Skip to content

Releases: wallarm/wallarm-go

v0.13.0

Choose a tag to compare

@concentrator concentrator released this 28 May 00:34
23136bb

[v0.13.0] - 2026-05-28

Adds the APIDiscovery client interface for reading and upserting the per-tenant API Discovery configuration.

New Features

  • feat(api_discovery): new APIDiscovery interface with APIDiscoveryConfigRead(clientID int) and APIDiscoveryConfigUpdate(clientID int, cfg *APIDiscoveryConfig) error methods. Backing structs: APIDiscoveryConfig + APIDiscoveryProtocols, APIDiscoverySensitiveSamples, APIDiscoveryEndpointStability, APIDiscoveryServerVariability, APIDiscoveryServerVariabilityByCustomPaths, APIDiscoveryExtensionsWhitelist. Composed into the aggregate API interface in config.go.

v0.12.2

Choose a tag to compare

@concentrator concentrator released this 04 May 06:33
67684c9

[v0.12.2] - 2026-05-04

Upgrade Steps

  • [ACTION REQUIRED] Direct callers of ActionCreate / ActionBody must rename MaxAliasesSizeKbMaxAliases. JSON tag (max_aliases) is unchanged.

Breaking Changes

  • ActionCreate.MaxAliasesSizeKb and ActionBody.MaxAliasesSizeKb renamed to MaxAliases — count (number of GraphQL aliases), not kilobytes.

New Features

  • HintUpdateV3Params.MaxAliases *int — adds the missing GraphQL-detection alias-count field to the Update payload. Probe-confirmed the API accepts in-place mutation on PUT.

v0.12.1

Choose a tag to compare

@concentrator concentrator released this 01 May 02:54
aa7e8ae

[v0.12.1] - 2026-05-01

ActionCreate rate-limit fields switched to *int so callers can transmit literal zero. Non-pointer int+omitempty was silently dropping zero, and the Wallarm API rejected the resulting payload as can't be blank.

Upgrade Steps

  • [ACTION REQUIRED] Direct callers of ActionCreate must wrap zero values in pointers: Rate: lo.ToPtr(0), Burst: lo.ToPtr(0), Delay: lo.ToPtr(0), OverlimitTime: lo.ToPtr(0). Non-pointer assignments no longer compile.

Breaking Changes

  • ActionCreate.Rate, .Burst, .Delay, .OverlimitTime changed from int to *int. RspStatus stays int (valid range 400..599 excludes zero, so omitempty correctly drops absent). HintUpdateV3Params and ActionBody are unchanged — only the Create body needed the pointer migration.

v0.12.0

Choose a tag to compare

@concentrator concentrator released this 28 Apr 09:35
67170bc

[v0.12.0] - 2026-04-28

Expose the full mutable-rule-field surface on HintUpdateV3Params and let callers detect HintDelete no-ops via the response body.

Upgrade Steps

  • [ACTION REQUIRED] HintDelete signature changed from (*HintDelete) error to (*HintDelete) (*HintDeleteResp, error). Code using _, err := api.HintDelete(...) keeps compiling; call sites that stored the function reference or used named returns must update.

Breaking Changes

  • HintDelete returns (*HintDeleteResp, error) — the new HintDeleteResp{Status int, Body []ActionBody} exposes the API response. Inspect len(resp.Body) == 0 to detect the no-op path: the Wallarm API returns HTTP 200 in all cases (rule already absent, never existed, or delete blocked server-side as for counter hints), and the body is the only signal of whether anything was actually deleted.

New Features

  • HintUpdateV3Params extended with the full mutable-field surface — adds 30+ new pointer fields (omitempty) covering common attributes (Title, Active, Set), per-rule fields (Mode, AttackType, Stamp, Regex, LoginRegex, CaseSensitive, CredStuffType, Size, GraphQL limits, OverlimitTime, Parser, State, rate-limit knobs, response-header Name/Values, FileType), and mitigation-control nested structs (Threshold, Reaction, EnumeratedParameters). Existing Comment and VariativityDisabled are unchanged. Pointer + omitempty semantics let callers send only the fields they want to update; nil fields stay out of the wire payload.

v0.11.0

Choose a tag to compare

@concentrator concentrator released this 24 Apr 09:45
d1bac39

[v0.11.0] - 2026-04-24

API spec client expansion with new endpoints and payload fields, plus Go-idiomatic initialism renames across the API spec and rules settings types.

Upgrade Steps

  • [ACTION REQUIRED] Rename any wallarm.ApiSpec* references in downstream code to wallarm.APISpec* (types, methods, fields, error strings) — affects ApiSpecCreate, ApiSpecRead, ApiSpecDelete, ApiSpecBody, and related identifiers across api_spec.go and get_hits.go.
  • [ACTION REQUIRED] Rename RulesSettingsResponseBody.ClientId to ClientID. JSON tag clientid is unchanged.

