github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-11-16 17:31:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github_mirrors:Feb_13_2024
Branches Tags
github_mirrors:main github_mirrors:v1beta2-defualt-policy github_mirrors:fix-entry-file-token-arg github_mirrors:09-11-25-dev github_mirrors:docker-stop-issue github_mirrors:update_docker_compose github_mirrors:fix-alpine-ca github_mirrors:Aug_08_2025-Dev github_mirrors:nginx_message_reader_improvements github_mirrors:conf-collector-upload github_mirrors:waf-tag github_mirrors:watchdog github_mirrors:prometheus_support github_mirrors:exception-fix github_mirrors:orianelou-patch-8 github_mirrors:orianelou-issue-tamplates github_mirrors:Mar_17_2025-Dev github_mirrors:docker-upgrade-issue github_mirrors:namspace-crds github_mirrors:Feb_27_2025-Dev github_mirrors:Feb_10_2025-Dev github_mirrors:oriane-23.12.24-adding-new-composes github_mirrors:Jan_12_2025-Dev github_mirrors:orianelou-patch-7 github_mirrors:Dec_29_2024-Dev github_mirrors:Nov_28_2024-Dev github_mirrors:Oct_14_2024-Dev github_mirrors:Sep_17_2024-Dev github_mirrors:Sep_15_2024-Dev github_mirrors:Sep_13_2024-Dev github_mirrors:Sep_11_2024-Dev github_mirrors:Aug_20_2024-Dev github_mirrors:orianelou-patch-6 github_mirrors:orianelou-patch-5 github_mirrors:orianelou-patch-4 github_mirrors:Jul_31_2024-Dev github_mirrors:danielei-hotifx-candidate github_mirrors:orianelou-crds github_mirrors:or github_mirrors:Jul_23_2024-Dev github_mirrors:Jul_04_2024-Dev github_mirrors:Jun_26_2024-Dev github_mirrors:orianelou-new-policy-files github_mirrors:Jun_09_2024-Dev github_mirrors:May_27_2024-Dev github_mirrors:Apr_21_2024-Dev github_mirrors:Apr_14_2024-Dev github_mirrors:Mar_21_2024-Dev github_mirrors:orianelou-patch-3 github_mirrors:WrightNed-patch-1 github_mirrors:Feb_28_2024 github_mirrors:orianelou-patch-apisix github_mirrors:Feb_13_2024 github_mirrors:Feb_06_2024-Dev github_mirrors:Jan_31_2024-Dev github_mirrors:Dec-24-2023 github_mirrors:Dec-12th-2023 github_mirrors:Nov_12_2023-Dev github_mirrors:open_appsec_add_agent_cache_for_rate_limit github_mirrors:orianelou-patch-2 github_mirrors:Sep_24_2023-Dev github_mirrors:Aug_23_2023-Dev github_mirrors:changing_socket_readiness_testing github_mirrors:support-advance-model github_mirrors:Jul_24_23_chart_update github_mirrors:Jul_06_2023-Dev github_mirrors:orianelou-patch-1 github_mirrors:workflow-08_05 github_mirrors:May_11_2023-Dev github_mirrors:crowdsec github_mirrors:Apr_27_2023-Dev github_mirrors:Mar_26_2023-Dev github_mirrors:Mar_13_2023-Dev github_mirrors:Mar_02_2023-Dev github_mirrors:Feb_22_2023-Dev github_mirrors:Feb_15_2023-Dev github_mirrors:Jan_22_2023-Dev github_mirrors:Jan_18_2023-Dev github_mirrors:Jan_16_2023
github_mirrors:1.1.30 github_mirrors:1.1.29 github_mirrors:1.1.27 github_mirrors:1.1.26 github_mirrors:1.1.25 github_mirrors:1.1.24 github_mirrors:1.1.23 github_mirrors:1.1.22 github_mirrors:1.1.21 github_mirrors:1.1.20 github_mirrors:1.1.19 github_mirrors:1.1.18 github_mirrors:1.1.17 github_mirrors:1.1.16 github_mirrors:1.1.15 github_mirrors:1.1.14 github_mirrors:v1.1.3 github_mirrors:1.1.12 github_mirrors:1.1.11 github_mirrors:1.1.10 github_mirrors:1.1.9 github_mirrors:1.1.8 github_mirrors:1.1.7 github_mirrors:1.1.6 github_mirrors:1.1.5 github_mirrors:1.1.4 github_mirrors:1.1.3 github_mirrors:1.1.2 github_mirrors:1.1.0 github_mirrors:1.0.1 github_mirrors:1.0.0 github_mirrors:0.9.1-rc github_mirrors:0.9.0-rc github_mirrors:0.8.0-rc
..
compare: github_mirrors:1.1.23
Branches Tags
github_mirrors:main github_mirrors:v1beta2-defualt-policy github_mirrors:fix-entry-file-token-arg github_mirrors:09-11-25-dev github_mirrors:docker-stop-issue github_mirrors:update_docker_compose github_mirrors:fix-alpine-ca github_mirrors:Aug_08_2025-Dev github_mirrors:nginx_message_reader_improvements github_mirrors:conf-collector-upload github_mirrors:waf-tag github_mirrors:watchdog github_mirrors:prometheus_support github_mirrors:exception-fix github_mirrors:orianelou-patch-8 github_mirrors:orianelou-issue-tamplates github_mirrors:Mar_17_2025-Dev github_mirrors:docker-upgrade-issue github_mirrors:namspace-crds github_mirrors:Feb_27_2025-Dev github_mirrors:Feb_10_2025-Dev github_mirrors:oriane-23.12.24-adding-new-composes github_mirrors:Jan_12_2025-Dev github_mirrors:orianelou-patch-7 github_mirrors:Dec_29_2024-Dev github_mirrors:Nov_28_2024-Dev github_mirrors:Oct_14_2024-Dev github_mirrors:Sep_17_2024-Dev github_mirrors:Sep_15_2024-Dev github_mirrors:Sep_13_2024-Dev github_mirrors:Sep_11_2024-Dev github_mirrors:Aug_20_2024-Dev github_mirrors:orianelou-patch-6 github_mirrors:orianelou-patch-5 github_mirrors:orianelou-patch-4 github_mirrors:Jul_31_2024-Dev github_mirrors:danielei-hotifx-candidate github_mirrors:orianelou-crds github_mirrors:or github_mirrors:Jul_23_2024-Dev github_mirrors:Jul_04_2024-Dev github_mirrors:Jun_26_2024-Dev github_mirrors:orianelou-new-policy-files github_mirrors:Jun_09_2024-Dev github_mirrors:May_27_2024-Dev github_mirrors:Apr_21_2024-Dev github_mirrors:Apr_14_2024-Dev github_mirrors:Mar_21_2024-Dev github_mirrors:orianelou-patch-3 github_mirrors:WrightNed-patch-1 github_mirrors:Feb_28_2024 github_mirrors:orianelou-patch-apisix github_mirrors:Feb_13_2024 github_mirrors:Feb_06_2024-Dev github_mirrors:Jan_31_2024-Dev github_mirrors:Dec-24-2023 github_mirrors:Dec-12th-2023 github_mirrors:Nov_12_2023-Dev github_mirrors:open_appsec_add_agent_cache_for_rate_limit github_mirrors:orianelou-patch-2 github_mirrors:Sep_24_2023-Dev github_mirrors:Aug_23_2023-Dev github_mirrors:changing_socket_readiness_testing github_mirrors:support-advance-model github_mirrors:Jul_24_23_chart_update github_mirrors:Jul_06_2023-Dev github_mirrors:orianelou-patch-1 github_mirrors:workflow-08_05 github_mirrors:May_11_2023-Dev github_mirrors:crowdsec github_mirrors:Apr_27_2023-Dev github_mirrors:Mar_26_2023-Dev github_mirrors:Mar_13_2023-Dev github_mirrors:Mar_02_2023-Dev github_mirrors:Feb_22_2023-Dev github_mirrors:Feb_15_2023-Dev github_mirrors:Jan_22_2023-Dev github_mirrors:Jan_18_2023-Dev github_mirrors:Jan_16_2023
github_mirrors:1.1.30 github_mirrors:1.1.29 github_mirrors:1.1.27 github_mirrors:1.1.26 github_mirrors:1.1.25 github_mirrors:1.1.24 github_mirrors:1.1.23 github_mirrors:1.1.22 github_mirrors:1.1.21 github_mirrors:1.1.20 github_mirrors:1.1.19 github_mirrors:1.1.18 github_mirrors:1.1.17 github_mirrors:1.1.16 github_mirrors:1.1.15 github_mirrors:1.1.14 github_mirrors:v1.1.3 github_mirrors:1.1.12 github_mirrors:1.1.11 github_mirrors:1.1.10 github_mirrors:1.1.9 github_mirrors:1.1.8 github_mirrors:1.1.7 github_mirrors:1.1.6 github_mirrors:1.1.5 github_mirrors:1.1.4 github_mirrors:1.1.3 github_mirrors:1.1.2 github_mirrors:1.1.0 github_mirrors:1.0.1 github_mirrors:1.0.0 github_mirrors:0.9.1-rc github_mirrors:0.9.0-rc github_mirrors:0.8.0-rc

236 Commits
Feb_13_202 ... 1.1.23

Author SHA1 Message Date
orianelou
448991ef75 Update docker-compose.yaml 2025-03-03 11:54:03 +02:00
orianelou
2b1ee84280 Update docker-compose.yaml 2025-03-03 11:53:53 +02:00
orianelou
77dd288eee Update docker-compose.yaml 2025-03-03 11:52:47 +02:00
orianelou
3cb4def82e Update docker-compose.yaml 2025-03-03 11:52:26 +02:00
orianelou
a0dd7dd614 Update docker-compose.yaml 2025-03-03 11:51:13 +02:00
orianelou
88eed946ec Update docker-compose.yaml 2025-03-03 11:50:49 +02:00
orianelou
3e1ad8b0f7 Update docker-compose.yaml 2025-03-03 11:50:23 +02:00
Daniel-Eisenberg
bd35c421c6 Merge pull request #263 from openappsec/Feb_27_2025-Dev 
Feb 27 2025 dev
 2025-03-02 18:23:10 +02:00
Ned Wright
9d6e883724 sync code 2025-02-27 16:08:31 +00:00
Ned Wright
cd020a7ddd sync code 2025-02-27 16:03:28 +00:00
orianelou
bb35eaf657 Update open-appsec-k8s-prevent-config-v1beta2.yaml 2025-02-26 16:16:16 +02:00
orianelou
648f9ae2b1 Update open-appsec-k8s-default-config-v1beta2.yaml 2025-02-26 16:15:54 +02:00
orianelou
47e47d706a Update open-appsec-k8s-default-config-v1beta2.yaml 2025-02-26 16:15:39 +02:00
orianelou
b852809d1a Update open-appsec-crd-v1beta2.yaml 2025-02-19 13:35:51 +02:00
orianelou
a77732f84c Update open-appsec-k8s-prevent-config-v1beta1.yaml 2025-02-17 16:08:50 +02:00
orianelou
a1a8e28019 Update open-appsec-k8s-default-config-v1beta1.yaml 2025-02-17 16:08:32 +02:00
orianelou
a99c2ec4a3 Update open-appsec-k8s-prevent-config-v1beta1.yaml 2025-02-17 16:06:02 +02:00
orianelou
f1303c1703 Update open-appsec-crd-v1beta1.yaml 2025-02-17 15:52:02 +02:00
Daniel Eisenberg
bd8174ead3 fix connection 2025-02-17 12:20:20 +02:00
Daniel-Eisenberg
4ddcd2462a Feb 10 2025 dev (#255) 
* sync code

