GS2-Deploy/CDK Reference of GS2-Guard

Template format used to create GS2-Deploy stacks and examples of template output implementation in various languages using CDK

Entities

Namespace

Namespace is a mechanism that allows multiple uses of the same service for different purposes within a single project. Basically, GS2 services have a layer called namespace, and different namespaces are treated as completely different data spaces, even for the same service.

Therefore, it is necessary to create a namespace before starting to use each service.

	Type	Require	Limitation	Description
name	string	✓	~ 128 chars	Namespace name
description	string		~ 1024 chars	Description
blockingPolicy	BlockingPolicyModel	✓		Blocking Policy

GetAttr

Generation results of resources that can be obtained with the !GetAttr tag

	Type	Description
Item	Namespace	Namespace created

Implementation Example

Type: GS2::Guard::Namespace
Properties:
  Name: namespace-0001
  Description: null
  BlockingPolicy: 
    PassServices: 
    - account
    DefaultRestriction: Deny
    LocationDetection: Disable
    AnonymousIpDetection: Disable
    HostingProviderIpDetection: Disable
    ReputationIpDetection: Disable
    IpAddressesDetection: Enable
    IpAddresses: 
    - 192.168.0.0/24
    IpAddressRestriction: Allow

import (
    "github.com/gs2io/gs2-golang-cdk/core"
    "github.com/gs2io/gs2-golang-cdk/guard"
    "github.com/openlyinc/pointy"
)

SampleStack := core.NewStack()
guard.NewNamespace(
    &SampleStack,
    "namespace-0001",
    guard.BlockingPolicyModel{
        PassServices: []string{
            "account",
        },
        DefaultRestriction: guard.BlockingPolicyModelDefaultRestrictionDeny,
        LocationDetection: guard.BlockingPolicyModelLocationDetectionDisable,
        AnonymousIpDetection: guard.BlockingPolicyModelAnonymousIpDetectionDisable,
        HostingProviderIpDetection: guard.BlockingPolicyModelHostingProviderIpDetectionDisable,
        ReputationIpDetection: guard.BlockingPolicyModelReputationIpDetectionDisable,
        IpAddressesDetection: guard.BlockingPolicyModelIpAddressesDetectionEnable,
        IpAddresses: []string{
            "192.168.0.0/24",
        },
        IpAddressRestriction: guard.BlockingPolicyModelIpAddressRestrictionAllow.Pointer(),
    },
    guard.NamespaceOptions{},
)

println(SampleStack.Yaml())  // Generate Template

class SampleStack extends \Gs2Cdk\Core\Model\Stack
{
    function __construct() {
        parent::__construct();
        new \Gs2Cdk\Guard\Model\Namespace_(
            stack: $this,
            name: "namespace-0001",
            blockingPolicy: new \Gs2Cdk\Guard\Model\BlockingPolicyModel(
                passServices: [
                    "account",
                ],
                defaultRestriction: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelDefaultRestriction::DENY,
                locationDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelLocationDetection::DISABLE,
                anonymousIpDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelAnonymousIpDetection::DISABLE,
                hostingProviderIpDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelHostingProviderIpDetection::DISABLE,
                reputationIpDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelReputationIpDetection::DISABLE,
                ipAddressesDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelIpAddressesDetection::ENABLE,
                options: new \Gs2Cdk\Guard\Model\Options\BlockingPolicyModelOptions(
                    ipAddresses: [
                        "192.168.0.0/24",
                    ],
                    ipAddressRestriction: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelIpAddressRestriction::ALLOW
                )
            )
        );
    }
}

print((new SampleStack())->yaml());  // Generate Template

class SampleStack extends io.gs2.cdk.core.model.Stack
{
    public SampleStack() {
        super();
        new io.gs2.cdk.guard.model.Namespace(
                this,
                "namespace-0001",
                new io.gs2.cdk.guard.model.BlockingPolicyModel(
                Arrays.asList(
                    "account"
                ),
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelDefaultRestriction.DENY,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelLocationDetection.DISABLE,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelAnonymousIpDetection.DISABLE,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelHostingProviderIpDetection.DISABLE,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelReputationIpDetection.DISABLE,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelIpAddressesDetection.ENABLE,
                new io.gs2.cdk.guard.model.options.BlockingPolicyModelOptions()
                    .withIpAddresses(
                        Arrays.asList(
                            "192.168.0.0/24"
                        )
                    )
                    .withIpAddressRestriction(
                        io.gs2.cdk.guard.model.enums.BlockingPolicyModelIpAddressRestriction.ALLOW
                    )
            )
        );
    }
}

System.out.println(new SampleStack().yaml());  // Generate Template

public class SampleStack : Gs2Cdk.Core.Model.Stack
{
    public SampleStack() {
        new Gs2Cdk.Gs2Guard.Model.Namespace(
            stack: this,
            name: "namespace-0001",
            blockingPolicy: new Gs2Cdk.Gs2Guard.Model.BlockingPolicyModel(
                passServices: new string[]
                {
                    "account"
                },
                defaultRestriction: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelDefaultRestriction.Deny,
                locationDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelLocationDetection.Disable,
                anonymousIpDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelAnonymousIpDetection.Disable,
                hostingProviderIpDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelHostingProviderIpDetection.Disable,
                reputationIpDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelReputationIpDetection.Disable,
                ipAddressesDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelIpAddressesDetection.Enable,
                options: new Gs2Cdk.Gs2Guard.Model.Options.BlockingPolicyModelOptions
                {
                    ipAddresses = new string[]
                    {
                        "192.168.0.0/24"
                    },
                    ipAddressRestriction = Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelIpAddressRestriction.Allow
                }
            )
        );
    }
}

