[Bug]: ApPolicy CRD missing violations #7721
Description
Version
edge
What Kubernetes platforms are you running on?
Other
Steps to reproduce
- Create the following
ApPolicy, and apply it to the cluster using kubectl
apiVersion: appprotect.f5.com/v1beta1
kind: APPolicy
metadata:
name: blizzard-bot-exception-policy
spec:
policy:
name: blizzard-bot-exception-policy
applicationLanguage: utf-8
enforcementMode: blocking
template:
name: POLICY_TEMPLATE_NGINX_BASE
blocking-settings:
violations:
- name: VIOL_BOT_CLIENT
alarm: true
block: true
- name: VIOL_DATA_GUARD
alarm: true
block: false
- Note the following error in the NIC pod log:
2025-04-28 20:37:12.515036: Error: UPGRADE FAILED: failed to create resource: APPolicy.appprotect.f5.com "blizzard-bot-exception-policy" is invalid: spec.policy.blocking-settings.violations[0].name: Unsupported value: "VIOL_BOT_CLIENT": supported values: "VIOL_ACCESS_INVALID", "VIOL_ACCESS_MALFORMED", "VIOL_ACCESS_MISSING", "VIOL_ACCESS_UNAUTHORIZED", "VIOL_ASM_COOKIE_HIJACKING", "VIOL_ASM_COOKIE_MODIFIED", "VIOL_BLACKLISTED_IP", "VIOL_COOKIE_EXPIRED", "VIOL_COOKIE_LENGTH", "VIOL_COOKIE_MALFORMED", "VIOL_COOKIE_MODIFIED", "VIOL_CSRF", "VIOL_DATA_GUARD", "VIOL_ENCODING", "VIOL_EVASION", "VIOL_FILE_UPLOAD", "VIOL_FILE_UPLOAD_IN_BODY", "VIOL_FILETYPE", "VIOL_GRAPHQL_ERROR_RESPONSE", "VIOL_GRAPHQL_FORMAT", "VIOL_GRAPHQL_INTROSPECTION_QUERY", "VIOL_GRAPHQL_MALFORMED", "VIOL_GRPC_FORMAT", "VIOL_GRPC_MALFORMED", "VIOL_GRPC_METHOD", "VIOL_HEADER_LENGTH", "VIOL_HEADER_METACHAR", "VIOL_HEADER_REPEATED", "VIOL_HTTP_PROTOCOL", "VIOL_HTTP_RESPONSE_STATUS", "VIOL_JSON_FORMAT", "VIOL_JSON_MALFORMED", "VIOL_JSON_SCHEMA", "VIOL_MANDATORY_HEADER", "VIOL_MANDATORY_PARAMETER", "VIOL_MANDATORY_REQUEST_BODY", "VIOL_METHOD", "VIOL_PARAMETER", "VIOL_PARAMETER_ARRAY_VALUE", "VIOL_PARAMETER_DATA_TYPE", "VIOL_PARAMETER_EMPTY_VALUE", "VIOL_PARAMETER_LOCATION", "VIOL_PARAMETER_MULTIPART_NULL_VALUE", "VIOL_PARAMETER_NAME_METACHAR", "VIOL_PARAMETER_NUMERIC_VALUE", "VIOL_PARAMETER_REPEATED", "VIOL_PARAMETER_STATIC_VALUE", "VIOL_PARAMETER_VALUE_BASE64", "VIOL_PARAMETER_VALUE_LENGTH", "VIOL_PARAMETER_VALUE_METACHAR", "VIOL_PARAMETER_VALUE_REGEXP", "VIOL_POST_DATA_LENGTH", "VIOL_QUERY_STRING_LENGTH", "VIOL_RATING_NEED_EXAMINATION", "VIOL_RATING_THREAT", "VIOL_REQUEST_LENGTH", "VIOL_REQUEST_MAX_LENGTH", "VIOL_THREAT_CAMPAIGN", "VIOL_URL", "VIOL_URL_CONTENT_TYPE", "VIOL_URL_LENGTH", "VIOL_URL_METACHAR", "VIOL_XML_FORMAT", "VIOL_XML_MALFORMED"
2025-04-28 20:37:12.524045: [33;1mWARNING: Command failed. Retrying in 5 seconds.[0m
Metadata
Metadata
Assignees
Type
Projects
Status
Milestone
Relationships
Participants
Activity
github-actions commentedon Apr 29, 2025
Hi @aknot242 thanks for reporting!
Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂
Cheers!
fix nginx#7721
fix nginx#7721