* sync code

* code sync

* code sync

---------

Co-authored-by: Ned Wright <nedwright@proton.me>
Co-authored-by: Daniel Eisenberg <danielei@checkpoint.com>
 2025-02-12 10:56:44 +02:00
orianelou
81433bac25 Create local_policy.yaml 2025-02-11 15:42:20 +02:00
orianelou
8d03b49176 Update open-appsec-k8s-full-example-config-v1beta2.yaml 2025-02-10 10:34:40 +02:00
orianelou
84f9624c00 Update open-appsec-k8s-full-example-config-v1beta2.yaml 2025-02-10 10:23:00 +02:00
orianelou
3ecda7b979 Update docker-compose.yaml 2025-02-09 15:57:29 +02:00
orianelou
8f05508e02 Update docker-compose.yaml 2025-02-09 15:41:55 +02:00
orianelou
f5b9c93fbe Update docker-compose.yaml 2025-02-09 15:40:03 +02:00
orianelou
62b74c9a10 Update docker-compose.yaml 2025-02-09 15:32:02 +02:00
orianelou
e3163cd4fa Create .env 2025-02-03 16:34:47 +02:00
orianelou
1e98fc8c66 Add files via upload 2025-02-03 16:16:50 +02:00
orianelou
6fbe272378 Delete deployment/docker-compose/envoy directory 2025-02-03 16:16:31 +02:00
orianelou
7b3320ce10 Rename default.conf to default.conf 2025-01-21 14:04:01 +02:00
orianelou
25cc2d66e7 Rename .env to .env 2025-01-21 14:03:28 +02:00
orianelou
66e2112afb Rename docker-compose.yaml to docker-compose.yaml 2025-01-21 14:03:05 +02:00
orianelou
ba7c9afd52 Create .env 2025-01-20 15:14:44 +02:00
orianelou
2aa0993d7e Create .env 2025-01-20 15:13:52 +02:00
orianelou
0cdfc9df90 Create .env 2025-01-20 15:13:28 +02:00
orianelou
010814d656 Update .env 2025-01-20 14:36:03 +02:00
orianelou
3779dd360d Create .env 2025-01-20 14:34:54 +02:00
orianelou
0e7dc2133d Update .env 2025-01-20 14:31:39 +02:00
orianelou
c9095acbef Create .env 2025-01-20 14:29:39 +02:00
orianelou
e47e29321d Create .env 2025-01-20 14:24:03 +02:00
orianelou
25a66e77df Create default.conf 2025-01-20 14:16:18 +02:00
orianelou
6eea40f165 Create docker-compose.yaml 2025-01-20 14:15:35 +02:00
orianelou
cee6ed511a Create .env 2025-01-20 14:15:12 +02:00
orianelou
4f145fd74f Update .env 2025-01-20 14:14:31 +02:00
orianelou
3fe5c5b36f Create .env 2025-01-20 14:14:15 +02:00
orianelou
7542a85ddb Update docker-compose.yaml 2025-01-20 14:14:04 +02:00
orianelou
fae4534e5c Merge pull request #226 from openappsec/oriane-23.12.24-adding-new-composes 
Oriane 23.12.24 adding new composes
 2025-01-20 12:02:00 +02:00
orianelou
923a8a804b Add files via upload 2025-01-20 12:00:49 +02:00
orianelou
b1731237d1 Delete deployment directory 2025-01-20 11:58:01 +02:00
orianelou
3d3d6e73b9 Rename deployment/envoy/docker-compose.yaml to deployment/docker-compose/envoy/docker-compose.yaml 2025-01-20 11:49:03 +02:00
Daniel-Eisenberg
3f80127ec5 Merge pull request #224 from openappsec/Jan_12_2025-Dev 
Jan 12 2025 dev
 2025-01-19 11:16:59 +02:00
Ned Wright
abdee954bb fix log-file-handler 2025-01-15 12:22:16 +00:00
Ned Wright
9a516899e8 central nginx manager 2025-01-14 16:14:25 +00:00
Ned Wright
4fd2aa6c6b central nginx manager 2025-01-14 16:00:54 +00:00
Ned Wright
0db666ac4f central nginx manager - add new package to packages list 2025-01-13 14:29:58 +00:00
Ned Wright
493d9a6627 central nginx manager 2025-01-13 13:25:05 +00:00
Ned Wright
6db87fc7fe central nginx manager 2025-01-13 12:35:42 +00:00
orianelou
d2b9bc8c9c Create envoy.yaml 2025-01-13 14:23:49 +02:00
orianelou
886a5befe1 Create .env 2025-01-13 14:23:17 +02:00
orianelou
1f2502f9e4 Create docker-compose.yaml 2025-01-13 14:22:57 +02:00
orianelou
9e4c5014ce Create .env 2025-01-13 14:21:50 +02:00
orianelou
024423cce9 Create docker-compose.yaml 2025-01-13 14:21:35 +02:00
orianelou
dc4b546bd1 Update .env 2025-01-13 14:20:38 +02:00
orianelou
a86aca13b4 Update docker-compose.yaml 2025-01-13 14:20:21 +02:00
orianelou
87b34590d4 Update .env 2025-01-13 14:18:04 +02:00
orianelou
e0198a1a95 Update docker-compose.yaml 2025-01-13 14:17:49 +02:00
orianelou
d024ad5845 Update .env 2025-01-13 14:15:28 +02:00
orianelou
46d42c8fa3 Update docker-compose.yaml 2025-01-13 14:15:15 +02:00
orianelou
f6c36f3363 Update .env 2025-01-13 14:14:07 +02:00
orianelou
63541a4c3c Update docker-compose.yaml 2025-01-13 14:13:53 +02:00
orianelou
d14fa7a468 Update docker-compose.yaml 2025-01-13 14:13:23 +02:00
orianelou
ae0de5bf14 Update docker-compose.yaml 2025-01-13 14:13:12 +02:00
orianelou
d39919f348 Update .env 2025-01-13 14:12:32 +02:00
orianelou
4f215e1409 Update docker-compose.yaml 2025-01-13 14:12:09 +02:00
orianelou
f05b5f8cee Create default.conf 2025-01-13 14:11:47 +02:00
orianelou
949b656b13 Update .env 2025-01-13 14:11:02 +02:00
orianelou
bbe293d215 Update docker-compose.yaml 2025-01-13 14:10:48 +02:00
Daniel-Eisenberg
35b2df729f Merge pull request #214 from openappsec/Dec_29_2024-Dev 
Dec 29 2024 dev
 2025-01-02 10:56:50 +02:00
orianelou
7600b6218f Rename examples/juiceshop/default.conf to examples/juiceshop/nginx/default.conf 2025-01-02 10:21:02 +02:00
orianelou
20e8e65e14 Update open-appsec-k8s-full-example-config-v1beta2.yaml 2024-12-30 16:52:26 +02:00
orianelou
414130a789 Update open-appsec-k8s-full-example-config-v1beta2.yaml 2024-12-30 16:40:13 +02:00
orianelou
9d704455e8 Update open-appsec-k8s-full-example-config-v1beta2.yaml 2024-12-30 16:30:36 +02:00
orianelou
602442fed4 Update open-appsec-k8s-full-example-config-v1beta2.yaml 2024-12-30 16:24:12 +02:00
orianelou
4e9a90db01 Update open-appsec-k8s-full-example-config-v1beta2.yaml 2024-12-30 16:21:15 +02:00
orianelou
20f92afbc2 Update open-appsec-k8s-full-example-config-v1beta2.yaml 2024-12-30 16:18:59 +02:00
orianelou
ee7adc37d0 Update open-appsec-k8s-full-example-config-v1beta2.yaml 2024-12-30 16:13:51 +02:00
orianelou
c0b3e9c0d0 Update open-appsec-k8s-full-example-config-v1beta2.yaml 2024-12-30 14:34:17 +02:00
orianelou
f1f4b13327 Update open-appsec-k8s-prevent-config-v1beta2.yaml 2024-12-30 13:51:59 +02:00
orianelou
4354a98d37 Update open-appsec-k8s-default-config-v1beta2.yaml 2024-12-30 13:51:19 +02:00
orianelou
09fa11516c Update open-appsec-k8s-full-example-config-v1beta2.yaml 2024-12-30 13:39:09 +02:00
orianelou
446b043128 Rename pen-appsec-k8s-full-example-config-v1beta2.yaml to open-appsec-k8s-full-example-config-v1beta2.yaml 2024-12-30 13:36:31 +02:00
orianelou
91bcadf930 Create pen-appsec-k8s-full-example-config-v1beta2.yaml 2024-12-30 13:35:05 +02:00
orianelou
0824cf4b23 Update README.md 2024-12-30 09:42:10 +02:00
Ned Wright
108abdb35e sync code 2024-12-29 12:47:25 +00:00
Ned Wright
64ebf013eb sync code 2024-12-29 12:13:27 +00:00
orianelou
2c91793f08 Create .env 2024-12-24 11:04:38 +02:00
orianelou
72a263d25a Create docker-compose.yaml 2024-12-24 11:00:58 +02:00
orianelou
4e14ff9a58 Create default.conf 2024-12-23 17:25:23 +02:00
orianelou
1fb28e14d6 Create juiceshop.subfolder.conf 2024-12-23 17:24:26 +02:00
orianelou
e38bb9525c Create .env 2024-12-23 17:22:40 +02:00
orianelou
63b8bb22c2 Create docker-compose.yaml 2024-12-23 17:21:53 +02:00
orianelou
11c97330f5 Create apisix.yaml 2024-12-23 16:59:40 +02:00
orianelou
e56fb0bc1a Create .env 2024-12-23 16:59:07 +02:00
orianelou
4571d563f4 Create docker-compose.yaml 2024-12-23 16:58:35 +02:00
orianelou
02c1db01f6 Create default.conf 2024-12-23 16:47:53 +02:00
orianelou
c557affd9b Create .env 2024-12-23 16:46:38 +02:00
orianelou
8889c3c054 Create docker-compose.yaml 2024-12-23 16:46:16 +02:00
orianelou
f67eff87bc Create kong.yaml 2024-12-23 16:19:32 +02:00
orianelou
fa6a2e4233 Create .env 2024-12-23 16:18:53 +02:00
orianelou
b7e2efbf7e Create docker-compose.yaml 2024-12-23 10:20:02 +02:00
orianelou
96ce290e5f Update open-appsec-crd-v1beta2.yaml 2024-12-19 14:42:51 +02:00
orianelou
de8e2d9970 Merge pull request #210 from openappsec/orianelou-test-as-top-level-7 
Update local_policy.yaml
 2024-12-12 12:50:29 +02:00
orianelou
0048708af1 Update local_policy.yaml 2024-12-12 12:49:40 +02:00
orianelou
4fe0f44e88 Update local_policy.yaml 2024-12-12 12:45:22 +02:00
orianelou
5f139d13d7 Update docker-compose.yaml 2024-12-09 10:59:01 +02:00
orianelou
919d775a73 Update docker-compose.yaml 2024-12-05 14:42:04 +02:00
orianelou
ac8e353598 Update docker-compose.yaml 2024-12-05 13:43:23 +02:00
Daniel-Eisenberg
0663f20691 Merge pull request #207 from openappsec/Nov_28_2024-Dev 
Nov 28 2024 dev
 2024-12-01 11:53:26 +02:00
Ned Wright
2dda6231f6 sync code 2024-11-28 10:53:40 +00:00
Ned Wright
1c1f0b7e29 sync code 2024-11-28 10:41:59 +00:00
orianelou
6255e1f30d Rename docker-compose.yaml to docker-compose.yaml 2024-11-06 14:57:50 +02:00
orianelou
454aacf622 Rename .env to .env 2024-11-06 14:57:31 +02:00
orianelou
c91ccba5a8 Create .env 2024-11-06 14:01:40 +02:00
orianelou
b1f897191c Create docker-compose.yaml 2024-11-06 14:01:20 +02:00
Daniel-Eisenberg
027ddfea21 Merge pull request #200 from openappsec/Oct_14_2024-Dev 
Oct 14 2024 dev
 2024-11-05 12:12:10 +02:00
orianelou
d1a2906b29 Create default.conf 2024-11-03 14:23:34 +02:00
Ned Wright
b1ade9bba0 code sync 2024-10-15 06:57:25 +00:00
Ned Wright
36d302b77e code sync 2024-10-14 16:43:58 +00:00
Ned Wright
1d7d38b0a6 code sync 2024-10-14 16:39:35 +00:00
Ned Wright
1b7eafaa23 code sync 2024-10-14 16:32:23 +00:00
Ned Wright
c2ea2cda6d sync code 2024-10-14 14:51:28 +00:00
orianelou
b58f7781e6 Update local_policy.yaml 2024-10-01 13:05:23 +03:00
orianelou
7153d222c0 Update local_policy.yaml 2024-10-01 13:03:59 +03:00
orianelou
f1ec8959b7 Update apisix-standalone.yaml 2024-10-01 12:49:25 +03:00
Daniel-Eisenberg
4a7336b276 Merge pull request #190 from openappsec/Sep_17_2024-Dev 
sync code
 2024-09-30 14:53:51 +03:00
orianelou
4d0042e933 Create apisix-standalone.yaml 2024-09-30 14:10:35 +03:00
orianelou
015915497a Create docker-compose.yaml 2024-09-30 14:09:43 +03:00
Ned Wright
586150fe4f sync code 2024-09-17 10:53:09 +00:00
orianelou
3fe0b42fcd Merge pull request #189 from openappsec/Sep_15_2024-Dev 
sync code
 2024-09-15 17:25:26 +03:00
orianelou
84e10c7129 Merge pull request #186 from chkp-omriat2/main 
Updating crowdsec auxiliary
 2024-09-15 17:25:13 +03:00
Ned Wright
eddd250409 sync code 2024-09-15 02:49:26 +00:00
chkp-omriat2
294cb600f8 Updating crowdsec auxiliary 2024-09-10 06:09:54 +00:00
Ned Wright
f4bad4c4d9 Remove non-active files 2024-09-02 14:16:01 +03:00
WrightNed
6e916599d9 Merge pull request #179 from openappsec/Aug_20_2024-Dev 
Aug 20th update
 2024-08-27 12:33:46 +03:00
orianelou
24d53aed53 Update docker-compose.yaml 2024-08-27 10:50:25 +03:00
WrightNed
93fb3da2f8 Merge pull request #177 from wiaam96/patch-1 
Update entry.sh
 2024-08-22 15:17:49 +03:00
wiaam96
e7378c9a5f Update entry.sh 2024-08-22 15:15:24 +03:00
Ned Wright
110f0c8bd2 Aug 20th update 2024-08-21 08:42:14 +00:00
WrightNed
ca31aac08a Merge pull request #174 from openappsec/orianelou-patch-6 
Update docker-compose.yaml
 2024-08-20 15:17:02 +03:00
orianelou
161b6dd180 Update docker-compose.yaml 2024-08-20 14:50:01 +03:00
WrightNed
84327e0b19 Merge pull request #170 from openappsec/orianelou-patch-4 
Create docker-compose.yaml
 2024-08-05 13:12:40 +03:00
orianelou
b9723ba6ce Create docker-compose.yaml 
added compose for docker SWAG
 2024-08-05 12:06:37 +03:00
WrightNed
00e183b8c6 Merge pull request #169 from openappsec/Jul_31_2024-Dev 
Jul 31st update
 2024-08-01 18:10:44 +03:00
WrightNed
e859c167ed Merge pull request #167 from openappsec/orianelou-crds 
Orianelou crds
 2024-08-01 18:10:11 +03:00
Ned Wright
384b59cc87 Jul 31st update 2024-07-31 17:15:35 +00:00
orianelou
805e958cb9 Create open-appsec-crd-latest.yaml 2024-07-25 12:06:59 +03:00
orianelou
5bcd7cfcf1 Create open-appsec-crd-v1beta2.yaml 2024-07-25 12:05:57 +03:00
orianelou
ae6f2faeec Create open-appsec-crd-v1beta1.yaml 2024-07-25 12:04:22 +03:00
WrightNed
705a5e6061 Merge pull request #166 from openappsec/Jul_23_2024-Dev 
Jul 23rd update
 2024-07-24 16:01:45 +03:00
WrightNed
c33b74a970 Merge pull request #164 from chkp-omris/main 
update intelligence
 2024-07-24 15:54:58 +03:00
chkp-omris
2da9fbc385 update intelligence 2024-07-23 13:15:33 +00:00
Ned Wright
f58e9a6128 Jul 23rd update 2024-07-23 11:08:24 +00:00
WrightNed
57ea5c72c5 Merge pull request #156 from openappsec/Jul_04_2024-Dev 
Jul 4th update
 2024-07-07 08:47:38 +03:00
Ned Wright
962bd31d46 Jul 4th update 2024-07-04 14:10:34 +00:00
WrightNed
01770475ec Merge pull request #153 from openappsec/Jun_26_2024-Dev 
June 27th update
 2024-07-01 11:42:11 +03:00
Ned Wright
78b114a274 June 27th update 2024-06-27 12:05:38 +00:00
WrightNed
81b1aec487 Merge pull request #148 from openappsec/orianelou-new-policy-files 
Orianelou new policy files
 2024-06-19 16:18:41 +03:00
orianelou
be6591a670 Update local_policy.yaml 2024-06-17 13:49:48 +03:00
orianelou
663782009c Update local_policy.yaml 2024-06-17 13:49:18 +03:00
orianelou
9392bbb26c Update local_policy.yaml 2024-06-17 13:49:01 +03:00
orianelou
46682bcdce Update local_policy.yaml 2024-06-17 13:48:39 +03:00
orianelou
057bc42375 Update local_policy.yaml 2024-06-17 13:47:24 +03:00
orianelou
88e0ccd308 Rename open-appsec-k8s-default-config-v1beta21.yaml to open-appsec-k8s-default-config-v1beta1.yaml 2024-06-17 13:45:02 +03:00
orianelou
4241b9c574 Create open-appsec-k8s-prevent-config-v1beta2.yaml 2024-06-17 13:44:45 +03:00
orianelou
4af9f18ada Create open-appsec-k8s-default-config-v1beta2.yaml 2024-06-17 13:44:25 +03:00
orianelou
3b533608b1 Create open-appsec-k8s-prevent-config-v1beta1.yaml 2024-06-17 13:42:13 +03:00
orianelou
74bb3086ec Create open-appsec-k8s-default-config-v1beta21.yaml 2024-06-17 13:41:29 +03:00
orianelou
504d1415a5 Create local_policy.yaml 2024-06-17 13:39:40 +03:00
orianelou
18b1b63c42 Create local_policy.yaml 2024-06-17 13:38:31 +03:00
orianelou
ded2a5ffc2 Create local_policy.yaml 2024-06-17 13:36:23 +03:00
orianelou
1254bb37b2 Create local_policy.yaml 2024-06-17 13:34:35 +03:00
orianelou
cf16343caa Create open-appsec-k8s-prevent-config-v1beta2.yaml 2024-06-16 10:56:16 +03:00
orianelou
78c4209406 Rename config/k8s/v1beta2/default/open-appsec-k8s-default-config-v1beta2.yaml to config/k8s/v1beta2/open-appsec-k8s-default-config-v1beta2.yaml 2024-06-16 10:55:23 +03:00
orianelou
3c8672c565 Rename config/k8s/v1beta2/open-appsec-k8s-default-config-v1beta2.yaml to config/k8s/v1beta2/default/open-appsec-k8s-default-config-v1beta2.yaml 2024-06-16 10:54:05 +03:00
orianelou
48d6baed3b Rename config/linux/v1beta2/local_policy.yaml to config/linux/v1beta2/default/local_policy.yaml 2024-06-16 10:44:39 +03:00
orianelou
8770257a60 Create local_policy.yaml for linux prevent 2024-06-16 10:44:21 +03:00
Ned Wright
fd5d093b24 Add --no-upgrade option to docker 2024-06-03 14:19:41 +00:00
WrightNed
d6debf8d8d Merge pull request #141 from openappsec/May_27_2024-Dev 
May 27 2024 dev
 2024-06-02 10:15:10 +03:00
Ned Wright
395b754575 Add dammy get-cloud-metadata.sh script 2024-05-29 11:01:17 +00:00
Ned Wright
dc000372c4 Turn on optimization by default 2024-05-27 12:05:16 +00:00
Ned Wright
941c641174 Change cloud default logging 2024-05-27 11:56:05 +00:00
Ned Wright
fdc148aa9b May 27 update 2024-05-27 09:05:33 +00:00
orianelou
307fd8897d Rename config/k8s/open-appsec-k8s-default-config-v1beta2.yaml to config/k8s/v1beta2/open-appsec-k8s-default-config-v1beta2.yaml 2024-05-21 15:24:55 +03:00
orianelou
afd2b4930b Create open-appsec-k8s-default-config-v1beta2.yaml 2024-05-21 15:24:33 +03:00
orianelou
1fb9a29223 Create local_policy.yaml 2024-05-21 15:22:54 +03:00
WrightNed
253ca70de6 Merge pull request #136 from chkp-omris/main 
Update agent-intelligence-service package
 2024-05-19 15:30:22 +03:00
chkp-omris
938f625535 Merge branch 'openappsec:main' into main 2024-05-19 15:21:46 +03:00
chkp-omris
183d14fc55 Update agent-intelligence-service package 2024-05-19 12:21:10 +00:00
WrightNed
1f3d4ed5e1 Merge pull request #135 from openappsec/Apr_21_2024-Dev 
Apr 21 2024 dev
 2024-05-19 11:08:26 +03:00
WrightNed
fdbd6d3786 Merge pull request #115 from openappsec/orianelou-patch-3 
Update docker-compose.yaml
 2024-05-19 11:07:22 +03:00
Ned Wright
4504138a4a Change all deployments to embedded 2024-04-22 09:46:50 +00:00
Ned Wright
66ed4a8d81 April 21th 2024 update 2024-04-21 13:57:46 +00:00
WrightNed
189c9209c9 Merge pull request #122 from openappsec/Apr_14_2024-Dev 
Apr 14 2024 dev
 2024-04-17 12:40:41 +03:00
Ned Wright
1a1580081c Add watchdog changes 2024-04-16 14:06:43 +00:00
Ned Wright
942b2ef8b4 2024 April 14th update 2024-04-14 12:55:54 +00:00
Ned Wright
7a7f65a77a Detect docker on http transaction installation 2024-04-14 11:28:53 +00:00
Ned Wright
98639d9cb6 configuration loading changes 2024-04-04 17:11:06 +00:00
Ned Wright
b3de81d9d9 Updating orchestration_package.sh 2024-03-31 08:48:55 +00:00
Ned Wright
a77fd9a6d0 Remove old data 2024-03-27 14:30:40 +00:00
Ned Wright
8454b2dd9b Open Appsec helm chart automation Wed Mar 27 16:27:33 IST 2024 latest 2024-03-27 16:27:33 +02:00
Ned Wright
3913e1e8b3 Update entry.sh 2024-03-26 16:05:23 +00:00
WrightNed
262b2e59ff Merge pull request #117 from openappsec/Mar_21_2024-Dev 
Mar 21 2024 dev
 2024-03-26 13:53:49 +02:00
Ned Wright
a01c65994a Edit components/security_apps/layer_7_access_control/layer_7_access_control.cc 2024-03-25 14:53:52 +00:00
WrightNed
1d13973ae2 Update entry.sh 2024-03-25 15:56:00 +02:00
Ned Wright
c20fa9f966 Mar 21st 2024 update 2024-03-21 15:31:38 +00:00
orianelou
ecbb34bc17 Update docker-compose.yaml 
changes comment type
 2024-03-21 11:24:12 +02:00
WrightNed
0d22790ebe Merge pull request #113 from openappsec/WrightNed-patch-1 
Update orchestration_package.sh
 2024-03-12 13:02:27 +02:00
WrightNed
9f86c4607e Update orchestration_package.sh 2024-03-12 13:01:44 +02:00
WrightNed
0e47ed8595 Merge pull request #110 from openappsec/Feb_28_2024 
Feb 28 2024
 2024-03-10 15:23:57 +02:00
Ned Wright
42b0bf2981 Fix typo 2024-03-10 13:21:51 +00:00
Ned Wright
75b40933ec Change default to log to cloud 2024-02-28 18:27:39 +00:00
Ned Wright
b795661328 Moving yq to be taken from environment 2024-02-28 15:04:14 +00:00
Ned Wright
eb509dfa85 Moving yq to be taken from environment 2024-02-28 14:09:18 +00:00
WrightNed
ec834aeafb Merge pull request #106 from openappsec/orianelou-patch-apisix 
Orianelou patch apisix
 2024-02-26 10:52:27 +02:00
orianelou
2c9ec1e48c Delete apisix directory 2024-02-26 10:50:43 +02:00
orianelou
55b5973c15 Create docker-compose.yaml 2024-02-26 10:50:16 +02:00
orianelou
63b5a63ded Create apisix-standalone.yaml 2024-02-26 10:49:23 +02:00
orianelou
b08047cc33 Create apisix-standalone.yaml: 2024-02-25 11:41:04 +02:00
orianelou
328808c15f Create docker-compose.yaml 2024-02-25 11:40:12 +02:00
WrightNed
c255621cd6 Merge pull request #94 from bmbeverst/fix_tests 
Fix new helm-unittest tests
 2024-02-22 14:24:37 +02:00
Ned Wright
3afc4acfc5 open-appsec helm chart update Mon Feb 19 17:27:50 IST 2024 2024-02-19 17:27:50 +02:00
WrightNed
4e6ed5734a Merge pull request #104 from openappsec/Feb_13_2024 
Feb 13 2024
 2024-02-18 13:52:06 +02:00
WrightNed
102a0308c2 Fix getenforce redirection 2024-02-18 13:51:09 +02:00
Brooks Beverstock
aa8cfd1b2a fix: Set kind to Vanilla in ingress-nginx tests, so they pass. 2024-01-24 17:07:35 -05:00
Brooks Beverstock
5452d68f9b fix: Rename expected test name due to chart name change, from ingress-nginx to open-appsec-k8s-nginx-ingress. 2024-01-24 17:06:53 -05:00
960 changed files with 162178 additions and 124026 deletions
Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -1,7 +1,7 @@
cmake_minimum_required (VERSION 2.8.4) cmake_minimum_required (VERSION 2.8.4)
project (ngen) project (ngen)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC -Wall -Wno-terminate") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -O2 -fPIC -Wall -Wno-terminate")
execute_process(COMMAND grep -c "Alpine Linux" /etc/os-release OUTPUT_VARIABLE IS_ALPINE) execute_process(COMMAND grep -c "Alpine Linux" /etc/os-release OUTPUT_VARIABLE IS_ALPINE)
if(NOT IS_ALPINE EQUAL "0") if(NOT IS_ALPINE EQUAL "0")

7
README.md
View File

@@ -74,7 +74,7 @@ For Linux, if youve built your own package use the following commands:
```bash ```bash
$ install-cp-nano-agent.sh --install --hybrid_mode $ install-cp-nano-agent.sh --install --hybrid_mode
$ install-cp-nano-service-http-transaction-handler.sh install $ install-cp-nano-service-http-transaction-handler.sh --install
$ install-cp-nano-attachment-registration-manager.sh --install $ install-cp-nano-attachment-registration-manager.sh --install
``` ```
You can add the ```--token <token>``` and ```--email <email address>``` options to the first command, to get a token follow [documentation](https://docs.openappsec.io/getting-started/using-the-web-ui-saas/connect-deployed-agents-to-saas-management-k8s-and-linux). You can add the ```--token <token>``` and ```--email <email address>``` options to the first command, to get a token follow [documentation](https://docs.openappsec.io/getting-started/using-the-web-ui-saas/connect-deployed-agents-to-saas-management-k8s-and-linux).
@@ -96,7 +96,7 @@ open-appsec GitHub includes four main repositories:
## Installing external dependencies ## Installing external dependencies
Before compiling the services, you'll need to ensure the latest development versions of the following libraries: Before compiling the services, you'll need to ensure the latest development versions of the following libraries and tools:
* Boost * Boost
* OpenSSL * OpenSSL
* PCRE2 * PCRE2
@@ -107,12 +107,13 @@ Before compiling the services, you'll need to ensure the latest development vers
* Redis * Redis
* Hiredis * Hiredis
* MaxmindDB * MaxmindDB
* yq
An example of installing the packages on Alpine: An example of installing the packages on Alpine:
```bash ```bash
$ apk update $ apk update
$ apk add boost-dev openssl-dev pcre2-dev libxml2-dev gtest-dev curl-dev hiredis-dev redis libmaxminddb-dev $ apk add boost-dev openssl-dev pcre2-dev libxml2-dev gtest-dev curl-dev hiredis-dev redis libmaxminddb-dev yq
``` ```
## Compiling and packaging the agent code ## Compiling and packaging the agent code

36
attachments/nginx/nginx_attachment_util/nginx_attachment_util.cc
View File

@@ -95,6 +95,18 @@ getFailOpenHoldTimeout()
return conf_data.getNumericalValue("fail_open_hold_timeout"); return conf_data.getNumericalValue("fail_open_hold_timeout");
} }
unsigned int
getHoldVerdictPollingTime()
{
return conf_data.getNumericalValue("hold_verdict_polling_time");
}
unsigned int
getHoldVerdictRetries()
{
return conf_data.getNumericalValue("hold_verdict_retries");
}
unsigned int unsigned int
getMaxSessionsPerMinute() getMaxSessionsPerMinute()
{ {
@@ -155,6 +167,30 @@ getWaitingForVerdictThreadTimeout()
return conf_data.getNumericalValue("waiting_for_verdict_thread_timeout_msec"); return conf_data.getNumericalValue("waiting_for_verdict_thread_timeout_msec");
} }
unsigned int
getMinRetriesForVerdict()
{
return conf_data.getNumericalValue("min_retries_for_verdict");
}
unsigned int
getMaxRetriesForVerdict()
{
return conf_data.getNumericalValue("max_retries_for_verdict");
}
unsigned int
getReqBodySizeTrigger()
{
return conf_data.getNumericalValue("body_size_trigger");
}
unsigned int
getRemoveResServerHeader()
{
return conf_data.getNumericalValue("remove_server_header");
}
int int
isIPAddress(c_str ip_str) isIPAddress(c_str ip_str)
{ {

42
attachments/nginx/nginx_attachment_util/nginx_attachment_util_ut/nginx_attachment_util_ut.cc
View File

@@ -63,32 +63,44 @@ TEST_F(HttpAttachmentUtilTest, GetValidAttachmentConfiguration)
"\"waiting_for_verdict_thread_timeout_msec\": 75,\n" "\"waiting_for_verdict_thread_timeout_msec\": 75,\n"
"\"req_header_thread_timeout_msec\": 10,\n" "\"req_header_thread_timeout_msec\": 10,\n"
"\"ip_ranges\": " + createIPRangesString(ip_ranges) + ",\n" "\"ip_ranges\": " + createIPRangesString(ip_ranges) + ",\n"
"\"static_resources_path\": \"" + static_resources_path + "\"" "\"static_resources_path\": \"" + static_resources_path + "\",\n"
"\"min_retries_for_verdict\": 1,\n"
"\"max_retries_for_verdict\": 3,\n"
"\"hold_verdict_retries\": 3,\n"
"\"hold_verdict_polling_time\": 1,\n"
"\"body_size_trigger\": 777,\n"
"\"remove_server_header\": 1\n"
"}\n"; "}\n";
ofstream valid_configuration_file(attachment_configuration_file_name); ofstream valid_configuration_file(attachment_configuration_file_name);
valid_configuration_file << valid_configuration; valid_configuration_file << valid_configuration;
valid_configuration_file.close(); valid_configuration_file.close();
EXPECT_EQ(initAttachmentConfig(attachment_configuration_file_name.c_str()), 1); EXPECT_EQ(initAttachmentConfig(attachment_configuration_file_name.c_str()), 1);
EXPECT_EQ(getDbgLevel(), 2); EXPECT_EQ(getDbgLevel(), 2u);
EXPECT_EQ(getStaticResourcesPath(), static_resources_path); EXPECT_EQ(getStaticResourcesPath(), static_resources_path);
EXPECT_EQ(isFailOpenMode(), 0); EXPECT_EQ(isFailOpenMode(), 0);
EXPECT_EQ(getFailOpenTimeout(), 1234); EXPECT_EQ(getFailOpenTimeout(), 1234u);
EXPECT_EQ(isFailOpenHoldMode(), 1); EXPECT_EQ(isFailOpenHoldMode(), 1);
EXPECT_EQ(getFailOpenHoldTimeout(), 4321); EXPECT_EQ(getFailOpenHoldTimeout(), 4321u);
EXPECT_EQ(isFailOpenOnSessionLimit(), 1); EXPECT_EQ(isFailOpenOnSessionLimit(), 1);
EXPECT_EQ(getMaxSessionsPerMinute(), 0); EXPECT_EQ(getMaxSessionsPerMinute(), 0u);
EXPECT_EQ(getNumOfNginxIpcElements(), 200); EXPECT_EQ(getNumOfNginxIpcElements(), 200u);
EXPECT_EQ(getKeepAliveIntervalMsec(), 10000); EXPECT_EQ(getKeepAliveIntervalMsec(), 10000u);
EXPECT_EQ(getResProccessingTimeout(), 420); EXPECT_EQ(getResProccessingTimeout(), 420u);
EXPECT_EQ(getReqProccessingTimeout(), 42); EXPECT_EQ(getReqProccessingTimeout(), 42u);
EXPECT_EQ(getRegistrationThreadTimeout(), 101); EXPECT_EQ(getRegistrationThreadTimeout(), 101u);
EXPECT_EQ(getReqHeaderThreadTimeout(), 10); EXPECT_EQ(getReqHeaderThreadTimeout(), 10u);
EXPECT_EQ(getReqBodyThreadTimeout(), 155); EXPECT_EQ(getReqBodyThreadTimeout(), 155u);
EXPECT_EQ(getResHeaderThreadTimeout(), 1); EXPECT_EQ(getResHeaderThreadTimeout(), 1u);
EXPECT_EQ(getResBodyThreadTimeout(), 0); EXPECT_EQ(getResBodyThreadTimeout(), 0u);
EXPECT_EQ(getWaitingForVerdictThreadTimeout(), 75); EXPECT_EQ(getMinRetriesForVerdict(), 1u);
EXPECT_EQ(getMaxRetriesForVerdict(), 3u);
EXPECT_EQ(getReqBodySizeTrigger(), 777u);
EXPECT_EQ(getWaitingForVerdictThreadTimeout(), 75u);
EXPECT_EQ(getInspectionMode(), ngx_http_inspection_mode::BLOCKING_THREAD); EXPECT_EQ(getInspectionMode(), ngx_http_inspection_mode::BLOCKING_THREAD);
EXPECT_EQ(getRemoveResServerHeader(), 1u);
EXPECT_EQ(getHoldVerdictRetries(), 3u);
EXPECT_EQ(getHoldVerdictPollingTime(), 1u);
EXPECT_EQ(isDebugContext("1.2.3.4", "5.6.7.8", 80, "GET", "test", "/abc"), 1); EXPECT_EQ(isDebugContext("1.2.3.4", "5.6.7.8", 80, "GET", "test", "/abc"), 1);
EXPECT_EQ(isDebugContext("1.2.3.9", "5.6.7.8", 80, "GET", "test", "/abc"), 0); EXPECT_EQ(isDebugContext("1.2.3.9", "5.6.7.8", 80, "GET", "test", "/abc"), 0);

11
build_system/apisix/apisix-standalone.yaml Normal file
View File

@@ -0,0 +1,11 @@
# example local declarative configuration file for apisix in standalone mode
routes:
-
uri: /anything
upstream:
nodes:
"httpbin.org:80": 1
type: roundrobin
#END

46
build_system/apisix/docker-compose.yaml Normal file
View File

@@ -0,0 +1,46 @@
# Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
# Licensed under the Apache License, Version 2.0 (the "License");
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
version: "3"
services:
apisix:
container_name: apisix
image: "ghcr.io/openappsec/apisix-attachment:latest"
ipc: host
restart: always
volumes:
- ./apisix-localconfig/apisix-standalone.yaml:/usr/local/apisix/conf/apisix.yaml:ro
environment:
- APISIX_STAND_ALONE=true
ports:
- "9180:9180/tcp"
- "9080:9080/tcp"
- "9091:9091/tcp"
- "9443:9443/tcp"
appsec-agent:
container_name: appsec-agent
image: 'ghcr.io/openappsec/agent:latest'
ipc: host
restart: unless-stopped
environment:
# adjust with your own email below
- user_email=user@email.com
- registered_server="APISIX Server"
volumes:
- ./appsec-config:/etc/cp/conf
- ./appsec-data:/etc/cp/data
- ./appsec-logs:/var/log/nano_agent
- ./appsec-localconfig:/ext/appsec
command: /cp-nano-agent --standalone

2
build_system/charts/open-appsec-k8s-nginx-ingress/Chart.lock
View File

@@ -3,4 +3,4 @@ dependencies:
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 12.2.8 version: 12.2.8
digest: sha256:0d13b8b0c66b8e18781eac510ce58b069518ff14a6a15ad90375e7f0ffad71fe digest: sha256:0d13b8b0c66b8e18781eac510ce58b069518ff14a6a15ad90375e7f0ffad71fe
generated: "2024-02-11T17:18:56.196746248Z" generated: "2024-03-26T14:53:49.928153508Z"

6
build_system/charts/open-appsec-k8s-nginx-ingress/Chart.yaml
View File

@@ -1,7 +1,5 @@
annotations: annotations:
artifacthub.io/changes: |- artifacthub.io/changes: '- "Update Ingress-Nginx version controller-v1.10.0"'
- "update web hook cert gen to latest release v20231226-1a7112e06"
- "Update Ingress-Nginx version controller-v1.9.6"
artifacthub.io/prerelease: "false" artifacthub.io/prerelease: "false"
apiVersion: v2 apiVersion: v2
appVersion: latest appVersion: latest
@@ -17,4 +15,4 @@ kubeVersion: '>=1.20.0-0'
name: open-appsec-k8s-nginx-ingress name: open-appsec-k8s-nginx-ingress
sources: sources:
- https://github.com/kubernetes/ingress-nginx - https://github.com/kubernetes/ingress-nginx
version: 4.9.1 version: 4.10.0

10
build_system/charts/open-appsec-k8s-nginx-ingress/README.md
View File

@@ -2,7 +2,7 @@
[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
![Version: 4.9.1](https://img.shields.io/badge/Version-4.9.1-informational?style=flat-square) ![AppVersion: 1.9.6](https://img.shields.io/badge/AppVersion-1.9.6-informational?style=flat-square) ![Version: 4.10.0](https://img.shields.io/badge/Version-4.10.0-informational?style=flat-square) ![AppVersion: 1.10.0](https://img.shields.io/badge/AppVersion-1.10.0-informational?style=flat-square)
To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
@@ -253,11 +253,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.admissionWebhooks.namespaceSelector | object | `{}` | | | controller.admissionWebhooks.namespaceSelector | object | `{}` | |
| controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.objectSelector | object | `{}` | |
| controller.admissionWebhooks.patch.enabled | bool | `true` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | |
| controller.admissionWebhooks.patch.image.digest | string | `"sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084"` | | | controller.admissionWebhooks.patch.image.digest | string | `"sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334"` | |
| controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | |
| controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | |
| controller.admissionWebhooks.patch.image.tag | string | `"v20231226-1a7112e06"` | | | controller.admissionWebhooks.patch.image.tag | string | `"v1.4.0"` | |
| controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
| controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | |
@@ -317,7 +317,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.hostname | object | `{}` | Optionally customize the pod hostname. |
| controller.image.allowPrivilegeEscalation | bool | `false` | | | controller.image.allowPrivilegeEscalation | bool | `false` | |
| controller.image.chroot | bool | `false` | | | controller.image.chroot | bool | `false` | |
| controller.image.digest | string | `"sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c"` | | | controller.image.digest | string | `"sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c"` | |
| controller.image.digestChroot | string | `"sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096"` | | | controller.image.digestChroot | string | `"sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096"` | |
| controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.image | string | `"ingress-nginx/controller"` | |
| controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | |
@@ -326,7 +326,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.image.runAsNonRoot | bool | `true` | | | controller.image.runAsNonRoot | bool | `true` | |
| controller.image.runAsUser | int | `101` | | | controller.image.runAsUser | int | `101` | |
| controller.image.seccompProfile.type | string | `"RuntimeDefault"` | | | controller.image.seccompProfile.type | string | `"RuntimeDefault"` | |
| controller.image.tag | string | `"v1.9.6"` | | | controller.image.tag | string | `"v1.10.0"` | |
| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass |

9
build_system/charts/open-appsec-k8s-nginx-ingress/changelog/helm-chart-4.10.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.10.0
* - "Update Ingress-Nginx version controller-v1.10.0"
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.9.1...helm-chart-4.10.0

5
build_system/charts/open-appsec-k8s-nginx-ingress/templates/_params.tpl
View File

@@ -29,7 +29,7 @@
- --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }}
{{- end }} {{- end }}
{{- if and (not .Values.controller.scope.enabled) .Values.controller.scope.namespaceSelector }} {{- if and (not .Values.controller.scope.enabled) .Values.controller.scope.namespaceSelector }}
- --watch-namespace-selector={{ default "" .Values.controller.scope.namespaceSelector }} - --watch-namespace-selector={{ .Values.controller.scope.namespaceSelector }}
{{- end }} {{- end }}
{{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }} {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
- --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
@@ -54,6 +54,9 @@
{{- if .Values.controller.watchIngressWithoutClass }} {{- if .Values.controller.watchIngressWithoutClass }}
- --watch-ingress-without-class=true - --watch-ingress-without-class=true
{{- end }} {{- end }}
{{- if not .Values.controller.metrics.enabled }}
- --enable-metrics={{ .Values.controller.metrics.enabled }}
{{- end }}
{{- if .Values.controller.enableTopologyAwareRouting }} {{- if .Values.controller.enableTopologyAwareRouting }}
- --enable-topology-aware-routing=true - --enable-topology-aware-routing=true
{{- end }} {{- end }}

2
build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-prometheusrules.yaml
View File

@@ -1,4 +1,4 @@
{{- if and ( .Values.controller.metrics.enabled ) ( .Values.controller.metrics.prometheusRule.enabled ) ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) -}} {{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled -}}
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule kind: PrometheusRule
metadata: metadata:

2
build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-policy.yaml
View File

@@ -34,7 +34,7 @@ spec:
http-headers: false http-headers: false
request-body: false request-body: false
log-destination: log-destination:
cloud: false cloud: true
stdout: stdout:
format: json-formatted format: json-formatted
--- ---

2
build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-configmap-addheaders_test.yaml
View File

@@ -21,7 +21,7 @@ tests:
of: ConfigMap of: ConfigMap
- equal: - equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-ingress-nginx-custom-add-headers value: RELEASE-NAME-open-appsec-k8s-nginx-ingress-custom-add-headers
- equal: - equal:
path: data.X-Another-Custom-Header path: data.X-Another-Custom-Header
value: Value value: Value

2
build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-configmap-proxyheaders_test.yaml
View File

@@ -21,7 +21,7 @@ tests:
of: ConfigMap of: ConfigMap
- equal: - equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-ingress-nginx-custom-proxy-headers value: RELEASE-NAME-open-appsec-k8s-nginx-ingress-custom-proxy-headers
- equal: - equal:
path: data.X-Custom-Header path: data.X-Custom-Header
value: Value value: Value

2
build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-configmap_test.yaml
View File

@@ -11,4 +11,4 @@ tests:
of: ConfigMap of: ConfigMap
- equal: - equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-ingress-nginx-controller value: RELEASE-NAME-open-appsec-k8s-nginx-ingress-controller

37
build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-daemonset_test.yaml
View File

@@ -6,6 +6,7 @@ tests:
- it: should create a DaemonSet if `controller.kind` is "DaemonSet" - it: should create a DaemonSet if `controller.kind` is "DaemonSet"
set: set:
controller.kind: DaemonSet controller.kind: DaemonSet
kind: Vanilla
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
@@ -13,4 +14,38 @@ tests:
of: DaemonSet of: DaemonSet
- equal: - equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-ingress-nginx-controller value: RELEASE-NAME-open-appsec-k8s-nginx-ingress-controller
- it: should create a DaemonSet with argument `--enable-metrics=false` if `controller.metrics.enabled` is false
set:
controller.kind: DaemonSet
kind: Vanilla
controller.metrics.enabled: false
asserts:
- contains:
path: spec.template.spec.containers[0].args
content: --enable-metrics=false
- it: should create a DaemonSet without argument `--enable-metrics=false` if `controller.metrics.enabled` is true
set:
controller.kind: DaemonSet
kind: Vanilla
controller.metrics.enabled: true
asserts:
- notContains:
path: spec.template.spec.containers[0].args
content: --enable-metrics=false
- it: should create a DaemonSet with resource limits if `controller.resources.limits` is set
set:
controller.kind: DaemonSet
kind: Vanilla
controller.resources.limits.cpu: 500m
controller.resources.limits.memory: 512Mi
asserts:
- equal:
path: spec.template.spec.containers[0].resources.limits.cpu
value: 500m
- equal:
path: spec.template.spec.containers[0].resources.limits.memory
value: 512Mi

20
build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-deployment_test.yaml
View File

@@ -11,20 +11,38 @@ tests:
of: Deployment of: Deployment
- equal: - equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-ingress-nginx-controller value: RELEASE-NAME-open-appsec-k8s-nginx-ingress-controller
- it: should create a Deployment with 3 replicas if `controller.replicaCount` is 3 - it: should create a Deployment with 3 replicas if `controller.replicaCount` is 3
set: set:
controller.replicaCount: 3 controller.replicaCount: 3
kind: Vanilla
asserts: asserts:
- equal: - equal:
path: spec.replicas path: spec.replicas
value: 3 value: 3
- it: should create a Deployment with argument `--enable-metrics=false` if `controller.metrics.enabled` is false
set:
controller.metrics.enabled: false
asserts:
- contains:
path: spec.template.spec.containers[0].args
content: --enable-metrics=false
- it: should create a Deployment without argument `--enable-metrics=false` if `controller.metrics.enabled` is true
set:
controller.metrics.enabled: true
asserts:
- notContains:
path: spec.template.spec.containers[0].args
content: --enable-metrics=false
- it: should create a Deployment with resource limits if `controller.resources.limits` is set - it: should create a Deployment with resource limits if `controller.resources.limits` is set
set: set:
controller.resources.limits.cpu: 500m controller.resources.limits.cpu: 500m
controller.resources.limits.memory: 512Mi controller.resources.limits.memory: 512Mi
kind: Vanilla
asserts: asserts:
- equal: - equal:
path: spec.template.spec.containers[0].resources.limits.cpu path: spec.template.spec.containers[0].resources.limits.cpu

2
build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-hpa_test.yaml
View File

@@ -14,4 +14,4 @@ tests:
of: HorizontalPodAutoscaler of: HorizontalPodAutoscaler
- equal: - equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-ingress-nginx-controller value: RELEASE-NAME-open-appsec-k8s-nginx-ingress-controller

2
build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-keda_test.yaml
View File

@@ -14,4 +14,4 @@ tests:
of: ScaledObject of: ScaledObject
- equal: - equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-ingress-nginx-controller value: RELEASE-NAME-open-appsec-k8s-nginx-ingress-controller

2
build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-networkpolicy_test.yaml
View File

@@ -20,4 +20,4 @@ tests:
of: NetworkPolicy of: NetworkPolicy
- equal: - equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-ingress-nginx-controller value: RELEASE-NAME-open-appsec-k8s-nginx-ingress-controller

2
build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-service-internal_test.yaml
View File

@@ -22,4 +22,4 @@ tests:
of: Service of: Service
- equal: - equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-ingress-nginx-controller-internal value: RELEASE-NAME-open-appsec-k8s-nginx-ingress-controller-internal

2
build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-service-metrics_test.yaml
View File

@@ -20,4 +20,4 @@ tests:
of: Service of: Service
- equal: - equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-ingress-nginx-controller-metrics value: RELEASE-NAME-open-appsec-k8s-nginx-ingress-controller-metrics

2
build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-service_test.yaml
View File

@@ -20,7 +20,7 @@ tests:
of: Service of: Service
- equal: - equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-ingress-nginx-controller value: RELEASE-NAME-open-appsec-k8s-nginx-ingress-controller
- it: should create a Service of type "NodePort" if `controller.service.external.enabled` is true and `controller.service.type` is "NodePort" - it: should create a Service of type "NodePort" if `controller.service.external.enabled` is true and `controller.service.type` is "NodePort"
set: set:

2
build_system/charts/open-appsec-k8s-nginx-ingress/tests/default-backend-service_test.yaml
View File

@@ -20,7 +20,7 @@ tests:
of: Service of: Service
- equal: - equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-ingress-nginx-defaultbackend value: RELEASE-NAME-open-appsec-k8s-nginx-ingress-defaultbackend
- it: should create a Service with port 80 if `defaultBackend.service.port` is 80 - it: should create a Service with port 80 if `defaultBackend.service.port` is 80
set: set:

10
build_system/charts/open-appsec-k8s-nginx-ingress/values.yaml
View File

@@ -26,8 +26,8 @@ controller:
## for backwards compatibility consider setting the full image url via the repository value below ## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository: ## repository:
tag: "v1.9.6" tag: "v1.10.0"
digest: sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c digest: sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
digestChroot: sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096 digestChroot: sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
runAsNonRoot: true runAsNonRoot: true
@@ -781,8 +781,8 @@ controller:
## for backwards compatibility consider setting the full image url via the repository value below ## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository: ## repository:
tag: v20231226-1a7112e06 tag: v1.4.0
digest: sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 digest: sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# -- Provide a priority class name to the webhook patching job # -- Provide a priority class name to the webhook patching job
## ##
@@ -1198,7 +1198,7 @@ appsec:
image: image:
registry: ghcr.io/openappsec registry: ghcr.io/openappsec
image: smartsync-tuning image: smartsync-tuning
tag: 1.1.3 tag: latest
enabled: false enabled: false
replicaCount: 1 replicaCount: 1
securityContext: securityContext:

31
build_system/charts/open-appsec-kong/CHANGELOG.md
View File

@@ -1,8 +1,33 @@
# Changelog # Changelog
## Unreleased ## 2.38.0
Nothing yet. ### Changes
* Added support for setting `SVC.tls.appProtocol` and `SVC.http.appProtocol` values to configure the appProtocol fields
for Kubernetes Service HTTP and TLS ports. It might be useful for integration with external load balancers like GCP.
[#1018](https://github.com/Kong/charts/pull/1018)
## 2.37.1
* Rename the controller status port. This fixes a collision with the proxy status port in the Prometheus ServiceMonitor.
[#1008](https://github.com/Kong/charts/pull/1008)
## 2.37.0
### Changes
* Bumped default `kong/kubernetes-ingress-controller` image tag and updated CRDs to 3.1.
[#1011](https://github.com/Kong/charts/pull/1011)
* Bumped default `kong` image tag to 3.6.
[#1011](https://github.com/Kong/charts/pull/1011)
## 2.36.0
### Fixed
* Add `KongLicense` RBAC rules.
[#1006](https://github.com/Kong/charts/pull/1006)
## 2.35.1 ## 2.35.1
@@ -13,7 +38,7 @@ Nothing yet.
## 2.35.0 ## 2.35.0
### Added ### Added
* Added controller's RBAC rules for `KongVault` CRD (installed only when KIC * Added controller's RBAC rules for `KongVault` CRD (installed only when KIC
version >= 3.1.0). version >= 3.1.0).

4
build_system/charts/open-appsec-kong/Chart.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
appVersion: 1.1.5 appVersion: 1.1.8
dependencies: dependencies:
- condition: postgresql.enabled - condition: postgresql.enabled
name: postgresql name: postgresql
@@ -14,4 +14,4 @@ maintainers:
name: open-appsec-kong name: open-appsec-kong
sources: sources:
- https://github.com/Kong/charts/tree/main/charts/kong - https://github.com/Kong/charts/tree/main/charts/kong
version: 2.35.1 version: 2.38.0

70
build_system/charts/open-appsec-kong/README.md
View File

@@ -666,40 +666,42 @@ nodes.
mixed TCP/UDP LoadBalancer Services). It _does not_ support the `http`, `tls`, mixed TCP/UDP LoadBalancer Services). It _does not_ support the `http`, `tls`,
or `ingress` sections, as it is used only for stream listens. or `ingress` sections, as it is used only for stream listens.
| Parameter | Description | Default | | Parameter | Description | Default |
|------------------------------------|---------------------------------------------------------------------------------------|--------------------------| |-----------------------------------|-------------------------------------------------------------------------------------------|--------------------------|
| SVC.enabled | Create Service resource for SVC (admin, proxy, manager, etc.) | | | SVC.enabled | Create Service resource for SVC (admin, proxy, manager, etc.) | |
| SVC.http.enabled | Enables http on the service | | | SVC.http.enabled | Enables http on the service | |
| SVC.http.servicePort | Service port to use for http | | | SVC.http.servicePort | Service port to use for http | |
| SVC.http.containerPort | Container port to use for http | | | SVC.http.containerPort | Container port to use for http | |
| SVC.http.nodePort | Node port to use for http | | | SVC.http.nodePort | Node port to use for http | |
| SVC.http.hostPort | Host port to use for http | | | SVC.http.hostPort | Host port to use for http | |
| SVC.http.parameters | Array of additional listen parameters | `[]` | | SVC.http.parameters | Array of additional listen parameters | `[]` |
| SVC.tls.enabled | Enables TLS on the service | | | SVC.http.appProtocol | `appProtocol` to be set in a Service's port. If left empty, no `appProtocol` will be set. | |
| SVC.tls.containerPort | Container port to use for TLS | | | SVC.tls.enabled | Enables TLS on the service | |
| SVC.tls.servicePort | Service port to use for TLS | | | SVC.tls.containerPort | Container port to use for TLS | |
| SVC.tls.nodePort | Node port to use for TLS | | | SVC.tls.servicePort | Service port to use for TLS | |
| SVC.tls.hostPort | Host port to use for TLS | | | SVC.tls.nodePort | Node port to use for TLS | |
| SVC.tls.overrideServiceTargetPort | Override service port to use for TLS without touching Kong containerPort | | | SVC.tls.hostPort | Host port to use for TLS | |
| SVC.tls.parameters | Array of additional listen parameters | `["http2"]` | | SVC.tls.overrideServiceTargetPort | Override service port to use for TLS without touching Kong containerPort | |
| SVC.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | | | SVC.tls.parameters | Array of additional listen parameters | `["http2"]` |
| SVC.clusterIP | k8s service clusterIP | | | SVC.tls.appProtocol | `appProtocol` to be set in a Service's port. If left empty, no `appProtocol` will be set. | |
| SVC.loadBalancerClass | loadBalancerClass to use for LoadBalancer provisionning | | | SVC.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | |
| SVC.loadBalancerSourceRanges | Limit service access to CIDRs if set and service type is `LoadBalancer` | `[]` | | SVC.clusterIP | k8s service clusterIP | |
| SVC.loadBalancerIP | Reuse an existing ingress static IP for the service | | | SVC.loadBalancerClass | loadBalancerClass to use for LoadBalancer provisionning | |
| SVC.externalIPs | IPs for which nodes in the cluster will also accept traffic for the servic | `[]` | | SVC.loadBalancerSourceRanges | Limit service access to CIDRs if set and service type is `LoadBalancer` | `[]` |
| SVC.externalTrafficPolicy | k8s service's externalTrafficPolicy. Options: Cluster, Local | | | SVC.loadBalancerIP | Reuse an existing ingress static IP for the service | |
| SVC.ingress.enabled | Enable ingress resource creation (works with SVC.type=ClusterIP) | `false` | | SVC.externalIPs | IPs for which nodes in the cluster will also accept traffic for the servic | `[]` |
| SVC.ingress.ingressClassName | Set the ingressClassName to associate this Ingress with an IngressClass | | | SVC.externalTrafficPolicy | k8s service's externalTrafficPolicy. Options: Cluster, Local | |
| SVC.ingress.hostname | Ingress hostname | `""` | | SVC.ingress.enabled | Enable ingress resource creation (works with SVC.type=ClusterIP) | `false` |
| SVC.ingress.path | Ingress path. | `/` | | SVC.ingress.ingressClassName | Set the ingressClassName to associate this Ingress with an IngressClass | |
| SVC.ingress.pathType | Ingress pathType. One of `ImplementationSpecific`, `Exact` or `Prefix` | `ImplementationSpecific` | | SVC.ingress.hostname | Ingress hostname | `""` |
| SVC.ingress.hosts | Slice of hosts configurations, including `hostname`, `path` and `pathType` keys | `[]` | | SVC.ingress.path | Ingress path. | `/` |
| SVC.ingress.tls | Name of secret resource or slice of `secretName` and `hosts` keys | | | SVC.ingress.pathType | Ingress pathType. One of `ImplementationSpecific`, `Exact` or `Prefix` | `ImplementationSpecific` |
| SVC.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | | SVC.ingress.hosts | Slice of hosts configurations, including `hostname`, `path` and `pathType` keys | `[]` |
| SVC.ingress.labels | Ingress labels. Additional custom labels to add to the ingress. | `{}` | | SVC.ingress.tls | Name of secret resource or slice of `secretName` and `hosts` keys | |
| SVC.annotations | Service annotations | `{}` | | SVC.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` |
| SVC.labels | Service labels | `{}` | | SVC.ingress.labels | Ingress labels. Additional custom labels to add to the ingress. | `{}` |
| SVC.annotations | Service annotations | `{}` |
| SVC.labels | Service labels | `{}` |
#### Admin Service mTLS #### Admin Service mTLS

34
build_system/charts/open-appsec-kong/ci/__snapshots__/admin-api-service-clusterip-values.snap
View File

@@ -9,8 +9,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -33,9 +33,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -90,7 +90,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -205,7 +205,7 @@ SnapShot = """
value: 0.0.0.0:8100, [::]:8100 value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN - name: KONG_STREAM_LISTEN
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: clear-stale-pid name: clear-stale-pid
resources: {} resources: {}
@@ -274,8 +274,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-custom-dbless-config name: chartsnap-kong-custom-dbless-config
namespace: default namespace: default
- object: - object:
@@ -286,8 +286,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-admin name: chartsnap-kong-admin
namespace: default namespace: default
spec: spec:
@@ -309,8 +309,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -336,9 +336,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -364,8 +364,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

98
build_system/charts/open-appsec-kong/ci/__snapshots__/custom-labels-values.snap
View File

@@ -9,8 +9,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validations name: chartsnap-kong-validations
namespace: default namespace: default
webhooks: webhooks:
@@ -84,8 +84,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -108,9 +108,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -138,7 +138,7 @@ SnapShot = """
value: https://localhost:8444 value: https://localhost:8444
- name: CONTROLLER_PUBLISH_SERVICE - name: CONTROLLER_PUBLISH_SERVICE
value: default/chartsnap-kong-proxy value: default/chartsnap-kong-proxy
image: kong/kubernetes-ingress-controller:3.0 image: kong/kubernetes-ingress-controller:3.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -159,7 +159,7 @@ SnapShot = """
name: cmetrics name: cmetrics
protocol: TCP protocol: TCP
- containerPort: 10254 - containerPort: 10254
name: status name: cstatus
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -240,7 +240,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -350,7 +350,7 @@ SnapShot = """
value: 0.0.0.0:8100, [::]:8100 value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN - name: KONG_STREAM_LISTEN
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: clear-stale-pid name: clear-stale-pid
resources: {} resources: {}
@@ -408,8 +408,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
rules: rules:
- apiGroups: - apiGroups:
@@ -617,6 +617,38 @@ SnapShot = """
- get - get
- list - list
- watch - watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- configuration.konghq.com - configuration.konghq.com
resources: resources:
@@ -657,8 +689,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@@ -677,8 +709,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
rules: rules:
@@ -742,8 +774,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
roleRef: roleRef:
@@ -766,8 +798,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-ca-keypair name: chartsnap-kong-validation-webhook-ca-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -783,8 +815,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-keypair name: chartsnap-kong-validation-webhook-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -797,8 +829,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -825,9 +857,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -854,8 +886,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook name: chartsnap-kong-validation-webhook
namespace: default namespace: default
spec: spec:
@@ -870,8 +902,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
- object: - object:
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -881,8 +913,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

98
build_system/charts/open-appsec-kong/ci/__snapshots__/default-values.snap
View File

@@ -8,8 +8,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validations name: chartsnap-kong-validations
namespace: default namespace: default
webhooks: webhooks:
@@ -82,8 +82,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -105,9 +105,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -137,7 +137,7 @@ SnapShot = """
value: https://localhost:8444 value: https://localhost:8444
- name: CONTROLLER_PUBLISH_SERVICE - name: CONTROLLER_PUBLISH_SERVICE
value: default/chartsnap-kong-proxy value: default/chartsnap-kong-proxy
image: kong/kubernetes-ingress-controller:3.0 image: kong/kubernetes-ingress-controller:3.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -158,7 +158,7 @@ SnapShot = """
name: cmetrics name: cmetrics
protocol: TCP protocol: TCP
- containerPort: 10254 - containerPort: 10254
name: status name: cstatus
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -241,7 +241,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -353,7 +353,7 @@ SnapShot = """
value: 0.0.0.0:8100, [::]:8100 value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN - name: KONG_STREAM_LISTEN
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: clear-stale-pid name: clear-stale-pid
resources: {} resources: {}
@@ -410,8 +410,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
rules: rules:
- apiGroups: - apiGroups:
@@ -619,6 +619,38 @@ SnapShot = """
- get - get
- list - list
- watch - watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- configuration.konghq.com - configuration.konghq.com
resources: resources:
@@ -658,8 +690,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@@ -677,8 +709,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
rules: rules:
@@ -741,8 +773,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
roleRef: roleRef:
@@ -764,8 +796,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-ca-keypair name: chartsnap-kong-validation-webhook-ca-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -780,8 +812,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-keypair name: chartsnap-kong-validation-webhook-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -793,8 +825,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -820,9 +852,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -848,8 +880,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook name: chartsnap-kong-validation-webhook
namespace: default namespace: default
spec: spec:
@@ -863,8 +895,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
- object: - object:
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -873,8 +905,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

