Kong dockerfile (#37)

* add the kong plugin Dockerfile * fix version * fix version * Daniel fixes * [JIRA] INXT-46346: Kong plug in | Prepare for docker submission * Docker file fix * fix the docker build command * fix the docker build command * fix the docker build command * fix the docker build command * fix the docker build command * fix the docker build command * fix the docker build command * fix the docker build command * fix the docker build command * fix the docker build command * [JIRA] INXT-46285: Kong plug In | add flag to open-appsec script * fix docker * fix docker * fix * add network hos * remove build.sh files --------- Co-authored-by: wiaamm <wiaamm@checkpoint.com>
2025-07-16 07:24:46 +03:00 · 2025-06-30 16:46:53 +03:00 · 2025-06-30 16:46:53 +03:00 · c59e4d0e76
commit c59e4d0e76
parent 882dc4c187
5 changed files with 43 additions and 1 deletions
--- a/attachments/CMakeLists.txt
+++ b/attachments/CMakeLists.txt
@ -1,6 +1,8 @@
 add_subdirectory(nano_attachment)
 if ("${ATTACHMENT_TYPE}" STREQUAL "envoy")
    add_subdirectory(envoy)
+elseif("${ATTACHMENT_TYPE}" STREQUAL "kong")
+    message(STATUS "ATTACHMENT_TYPE = ${ATTACHMENT_TYPE}")
 else()
    add_subdirectory(nginx)
 endif()
--- a/docker/CMakeLists.txt
+++ b/docker/CMakeLists.txt
@ -9,3 +9,4 @@ add_custom_target(docker DEPENDS ${CMAKE_INSTALL_PREFIX}/nginx-docker.img)

 add_subdirectory(openappsec-envoy-attachments)
 add_subdirectory(openappsec-waf-webhook)
+add_subdirectory(openappsec-kong-plugin)
--- a/docker/openappsec-kong-plugin/CMakeLists.txt
+++ b/docker/openappsec-kong-plugin/CMakeLists.txt
@ -0,0 +1,9 @@
+message(STATUS "OUTPUT_KONG_PLUGIN_DOCKER_IMAGE = ${OUTPUT_KONG_PLUGIN_DOCKER_IMAGE}")
+add_custom_command(
+    OUTPUT ${CMAKE_INSTALL_PREFIX}/kong-plugin-docker.img
+    COMMAND docker build --load -t kong-plugin-docker --network host -f ${CMAKE_CURRENT_SOURCE_DIR}/Dockerfile ${CMAKE_INSTALL_PREFIX}
+    COMMAND docker tag kong-plugin-docker ${OUTPUT_KONG_PLUGIN_DOCKER_IMAGE}
+    COMMAND docker image save kong-plugin-docker -o ${CMAKE_INSTALL_PREFIX}/kong-plugin-docker.img
+)
+
+add_custom_target(kong-plugin-docker DEPENDS ${CMAKE_INSTALL_PREFIX}/kong-plugin-docker.img)
--- a/docker/openappsec-kong-plugin/Dockerfile
+++ b/docker/openappsec-kong-plugin/Dockerfile
@ -0,0 +1,30 @@
+FROM kong
+
+USER root
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential git curl zlib1g-dev ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN curl -sL https://github.com/USCiLab/cereal/archive/refs/tags/v1.3.2.tar.gz | tar xz && \
+    mkdir -p /usr/local/include/cereal && \
+    cp -r cereal-1.3.2/include/cereal /usr/local/include/ && \
+    rm -rf cereal-1.3.2
+
+ENV LUAROCKS_VER=3.11.0
+RUN curl -fSL https://luarocks.org/releases/luarocks-${LUAROCKS_VER}.tar.gz -o luarocks-${LUAROCKS_VER}.tar.gz && \
+    tar xzf luarocks-${LUAROCKS_VER}.tar.gz && \
+    cd luarocks-${LUAROCKS_VER} && \
+    ./configure \
+        --with-lua=/usr/local/openresty/luajit \
+        --with-lua-include=/usr/local/openresty/luajit/include/luajit-2.1 && \
+    make && make install && \
+    cd .. && rm -rf luarocks-${LUAROCKS_VER}*
+
+# Install the plugin via LuaRocks
+RUN luarocks install https://raw.githubusercontent.com/openappsec/attachment/main/attachments/kong/open-appsec-waf-kong-plugin-1.0.0-1.rockspec --deps-mode=all
+
+USER kong
+
+# Enable the plugin
+ENV KONG_PLUGINS=bundled,open-appsec-waf-kong-plugin
--- a/docker/openappsec-waf-webhook/CMakeLists.txt
+++ b/docker/openappsec-waf-webhook/CMakeLists.txt
@ -1,4 +1,4 @@
-message(STATUS "OUTPUT_ENVOY_FILTERS_DOCKER_IMAGE = ${OUTPUT_ENVOY_FILTERS_DOCKER_IMAGE}")
+message(STATUS "OUTPUT_WAF_WEBHOOK_DOCKER_IMAGE = ${OUTPUT_WAF_WEBHOOK_DOCKER_IMAGE}")
 add_custom_command(
    OUTPUT ${CMAKE_INSTALL_PREFIX}/waf-webhook-docker.img
    COMMAND docker build -t waf-webhook-docker -f ${CMAKE_CURRENT_SOURCE_DIR}/Dockerfile ${CMAKE_INSTALL_PREFIX}