Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add websocket protocol option to monitor directive #3442

Merged
merged 3 commits into from
Jan 19, 2023
Merged

Add websocket protocol option to monitor directive #3442

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ab5c015
Add websocket protocol option to monitor directive
pasmant Jan 16, 2023
841626b
fix golint
pasmant Jan 16, 2023
5fee706
Merge branch 'main' into websocket
vepatel Jan 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion deployments/common/crds/appprotectdos.f5.com_dosprotectedresources.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,12 +39,13 @@ spec:
type: object
properties:
protocol:
description: Protocol determines if the server listens on http1 / http2 / grpc. The default is http1.
description: Protocol determines if the server listens on http1 / http2 / grpc / websocket. The default is http1.
type: string
enum:
- http1
- http2
- grpc
- websocket
timeout:
description: Timeout determines how long (in seconds) should NGINX App Protect DoS wait for a response. Default is 10 seconds for http1/http2 and 5 seconds for grpc.
type: integer
Expand Down
3 changes: 2 additions & 1 deletion deployments/helm-chart/crds/appprotectdos.f5.com_dosprotectedresources.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,12 +39,13 @@ spec:
type: object
properties:
protocol:
description: Protocol determines if the server listens on http1 / http2 / grpc. The default is http1.
description: Protocol determines if the server listens on http1 / http2 / grpc / websocket. The default is http1.
type: string
enum:
- http1
- http2
- grpc
- websocket
timeout:
description: Timeout determines how long (in seconds) should NGINX App Protect DoS wait for a response. Default is 10 seconds for http1/http2 and 5 seconds for grpc.
type: integer
Expand Down
2 changes: 1 addition & 1 deletion docs/content/app-protect-dos/dos-protected.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ spec:
|``enable`` | Enables NGINX App Protect DoS. | ``bool`` | No |
|``name`` | Name of the protected object, max of 63 characters. | ``string`` | No |
|``apDosMonitor.uri`` | The destination to the desired protected object. [App Protect DoS monitor](#dosprotectedresourceapdosmonitor) Default value: None, URL will be extracted from the first request which arrives and taken from "Host" header or from destination ip+port. | ``string`` | No |
|``apDosMonitor.protocol`` | Determines if the server listens on http1 / http2 / grpc. [App Protect DoS monitor](#dosprotectedresourceapdosmonitor) Default value: http1. | ``enum`` | No |
|``apDosMonitor.protocol`` | Determines if the server listens on http1 / http2 / grpc / websocket. [App Protect DoS monitor](#dosprotectedresourceapdosmonitor) Default value: http1. | ``enum`` | No |
|``apDosMonitor.timeout`` | Determines how long (in seconds) should NGINX App Protect DoS wait for a response. [App Protect DoS monitor](#dosprotectedresourceapdosmonitor) Default value: 10 seconds for http1/http2 and 5 seconds for grpc. | ``int64`` | No |
|``apDosPolicy`` | The [App Protect DoS policy](#dosprotectedresourceapdospolicy) of the dos. Accepts an optional namespace. | ``string`` | No |
|``dosSecurityLog.enable`` | Enables security log. | ``bool`` | No |
Expand Down
4 changes: 2 additions & 2 deletions pkg/apis/dos/v1beta1/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,8 @@ type DosProtectedResourceSpec struct {
type ApDosMonitor struct {
// URI is the destination to the desired protected object in the nginx.conf:
URI string `json:"uri"`
// +kubebuilder:validation:Enum=http1;http2;grpc
// Protocol determines if the server listens on http1 / http2 / grpc. The default is http1.
// +kubebuilder:validation:Enum=http1;http2;grpc;websocket
// Protocol determines if the server listens on http1 / http2 / grpc / websocket. The default is http1.
Protocol string `json:"protocol"`
// Timeout determines how long (in seconds) should NGINX App Protect DoS wait for a response. Default is 10 seconds for http1/http2 and 5 seconds for grpc.
Timeout uint64 `json:"timeout"`
Expand Down
7 changes: 4 additions & 3 deletions pkg/apis/dos/validation/dos.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,9 +152,10 @@ func validateAppProtectDosName(name string) error {
}

var validMonitorProtocol = map[string]bool{
"http1": true,
"http2": true,
"grpc": true,
"http1": true,
"http2": true,
"grpc": true,
"websocket": true,
}

func validateAppProtectDosMonitor(apDosMonitor v1beta1.ApDosMonitor) error {
Expand Down
5 changes: 5 additions & 0 deletions pkg/apis/dos/validation/dos_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -416,6 +416,11 @@ func TestValidateAppProtectDosMonitor(t *testing.T) {
Protocol: "grpc",
Timeout: 10,
},
{
URI: "https://example.com/good_path",
Protocol: "websocket",
Timeout: 10,
},
}
negDstAntns := []struct {
apDosMonitor v1beta1.ApDosMonitor
Expand Down