github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2025-08-14 05:45:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

change variable name

Browse Source
This commit is contained in:
wiaamm 2025-07-01 16:23:13 +03:00
parent f78168ef4c
commit 88f9aedf10
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docker/openappsec-waf-webhook/webhook_server.py
View File

@ -15,7 +15,7 @@ app = Flask(__name__)
AGENT_IMAGE = os.getenv('AGENT_IMAGE', 'ghcr.io/openappsec/agent') AGENT_IMAGE = os.getenv('AGENT_IMAGE', 'ghcr.io/openappsec/agent')
AGENT_TAG = os.getenv('AGENT_TAG', 'latest') AGENT_TAG = os.getenv('AGENT_TAG', 'latest')
AGENT_CPU = os.getenv('AGENT_CPU', '200m') AGENT_CPU = os.getenv('AGENT_CPU', '200m')
AGENT_KIND = os.getenv('AGENT_KIND', 'istio') PROXY_KIND = os.getenv('PROXY_KIND', 'istio')
INIT_CONTAINER_IMAGE = os.getenv('INIT_CONTAINER_IMAGE', 'ghcr.io/openappsec/openappsec-envoy-filters') INIT_CONTAINER_IMAGE = os.getenv('INIT_CONTAINER_IMAGE', 'ghcr.io/openappsec/openappsec-envoy-filters')
INIT_CONTAINER_TAG = os.getenv('INIT_CONTAINER_TAG', 'latest') INIT_CONTAINER_TAG = os.getenv('INIT_CONTAINER_TAG', 'latest')
ISTIOD_PORT = os.getenv('ISTIOD_PORT', '15014') ISTIOD_PORT = os.getenv('ISTIOD_PORT', '15014')
@ -26,7 +26,7 @@ config.load_incluster_config()
def is_istio_agent(): def is_istio_agent():
"""Check if the current agent kind is Istio""" """Check if the current agent kind is Istio"""
return AGENT_KIND.lower() == "istio" return PROXY_KIND.lower() == "istio"
def configure_logging(): def configure_logging():
# Read the DEBUG_LEVEL from environment variables, defaulting to WARNING # Read the DEBUG_LEVEL from environment variables, defaulting to WARNING
@ -69,7 +69,7 @@ def get_sidecar_container():
secret_ref = os.getenv("SECRET_REF") secret_ref = os.getenv("SECRET_REF")
persistence_enabled = os.getenv("APPSEC_PERSISTENCE_ENABLED", "false").lower() == "true" persistence_enabled = os.getenv("APPSEC_PERSISTENCE_ENABLED", "false").lower() == "true"
# Prepare the volumeMounts list based on AGENT_KIND # Prepare the volumeMounts list based on PROXY_KIND
if is_istio_agent(): if is_istio_agent():
volume_mounts = [ volume_mounts = [
{"name": "envoy-attachment-shared", "mountPath": "/envoy/attachment/shared/"}, {"name": "envoy-attachment-shared", "mountPath": "/envoy/attachment/shared/"},
@ -588,7 +588,7 @@ def mutate():
# Only check for envoy-attachment-shared volume if agent kind is Istio # Only check for envoy-attachment-shared volume if agent kind is Istio
volume_exist = any(volume['name'] == 'envoy-attachment-shared' for volume in volumes) if is_istio_agent() else False volume_exist = any(volume['name'] == 'envoy-attachment-shared' for volume in volumes) if is_istio_agent() else False
app.logger.debug("Does sidecar 'open-appsec-nano-agent' exist? %s", sidecar_exists) app.logger.debug("Does sidecar 'open-appsec-nano-agent' exist? %s", sidecar_exists)
app.logger.debug("Agent kind: %s", AGENT_KIND) app.logger.debug("Agent kind: %s", PROXY_KIND)
# Determine if we should remove the injected data # Determine if we should remove the injected data
REMOVE_WAF = os.getenv('REMOVE_INJECTED_DATA', 'false').lower() == 'true' REMOVE_WAF = os.getenv('REMOVE_INJECTED_DATA', 'false').lower() == 'true'
@ -604,9 +604,9 @@ def mutate():
if REMOVE_WAF: if REMOVE_WAF:
app.logger.debug("Removing injected sidecar and associated resources.") app.logger.debug("Removing injected sidecar and associated resources.")
# Only handle Istio-specific removal if AGENT_KIND is "istio" # Only handle Istio-specific removal if PROXY_KIND is "istio"
if is_istio_agent(): if is_istio_agent():
app.logger.debug("AGENT_KIND is istio, removing Istio-specific components.") app.logger.debug("PROXY_KIND is istio, removing Istio-specific components.")
if DEPLOY_FILTER and SELECTOR_LABEL_NAME and SELECTOR_LABEL_VALUE: if DEPLOY_FILTER and SELECTOR_LABEL_NAME and SELECTOR_LABEL_VALUE:
remove_envoy_filter_by_selector(namespace, SELECTOR_LABEL_NAME, SELECTOR_LABEL_VALUE) remove_envoy_filter_by_selector(namespace, SELECTOR_LABEL_NAME, SELECTOR_LABEL_VALUE)
@ -642,7 +642,7 @@ def mutate():
app.logger.debug(f"Removed init container patch: {patches[-1]}") app.logger.debug(f"Removed init container patch: {patches[-1]}")
break # Stop once we find and remove the target container break # Stop once we find and remove the target container
else: else:
app.logger.debug(f"AGENT_KIND is {AGENT_KIND}, skipping Istio-specific removal.") app.logger.debug(f"PROXY_KIND is {PROXY_KIND}, skipping Istio-specific removal.")
# For kong agents, set automountServiceAccountToken back to false # For kong agents, set automountServiceAccountToken back to false
if 'automountServiceAccountToken' in obj.get('spec', {}): if 'automountServiceAccountToken' in obj.get('spec', {}):
@ -694,9 +694,9 @@ def mutate():
# Define the volume # Define the volume
volume_def = get_volume_definition() volume_def = get_volume_definition()
# Only handle Istio-specific components if AGENT_KIND is "istio" # Only handle Istio-specific components if PROXY_KIND is "istio"
if is_istio_agent(): if is_istio_agent():
app.logger.debug("AGENT_KIND is istio, adding Istio-specific components.") app.logger.debug("PROXY_KIND is istio, adding Istio-specific components.")
# Define the init container() # Define the init container()
init_container = get_init_container() init_container = get_init_container()
@ -754,7 +754,7 @@ def mutate():
envoy_filter_name = RELEASE_NAME + "-waf-filter" envoy_filter_name = RELEASE_NAME + "-waf-filter"
create_or_update_envoy_filter(envoy_filter_name, namespace, SELECTOR_LABEL_NAME, SELECTOR_LABEL_VALUE) create_or_update_envoy_filter(envoy_filter_name, namespace, SELECTOR_LABEL_NAME, SELECTOR_LABEL_VALUE)
else: else:
app.logger.debug(f"AGENT_KIND is {AGENT_KIND}, skipping Istio-specific components.") app.logger.debug(f"PROXY_KIND is {PROXY_KIND}, skipping Istio-specific components.")
# For kong agents (like Kong), set automountServiceAccountToken to true # For kong agents (like Kong), set automountServiceAccountToken to true
current_spec = obj.get('spec', {}) current_spec = obj.get('spec', {})