Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escape commit message in Notification workflow #2075

Merged
merged 1 commit into from Oct 12, 2021

Conversation

lucacome
Copy link
Member

Escape special characters in commit message so it doesn't break the text.

@lucacome lucacome requested a review from a team October 12, 2021 07:07
@lucacome lucacome self-assigned this Oct 12, 2021
@lucacome lucacome requested review from pleshakov and soneillf5 and removed request for a team October 12, 2021 07:07
@github-actions github-actions bot added the chore Pull requests for routine tasks label Oct 12, 2021
@lucacome lucacome merged commit 6980331 into master Oct 12, 2021
@lucacome lucacome deleted the chore/fix-notification-message branch October 12, 2021 17:05
soneillf5 added a commit that referenced this pull request Oct 14, 2021
* Deregister subscription-manager on nap ubi build (#1965)

* Deregister subscription-manager on nap ubi build

* Don't print subscription manager details to terminal

* Release 2.0.0 (#1994)

Release 2.0

* fix: add back anchor links for cmdline arguments (#2006)

* fix: KIC-545 fix broken link (#2013)

* Increase upstream zone size for NGINX Plus

NGINX Plus R25 allocates more memory for storing upstream server
(peer) data: +720 bytes per peer. This means upstream server
zones will use more memory to accommodate that data.

If a zone is full, NGINX Plus will fail to reload and fail to
add more upstream servers via the API.

To prevent reload failures after an upgrade to R25, this commit
increases the default upstream zone size for NGINX Plus from 256K
to 512K.

* Update python tests

* Update Changelog

* fix: bumped f5-theme to v12.6 (#2007)

Co-authored-by: Travis Martin <t.martin@f5.com>
Co-authored-by: Luca Comellini <luca.com@gmail.com>
Co-authored-by: Ciara Stacke <18287516+ciarams87@users.noreply.github.com>

* Bump NGINX Plus version to R25 (#1998)

Bump N+ version in Dockerfile and allow overriding the N+ version in Makefile for NAP.

* Use suffix in latest tag, i.e. latest-alpine, don't overwrite latest (#2023)

* Bump alpine from 3.13 to 3.14 in /build (#2021)

Bumps alpine from 3.13 to 3.14.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix tests upload in the workflow (#2038)

* Upload NGINX Ingress Controller binaries to release (#2044)

* Use release specific repo for NGINX Plus on Debian (#2042)

* Fix Issues workflow (#2054)

* Upload Docker images to ghcr.io (#2053)

* Use action to automatically rebase PRs with master (#2052)

Co-authored-by: nginx-bot <68849795+nginx-bot@users.noreply.github.com>

* Remove note from operator installation (#2049)

* Use release specific repo for NGINX Plus on Debian (#2051)

* Remove sync workflow from master (#2055)

* Remove need for extra parameters for Dockerfile (#2045)

* fix issues with the 404 and robots.txts redirects

* Release 2.0.1 (#2062)

* Clarify upstream tls in VirtualServer

* Add waiting for response label (#2065)

* Use default python image, bump to 3.10 (#2068)

* Update packages for CVE-2021-37750 (#2073)

* Escape commit message in Notification workflow (#2075)

* Bump github.com/aws/aws-sdk-go-v2/config from 1.8.2 to 1.8.3 (#2081)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](aws/aws-sdk-go-v2@config/v1.8.2...config/v1.8.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.5.1 to 1.5.2 (#2080)

Bumps [github.com/aws/aws-sdk-go-v2/service/marketplacemetering](https://github.com/aws/aws-sdk-go-v2) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](aws/aws-sdk-go-v2@service/mq/v1.5.1...service/mq/v1.5.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/marketplacemetering
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump certifi from 2021.5.30 to 2021.10.8 in /tests (#2072)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump certifi from 2021.5.30 to 2021.10.8 in /perf-tests (#2071)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump locust from 2.2.3 to 2.4.0 in /perf-tests (#2070)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Remove nap plus version override

* Temp downgrade the gitlab test image to python 3.9 because of compatability issues

* Restore GHA cache (#2083)

* Bump cffi from 1.14.6 to 1.15.0 in /tests (#2089)

Bumps [cffi](http://cffi.readthedocs.org) from 1.14.6 to 1.15.0.