Breaking Changes

  • API spec identifiers renamed to idiomatic Go initialisms — every ApiSpec* symbol is now APISpec* (types, methods, fields, test names, error messages). JSON tags are unchanged. Pattern-matching consumers must rename.
  • RulesSettingsResponseBody.ClientId renamed to ClientID — JSON tag stays clientid.

New Features

  • New API spec endpointsAPISpecReadByID (GET by id), APISpecUpdate (PUT), and APISpecList (paginated list) replace the old list-and-filter read flow.
  • API spec policy endpointAPISpecPolicyPut for managing API spec policies, with new APISpecPolicy, APISpecPolicyCondition, and APISpecPolicyResp types.
  • Extended APISpecBody — added policy, auth_headers, file, and format fields, plus supporting types APISpecAuthHeader, APISpecFile, APISpecUpdate, and APISpecListResp.
  • APISpecCreate.AuthHeaders — auth headers for URL-based spec fetch are now settable on create, matching the update/read surface.

Bug Fixes

  • APISpecReadByID treats HTTP 404 as ErrNotFound — callers can detect deleted specs via errors.Is(err, ErrNotFound).
  • APISpecUpdate and APISpecPolicyPut treat HTTP 404 as ErrNotFound; APISpecDelete treats 404 as idempotent success — consistent not-found semantics across the api_spec surface.
  • APISpecUpdate field types switched to pointersTitle, Description, FileRemoteURL are now *string and AuthHeaders is *[]APISpecAuthHeader. omitempty on plain types silently dropped empty-string/empty-slice values, preventing callers from clearing fields via PUT. Pointer semantics let callers distinguish "unset" from "clear".
  • APISpecPolicy.Conditions no longer has omitempty — the Wallarm API requires the field to always be present in PUT body (empty array is valid).

Other Changes

  • Unit tests for APISpecReadByID, APISpecUpdate, APISpecList, and APISpecPolicyPut, plus HTTP 404 coverage for APISpecReadByID, APISpecUpdate, APISpecPolicyPut, and APISpecDelete.
  • Test alignment — api_spec test function names and error strings updated to match the APISpec* rename.
  • README — Capabilities bullet for API specs expanded to cover the new CRUD surface, auth headers, and policies.

v0.10.0

Choose a tag to compare

@concentrator concentrator released this 20 Apr 13:28
5782587

Released: April 20, 2026

Expands the client with Attack, Activity Log, and Security Issues APIs, plus
consistency improvements on request validation. Includes two breaking changes
for consumers of GetSecurityIssuesResp.

Features

  • Attack APIs: AttackRead, AttackCount, AttackIP, HitDetails,
    HitRaw for attack inspection and hit retrieval.
  • Activity Log: ActivityLogRead with object-type filtering.
  • Security Issues: GetSecurityIssues, GetSecurityIssueGroups,
    GetSecurityIssueGroupsCount, and related methods for the
    /v1/security_issues endpoints.
  • Cursor pagination on AttackRead (Cursor, Paging fields, all
    omitempty — offset-based callers unaffected).
  • Hit block-status filter: HitsFilter.BlockStatus []string.

Improvements

  • Nil-input guards on all new request methods (attack + security issues).
  • IPListSearch query encoding fixed to use nested-filter syntax
    (filter[rule_type][], filter[list], filter[query]).
  • Attack and ActivityLog added to the API interface.

Breaking Changes

  • SecurityIssueMitigations.Vpatch is now *SecurityIssueVPatch with
    json:"vpatch,omitempty". Consumers must nil-check before accessing
    Vpatch.RuleID — the API legitimately returns issues without a vpatch.
  • GetSecurityIssuesResp and related types use Go-idiomatic initialisms
    (ID, URL, ClientID, HTTPMethod, AASMTemplate, RuleID). JSON
    tags unchanged; downstream code pattern-matching on Go field names must
    rename.

Upgrade

go get github.com/wallarm/wallarm-go@v0.10.0

v0.9.1

Choose a tag to compare

@concentrator concentrator released this 18 Apr 19:06
170bc6b

Breaking Changes

  • Removed VulnPrefix from ClientCreate struct and ClientInfoBody — the field was removed from the Wallarm API. Sending it causes errors.
  • Removed get_vulns.goVulnerability interface and GetVulnRead method removed. Unused by the provider.

Improvements

  • make lint target — added golangci-lint to GNUmakefile.
  • Test coverage 25.8% → 79.5% — added unit tests for all API methods: Client CRUD, Action/Hint CRUD, IP lists (deny/allow/gray), integrations (11 types), triggers, users, API specs, hits, security issues, credential stuffing, wallarm mode, overlimit settings, utils.

v0.9.0

Choose a tag to compare

@KNechaevWallarm KNechaevWallarm released this 31 Mar 17:44
Adds changelog, fixes attackid filter struct

v0.8.0

Choose a tag to compare

@KNechaevWallarm KNechaevWallarm released this 17 Mar 15:58

Update retry policy and timeous
Added hits fetch mode by attack_id
Implemented APIError type
Updated resource_tenant

v0.7.0

Choose a tag to compare

@KNechaevWallarm KNechaevWallarm released this 12 Mar 16:15

removed outdated components