DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

annotation to ignore given list of WAF rulesets (#2314)

Browse source
This commit is contained in:
Elvin Efendi 2018-04-08 21:55:23 -04:00 committed by Manuel Alejandro de Brito Fontes
parent a6fe800a47
commit 16faf309ca
6 changed files with 59 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

22
internal/ingress/annotations/luarestywaf/main.go
View file

@ -17,6 +17,9 @@ limitations under the License.
package luarestywaf
import (
"reflect"
"strings"
extensions "k8s.io/api/extensions/v1beta1"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
@ -25,8 +28,9 @@ import (
// Config returns lua-resty-waf configuration for an Ingress rule
type Config struct {
Enabled bool `json:"enabled"`
Debug bool `json:"debug"`
Enabled bool `json:"enabled"`
Debug bool `json:"debug"`
IgnoredRuleSets []string `json: "ignored-rulesets"`
}
// Equal tests for equality between two Config types
@ -43,6 +47,9 @@ func (e1 *Config) Equal(e2 *Config) bool {
if e1.Debug != e2.Debug {
return false
}
if !reflect.DeepEqual(e1.IgnoredRuleSets, e2.IgnoredRuleSets) {
return false
}
return true
}
@ -67,8 +74,15 @@ func (a luarestywaf) Parse(ing *extensions.Ingress) (interface{}, error) {
debug, _ := parser.GetBoolAnnotation("lua-resty-waf-debug", ing)
ignoredRuleSetsStr, _ := parser.GetStringAnnotation("lua-resty-waf-ignore-rulesets", ing)
ignoredRuleSets := strings.FieldsFunc(ignoredRuleSetsStr, func(c rune) bool {
strC := string(c)
return strC == "," || strC == " "
})
return &Config{
Enabled: enabled,
Debug: debug,
Enabled: enabled,
Debug: debug,
IgnoredRuleSets: ignoredRuleSets,
}, nil
}