---
updated-dependencies:
- dependency-name: cffi
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump cffi from 1.14.6 to 1.15.0 in /perf-tests (#2088)

Bumps [cffi](http://cffi.readthedocs.org) from 1.14.6 to 1.15.0.

---
updated-dependencies:
- dependency-name: cffi
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump kubernetes from 19.15.0a1 to 19.15.0b1 in /tests (#2087)

Bumps [kubernetes](https://github.com/kubernetes-client/python) from 19.15.0a1 to 19.15.0b1.
- [Release notes](https://github.com/kubernetes-client/python/releases)
- [Changelog](https://github.com/kubernetes-client/python/blob/master/CHANGELOG.md)
- [Commits](kubernetes-client/python@v19.15.0a1...v19.15.0b1)

---
updated-dependencies:
- dependency-name: kubernetes
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Segregate AP methods (#2084)

* Bados (#1997)

* Add app protect dos to NIC

1. Add option to install with bados for makefile and dockerfile
2. new template for nginx-plus.ingress.tmpl and nginx-plus.tmpl
3. new annotation appprotect.f5.com/app-protect-dos-enable
4. new file entrypoint.sh to start admd in background
5. new flag in deployment for bados

* Add bados policy to virtualserver

Bados policy with 2 argumants:
1. enable
2. name

* Add appDosPolicy

1. Add new CRD yaml file to describe APDosPolicy
2. Support APDosPolicy with ingress
3. Support APDosPolicy with virtualServer

* Remove entrypoint.sh

1. Remove entry point file
2. Call admdinstall by exec.command
3. Call admd by exec.command

* Add security log for app protect dos

1. Add new CRD appprotect.f5.com_apdoslogconfs.yaml
2. Add dos security log properties for bados policy
3. Add security log directive for ingress and virtualServer

* Add monitor directive for app protect dos

2. Add apDosMonitor properties for bados policy
3. Add apDosMonitor directive for ingress and virtualServer

* Monitor directive for app protect dos cleanup

* Add readiness and livensess directive

1. Change file nginx-plus.tmpl - add directives
2. Read file nginx-config.yaml and reads:
  app-protect-dos-liveness-enable
  app-protect-dos-liveness-uri
  app-protect-dos-liveness-port: "4999"

  app-protect-dos-readiness-enable
  app-protect-dos-readiness-uri
  app-protect-dos-readiness-port

* Add debug flag to bados

* Set server to answer for livness probe case liveness enable (use port 8083)

* Minor changes in dokcer file

* Add appprotectdos group

Change from appprotect to appprotectdos all configuration

* Add deployment for appprotect-dos-arb.yaml

* Add annotation: app-protect-dos-name

* Minor changes if deployment of Arbitrator

* Fix addWarningf with extra Specifier

* Add unit tests for app protect dos

1. Add units test for app protect dos
2. fix errors in unit tests

* Add access log and format for option to kibana log for app protect dos

1. Add option to add via virtual server
2. Add option to add via annotation

* Remove unnecessary validation in bados policy

* Add app-protect-dos-debug flag

Enable debug log for app protect dos inside the deployment args properties

* Validation.go app protect dos - minor BUG + add unit tests

* Add to config map error-log-destination and worker-rlimit-core

default value for error-log-destination - stderr

* Add to bados policy dosAccessLogDest properties

* Change app protect dos arb image pull policy to ifNotPresent

* Add new image for App Protect with App Protect Dos

1. Add new option in Makefile: debian-image-nap-dos-plus
2. Add new option in Dockerfile: debian-plus-ap-apdos

* Add example for ingress yaml file with log and policy yaml

* Add example for virtual server yaml file with log and policy and bados yaml files

* Bados examples minor changes

* Add Quotation mark to app protect dos policy files

* Add documentation on app protect dos

* Change liveness in app protect dos and remove readiness

* Add info for manifest doc

* Renamed crds app protect dos files

* Change troubleshooting.md for app protect dos

* Master merge fixes

* Add build-arg to nap-napdos image in Makefile

* Helm for app protect dos

* App Protect Dos - update readme file, create ns for app protect dos

* App Protect Dos - nginx-plus.tmpl - refactor log_dos

* App Protect Dos - fix duplicate const params from merge

* App Protect Dos - add tls_fingerprint policy support

* App Protect Dos - fix bug from merge in file configmaps_test.go

* App Protect Dos - helm chart change field for arb name from name to arbName

* App Protect Dos - Remove unnecessary back quote

* Update DockerFile to GA

* Remove unnecessary path of app protect dos so module

* Fix merge documentation issue for app protect dos

* Add arbitrator dockerfile and documentations

* Make deployment arb image path to example

* Helm app protect dos - add repository arg for arbitrator

* Fix CRDs with make update-crds

* Fix Lint issue

* Change arbitrator repository path

* Fix merge typo issue

* Minor typo

* Change the napdos and nap-napdos Dockerfile.

Remove --force-confold
Add installation of lsb-release for decide the release of deb

* Remove the arbitrator Dockerfile

No needed it now, can pull from the registry

* Remove copy paste typo

* Fix comment of AppProtectDosLogConfDstAnnotation and AppProtectLogConfDstAnnotation

* Add app protect dos liveness to helm chart

* Liveness default is off and change logic to decide loading param

* Fix typo ErrorLogLevel->ErrorLogDst

* Remove WorkerRlimitCore

* installation.md - Change v from 11 to 12

* Change MainAppProtectDosLivenessEnable and AppProtectDosLivenessEnable from string to bool

* revert values.yaml changes

* Fix App Protect liveness configmaps.go + Add info to readme file

* App Protect liveness add to daemonset

* Add configmap-resource.md info for liveness

* Add app-protect-dos-log-format to configmap and change the dependencies with security log

* Remove ErrorLogDst option

* Remove unnecessary check

* Change for virtual server access log dest - no dependencies with security log

* Change the format of the errorf "Bados policy" from q to v

* Change folder for policy and log + simplify code

* Set access log off inside the liveness server + add comment on loggable 0

* Add unit tests TestGenerateNginxCfgForAppProtectDos and TestGenerateNginxCfgForMergeableIngressesForAppProtectDos

* Add unit test TestAddBadosConfig

* Add unit test TestUpdateApDosResourcesForVs

* Add unit test TestUpdateApDosResourcesForVs + fix bug

* Remove validateRequiredFieldsNoCopy function, used validateRequiredFields instead

* Add unit test for ValidateAppProtectDosAccessLogDest

* Add unit test for ValidateAppProtectDosLogConf

* Add unit test for ValidateAppProtectDosPolicy

* change from ValidateAppProtectDosPolicy to validateAppProtectDosPolicy

* Add unit test  for AddBadosPolicyRefs

* Fix typo

* removing the Dos part from the names of all methods of dos configuration interface.

* Add unit test to getBadosPoliciesForAppProtectLogConf

* Add unit test to getBadosPoliciesForAppProtectDosPolicy

* Add unit test to validateBados

* Remove adding duplicate path dosAccessLogDest

* App Protect dos expose logs through stdout

* Arbitrator helm chart changes

1. Remove name
2. add image options

* Remove local file destination in log of app protect dos

* Fix admd debug command

* Add annotation table descriptions

* Add appprotect_common package

* Add app_protecrt_common_resources_test

* Set debug log for app protect dos via configmap remove cli option

* remove debug log for app protect dos helm chart option

* Change webapp-ingress.yaml to v1 in the example

* Add extra info for advanced-configuration-with-annotations.md file

* Add App Protect Dos validation for the annotation inside the new mechanism

Add to validation.go new entries for all App Protect Dos annotations
Add new validation for name and monitor directives inside app_protect_dos_resources.go

remove validation from func getAppProtectDosLogConfAndDst

Add unit tests for new functions

* App protect Dos Arbitrator new Helm Chart

Add new helm cart for the arbitrator.
Remove the arbitrator from ingress helm chart
Add new doc installation-with-helm-dos-arbitrator.md

* Remove App Protect Dos Liveness

* Add ConfigMap key for admd installation

app-protect-dos-install-memory
app-protect-dos-install-max-daemons
app-protect-dos-install-max-workers

Co-authored-by: Tomer Pasman <t.pasman@f5.com>
Co-authored-by: Tomer <=>

* Fix AppProtect resource names collisions

Previously if a VS/VSR referenced a waf or a dos policy, and that policy
referenced both policy and log configuration resources with the same
namespace and name, the IC would incorrectly assume that the policy didn't
exist.

This commit fixes that bug.

* Refactor NAP and DOS resource handling in Configurator

* Fix minion annotations deny list

* Refactor AddOrUpdateAppProtectResource

* Remove the introduced reload bool argument
* Split the method into two

* Refactor delete methods for NAP and DOS resources

* moved appprotect validation into validation package (#2056)

* Add Python test for DOS feature (#2047)

* Dos fixes (#1999)

* Bados (#1997)

* Add app protect dos to NIC

1. Add option to install with bados for makefile and dockerfile
2. new template for nginx-plus.ingress.tmpl and nginx-plus.tmpl
3. new annotation appprotect.f5.com/app-protect-dos-enable
4. new file entrypoint.sh to start admd in background
5. new flag in deployment for bados

* Add bados policy to virtualserver

Bados policy with 2 argumants:
1. enable
2. name

* Add appDosPolicy

1. Add new CRD yaml file to describe APDosPolicy
2. Support APDosPolicy with ingress
3. Support APDosPolicy with virtualServer

* Remove entrypoint.sh

1. Remove entry point file
2. Call admdinstall by exec.command
3. Call admd by exec.command

* Add security log for app protect dos

1. Add new CRD appprotect.f5.com_apdoslogconfs.yaml
2. Add dos security log properties for bados policy
3. Add security log directive for ingress and virtualServer

* Add monitor directive for app protect dos

2. Add apDosMonitor properties for bados policy
3. Add apDosMonitor directive for ingress and virtualServer

* Monitor directive for app protect dos cleanup

* Add readiness and livensess directive

1. Change file nginx-plus.tmpl - add directives
2. Read file nginx-config.yaml and reads:
  app-protect-dos-liveness-enable
  app-protect-dos-liveness-uri
  app-protect-dos-liveness-port: "4999"

  app-protect-dos-readiness-enable
  app-protect-dos-readiness-uri
  app-protect-dos-readiness-port

* Add debug flag to bados

* Set server to answer for livness probe case liveness enable (use port 8083)

* Minor changes in dokcer file

* Add appprotectdos group

Change from appprotect to appprotectdos all configuration

* Add deployment for appprotect-dos-arb.yaml

* Add annotation: app-protect-dos-name

* Minor changes if deployment of Arbitrator

* Fix addWarningf with extra Specifier

* Add unit tests for app protect dos

1. Add units test for app protect dos
2. fix errors in unit tests

* Add access log and format for option to kibana log for app protect dos

1. Add option to add via virtual server
2. Add option to add via annotation

* Remove unnecessary validation in bados policy

* Add app-protect-dos-debug flag

Enable debug log for app protect dos inside the deployment args properties

* Validation.go app protect dos - minor BUG + add unit tests

* Add to config map error-log-destination and worker-rlimit-core

default value for error-log-destination - stderr

* Add to bados policy dosAccessLogDest properties

* Change app protect dos arb image pull policy to ifNotPresent

* Add new image for App Protect with App Protect Dos

1. Add new option in Makefile: debian-image-nap-dos-plus
2. Add new option in Dockerfile: debian-plus-ap-apdos

* Add example for ingress yaml file with log and policy yaml

* Add example for virtual server yaml file with log and policy and bados yaml files

* Bados examples minor changes

* Add Quotation mark to app protect dos policy files

* Add documentation on app protect dos

* Change liveness in app protect dos and remove readiness

* Add info for manifest doc

* Renamed crds app protect dos files

* Change troubleshooting.md for app protect dos

* Master merge fixes

* Add build-arg to nap-napdos image in Makefile

* Helm for app protect dos

* App Protect Dos - update readme file, create ns for app protect dos

* App Protect Dos - nginx-plus.tmpl - refactor log_dos

* App Protect Dos - fix duplicate const params from merge

* App Protect Dos - add tls_fingerprint policy support

* App Protect Dos - fix bug from merge in file configmaps_test.go

* App Protect Dos - helm chart change field for arb name from name to arbName

* App Protect Dos - Remove unnecessary back quote

* Update DockerFile to GA

* Remove unnecessary path of app protect dos so module

* Fix merge documentation issue for app protect dos

* Add arbitrator dockerfile and documentations

* Make deployment arb image path to example

* Helm app protect dos - add repository arg for arbitrator

* Fix CRDs with make update-crds

* Fix Lint issue

* Change arbitrator repository path

* Fix merge typo issue

* Minor typo

* Change the napdos and nap-napdos Dockerfile.

Remove --force-confold
Add installation of lsb-release for decide the release of deb

* Remove the arbitrator Dockerfile

No needed it now, can pull from the registry

* Remove copy paste typo

* Fix comment of AppProtectDosLogConfDstAnnotation and AppProtectLogConfDstAnnotation

* Add app protect dos liveness to helm chart

* Liveness default is off and change logic to decide loading param

* Fix typo ErrorLogLevel->ErrorLogDst

* Remove WorkerRlimitCore

* installation.md - Change v from 11 to 12

* Change MainAppProtectDosLivenessEnable and AppProtectDosLivenessEnable from string to bool

* revert values.yaml changes

* Fix App Protect liveness configmaps.go + Add info to readme file

* App Protect liveness add to daemonset

* Add configmap-resource.md info for liveness

* Add app-protect-dos-log-format to configmap and change the dependencies with security log

* Remove ErrorLogDst option

* Remove unnecessary check

* Change for virtual server access log dest - no dependencies with security log

* Change the format of the errorf "Bados policy" from q to v

* Change folder for policy and log + simplify code

* Set access log off inside the liveness server + add comment on loggable 0

* Add unit tests TestGenerateNginxCfgForAppProtectDos and TestGenerateNginxCfgForMergeableIngressesForAppProtectDos

* Add unit test TestAddBadosConfig

* Add unit test TestUpdateApDosResourcesForVs

* Add unit test TestUpdateApDosResourcesForVs + fix bug

* Remove validateRequiredFieldsNoCopy function, used validateRequiredFields instead

* Add unit test for ValidateAppProtectDosAccessLogDest

* Add unit test for ValidateAppProtectDosLogConf

* Add unit test for ValidateAppProtectDosPolicy

* change from ValidateAppProtectDosPolicy to validateAppProtectDosPolicy

* Add unit test  for AddBadosPolicyRefs

* Fix typo

* removing the Dos part from the names of all methods of dos configuration interface.

* Add unit test to getBadosPoliciesForAppProtectLogConf

* Add unit test to getBadosPoliciesForAppProtectDosPolicy

* Add unit test to validateBados

* Remove adding duplicate path dosAccessLogDest

* App Protect dos expose logs through stdout

* Arbitrator helm chart changes

1. Remove name
2. add image options

* Remove local file destination in log of app protect dos

* Fix admd debug command

* Add annotation table descriptions

* Add appprotect_common package

* Add app_protecrt_common_resources_test

* Set debug log for app protect dos via configmap remove cli option

* remove debug log for app protect dos helm chart option

* Change webapp-ingress.yaml to v1 in the example

* Add extra info for advanced-configuration-with-annotations.md file

* Add App Protect Dos validation for the annotation inside the new mechanism

Add to validation.go new entries for all App Protect Dos annotations
Add new validation for name and monitor directives inside app_protect_dos_resources.go

remove validation from func getAppProtectDosLogConfAndDst

Add unit tests for new functions

* App protect Dos Arbitrator new Helm Chart

Add new helm cart for the arbitrator.
Remove the arbitrator from ingress helm chart
Add new doc installation-with-helm-dos-arbitrator.md

