
+	Outbound []EndpointRule `json:"outbound,omitempty"`
+}
+
+type EndpointRule struct {
+	// Expressions
+	Expressions []string `json:"expressions,omitempty"`
+	// Actions
+	Actions []EndpointAction `json:"actions,omitempty"`
+	// Name
+	Name string `json:"name,omitempty"`
+}
+
+type EndpointAction struct {
+	Type string `json:"type,omitempty"`
+	// +kubebuilder:validation:Schemaless
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Type=object
+	Config json.RawMessage `json:"config,omitempty"`
+}
+
+func (policy *EndpointPolicy) ToNgrok() *ngrok.EndpointPolicy {
+	if policy == nil {
+		return nil
+	}
+
+	var inbound []ngrok.EndpointRule
+	for _, rule := range policy.Inbound {
+		p := rule
+		inbound = append(inbound, *p.ToNgrok())
+	}
+	var outbound []ngrok.EndpointRule
+	for _, rule := range policy.Outbound {
+		p := rule
+		mod := p.ToNgrok()
+		if mod != nil {
+			outbound = append(outbound, *mod)
+		}
+	}
+
+	return &ngrok.EndpointPolicy{
+		Enabled:  policy.Enabled,
+		Inbound:  inbound,
+		Outbound: outbound,
+	}
+}
+
+func (rule *EndpointRule) ToNgrok() *ngrok.EndpointRule {
+	if rule == nil {
+		return nil
+	}
+
+	var actions []ngrok.EndpointAction
+	for _, action := range rule.Actions {
+		a := action
+		mod := a.ToNgrok()
+		if mod != nil {
+			actions = append(actions, *mod)
+		}
+	}
+
+	return &ngrok.EndpointRule{
+		Expressions: rule.Expressions,
+		Actions:     actions,
+		Name:        rule.Name,
+	}
+}
+
+func (action *EndpointAction) ToNgrok() *ngrok.EndpointAction {
+	if action == nil {
+		return nil
+	}
+
+	return &ngrok.EndpointAction{
+		Type:   action.Type,
+		Config: action.Config,
+	}
+}

api/ingress/v1alpha1/ngrokmoduleset_types.go

@@ -39,6 +39,8 @@ type NgrokModuleSetModules struct {
 	IPRestriction *EndpointIPPolicy `json:"ipRestriction,omitempty"`
 	// OAuth configuration for this module set
 	OAuth *EndpointOAuth `json:"oauth,omitempty"`
+	// Policy configuration for this module set
+	Policy *EndpointPolicy `json:"policy,omitempty"`
 	// OIDC configuration for this module set
 	OIDC *EndpointOIDC `json:"oidc,omitempty"`
 	// SAML configuration for this module set
@@ -83,6 +85,9 @@ func (ms *NgrokModuleSet) Merge(o *NgrokModuleSet) {
 	if omod.OAuth != nil {
 		msmod.OAuth = omod.OAuth
 	}
+	if omod.Policy != nil {
+		msmod.Policy = omod.Policy
+	}
 	if omod.OIDC != nil {
 		msmod.OIDC = omod.OIDC
 	}

api/ingress/v1alpha1/tcpedge_types.go

@@ -42,6 +42,8 @@ type TCPEdgeSpec struct {
 
 	// IPRestriction is an IPRestriction to apply to this edge
 	IPRestriction *EndpointIPPolicy `json:"ipRestriction,omitempty"`
+
+	Policy *EndpointPolicy `json:"policy,omitempty"`
 }
 
 // TCPEdgeStatus defines the observed state of TCPEdge

api/ingress/v1alpha1/tlsedge_types.go

@@ -50,6 +50,8 @@ type TLSEdgeSpec struct {
 	TLSTermination *EndpointTLSTermination `json:"tlsTermination,omitempty"`
 
 	MutualTLS *EndpointMutualTLS `json:"mutualTls,omitempty"`
+
+	Policy *EndpointPolicy `json:"policy,omitempty"`
 }
 
 // TLSEdgeStatus defines the observed state of TLSEdge

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/go-logr/logr v1.2.4
 	github.com/golang/mock v1.4.4
 	github.com/imdario/mergo v0.3.16
-	github.com/ngrok/ngrok-api-go/v5 v5.0.0
+	github.com/ngrok/ngrok-api-go/v5 v5.3.0
 	github.com/onsi/ginkgo/v2 v2.11.0
 	github.com/onsi/gomega v1.27.10
 	github.com/spf13/cobra v1.7.0

go.sum

@@ -415,8 +415,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU=
-github.com/ngrok/ngrok-api-go/v5 v5.0.0 h1:eksowVztKNQU0JBaYS2hXGiC/xtGXj8LAx8lAuzYlsw=
-github.com/ngrok/ngrok-api-go/v5 v5.0.0/go.mod h1:cxMRsWuE0EwK/JB/5prvHK0LEWB3KP16iwvIMqvDVP0=
+github.com/ngrok/ngrok-api-go/v5 v5.3.0 h1:J9ZQ54aG9RuEvk8wZmQhQXafL4HF+ZBnlHo/QC/ES74=
+github.com/ngrok/ngrok-api-go/v5 v5.3.0/go.mod h1:UVTaHI5B4gEsfHCOZTlRg8WkT6+KBijIkVtjpDqCyIU=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=