Unbind app-protect from -preview-policies

nginxinc · Dec 10, 2021 · 4e47507 · 4e47507
1 parent cb8a7f1
commit 4e47507
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 22 deletions.
diff --git a/docs/content/configuration/policy-resource.md b/docs/content/configuration/policy-resource.md
@@ -357,8 +357,6 @@ For `kubectl get` and similar commands, you can also use the short name `pol` in
 
 ### WAF
 
-> **Feature Status**: WAF is available as a preview feature[^1]: We might introduce some backward-incompatible changes to the resource definition. The feature is disabled by default. To enable it, set the [enable-preview-policies](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-preview-policies) command-line argument of the Ingress Controller.
-
 > Note: This feature is only available in NGINX Plus with AppProtect.
 
 The WAF policy configures NGINX Plus to secure client requests using App Protect policies.

diff --git a/pkg/apis/configuration/validation/policy.go b/pkg/apis/configuration/validation/policy.go
@@ -84,10 +84,6 @@ func validatePolicySpec(spec *v1.PolicySpec, fieldPath *field.Path, isPlus, enab
  }
 
  if spec.WAF != nil {
- if !enablePreviewPolicies {
- allErrs = append(allErrs, field.Forbidden(fieldPath.Child("waf"),
- "waf is a preview policy. Preview policies must be enabled to use via cli argument -enable-preview-policies"))
- }
  if !isPlus {
  allErrs = append(allErrs, field.Forbidden(fieldPath.Child("waf"), "WAF is only supported in NGINX Plus"))
  }

diff --git a/pkg/apis/configuration/validation/policy_test.go b/pkg/apis/configuration/validation/policy_test.go
@@ -71,6 +71,19 @@ func TestValidatePolicy(t *testing.T) {
  enableAppProtect: true,
  msg: "use WAF(plus only) policy",
  },
+ {
+ policy: &v1.Policy{
+ Spec: v1.PolicySpec{
+ WAF: &v1.WAF{
+ Enable: true,
+ },
+ },
+ },
+ isPlus: true,
+ enablePreviewPolicies: false,
+ enableAppProtect: true,
+ msg: "WAF policy with preview policies disabled",
+ },
  }
  for _, test := range tests {
  err := ValidatePolicy(test.policy, test.isPlus, test.enablePreviewPolicies, test.enableAppProtect)
@@ -231,19 +244,6 @@ func TestValidatePolicyFails(t *testing.T) {
  enablePreviewPolicies: true,
  msg: "OIDC policy in OSS",
  },
- {
- policy: &v1.Policy{
- Spec: v1.PolicySpec{
- WAF: &v1.WAF{
- Enable: true,
- },
- },
- },
- isPlus: true,
- enablePreviewPolicies: false,
- enableAppProtect: true,
- msg: "WAF policy with preview policies disabled",
- },
  {
  policy: &v1.Policy{
  Spec: v1.PolicySpec{

diff --git a/tests/suite/test_app_protect_waf_policies.py b/tests/suite/test_app_protect_waf_policies.py
@@ -137,7 +137,6 @@ def assert_valid_responses(response) -> None:
  f"-enable-custom-resources",
  f"-enable-leader-election=false",
  f"-enable-app-protect",
- f"-enable-preview-policies",
  ],
  },
  {"example": "ap-waf", "app_type": "simple",},
@@ -390,7 +389,6 @@ def test_ap_waf_policy_logs(
  f"-enable-custom-resources",
  f"-enable-leader-election=false",
  f"-enable-app-protect",
- f"-enable-preview-policies",
  ],
  },
  {"example": "virtual-server-route"},

diff --git a/tests/suite/test_batch_startup_times.py b/tests/suite/test_batch_startup_times.py
@@ -412,7 +412,6 @@ def fin():
  f"-enable-custom-resources",
  f"-enable-leader-election=false",
  f"-enable-app-protect",
- f"-enable-preview-policies",
  f"-enable-prometheus-metrics",
  ],
  },