* Remove App Protect Dos Liveness

* Add ConfigMap key for admd installation

app-protect-dos-install-memory
app-protect-dos-install-max-daemons
app-protect-dos-install-max-workers

Co-authored-by: Tomer Pasman <t.pasman@f5.com>
Co-authored-by: Tomer <=>

* fix brackets

* Bados (#1997)

* Add app protect dos to NIC

1. Add option to install with bados for makefile and dockerfile
2. new template for nginx-plus.ingress.tmpl and nginx-plus.tmpl
3. new annotation appprotect.f5.com/app-protect-dos-enable
4. new file entrypoint.sh to start admd in background
5. new flag in deployment for bados

* Add bados policy to virtualserver

Bados policy with 2 argumants:
1. enable
2. name

* Add appDosPolicy

1. Add new CRD yaml file to describe APDosPolicy
2. Support APDosPolicy with ingress
3. Support APDosPolicy with virtualServer

* Remove entrypoint.sh

1. Remove entry point file
2. Call admdinstall by exec.command
3. Call admd by exec.command

* Add security log for app protect dos

1. Add new CRD appprotect.f5.com_apdoslogconfs.yaml
2. Add dos security log properties for bados policy
3. Add security log directive for ingress and virtualServer

* Add monitor directive for app protect dos

2. Add apDosMonitor properties for bados policy
3. Add apDosMonitor directive for ingress and virtualServer

* Monitor directive for app protect dos cleanup

* Add readiness and livensess directive

1. Change file nginx-plus.tmpl - add directives
2. Read file nginx-config.yaml and reads:
  app-protect-dos-liveness-enable
  app-protect-dos-liveness-uri
  app-protect-dos-liveness-port: "4999"

  app-protect-dos-readiness-enable
  app-protect-dos-readiness-uri
  app-protect-dos-readiness-port

* Add debug flag to bados

* Set server to answer for livness probe case liveness enable (use port 8083)

* Minor changes in dokcer file

* Add appprotectdos group

Change from appprotect to appprotectdos all configuration

* Add deployment for appprotect-dos-arb.yaml

* Add annotation: app-protect-dos-name

* Minor changes if deployment of Arbitrator

* Fix addWarningf with extra Specifier

* Add unit tests for app protect dos

1. Add units test for app protect dos
2. fix errors in unit tests

* Add access log and format for option to kibana log for app protect dos

1. Add option to add via virtual server
2. Add option to add via annotation

* Remove unnecessary validation in bados policy

* Add app-protect-dos-debug flag

Enable debug log for app protect dos inside the deployment args properties

* Validation.go app protect dos - minor BUG + add unit tests

* Add to config map error-log-destination and worker-rlimit-core

default value for error-log-destination - stderr

* Add to bados policy dosAccessLogDest properties

* Change app protect dos arb image pull policy to ifNotPresent

* Add new image for App Protect with App Protect Dos

1. Add new option in Makefile: debian-image-nap-dos-plus
2. Add new option in Dockerfile: debian-plus-ap-apdos

* Add example for ingress yaml file with log and policy yaml

* Add example for virtual server yaml file with log and policy and bados yaml files

* Bados examples minor changes

* Add Quotation mark to app protect dos policy files

* Add documentation on app protect dos

* Change liveness in app protect dos and remove readiness

* Add info for manifest doc

* Renamed crds app protect dos files

* Change troubleshooting.md for app protect dos

* Master merge fixes

* Add build-arg to nap-napdos image in Makefile

* Helm for app protect dos

* App Protect Dos - update readme file, create ns for app protect dos

* App Protect Dos - nginx-plus.tmpl - refactor log_dos

* App Protect Dos - fix duplicate const params from merge

* App Protect Dos - add tls_fingerprint policy support

* App Protect Dos - fix bug from merge in file configmaps_test.go

* App Protect Dos - helm chart change field for arb name from name to arbName

* App Protect Dos - Remove unnecessary back quote

* Update DockerFile to GA

* Remove unnecessary path of app protect dos so module

* Fix merge documentation issue for app protect dos

* Add arbitrator dockerfile and documentations

* Make deployment arb image path to example

* Helm app protect dos - add repository arg for arbitrator

* Fix CRDs with make update-crds

* Fix Lint issue

* Change arbitrator repository path

* Fix merge typo issue

* Minor typo

* Change the napdos and nap-napdos Dockerfile.

