Merge pull request #400 from SalesforceCommerceCloud/release/20240328

@W-15247878 - Release 2.15.0

Author: alexvuong

CHANGELOG.md

@@ -10,11 +10,23 @@ only use JavaScript, or if you use TypeScript but only import the client classes
 then your usage **will not change**. You will likely only need to make changes if
 you import the type definitions directly.
 
+## v2.15.0
+
+#### API Changes
+
+- Update APIs for [Shopper Search](https://developer.salesforce.com/docs/commerce/commerce-api/references/about-commerce-api/about.html#282024)
+
+* New Endpoints
+
+  | **Endpoint Name** | **Description**                   |
+  | ------------- |-----------------------------------|
+  | getWafManagedRulesets | Retrieves WAFv2 managed rulesets. |
+  | updateWafManagedRuleset | Updates WAFv2 managed ruleset.    |  
 
 ## v2.14.0
 
 * Shopper SEO API*
-* 
+
 * New Endpoints
 
   | **Endpoint Name** | **Description** |

apis/cdn/cdn-api-process-apis/.metadata.json

@@ -1,10 +1,10 @@
 {
-  "id": "893f605e-10e2-423a-bdb4-f952f56eb6d8/cdn-api-process-apis/1.0.27",
+  "id": "893f605e-10e2-423a-bdb4-f952f56eb6d8/cdn-api-process-apis/1.0.29",
   "name": "CDN Zones",
   "description": "Extend your eCDN beyond Business Manager configuration.",
   "groupId": "893f605e-10e2-423a-bdb4-f952f56eb6d8",
   "assetId": "cdn-api-process-apis",
-  "version": "1.0.27",
+  "version": "1.0.29",
   "categories": {
     "API layer": [
       "Process"

apis/cdn/cdn-api-process-apis/cdn-zones-description.md

@@ -9,10 +9,14 @@ Use the API to:
 - Customize how users interact with resources and how requests are processed, including custom pages and routing rules.
 - Provide proactive and complete application protection against new and existing exploits from bad actors.
 
-## Access
+## Authentication & Authorization
 
 For resource access, you must use a client ID and client secret from Account Manager to request an access token. The access token is used as a bearer token and added to the `Authorization` header of your API request.
 
 The API client must also have at least one of the following OAuth scopes: `sfcc.cdn-zones` or `sfcc.cdn-zones.rw`.
 
 For detailed setup instructions, see the [Authorization for Admin APIs](https://developer.salesforce.com/docs/commerce/commerce-api/guide/authorization-for-admin-apis.html) guide.
+
+## Use Cases
+
+For detailed usage information, refer to the [CDN Zones Guides.](https://developer.salesforce.com/docs/commerce/commerce-api/guide/cdn-zones.html)

apis/cdn/cdn-api-process-apis/cdnapi-process-api.raml

@@ -63,6 +63,8 @@ types:
   RateLimitingRule: !include dataTypes/RateLimitingRule.raml
   RateLimitingRulesPostRequest: !include dataTypes/RateLimitingRulesPostRequest.raml
   RateLimitingRulesPatchRequest: !include dataTypes/RateLimitingRulesPatchRequest.raml
+  WAFManagedRuleset: !include dataTypes/WAFManagedRuleset.raml
+  WAFManagedRulesetRequest: !include dataTypes/WAFManagedRulesetRequest.raml
 
   ZonesEnvelope:
     type: CollectionResponseEnvelope
@@ -174,6 +176,16 @@ types:
     properties:
       data:
         type: RateLimitingRule[]
+  WAFManagedRulesetsEnvelope:
+    type: CollectionResponseEnvelope
+    properties:
+      data:
+        type: WAFManagedRuleset[]
+  WAFManagedRulesetEnvelope:
+    type: ItemResponseEnvelope
+    properties:
+      data:
+        type: WAFManagedRuleset
 
 traits:
   hasUnauthorizedResponse: !include traits/HasUnauthorizedResponse.raml
@@ -226,7 +238,7 @@ traits:
     get:
       is: [hasResourceNotFoundResponse]
       displayName: getWafGroups
-      description: Retrieves all WAF groups accessible to the caller.
+      description: Retrieves all WAF groups accessible to the caller. Not applicable for zones using WAFv2. For any zones created after the 24.5 release, use the endpoints for WAF managed rulesets instead.
       responses:
         '200':
           description: Successfully retrieved details of WAF groups that caller has access to.
@@ -242,7 +254,7 @@ traits:
       put:
         is: [hasUnauthorizedResponse, hasForbiddenAccessResponse, hasInternalServerErrorResponse, hasBadRequestResponse]
         displayName: updateWafGroup
-        description: Update action or mode of a specific WAF group.
+        description: Updates action or mode of a specific WAF group. Not applicable for zones using WAFv2. For any zones created after the 24.5 release, use the endpoints for WAF managed rulesets instead.
         body:
           application/json:
             type: WafGroup
@@ -263,7 +275,7 @@ traits:
     get:
       is: [hasResourceNotFoundResponse]
       displayName: getWafRules
-      description: Retrieve WAF rules under the waf group specified by the caller.
+      description: Retrieves WAF rules under the waf group specified by the caller. Not applicable for zones using WAFv2. For any zones created after the 24.5 release, use the endpoints for WAF managed rulesets instead.
       queryParameters:
         groupId:
           displayName: GroupId
@@ -286,7 +298,7 @@ traits:
       get:
         is: [hasResourceNotFoundResponse]
         displayName: getWafRule
-        description: Retrieve details of a specific WAF rule.
+        description: Retrieves details of a specific WAF rule. Not applicable for zones using WAFv2. For any zones created after the 24.5 release, use the endpoints for WAF managed rulesets instead.
         responses:
           '200':
             description: Successfully retrieved details of the WAF rule requested by the caller.
@@ -300,7 +312,7 @@ traits:
       put:
         is: [hasBadRequestResponse]
         displayName: updateWafRule
-        description: Update action of a specific WAF rule.
+        description: Updates action of a specific WAF rule. Not applicable for zones using WAFv2. For any zones created after the 24.5 release, use the endpoints for WAF managed rulesets instead.
         body:
           application/json:
             type: WafRule
@@ -510,7 +522,9 @@ traits:
           body:
             application/json:
               type: CertificatesEnvelope
-              example: !include /examples/zone/certificates-get-response.raml
+              examples:
+                  Proxy Zone Certificates Response: !include /examples/zone/certificates-get-response1.raml
+                  Legacy Zone Certificates Response: !include /examples/zone/certificates-get-response2.raml
       securedBy:
         - CommerceCloudStandards.BearerToken: { scopes: [ sfcc.cdn-zones, sfcc.cdn-zones.rw ] }
         - CommerceCloudStandards.AmOAuth2
@@ -941,4 +955,38 @@ traits:
             description: Successfully deleted the rate limiting rule requested by the caller.
         securedBy:
         - CommerceCloudStandards.BearerToken: { scopes: [ sfcc.cdn-zones.rw ] }
-        - CommerceCloudStandards.AmOAuth2
+        - CommerceCloudStandards.AmOAuth2
+  /zones/{zoneId}/firewall-managed/rulesets:
+    is: [hasUnauthorizedResponse, hasForbiddenAccessResponse, hasInternalServerErrorResponse, hasResourceNotFoundResponse]
+    get:
+      displayName: getWafManagedRulesets
+      description: Retrieves WAFv2 managed rulesets.
+      responses:
+        '200':
+          description: Successfully returned the list of WAF managed rulesets.
+          body:
+            application/json:
+              type: WAFManagedRulesetsEnvelope
+              example: !include /examples/wafmanagedrulesets/waf-managed-rulesets-response.raml
+      securedBy:
+      - CommerceCloudStandards.BearerToken: { scopes: [ sfcc.cdn-zones, sfcc.cdn-zones.rw ] }
+      - CommerceCloudStandards.AmOAuth2
+    /{rulesetId}:
+      is: [hasBadRequestResponse, hasUnauthorizedResponse, hasForbiddenAccessResponse, hasInternalServerErrorResponse, hasResourceNotFoundResponse]
+      patch:
+        displayName: updateWafManagedRuleset
+        description: Updates WAFv2 managed ruleset.
+        body:
+          application/json:
+            type: WAFManagedRulesetRequest
+            example: !include /examples/wafmanagedrulesets/waf-managed-rulesets-update-request.raml
+        responses:
+          '200':
+            description: Successfully returned the updated WAF managed rulesets.
+            body:
+              application/json:
+                type: WAFManagedRulesetEnvelope
+                example: !include /examples/wafmanagedrulesets/waf-managed-rulesets-update-response.raml
+        securedBy:
+        - CommerceCloudStandards.BearerToken: { scopes: [ sfcc.cdn-zones.rw ] }
+        - CommerceCloudStandards.AmOAuth2

apis/cdn/cdn-api-process-apis/dataTypes/Certificate.raml

@@ -9,12 +9,15 @@ properties:
   hosts:
     description: List of hosts the certificate applies to.
     type: string[]
+    required: false
   expiresOn:
     description: Date of expiration for the certificate.
     type: datetime
+    required: false
   uploadedOn:
     description: Date the certificate was uploaded.
     type: datetime
+    required: false
   issuer:
     description: The certificate authority that issued the certificate.
     type: string

apis/cdn/cdn-api-process-apis/dataTypes/SecuritySetting.raml

@@ -14,7 +14,7 @@ properties:
     type: boolean
     required: false
   wafEnabled:
-    description: Enable WAF (OWASP) protection for this zone.
+    description: Enable WAF (OWASP) protection for this zone. Not applicable for zones using WAFv2.
     type: boolean
     required: false
   alwaysUseHttps:

apis/cdn/cdn-api-process-apis/dataTypes/WAFManagedRuleset.raml

@@ -0,0 +1,35 @@
+#%RAML 1.0 DataType
+description: A WAF managed ruleset.
+type: object
+properties:
+  name:
+    description: The name of the WAF managed ruleset.
+    type: string
+    example: OWASP Core Ruleset
+  rulesetId:
+    description: The ID of the WAF managed ruleset.
+    type: string
+    example: 4814384a9e5d4991b9815dcfc25d2f1f
+  action:
+    description: The action applied by the WAF managed ruleset.
+    type: string
+    example: default
+  anomalyScore:
+    description: The anomaly score threshold of the WAF managed ruleset. Only applicable for the OWASP Core Ruleset.
+    type: string
+    example: low
+    required: false
+  anomalyScoreThreshold:
+    description: The numerical value of the anomaly score threshold of the WAF managed ruleset. Only applicable for the OWASP Core Ruleset.
+    type: integer
+    example: 60
+    required: false
+  paranoiaLevel:
+    description: The paranoia level of the WAF managed ruleset. Higher paranoia levels activate more aggressive rules. Only applicable for the OWASP Core Ruleset.
+    type: integer
+    example: 1
+    required: false
+  enabled:
+    description: Whether or not the WAF managed ruleset is enabled.
+    type: boolean
+    example: true

apis/cdn/cdn-api-process-apis/dataTypes/WAFManagedRulesetRequest.raml

@@ -0,0 +1,24 @@
+#%RAML 1.0 DataType
+description: A WAF managed ruleset request body.
+type: object
+properties:
+  action:
+    description: The action applied by the WAF managed ruleset.
+    type: string
+    example: default
+    required: false
+  anomalyScore:
+    description: The anomaly score threshold of the WAF managed ruleset. Only applicable for the OWASP Core Ruleset.
+    type: string
+    example: low
+    required: false
+  paranoiaLevel:
+    description: The paranoia level of the WAF managed ruleset. Higher paranoia levels activate more aggressive rules. Only applicable for the OWASP Core Ruleset.
+    type: integer
+    example: 1
+    required: false
+  enabled:
+    description: Whether or not the WAF managed ruleset is enabled.
+    type: boolean
+    example: true
+    required: false

apis/cdn/cdn-api-process-apis/examples/wafmanagedrulesets/waf-managed-rulesets-response.raml

@@ -0,0 +1,27 @@
+#%RAML 1.0 NamedExample
+value:
+  {
+    "data": [
+        {
+            "name": "Managed Ruleset",
+            "rulesetId": "efb7b8c949ac4650a09736fc376e9aee",
+            "action": "default",
+            "enabled": true
+        },
+        {
+            "name": "OWASP Core Ruleset",
+            "rulesetId": "4814384a9e5d4991b9815dcfc25d2f1f",
+            "action": "log",
+            "anomalyScoreThreshold": 25,
+            "anomalyScore": "high",
+            "paranoiaLevel": 1,
+            "enabled": true
+        },
+        {
+            "name": "Leaked Crednetials Check Ruleset",
+            "rulesetId": "c2e184081120413c86c3ab7e14069605",
+            "action": "block",
+            "enabled": true
+        }
+    ]
+  }

apis/cdn/cdn-api-process-apis/examples/wafmanagedrulesets/waf-managed-rulesets-update-request.raml

@@ -0,0 +1,6 @@
+#%RAML 1.0 NamedExample
+value:
+  {
+    "action": "js_challenge",
+    "enabled": true
+  }