Debug.Log(new SampleStack().Yaml());  // Generate Template

import core from "@/gs2cdk/core";
import guard from "@/gs2cdk/guard";

class SampleStack extends core.Stack
{
    public constructor() {
        super();
        new guard.model.Namespace(
            this,
            "namespace-0001",
            new guard.model.BlockingPolicyModel(
                [
                    "account",
                ],
                guard.model.BlockingPolicyModelDefaultRestriction.DENY,
                guard.model.BlockingPolicyModelLocationDetection.DISABLE,
                guard.model.BlockingPolicyModelAnonymousIpDetection.DISABLE,
                guard.model.BlockingPolicyModelHostingProviderIpDetection.DISABLE,
                guard.model.BlockingPolicyModelReputationIpDetection.DISABLE,
                guard.model.BlockingPolicyModelIpAddressesDetection.ENABLE,
                {
                    ipAddresses:
                    [
                        "192.168.0.0/24",
                    ],
                    ipAddressRestriction:
                    guard.model.BlockingPolicyModelIpAddressRestriction.ALLOW
                }
            )
        );
    }
}

console.log(new SampleStack().yaml());  // Generate Template

from gs2_cdk import Stack, core, guard

class SampleStack(Stack):

    def __init__(self):
        super().__init__()
        guard.Namespace(
            stack=self,
            name='namespace-0001',
            blocking_policy=guard.BlockingPolicyModel(
            pass_services=[
                'account',
            ],
            default_restriction=guard.BlockingPolicyModelDefaultRestriction.DENY,
            location_detection=guard.BlockingPolicyModelLocationDetection.DISABLE,
            anonymous_ip_detection=guard.BlockingPolicyModelAnonymousIpDetection.DISABLE,
            hosting_provider_ip_detection=guard.BlockingPolicyModelHostingProviderIpDetection.DISABLE,
            reputation_ip_detection=guard.BlockingPolicyModelReputationIpDetection.DISABLE,
            ip_addresses_detection=guard.BlockingPolicyModelIpAddressesDetection.ENABLE,
            options=guard.BlockingPolicyModelOptions(
                ip_addresses=[
                    '192.168.0.0/24',
                ],
                ip_address_restriction=guard.BlockingPolicyModelIpAddressRestriction.ALLOW,
            )
        ),
        )

print(SampleStack().yaml())  # Generate Template

BlockingPolicyModel

Blocking Policy

	Type	Require	Default	Limitation	Description
passServices	List<string>	✓		1 ~ 100 items	List of GS2 services that can be accessed
defaultRestriction	enum { “Allow”, “Deny” }	✓	“Allow”	~ 128 chars	Default restriction
locationDetection	enum { “Enable”, “Disable” }	✓	“Disable”	~ 128 chars	Location detection
locations	List<string>	{locationDetection} == “Enable”	[]	1 ~ 100 items	List of countries to detect access
locationRestriction	enum { “Allow”, “Deny” }	{locationDetection} == “Enable”		~ 128 chars	Behavior when matched with the country list
anonymousIpDetection	enum { “Enable”, “Disable” }	✓	“Disable”	~ 128 chars	Anonymous IP Service Detection
anonymousIpRestriction	enum { “Deny” }	{anonymousIpDetection} == “Enable”	“Deny”	~ 128 chars	Behavior when detected anonymous IP service
hostingProviderIpDetection	enum { “Enable”, “Disable” }	✓	“Disable”	~ 128 chars	Hosting Service Detection
hostingProviderIpRestriction	enum { “Deny” }	{hostingProviderIpDetection} == “Enable”	“Deny”	~ 128 chars	Behavior when detected hosting service
reputationIpDetection	enum { “Enable”, “Disable” }	✓	“Disable”	~ 128 chars	Reputation access IP Detection
reputationIpRestriction	enum { “Deny” }	{reputationIpDetection} == “Enable”	“Deny”	~ 128 chars	Behavior when detected malicious access source IP
ipAddressesDetection	enum { “Enable”, “Disable” }	✓	“Disable”	~ 128 chars	Access source IP detection
ipAddresses	List<string>	{ipAddressesDetection} == “Enable”		~ 100 items	List of ip addresses
ipAddressRestriction	enum { “Allow”, “Deny” }	{ipAddressesDetection} == “Enable”		~ 128 chars	Behavior when matched with the IP address list

Enumeration type definition to specify as defaultRestriction

Enumerator String Definition	Description
Allow	Allow access from a predetermined access source
Deny	Deny access from a predetermined access source

Enumeration type definition to specify as locationDetection

Enumerator String Definition	Description
Enable	Enable
Disable	Disable

Enumeration type definition to specify as locationRestriction

Enumerator String Definition	Description
Allow	Allow
Deny	Deny

Enumeration type definition to specify as anonymousIpDetection

Enumerator String Definition	Description
Enable	Enable
Disable	Disable

Enumeration type definition to specify as anonymousIpRestriction

Enumerator String Definition	Description
Deny	Deny

Enumeration type definition to specify as hostingProviderIpDetection

Enumerator String Definition	Description
Enable	Enable
Disable	Disable

Enumeration type definition to specify as hostingProviderIpRestriction

Enumerator String Definition	Description
Deny	Deny

Enumeration type definition to specify as reputationIpDetection

Enumerator String Definition	Description
Enable	Enable
Disable	Disable

Enumeration type definition to specify as reputationIpRestriction

Enumerator String Definition	Description
Deny	Deny

Enumeration type definition to specify as ipAddressesDetection

Enumerator String Definition	Description
Enable	Enable
Disable	Disable

Enumeration type definition to specify as ipAddressRestriction

Enumerator String Definition	Description
Allow	Allow
Deny	Deny