run lua-resty-waf in different modes (#2317)

* run lua-resty-waf in different modes * update docs
2018-04-09 08:19:13 -04:00 · 2018-04-09 08:19:13 -04:00 · d6eb44376d
commit d6eb44376d
parent bad8295a42
8 changed files with 75 additions and 34 deletions
--- a/internal/ingress/controller/template/template.go
+++ b/internal/ingress/controller/template/template.go
@ -119,6 +119,7 @@ var (
 			}
 			return true
 		},
+		"shouldConfigureLuaRestyWAF": shouldConfigureLuaRestyWAF,
 		"buildLuaSharedDictionaries": buildLuaSharedDictionaries,
 		"buildLocation":              buildLocation,
 		"buildAuthLocation":          buildAuthLocation,
@ -168,6 +169,14 @@ func formatIP(input string) string {
 	return fmt.Sprintf("[%s]", input)
 }

+func shouldConfigureLuaRestyWAF(disableLuaRestyWAF bool, mode string) bool {
+	if !disableLuaRestyWAF && len(mode) > 0 {
+		return true
+	}
+
+	return false
+}
+
 func buildLuaSharedDictionaries(s interface{}, dynamicConfigurationEnabled bool, disableLuaRestyWAF bool) string {
 	servers, ok := s.([]*ingress.Server)
 	if !ok {
@ -191,7 +200,7 @@ func buildLuaSharedDictionaries(s interface{}, dynamicConfigurationEnabled bool,
 		luaRestyWAFEnabled := func() bool {
 			for _, server := range servers {
 				for _, location := range server.Locations {
-					if location.LuaRestyWAF.Enabled {
+					if len(location.LuaRestyWAF.Mode) > 0 {
 						return true
 					}
 				}
--- a/internal/ingress/controller/template/template_test.go
+++ b/internal/ingress/controller/template/template_test.go
@ -321,7 +321,7 @@ func TestBuildLuaSharedDictionaries(t *testing.T) {
 		t.Errorf("expected to not include 'waf_storage' but got %s", config)
 	}

-	servers[1].Locations[0].LuaRestyWAF = luarestywaf.Config{Enabled: true}
+	servers[1].Locations[0].LuaRestyWAF = luarestywaf.Config{Mode: "ACTIVE"}
 	config = buildLuaSharedDictionaries(servers, false, false)
 	if !strings.Contains(config, "lua_shared_dict waf_storage") {
 		t.Errorf("expected to configure 'waf_storage', but got %s", config)