Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AP: update appolicies crd #2094

Merged
merged 1 commit into from
Nov 4, 2021
Merged

AP: update appolicies crd #2094

merged 1 commit into from
Nov 4, 2021

Conversation

galitskiy
Copy link
Contributor

@galitskiy galitskiy commented Oct 14, 2021
edited
Loading

Proposed changes

Update CRD for appolicies. Add new fields: bot-defense>browserDefinition, grpc-profiles>idl-files>importUrl, whitelist-ips>neverLogRequests, enforcer-settings, $action (where applicable)

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto master
  • I will ensure my PR is targeting the master branch and pulling from my branch from my own fork

@nginx-bot nginx-bot force-pushed the ap-update-crd branch 3 times, most recently from 20fe86c to 700b8d3 Compare October 14, 2021 18:09
@galitskiy galitskiy force-pushed the ap-update-crd branch 2 times, most recently from 1ef3527 to 3842a4c Compare October 18, 2021 15:51
@galitskiy galitskiy marked this pull request as ready for review October 18, 2021 16:01
@galitskiy galitskiy changed the title update appolicies crd AP: update appolicies crd Oct 19, 2021
AvriBalofsky
AvriBalofsky approved these changes Oct 21, 2021
View reviewed changes
Copy link

@AvriBalofsky AvriBalofsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically even though we added $action: "delete" as a general option, it's not really relevant/functional on the endpoints. Like on collections that the user can't add/remove elements from (bot anomalies, signatures), or collections that start empty (signature-requirements, whitelist-ips, *-validation-files, etc). It's not harmful though.

@pleshakov
Copy link
Contributor

Hi @galitskiy

a few comments:

(1)
Would it be possible to get a better description what this PR addresses? For example: "Improve validation for fields: ; add new fields: ....." This will ultimately go into the changelog -- https://docs.nginx.com/nginx-ingress-controller/releases/ -- so that our users are aware.

(2)
we have examples of policies in our docs -- https://docs.nginx.com/nginx-ingress-controller/app-protect/configuration/#app-protect-policies and in the examples on GitHub (https://github.com/nginxinc/kubernetes-ingress/blob/master/examples-of-custom-resources/waf/ap-dataguard-alarm-policy.yaml and https://github.com/nginxinc/kubernetes-ingress/blob/master/examples/appprotect/ap-dataguard-alarm-policy.yaml ). Just double checking, if we need to update any of the examples as well?

(3)
Could you also update this file? https://github.com/nginxinc/kubernetes-ingress/blob/master/deployments/common/crds/appprotect.f5.com_appolicies.yaml

Thanks

@pleshakov pleshakov self-requested a review October 21, 2021 19:08
@galitskiy
Copy link
Contributor Author

galitskiy commented Oct 25, 2021
edited
Loading

Hi @pleshakov
(1) done. @AvriBalofsky could you please take a look as well?
(2) afaik it's not needed; new field "neverLogRequests" was mentioned in RN for latest NAP.
(3) done

@nginx-bot nginx-bot force-pushed the ap-update-crd branch 2 times, most recently from e6cdf57 to 9b81322 Compare October 27, 2021 17:24
@nginx-bot nginx-bot force-pushed the ap-update-crd branch 7 times, most recently from 9b8f81d to 578e761 Compare November 4, 2021 10:41
@tomasohaodha tomasohaodha enabled auto-merge (squash) November 4, 2021 17:33
@pleshakov pleshakov merged commit 4a89f89 into nginxinc:master Nov 4, 2021
@lucacome lucacome added the enhancement Pull requests for new features/feature enhancements label Nov 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pleshakov pleshakov pleshakov approved these changes

@AvriBalofsky AvriBalofsky AvriBalofsky approved these changes

Assignees
No one assigned
Labels
enhancement Pull requests for new features/feature enhancements
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@galitskiy @pleshakov @AvriBalofsky @lucacome