Skip to content

Commit

Permalink
support for App Protect UDS
Browse files Browse the repository at this point in the history
  • Loading branch information
Rafal Wegrzycki committed Dec 18, 2020
1 parent c222e3a commit bf1c7ff
Show file tree
Hide file tree
Showing 29 changed files with 3,092 additions and 170 deletions.
31 changes: 16 additions & 15 deletions build/appprotect/DockerfileWithAppProtectForPlus
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,21 +75,23 @@ RUN ln -sf /proc/1/fd/1 /var/log/nginx/access.log \
&& ln -sf /proc/1/fd/2 /var/log/nginx/error.log

RUN mkdir -p /var/lib/nginx \
/etc/nginx/stream-conf.d \
/etc/nginx/secrets \
/etc/nginx/waf \
/etc/nginx/waf/nac-policies \
/etc/nginx/waf/nac-logconfs \
/var/log/app_protect \
/opt/app_protect \
/etc/nginx/stream-conf.d \
/etc/nginx/secrets \
/etc/nginx/waf \
/etc/nginx/waf/nac-policies \
/etc/nginx/waf/nac-logconfs \
/etc/nginx/waf/nac-usersigs \
/var/log/app_protect \
/opt/app_protect \
&& touch /etc/nginx/waf/nac-usersigs/index.conf \
&& chown -R nginx:0 /etc/app_protect \
/usr/share/ts \
/etc/nginx \
/var/cache/nginx \
/var/lib/nginx/ \
/var/log/app_protect/ \
/opt/app_protect/ \
/var/log/nginx/ \
/usr/share/ts \
/etc/nginx \
/var/cache/nginx \
/var/lib/nginx/ \
/var/log/app_protect/ \
/opt/app_protect/ \
/var/log/nginx/ \
&& apt-get remove --purge -y libcap2-bin \
&& rm /etc/nginx/conf.d/*

Expand Down Expand Up @@ -128,7 +130,6 @@ ENTRYPOINT ["/nginx-ingress"]
FROM base AS local
COPY nginx-ingress /


FROM $GOLANG_CONTAINER AS builder
ARG VERSION
ARG GIT_COMMIT
Expand Down
30 changes: 16 additions & 14 deletions build/appprotect/DockerfileWithAppProtectForPlusForOpenShift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,21 +75,23 @@ RUN ln -sf /proc/1/fd/1 /var/log/nginx/access.log \
&& ln -sf /proc/1/fd/2 /var/log/nginx/error.log

RUN mkdir -p /var/lib/nginx \
/etc/nginx/stream-conf.d \
/etc/nginx/secrets \
/etc/nginx/waf \
/etc/nginx/waf/nac-policies \
/etc/nginx/waf/nac-logconfs \
/var/log/app_protect \
/opt/app_protect \
/etc/nginx/stream-conf.d \
/etc/nginx/secrets \
/etc/nginx/waf \
/etc/nginx/waf/nac-policies \
/etc/nginx/waf/nac-logconfs \
/etc/nginx/waf/nac-usersigs \
/var/log/app_protect \
/opt/app_protect \
&& touch /etc/nginx/waf/nac-usersigs/index.conf \
&& chown -R nginx:0 /etc/app_protect \
/usr/share/ts \
/etc/nginx \
/var/cache/nginx \
/var/lib/nginx/ \
/var/log/app_protect/ \
/opt/app_protect/ \
/var/log/nginx/ \
/usr/share/ts \
/etc/nginx \
/var/cache/nginx \
/var/lib/nginx/ \
/var/log/app_protect/ \
/opt/app_protect/ \
/var/log/nginx/ \
&& rm /etc/nginx/conf.d/*

RUN printf "MODULE = ALL;\nLOG_LEVEL = TS_CRIT;\nFILE = 2;\n" > /etc/app_protect/bd/logger.cfg \
Expand Down
101 changes: 101 additions & 0 deletions deployments/common/crds-v1beta1/appprotect.f5.com_apusersigs.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: apusersigs.appprotect.f5.com
spec:
group: appprotect.f5.com
names:
kind: APUserSig
listKind: APUserSigList
plural: apusersigs
singular: apusersig
preserveUnknownFields: false
scope: Namespaced
validation:
openAPIV3Schema:
description: APUserSig is the Schema for the apusersigs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: APUserSigSpec defines the desired state of APUserSig
properties:
properties:
type: string
revisionDatetime:
format: date-time
type: string
signatures:
items:
properties:
accuracy:
enum:
- high
- medium
- low
type: string
attackType:
properties:
name:
type: string
type: object
description:
type: string
name:
type: string
references:
properties:
type:
enum:
- bugtraq
- cve
- nessus
- url
type: string
value:
type: string
type: object
risk:
enum:
- high
- medium
- low
type: string
rule:
type: string
signatureType:
enum:
- request
- response
type: string
systems:
items:
properties:
name:
type: string
type: object
type: array
type: object
type: array
tag:
type: string
type: object
type: object
version: v1beta1
versions:
- name: v1beta1
served: true
storage: true
100 changes: 100 additions & 0 deletions deployments/common/crds/appprotect.f5.com_apusersigs.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: apusersigs.appprotect.f5.com
spec:
group: appprotect.f5.com
names:
kind: APUserSig
listKind: APUserSigList
plural: apusersigs
singular: apusersig
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: APUserSig is the Schema for the apusersigs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: APUserSigSpec defines the desired state of APUserSig
properties:
properties:
type: string
revisionDatetime:
format: date-time
type: string
signatures:
items:
properties:
accuracy:
enum:
- high
- medium
- low
type: string
attackType:
properties:
name:
type: string
type: object
description:
type: string
name:
type: string
references:
properties:
type:
enum:
- bugtraq
- cve
- nessus
- url
type: string
value:
type: string
type: object
risk:
enum:
- high
- medium
- low
type: string
rule:
type: string
signatureType:
enum:
- request
- response
type: string
systems:
items:
properties:
name:
type: string
type: object
type: array
type: object
type: array
tag:
type: string
type: object
type: object
served: true
storage: true
101 changes: 101 additions & 0 deletions deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: apusersigs.appprotect.f5.com
spec:
group: appprotect.f5.com
names:
kind: APUserSig
listKind: APUserSigList
plural: apusersigs
singular: apusersig
preserveUnknownFields: false
scope: Namespaced
validation:
openAPIV3Schema:
description: APUserSig is the Schema for the apusersigs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: APUserSigSpec defines the desired state of APUserSig
properties:
properties:
type: string
revisionDatetime:
format: date-time
type: string
signatures:
items:
properties:
accuracy:
enum:
- high
- medium
- low
type: string
attackType:
properties:
name:
type: string
type: object
description:
type: string
name:
type: string
references:
properties:
type:
enum:
- bugtraq
- cve
- nessus
- url
type: string
value:
type: string
type: object
risk:
enum:
- high
- medium
- low
type: string
rule:
type: string
signatureType:
enum:
- request
- response
type: string
systems:
items:
properties:
name:
type: string
type: object
type: array
type: object
type: array
tag:
type: string
type: object
type: object
version: v1beta1
versions:
- name: v1beta1
served: true
storage: true
1 change: 1 addition & 0 deletions deployments/helm-chart/templates/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ rules:
resources:
- appolicies
- aplogconfs
- apusersigs
verbs:
- get
- watch
Expand Down
Loading

0 comments on commit bf1c7ff

Please sign in to comment.