Skip to content

Commit

Permalink
Add externl references to crds, and update docs
Browse files Browse the repository at this point in the history
  • Loading branch information
Rafal Wegrzycki committed Aug 21, 2020
1 parent aa6e36e commit f8bc90e
Show file tree
Hide file tree
Showing 8 changed files with 407 additions and 18 deletions.
4 changes: 4 additions & 0 deletions build/appprotect/DockerfileWithAppProtectForPlus
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,10 @@ COPY internal/configs/version1/nginx-plus.ingress.tmpl \
# and use it as a certificate and key for the default server
# ADD default.pem /etc/nginx/secrets/default

# Uncomment the lines below if you want to install a custom CA certificate
# COPY build/appprotect/*.crt /usr/local/share/ca-certificates/
# RUN update-ca-certificates

USER nginx

ENTRYPOINT ["/nginx-ingress"]
Expand Down
7 changes: 6 additions & 1 deletion build/appprotect/DockerfileWithAppProtectForPlusForOpenShift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ RUN set -x \
app-protect-compiler-$APPPROTECT_COMPILER_VERSION \
app-protect-$APPPROTECT_MODULE_VERSION \
&& yum install -y app-protect-attack-signatures${APPPROTECT_SIG_VERSION:+-$APPPROTECT_SIG_VERSION} \
&& yum install -y app-protect-threat-campaigns{APPPROTECT_THREAT_CAMPAIGNS_VERSION:+-$APPPROTECT_THREAT_CAMPAIGNS_VERSION} \
&& yum install -y app-protect-threat-campaigns${APPPROTECT_THREAT_CAMPAIGNS_VERSION:+-$APPPROTECT_THREAT_CAMPAIGNS_VERSION} \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
&& yum remove -y wget \
Expand Down Expand Up @@ -119,6 +119,11 @@ COPY internal/configs/version1/nginx-plus.ingress.tmpl \
# and use it as a certificate and key for the default server
# ADD default.pem /etc/nginx/secrets/default

# Uncomment the lines below if you want to install a custom CA certificate
# COPY build/appprotect/*.crt /etc/pki/ca-trust/source/anchors/
# RUN update-ca-trust extract