102
build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-1-values.snap
View File

@@ -8,8 +8,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validations name: chartsnap-kong-validations
namespace: default namespace: default
webhooks: webhooks:
@@ -82,8 +82,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -105,9 +105,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -135,7 +135,7 @@ SnapShot = """
value: https://localhost:8444 value: https://localhost:8444
- name: CONTROLLER_PUBLISH_SERVICE - name: CONTROLLER_PUBLISH_SERVICE
value: default/chartsnap-kong-proxy value: default/chartsnap-kong-proxy
image: kong/kubernetes-ingress-controller:3.0 image: kong/kubernetes-ingress-controller:3.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -156,7 +156,7 @@ SnapShot = """
name: cmetrics name: cmetrics
protocol: TCP protocol: TCP
- containerPort: 10254 - containerPort: 10254
name: status name: cstatus
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -237,7 +237,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -347,7 +347,7 @@ SnapShot = """
value: 0.0.0.0:8100, [::]:8100 value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN - name: KONG_STREAM_LISTEN
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: clear-stale-pid name: clear-stale-pid
resources: {} resources: {}
@@ -404,8 +404,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -430,8 +430,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
rules: rules:
- apiGroups: - apiGroups:
@@ -639,6 +639,38 @@ SnapShot = """
- get - get
- list - list
- watch - watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- configuration.konghq.com - configuration.konghq.com
resources: resources:
@@ -678,8 +710,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@@ -697,8 +729,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
rules: rules:
@@ -761,8 +793,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
roleRef: roleRef:
@@ -784,8 +816,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-ca-keypair name: chartsnap-kong-validation-webhook-ca-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -800,8 +832,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-keypair name: chartsnap-kong-validation-webhook-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -822,8 +854,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -849,9 +881,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -877,8 +909,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook name: chartsnap-kong-validation-webhook
namespace: default namespace: default
spec: spec:
@@ -892,8 +924,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
- object: - object:
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -902,8 +934,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

102
build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-2-values.snap
View File

@@ -8,8 +8,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validations name: chartsnap-kong-validations
namespace: default namespace: default
webhooks: webhooks:
@@ -82,8 +82,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -105,9 +105,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -135,7 +135,7 @@ SnapShot = """
value: https://localhost:8444 value: https://localhost:8444
- name: CONTROLLER_PUBLISH_SERVICE - name: CONTROLLER_PUBLISH_SERVICE
value: default/chartsnap-kong-proxy value: default/chartsnap-kong-proxy
image: kong/kubernetes-ingress-controller:3.0 image: kong/kubernetes-ingress-controller:3.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -156,7 +156,7 @@ SnapShot = """
name: cmetrics name: cmetrics
protocol: TCP protocol: TCP
- containerPort: 10254 - containerPort: 10254
name: status name: cstatus
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -237,7 +237,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -347,7 +347,7 @@ SnapShot = """
value: 0.0.0.0:8100, [::]:8100 value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN - name: KONG_STREAM_LISTEN
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: clear-stale-pid name: clear-stale-pid
resources: {} resources: {}
@@ -404,8 +404,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -432,8 +432,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
rules: rules:
- apiGroups: - apiGroups:
@@ -641,6 +641,38 @@ SnapShot = """
- get - get
- list - list
- watch - watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- configuration.konghq.com - configuration.konghq.com
resources: resources:
@@ -680,8 +712,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@@ -699,8 +731,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
rules: rules:
@@ -763,8 +795,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
roleRef: roleRef:
@@ -786,8 +818,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-ca-keypair name: chartsnap-kong-validation-webhook-ca-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -802,8 +834,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-keypair name: chartsnap-kong-validation-webhook-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -824,8 +856,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -851,9 +883,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -879,8 +911,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook name: chartsnap-kong-validation-webhook
namespace: default namespace: default
spec: spec:
@@ -894,8 +926,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
- object: - object:
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -904,8 +936,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

102
build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-3-values.snap
View File

@@ -8,8 +8,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validations name: chartsnap-kong-validations
namespace: default namespace: default
webhooks: webhooks:
@@ -82,8 +82,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -105,9 +105,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -135,7 +135,7 @@ SnapShot = """
value: https://localhost:8444 value: https://localhost:8444
- name: CONTROLLER_PUBLISH_SERVICE - name: CONTROLLER_PUBLISH_SERVICE
value: default/chartsnap-kong-proxy value: default/chartsnap-kong-proxy
image: kong/kubernetes-ingress-controller:3.0 image: kong/kubernetes-ingress-controller:3.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -156,7 +156,7 @@ SnapShot = """
name: cmetrics name: cmetrics
protocol: TCP protocol: TCP
- containerPort: 10254 - containerPort: 10254
name: status name: cstatus
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -237,7 +237,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -347,7 +347,7 @@ SnapShot = """
value: 0.0.0.0:8100, [::]:8100 value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN - name: KONG_STREAM_LISTEN
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: clear-stale-pid name: clear-stale-pid
resources: {} resources: {}
@@ -404,8 +404,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -428,8 +428,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
rules: rules:
- apiGroups: - apiGroups:
@@ -637,6 +637,38 @@ SnapShot = """
- get - get
- list - list
- watch - watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- configuration.konghq.com - configuration.konghq.com
resources: resources:
@@ -676,8 +708,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@@ -695,8 +727,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
rules: rules:
@@ -759,8 +791,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
roleRef: roleRef:
@@ -782,8 +814,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-ca-keypair name: chartsnap-kong-validation-webhook-ca-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -798,8 +830,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-keypair name: chartsnap-kong-validation-webhook-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -811,8 +843,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -838,9 +870,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -866,8 +898,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook name: chartsnap-kong-validation-webhook
namespace: default namespace: default
spec: spec:
@@ -881,8 +913,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
- object: - object:
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -891,8 +923,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

102
build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-4-values.snap
View File

@@ -8,8 +8,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validations name: chartsnap-kong-validations
namespace: default namespace: default
webhooks: webhooks:
@@ -82,8 +82,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -105,9 +105,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -135,7 +135,7 @@ SnapShot = """
value: https://localhost:8444 value: https://localhost:8444
- name: CONTROLLER_PUBLISH_SERVICE - name: CONTROLLER_PUBLISH_SERVICE
value: default/chartsnap-kong-proxy value: default/chartsnap-kong-proxy
image: kong/kubernetes-ingress-controller:3.0 image: kong/kubernetes-ingress-controller:3.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -156,7 +156,7 @@ SnapShot = """
name: cmetrics name: cmetrics
protocol: TCP protocol: TCP
- containerPort: 10254 - containerPort: 10254
name: status name: cstatus
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -237,7 +237,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -347,7 +347,7 @@ SnapShot = """
value: 0.0.0.0:8100, [::]:8100 value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN - name: KONG_STREAM_LISTEN
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: clear-stale-pid name: clear-stale-pid
resources: {} resources: {}
@@ -404,8 +404,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -463,8 +463,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
rules: rules:
- apiGroups: - apiGroups:
@@ -672,6 +672,38 @@ SnapShot = """
- get - get
- list - list
- watch - watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- configuration.konghq.com - configuration.konghq.com
resources: resources:
@@ -711,8 +743,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@@ -730,8 +762,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
rules: rules:
@@ -794,8 +826,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
roleRef: roleRef:
@@ -817,8 +849,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-ca-keypair name: chartsnap-kong-validation-webhook-ca-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -833,8 +865,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-keypair name: chartsnap-kong-validation-webhook-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -864,8 +896,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -891,9 +923,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -919,8 +951,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook name: chartsnap-kong-validation-webhook
namespace: default namespace: default
spec: spec:
@@ -934,8 +966,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
- object: - object:
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -944,8 +976,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

912
build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-5-3.1-rbac-values.snap Normal file
View File

@@ -0,0 +1,912 @@
['kong-ingress-5-3.1-rbac-values']
SnapShot = """
- object:
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validations
namespace: default
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
caBundle: '###DYNAMIC_FIELD###'
service:
name: chartsnap-kong-validation-webhook
namespace: default
failurePolicy: Ignore
name: validations.kong.konghq.com
objectSelector:
matchExpressions:
- key: owner
operator: NotIn
values:
- helm
rules:
- apiGroups:
- configuration.konghq.com
apiVersions:
- '*'
operations:
- CREATE
- UPDATE
resources:
- kongconsumers
- kongplugins
- kongclusterplugins
- kongingresses
- apiGroups:
- \"\"
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- secrets
- services
- apiGroups:
- networking.k8s.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- ingresses
- apiGroups:
- gateway.networking.k8s.io
apiVersions:
- v1alpha2
- v1beta1
- v1
operations:
- CREATE
- UPDATE
resources:
- gateways
- httproutes
sideEffects: None
- object:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/name: kong
template:
metadata:
annotations:
kuma.io/gateway: enabled
kuma.io/service-account-token-volume: chartsnap-kong-token
traffic.sidecar.istio.io/includeInboundPorts: \"\"
labels:
app: chartsnap-kong
app.kubernetes.io/component: app
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
version: \"3.6\"
spec:
automountServiceAccountToken: false
containers:
- args: null
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
value: 0.0.0.0:8080
- name: CONTROLLER_ANONYMOUS_REPORTS
value: \"false\"
- name: CONTROLLER_ELECTION_ID
value: kong-ingress-controller-leader-kong
- name: CONTROLLER_INGRESS_CLASS
value: kong
- name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
value: \"true\"
- name: CONTROLLER_KONG_ADMIN_URL
value: https://localhost:8444
- name: CONTROLLER_PUBLISH_SERVICE
value: default/chartsnap-kong-proxy
image: kong/kubernetes-ingress-controller:3.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: ingress-controller
ports:
- containerPort: 8080
name: webhook
protocol: TCP
- containerPort: 10255
name: cmetrics
protocol: TCP
- containerPort: 10254
name: cstatus
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: 10254
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /admission-webhook
name: webhook-cert
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: chartsnap-kong-token
readOnly: true
- env:
- name: KONG_ADMIN_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_GUI_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_GUI_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_LISTEN
value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
- name: KONG_ANONYMOUS_REPORTS
value: \"off\"
- name: KONG_CLUSTER_LISTEN
value: \"off\"
- name: KONG_DATABASE
value: \"off\"
- name: KONG_KIC
value: \"on\"
- name: KONG_LUA_PACKAGE_PATH
value: /opt/?.lua;/opt/?/init.lua;;
- name: KONG_NGINX_WORKER_PROCESSES
value: \"2\"
- name: KONG_PORTAL_API_ACCESS_LOG
value: /dev/stdout
- name: KONG_PORTAL_API_ERROR_LOG
value: /dev/stderr
- name: KONG_PORT_MAPS
value: 80:8000, 443:8443
- name: KONG_PREFIX
value: /kong_prefix/
- name: KONG_PROXY_ACCESS_LOG
value: /dev/stdout
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
- name: KONG_PROXY_STREAM_ACCESS_LOG
value: /dev/stdout basic
- name: KONG_PROXY_STREAM_ERROR_LOG
value: /dev/stderr
- name: KONG_ROUTER_FLAVOR
value: traditional
- name: KONG_STATUS_ACCESS_LOG
value: \"off\"
- name: KONG_STATUS_ERROR_LOG
value: /dev/stderr
- name: KONG_STATUS_LISTEN
value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN
value: \"off\"
- name: KONG_NGINX_DAEMON
value: \"off\"
image: kong:3.6
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- kong
- quit
- --wait=15
livenessProbe:
failureThreshold: 3
httpGet:
path: /status
port: status
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: proxy
ports:
- containerPort: 8000
name: proxy
protocol: TCP
- containerPort: 8443
name: proxy-tls
protocol: TCP
- containerPort: 8100
name: status
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /status/ready
port: status
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /kong_prefix/
name: chartsnap-kong-prefix-dir
- mountPath: /tmp
name: chartsnap-kong-tmp
initContainers:
- command:
- rm
- -vrf
- $KONG_PREFIX/pids
env:
- name: KONG_ADMIN_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_GUI_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_GUI_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_LISTEN
value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
- name: KONG_ANONYMOUS_REPORTS
value: \"off\"
- name: KONG_CLUSTER_LISTEN
value: \"off\"
- name: KONG_DATABASE
value: \"off\"
- name: KONG_KIC
value: \"on\"
- name: KONG_LUA_PACKAGE_PATH
value: /opt/?.lua;/opt/?/init.lua;;
- name: KONG_NGINX_WORKER_PROCESSES
value: \"2\"
- name: KONG_PORTAL_API_ACCESS_LOG
value: /dev/stdout
- name: KONG_PORTAL_API_ERROR_LOG
value: /dev/stderr
- name: KONG_PORT_MAPS
value: 80:8000, 443:8443
- name: KONG_PREFIX
value: /kong_prefix/
- name: KONG_PROXY_ACCESS_LOG
value: /dev/stdout
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
- name: KONG_PROXY_STREAM_ACCESS_LOG
value: /dev/stdout basic
- name: KONG_PROXY_STREAM_ERROR_LOG
value: /dev/stderr
- name: KONG_ROUTER_FLAVOR
value: traditional
- name: KONG_STATUS_ACCESS_LOG
value: \"off\"
- name: KONG_STATUS_ERROR_LOG
value: /dev/stderr
- name: KONG_STATUS_LISTEN
value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN
value: \"off\"
image: kong:3.6
imagePullPolicy: IfNotPresent
name: clear-stale-pid
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /kong_prefix/
name: chartsnap-kong-prefix-dir
- mountPath: /tmp
name: chartsnap-kong-tmp
securityContext: {}
serviceAccountName: chartsnap-kong
terminationGracePeriodSeconds: 30
volumes:
- emptyDir:
sizeLimit: 256Mi
name: chartsnap-kong-prefix-dir
- emptyDir:
sizeLimit: 1Gi
name: chartsnap-kong-tmp
- name: chartsnap-kong-token
projected:
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
- name: webhook-cert
secret:
secretName: chartsnap-kong-validation-webhook-keypair
- object:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong
rules:
- apiGroups:
- configuration.konghq.com
resources:
- kongupstreampolicies
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongupstreampolicies/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongconsumergroups
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongconsumergroups/status
verbs:
- get
- patch
- update
- apiGroups:
- \"\"
resources:
- events
verbs:
- create
- patch
- apiGroups:
- \"\"
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- \"\"
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- \"\"
resources:
- secrets
verbs:
- list
- watch
- apiGroups:
- \"\"
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- \"\"
resources:
- services/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- ingressclassparameterses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongconsumers
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongconsumers/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongingresses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongingresses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongplugins
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongplugins/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- tcpingresses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- tcpingresses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- udpingresses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- udpingresses/status
verbs:
- get
- patch
- update
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- get
- patch
- update
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongclusterplugins
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongclusterplugins/status
verbs:
- get
- patch
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- object:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: chartsnap-kong
subjects:
- kind: ServiceAccount
name: chartsnap-kong
namespace: default
- object:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong
namespace: default
rules:
- apiGroups:
- \"\"
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- \"\"
resourceNames:
- kong-ingress-controller-leader-kong-kong
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- \"\"
resources:
- configmaps
verbs:
- create
- apiGroups:
- \"\"
- coordination.k8s.io
resources:
- configmaps
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- \"\"
resources:
- events
verbs:
- create
- patch
- apiGroups:
- \"\"
resources:
- services
verbs:
- get
- object:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: chartsnap-kong
subjects:
- kind: ServiceAccount
name: chartsnap-kong
namespace: default
- object:
apiVersion: v1
data:
tls.crt: '###DYNAMIC_FIELD###'
tls.key: '###DYNAMIC_FIELD###'
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-ca-keypair
namespace: default
type: kubernetes.io/tls
- object:
apiVersion: v1
data:
tls.crt: '###DYNAMIC_FIELD###'
tls.key: '###DYNAMIC_FIELD###'
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-keypair
namespace: default
type: kubernetes.io/tls
- object:
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager
namespace: default
spec:
ports:
- name: kong-manager
port: 8002
protocol: TCP
targetPort: 8002
- name: kong-manager-tls
port: 8445
protocol: TCP
targetPort: 8445
selector:
app.kubernetes.io/component: app
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/name: kong
type: NodePort
- object:
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy
namespace: default
spec:
ports:
- name: kong-proxy
port: 80
protocol: TCP
targetPort: 8000
- name: kong-proxy-tls
port: 443
protocol: TCP
targetPort: 8443
selector:
app.kubernetes.io/component: app
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/name: kong
type: LoadBalancer
- object:
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook
namespace: default
spec:
ports:
- name: webhook
port: 443
protocol: TCP
targetPort: webhook
selector:
app.kubernetes.io/component: app
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
- object:
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong
namespace: default
"""

908
build_system/charts/open-appsec-kong/ci/__snapshots__/proxy-appprotocol-values.snap Normal file
View File

@@ -0,0 +1,908 @@
[proxy-appprotocol-values]
SnapShot = """
- object:
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validations
namespace: default
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
caBundle: '###DYNAMIC_FIELD###'
service:
name: chartsnap-kong-validation-webhook
namespace: default
failurePolicy: Ignore
name: validations.kong.konghq.com
objectSelector:
matchExpressions:
- key: owner
operator: NotIn
values:
- helm
rules:
- apiGroups:
- configuration.konghq.com
apiVersions:
- '*'
operations:
- CREATE
- UPDATE
resources:
- kongconsumers
- kongplugins
- kongclusterplugins
- kongingresses
- apiGroups:
- \"\"
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- secrets
- services
- apiGroups:
- networking.k8s.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- ingresses
- apiGroups:
- gateway.networking.k8s.io
apiVersions:
- v1alpha2
- v1beta1
- v1
operations:
- CREATE
- UPDATE
resources:
- gateways
- httproutes
sideEffects: None
- object:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/name: kong
template:
metadata:
annotations:
kuma.io/gateway: enabled
kuma.io/service-account-token-volume: chartsnap-kong-token
traffic.sidecar.istio.io/includeInboundPorts: \"\"
labels:
app: chartsnap-kong
app.kubernetes.io/component: app
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
version: \"3.6\"
spec:
automountServiceAccountToken: false
containers:
- args: null
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
value: 0.0.0.0:8080
- name: CONTROLLER_ELECTION_ID
value: kong-ingress-controller-leader-kong
- name: CONTROLLER_INGRESS_CLASS
value: kong
- name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
value: \"true\"
- name: CONTROLLER_KONG_ADMIN_URL
value: https://localhost:8444
- name: CONTROLLER_PUBLISH_SERVICE
value: default/chartsnap-kong-proxy
image: kong/kubernetes-ingress-controller:3.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: ingress-controller
ports:
- containerPort: 8080
name: webhook
protocol: TCP
- containerPort: 10255
name: cmetrics
protocol: TCP
- containerPort: 10254
name: cstatus
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: 10254
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /admission-webhook
name: webhook-cert
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: chartsnap-kong-token
readOnly: true
- env:
- name: KONG_ADMIN_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_GUI_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_GUI_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_LISTEN
value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
- name: KONG_CLUSTER_LISTEN
value: \"off\"
- name: KONG_DATABASE
value: \"off\"
- name: KONG_KIC
value: \"on\"
- name: KONG_LUA_PACKAGE_PATH
value: /opt/?.lua;/opt/?/init.lua;;
- name: KONG_NGINX_WORKER_PROCESSES
value: \"2\"
- name: KONG_PORTAL_API_ACCESS_LOG
value: /dev/stdout
- name: KONG_PORTAL_API_ERROR_LOG
value: /dev/stderr
- name: KONG_PORT_MAPS
value: 80:8000, 443:8443
- name: KONG_PREFIX
value: /kong_prefix/
- name: KONG_PROXY_ACCESS_LOG
value: /dev/stdout
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
- name: KONG_PROXY_STREAM_ACCESS_LOG
value: /dev/stdout basic
- name: KONG_PROXY_STREAM_ERROR_LOG
value: /dev/stderr
- name: KONG_ROUTER_FLAVOR
value: traditional
- name: KONG_STATUS_ACCESS_LOG
value: \"off\"
- name: KONG_STATUS_ERROR_LOG
value: /dev/stderr
- name: KONG_STATUS_LISTEN
value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN
value: \"off\"
- name: KONG_NGINX_DAEMON
value: \"off\"
image: kong:3.6
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- kong
- quit
- --wait=15
livenessProbe:
failureThreshold: 3
httpGet:
path: /status
port: status
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: proxy
ports:
- containerPort: 8000
name: proxy
protocol: TCP
- containerPort: 8443
name: proxy-tls
protocol: TCP
- containerPort: 8100
name: status
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /status/ready
port: status
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /kong_prefix/
name: chartsnap-kong-prefix-dir
- mountPath: /tmp
name: chartsnap-kong-tmp
initContainers:
- command:
- rm
- -vrf
- $KONG_PREFIX/pids
env:
- name: KONG_ADMIN_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_GUI_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_GUI_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_LISTEN
value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
- name: KONG_CLUSTER_LISTEN
value: \"off\"
- name: KONG_DATABASE
value: \"off\"
- name: KONG_KIC
value: \"on\"
- name: KONG_LUA_PACKAGE_PATH
value: /opt/?.lua;/opt/?/init.lua;;
- name: KONG_NGINX_WORKER_PROCESSES
value: \"2\"
- name: KONG_PORTAL_API_ACCESS_LOG
value: /dev/stdout
- name: KONG_PORTAL_API_ERROR_LOG
value: /dev/stderr
- name: KONG_PORT_MAPS
value: 80:8000, 443:8443
- name: KONG_PREFIX
value: /kong_prefix/
- name: KONG_PROXY_ACCESS_LOG
value: /dev/stdout
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
- name: KONG_PROXY_STREAM_ACCESS_LOG
value: /dev/stdout basic
- name: KONG_PROXY_STREAM_ERROR_LOG
value: /dev/stderr
- name: KONG_ROUTER_FLAVOR
value: traditional
- name: KONG_STATUS_ACCESS_LOG
value: \"off\"
- name: KONG_STATUS_ERROR_LOG
value: /dev/stderr
- name: KONG_STATUS_LISTEN
value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN
value: \"off\"
image: kong:3.6
imagePullPolicy: IfNotPresent
name: clear-stale-pid
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /kong_prefix/
name: chartsnap-kong-prefix-dir
- mountPath: /tmp
name: chartsnap-kong-tmp
securityContext: {}
serviceAccountName: chartsnap-kong
terminationGracePeriodSeconds: 30
volumes:
- emptyDir:
sizeLimit: 256Mi
name: chartsnap-kong-prefix-dir
- emptyDir:
sizeLimit: 1Gi
name: chartsnap-kong-tmp
- name: chartsnap-kong-token
projected:
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
- name: webhook-cert
secret:
secretName: chartsnap-kong-validation-webhook-keypair
- object:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong
rules:
- apiGroups:
- configuration.konghq.com
resources:
- kongupstreampolicies
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongupstreampolicies/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongconsumergroups
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongconsumergroups/status
verbs:
- get
- patch
- update
- apiGroups:
- \"\"
resources:
- events
verbs:
- create
- patch
- apiGroups:
- \"\"
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- \"\"
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- \"\"
resources:
- secrets
verbs:
- list
- watch
- apiGroups:
- \"\"
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- \"\"
resources:
- services/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- ingressclassparameterses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongconsumers
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongconsumers/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongingresses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongingresses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongplugins
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongplugins/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- tcpingresses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- tcpingresses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- udpingresses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- udpingresses/status
verbs:
- get
- patch
- update
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- get
- patch
- update
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongclusterplugins
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongclusterplugins/status
verbs:
- get
- patch
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- object:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: chartsnap-kong
subjects:
- kind: ServiceAccount
name: chartsnap-kong
namespace: default
- object:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong
namespace: default
rules:
- apiGroups:
- \"\"
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- \"\"
resourceNames:
- kong-ingress-controller-leader-kong-kong
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- \"\"
resources:
- configmaps
verbs:
- create
- apiGroups:
- \"\"
- coordination.k8s.io
resources:
- configmaps
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- \"\"
resources:
- events
verbs:
- create
- patch
- apiGroups:
- \"\"
resources:
- services
verbs:
- get
- object:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: chartsnap-kong
subjects:
- kind: ServiceAccount
name: chartsnap-kong
namespace: default
- object:
apiVersion: v1
data:
tls.crt: '###DYNAMIC_FIELD###'
tls.key: '###DYNAMIC_FIELD###'
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-ca-keypair
namespace: default
type: kubernetes.io/tls
- object:
apiVersion: v1
data:
tls.crt: '###DYNAMIC_FIELD###'
tls.key: '###DYNAMIC_FIELD###'
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-keypair
namespace: default
type: kubernetes.io/tls
- object:
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager
namespace: default
spec:
ports:
- name: kong-manager
port: 8002
protocol: TCP
targetPort: 8002
- name: kong-manager-tls
port: 8445
protocol: TCP
targetPort: 8445
selector:
app.kubernetes.io/component: app
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/name: kong
type: NodePort
- object:
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy
namespace: default
spec:
ports:
- appProtocol: http
name: kong-proxy
port: 80
protocol: TCP
targetPort: 8000
- appProtocol: https
name: kong-proxy-tls
port: 443
protocol: TCP
targetPort: 8443
selector:
app.kubernetes.io/component: app
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/name: kong
type: LoadBalancer
- object:
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook
namespace: default
spec:
ports:
- name: webhook
port: 443
protocol: TCP
targetPort: webhook
selector:
app.kubernetes.io/component: app
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
- object:
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.38.0
name: chartsnap-kong
namespace: default
"""

