Cloudpods/backend/pkg/compute/models/waf_rules.go

// Copyright 2019 Yunion
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package models

import (
	"context"

	"yunion.io/x/cloudmux/pkg/cloudprovider"
	"yunion.io/x/jsonutils"
	"yunion.io/x/pkg/errors"
	"yunion.io/x/pkg/tristate"
	"yunion.io/x/pkg/util/compare"
	"yunion.io/x/pkg/util/rbacscope"
	"yunion.io/x/sqlchemy"

	"yunion.io/x/onecloud/pkg/apis"
	api "yunion.io/x/onecloud/pkg/apis/compute"
	"yunion.io/x/onecloud/pkg/cloudcommon/db"
	"yunion.io/x/onecloud/pkg/cloudcommon/db/lockman"
	"yunion.io/x/onecloud/pkg/cloudcommon/db/taskman"
	"yunion.io/x/onecloud/pkg/cloudcommon/validators"
	"yunion.io/x/onecloud/pkg/httperrors"
	"yunion.io/x/onecloud/pkg/mcclient"
	"yunion.io/x/onecloud/pkg/util/stringutils2"
)

type SWafRuleManager struct {
	db.SEnabledStatusStandaloneResourceBaseManager
	db.SExternalizedResourceBaseManager
}

var WafRuleManager *SWafRuleManager

func init() {
	WafRuleManager = &SWafRuleManager{
		SEnabledStatusStandaloneResourceBaseManager: db.NewEnabledStatusStandaloneResourceBaseManager(
			SWafRule{},
			"waf_rules_tbl",
			"waf_rule",
			"waf_rules",
		),
	}
	WafRuleManager.SetVirtualObject(WafRuleManager)
}

type SWafRule struct {
	db.SEnabledStatusStandaloneResourceBase
	db.SExternalizedResourceBase

	// 规则优先级
	Priority int `nullable:"false" default:"0" list:"domain" create:"optional"`
	// 规则默认行为
	Action *cloudprovider.DefaultAction `charset:"utf8" nullable:"true" list:"user" update:"domain" create:"required"`
	// 条件
	StatementConditon cloudprovider.TWafStatementCondition `width:"20" charset:"ascii" nullable:"false" list:"domain" create:"optional"`
	// 条件表达式
	Expression string `width:"512" charset:"ascii" nullable:"false" list:"domain" create:"optional"`
	// 规则类型
	Type string `width:"20" charset:"ascii" nullable:"false" list:"domain" create:"optional"`
	// 规则配置
	Config jsonutils.JSONObject `width:"512" charset:"utf8" nullable:"true" list:"domain" create:"optional"`
	// 规则组的id
	WafRuleGroupId string `width:"36" charset:"ascii" nullable:"false" list:"domain" create:"optional"`
	// 所属waf实例id
	WafInstanceId string `width:"36" charset:"ascii" nullable:"false" list:"domain" create:"optional"`
}

func (manager *SWafRuleManager) FetchUniqValues(ctx context.Context, data jsonutils.JSONObject) jsonutils.JSONObject {
	values := struct {
		WafRuleGroupId string
		WafInstanceId  string
	}{}
	data.Unmarshal(&values)
	return jsonutils.Marshal(values)
}

func (manager *SWafRuleManager) FilterByUniqValues(q *sqlchemy.SQuery, values jsonutils.JSONObject) *sqlchemy.SQuery {
	data := struct {
		WafRuleGroupId string
		WafInstanceId  string
	}{}
	if len(data.WafRuleGroupId) > 0 {
		q = q.Equals("waf_rule_group_id", data.WafRuleGroupId)
	}
	if len(data.WafInstanceId) > 0 {
		q = q.Equals("waf_instance_id", data.WafInstanceId)
	}
	return q
}

func (manager *SWafRuleManager) FetchOwnerId(ctx context.Context, data jsonutils.JSONObject) (mcclient.IIdentityProvider, error) {
	values := struct {
		WafRuleGroupId string
		WafInstanceId  string
	}{}
	data.Unmarshal(&values)
	if len(values.WafInstanceId) > 0 {
		ins, err := db.FetchById(WafInstanceManager, values.WafInstanceId)
		if err != nil {
			return nil, errors.Wrapf(err, "db.FetchById(WafInstanceManager, %s)", values.WafInstanceId)
		}
		waf := ins.(*SWafInstance)
		return waf.GetOwnerId(), nil
	}
	if len(values.WafRuleGroupId) > 0 {
		rg, err := db.FetchById(WafRuleGroupManager, values.WafRuleGroupId)
		if err != nil {
			return nil, errors.Wrapf(err, "db.FetchById(WafRuleGroupManager, %s)", values.WafRuleGroupId)
		}
		return rg.GetOwnerId(), nil
	}
	return db.FetchDomainInfo(ctx, data)
}

func (manager *SWafRuleManager) FilterByOwner(ctx context.Context, q *sqlchemy.SQuery, man db.FilterByOwnerProvider, userCred mcclient.TokenCredential, ownerId mcclient.IIdentityProvider, scope rbacscope.TRbacScope) *sqlchemy.SQuery {
	sq1 := WafInstanceManager.Query("id")
	sq1 = db.SharableManagerFilterByOwner(ctx, WafInstanceManager, sq1, userCred, ownerId, scope)
	sq2 := WafRuleGroupManager.Query("id")
	sq2 = db.SharableManagerFilterByOwner(ctx, WafRuleGroupManager, sq2, userCred, ownerId, scope)
	return q.Filter(sqlchemy.OR(
		sqlchemy.In(q.Field("waf_instance_id"), sq1.SubQuery()),
		sqlchemy.In(q.Field("waf_rule_group_id"), sq2.SubQuery()),
	))
}

func (manager *SWafRuleManager) ValidateCreateData(ctx context.Context, userCred mcclient.TokenCredential, ownerId mcclient.IIdentityProvider, query jsonutils.JSONObject, input api.WafRuleCreateInput) (api.WafRuleCreateInput, error) {
	if len(input.WafInstanceId) > 0 {
		ins, err := validators.ValidateModel(ctx, userCred, WafInstanceManager, &input.WafInstanceId)
		if err != nil {
			return input, err
		}
		waf := ins.(*SWafInstance)
		if waf.Status != api.WAF_STATUS_AVAILABLE {
			return input, httperrors.NewInvalidStatusError("waf %s status is not available", waf.Name)
		}
		region, err := waf.GetRegion()
		if err != nil {
			return input, httperrors.NewGeneralError(errors.Wrapf(err, "GetRegion"))
		}
		input, err = region.GetDriver().ValidateCreateWafRuleData(ctx, userCred, waf, input)
		if err != nil {
			return input, err
		}
	} else if len(input.WafRuleGroupId) > 0 {
		return input, httperrors.NewInputParameterError("not implement")
	} else {
		return input, httperrors.NewMissingParameterError("waf_instance_id")
	}

	var err error
	input.EnabledStatusStandaloneResourceCreateInput, err = manager.SEnabledStatusStandaloneResourceBaseManager.ValidateCreateData(ctx, userCred, ownerId, query, input.EnabledStatusStandaloneResourceCreateInput)
	if err != nil {
		return input, err
	}

	return input, nil
}

func (self *SWafRule) PostCreate(ctx context.Context, userCred mcclient.TokenCredential, ownerId mcclient.IIdentityProvider, query jsonutils.JSONObject, data jsonutils.JSONObject) {
	self.SEnabledStatusStandaloneResourceBase.PostCreate(ctx, userCred, ownerId, query, data)

	input := &api.WafRuleCreateInput{}
	data.Unmarshal(input)

	for _, s := range input.Statements {
		statement := &SWafRuleStatement{}
		statement.SetModelManager(WafRuleStatementManager, statement)
		statement.SWafStatement = s
		statement.WafRuleId = self.Id
		WafRuleStatementManager.TableSpec().Insert(ctx, statement)
	}

	self.StartCreateTask(ctx, userCred)
}

func (self *SWafRule) StartCreateTask(ctx context.Context, userCred mcclient.TokenCredential) error {
	task, err := taskman.TaskManager.NewTask(ctx, "WafRuleCreateTask", self, userCred, nil, "", "", nil)
	if err != nil {
		return errors.Wrapf(err, "NewTask")
	}
	self.SetStatus(ctx, userCred, api.WAF_RULE_STATUS_CREATING, "")
	return task.ScheduleRun(nil)
}