RUN mkdir licenses
COPY LICENSE /licenses

Expand Down
2 changes: 1 addition & 1 deletion deployments/common/ap-logconf-definition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ metadata:
creationTimestamp: null
name: aplogconfs.appprotect.f5.com
spec:
preserveUnknownFields: false
group: appprotect.f5.com
names:
kind: APLogConf
listKind: APLogConfList
plural: aplogconfs
singular: aplogconf
preserveUnknownFields: false
scope: Namespaced
validation:
openAPIV3Schema:
Expand Down
187 changes: 183 additions & 4 deletions deployments/common/ap-policy-definition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ metadata:
creationTimestamp: null
name: appolicies.appprotect.f5.com
spec:
preserveUnknownFields: false
group: appprotect.f5.com
names:
kind: APPolicy
listKind: APPolicyList
plural: appolicies
singular: appolicy
preserveUnknownFields: false
scope: Namespaced
validation:
openAPIV3Schema:
Expand All @@ -35,10 +35,30 @@ spec:
properties:
modifications:
items:
properties: {}
properties:
action:
type: string
description:
type: string
entity:
properties:
name:
type: string
type: object
entityChanges:
properties:
type:
type: string
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
modificationsReference:
properties:
link:
pattern: ^http
type: string
type: object
policy:
description: Defines the App Protect policy
properties:
Expand Down Expand Up @@ -144,6 +164,7 @@ spec:
enum:
- VIOL_XML_SOAP_ATTACHMENT
- VIOL_DATA_GUARD
- VIOL_THREAT_CAMPAIGN
- VIOL_LOGIN_URL_EXPIRED
- VIOL_LOGIN_URL_BYPASSED
- VIOL_REQUEST_MAX_LENGTH
Expand Down Expand Up @@ -238,6 +259,12 @@ spec:
type: object
type: array
type: object
blockingSettingReference:
properties:
link:
pattern: ^http
type: string
type: object
caseInsensitive:
type: boolean
character-sets:
Expand Down Expand Up @@ -265,12 +292,30 @@ spec:
type: string
type: object
type: array
characterSetReference:
properties:
link:
pattern: ^http
type: string
type: object
cookie-settings:
properties:
maximumCookieHeaderLength:
pattern: any|\d+
type: string
type: object
cookieReference:
properties:
link:
pattern: ^http
type: string
type: object
cookieSettingsReference:
properties:
link:
pattern: ^http
type: string
type: object
cookies:
items:
properties:
Expand Down Expand Up @@ -331,6 +376,12 @@ spec:
usSocialSecurityNumbers:
type: boolean
type: object
dataGuardReference:
properties:
link:
pattern: ^http
type: string
type: object
description:
type: string
enablePassiveMode:
Expand All @@ -340,6 +391,12 @@ spec:
- transparent
- blocking
type: string
filetypeReference:
properties:
link:
pattern: ^http
type: string
type: object
filetypes:
items:
properties:
Expand Down Expand Up @@ -392,12 +449,30 @@ spec:
trustXff:
type: boolean
type: object
generalReference:
properties:
link:
pattern: ^http
type: string
type: object
header-settings:
properties:
maximumHttpHeaderLength:
pattern: any|\d+
type: string
type: object
headerReference:
properties:
link:
pattern: ^http
type: string
type: object
headerSettingsReference:
properties:
link:
pattern: ^http
type: string
type: object
headers:
items:
properties:
Expand Down Expand Up @@ -467,6 +542,24 @@ spec:
type: boolean
type: object
type: array
jsonProfileReference:
properties:
link:
pattern: ^http
type: string
type: object
jsonValidationFileReference:
properties:
link:
pattern: ^http
type: string
type: object
methodReference:
properties:
link:
pattern: ^http
type: string
type: object
methods:
items:
properties:
Expand All @@ -476,6 +569,12 @@ spec:
type: array
name:
type: string
parameterReference:
properties:
link:
pattern: ^http
type: string
type: object
parameters:
items:
properties:
Expand Down Expand Up @@ -549,7 +648,7 @@ spec:
- redirect
type: string
ajaxCustomContent:
type: boolean
type: string
ajaxEnabled:
type: boolean
ajaxPopupMessage:
Expand Down Expand Up @@ -588,13 +687,25 @@ spec:
type: string
type: object
type: array
responsePageReference:
properties:
link:
pattern: ^http
type: string
type: object
sensitive-parameters:
items:
properties:
name:
type: string
type: object
type: array
sensitiveParameterReference:
properties:
link:
pattern: ^http
type: string
type: object
server-technologies:
items:
properties:
Expand Down Expand Up @@ -676,9 +787,35 @@ spec:
type: string
type: object
type: array
serverTechnologyReference:
properties:
link:
pattern: ^http
type: string
type: object
signature-sets:
items:
properties: {}
properties:
alarm:
type: boolean
block:
type: boolean
name:
enum:
- Command Execution Signatures
- Cross Site Scripting Signatures
- Directory Indexing Signatures
- Information Leakage Signatures
- OS Command Injection Signatures
- Path Traversal Signatures
- Predictable Resource Location Signatures
- Remote File Include Signatures
- SQL Injection Signatures
- XPath Injection Signatures
- Buffer Overflow Signatures
- Denial of Service Signatures
- Vulnerability Scanner Signatures
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
Expand All @@ -697,6 +834,24 @@ spec:
- medium
type: string
type: object
signatureReference:
properties:
link:
pattern: ^http
type: string
type: object
signatureSetReference:
properties:
link:
pattern: ^http
type: string
type: object
signatureSettingReference:
properties:
link:
pattern: ^http
type: string
type: object
signatures:
items:
properties:
Expand All @@ -713,6 +868,12 @@ spec:
name:
type: string
type: object
urlReference:
properties:
link:
pattern: ^http
type: string
type: object
urls:
items:
properties:
Expand Down Expand Up @@ -750,6 +911,12 @@ spec:
type: string
type: object
type: array
whitelistIpReference:
properties:
link:
pattern: ^http
type: string
type: object
xml-profiles:
items:
properties:
Expand Down Expand Up @@ -820,6 +987,18 @@ spec:
type: boolean
type: object
type: array
xmlProfileReference:
properties:
link:
pattern: ^http
type: string
type: object
xmlValidationFileReference:
properties:
link:
pattern: ^http
type: string
type: object
type: object
type: object
type: object
Expand Down
Loading

0 comments on commit f8bc90e

Please sign in to comment.