Skip to content

Commit c06b981

Browse files
jacobbednarzjacobbednarz
authored
Merge pull request #1436 from joebb97/jbuiteweg/GATE-4979
GATE-4979: Add support for resolver policies
2 parents 2a1bc22 + 553f4e2 commit c06b981

File tree

3 files changed

+71
-1
lines changed

3 files changed

+71
-1
lines changed

.changelog/1436.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
```release-note:enhancement
2+
teams_rules: Add support for resolver policies
3+
```

teams_rules.go

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,12 @@ type TeamsRuleSettings struct {
5757

5858
// Action taken when an untrusted origin certificate error occurs in a http allow rule
5959
UntrustedCertSettings *UntrustedCertSettings `json:"untrusted_cert"`
60+
61+
// Specifies that a resolver policy should use Cloudflare's DNS Resolver.
62+
ResolveDnsThroughCloudflare *bool `json:"resolve_dns_through_cloudflare,omitempty"`
63+
64+
// Resolver policy settings.
65+
DnsResolverSettings *TeamsDnsResolverSettings `json:"dns_resolvers,omitempty"`
6066
}
6167

6268
type TeamsGatewayUntrustedCertAction string
@@ -101,6 +107,28 @@ type TeamsCheckSessionSettings struct {
101107
Duration Duration `json:"duration"`
102108
}
103109

110+
type (
111+
TeamsDnsResolverSettings struct {
112+
V4Resolvers []TeamsDnsResolverAddressV4 `json:"ipv4,omitempty"`
113+
V6Resolvers []TeamsDnsResolverAddressV6 `json:"ipv6,omitempty"`
114+
}
115+
116+
TeamsDnsResolverAddressV4 struct {
117+
TeamsDnsResolverAddress
118+
}
119+
120+
TeamsDnsResolverAddressV6 struct {
121+
TeamsDnsResolverAddress
122+
}
123+
124+
TeamsDnsResolverAddress struct {
125+
IP string `json:"ip"`
126+
Port *int `json:"port,omitempty"`
127+
VnetID string `json:"vnet_id,omitempty"`
128+
RouteThroughPrivateNetwork *bool `json:"route_through_private_network,omitempty"`
129+
}
130+
)
131+
104132
type TeamsDlpPayloadLogSettings struct {
105133
Enabled bool `json:"enabled"`
106134
}

teams_rules_test.go

Lines changed: 40 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,19 @@ func TestTeamsRules(t *testing.T) {
5353
"insecure_disable_dnssec_validation": false,
5454
"untrusted_cert": {
5555
"action": "error"
56+
},
57+
"dns_resolvers": {
58+
"ipv4": [
59+
{"ip": "10.0.0.2", "port": 5053},
60+
{
61+
"ip": "192.168.0.2",
62+
"vnet_id": "16fd7a32-11f0-4687-a0bb-7031d241e184",
63+
"route_through_private_network": true
64+
}
65+
],
66+
"ipv6": [
67+
{"ip": "2460::1"}
68+
]
5669
}
5770
}
5871
},
@@ -84,7 +97,8 @@ func TestTeamsRules(t *testing.T) {
8497
"insecure_disable_dnssec_validation": true,
8598
"untrusted_cert": {
8699
"action": "pass_through"
87-
}
100+
},
101+
"resolve_dns_through_cloudflare": true
88102
}
89103
}
90104
]
@@ -123,6 +137,30 @@ func TestTeamsRules(t *testing.T) {
123137
UntrustedCertSettings: &UntrustedCertSettings{
124138
Action: UntrustedCertError,
125139
},
140+
DnsResolverSettings: &TeamsDnsResolverSettings{
141+
V4Resolvers: []TeamsDnsResolverAddressV4{
142+
{
143+
TeamsDnsResolverAddress{
144+
IP: "10.0.0.2",
145+
Port: IntPtr(5053),
146+
},
147+
},
148+
{
149+
TeamsDnsResolverAddress{
150+
IP: "192.168.0.2",
151+
VnetID: "16fd7a32-11f0-4687-a0bb-7031d241e184",
152+
RouteThroughPrivateNetwork: BoolPtr(true),
153+
},
154+
},
155+
},
156+
V6Resolvers: []TeamsDnsResolverAddressV6{
157+
{
158+
TeamsDnsResolverAddress{
159+
IP: "2460::1",
160+
},
161+
},
162+
},
163+
},
126164
},
127165
CreatedAt: &createdAt,
128166
UpdatedAt: &updatedAt,
@@ -154,6 +192,7 @@ func TestTeamsRules(t *testing.T) {
154192
UntrustedCertSettings: &UntrustedCertSettings{
155193
Action: UntrustedCertPassthrough,
156194
},
195+
ResolveDnsThroughCloudflare: BoolPtr(true),
157196
},
158197
CreatedAt: &createdAt,
159198
UpdatedAt: &updatedAt,

0 commit comments

Comments
 (0)