// 列出WAF规则
func (manager *SWafRuleManager) ListItemFilter(
	ctx context.Context,
	q *sqlchemy.SQuery,
	userCred mcclient.TokenCredential,
	query api.WafRuleListInput,
) (*sqlchemy.SQuery, error) {
	var err error

	q, err = manager.SEnabledStatusStandaloneResourceBaseManager.ListItemFilter(ctx, q, userCred, query.EnabledStatusStandaloneResourceListInput)
	if err != nil {
		return nil, errors.Wrap(err, "SEnabledStatusStandaloneResourceBaseManager.ListItemFilter")
	}

	q, err = manager.SExternalizedResourceBaseManager.ListItemFilter(ctx, q, userCred, query.ExternalizedResourceBaseListInput)
	if err != nil {
		return nil, errors.Wrap(err, "SExternalizedResourceBaseManager.ListItemFilter")
	}

	if len(query.Type) > 0 {
		q = q.Equals("type", query.Type)
	}

	if len(query.WafInstanceId) > 0 {
		_, err := validators.ValidateModel(ctx, userCred, WafInstanceManager, &query.WafInstanceId)
		if err != nil {
			return nil, err
		}
		q = q.Equals("waf_instance_id", query.WafInstanceId)
	}
	if len(query.WafRuleGroupId) > 0 {
		_, err := validators.ValidateModel(ctx, userCred, WafRuleGroupManager, &query.WafRuleGroupId)
		if err != nil {
			return nil, err
		}
		q = q.Equals("waf_rule_group_id", query.WafRuleGroupId)
	}

	return q, nil
}

func (manager *SWafRuleManager) FetchCustomizeColumns(
	ctx context.Context,
	userCred mcclient.TokenCredential,
	query jsonutils.JSONObject,
	objs []interface{},
	fields stringutils2.SSortedStrings,
	isList bool,
) []api.WafRuleDetails {
	rows := make([]api.WafRuleDetails, len(objs))
	stdRows := manager.SEnabledStatusStandaloneResourceBaseManager.FetchCustomizeColumns(ctx, userCred, query, objs, fields, isList)
	ruleIds := make([]string, len(objs))
	for i := range rows {
		rows[i] = api.WafRuleDetails{
			EnabledStatusStandaloneResourceDetails: stdRows[i],
		}
		ruleIds[i] = objs[i].(*SWafRule).Id
	}
	q := WafRuleStatementManager.Query().In("waf_rule_id", ruleIds)
	statements := []SWafRuleStatement{}
	err := q.All(&statements)
	if err != nil {
		return rows
	}
	statementMaps := map[string][]cloudprovider.SWafStatement{}
	for i := range statements {
		_, ok := statementMaps[statements[i].WafRuleId]
		if !ok {
			statementMaps[statements[i].WafRuleId] = []cloudprovider.SWafStatement{}
		}
		statementMaps[statements[i].WafRuleId] = append(statementMaps[statements[i].WafRuleId], statements[i].SWafStatement)
	}
	for i := range rows {
		rows[i].Statements, _ = statementMaps[ruleIds[i]]
	}

	return rows
}

func (self *SWafRule) GetWafInstance() (*SWafInstance, error) {
	waf, err := WafInstanceManager.FetchById(self.WafInstanceId)
	if err != nil {
		return nil, errors.Wrapf(err, "WafInstanceManager.FetchById(%s)", self.WafInstanceId)
	}
	return waf.(*SWafInstance), nil
}

func (self *SWafRule) GetWafRuleGroup() (*SWafRuleGroup, error) {
	rg, err := WafRuleGroupManager.FetchById(self.WafRuleGroupId)
	if err != nil {
		return nil, errors.Wrapf(err, "WafRuleGroupManager.FetchById(%s)", self.WafRuleGroupId)
	}
	return rg.(*SWafRuleGroup), nil
}

func (self *SWafRule) GetOwnerId() mcclient.IIdentityProvider {
	if len(self.WafInstanceId) > 0 {
		ins, err := self.GetWafInstance()
		if err != nil {
			return nil
		}
		return ins.GetOwnerId()
	}
	if len(self.WafRuleGroupId) > 0 {
		rg, err := self.GetWafRuleGroup()
		if err != nil {
			return nil
		}
		return rg.GetOwnerId()
	}
	return nil
}

