diff --git a/docs/content/configuration/policy-resource.md b/docs/content/configuration/policy-resource.md index b20c04c267..2e931b0c21 100644 --- a/docs/content/configuration/policy-resource.md +++ b/docs/content/configuration/policy-resource.md @@ -357,8 +357,6 @@ For `kubectl get` and similar commands, you can also use the short name `pol` in ### WAF -> **Feature Status**: WAF is available as a preview feature[^1]: We might introduce some backward-incompatible changes to the resource definition. The feature is disabled by default. To enable it, set the [enable-preview-policies](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-preview-policies) command-line argument of the Ingress Controller. - > Note: This feature is only available in NGINX Plus with AppProtect. The WAF policy configures NGINX Plus to secure client requests using App Protect policies. diff --git a/pkg/apis/configuration/validation/policy.go b/pkg/apis/configuration/validation/policy.go index 7d367e5c44..2ee1886996 100644 --- a/pkg/apis/configuration/validation/policy.go +++ b/pkg/apis/configuration/validation/policy.go @@ -84,10 +84,6 @@ func validatePolicySpec(spec *v1.PolicySpec, fieldPath *field.Path, isPlus, enab } if spec.WAF != nil { - if !enablePreviewPolicies { - allErrs = append(allErrs, field.Forbidden(fieldPath.Child("waf"), - "waf is a preview policy. Preview policies must be enabled to use via cli argument -enable-preview-policies")) - } if !isPlus { allErrs = append(allErrs, field.Forbidden(fieldPath.Child("waf"), "WAF is only supported in NGINX Plus")) } diff --git a/pkg/apis/configuration/validation/policy_test.go b/pkg/apis/configuration/validation/policy_test.go index 3748266330..98cf830848 100644 --- a/pkg/apis/configuration/validation/policy_test.go +++ b/pkg/apis/configuration/validation/policy_test.go @@ -71,6 +71,19 @@ func TestValidatePolicy(t *testing.T) { enableAppProtect: true, msg: "use WAF(plus only) policy", }, + { + policy: &v1.Policy{ + Spec: v1.PolicySpec{ + WAF: &v1.WAF{ + Enable: true, + }, + }, + }, + isPlus: true, + enablePreviewPolicies: false, + enableAppProtect: true, + msg: "WAF policy with preview policies disabled", + }, } for _, test := range tests { err := ValidatePolicy(test.policy, test.isPlus, test.enablePreviewPolicies, test.enableAppProtect) @@ -231,19 +244,6 @@ func TestValidatePolicyFails(t *testing.T) { enablePreviewPolicies: true, msg: "OIDC policy in OSS", }, - { - policy: &v1.Policy{ - Spec: v1.PolicySpec{ - WAF: &v1.WAF{ - Enable: true, - }, - }, - }, - isPlus: true, - enablePreviewPolicies: false, - enableAppProtect: true, - msg: "WAF policy with preview policies disabled", - }, { policy: &v1.Policy{ Spec: v1.PolicySpec{ diff --git a/tests/suite/test_app_protect_waf_policies.py b/tests/suite/test_app_protect_waf_policies.py index aac82fcea7..dffc434abe 100644 --- a/tests/suite/test_app_protect_waf_policies.py +++ b/tests/suite/test_app_protect_waf_policies.py @@ -137,7 +137,6 @@ def assert_valid_responses(response) -> None: f"-enable-custom-resources", f"-enable-leader-election=false", f"-enable-app-protect", - f"-enable-preview-policies", ], }, {"example": "ap-waf", "app_type": "simple",}, @@ -390,7 +389,6 @@ def test_ap_waf_policy_logs( f"-enable-custom-resources", f"-enable-leader-election=false", f"-enable-app-protect", - f"-enable-preview-policies", ], }, {"example": "virtual-server-route"}, diff --git a/tests/suite/test_batch_startup_times.py b/tests/suite/test_batch_startup_times.py index a94005bedb..2bb6fa30cc 100644 --- a/tests/suite/test_batch_startup_times.py +++ b/tests/suite/test_batch_startup_times.py @@ -412,7 +412,6 @@ def fin(): f"-enable-custom-resources", f"-enable-leader-election=false", f"-enable-app-protect", - f"-enable-preview-policies", f"-enable-prometheus-metrics", ], },