Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define Modsecurity Snippet via ConfigMap #4087

Merged
merged 2 commits into from
Sep 30, 2019
Merged

Define Modsecurity Snippet via ConfigMap #4087

merged 2 commits into from
Sep 30, 2019

Conversation

MRoci
Copy link
Contributor

@MRoci MRoci commented May 15, 2019

What this PR does / why we need it:
It would be handy to have a key in ConfigMap to define custom ModSecurity Rules shared across Ingresses, but now it's possible only with the annotation nginx.ingress.kubernetes.io/modsecurity-snippet.
This PR adds modsecurity-snippet key, whose loading is subordinated to what is defined by the annotation

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label May 15, 2019
@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label May 15, 2019
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 18, 2019
@aledbf
Copy link
Member

aledbf commented Sep 3, 2019

/ok-to-test

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Sep 3, 2019
@codecov-io
Copy link

codecov-io commented Sep 3, 2019
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (master@9ecec0d). Click here to learn what that means.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #4087   +/-   ##
=========================================
  Coverage          ?   58.74%           
=========================================
  Files             ?       88           
  Lines             ?     7116           
  Branches          ?        0           
=========================================
  Hits              ?     4180           
  Misses            ?     2490           
  Partials          ?      446

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9ecec0d...1ee081c. Read the comment docs.

@aledbf
Copy link
Member

aledbf commented Sep 4, 2019

/retest

@theoretick
Copy link
Contributor

👋 Hello! I was wondering if there was any updates on this PR and/or is there anything I could do to help it along? This would be a massive addition as without custom snippets we cannot enable the ruleset in blocking mode, customize logging, add custom rules, or a number of other critical changes.

Happy to help push this one over the finish line if any assistance is needed!

@MRoci
Copy link
Contributor Author

MRoci commented Sep 27, 2019

wave Hello! I was wondering if there was any updates on this PR and/or is there anything I could do to help it along? This would be a massive addition as without custom snippets we cannot enable the ruleset in blocking mode, customize logging, add custom rules, or a number of other critical changes.

Happy to help push this one over the finish line if any assistance is needed!

I've rebased, asap i'll look into any failiing test

@MRoci MRoci force-pushed the master branch 7 times, most recently from 5b51e74 to e722166 Compare September 27, 2019 13:59
@aledbf aledbf removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 27, 2019
@aledbf
Copy link
Member

aledbf commented Sep 30, 2019

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 30, 2019
@aledbf
Copy link
Member

aledbf commented Sep 30, 2019

@MRoci thanks!

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aledbf, MRoci

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 30, 2019
@k8s-ci-robot k8s-ci-robot merged commit fb025ab into kubernetes:master Sep 30, 2019
@SachinBadgujar SachinBadgujar mentioned this pull request Jan 8, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aledbf aledbf Awaiting requested review from aledbf

@ElvinEfendi ElvinEfendi Awaiting requested review from ElvinEfendi

Assignees

@aledbf aledbf

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@MRoci @fejta-bot @aledbf @codecov-io @theoretick @k8s-ci-robot