98
build_system/charts/open-appsec-kong/ci/__snapshots__/service-account.snap
View File

@@ -8,8 +8,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validations name: chartsnap-kong-validations
namespace: default namespace: default
webhooks: webhooks:
@@ -82,8 +82,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -105,9 +105,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -135,7 +135,7 @@ SnapShot = """
value: https://localhost:8444 value: https://localhost:8444
- name: CONTROLLER_PUBLISH_SERVICE - name: CONTROLLER_PUBLISH_SERVICE
value: default/chartsnap-kong-proxy value: default/chartsnap-kong-proxy
image: kong/kubernetes-ingress-controller:3.0 image: kong/kubernetes-ingress-controller:3.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -156,7 +156,7 @@ SnapShot = """
name: cmetrics name: cmetrics
protocol: TCP protocol: TCP
- containerPort: 10254 - containerPort: 10254
name: status name: cstatus
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -237,7 +237,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -347,7 +347,7 @@ SnapShot = """
value: 0.0.0.0:8100, [::]:8100 value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN - name: KONG_STREAM_LISTEN
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: clear-stale-pid name: clear-stale-pid
resources: {} resources: {}
@@ -404,8 +404,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
rules: rules:
- apiGroups: - apiGroups:
@@ -613,6 +613,38 @@ SnapShot = """
- get - get
- list - list
- watch - watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- configuration.konghq.com - configuration.konghq.com
resources: resources:
@@ -652,8 +684,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@@ -671,8 +703,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
rules: rules:
@@ -735,8 +767,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
roleRef: roleRef:
@@ -758,8 +790,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-ca-keypair name: chartsnap-kong-validation-webhook-ca-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -774,8 +806,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-keypair name: chartsnap-kong-validation-webhook-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -787,8 +819,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -814,9 +846,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -842,8 +874,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook name: chartsnap-kong-validation-webhook
namespace: default namespace: default
spec: spec:
@@ -857,8 +889,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
- object: - object:
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -867,8 +899,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: my-kong-sa name: my-kong-sa
namespace: default namespace: default
""" """

92
build_system/charts/open-appsec-kong/ci/__snapshots__/single-image-default-values.snap
View File

@@ -8,8 +8,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validations name: chartsnap-kong-validations
namespace: default namespace: default
webhooks: webhooks:
@@ -82,8 +82,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -105,9 +105,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -158,7 +158,7 @@ SnapShot = """
name: cmetrics name: cmetrics
protocol: TCP protocol: TCP
- containerPort: 10254 - containerPort: 10254
name: status name: cstatus
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -410,8 +410,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
rules: rules:
- apiGroups: - apiGroups:
@@ -619,6 +619,38 @@ SnapShot = """
- get - get
- list - list
- watch - watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- configuration.konghq.com - configuration.konghq.com
resources: resources:
@@ -658,8 +690,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@@ -677,8 +709,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
rules: rules:
@@ -741,8 +773,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
roleRef: roleRef:
@@ -764,8 +796,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-ca-keypair name: chartsnap-kong-validation-webhook-ca-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -780,8 +812,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-keypair name: chartsnap-kong-validation-webhook-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -793,8 +825,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -820,9 +852,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -848,8 +880,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook name: chartsnap-kong-validation-webhook
namespace: default namespace: default
spec: spec:
@@ -863,8 +895,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
- object: - object:
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -873,8 +905,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

22
build_system/charts/open-appsec-kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap
View File

@@ -9,8 +9,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -32,9 +32,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -249,8 +249,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -276,9 +276,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -304,8 +304,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

106
build_system/charts/open-appsec-kong/ci/__snapshots__/test1-values.snap
View File

@@ -8,8 +8,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validations name: chartsnap-kong-validations
namespace: default namespace: default
webhooks: webhooks:
@@ -82,8 +82,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -104,10 +104,10 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
environment: test environment: test
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -139,7 +139,7 @@ SnapShot = """
value: https://localhost:8444 value: https://localhost:8444
- name: CONTROLLER_PUBLISH_SERVICE - name: CONTROLLER_PUBLISH_SERVICE
value: default/chartsnap-kong-proxy value: default/chartsnap-kong-proxy
image: kong/kubernetes-ingress-controller:3.0 image: kong/kubernetes-ingress-controller:3.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -160,7 +160,7 @@ SnapShot = """
name: cmetrics name: cmetrics
protocol: TCP protocol: TCP
- containerPort: 10254 - containerPort: 10254
name: status name: cstatus
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -252,7 +252,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -370,7 +370,7 @@ SnapShot = """
value: 0.0.0.0:8100, [::]:8100 value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN - name: KONG_STREAM_LISTEN
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: clear-stale-pid name: clear-stale-pid
resources: {} resources: {}
@@ -447,8 +447,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -473,8 +473,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -497,8 +497,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
rules: rules:
- apiGroups: - apiGroups:
@@ -706,6 +706,38 @@ SnapShot = """
- get - get
- list - list
- watch - watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- configuration.konghq.com - configuration.konghq.com
resources: resources:
@@ -745,8 +777,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@@ -764,8 +796,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
rules: rules:
@@ -828,8 +860,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
roleRef: roleRef:
@@ -851,8 +883,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-ca-keypair name: chartsnap-kong-validation-webhook-ca-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -867,8 +899,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-keypair name: chartsnap-kong-validation-webhook-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -880,8 +912,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -907,9 +939,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -935,8 +967,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook name: chartsnap-kong-validation-webhook
namespace: default namespace: default
spec: spec:
@@ -950,8 +982,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
- object: - object:
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -960,8 +992,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

152
build_system/charts/open-appsec-kong/ci/__snapshots__/test2-values.snap
View File

@@ -8,8 +8,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validations name: chartsnap-kong-validations
namespace: default namespace: default
webhooks: webhooks:
@@ -83,8 +83,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -111,9 +111,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -150,7 +150,7 @@ SnapShot = """
envFrom: envFrom:
- configMapRef: - configMapRef:
name: env-config name: env-config
image: kong/kubernetes-ingress-controller:3.0 image: kong/kubernetes-ingress-controller:3.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -171,7 +171,7 @@ SnapShot = """
name: cmetrics name: cmetrics
protocol: TCP protocol: TCP
- containerPort: 10254 - containerPort: 10254
name: status name: cstatus
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -270,7 +270,7 @@ SnapShot = """
envFrom: envFrom:
- configMapRef: - configMapRef:
name: env-config name: env-config
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -404,7 +404,7 @@ SnapShot = """
envFrom: envFrom:
- configMapRef: - configMapRef:
name: env-config name: env-config
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: clear-stale-pid name: clear-stale-pid
resources: {} resources: {}
@@ -507,7 +507,7 @@ SnapShot = """
envFrom: envFrom:
- configMapRef: - configMapRef:
name: env-config name: env-config
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: wait-for-db name: wait-for-db
resources: {} resources: {}
@@ -724,8 +724,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-init-migrations name: chartsnap-kong-init-migrations
namespace: default namespace: default
spec: spec:
@@ -740,8 +740,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: kong-init-migrations name: kong-init-migrations
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
@@ -819,7 +819,7 @@ SnapShot = """
envFrom: envFrom:
- configMapRef: - configMapRef:
name: env-config name: env-config
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: kong-migrations name: kong-migrations
resources: {} resources: {}
@@ -924,7 +924,7 @@ SnapShot = """
envFrom: envFrom:
- configMapRef: - configMapRef:
name: env-config name: env-config
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: wait-for-postgres name: wait-for-postgres
resources: {} resources: {}
@@ -977,8 +977,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-post-upgrade-migrations name: chartsnap-kong-post-upgrade-migrations
namespace: default namespace: default
spec: spec:
@@ -993,8 +993,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: kong-post-upgrade-migrations name: kong-post-upgrade-migrations
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
@@ -1072,7 +1072,7 @@ SnapShot = """
envFrom: envFrom:
- configMapRef: - configMapRef:
name: env-config name: env-config
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: kong-post-upgrade-migrations name: kong-post-upgrade-migrations
resources: {} resources: {}
@@ -1177,7 +1177,7 @@ SnapShot = """
envFrom: envFrom:
- configMapRef: - configMapRef:
name: env-config name: env-config
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: wait-for-postgres name: wait-for-postgres
resources: {} resources: {}
@@ -1232,8 +1232,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-pre-upgrade-migrations name: chartsnap-kong-pre-upgrade-migrations
namespace: default namespace: default
spec: spec:
@@ -1248,8 +1248,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: kong-pre-upgrade-migrations name: kong-pre-upgrade-migrations
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
@@ -1327,7 +1327,7 @@ SnapShot = """
envFrom: envFrom:
- configMapRef: - configMapRef:
name: env-config name: env-config
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: kong-upgrade-migrations name: kong-upgrade-migrations
resources: {} resources: {}
@@ -1432,7 +1432,7 @@ SnapShot = """
envFrom: envFrom:
- configMapRef: - configMapRef:
name: env-config name: env-config
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: wait-for-postgres name: wait-for-postgres
resources: {} resources: {}
@@ -1481,8 +1481,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -1505,10 +1505,26 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
rules: rules:
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- configuration.konghq.com - configuration.konghq.com
resources: resources:
@@ -1548,8 +1564,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@@ -1567,8 +1583,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
rules: rules:
@@ -1631,8 +1647,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-default name: chartsnap-kong-default
namespace: default namespace: default
rules: rules:
@@ -1841,6 +1857,22 @@ SnapShot = """
- get - get
- list - list
- watch - watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
- object: - object:
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
@@ -1849,8 +1881,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
roleRef: roleRef:
@@ -1869,8 +1901,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-default name: chartsnap-kong-default
namespace: default namespace: default
roleRef: roleRef:
@@ -1895,8 +1927,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-bash-wait-for-postgres name: chartsnap-kong-bash-wait-for-postgres
namespace: default namespace: default
- object: - object:
@@ -1917,8 +1949,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-ca-keypair name: chartsnap-kong-validation-webhook-ca-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -1933,8 +1965,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-keypair name: chartsnap-kong-validation-webhook-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -1961,8 +1993,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -1988,9 +2020,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -2024,8 +2056,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook name: chartsnap-kong-validation-webhook
namespace: default namespace: default
spec: spec:
@@ -2039,8 +2071,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
- object: - object:
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@@ -2099,8 +2131,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

30
build_system/charts/open-appsec-kong/ci/__snapshots__/test3-values.snap
View File

@@ -9,8 +9,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -33,9 +33,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -92,7 +92,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -208,7 +208,7 @@ SnapShot = """
value: 0.0.0.0:8100, [::]:8100 value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN - name: KONG_STREAM_LISTEN
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: clear-stale-pid name: clear-stale-pid
resources: {} resources: {}
@@ -295,8 +295,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-custom-dbless-config name: chartsnap-kong-custom-dbless-config
namespace: default namespace: default
- object: - object:
@@ -307,8 +307,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -334,9 +334,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -362,8 +362,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

34
build_system/charts/open-appsec-kong/ci/__snapshots__/test4-values.snap
View File

@@ -9,8 +9,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -33,9 +33,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -92,7 +92,7 @@ SnapShot = """
value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -212,7 +212,7 @@ SnapShot = """
value: 0.0.0.0:8100, [::]:8100 value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN - name: KONG_STREAM_LISTEN
value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: clear-stale-pid name: clear-stale-pid
resources: {} resources: {}
@@ -271,8 +271,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -304,8 +304,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-custom-dbless-config name: chartsnap-kong-custom-dbless-config
namespace: default namespace: default
- object: - object:
@@ -316,8 +316,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -343,9 +343,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -379,8 +379,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

144
build_system/charts/open-appsec-kong/ci/__snapshots__/test5-values.snap
View File

@@ -8,8 +8,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validations name: chartsnap-kong-validations
namespace: default namespace: default
webhooks: webhooks:
@@ -82,8 +82,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
spec: spec:
@@ -110,9 +110,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
version: \"3.5\" version: \"3.6\"
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
@@ -142,7 +142,7 @@ SnapShot = """
value: https://localhost:8444 value: https://localhost:8444
- name: CONTROLLER_PUBLISH_SERVICE - name: CONTROLLER_PUBLISH_SERVICE
value: default/chartsnap-kong-proxy value: default/chartsnap-kong-proxy
image: kong/kubernetes-ingress-controller:3.0 image: kong/kubernetes-ingress-controller:3.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -163,7 +163,7 @@ SnapShot = """
name: cmetrics name: cmetrics
protocol: TCP protocol: TCP
- containerPort: 10254 - containerPort: 10254
name: status name: cstatus
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -261,7 +261,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -388,7 +388,7 @@ SnapShot = """
value: 0.0.0.0:8100, [::]:8100 value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN - name: KONG_STREAM_LISTEN
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: clear-stale-pid name: clear-stale-pid
resources: {} resources: {}
@@ -477,7 +477,7 @@ SnapShot = """
value: 0.0.0.0:8100, [::]:8100 value: 0.0.0.0:8100, [::]:8100
- name: KONG_STREAM_LISTEN - name: KONG_STREAM_LISTEN
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: wait-for-db name: wait-for-db
resources: {} resources: {}
@@ -694,8 +694,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-init-migrations name: chartsnap-kong-init-migrations
namespace: default namespace: default
spec: spec:
@@ -710,8 +710,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: kong-init-migrations name: kong-init-migrations
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
@@ -788,7 +788,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: kong-migrations name: kong-migrations
resources: {} resources: {}
@@ -879,7 +879,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: wait-for-postgres name: wait-for-postgres
resources: {} resources: {}
@@ -932,8 +932,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-post-upgrade-migrations name: chartsnap-kong-post-upgrade-migrations
namespace: default namespace: default
spec: spec:
@@ -948,8 +948,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: kong-post-upgrade-migrations name: kong-post-upgrade-migrations
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
@@ -1026,7 +1026,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: kong-post-upgrade-migrations name: kong-post-upgrade-migrations
resources: {} resources: {}
@@ -1117,7 +1117,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: wait-for-postgres name: wait-for-postgres
resources: {} resources: {}
@@ -1172,8 +1172,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-pre-upgrade-migrations name: chartsnap-kong-pre-upgrade-migrations
namespace: default namespace: default
spec: spec:
@@ -1188,8 +1188,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: kong-pre-upgrade-migrations name: kong-pre-upgrade-migrations
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
@@ -1266,7 +1266,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: kong-upgrade-migrations name: kong-upgrade-migrations
resources: {} resources: {}
@@ -1357,7 +1357,7 @@ SnapShot = """
value: \"off\" value: \"off\"
- name: KONG_NGINX_DAEMON - name: KONG_NGINX_DAEMON
value: \"off\" value: \"off\"
image: kong:3.5 image: kong:3.6
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: wait-for-postgres name: wait-for-postgres
resources: {} resources: {}
@@ -1406,8 +1406,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -1430,8 +1430,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
rules: rules:
- apiGroups: - apiGroups:
@@ -1639,6 +1639,38 @@ SnapShot = """
- get - get
- list - list
- watch - watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- kongvaults/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- configuration.konghq.com - configuration.konghq.com
resources: resources:
@@ -1678,8 +1710,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@@ -1697,8 +1729,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
rules: rules:
@@ -1761,8 +1793,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
roleRef: roleRef:
@@ -1787,8 +1819,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-bash-wait-for-postgres name: chartsnap-kong-bash-wait-for-postgres
namespace: default namespace: default
- object: - object:
@@ -1802,8 +1834,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-ca-keypair name: chartsnap-kong-validation-webhook-ca-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -1818,8 +1850,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook-keypair name: chartsnap-kong-validation-webhook-keypair
namespace: default namespace: default
type: kubernetes.io/tls type: kubernetes.io/tls
@@ -1846,8 +1878,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-manager name: chartsnap-kong-manager
namespace: default namespace: default
spec: spec:
@@ -1873,9 +1905,9 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
enable-metrics: \"true\" enable-metrics: \"true\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-proxy name: chartsnap-kong-proxy
namespace: default namespace: default
spec: spec:
@@ -1901,8 +1933,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong-validation-webhook name: chartsnap-kong-validation-webhook
namespace: default namespace: default
spec: spec:
@@ -1916,8 +1948,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
- object: - object:
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@@ -1976,8 +2008,8 @@ SnapShot = """
app.kubernetes.io/instance: chartsnap app.kubernetes.io/instance: chartsnap
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong app.kubernetes.io/name: kong
app.kubernetes.io/version: \"3.5\" app.kubernetes.io/version: \"3.6\"
helm.sh/chart: kong-2.35.1 helm.sh/chart: kong-2.38.0
name: chartsnap-kong name: chartsnap-kong
namespace: default namespace: default
""" """

7
build_system/charts/open-appsec-kong/ci/kong-ingress-5-3.1-rbac-values.yaml Normal file
View File

@@ -0,0 +1,7 @@
env:
anonymous_reports: "off"
ingressController:
env:
anonymous_reports: "false"
image:
tag: "3.1.0"

7
build_system/charts/open-appsec-kong/ci/proxy-appprotocol-values.yaml Normal file
View File

@@ -0,0 +1,7 @@
# This values test that the `proxy.*.appProtocol` can be set to a custom value.
proxy:
http:
appProtocol: "http"
tls:
appProtocol: "https"

1950
build_system/charts/open-appsec-kong/crds/custom-resource-definitions.yaml
View File

File diff suppressed because it is too large Load Diff

26
build_system/charts/open-appsec-kong/templates/_helpers.tpl
View File

@@ -213,6 +213,9 @@ spec:
- name: kong-{{ .serviceName }} - name: kong-{{ .serviceName }}
port: {{ .http.servicePort }} port: {{ .http.servicePort }}
targetPort: {{ .http.containerPort }} targetPort: {{ .http.containerPort }}
{{- if .http.appProtocol }}
appProtocol: {{ .http.appProtocol }}
{{- end }}
{{- if (and (or (eq .type "LoadBalancer") (eq .type "NodePort")) (not (empty .http.nodePort))) }} {{- if (and (or (eq .type "LoadBalancer") (eq .type "NodePort")) (not (empty .http.nodePort))) }}
nodePort: {{ .http.nodePort }} nodePort: {{ .http.nodePort }}
{{- end }} {{- end }}
@@ -223,6 +226,9 @@ spec:
- name: kong-{{ .serviceName }}-tls - name: kong-{{ .serviceName }}-tls
port: {{ .tls.servicePort }} port: {{ .tls.servicePort }}
targetPort: {{ .tls.overrideServiceTargetPort | default .tls.containerPort }} targetPort: {{ .tls.overrideServiceTargetPort | default .tls.containerPort }}
{{- if .tls.appProtocol }}
appProtocol: {{ .tls.appProtocol }}
{{- end }}
{{- if (and (or (eq .type "LoadBalancer") (eq .type "NodePort")) (not (empty .tls.nodePort))) }} {{- if (and (or (eq .type "LoadBalancer") (eq .type "NodePort")) (not (empty .tls.nodePort))) }}
nodePort: {{ .tls.nodePort }} nodePort: {{ .tls.nodePort }}
{{- end }} {{- end }}
@@ -890,7 +896,7 @@ The name of the Service which will be used by the controller to update the Ingre
containerPort: 10255 containerPort: 10255
protocol: TCP protocol: TCP
{{- end }} {{- end }}
- name: status - name: cstatus
containerPort: 10254 containerPort: 10254
protocol: TCP protocol: TCP
env: env:
@@ -1647,6 +1653,24 @@ resource roles into their separate templates.
- get - get
- list - list
- watch - watch
{{- if (semverCompare ">= 3.1.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- konglicenses/status
verbs:
- get
- patch
- update
{{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*

2
build_system/charts/open-appsec-kong/templates/default-policy.yaml
View File

@@ -34,7 +34,7 @@ spec:
http-headers: false http-headers: false
request-body: false request-body: false
log-destination: log-destination:
cloud: false cloud: true
stdout: stdout:
format: json-formatted format: json-formatted
--- ---

12
build_system/charts/open-appsec-kong/values.yaml
View File

@@ -130,7 +130,7 @@ extraLabels: {}
# Specify Kong's Docker image and repository details here # Specify Kong's Docker image and repository details here
image: image:
repository: kong repository: kong
tag: "3.5" tag: "3.6"
# Kong Enterprise # Kong Enterprise
# repository: kong/kong-gateway # repository: kong/kong-gateway
# tag: "3.5" # tag: "3.5"
@@ -317,6 +317,10 @@ proxy:
parameters: parameters:
- http2 - http2
# Specify the Service's TLS port's appProtocol. This can be useful when integrating with
# external load balancers that require the `appProtocol` field to be set (e.g. GCP).
appProtocol: ""
# Define stream (TCP) listen # Define stream (TCP) listen
# To enable, remove "[]", uncomment the section below, and select your desired # To enable, remove "[]", uncomment the section below, and select your desired
# ports and parameters. Listens are dynamically named after their containerPort, # ports and parameters. Listens are dynamically named after their containerPort,
@@ -525,7 +529,7 @@ ingressController:
enabled: true enabled: true
image: image:
repository: kong/kubernetes-ingress-controller repository: kong/kubernetes-ingress-controller
tag: "3.0" tag: "3.1"
# Optionally set a semantic version for version-gated features. This can normally # Optionally set a semantic version for version-gated features. This can normally
# be left unset. You only need to set this if your tag is not a semver string, # be left unset. You only need to set this if your tag is not a semver string,
# such as when you are using a "next" tag. Set this to the effective semantic # such as when you are using a "next" tag. Set this to the effective semantic
@@ -1255,7 +1259,7 @@ appsec:
#registry: #registry:
repository: ghcr.io/openappsec repository: ghcr.io/openappsec
image: "agent" image: "agent"
tag: "1.1.5" tag: "1.1.8"
pullPolicy: Always pullPolicy: Always
securityContext: securityContext:
@@ -1269,7 +1273,7 @@ appsec:
kong: kong:
image: image:
repository: "ghcr.io/openappsec/kong-attachment" repository: "ghcr.io/openappsec/kong-attachment"
tag: "1.1.5" tag: "1.1.8"
configMapName: appsec-settings-configmap configMapName: appsec-settings-configmap
configMapContent: configMapContent:
crowdsec: crowdsec:

