Addressed comments.
Diff comments:
> diff --git a/config.yaml b/config.yaml
> index a043cad..6af47e2 100644
> --- a/config.yaml
> +++ b/config.yaml
> @@ -106,3 +106,8 @@ options:
> YAML dictionary with keys named after WordPress settings and the
> desired values.
> Please note that the settings will be reset to values provided every
> time hooks run.
> default: ""
> + use_nginx_ingress_modsec:
> + type: boolean
> + default: true
Yes. The Dockerfile method was more hacky, and I felt that it shouldn't be made
the default immediately.
Here, we're using standard configurations and it can be very easily changed
with a juju command, whereas with Docker we had to rebuild the image to
deactivate it or fix something.
> + description: >
> + When set to true, the charm will configure the k8s ingress with modsec
> enabled.
> diff --git a/src/charm.py b/src/charm.py
> index cba136a..628677f 100755
> --- a/src/charm.py
> +++ b/src/charm.py
> @@ -261,6 +261,15 @@ class WordpressCharm(CharmBase):
> ]
> },
> }
> + modsec_annotations = {
> + "nginx.ingress.kubernetes.io/enable-modsecurity": "true",
> + "nginx.ingress.kubernetes.io/enable-owasp-modsecurity-crs":
> "true",
> + "nginx.ingress.kubernetes.io/modsecurity-snippet":
> + ("SecRuleEngine On\n"
> + "Include
> /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf"),
> + }
Done.
> + if self.model.config["use_nginx_ingress_modsec"]:
> +
> resources["kubernetesResources"]["ingressResources"][0]["annotations"].update(modsec_annotations)
>
> if self.model.config["additional_hostnames"]:
> additional_hostnames =
> juju_setting_to_list(self.model.config["additional_hostnames"])
> diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py
> index 7606877..e4af690 100644
> --- a/tests/unit/test_charm.py
> +++ b/tests/unit/test_charm.py
> @@ -133,6 +133,11 @@ class TestWordpressCharm(unittest.TestCase):
> "annotations": {
> "nginx.ingress.kubernetes.io/proxy-body-size":
> "10m",
>
> "nginx.ingress.kubernetes.io/proxy-send-timeout": "300s",
> +
> "nginx.ingress.kubernetes.io/enable-modsecurity": "true",
> +
> "nginx.ingress.kubernetes.io/enable-owasp-modsecurity-crs": "true",
> +
> "nginx.ingress.kubernetes.io/modsecurity-snippet":
> + ("SecRuleEngine On\n"
> + "Include
> /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf"),
Done.
> },
> 'name': ingress_name,
> 'spec': {
> @@ -189,6 +194,11 @@ class TestWordpressCharm(unittest.TestCase):
> "nginx.ingress.kubernetes.io/proxy-body-size":
> "10m",
>
> "nginx.ingress.kubernetes.io/proxy-send-timeout": "300s",
> "nginx.ingress.kubernetes.io/ssl-redirect":
> "false",
> +
> "nginx.ingress.kubernetes.io/enable-modsecurity": "true",
> +
> "nginx.ingress.kubernetes.io/enable-owasp-modsecurity-crs": "true",
> +
> "nginx.ingress.kubernetes.io/modsecurity-snippet":
> + ("SecRuleEngine On\n"
> + "Include
> /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf"),
Done.
> },
> 'name': ingress_name,
> 'spec': {
--
https://code.launchpad.net/~sajoupa/charm-k8s-wordpress/+git/charm-k8s-wordpress/+merge/414465
Your team Wordpress Charmers is subscribed to branch charm-k8s-wordpress:master.
--
Mailing list: https://launchpad.net/~wordpress-charmers
Post to : wordpress-charmers@lists.launchpad.net
Unsubscribe : https://launchpad.net/~wordpress-charmers
More help : https://help.launchpad.net/ListHelp
