From ab5c015e6e89294eb1f4a02e868df9a680e558c7 Mon Sep 17 00:00:00 2001
From: tomer pasman <pasmant@gmail.com>
Date: Mon, 16 Jan 2023 16:13:58 +0200
Subject: [PATCH 1/2] Add websocket protocol option to monitor directive

---
 .../crds/appprotectdos.f5.com_dosprotectedresources.yaml   | 3 ++-
 .../crds/appprotectdos.f5.com_dosprotectedresources.yaml   | 3 ++-
 docs/content/app-protect-dos/dos-protected.md              | 2 +-
 pkg/apis/dos/v1beta1/types.go                              | 4 ++--
 pkg/apis/dos/validation/dos.go                             | 7 ++++---
 pkg/apis/dos/validation/dos_test.go                        | 5 +++++
 6 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/deployments/common/crds/appprotectdos.f5.com_dosprotectedresources.yaml b/deployments/common/crds/appprotectdos.f5.com_dosprotectedresources.yaml
index 66214fc838..cda76ccd25 100644
--- a/deployments/common/crds/appprotectdos.f5.com_dosprotectedresources.yaml
+++ b/deployments/common/crds/appprotectdos.f5.com_dosprotectedresources.yaml
@@ -39,12 +39,13 @@ spec:
                   type: object
                   properties:
                     protocol:
-                      description: Protocol determines if the server listens on http1 / http2 / grpc. The default is http1.
+                      description: Protocol determines if the server listens on http1 / http2 / grpc / websocket. The default is http1.
                       type: string
                       enum:
                         - http1
                         - http2
                         - grpc
+                        - websocket
                     timeout:
                       description: Timeout determines how long (in seconds) should NGINX App Protect DoS wait for a response. Default is 10 seconds for http1/http2 and 5 seconds for grpc.
                       type: integer
diff --git a/deployments/helm-chart/crds/appprotectdos.f5.com_dosprotectedresources.yaml b/deployments/helm-chart/crds/appprotectdos.f5.com_dosprotectedresources.yaml
index 66214fc838..cda76ccd25 100644
--- a/deployments/helm-chart/crds/appprotectdos.f5.com_dosprotectedresources.yaml
+++ b/deployments/helm-chart/crds/appprotectdos.f5.com_dosprotectedresources.yaml
@@ -39,12 +39,13 @@ spec:
                   type: object
                   properties:
                     protocol:
-                      description: Protocol determines if the server listens on http1 / http2 / grpc. The default is http1.
+                      description: Protocol determines if the server listens on http1 / http2 / grpc / websocket. The default is http1.
                       type: string
                       enum:
                         - http1
                         - http2
                         - grpc
+                        - websocket
                     timeout:
                       description: Timeout determines how long (in seconds) should NGINX App Protect DoS wait for a response. Default is 10 seconds for http1/http2 and 5 seconds for grpc.
                       type: integer
diff --git a/docs/content/app-protect-dos/dos-protected.md b/docs/content/app-protect-dos/dos-protected.md
index 422a6bdc0f..1a2623156d 100644
--- a/docs/content/app-protect-dos/dos-protected.md
+++ b/docs/content/app-protect-dos/dos-protected.md
@@ -35,7 +35,7 @@ spec:
 |``enable`` | Enables NGINX App Protect DoS. | ``bool`` | No |
 |``name`` | Name of the protected object, max of 63 characters. | ``string`` | No |
 |``apDosMonitor.uri`` | The destination to the desired protected object. [App Protect DoS monitor](#dosprotectedresourceapdosmonitor) Default value: None, URL will be extracted from the first request which arrives and taken from "Host" header or from destination ip+port. | ``string`` | No |
-|``apDosMonitor.protocol`` | Determines if the server listens on http1 / http2 / grpc. [App Protect DoS monitor](#dosprotectedresourceapdosmonitor) Default value: http1. | ``enum`` | No |
+|``apDosMonitor.protocol`` | Determines if the server listens on http1 / http2 / grpc / websocket. [App Protect DoS monitor](#dosprotectedresourceapdosmonitor) Default value: http1. | ``enum`` | No |
 |``apDosMonitor.timeout`` | Determines how long (in seconds) should NGINX App Protect DoS wait for a response. [App Protect DoS monitor](#dosprotectedresourceapdosmonitor) Default value: 10 seconds for http1/http2 and 5 seconds for grpc. | ``int64`` | No |
 |``apDosPolicy`` | The [App Protect DoS policy](#dosprotectedresourceapdospolicy) of the dos. Accepts an optional namespace. | ``string`` | No |
 |``dosSecurityLog.enable`` | Enables security log. | ``bool`` | No |
diff --git a/pkg/apis/dos/v1beta1/types.go b/pkg/apis/dos/v1beta1/types.go
index b5c5cb96e2..0a487da491 100644
--- a/pkg/apis/dos/v1beta1/types.go
+++ b/pkg/apis/dos/v1beta1/types.go
@@ -33,8 +33,8 @@ type DosProtectedResourceSpec struct {
 type ApDosMonitor struct {
 	// URI is the destination to the desired protected object in the nginx.conf:
 	URI string `json:"uri"`
-	// +kubebuilder:validation:Enum=http1;http2;grpc
-	// Protocol determines if the server listens on http1 / http2 / grpc. The default is http1.
+	// +kubebuilder:validation:Enum=http1;http2;grpc;websocket
+	// Protocol determines if the server listens on http1 / http2 / grpc / websocket. The default is http1.
 	Protocol string `json:"protocol"`
 	// Timeout determines how long (in seconds) should NGINX App Protect DoS wait for a response. Default is 10 seconds for http1/http2 and 5 seconds for grpc.
 	Timeout uint64 `json:"timeout"`
diff --git a/pkg/apis/dos/validation/dos.go b/pkg/apis/dos/validation/dos.go
index 9b7b1fafd9..2c4efc268b 100644
--- a/pkg/apis/dos/validation/dos.go
+++ b/pkg/apis/dos/validation/dos.go
@@ -152,9 +152,10 @@ func validateAppProtectDosName(name string) error {
 }
 