func (manager *SWafRuleManager) ResourceScope() rbacscope.TRbacScope {
	return rbacscope.ScopeDomain
}

func (self *SWafInstance) GetWafRules() ([]SWafRule, error) {
	q := WafRuleManager.Query().Equals("waf_instance_id", self.Id)
	rules := []SWafRule{}
	err := db.FetchModelObjects(WafRuleManager, q, &rules)
	if err != nil {
		return nil, errors.Wrapf(err, "db.FetchModelObjects")
	}
	return rules, nil
}

func (self *SWafRule) CustomizeDelete(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, data jsonutils.JSONObject) error {
	return self.StartDeleteTask(ctx, userCred)
}

func (self *SWafRule) StartDeleteTask(ctx context.Context, userCred mcclient.TokenCredential) error {
	task, err := taskman.TaskManager.NewTask(ctx, "WafRuleDeleteTask", self, userCred, nil, "", "", nil)
	if err != nil {
		return errors.Wrapf(err, "NewTask")
	}
	self.SetStatus(ctx, userCred, api.WAF_RULE_STATUS_DELETING, "")
	return task.ScheduleRun(nil)
}

func (self *SWafRule) Delete(ctx context.Context, userCred mcclient.TokenCredential) error {
	return nil
}

func (self *SWafRule) RealDelete(ctx context.Context, userCred mcclient.TokenCredential) error {
	statements, err := self.GetRuleStatements()
	if err != nil {
		return errors.Wrapf(err, "GetRuleStatements")
	}
	for i := range statements {
		err = statements[i].Delete(ctx, userCred)
		if err != nil {
			return errors.Wrapf(err, "Delete statement %s(%s)", statements[i].Type, statements[i].MatchField)
		}
	}
	return self.SStatusStandaloneResourceBase.Delete(ctx, userCred)
}

func (self *SWafRule) syncRemove(ctx context.Context, userCred mcclient.TokenCredential) error {
	return self.RealDelete(ctx, userCred)
}

func (self *SWafRule) ValidateUpdateData(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, input api.WafRuleUpdateInput) (api.WafRuleUpdateInput, error) {
	var err error
	if len(input.Name) > 0 && input.Name != self.Name {
		return input, httperrors.NewInputParameterError("Not allow update rule name")
	}
	input.EnabledStatusStandaloneResourceBaseUpdateInput, err = self.SEnabledStatusStandaloneResourceBase.ValidateUpdateData(ctx, userCred, query, input.EnabledStatusStandaloneResourceBaseUpdateInput)
	if err != nil {
		return input, err
	}
	return input, nil
}

func (self *SWafRule) PostUpdate(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, data jsonutils.JSONObject) {
	self.SEnabledStatusStandaloneResourceBase.PostUpdate(ctx, userCred, query, data)

	input := api.WafRuleUpdateInput{}
	data.Unmarshal(&input)

	statements, err := self.GetRuleStatements()
	if err != nil {
		return
	}
	for i := len(input.Statements); i < len(statements); i++ {
		statements[i].Delete(ctx, userCred)
	}
	for i := len(statements); i < len(input.Statements); i++ {
		statement := &SWafRuleStatement{}
		statement.SetModelManager(WafRuleStatementManager, statement)
		statement.SWafStatement = input.Statements[i]
		statement.WafRuleId = self.Id
		WafRuleStatementManager.TableSpec().Insert(ctx, statement)
	}
	for i := 0; i < len(input.Statements) && i < len(statements); i++ {
		db.Update(&statements[i], func() error {
			statements[i].SWafStatement = input.Statements[i]
			return nil
		})
	}
	self.StartUpdateTask(ctx, userCred, "")
}

func (self *SWafRule) StartUpdateTask(ctx context.Context, userCred mcclient.TokenCredential, parentTaskId string) error {
	task, err := taskman.TaskManager.NewTask(ctx, "WafRuleUpdateTask", self, userCred, nil, parentTaskId, "", nil)
	if err != nil {
		return errors.Wrapf(err, "NewTask")
	}
	self.SetStatus(ctx, userCred, api.WAF_RULE_STATUS_UPDATING, "")
	return task.ScheduleRun(nil)
}