Remove --force-confold
Add installation of lsb-release for decide the release of deb

* Remove the arbitrator Dockerfile

No needed it now, can pull from the registry

* Remove copy paste typo

* Fix comment of AppProtectDosLogConfDstAnnotation and AppProtectLogConfDstAnnotation

* Add app protect dos liveness to helm chart

* Liveness default is off and change logic to decide loading param

* Fix typo ErrorLogLevel->ErrorLogDst

* Remove WorkerRlimitCore

* installation.md - Change v from 11 to 12

* Change MainAppProtectDosLivenessEnable and AppProtectDosLivenessEnable from string to bool

* revert values.yaml changes

* Fix App Protect liveness configmaps.go + Add info to readme file

* App Protect liveness add to daemonset

* Add configmap-resource.md info for liveness

* Add app-protect-dos-log-format to configmap and change the dependencies with security log

* Remove ErrorLogDst option

* Remove unnecessary check

* Change for virtual server access log dest - no dependencies with security log

* Change the format of the errorf "Bados policy" from q to v

* Change folder for policy and log + simplify code

* Set access log off inside the liveness server + add comment on loggable 0

* Add unit tests TestGenerateNginxCfgForAppProtectDos and TestGenerateNginxCfgForMergeableIngressesForAppProtectDos

* Add unit test TestAddBadosConfig

* Add unit test TestUpdateApDosResourcesForVs

* Add unit test TestUpdateApDosResourcesForVs + fix bug

* Remove validateRequiredFieldsNoCopy function, used validateRequiredFields instead

* Add unit test for ValidateAppProtectDosAccessLogDest

* Add unit test for ValidateAppProtectDosLogConf

* Add unit test for ValidateAppProtectDosPolicy

* change from ValidateAppProtectDosPolicy to validateAppProtectDosPolicy

* Add unit test  for AddBadosPolicyRefs

* Fix typo

* removing the Dos part from the names of all methods of dos configuration interface.

* Add unit test to getBadosPoliciesForAppProtectLogConf

* Add unit test to getBadosPoliciesForAppProtectDosPolicy

* Add unit test to validateBados

* Remove adding duplicate path dosAccessLogDest

* App Protect dos expose logs through stdout

* Arbitrator helm chart changes

1. Remove name
2. add image options

* Remove local file destination in log of app protect dos

* Fix admd debug command

* Add annotation table descriptions

* Add appprotect_common package

* Add app_protecrt_common_resources_test

* Set debug log for app protect dos via configmap remove cli option

* remove debug log for app protect dos helm chart option

* Change webapp-ingress.yaml to v1 in the example

* Add extra info for advanced-configuration-with-annotations.md file

* Add App Protect Dos validation for the annotation inside the new mechanism

Add to validation.go new entries for all App Protect Dos annotations
Add new validation for name and monitor directives inside app_protect_dos_resources.go

remove validation from func getAppProtectDosLogConfAndDst

Add unit tests for new functions

* App protect Dos Arbitrator new Helm Chart

Add new helm cart for the arbitrator.
Remove the arbitrator from ingress helm chart
Add new doc installation-with-helm-dos-arbitrator.md

* Remove App Protect Dos Liveness

* Add ConfigMap key for admd installation

app-protect-dos-install-memory
app-protect-dos-install-max-daemons
app-protect-dos-install-max-workers

Co-authored-by: Tomer Pasman <t.pasman@f5.com>
Co-authored-by: Tomer <=>

* fix brackets

* Change bados policy name to dos

* Remove duplicate lines from the merge

* Remove app-protect-dos-arb from Makefile

* Dockerfile - mkdir for dos inside dos part and remove dos list

* Remove comment: "Add Debug bool option via config file"

* nginx-plus.ingress.tmpl remove {{end}} and fix indentation

* Fix comment for DeleteAppProtectDosLogConf funx

* Fix typo in comment validateAppProtectDosLogConf func in file app_protect_dos_resources.go

* Fix nginx-plus.ingress.tmpl file EOF error

* Change error info for validateExistAnnotation

* fix duplicate functions from merge

* Remove keys

* Make DosPolicies and DosLogConfs private

* Change fun from DeleteAppProtectLogConf to DeleteAppProtectDosLogConf

* fix brackets

* Change bados policy name to dos

* Dockerfile - mkdir for dos inside dos part and remove dos list

* Remove comment: "Add Debug bool option via config file"

* nginx-plus.ingress.tmpl remove {{end}} and fix indentation

* Fix comment for DeleteAppProtectDosLogConf funx

* Fix typo in comment validateAppProtectDosLogConf func in file app_protect_dos_resources.go

* Fix nginx-plus.ingress.tmpl file EOF error

* Change error info for validateExistAnnotation

* fix duplicate functions from merge

* Remove keys

* Make DosPolicies and DosLogConfs private

* Change fun from DeleteAppProtectLogConf to DeleteAppProtectDosLogConf

* apdos-policy.yaml Change values to on

* Change typo of copy past

* Fix links in policy-resource.md

* Max name length change to 63 include the '\0'

* MaxNamLength add info on advanced-configuration-with-annotations.md and policy-resource.md

* make MaxNamLength by sprintf not a const value

* Change msg info for test of app-protect-dos-security-log-destination annotation for stderr

* Change validation message for validateQualifiedName in validation.go

* Helm for arbitrator - make separate yaml file for deployment and service

* Add default value for log_dos

* Chnage in helm for arb in Chart.yaml the appVersion to 1.0.0

* Add validation to dos name and monitor

* Add unit tests

TestValidatePolicy - for dos enable
TestValidatePolicyFails - without: plus, enablePreviewPolicies, enableAppProtectDos
TestValidateDos - DosAccessLogDest, ApDosMonitor, Name
TestValidateDosInvalid - DosAccessLogDest, ApDosMonitor, Name

* Chane app protect dos configuration policy and log to private

* Add documentation about the monitor requests that appears in the log file

* virtualserver_test.go fix merge typo

* Fix merge compilation error

* restore dos-related images from Makefile

* Add rm -rf /var/lib/apt/lists/* and fix indentation

* fix func name TestGenerateNginxCfgForMergeableIngressesForAppProtectDos

* fix local var Dos *conf_v1.Dos lowercase letter

* Fix msg for test TestValidateDosInvalid for ApDosMonitor

* log_dos: support configuring log format across multiple lines and escaping

* nginx-plus.tmpl - fix identation

Co-authored-by: Tomer Pasman <t.pasman@f5.com>
Co-authored-by: = <=>
Co-authored-by: nginx-bot <68849795+nginx-bot@users.noreply.github.com>

* use dns name for syslog destination service (#2067)

Co-authored-by: Ciara Stacke <18287516+ciarams87@users.noreply.github.com>
Co-authored-by: Jcahilltorre <78599298+Jcahilltorre@users.noreply.github.com>
Co-authored-by: Michael Pleshakov <michael@nginx.com>
Co-authored-by: Ciara Stacke <c.stacke@f5.com>
Co-authored-by: Jodie Putrino <j.putrino@f5.com>
Co-authored-by: Travis Martin <t.martin@f5.com>
Co-authored-by: Luca Comellini <luca.com@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: nginx-bot <68849795+nginx-bot@users.noreply.github.com>
Co-authored-by: Michael Pleshakov <pleshakov@users.noreply.github.com>
Co-authored-by: Venktesh Shivam Patel <ve.patel@f5.com>
Co-authored-by: pasmant <78279234+pasmant@users.noreply.github.com>
Co-authored-by: Tomer Pasman <t.pasman@f5.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
chore Pull requests for routine tasks
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants