feat(teams_rules): support biso v2 fields

With this commit, it's possible to create http policies with the new biso admin controls.
cloudflare · Jan 21, 2025 · 55182f2 · 55182f2
1 parent cbf5d7e
commit 55182f2
Show file tree

Hide file tree

Showing 3 changed files with 101 additions and 6 deletions.
diff --git a/.changelog/3848.txt b/.changelog/3848.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_rules: add support for biso admin controls v2
+```
diff --git a/teams_rules.go b/teams_rules.go
@@ -119,14 +119,36 @@ type TeamsL4OverrideSettings struct {
 }
 
 type TeamsBISOAdminControlSettings struct {
-	DisablePrinting             bool `json:"dp"`
-	DisableCopyPaste            bool `json:"dcp"`
-	DisableDownload             bool `json:"dd"`
-	DisableUpload               bool `json:"du"`
-	DisableKeyboard             bool `json:"dk"`
-	DisableClipboardRedirection bool `json:"dcr"`
+	DisablePrinting             bool                                    `json:"dp"`
+	DisableCopyPaste            bool                                    `json:"dcp"`
+	DisableDownload             bool                                    `json:"dd"`
+	DisableUpload               bool                                    `json:"du"`
+	DisableKeyboard             bool                                    `json:"dk"`
+	DisableClipboardRedirection bool                                    `json:"dcr"`
+	Copy                        TeamsTeamsBISOAdminControlSettingsValue `json:"copy"`
+	Download                    TeamsTeamsBISOAdminControlSettingsValue `json:"download"`
+	Keyboard                    TeamsTeamsBISOAdminControlSettingsValue `json:"keyboard"`
+	Paste                       TeamsTeamsBISOAdminControlSettingsValue `json:"paste"`
+	Printing                    TeamsTeamsBISOAdminControlSettingsValue `json:"printing"`
+	Upload                      TeamsTeamsBISOAdminControlSettingsValue `json:"upload"`
+	Version                     TeamsBISOAdminControlSettingsVersion    `json:"version"`
 }
 
+type TeamsBISOAdminControlSettingsVersion string
+
+const (
+	TeamsBISOAdminControlSettingsV1 TeamsBISOAdminControlSettingsVersion = "v1"
+	TeamsBISOAdminControlSettingsV2 TeamsBISOAdminControlSettingsVersion = "v2"
+)
+
+type TeamsTeamsBISOAdminControlSettingsValue string
+
+const (
+	TeamsBISOAdminControlEnabled    TeamsTeamsBISOAdminControlSettingsValue = "enabled"
+	TeamsBISOAdminControlDisabled   TeamsTeamsBISOAdminControlSettingsValue = "disabled"
+	TeamsBISOAdminControlRemoteOnly TeamsTeamsBISOAdminControlSettingsValue = "remote_only"
+)
+
 type TeamsCheckSessionSettings struct {
 	Enforce  bool     `json:"enforce"`
 	Duration Duration `json:"duration"`

diff --git a/teams_rules_test.go b/teams_rules_test.go
@@ -915,3 +915,73 @@ func TestTeamsDeleteRule(t *testing.T) {
 
 	assert.NoError(t, err)
 }
+
+func TestTeamsCreateHttpPolicyWithBisoV2(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"name": "biso v2",
+				"description": "biso v2",
+				"precedence": 1000,
+				"enabled": true,
+				"action": "isolate",
+				"filters": [
+					"http"
+				],
+				"traffic": "http.conn.src.ip == 1.2.3.4",
+				"rule_settings": {					
+					"biso_admin_controls": {
+					  	"version": "v2",
+					  	"copy": "remote_only",
+					  	"paste": "enabled",
+					  	"download": "disabled",
+					  	"keyboard": "enabled",
+						"printing": "disabled",
+						"upload": "enabled"
+					}
+				}
+			}
+		}
+		`)
+	}
+
+	want := TeamsRule{
+		Name:          "biso v2",
+		Description:   "biso v2",
+		Precedence:    1000,
+		Enabled:       true,
+		Action:        Isolate,
+		Filters:       []TeamsFilterType{HttpFilter},
+		Traffic:       `http.conn.src.ip == 1.2.3.4`,
+		Identity:      "",
+		DevicePosture: "",
+		RuleSettings: TeamsRuleSettings{
+			BISOAdminControls: &TeamsBISOAdminControlSettings{
+				Version:  TeamsBISOAdminControlSettingsV2,
+				Copy:     TeamsBISOAdminControlRemoteOnly,
+				Paste:    TeamsBISOAdminControlEnabled,
+				Download: TeamsBISOAdminControlDisabled,
+				Keyboard: TeamsBISOAdminControlEnabled,
+				Printing: TeamsBISOAdminControlDisabled,
+				Upload:   TeamsBISOAdminControlEnabled,
+			},
+		},
+		DeletedAt: nil,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules", handler)
+
+	actual, err := client.TeamsCreateRule(context.Background(), testAccountID, want)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}