[Bug]: Incorrect specification for App Protect DoS dosAccessLogDest and dosSecurityLog.dosLogDest in docs

[haywoodsh]

Version

edge

What Kubernetes platforms are you running on?

Other

What happened?

In DoS protected resource specification in the docs, the specification of dosAccessLogDest and dosSecurityLog.dosLogDest do not match the actual implementation.

The description of dosAccessLogDest:

Accepted variables are syslog:server=<ip-address &#124; localhost &#124; dns-name>:<port>, stderr, <absolute path to file>

The description of dosSecurityLog.dosLogDest:

Accepted variables are syslog:server=<ip-address &#124; localhost &#124; dns-name>:<port>, stderr, <absolute path to file>. Default is "syslog:server=127.0.0.1:514".

In the actual implementation : syslog:server= is not needed, as it is prepended to the string before generating the actual NGINX config
https://github.com/nginxinc/kubernetes-ingress/blob/ad88fb96e1f2e8a243b6cea2fbb18d5d5e28fee5/internal/configs/configurator.go#L1733-L1738
A working example of the specification can be found at the example:
https://github.com/nginxinc/kubernetes-ingress/blob/v3.6.2/examples/custom-resources/app-protect-dos/apdos-protected.yaml

However, in App Protect WAF, syslog:server= is expected:
https://github.com/nginxinc/kubernetes-ingress/blob/main/examples/custom-resources/app-protect-waf/waf.yaml#L12

The docs should be fixed to reflect the actual implementation. Alternatively, two specification should be unified.

Steps to reproduce

1. In DosProtectedResource, include yslog:server= in dosAccessLogDest or ``dosSecurityLog.dosLogDest`

apiVersion: appprotectdos.f5.com/v1beta1
kind: DosProtectedResource
metadata:
  name: dos-protected
spec:
....
  dosAccessLogDest: "syslog:server=syslog-svc-2.default.svc.cluster.local:514"
  dosSecurityLog:
    enable: true
    apDosLogConf: "doslogconf"
    dosLogDest: "syslog:server=syslog-svc.default.svc.cluster.local:514"
...

2. Apply the resource.

Expected behaviour

DosProtectedResource deployed successfully following the specification in the documentation.

Kubectl Describe output

Events:
  Type     Reason          Age   From                      Message
  ----     ------          ----  ----                      -------
  Warning  Rejected        21s   nginx-ingress-controller  dos protected refers (default/dospolicy) to an invalid DosPolicy: DosPolicy default/dospolicy not found
  Normal   AddedOrUpdated  21s   nginx-ingress-controller  Configuration for default/dos-protected was added or updated
  Warning  Rejected        3s    nginx-ingress-controller  error validating DosProtectedResource: dos-protected invalid field: dosAccessLogDest err: invalid log destination: syslog:server=syslog-svc-2.default.svc.cluster.local:514, must follow format: <ip-address | localhost | dns name>:<port> or stderr

Log output

W20240909 15:18:34.376738    4311 controller.go:2943] Error getting App Protect Dos resource for VirtualServer default/webapp: failed to store DosProtectedResource: error validating DosProtectedResource: dos-protected invalid field: dosAccessLogDest err: invalid log destination: syslog:server=syslog-svc-2.default.svc.cluster.local:514, must follow format: <ip-address | localhost | dns name>:<port> or stderr

Contributing Guidelines

• I confirm that I have read the Report a Bug section of the Contributing Guidelines

[github-actions]

Hi @haywoodsh thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!