func (self *SWafRule) SyncWithCloudRule(ctx context.Context, userCred mcclient.TokenCredential, rule cloudprovider.ICloudWafRule) error {
	_, err := db.Update(self, func() error {
		var err error
		self.Action = rule.GetAction()
		self.StatementConditon = rule.GetStatementCondition()
		self.Priority = rule.GetPriority()
		self.Type = rule.GetType()
		self.Status = api.WAF_RULE_STATUS_AVAILABLE
		self.Name = rule.GetName()
		self.ExternalId = rule.GetGlobalId()
		self.Expression = rule.GetExpression()
		self.Config, err = rule.GetConfig()
		if err != nil {
			return errors.Wrapf(err, "GetConfig")
		}
		self.Enabled = tristate.NewFromBool(rule.GetEnabled())
		return nil
	})
	if err != nil {
		return errors.Wrapf(err, "db.Update")
	}
	return self.SyncStatements(ctx, userCred, rule)
}

func (self *SWafInstance) newFromCloudRule(ctx context.Context, userCred mcclient.TokenCredential, ext cloudprovider.ICloudWafRule) error {
	rule := &SWafRule{}
	rule.SetModelManager(WafRuleManager, rule)
	rule.WafInstanceId = self.Id
	rule.Name = ext.GetName()
	rule.Description = ext.GetDesc()
	rule.ExternalId = ext.GetGlobalId()
	rule.Action = ext.GetAction()
	rule.StatementConditon = ext.GetStatementCondition()
	rule.Priority = ext.GetPriority()
	rule.Type = ext.GetType()
	rule.Status = api.WAF_RULE_STATUS_AVAILABLE
	rule.Expression = ext.GetExpression()
	var err error
	rule.Config, err = ext.GetConfig()
	if err != nil {
		return errors.Wrapf(err, "GetConfig")
	}
	rule.Enabled = tristate.NewFromBool(ext.GetEnabled())
	err = WafRuleManager.TableSpec().Insert(ctx, rule)
	if err != nil {
		return errors.Wrapf(err, "Insert")
	}
	return rule.SyncStatements(ctx, userCred, ext)
}

func (self *SWafInstance) SyncWafRules(ctx context.Context, userCred mcclient.TokenCredential, exts []cloudprovider.ICloudWafRule) compare.SyncResult {
	lockman.LockRawObject(ctx, WafInstanceManager.Keyword(), self.Id)
	defer lockman.ReleaseRawObject(ctx, WafInstanceManager.Keyword(), self.Id)

	result := compare.SyncResult{}

	dbRules, err := self.GetWafRules()
	if err != nil {
		result.Error(err)
		return result
	}

	removed := make([]SWafRule, 0)
	commondb := make([]SWafRule, 0)
	commonext := make([]cloudprovider.ICloudWafRule, 0)
	added := make([]cloudprovider.ICloudWafRule, 0)
	if err := compare.CompareSets(dbRules, exts, &removed, &commondb, &commonext, &added); err != nil {
		result.Error(err)
		return result
	}

	for i := 0; i < len(removed); i++ {
		err := removed[i].syncRemove(ctx, userCred)
		if err != nil {
			result.DeleteError(err)
			continue
		}
		result.Delete()
	}

	for i := 0; i < len(commondb); i++ {
		err := commondb[i].SyncWithCloudRule(ctx, userCred, commonext[i])
		if err != nil {
			result.UpdateError(err)
			continue
		}
		result.Update()
	}

	for i := 0; i < len(added); i++ {
		err := self.newFromCloudRule(ctx, userCred, added[i])
		if err != nil {
			result.AddError(err)
			continue
		}
		result.Add()
	}

	return result
}

func (self *SWafRuleGroup) GetWafRules() ([]SWafRule, error) {
	q := WafRuleManager.Query().Equals("waf_rule_group_id", self.Id)
	rules := []SWafRule{}
	err := db.FetchModelObjects(WafRuleManager, q, &rules)
	return rules, err
}

func (self *SWafRuleGroup) newFromManagedRule(ctx context.Context, userCred mcclient.TokenCredential, ext SWafRule) error {
	ext.SetModelManager(WafRuleManager, &ext)
	ext.WafRuleGroupId = self.Id
	return WafRuleManager.TableSpec().Insert(ctx, &ext)
}

func (self *SWafRuleGroup) SyncManagedWafRules(ctx context.Context, userCred mcclient.TokenCredential, exts []SWafRule) (compare.SyncResult, error) {
	lockman.LockRawObject(ctx, WafRuleGroupManager.Keyword(), self.Id)
	defer lockman.ReleaseRawObject(ctx, WafRuleGroupManager.Keyword(), self.Id)

	result := compare.SyncResult{}

	dbRules, err := self.GetWafRules()
	if err != nil {
		return result, errors.Wrapf(err, "GetWafRules")
	}

	removed := make([]SWafRule, 0)
	commondb := make([]SWafRule, 0)
	commonext := make([]SWafRule, 0)
	added := make([]SWafRule, 0)
	err = compare.CompareSets(dbRules, exts, &removed, &commondb, &commonext, &added)
	if err != nil {
		return result, errors.Wrapf(err, "compare.CompareSets")
	}

	for i := 0; i < len(removed); i++ {
		err := removed[i].syncRemove(ctx, userCred)
		if err != nil {
			result.DeleteError(err)
			continue
		}
		result.Delete()
	}

	for i := 0; i < len(added); i++ {
		err := self.newFromManagedRule(ctx, userCred, added[i])
		if err != nil {
			result.AddError(err)
			continue
		}
		result.Add()
	}

	return result, nil
}

func (self *SWafRule) GetICloudWafInstance(ctx context.Context) (cloudprovider.ICloudWafInstance, error) {
	ins, err := self.GetWafInstance()
	if err != nil {
		return nil, errors.Wrapf(err, "GetWafInstance")
	}
	iWaf, err := ins.GetICloudWafInstance(ctx)
	if err != nil {
		return nil, errors.Wrapf(err, "GetICloudWafInstance")
	}
	return iWaf, nil

}

func (self *SWafRule) GetICloudWafRule(ctx context.Context) (cloudprovider.ICloudWafRule, error) {
	if len(self.ExternalId) == 0 {
		return nil, errors.Wrapf(cloudprovider.ErrNotFound, "empty external id")
	}
	if len(self.WafInstanceId) > 0 {
		iWaf, err := self.GetICloudWafInstance(ctx)
		if err != nil {
			return nil, errors.Wrapf(err, "GetICloudWafInstance")
		}
		rules, err := iWaf.GetRules()
		if err != nil {
			return nil, errors.Wrapf(err, "GetWafRules")
		}
		for i := range rules {
			if rules[i].GetGlobalId() == self.ExternalId {
				return rules[i], nil
			}
		}
		return nil, errors.Wrapf(cloudprovider.ErrNotFound, "%s", self.ExternalId)
	}
	return nil, errors.Wrapf(cloudprovider.ErrNotFound, "")
}

// 同步WAF规则状态
func (self *SWafRule) PerformSyncstatus(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, input api.WafSyncstatusInput) (jsonutils.JSONObject, error) {
	return nil, StartResourceSyncStatusTask(ctx, userCred, self, "WafRuleSyncstatusTask", "")
}

// 启用
func (self *SWafRule) PerformEnable(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, input api.WafRuleEnableInput) (jsonutils.JSONObject, error) {
	_, err := self.SEnabledStatusStandaloneResourceBase.PerformEnable(ctx, userCred, query, input.PerformEnableInput)
	if err != nil {
		return nil, err
	}
	return nil, self.StartSetEnabledTask(ctx, userCred, "")
}

func (self *SWafRule) StartSetEnabledTask(ctx context.Context, userCred mcclient.TokenCredential, parentTaskId string) error {
	params := jsonutils.NewDict()
	task, err := taskman.TaskManager.NewTask(ctx, "WafRuleSetEnabledTask", self, userCred, params, parentTaskId, "", nil)
	if err != nil {
		return errors.Wrap(err, "NewTask")
	}
	self.SetStatus(ctx, userCred, apis.STATUS_SYNC_STATUS, "")
	return task.ScheduleRun(nil)
}

// 禁用
func (self *SWafRule) PerformDisable(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, input api.WafRuleDisableInput) (jsonutils.JSONObject, error) {
	_, err := self.SEnabledStatusStandaloneResourceBase.PerformDisable(ctx, userCred, query, input.PerformDisableInput)
	if err != nil {
		return nil, err
	}
	return nil, self.StartSetEnabledTask(ctx, userCred, "")
}