 var validMonitorProtocol = map[string]bool{
-	"http1": true,
-	"http2": true,
-	"grpc":  true,
+	"http1":     true,
+	"http2":     true,
+	"grpc":      true,
+	"websocket": true,
 }
 
 func validateAppProtectDosMonitor(apDosMonitor v1beta1.ApDosMonitor) error {
diff --git a/pkg/apis/dos/validation/dos_test.go b/pkg/apis/dos/validation/dos_test.go
index fdb92c2661..40651d88a6 100644
--- a/pkg/apis/dos/validation/dos_test.go
+++ b/pkg/apis/dos/validation/dos_test.go
@@ -416,6 +416,11 @@ func TestValidateAppProtectDosMonitor(t *testing.T) {
 			Protocol: "grpc",
 			Timeout:  10,
 		},
+        {
+            URI:      "https://example.com/good_path",
+            Protocol: "websocket",
+            Timeout:  10,
+        },
 	}
 	negDstAntns := []struct {
 		apDosMonitor v1beta1.ApDosMonitor

From 841626b9d13d302d1d045e60a99e5e8de6519509 Mon Sep 17 00:00:00 2001
From: tomer pasman <pasmant@gmail.com>
Date: Mon, 16 Jan 2023 16:43:18 +0200
Subject: [PATCH 2/2] fix golint

---
 pkg/apis/dos/validation/dos_test.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkg/apis/dos/validation/dos_test.go b/pkg/apis/dos/validation/dos_test.go
index 40651d88a6..e1bfc5494a 100644
--- a/pkg/apis/dos/validation/dos_test.go
+++ b/pkg/apis/dos/validation/dos_test.go
@@ -416,11 +416,11 @@ func TestValidateAppProtectDosMonitor(t *testing.T) {
 			Protocol: "grpc",
 			Timeout:  10,
 		},
-        {
-            URI:      "https://example.com/good_path",
-            Protocol: "websocket",
-            Timeout:  10,
-        },
+		{
+			URI:      "https://example.com/good_path",
+			Protocol: "websocket",
+			Timeout:  10,
+		},
 	}
 	negDstAntns := []struct {
 		apDosMonitor v1beta1.ApDosMonitor