change client IP headers to use colons

anthony-gomez-fastly · anthony-gomez-fastly · commit acad3c319dd8 · 2025-11-10T10:38:03.000-05:00
diff --git a/pkg/commands/ngwaf/workspaces/create.go b/pkg/commands/ngwaf/workspaces/create.go
@@ -49,7 +49,7 @@ func NewCreateCommand(parent argparser.Registerer, g *global.Data) *CreateComman
 
 	// Optional.
 	c.CmdClause.Flag("attackThresholds", "Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. Input accepted as colon separated string: Immediate:OneMinute:TenMinutes:OneHour").Action(c.attackThresholds.Set).StringVar(&c.attackThresholds.Value)
-	c.CmdClause.Flag("clientIPHeaders", "Specify the request header containing the client IP address. Input accepted as comma separated string.").Action(c.clientIPHeaders.Set).StringVar(&c.clientIPHeaders.Value)
+	c.CmdClause.Flag("clientIPHeaders", "Specify the request header containing the client IP address. Input accepted as colon separated string.").Action(c.clientIPHeaders.Set).StringVar(&c.clientIPHeaders.Value)
 	c.CmdClause.Flag("defaultBlockingCode", "Default status code that is returned when a request to your web application is blocked.").Action(c.defaultBlockingCode.Set).IntVar(&c.defaultBlockingCode.Value)
 	c.CmdClause.Flag("defaultRedirectURL", "Redirect url to be used if code 301 or 302 is used.").Action(c.defaultRedirectURL.Set).StringVar(&c.defaultRedirectURL.Value)
 	c.CmdClause.Flag("ipAnonimization", "Agents will anonymize IP addresses according to the option selected.").Action(c.ipAnonimization.Set).StringVar(&c.ipAnonimization.Value)
@@ -73,7 +73,7 @@ func (c *CreateCommand) Exec(_ io.Reader, out io.Writer) error {
 		}
 	}
 	if c.clientIPHeaders.WasSet {
-		input.ClientIPHeaders = strings.Split(c.clientIPHeaders.Value, ",")
+		input.ClientIPHeaders = strings.Split(c.clientIPHeaders.Value, ":")
 	}
 	if c.defaultBlockingCode.WasSet {
 		input.DefaultBlockingResponseCode = &c.defaultBlockingCode.Value
@@ -105,6 +105,9 @@ func (c *CreateCommand) Exec(_ io.Reader, out io.Writer) error {
 
 func parseAttackSignalThresholds(thresholds string) (*workspaces.AttackSignalThresholdsCreateInput, error) {
 	thresholdsArray := strings.Split(thresholds, ":")
+	if len(thresholdsArray) != 4 {
+		return nil, errors.New("wrong number of inputs for Attack Signal Thresholds")
+	}
 	immediate, err := strconv.ParseBool(thresholdsArray[0])
 	if err != nil {
 		return nil, err
diff --git a/pkg/commands/ngwaf/workspaces/workspaces_test.go b/pkg/commands/ngwaf/workspaces/workspaces_test.go
@@ -16,10 +16,11 @@ import (
 )
 
 const (
-	workspaceDescription = "NGWAFCLIWorkspace"
-	workspaceID          = "someID"
-	workspaceMode        = "log"
-	workspaceName        = "CLIWorkspace"
+	workspaceDescription     = "NGWAFCLIWorkspace"
+	workspaceClientIPHeaders = "these:are:headers"
+	workspaceID              = "someID"
+	workspaceMode            = "log"
+	workspaceName            = "CLIWorkspace"
 )
 
 var workspace = workspaces.Workspace{
@@ -29,11 +30,12 @@ var workspace = workspaces.Workspace{
 		TenMinutes: 0,
 		OneHour:    0,
 	},
-	CreatedAt:   testutil.Date,
-	Description: workspaceDescription,
-	Mode:        workspaceMode,
-	Name:        workspaceName,
-	WorkspaceID: workspaceID,
+	ClientIPHeaders: []string{"these", "are", "headers"},
+	CreatedAt:       testutil.Date,
+	Description:     workspaceDescription,
+	Mode:            workspaceMode,
+	Name:            workspaceName,
+	WorkspaceID:     workspaceID,
 }
 
 func TestWorkspacesCreate(t *testing.T) {
@@ -68,7 +70,7 @@ func TestWorkspacesCreate(t *testing.T) {
 		},
 		{
 			Name: "validate API success",
-			Args: fmt.Sprintf("--description %s --name %s --blockingMode %s", workspaceDescription, workspaceName, workspaceMode),
+			Args: fmt.Sprintf("--description %s --name %s --blockingMode %s --clientIPHeaders %s", workspaceDescription, workspaceName, workspaceMode, workspaceClientIPHeaders),
 			Client: &http.Client{
 				Transport: &testutil.MockRoundTripper{
 					Response: &http.Response{
@@ -82,7 +84,7 @@ func TestWorkspacesCreate(t *testing.T) {
 		},
 		{
 			Name: "validate optional --json flag",
-			Args: fmt.Sprintf("--description %s --name %s --blockingMode %s --json", workspaceDescription, workspaceName, workspaceMode),
+			Args: fmt.Sprintf("--description %s --name %s --blockingMode %s --clientIPHeaders %s --json", workspaceDescription, workspaceName, workspaceMode, workspaceClientIPHeaders),
 			Client: &http.Client{
 				Transport: &testutil.MockRoundTripper{
 					Response: &http.Response{