40
build_system/docker/entry.sh
View File

@@ -11,6 +11,7 @@ var_fog_address=
var_proxy= var_proxy=
var_mode= var_mode=
var_token= var_token=
var_ignore=
init= init=
if [ ! -f /nano-service-installers/$ORCHESTRATION_INSTALLATION_SCRIPT ]; then if [ ! -f /nano-service-installers/$ORCHESTRATION_INSTALLATION_SCRIPT ]; then
@@ -18,6 +19,10 @@ if [ ! -f /nano-service-installers/$ORCHESTRATION_INSTALLATION_SCRIPT ]; then
exit 1 exit 1
fi fi
if [ -z $1 ]; then
var_mode="--hybrid_mode"
fi
while true; do while true; do
if [ -z "$1" ]; then if [ -z "$1" ]; then
break break
@@ -27,24 +32,30 @@ while true; do
elif [ "$1" == "--proxy" ]; then elif [ "$1" == "--proxy" ]; then
shift shift
var_proxy="$1" var_proxy="$1"
elif [ "$1" == "--hybrid-mode" ]; then elif [ "$1" == "--hybrid-mode" ] || [ "$1" == "--standalone" ]; then
var_mode="--hybrid_mode" var_mode="--hybrid_mode"
elif [ "$1" == "--no-upgrade" ]; then
var_ignore="--ignore all"
elif [ "$1" == "--token" ]; then elif [ "$1" == "--token" ]; then
shift shift
var_token="$1" var_token="$1"
elif [ "$1" == "--standalone" ]; then
var_mode="--hybrid_mode"
var_token="cp-3fb5c718-5e39-47e6-8d5e-99b4bc5660b74b4b7fc8-5312-451d-a763-aaf7872703c0"
fi fi
shift shift
done done
if [ -z $var_token ]; then if [ -z $var_token ] && [ $var_mode != "--hybrid_mode" ]; then
echo "Error: Token was not provided as input argument." var_token=$(env | grep 'AGENT_TOKEN=' | cut -d'=' -f2-)
exit 1 if [ -z $var_token ]; then
echo "Error: Token was not provided as input argument."
exit 1
fi
fi fi
orchestration_service_installation_flags="--token $var_token --container_mode --skip_registration" orchestration_service_installation_flags="--container_mode --skip_registration"
if [ ! -z $var_token ]; then
export AGENT_TOKEN="$var_token"
orchestration_service_installation_flags="$orchestration_service_installation_flags --token $var_token"
fi
if [ ! -z $var_fog_address ]; then if [ ! -z $var_fog_address ]; then
orchestration_service_installation_flags="$orchestration_service_installation_flags --fog $var_fog_address" orchestration_service_installation_flags="$orchestration_service_installation_flags --fog $var_fog_address"
fi fi
@@ -55,6 +66,9 @@ fi
if [ ! -z $var_mode ]; then if [ ! -z $var_mode ]; then
orchestration_service_installation_flags="$orchestration_service_installation_flags $var_mode" orchestration_service_installation_flags="$orchestration_service_installation_flags $var_mode"
fi fi
if [ ! -z "$var_ignore" ]; then
orchestration_service_installation_flags="$orchestration_service_installation_flags $var_ignore"
fi
/nano-service-installers/$ORCHESTRATION_INSTALLATION_SCRIPT --install $orchestration_service_installation_flags /nano-service-installers/$ORCHESTRATION_INSTALLATION_SCRIPT --install $orchestration_service_installation_flags
@@ -67,7 +81,7 @@ fi
/nano-service-installers/$CACHE_INSTALLATION_SCRIPT --install /nano-service-installers/$CACHE_INSTALLATION_SCRIPT --install
/nano-service-installers/$HTTP_TRANSACTION_HANDLER_SERVICE --install /nano-service-installers/$HTTP_TRANSACTION_HANDLER_SERVICE --install
if [ ! -z $CROWDSEC_ENABLED ]; then if [ "$CROWDSEC_ENABLED" == "true" ]; then
/nano-service-installers/$INTELLIGENCE_INSTALLATION_SCRIPT --install /nano-service-installers/$INTELLIGENCE_INSTALLATION_SCRIPT --install
/nano-service-installers/$CROWDSEC_INSTALLATION_SCRIPT --install /nano-service-installers/$CROWDSEC_INSTALLATION_SCRIPT --install
fi fi
@@ -84,19 +98,19 @@ while true; do
init=true init=true
/etc/cp/watchdog/cp-nano-watchdog >/dev/null 2>&1 & /etc/cp/watchdog/cp-nano-watchdog >/dev/null 2>&1 &
sleep 5 sleep 5
active_watchdog_pid=$(pgrep -f -x -o "/bin/bash /etc/cp/watchdog/cp-nano-watchdog") active_watchdog_pid=$(pgrep -f -x -o "/bin/(bash|sh) /etc/cp/watchdog/cp-nano-watchdog")
fi fi
current_watchdog_pid=$(pgrep -f -x -o "/bin/bash /etc/cp/watchdog/cp-nano-watchdog") current_watchdog_pid=$(pgrep -f -x -o "/bin/(bash|sh) /etc/cp/watchdog/cp-nano-watchdog")
if [ ! -f /tmp/restart_watchdog ] && [ "$current_watchdog_pid" != "$active_watchdog_pid" ]; then if [ ! -f /tmp/restart_watchdog ] && [ "$current_watchdog_pid" != "$active_watchdog_pid" ]; then
echo "Error: Watchdog exited abnormally" echo "Error: Watchdog exited abnormally"
exit 1 exit 1
elif [ -f /tmp/restart_watchdog ]; then elif [ -f /tmp/restart_watchdog ]; then
rm -f /tmp/restart_watchdog rm -f /tmp/restart_watchdog
kill -9 "$(pgrep -f -x -o "/bin/bash /etc/cp/watchdog/cp-nano-watchdog")" kill -9 "$(pgrep -f -x -o "/bin/(bash|sh) /etc/cp/watchdog/cp-nano-watchdog")"
/etc/cp/watchdog/cp-nano-watchdog >/dev/null 2>&1 & /etc/cp/watchdog/cp-nano-watchdog >/dev/null 2>&1 &
sleep 5 sleep 5
active_watchdog_pid=$(pgrep -f -x -o "/bin/bash /etc/cp/watchdog/cp-nano-watchdog") active_watchdog_pid=$(pgrep -f -x -o "/bin/(bash|sh) /etc/cp/watchdog/cp-nano-watchdog")
fi fi
sleep 5 sleep 5

165465
build_system/docker/install-cp-agent-intelligence-service.sh
View File

File diff suppressed because one or more lines are too long

43378
build_system/docker/install-cp-crowdsec-aux.sh
View File

File diff suppressed because one or more lines are too long

4
components/CMakeLists.txt
View File

@@ -1,12 +1,10 @@
add_subdirectory(report_messaging)
add_subdirectory(http_manager) add_subdirectory(http_manager)
add_subdirectory(generic_rulebase)
add_subdirectory(signal_handler) add_subdirectory(signal_handler)
add_subdirectory(gradual_deployment) add_subdirectory(gradual_deployment)
add_subdirectory(packet) add_subdirectory(packet)
add_subdirectory(pending_key) add_subdirectory(pending_key)
add_subdirectory(health_check_manager)
add_subdirectory(utils) add_subdirectory(utils)
add_subdirectory(attachment-intakers) add_subdirectory(attachment-intakers)
add_subdirectory(security_apps) add_subdirectory(security_apps)
add_subdirectory(nginx_message_reader)

16
components/attachment-intakers/attachment_registrator/attachment_registrator.cc
View File

@@ -39,6 +39,8 @@ USE_DEBUG_FLAG(D_ATTACHMENT_REGISTRATION);
using namespace std; using namespace std;
static const AlertInfo alert(AlertTeam::CORE, "attachment registrator");
class AttachmentRegistrator::Impl class AttachmentRegistrator::Impl
{ {
public: public:
@@ -163,7 +165,7 @@ private:
break; break;
} }
default: default:
dbgAssert(false) << "Unsupported Attachment " << static_cast<int>(type); dbgAssert(false) << alert << "Unsupported Attachment " << static_cast<int>(type);
} }
if (!family_id.empty()) handler_path << family_id << "_"; if (!family_id.empty()) handler_path << family_id << "_";
@@ -175,7 +177,9 @@ private:
string string
genRegCommand(const string &family_id, const uint num_of_members, const AttachmentType type) const genRegCommand(const string &family_id, const uint num_of_members, const AttachmentType type) const
{ {
dbgAssert(num_of_members > 0) << "Failed to generate a registration command for an empty group of attachments"; dbgAssert(num_of_members > 0)
<< alert
<< "Failed to generate a registration command for an empty group of attachments";
static const string registration_format = "/etc/cp/watchdog/cp-nano-watchdog --register "; static const string registration_format = "/etc/cp/watchdog/cp-nano-watchdog --register ";
stringstream registration_command; stringstream registration_command;
@@ -187,7 +191,7 @@ private:
break; break;
} }
default: default:
dbgAssert(false) << "Unsupported Attachment " << static_cast<int>(type); dbgAssert(false) << alert << "Unsupported Attachment " << static_cast<int>(type);
} }
if (!family_id.empty()) registration_command << " --family " << family_id; if (!family_id.empty()) registration_command << " --family " << family_id;
@@ -265,7 +269,7 @@ private:
return -1; return -1;
} }
dbgAssert(new_socket.unpack() > 0) << "Generated socket is OK yet negative"; dbgAssert(new_socket.unpack() > 0) << alert << "Generated socket is OK yet negative";
return new_socket.unpack(); return new_socket.unpack();
} }
@@ -281,7 +285,7 @@ private:
} }
I_Socket::socketFd client_socket = accepted_socket.unpack(); I_Socket::socketFd client_socket = accepted_socket.unpack();
dbgAssert(client_socket > 0) << "Generated client socket is OK yet negative"; dbgAssert(client_socket > 0) << alert << "Generated client socket is OK yet negative";
auto close_socket_on_exit = make_scope_exit([&]() { i_socket->closeSocket(client_socket); }); auto close_socket_on_exit = make_scope_exit([&]() { i_socket->closeSocket(client_socket); });
Maybe<uint8_t> attachment_id = readNumericParam(client_socket); Maybe<uint8_t> attachment_id = readNumericParam(client_socket);
@@ -375,7 +379,7 @@ private:
} }
I_Socket::socketFd client_socket = accepted_socket.unpack(); I_Socket::socketFd client_socket = accepted_socket.unpack();
dbgAssert(client_socket > 0) << "Generated client socket is OK yet negative"; dbgAssert(client_socket > 0) << alert << "Generated client socket is OK yet negative";
auto close_socket_on_exit = make_scope_exit([&]() { i_socket->closeSocket(client_socket); }); auto close_socket_on_exit = make_scope_exit([&]() { i_socket->closeSocket(client_socket); });
Maybe<AttachmentType> attachment_type = readAttachmentType(client_socket); Maybe<AttachmentType> attachment_type = readAttachmentType(client_socket);

70
components/attachment-intakers/nginx_attachment/nginx_attachment.cc
View File

@@ -31,6 +31,7 @@
#include <stdarg.h> #include <stdarg.h>
#include <boost/range/iterator_range.hpp> #include <boost/range/iterator_range.hpp>
#include <boost/algorithm/string.hpp>
#include <boost/regex.hpp> #include <boost/regex.hpp>
#include "nginx_attachment_config.h" #include "nginx_attachment_config.h"
@@ -76,6 +77,7 @@ using namespace std;
using ChunkType = ngx_http_chunk_type_e; using ChunkType = ngx_http_chunk_type_e;
static const uint32_t corrupted_session_id = CORRUPTED_SESSION_ID; static const uint32_t corrupted_session_id = CORRUPTED_SESSION_ID;
static const AlertInfo alert(AlertTeam::CORE, "nginx attachment");
class FailopenModeListener : public Listener<FailopenModeEvent> class FailopenModeListener : public Listener<FailopenModeEvent>
{ {
@@ -259,6 +261,22 @@ public:
); );
} }
const char* ignored_headers_env = getenv("SAAS_IGNORED_UPSTREAM_HEADERS");
if (ignored_headers_env) {
string ignored_headers_str = ignored_headers_env;
ignored_headers_str = NGEN::Strings::trim(ignored_headers_str);
if (!ignored_headers_str.empty()) {
dbgInfo(D_HTTP_MANAGER)
<< "Ignoring SAAS_IGNORED_UPSTREAM_HEADERS environment variable: "
<< ignored_headers_str;
vector<string> ignored_headers_vec;
boost::split(ignored_headers_vec, ignored_headers_str, boost::is_any_of(";"));
for (const string &header : ignored_headers_vec) ignored_headers.insert(header);
}
}
dbgInfo(D_NGINX_ATTACHMENT) << "Successfully initialized NGINX Attachment"; dbgInfo(D_NGINX_ATTACHMENT) << "Successfully initialized NGINX Attachment";
} }
@@ -410,7 +428,10 @@ private:
bool bool
registerAttachmentProcess(uint32_t nginx_user_id, uint32_t nginx_group_id, I_Socket::socketFd new_socket) registerAttachmentProcess(uint32_t nginx_user_id, uint32_t nginx_group_id, I_Socket::socketFd new_socket)
{ {
dbgAssert(server_sock > 0) << "Registration attempt occurred while registration socket is uninitialized"; dbgAssert(server_sock > 0)
<< alert
<< "Registration attempt occurred while registration socket is uninitialized";
#ifdef FAILURE_TEST #ifdef FAILURE_TEST
bool did_fail_on_purpose = false; bool did_fail_on_purpose = false;
#endif #endif
@@ -802,10 +823,10 @@ private:
case ChunkType::HOLD_DATA: case ChunkType::HOLD_DATA:
return "HOLD_DATA"; return "HOLD_DATA";
case ChunkType::COUNT: case ChunkType::COUNT:
dbgAssert(false) << "Invalid 'COUNT' ChunkType"; dbgAssert(false) << alert << "Invalid 'COUNT' ChunkType";
return ""; return "";
} }
dbgAssert(false) << "ChunkType was not handled by the switch case"; dbgAssert(false) << alert << "ChunkType was not handled by the switch case";
return ""; return "";
} }
@@ -1030,7 +1051,11 @@ private:
case ChunkType::REQUEST_START: case ChunkType::REQUEST_START:
return handleStartTransaction(data, opaque); return handleStartTransaction(data, opaque);
case ChunkType::REQUEST_HEADER: case ChunkType::REQUEST_HEADER:
return handleMultiModifiableChunks(NginxParser::parseRequestHeaders(data), "request header", true); return handleMultiModifiableChunks(
NginxParser::parseRequestHeaders(data, ignored_headers),
"request header",
true
);
case ChunkType::REQUEST_BODY: case ChunkType::REQUEST_BODY:
return handleModifiableChunk(NginxParser::parseRequestBody(data), "request body", true); return handleModifiableChunk(NginxParser::parseRequestBody(data), "request body", true);
case ChunkType::REQUEST_END: { case ChunkType::REQUEST_END: {
@@ -1131,18 +1156,26 @@ private:
"webUserResponse" "webUserResponse"
); );
bool remove_event_id_param =
getProfileAgentSettingWithDefault<string>("false", "nginxAttachment.removeRedirectEventId") == "true";
string uuid; string uuid;
string redirectUrl;
if (i_transaction_table->hasState<NginxAttachmentOpaque>()) { if (i_transaction_table->hasState<NginxAttachmentOpaque>()) {
NginxAttachmentOpaque &opaque = i_transaction_table->getState<NginxAttachmentOpaque>(); NginxAttachmentOpaque &opaque = i_transaction_table->getState<NginxAttachmentOpaque>();
uuid = opaque.getSessionUUID(); uuid = opaque.getSessionUUID();
} }
web_response_data.uuid_size = web_response_data.uuid_size = uuid.size();
string("Incident Id: ").length() + uuid.size();
if (web_trigger_conf.getDetailsLevel() == "Redirect") { if (web_trigger_conf.getDetailsLevel() == "Redirect") {
web_response_data.response_data.redirect_data.redirect_location_size = web_response_data.response_data.redirect_data.redirect_location_size =
web_trigger_conf.getRedirectURL().size(); web_trigger_conf.getRedirectURL().size();
web_response_data.response_data.redirect_data.add_event_id = web_trigger_conf.getAddEventId() ? 1 : 0; bool add_event = web_trigger_conf.getAddEventId();
if (add_event && !remove_event_id_param) {
web_response_data.response_data.redirect_data.redirect_location_size +=
strlen("?event_id=") + uuid.size();
}
web_response_data.response_data.redirect_data.add_event_id = add_event ? 1 : 0;
web_response_data.web_repsonse_type = static_cast<uint8_t>(ngx_web_response_type_e::REDIRECT_WEB_RESPONSE); web_response_data.web_repsonse_type = static_cast<uint8_t>(ngx_web_response_type_e::REDIRECT_WEB_RESPONSE);
} else { } else {
web_response_data.response_data.custom_response_data.title_size = web_response_data.response_data.custom_response_data.title_size =
@@ -1156,8 +1189,13 @@ private:
verdict_data_sizes.push_back(sizeof(ngx_http_cp_web_response_data_t)); verdict_data_sizes.push_back(sizeof(ngx_http_cp_web_response_data_t));
if (web_trigger_conf.getDetailsLevel() == "Redirect") { if (web_trigger_conf.getDetailsLevel() == "Redirect") {
verdict_data.push_back(reinterpret_cast<const char *>(web_trigger_conf.getRedirectURL().data())); redirectUrl = web_trigger_conf.getRedirectURL();
verdict_data_sizes.push_back(web_trigger_conf.getRedirectURL().size()); if (!remove_event_id_param && web_trigger_conf.getAddEventId()) {
redirectUrl += "?event-id=" + uuid;
}
verdict_data.push_back(reinterpret_cast<const char *>(redirectUrl.data()));
verdict_data_sizes.push_back(redirectUrl.size());
} else { } else {
verdict_data.push_back(reinterpret_cast<const char *>(web_trigger_conf.getResponseTitle().data())); verdict_data.push_back(reinterpret_cast<const char *>(web_trigger_conf.getResponseTitle().data()));
verdict_data_sizes.push_back(web_trigger_conf.getResponseTitle().size()); verdict_data_sizes.push_back(web_trigger_conf.getResponseTitle().size());
@@ -1583,7 +1621,7 @@ private:
case WAIT: case WAIT:
return "WAIT"; return "WAIT";
} }
dbgAssert(false) << "Invalid EventVerdict enum: " << static_cast<int>(verdict.getVerdict()); dbgAssert(false) << alert << "Invalid EventVerdict enum: " << static_cast<int>(verdict.getVerdict());
return string(); return string();
} }
@@ -1634,13 +1672,14 @@ private:
return false; return false;
} }
dbgAssert(sock.unpack() > 0) << "The generated server socket is OK, yet negative"; dbgAssert(sock.unpack() > 0) << alert << "The generated server socket is OK, yet negative";
server_sock = sock.unpack(); server_sock = sock.unpack();
I_MainLoop::Routine accept_attachment_routine = I_MainLoop::Routine accept_attachment_routine =
[this] () [this] ()
{ {
dbgAssert(inst_awareness->getUniqueID().ok()) dbgAssert(inst_awareness->getUniqueID().ok())
<< alert
<< "NGINX attachment Initialized without Instance Awareness"; << "NGINX attachment Initialized without Instance Awareness";
bool did_fail_on_purpose = false; bool did_fail_on_purpose = false;
@@ -1653,7 +1692,7 @@ private:
<< (did_fail_on_purpose ? "Intentional Failure" : new_sock.getErr()); << (did_fail_on_purpose ? "Intentional Failure" : new_sock.getErr());
return; return;
} }
dbgAssert(new_sock.unpack() > 0) << "The generated client socket is OK, yet negative"; dbgAssert(new_sock.unpack() > 0) << alert << "The generated client socket is OK, yet negative";
I_Socket::socketFd new_attachment_socket = new_sock.unpack(); I_Socket::socketFd new_attachment_socket = new_sock.unpack();
Maybe<string> uid = getUidFromSocket(new_attachment_socket); Maybe<string> uid = getUidFromSocket(new_attachment_socket);
@@ -1699,7 +1738,7 @@ private:
} }
}; };
mainloop->addFileRoutine( mainloop->addFileRoutine(
I_MainLoop::RoutineType::RealTime, I_MainLoop::RoutineType::System,
server_sock, server_sock,
accept_attachment_routine, accept_attachment_routine,
"Nginx Attachment registration listener", "Nginx Attachment registration listener",
@@ -1712,7 +1751,9 @@ private:
Maybe<string> Maybe<string>
getUidFromSocket(I_Socket::socketFd new_attachment_socket) getUidFromSocket(I_Socket::socketFd new_attachment_socket)
{ {
dbgAssert(server_sock > 0) << "Registration attempt occurred while registration socket is uninitialized"; dbgAssert(server_sock > 0)
<< alert
<< "Registration attempt occurred while registration socket is uninitialized";
bool did_fail_on_purpose = false; bool did_fail_on_purpose = false;
DELAY_IF_NEEDED(IntentionalFailureHandler::FailureType::ReceiveDataFromSocket); DELAY_IF_NEEDED(IntentionalFailureHandler::FailureType::ReceiveDataFromSocket);
@@ -1794,6 +1835,7 @@ private:
HttpAttachmentConfig attachment_config; HttpAttachmentConfig attachment_config;
I_MainLoop::RoutineID attachment_routine_id = 0; I_MainLoop::RoutineID attachment_routine_id = 0;
bool traffic_indicator = false; bool traffic_indicator = false;
unordered_set<string> ignored_headers;
// Interfaces // Interfaces
I_Socket *i_socket = nullptr; I_Socket *i_socket = nullptr;

48
components/attachment-intakers/nginx_attachment/nginx_attachment_config.cc
View File

@@ -42,6 +42,7 @@ HttpAttachmentConfig::init()
setNumOfNginxIpcElements(); setNumOfNginxIpcElements();
setDebugByContextValues(); setDebugByContextValues();
setKeepAliveIntervalMsec(); setKeepAliveIntervalMsec();
setRetriesForVerdict();
} }
bool bool
@@ -202,6 +203,13 @@ HttpAttachmentConfig::setFailOpenTimeout()
"NGINX wait thread timeout msec" "NGINX wait thread timeout msec"
)); ));
conf_data.setNumericalValue("remove_server_header", getAttachmentConf<uint>(
0,
"agent.removeServerHeader.nginxModule",
"HTTP manager",
"Response server header removal"
));
uint inspection_mode = getAttachmentConf<uint>( uint inspection_mode = getAttachmentConf<uint>(
static_cast<uint>(ngx_http_inspection_mode_e::NON_BLOCKING_THREAD), static_cast<uint>(ngx_http_inspection_mode_e::NON_BLOCKING_THREAD),
"agent.inspectionMode.nginxModule", "agent.inspectionMode.nginxModule",
@@ -215,6 +223,46 @@ HttpAttachmentConfig::setFailOpenTimeout()
conf_data.setNumericalValue("nginx_inspection_mode", inspection_mode); conf_data.setNumericalValue("nginx_inspection_mode", inspection_mode);
} }
void
HttpAttachmentConfig::setRetriesForVerdict()
{
conf_data.setNumericalValue("min_retries_for_verdict", getAttachmentConf<uint>(
3,
"agent.minRetriesForVerdict.nginxModule",
"HTTP manager",
"Min retries for verdict"
));
conf_data.setNumericalValue("max_retries_for_verdict", getAttachmentConf<uint>(
15,
"agent.maxRetriesForVerdict.nginxModule",
"HTTP manager",
"Max retries for verdict"
));
conf_data.setNumericalValue("hold_verdict_retries", getAttachmentConf<uint>(
3,
"agent.retriesForHoldVerdict.nginxModule",
"HTTP manager",
"Retries for hold verdict"
));
conf_data.setNumericalValue("hold_verdict_polling_time", getAttachmentConf<uint>(
1,
"agent.holdVerdictPollingInterval.nginxModule",
"HTTP manager",
"Hold verdict polling interval seconds"
));
conf_data.setNumericalValue("body_size_trigger", getAttachmentConf<uint>(
200000,
"agent.reqBodySizeTrigger.nginxModule",
"HTTP manager",
"Request body size trigger"
));
}
void void
HttpAttachmentConfig::setFailOpenWaitMode() HttpAttachmentConfig::setFailOpenWaitMode()
{ {

2
components/attachment-intakers/nginx_attachment/nginx_attachment_config.h
View File

@@ -70,6 +70,8 @@ private:
void setDebugByContextValues(); void setDebugByContextValues();
void setRetriesForVerdict();
WebTriggerConf web_trigger_conf; WebTriggerConf web_trigger_conf;
HttpAttachmentConfiguration conf_data; HttpAttachmentConfiguration conf_data;
}; };

47
components/attachment-intakers/nginx_attachment/nginx_attachment_opaque.cc
View File

@@ -19,12 +19,15 @@
#include "config.h" #include "config.h"
#include "virtual_modifiers.h" #include "virtual_modifiers.h"
#include "agent_core_utilities.h"
using namespace std; using namespace std;
using namespace boost::uuids; using namespace boost::uuids;
USE_DEBUG_FLAG(D_HTTP_MANAGER); USE_DEBUG_FLAG(D_HTTP_MANAGER);
extern bool is_keep_alive_ctx;
NginxAttachmentOpaque::NginxAttachmentOpaque(HttpTransactionData _transaction_data) NginxAttachmentOpaque::NginxAttachmentOpaque(HttpTransactionData _transaction_data)
: :
TableOpaqueSerialize<NginxAttachmentOpaque>(this), TableOpaqueSerialize<NginxAttachmentOpaque>(this),
@@ -119,3 +122,47 @@ NginxAttachmentOpaque::setSavedData(const string &name, const string &data, EnvK
saved_data[name] = data; saved_data[name] = data;
ctx.registerValue(name, data, log_ctx); ctx.registerValue(name, data, log_ctx);
} }
bool
NginxAttachmentOpaque::setKeepAliveCtx(const string &hdr_key, const string &hdr_val)
{
if (!is_keep_alive_ctx) return false;
static pair<string, string> keep_alive_hdr;
static bool keep_alive_hdr_initialized = false;
if (keep_alive_hdr_initialized) {
if (!keep_alive_hdr.first.empty() && hdr_key == keep_alive_hdr.first && hdr_val == keep_alive_hdr.second) {
dbgTrace(D_HTTP_MANAGER) << "Registering keep alive context";
ctx.registerValue("keep_alive_request_ctx", true);
return true;
}
return false;
}
const char* saas_keep_alive_hdr_name_env = getenv("SAAS_KEEP_ALIVE_HDR_NAME");
if (saas_keep_alive_hdr_name_env) {
keep_alive_hdr.first = NGEN::Strings::trim(saas_keep_alive_hdr_name_env);
dbgInfo(D_HTTP_MANAGER) << "Using SAAS_KEEP_ALIVE_HDR_NAME environment variable: " << keep_alive_hdr.first;
}
if (!keep_alive_hdr.first.empty()) {
const char* saas_keep_alive_hdr_value_env = getenv("SAAS_KEEP_ALIVE_HDR_VALUE");
if (saas_keep_alive_hdr_value_env) {
keep_alive_hdr.second = NGEN::Strings::trim(saas_keep_alive_hdr_value_env);
dbgInfo(D_HTTP_MANAGER)
<< "Using SAAS_KEEP_ALIVE_HDR_VALUE environment variable: "
<< keep_alive_hdr.second;
}
if (!keep_alive_hdr.second.empty() && (hdr_key == keep_alive_hdr.first && hdr_val == keep_alive_hdr.second)) {
dbgTrace(D_HTTP_MANAGER) << "Registering keep alive context";
ctx.registerValue("keep_alive_request_ctx", true);
keep_alive_hdr_initialized = true;
return true;
}
}
keep_alive_hdr_initialized = true;
return false;
}

1
components/attachment-intakers/nginx_attachment/nginx_attachment_opaque.h
View File

@@ -85,6 +85,7 @@ public:
EnvKeyAttr::LogSection log_ctx = EnvKeyAttr::LogSection::NONE EnvKeyAttr::LogSection log_ctx = EnvKeyAttr::LogSection::NONE
); );
void setApplicationState(const ApplicationState &app_state) { application_state = app_state; } void setApplicationState(const ApplicationState &app_state) { application_state = app_state; }
bool setKeepAliveCtx(const std::string &hdr_key, const std::string &hdr_val);
private: private:
CompressionStream *response_compression_stream; CompressionStream *response_compression_stream;

45
components/attachment-intakers/nginx_attachment/nginx_parser.cc
View File

@@ -29,6 +29,7 @@ USE_DEBUG_FLAG(D_NGINX_ATTACHMENT_PARSER);
Buffer NginxParser::tenant_header_key = Buffer(); Buffer NginxParser::tenant_header_key = Buffer();
static const Buffer proxy_ip_header_key("X-Forwarded-For", 15, Buffer::MemoryType::STATIC); static const Buffer proxy_ip_header_key("X-Forwarded-For", 15, Buffer::MemoryType::STATIC);
static const Buffer source_ip("sourceip", 8, Buffer::MemoryType::STATIC); static const Buffer source_ip("sourceip", 8, Buffer::MemoryType::STATIC);
bool is_keep_alive_ctx = getenv("SAAS_KEEP_ALIVE_HDR_NAME") != nullptr;
map<Buffer, CompressionType> NginxParser::content_encodings = { map<Buffer, CompressionType> NginxParser::content_encodings = {
{Buffer("identity"), CompressionType::NO_COMPRESSION}, {Buffer("identity"), CompressionType::NO_COMPRESSION},
@@ -177,22 +178,54 @@ getActivetenantAndProfile(const string &str, const string &deli = ",")
} }
Maybe<vector<HttpHeader>> Maybe<vector<HttpHeader>>
NginxParser::parseRequestHeaders(const Buffer &data) NginxParser::parseRequestHeaders(const Buffer &data, const unordered_set<string> &ignored_headers)
{ {
auto parsed_headers = genHeaders(data); auto maybe_parsed_headers = genHeaders(data);
if (!parsed_headers.ok()) return parsed_headers.passErr(); if (!maybe_parsed_headers.ok()) return maybe_parsed_headers.passErr();
auto i_transaction_table = Singleton::Consume<I_TableSpecific<SessionID>>::by<NginxAttachment>(); auto i_transaction_table = Singleton::Consume<I_TableSpecific<SessionID>>::by<NginxAttachment>();
auto parsed_headers = maybe_parsed_headers.unpack();
NginxAttachmentOpaque &opaque = i_transaction_table->getState<NginxAttachmentOpaque>();
for (const HttpHeader &header : *parsed_headers) { if (is_keep_alive_ctx || !ignored_headers.empty()) {
bool is_last_header_removed = false;
parsed_headers.erase(
remove_if(
parsed_headers.begin(),
parsed_headers.end(),
[&opaque, &is_last_header_removed, &ignored_headers](const HttpHeader &header)
{
string hdr_key = static_cast<string>(header.getKey());
string hdr_val = static_cast<string>(header.getValue());
if (
opaque.setKeepAliveCtx(hdr_key, hdr_val)
|| ignored_headers.find(hdr_key) != ignored_headers.end()
) {
dbgTrace(D_NGINX_ATTACHMENT_PARSER) << "Header was removed from headers list: " << hdr_key;
if (header.isLastHeader()) {
dbgTrace(D_NGINX_ATTACHMENT_PARSER) << "Last header was removed from headers list";
is_last_header_removed = true;
}
return true;
}
return false;
}
),
parsed_headers.end()
);
if (is_last_header_removed) {
dbgTrace(D_NGINX_ATTACHMENT_PARSER) << "Adjusting last header flag";
if (!parsed_headers.empty()) parsed_headers.back().setIsLastHeader();
}
}
for (const HttpHeader &header : parsed_headers) {
auto source_identifiers = getConfigurationWithDefault<UsersAllIdentifiersConfig>( auto source_identifiers = getConfigurationWithDefault<UsersAllIdentifiersConfig>(
UsersAllIdentifiersConfig(), UsersAllIdentifiersConfig(),
"rulebase", "rulebase",
"usersIdentifiers" "usersIdentifiers"
); );
source_identifiers.parseRequestHeaders(header); source_identifiers.parseRequestHeaders(header);
NginxAttachmentOpaque &opaque = i_transaction_table->getState<NginxAttachmentOpaque>();
opaque.addToSavedData( opaque.addToSavedData(
HttpTransactionData::req_headers, HttpTransactionData::req_headers,
static_cast<string>(header.getKey()) + ": " + static_cast<string>(header.getValue()) + "\r\n" static_cast<string>(header.getKey()) + ": " + static_cast<string>(header.getValue()) + "\r\n"

5
components/attachment-intakers/nginx_attachment/nginx_parser.h
View File

@@ -28,7 +28,10 @@ public:
static Maybe<HttpTransactionData> parseStartTrasaction(const Buffer &data); static Maybe<HttpTransactionData> parseStartTrasaction(const Buffer &data);
static Maybe<ResponseCode> parseResponseCode(const Buffer &data); static Maybe<ResponseCode> parseResponseCode(const Buffer &data);
static Maybe<uint64_t> parseContentLength(const Buffer &data); static Maybe<uint64_t> parseContentLength(const Buffer &data);
static Maybe<std::vector<HttpHeader>> parseRequestHeaders(const Buffer &data); static Maybe<std::vector<HttpHeader>> parseRequestHeaders(
const Buffer &data,
const std::unordered_set<std::string> &ignored_headers
);
static Maybe<std::vector<HttpHeader>> parseResponseHeaders(const Buffer &data); static Maybe<std::vector<HttpHeader>> parseResponseHeaders(const Buffer &data);
static Maybe<HttpBody> parseRequestBody(const Buffer &data); static Maybe<HttpBody> parseRequestBody(const Buffer &data);
static Maybe<HttpBody> parseResponseBody(const Buffer &raw_response_body, CompressionStream *compression_stream); static Maybe<HttpBody> parseResponseBody(const Buffer &raw_response_body, CompressionStream *compression_stream);

54
components/attachment-intakers/nginx_attachment/user_identifiers_config.cc
View File

@@ -282,21 +282,39 @@ isIpTrusted(const string &value, const vector<CIDRSData> &cidr_values)
} }
Maybe<string> Maybe<string>
UsersAllIdentifiersConfig::parseXForwardedFor(const string &str) const UsersAllIdentifiersConfig::parseXForwardedFor(const string &str, ExtractType type) const
{ {
vector<string> header_values = split(str); vector<string> header_values = split(str);
if (header_values.empty()) return genError("No IP found in the xff header list"); if (header_values.empty()) return genError("No IP found in the xff header list");
vector<string> xff_values = getHeaderValuesFromConfig("x-forwarded-for"); vector<string> xff_values = getHeaderValuesFromConfig("x-forwarded-for");
vector<CIDRSData> cidr_values(xff_values.begin(), xff_values.end()); vector<CIDRSData> cidr_values(xff_values.begin(), xff_values.end());
string last_valid_ip;
for (const string &value : header_values) { for (auto it = header_values.rbegin(); it != header_values.rend() - 1; ++it) {
if (!IPAddr::createIPAddr(value).ok()) { if (!IPAddr::createIPAddr(*it).ok()) {
dbgWarning(D_NGINX_ATTACHMENT_PARSER) << "Invalid IP address found in the xff header IPs list: " << value; dbgWarning(D_NGINX_ATTACHMENT_PARSER) << "Invalid IP address found in the xff header IPs list: " << *it;
return genError("Invalid IP address"); if (last_valid_ip.empty()) {
return genError("Invalid IP address");
}
return last_valid_ip;
} }
if (!isIpTrusted(value, cidr_values)) return genError("Untrusted Ip found"); last_valid_ip = *it;
if (type == ExtractType::PROXYIP) continue;
if (!isIpTrusted(*it, cidr_values)) {
dbgDebug(D_NGINX_ATTACHMENT_PARSER) << "Found untrusted IP in the xff header IPs list: " << *it;
return *it;
}
}
if (!IPAddr::createIPAddr(header_values[0]).ok()) {
dbgWarning(D_NGINX_ATTACHMENT_PARSER)
<< "Invalid IP address found in the xff header IPs list: "
<< header_values[0];
if (last_valid_ip.empty()) {
return genError("No Valid Ip address was found");
}
return last_valid_ip;
} }
return header_values[0]; return header_values[0];
@@ -306,22 +324,28 @@ UsersAllIdentifiersConfig::parseXForwardedFor(const string &str) const
void void
UsersAllIdentifiersConfig::setXFFValuesToOpaqueCtx(const HttpHeader &header, ExtractType type) const UsersAllIdentifiersConfig::setXFFValuesToOpaqueCtx(const HttpHeader &header, ExtractType type) const
{ {
auto value = parseXForwardedFor(header.getValue()); auto i_transaction_table = Singleton::Consume<I_TableSpecific<SessionID>>::by<NginxAttachment>();
if (!i_transaction_table || !i_transaction_table->hasState<NginxAttachmentOpaque>()) {
dbgTrace(D_NGINX_ATTACHMENT_PARSER) << "Can't get the transaction table";
return;
}
NginxAttachmentOpaque &opaque = i_transaction_table->getState<NginxAttachmentOpaque>();
auto value = parseXForwardedFor(header.getValue(), type);
if (!value.ok()) { if (!value.ok()) {
dbgTrace(D_NGINX_ATTACHMENT_PARSER) << "Could not extract source identifier from X-Forwarded-For header"; dbgTrace(D_NGINX_ATTACHMENT_PARSER) << "Could not extract source identifier from X-Forwarded-For header";
return; return;
}; };
auto i_transaction_table = Singleton::Consume<I_TableSpecific<SessionID>>::by<NginxAttachment>();
if (!i_transaction_table || !i_transaction_table->hasState<NginxAttachmentOpaque>()) {
dbgDebug(D_NGINX_ATTACHMENT_PARSER) << "Can't get the transaction table";
return;
}
NginxAttachmentOpaque &opaque = i_transaction_table->getState<NginxAttachmentOpaque>();
if (type == ExtractType::SOURCEIDENTIFIER) { if (type == ExtractType::SOURCEIDENTIFIER) {
opaque.setSourceIdentifier(header.getKey(), value.unpack()); opaque.setSourceIdentifier(header.getKey(), value.unpack());
dbgDebug(D_NGINX_ATTACHMENT_PARSER) dbgDebug(D_NGINX_ATTACHMENT_PARSER)
<< "Added source identifir to XFF " << "Added source identifier from XFF header"
<< value.unpack(); << value.unpack();
opaque.setSavedData(HttpTransactionData::xff_vals_ctx, header.getValue());
opaque.setSavedData(HttpTransactionData::source_identifier, value.unpack());
dbgTrace(D_NGINX_ATTACHMENT_PARSER)
<< "XFF found, set ctx with value from header: "
<< static_cast<string>(header.getValue());
} else { } else {
opaque.setSavedData(HttpTransactionData::proxy_ip_ctx, value.unpack()); opaque.setSavedData(HttpTransactionData::proxy_ip_ctx, value.unpack());
} }

2
components/gradual_deployment/gradual_deployment.cc
View File

@@ -128,7 +128,7 @@ private:
break; break;
} }
default: default:
dbgAssert(false) << "Unsupported IP type"; dbgAssert(false) << AlertInfo(AlertTeam::CORE, "gradual deployment") << "Unsupported IP type";
} }
return address; return address;
} }

8
components/health_check_manager/health_check_manager_ut/CMakeLists.txt
View File

@@ -1,8 +0,0 @@
include_directories(${CMAKE_SOURCE_DIR}/components/include)
link_directories(${BOOST_ROOT}/lib)
add_unit_test(
health_check_manager_ut
"health_check_manager_ut.cc"
"singleton;messaging;mainloop;health_check_manager;event_is;metric;-lboost_regex"
)

20
components/http_manager/http_manager.cc
View File

@@ -15,19 +15,18 @@
#include <string> #include <string>
#include <map> #include <map>
#include <sys/stat.h>
#include <climits>
#include <unordered_map> #include <unordered_map>
#include <boost/range/iterator_range.hpp> #include <unordered_set>
#include <boost/algorithm/string.hpp>
#include <fstream> #include <fstream>
#include <algorithm> #include <algorithm>
#include "common.h" #include "common.h"
#include "config.h" #include "config.h"
#include "table_opaque.h"
#include "http_manager_opaque.h" #include "http_manager_opaque.h"
#include "log_generator.h" #include "log_generator.h"
#include "http_inspection_events.h" #include "http_inspection_events.h"
#include "agent_core_utilities.h"
USE_DEBUG_FLAG(D_HTTP_MANAGER); USE_DEBUG_FLAG(D_HTTP_MANAGER);
@@ -46,7 +45,10 @@ operator<<(ostream &os, const EventVerdict &event)
case ngx_http_cp_verdict_e::TRAFFIC_VERDICT_WAIT: return os << "Wait"; case ngx_http_cp_verdict_e::TRAFFIC_VERDICT_WAIT: return os << "Wait";
} }
dbgAssert(false) << "Illegal Event Verdict value: " << static_cast<uint>(event.getVerdict()); dbgAssert(false)
<< AlertInfo(AlertTeam::CORE, "http manager")
<< "Illegal Event Verdict value: "
<< static_cast<uint>(event.getVerdict());
return os; return os;
} }
@@ -92,6 +94,7 @@ public:
HttpManagerOpaque &state = i_transaction_table->getState<HttpManagerOpaque>(); HttpManagerOpaque &state = i_transaction_table->getState<HttpManagerOpaque>();
string event_key = static_cast<string>(event.getKey()); string event_key = static_cast<string>(event.getKey());
if (event_key == getProfileAgentSettingWithDefault<string>("", "agent.customHeaderValueLogging")) { if (event_key == getProfileAgentSettingWithDefault<string>("", "agent.customHeaderValueLogging")) {
string event_value = static_cast<string>(event.getValue()); string event_value = static_cast<string>(event.getValue());
dbgTrace(D_HTTP_MANAGER) dbgTrace(D_HTTP_MANAGER)
@@ -321,8 +324,11 @@ private:
state.setApplicationVerdict(respond.first, respond.second.getVerdict()); state.setApplicationVerdict(respond.first, respond.second.getVerdict());
} }
FilterVerdict aggregated_verdict = state.getCurrVerdict();
return state.getCurrVerdict(); if (aggregated_verdict.getVerdict() == ngx_http_cp_verdict_e::TRAFFIC_VERDICT_DROP) {
SecurityAppsDropEvent(state.getCurrentDropVerdictCausers()).notify();
}
return aggregated_verdict;
} }
static void static void

20
components/http_manager/http_manager_opaque.cc
View File

@@ -69,6 +69,7 @@ HttpManagerOpaque::getCurrVerdict() const
break; break;
default: default:
dbgAssert(false) dbgAssert(false)
<< AlertInfo(AlertTeam::CORE, "http manager")
<< "Received unknown verdict " << "Received unknown verdict "
<< static_cast<int>(app_verdic_pair.second); << static_cast<int>(app_verdic_pair.second);
} }
@@ -77,6 +78,25 @@ HttpManagerOpaque::getCurrVerdict() const
return accepted_apps == applications_verdicts.size() ? ngx_http_cp_verdict_e::TRAFFIC_VERDICT_ACCEPT : verdict; return accepted_apps == applications_verdicts.size() ? ngx_http_cp_verdict_e::TRAFFIC_VERDICT_ACCEPT : verdict;
} }
std::set<std::string>
HttpManagerOpaque::getCurrentDropVerdictCausers() const
{
std::set<std::string> causers;
if (manager_verdict == ngx_http_cp_verdict_e::TRAFFIC_VERDICT_DROP) {
causers.insert(HTTP_MANAGER_NAME);
}
for (const auto &app_verdic_pair : applications_verdicts) {
bool was_dropped = app_verdic_pair.second == ngx_http_cp_verdict_e::TRAFFIC_VERDICT_DROP;
dbgTrace(D_HTTP_MANAGER)
<< "The verdict from: " << app_verdic_pair.first
<< (was_dropped ? " is \"drop\"" : " is not \"drop\" ");
if (was_dropped) {
causers.insert(app_verdic_pair.first);
}
}
return causers;
}
void void
HttpManagerOpaque::saveCurrentDataToCache(const Buffer &full_data) HttpManagerOpaque::saveCurrentDataToCache(const Buffer &full_data)
{ {

3
components/http_manager/http_manager_opaque.h
View File

@@ -20,6 +20,8 @@
#include "table_opaque.h" #include "table_opaque.h"
#include "nginx_attachment_common.h" #include "nginx_attachment_common.h"
static const std::string HTTP_MANAGER_NAME = "HTTP Manager";
class HttpManagerOpaque : public TableOpaqueSerialize<HttpManagerOpaque> class HttpManagerOpaque : public TableOpaqueSerialize<HttpManagerOpaque>
{ {
public: public:
@@ -30,6 +32,7 @@ public:
void setManagerVerdict(ngx_http_cp_verdict_e verdict) { manager_verdict = verdict; } void setManagerVerdict(ngx_http_cp_verdict_e verdict) { manager_verdict = verdict; }
ngx_http_cp_verdict_e getManagerVerdict() const { return manager_verdict; } ngx_http_cp_verdict_e getManagerVerdict() const { return manager_verdict; }
ngx_http_cp_verdict_e getCurrVerdict() const; ngx_http_cp_verdict_e getCurrVerdict() const;
std::set<std::string> getCurrentDropVerdictCausers() const;
void saveCurrentDataToCache(const Buffer &full_data); void saveCurrentDataToCache(const Buffer &full_data);
void setUserDefinedValue(const std::string &value) { user_defined_value = value; } void setUserDefinedValue(const std::string &value) { user_defined_value = value; }
Maybe<std::string> getUserDefinedValue() const { return user_defined_value; } Maybe<std::string> getUserDefinedValue() const { return user_defined_value; }

45
components/include/central_nginx_manager.h Executable file
View File

@@ -0,0 +1,45 @@
// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef __CENTRAL_NGINX_MANAGER_H__
#define __CENTRAL_NGINX_MANAGER_H__
#include "component.h"
#include "singleton.h"
#include "i_messaging.h"
#include "i_rest_api.h"
#include "i_mainloop.h"
#include "i_agent_details.h"
class CentralNginxManager
:
public Component,
Singleton::Consume<I_RestApi>,
Singleton::Consume<I_Messaging>,
Singleton::Consume<I_MainLoop>,
Singleton::Consume<I_AgentDetails>
{
public:
CentralNginxManager();
~CentralNginxManager();
void preload() override;
void init() override;
void fini() override;
private:
class Impl;
std::unique_ptr<Impl> pimpl;
};
#endif // __CENTRAL_NGINX_MANAGER_H__

1
components/include/details_resolver.h
View File

@@ -34,6 +34,7 @@ public:
~DetailsResolver(); ~DetailsResolver();
void preload() override; void preload() override;
void init() override;
private: private:
class Impl; class Impl;

2
components/include/downloader.h
View File

@@ -21,6 +21,7 @@
#include "url_parser.h" #include "url_parser.h"
#include "i_agent_details.h" #include "i_agent_details.h"
#include "i_mainloop.h" #include "i_mainloop.h"
#include "i_environment.h"
#include "singleton.h" #include "singleton.h"
#include "component.h" #include "component.h"
@@ -32,6 +33,7 @@ class Downloader
Singleton::Consume<I_Encryptor>, Singleton::Consume<I_Encryptor>,
Singleton::Consume<I_MainLoop>, Singleton::Consume<I_MainLoop>,
Singleton::Consume<I_OrchestrationTools>, Singleton::Consume<I_OrchestrationTools>,
Singleton::Consume<I_Environment>,
Singleton::Consume<I_UpdateCommunication> Singleton::Consume<I_UpdateCommunication>
{ {
public: public:

3
components/include/external_sdk_server.h
View File

@@ -24,7 +24,8 @@ class ExternalSdkServer
: :
public Component, public Component,
Singleton::Provide<I_ExternalSdkServer>, Singleton::Provide<I_ExternalSdkServer>,
Singleton::Consume<I_RestApi> Singleton::Consume<I_RestApi>,
Singleton::Consume<I_Messaging>
{ {
public: public:
ExternalSdkServer(); ExternalSdkServer();

2
components/include/generic_rulebase/match_query.h
View File

@@ -89,7 +89,9 @@ private:
bool matchAttributesRegEx(const std::set<std::string> &values, bool matchAttributesRegEx(const std::set<std::string> &values,
std::set<std::string> &matched_override_keywords) const; std::set<std::string> &matched_override_keywords) const;
bool matchAttributesString(const std::set<std::string> &values) const; bool matchAttributesString(const std::set<std::string> &values) const;
bool matchAttributesIp(const std::set<std::string> &values) const;
bool isRegEx() const; bool isRegEx() const;
void sortAndMergeIpRangesValues();
MatchType type; MatchType type;
Operators operator_type; Operators operator_type;

4
components/include/health_checker.h
View File

@@ -21,6 +21,7 @@
#include "i_shell_cmd.h" #include "i_shell_cmd.h"
#include "i_orchestration_status.h" #include "i_orchestration_status.h"
#include "component.h" #include "component.h"
#include "i_service_controller.h"
class HealthChecker class HealthChecker
: :
@@ -29,7 +30,8 @@ class HealthChecker
Singleton::Consume<I_Socket>, Singleton::Consume<I_Socket>,
Singleton::Consume<I_Health_Check_Manager>, Singleton::Consume<I_Health_Check_Manager>,
Singleton::Consume<I_ShellCmd>, Singleton::Consume<I_ShellCmd>,
Singleton::Consume<I_OrchestrationStatus> Singleton::Consume<I_OrchestrationStatus>,
Singleton::Consume<I_ServiceController>
{ {
public: public:
HealthChecker(); HealthChecker();

4
components/include/http_event_impl/i_http_event_impl.h
View File

@@ -50,9 +50,11 @@ public:
position(mod_position) position(mod_position)
{ {
dbgAssert(mod_type != ModificationType::APPEND || position == injection_pos_irrelevant) dbgAssert(mod_type != ModificationType::APPEND || position == injection_pos_irrelevant)
<< AlertInfo(AlertTeam::CORE, "http manager")
<< "Injection position is not applicable to a modification of type \"Append\""; << "Injection position is not applicable to a modification of type \"Append\"";
dbgAssert(mod_type != ModificationType::INJECT || position >= 0) dbgAssert(mod_type != ModificationType::INJECT || position >= 0)
<< AlertInfo(AlertTeam::CORE, "http manager")
<< "Invalid injection position: must be non-negative. Position: " << "Invalid injection position: must be non-negative. Position: "
<< position; << position;
} }
@@ -166,6 +168,7 @@ private:
} }
default: default:
dbgAssert(false) dbgAssert(false)
<< AlertInfo(AlertTeam::CORE, "http manager")
<< "Unknown type of ModificationType: " << "Unknown type of ModificationType: "
<< static_cast<int>(modification_type); << static_cast<int>(modification_type);
} }
@@ -236,6 +239,7 @@ public:
const Buffer & getValue() const { return value; } const Buffer & getValue() const { return value; }
bool isLastHeader() const { return is_last_header; } bool isLastHeader() const { return is_last_header; }
void setIsLastHeader() { is_last_header = true; }
uint8_t getHeaderIndex() const { return header_index; } uint8_t getHeaderIndex() const { return header_index; }
private: private:

3
components/include/http_geo_filter.h
View File

@@ -15,7 +15,8 @@ class HttpGeoFilter
public Component, public Component,
Singleton::Consume<I_MainLoop>, Singleton::Consume<I_MainLoop>,
Singleton::Consume<I_GeoLocation>, Singleton::Consume<I_GeoLocation>,
Singleton::Consume<I_GenericRulebase> Singleton::Consume<I_GenericRulebase>,
Singleton::Consume<I_Environment>
{ {
public: public:
HttpGeoFilter(); HttpGeoFilter();

12
components/include/http_inspection_events.h
View File

@@ -183,4 +183,16 @@ class WaitTransactionEvent : public Event<WaitTransactionEvent, EventVerdict>
{ {
}; };
class SecurityAppsDropEvent : public Event<SecurityAppsDropEvent>
{
public:
SecurityAppsDropEvent(
const std::set<std::string> &apps_names)
:
apps_names(apps_names) {}
const std::set<std::string> & getAppsNames() const { return apps_names; }
private:
const std::set<std::string> apps_names;
};
#endif // __HTTP_INSPECTION_EVENTS_H__ #endif // __HTTP_INSPECTION_EVENTS_H__

1
components/include/http_transaction_data.h
View File

@@ -136,6 +136,7 @@ public:
static const std::string req_body; static const std::string req_body;
static const std::string source_identifier; static const std::string source_identifier;
static const std::string proxy_ip_ctx; static const std::string proxy_ip_ctx;
static const std::string xff_vals_ctx;
static const CompressionType default_response_content_encoding; static const CompressionType default_response_content_encoding;

2
components/include/i_details_resolver.h
View File

@@ -29,7 +29,9 @@ public:
virtual bool isGwNotVsx() = 0; virtual bool isGwNotVsx() = 0;
virtual bool isVersionAboveR8110() = 0; virtual bool isVersionAboveR8110() = 0;
virtual bool isReverseProxy() = 0; virtual bool isReverseProxy() = 0;
virtual bool isCloudStorageEnabled() = 0;
virtual Maybe<std::tuple<std::string, std::string, std::string>> parseNginxMetadata() = 0; virtual Maybe<std::tuple<std::string, std::string, std::string>> parseNginxMetadata() = 0;
virtual Maybe<std::tuple<std::string, std::string, std::string, std::string, std::string>> readCloudMetadata() = 0;
virtual std::map<std::string, std::string> getResolvedDetails() = 0; virtual std::map<std::string, std::string> getResolvedDetails() = 0;
#if defined(gaia) || defined(smb) #if defined(gaia) || defined(smb)
virtual bool compareCheckpointVersion(int cp_version, std::function<bool(int, int)> compare_operator) const = 0; virtual bool compareCheckpointVersion(int cp_version, std::function<bool(int, int)> compare_operator) const = 0;

2
components/include/i_downloader.h
View File

@@ -22,7 +22,7 @@
class I_Downloader class I_Downloader
{ {
public: public:
virtual Maybe<std::string> downloadFileFromFog( virtual Maybe<std::string> downloadFile(
const std::string &checksum, const std::string &checksum,
Package::ChecksumTypes, Package::ChecksumTypes,
const GetResourceFile &resourse_file const GetResourceFile &resourse_file

4
components/include/i_generic_rulebase.h
View File

@@ -17,6 +17,7 @@
#include <vector> #include <vector>
#include "generic_rulebase/parameters_config.h" #include "generic_rulebase/parameters_config.h"
#include "generic_rulebase/triggers_config.h"
#include "generic_rulebase/zone.h" #include "generic_rulebase/zone.h"
#include "config.h" #include "config.h"
@@ -26,6 +27,9 @@ public:
virtual Maybe<Zone, Config::Errors> getLocalZone() const = 0; virtual Maybe<Zone, Config::Errors> getLocalZone() const = 0;
virtual Maybe<Zone, Config::Errors> getOtherZone() const = 0; virtual Maybe<Zone, Config::Errors> getOtherZone() const = 0;
virtual LogTriggerConf getLogTriggerConf(const std::string &trigger_Id) const = 0;
virtual ParameterException getParameterException(const std::string &parameter_Id) const = 0;
using ParameterKeyValues = std::unordered_map<std::string, std::set<std::string>>; using ParameterKeyValues = std::unordered_map<std::string, std::set<std::string>>;
virtual std::set<ParameterBehavior> getBehavior(const ParameterKeyValues &key_value_pairs) const = 0; virtual std::set<ParameterBehavior> getBehavior(const ParameterKeyValues &key_value_pairs) const = 0;

2
components/include/i_orchestration_tools.h
View File

@@ -117,7 +117,7 @@ public:
const std::string &conf_path) const = 0; const std::string &conf_path) const = 0;
virtual bool copyFile(const std::string &src_path, const std::string &dst_path) const = 0; virtual bool copyFile(const std::string &src_path, const std::string &dst_path) const = 0;
virtual bool doesFileExist(const std::string &file_path) const = 0; virtual bool doesFileExist(const std::string &file_path) const = 0;
virtual void getClusterId() const = 0; virtual void setClusterId() const = 0;
virtual void fillKeyInJson( virtual void fillKeyInJson(
const std::string &filename, const std::string &filename,
const std::string &_key, const std::string &_key,

4
components/include/i_service_controller.h
View File

@@ -64,7 +64,9 @@ public:
const std::string &service_id const std::string &service_id
) = 0; ) = 0;
virtual std::map<std::string, PortNumber> getServiceToPortMap() = 0; virtual std::map<std::string, std::vector<PortNumber>> getServiceToPortMap() = 0;
virtual bool getServicesPolicyStatus() const = 0;
protected: protected:
virtual ~I_ServiceController() {} virtual ~I_ServiceController() {}

1
components/include/i_update_communication.h
View File

@@ -32,6 +32,7 @@ public:
const std::string &policy_versions const std::string &policy_versions
) const = 0; ) const = 0;
virtual Maybe<void> authenticateAgent() = 0; virtual Maybe<void> authenticateAgent() = 0;
virtual void registerLocalAgentToFog() = 0;
virtual Maybe<void> getUpdate(CheckUpdateRequest &request) = 0; virtual Maybe<void> getUpdate(CheckUpdateRequest &request) = 0;
virtual Maybe<std::string> downloadAttributeFile( virtual Maybe<std::string> downloadAttributeFile(
const GetResourceFile &resourse_file, const GetResourceFile &resourse_file,

2
components/include/i_waap_telemetry.h
View File

@@ -25,6 +25,7 @@ struct DecisionTelemetryData
std::string source; std::string source;
TrafficMethod method; TrafficMethod method;
int responseCode; int responseCode;
uint64_t elapsedTime;
std::set<std::string> attackTypes; std::set<std::string> attackTypes;
DecisionTelemetryData() : DecisionTelemetryData() :
@@ -36,6 +37,7 @@ struct DecisionTelemetryData
source(), source(),
method(POST), method(POST),
responseCode(0), responseCode(0),
elapsedTime(0),
attackTypes() attackTypes()
{ {
} }

3
components/include/ip_utilities.h
View File

@@ -28,8 +28,9 @@
// LCOV_EXCL_START Reason: temporary until we add relevant UT until 07/10 // LCOV_EXCL_START Reason: temporary until we add relevant UT until 07/10
bool operator<(const IpAddress &this_ip_addr, const IpAddress &other_ip_addr); bool operator<(const IpAddress &this_ip_addr, const IpAddress &other_ip_addr);
bool operator==(const IpAddress &this_ip_addr, const IpAddress &other_ip_addr); bool operator==(const IpAddress &this_ip_addr, const IpAddress &other_ip_addr);
bool operator<=(const IpAddress &this_ip_addr, const IpAddress &other_ip_addr);
bool operator<(const IPRange &range1, const IPRange &range2);
// LCOV_EXCL_STOP // LCOV_EXCL_STOP
Maybe<std::pair<std::string, int>> extractAddressAndMaskSize(const std::string &cidr); Maybe<std::pair<std::string, int>> extractAddressAndMaskSize(const std::string &cidr);

1
components/include/manifest_handler.h
View File

@@ -62,6 +62,7 @@ public:
private: private:
Maybe<std::string> downloadPackage(const Package &package, bool is_clean_installation); Maybe<std::string> downloadPackage(const Package &package, bool is_clean_installation);
std::string getCurrentTimestamp();
std::string manifest_file_path; std::string manifest_file_path;
std::string temp_ext; std::string temp_ext;

28
components/include/nginx_message_reader.h Executable file
View File

@@ -0,0 +1,28 @@
#ifndef __NGINX_MESSAGE_READER_H__
#define __NGINX_MESSAGE_READER_H__
#include "singleton.h"
#include "i_mainloop.h"
#include "i_socket_is.h"
#include "component.h"
class NginxMessageReader
:
public Component,
Singleton::Consume<I_MainLoop>,
Singleton::Consume<I_Socket>
{
public:
NginxMessageReader();
~NginxMessageReader();
void init() override;
void fini() override;
void preload() override;
private:
class Impl;
std::unique_ptr<Impl> pimpl;
};
#endif //__NGINX_MESSAGE_READER_H__

51
components/include/nginx_utils.h Executable file
View File

@@ -0,0 +1,51 @@
// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef __NGINX_UTILS_H__
#define __NGINX_UTILS_H__
#include <string>
#include "maybe_res.h"
#include "singleton.h"
#include "i_shell_cmd.h"
class NginxConfCollector
{
public:
NginxConfCollector(const std::string &nginx_conf_input_path, const std::string &nginx_conf_output_path);
Maybe<std::string> generateFullNginxConf() const;
private:
std::vector<std::string> expandIncludes(const std::string &includePattern) const;
void processConfigFile(
const std::string &path,
std::ostringstream &conf_output,
std::vector<std::string> &errors
) const;
std::string main_conf_input_path;
std::string main_conf_output_path;
std::string main_conf_directory_path;
};
class NginxUtils : Singleton::Consume<I_ShellCmd>
{
public:
static std::string getModulesPath();
static std::string getMainNginxConfPath();
static Maybe<void> validateNginxConf(const std::string &nginx_conf_path);
static Maybe<void> reloadNginx(const std::string &nginx_conf_path);
};
#endif // __NGINX_UTILS_H__

4
components/include/orchestration_comp.h
View File

@@ -31,6 +31,7 @@
#include "i_environment.h" #include "i_environment.h"
#include "i_tenant_manager.h" #include "i_tenant_manager.h"
#include "i_package_handler.h" #include "i_package_handler.h"
#include "i_proxy_configuration.h"
#include "i_env_details.h" #include "i_env_details.h"
#include "component.h" #include "component.h"
@@ -54,7 +55,8 @@ class OrchestrationComp
Singleton::Consume<I_UpdateCommunication>, Singleton::Consume<I_UpdateCommunication>,
Singleton::Consume<I_Downloader>, Singleton::Consume<I_Downloader>,
Singleton::Consume<I_ManifestController>, Singleton::Consume<I_ManifestController>,
Singleton::Consume<I_EnvDetails> Singleton::Consume<I_EnvDetails>,
Singleton::Consume<I_ProxyConfiguration>
{ {
public: public:
OrchestrationComp(); OrchestrationComp();

2
components/include/orchestration_status.h
View File

@@ -40,7 +40,7 @@ public:
~OrchestrationStatus(); ~OrchestrationStatus();
void init() override; void init() override;
private: private:
class Impl; class Impl;
std::unique_ptr<Impl> pimpl; std::unique_ptr<Impl> pimpl;

2
components/include/orchestrator/rest_api/get_resource_file.h
View File

@@ -115,7 +115,7 @@ public:
case ResourceFileType::VIRTUAL_SETTINGS: return "virtualSettings"; case ResourceFileType::VIRTUAL_SETTINGS: return "virtualSettings";
case ResourceFileType::VIRTUAL_POLICY: return "virtualPolicy"; case ResourceFileType::VIRTUAL_POLICY: return "virtualPolicy";
default: default:
dbgAssert(false) << "Unknown file type"; dbgAssert(false) << AlertInfo(AlertTeam::CORE, "update process") << "Unknown file type";
} }
return std::string(); return std::string();
} }

2
components/include/package.h
View File

@@ -56,7 +56,7 @@ private:
if (mapped_type.second == type) return mapped_type.first; if (mapped_type.second == type) return mapped_type.first;
} }
dbgAssert(false) << "Unsupported type " << static_cast<int>(type); dbgAssert(false) << AlertInfo(AlertTeam::CORE, "packaging") << "Unsupported type " << static_cast<int>(type);
// Just satisfying the compiler, this return never reached // Just satisfying the compiler, this return never reached
return std::string(); return std::string();
} }

4
components/include/package_handler.h
View File

@@ -17,6 +17,7 @@
#include "i_package_handler.h" #include "i_package_handler.h"
#include "i_orchestration_tools.h" #include "i_orchestration_tools.h"
#include "i_shell_cmd.h" #include "i_shell_cmd.h"
#include "i_environment.h"
#include "component.h" #include "component.h"
class PackageHandler class PackageHandler
@@ -24,7 +25,8 @@ class PackageHandler
public Component, public Component,
Singleton::Provide<I_PackageHandler>, Singleton::Provide<I_PackageHandler>,
Singleton::Consume<I_ShellCmd>, Singleton::Consume<I_ShellCmd>,
Singleton::Consume<I_OrchestrationTools> Singleton::Consume<I_OrchestrationTools>,
Singleton::Consume<I_Environment>
{ {
public: public:
PackageHandler(); PackageHandler();

8
components/include/rate_limit.h
View File

@@ -7,15 +7,21 @@
#include "singleton.h" #include "singleton.h"
#include "i_mainloop.h" #include "i_mainloop.h"
#include "i_environment.h" #include "i_environment.h"
#include "i_geo_location.h"
#include "i_generic_rulebase.h" #include "i_generic_rulebase.h"
#include "i_shell_cmd.h"
#include "i_env_details.h"
class RateLimit class RateLimit
: :
public Component, public Component,
Singleton::Consume<I_MainLoop>, Singleton::Consume<I_MainLoop>,
Singleton::Consume<I_TimeGet>, Singleton::Consume<I_TimeGet>,
Singleton::Consume<I_GeoLocation>,
Singleton::Consume<I_Environment>, Singleton::Consume<I_Environment>,
Singleton::Consume<I_GenericRulebase> Singleton::Consume<I_GenericRulebase>,
Singleton::Consume<I_ShellCmd>,
Singleton::Consume<I_EnvDetails>
{ {
public: public:
RateLimit(); RateLimit();

12
components/include/reverse_proxy_defaults.h
View File

@@ -7,24 +7,28 @@ static const std::string product_name = getenv("DOCKER_RPM_ENABLED") ? "CloudGua
static const std::string default_cp_cert_file = "/etc/cp/cpCert.pem"; static const std::string default_cp_cert_file = "/etc/cp/cpCert.pem";
static const std::string default_cp_key_file = "/etc/cp/cpKey.key"; static const std::string default_cp_key_file = "/etc/cp/cpKey.key";
static const std::string default_rpm_conf_path = "/etc/cp/conf/rpmanager/"; static const std::string default_rpm_conf_path = "/etc/cp/conf/rpmanager/";
static const std::string default_certificate_path = "/etc/cp/rpmanager/certs"; static const std::string default_certificate_path = "/etc/cp/rpmanager/certs";
static const std::string default_manual_certs_path = "/etc/cp/rpmanager/manualCerts/";
static const std::string default_config_path = "/etc/cp/conf/rpmanager/servers";
static const std::string default_rpm_prepare_path = "/etc/cp/conf/rpmanager/prepare/servers";
static const std::string default_nginx_log_files_path = "/var/log/nginx/";
static const std::string default_additional_files_path = "/etc/cp/conf/rpmanager/include"; static const std::string default_additional_files_path = "/etc/cp/conf/rpmanager/include";
static const std::string default_server_config = "additional_server_config.conf"; static const std::string default_server_config = "additional_server_config.conf";
static const std::string default_location_config = "additional_location_config.conf"; static const std::string default_location_config = "additional_location_config.conf";
static const std::string default_trusted_ca_suffix = "_user_ca_bundle.crt"; static const std::string default_trusted_ca_suffix = "_user_ca_bundle.crt";
static const std::string default_nginx_log_files_path = "/var/log/nginx/";
static const std::string default_log_files_host_path = "/var/log/nano_agent/rpmanager/nginx_log/"; static const std::string default_log_files_host_path = "/var/log/nano_agent/rpmanager/nginx_log/";
static const std::string default_config_path = "/etc/cp/conf/rpmanager/servers";
static const std::string default_template_path = "/etc/cp/conf/rpmanager/nginx-template-clear"; static const std::string default_template_path = "/etc/cp/conf/rpmanager/nginx-template-clear";
static const std::string default_manual_certs_path = "/etc/cp/rpmanager/manualCerts/";
static const std::string default_server_certificate_path = "/etc/cp/rpmanager/certs/sslCertificate_"; static const std::string default_server_certificate_path = "/etc/cp/rpmanager/certs/sslCertificate_";
static const std::string default_server_certificate_key_path = "/etc/cp/rpmanager/certs/sslPrivateKey_"; static const std::string default_server_certificate_key_path = "/etc/cp/rpmanager/certs/sslPrivateKey_";
static const std::string default_container_name = "cp_nginx_gaia"; static const std::string default_container_name = "cp_nginx_gaia";
static const std::string default_docker_image = "cp_nginx_gaia"; static const std::string default_docker_image = "cp_nginx_gaia";
static const std::string default_nginx_config_file = "/etc/cp/conf/rpmanager/nginx.conf"; static const std::string default_nginx_config_file = "/etc/cp/conf/rpmanager/nginx.conf";
static const std::string default_prepare_nginx_config_file = "/etc/cp/conf/rpmanager/nginx_prepare.conf";
static const std::string default_global_conf_template = "/etc/cp/conf/rpmanager/nginx-conf-template"; static const std::string default_global_conf_template = "/etc/cp/conf/rpmanager/nginx-conf-template";
static const std::string default_nginx_config_include_file = static const std::string default_nginx_config_include_file =
"/etc/cp/conf/rpmanager/servers/nginx_conf_include"; "/etc/cp/conf/rpmanager/servers/00_nginx_conf_include.conf";
static const std::string default_global_conf_include_template = static const std::string default_global_conf_include_template =
"/etc/cp/conf/rpmanager/nginx-conf-include-template"; "/etc/cp/conf/rpmanager/nginx-conf-include-template";
static const std::string default_global_conf_include_template_no_responses = static const std::string default_global_conf_include_template_no_responses =

39
components/include/service_health_status.h Normal file
View File

@@ -0,0 +1,39 @@
// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef __SERVICE_HEALTH_STATUS_H__
#define __SERVICE_HEALTH_STATUS_H__
#include "singleton.h"
#include "i_rest_api.h"
#include "i_environment.h"
#include "component.h"
class ServiceHealthStatus
:
public Component,
Singleton::Consume<I_RestApi>,
Singleton::Consume<I_Environment>
{
public:
ServiceHealthStatus();
~ServiceHealthStatus();
void init() override;
private:
class Impl;
std::unique_ptr<Impl> pimpl;
};
#endif // __SERVICE_HEALTH_STATUS_H__

50
components/include/telemetry.h
View File

@@ -30,6 +30,7 @@
#include "generic_metric.h" #include "generic_metric.h"
#define LOGGING_INTERVAL_IN_MINUTES 10 #define LOGGING_INTERVAL_IN_MINUTES 10
USE_DEBUG_FLAG(D_WAAP);
enum class AssetType { API, WEB, ALL, COUNT }; enum class AssetType { API, WEB, ALL, COUNT };
class WaapTelemetryEvent : public Event<WaapTelemetryEvent> class WaapTelemetryEvent : public Event<WaapTelemetryEvent>
@@ -91,6 +92,7 @@ private:
MetricCalculations::Counter response_2xx{this, "reservedNgenG"}; MetricCalculations::Counter response_2xx{this, "reservedNgenG"};
MetricCalculations::Counter response_4xx{this, "reservedNgenH"}; MetricCalculations::Counter response_4xx{this, "reservedNgenH"};
MetricCalculations::Counter response_5xx{this, "reservedNgenI"}; MetricCalculations::Counter response_5xx{this, "reservedNgenI"};
MetricCalculations::Average<uint64_t> average_latency{this, "reservedNgenJ"};
}; };
class WaapAttackTypesMetrics : public WaapTelemetryBase class WaapAttackTypesMetrics : public WaapTelemetryBase
@@ -131,6 +133,7 @@ private:
std::map<std::string, std::shared_ptr<T>>& telemetryMap std::map<std::string, std::shared_ptr<T>>& telemetryMap
) { ) {
if (!telemetryMap.count(asset_id)) { if (!telemetryMap.count(asset_id)) {
dbgTrace(D_WAAP) << "creating telemetry data for asset: " << data.assetName;
telemetryMap.emplace(asset_id, std::make_shared<T>()); telemetryMap.emplace(asset_id, std::make_shared<T>());
telemetryMap[asset_id]->init( telemetryMap[asset_id]->init(
telemetryName, telemetryName,
@@ -138,7 +141,9 @@ private:
ReportIS::IssuingEngine::AGENT_CORE, ReportIS::IssuingEngine::AGENT_CORE,
std::chrono::minutes(LOGGING_INTERVAL_IN_MINUTES), std::chrono::minutes(LOGGING_INTERVAL_IN_MINUTES),
true, true,
ReportIS::Audience::SECURITY ReportIS::Audience::SECURITY,
false,
asset_id
); );
telemetryMap[asset_id]->template registerContext<std::string>( telemetryMap[asset_id]->template registerContext<std::string>(
@@ -151,29 +156,30 @@ private:
std::string("Web Application"), std::string("Web Application"),
EnvKeyAttr::LogSection::SOURCE EnvKeyAttr::LogSection::SOURCE
); );
telemetryMap[asset_id]->template registerContext<std::string>(
"assetId",
asset_id,
EnvKeyAttr::LogSection::SOURCE
);
telemetryMap[asset_id]->template registerContext<std::string>(
"assetName",
data.assetName,
EnvKeyAttr::LogSection::SOURCE
);
telemetryMap[asset_id]->template registerContext<std::string>(
"practiceId",
data.practiceId,
EnvKeyAttr::LogSection::SOURCE
);
telemetryMap[asset_id]->template registerContext<std::string>(
"practiceName",
data.practiceName,
EnvKeyAttr::LogSection::SOURCE
);
telemetryMap[asset_id]->registerListener(); telemetryMap[asset_id]->registerListener();
} }
dbgTrace(D_WAAP) << "updating telemetry data for asset: " << data.assetName;
telemetryMap[asset_id]->template registerContext<std::string>(
"assetId",
asset_id,
EnvKeyAttr::LogSection::SOURCE
);
telemetryMap[asset_id]->template registerContext<std::string>(
"assetName",
data.assetName,
EnvKeyAttr::LogSection::SOURCE
);
telemetryMap[asset_id]->template registerContext<std::string>(
"practiceId",
data.practiceId,
EnvKeyAttr::LogSection::SOURCE
);
telemetryMap[asset_id]->template registerContext<std::string>(
"practiceName",
data.practiceName,
EnvKeyAttr::LogSection::SOURCE
);
} }
}; };

Some files were not shown because too many files have changed in this diff Show More