Commit a9e800e6 authored by Mayra Cabrera's avatar Mayra Cabrera

Merge branch '8558-use-custom-modsecurity-ingress-config' into 'master'

Add custom modsecurity template to ingress-controller

Closes #8558

See merge request gitlab-org/gitlab!18485
parents 0122ca3b 04b4a516
......@@ -78,12 +78,42 @@ module Clusters
"controller" => {
"config" => {
"enable-modsecurity" => "true",
"enable-owasp-modsecurity-crs" => "true"
}
"enable-owasp-modsecurity-crs" => "true",
"modsecurity.conf" => modsecurity_config_content
},
"extraVolumeMounts" => [
{
"name" => "modsecurity-template-volume",
"mountPath" => "/etc/nginx/modsecurity/modsecurity.conf",
"subPath" => "modsecurity.conf"
}
],
"extraVolumes" => [
{
"name" => "modsecurity-template-volume",
"configMap" => {
"name" => "ingress-nginx-ingress-controller",
"items" => [
{
"key" => "modsecurity.conf",
"path" => "modsecurity.conf"
}
]
}
}
]
}
}
end
def modsecurity_config_content
File.read(modsecurity_config_file_path)
end
def modsecurity_config_file_path
Rails.root.join('vendor', 'ingress', 'modsecurity.conf')
end
def content_values
YAML.load_file(chart_values_file).deep_merge!(specification)
end
......
---
title: Add modsecurity template for ingress-controller
merge_request: 18485
author:
type: changed
......@@ -156,6 +156,15 @@ describe Clusters::Applications::Ingress do
it 'includes modsecurity core ruleset enablement' do
expect(subject.values).to include("enable-owasp-modsecurity-crs: 'true'")
end
it 'includes modsecurity.conf content' do
expect(subject.values).to include('modsecurity.conf')
# Includes file content from Ingress#modsecurity_config_content
expect(subject.values).to include('SecAuditLog')
expect(subject.values).to include('extraVolumes')
expect(subject.values).to include('extraVolumeMounts')
end
end
context 'when ingress_modsecurity is disabled' do
......@@ -172,6 +181,15 @@ describe Clusters::Applications::Ingress do
it 'excludes modsecurity core ruleset enablement' do
expect(subject.values).not_to include('enable-owasp-modsecurity-crs')
end
it 'excludes modsecurity.conf content' do
expect(subject.values).not_to include('modsecurity.conf')
# Excludes file content from Ingress#modsecurity_config_content
expect(subject.values).not_to include('SecAuditLog')
expect(subject.values).not_to include('extraVolumes')
expect(subject.values).not_to include('extraVolumeMounts')
end
end
end
end
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment