diff --git a/.gitignore b/.gitignore index 8c72b05a9f..1bfe11490b 100644 --- a/.gitignore +++ b/.gitignore @@ -33,6 +33,7 @@ dist/ # NGINX Plus license files *.crt *.key +*.jwt # RHEL license rhel_license diff --git a/config/crd/bases/appprotect.f5.com_appolicies.yaml b/config/crd/bases/appprotect.f5.com_appolicies.yaml index 4929c96247..82b28afa4e 100644 --- a/config/crd/bases/appprotect.f5.com_appolicies.yaml +++ b/config/crd/bases/appprotect.f5.com_appolicies.yaml @@ -195,6 +195,7 @@ spec: - VIOL_FILE_UPLOAD - VIOL_FILE_UPLOAD_IN_BODY - VIOL_FILETYPE + - VIOL_GEOLOCATION - VIOL_GRAPHQL_ERROR_RESPONSE - VIOL_GRAPHQL_FORMAT - VIOL_GRAPHQL_INTROSPECTION_QUERY @@ -552,6 +553,529 @@ spec: type: object description: type: string + disallowed-geolocations: + items: + properties: + $action: + enum: + - delete + type: string + countryCode: + enum: + - AF + - AX + - AL + - DZ + - AS + - AD + - AO + - AI + - A1 + - AQ + - AG + - AR + - AM + - AW + - AU + - AT + - AZ + - BS + - BH + - BD + - BB + - BY + - BE + - BZ + - BJ + - BM + - BT + - BO + - BA + - BW + - BV + - BR + - IO + - BN + - BG + - BF + - BI + - KH + - CM + - CA + - CV + - KY + - CF + - TD + - CL + - CN + - CX + - CC + - CO + - KM + - CG + - CD + - CK + - CR + - CI + - HR + - CU + - CY + - CZ + - DK + - DJ + - DM + - DO + - EC + - EG + - SV + - GQ + - ER + - EE + - ET + - FK + - FO + - FJ + - FI + - FR + - FX + - GF + - PF + - TF + - GA + - GM + - GE + - DE + - GH + - GI + - GR + - GL + - GD + - GP + - GU + - GT + - GG + - GN + - GW + - GY + - HT + - HM + - VA + - HN + - HK + - HU + - IS + - IN + - ID + - IR + - IQ + - IE + - IM + - IL + - IT + - JM + - JP + - JE + - JO + - KZ + - KE + - KI + - KP + - KR + - KW + - KG + - LA + - LV + - LB + - LS + - LR + - LY + - LI + - LT + - LU + - MO + - MK + - MG + - MW + - MY + - MV + - ML + - MT + - MH + - MQ + - MR + - MU + - YT + - MX + - FM + - MD + - MC + - MN + - ME + - MS + - MA + - MZ + - MM + - ZZ + - NA + - NR + - NP + - NL + - AN + - NC + - NZ + - NI + - NE + - NG + - NU + - NF + - MP + - NO + - OM + - ZZ + - PK + - PW + - PS + - PA + - PG + - PY + - PE + - PH + - PN + - PL + - PT + - PR + - QA + - RE + - RO + - RU + - RW + - BL + - SH + - KN + - LC + - MF + - PM + - VC + - WS + - SM + - ST + - A2 + - SA + - SN + - RS + - SC + - SL + - SG + - SK + - SI + - SB + - SO + - ZA + - GS + - ES + - LK + - SD + - SR + - SJ + - SZ + - SE + - CH + - SY + - TW + - TJ + - TZ + - TH + - TL + - TG + - TK + - TO + - TT + - TN + - TR + - TM + - TC + - TV + - UG + - UA + - AE + - GB + - US + - UM + - UY + - UZ + - VU + - VE + - VN + - VG + - VI + - WF + - EH + - YE + - ZM + - ZW + type: string + countryName: + enum: + - Afghanistan + - Aland Islands + - Albania + - Algeria + - American Samoa + - Andorra + - Angola + - Anguilla + - Anonymous Proxy + - Antarctica + - Antigua and Barbuda + - Argentina + - Armenia + - Aruba + - Australia + - Austria + - Azerbaijan + - Bahamas + - Bahrain + - Bangladesh + - Barbados + - Belarus + - Belgium + - Belize + - Benin + - Bermuda + - Bhutan + - Bolivia + - Bosnia and Herzegovina + - Botswana + - Bouvet Island + - Brazil + - British Indian Ocean Territory + - Brunei Darussalam + - Bulgaria + - Burkina Faso + - Burundi + - Cambodia + - Cameroon + - Canada + - Cape Verde + - Cayman Islands + - Central African Republic + - Chad + - Chile + - China + - Christmas Island + - Cocos (Keeling) Islands + - Colombia + - Comoros + - Congo + - Congo, The Democratic Republic of the + - Cook Islands + - Costa Rica + - Cote D'Ivoire + - Croatia + - Cuba + - Cyprus + - Czech Republic + - Denmark + - Djibouti + - Dominica + - Dominican Republic + - Ecuador + - Egypt + - El Salvador + - Equatorial Guinea + - Eritrea + - Estonia + - Ethiopia + - Falkland Islands (Malvinas) + - Faroe Islands + - Fiji + - Finland + - France + - France, Metropolitan + - French Guiana + - French Polynesia + - French Southern Territories + - Gabon + - Gambia + - Georgia + - Germany + - Ghana + - Gibraltar + - Greece + - Greenland + - Grenada + - Guadeloupe + - Guam + - Guatemala + - Guernsey + - Guinea + - Guinea-Bissau + - Guyana + - Haiti + - Heard Island and McDonald Islands + - Holy See (Vatican City State) + - Honduras + - Hong Kong + - Hungary + - Iceland + - India + - Indonesia + - Iran, Islamic Republic of + - Iraq + - Ireland + - Isle of Man + - Israel + - Italy + - Jamaica + - Japan + - Jersey + - Jordan + - Kazakhstan + - Kenya + - Kiribati + - Korea, Democratic People's Republic of + - Korea, Republic of + - Kuwait + - Kyrgyzstan + - Lao People's Democratic Republic + - Latvia + - Lebanon + - Lesotho + - Liberia + - Libyan Arab Jamahiriya + - Liechtenstein + - Lithuania + - Luxembourg + - Macau + - Macedonia + - Madagascar + - Malawi + - Malaysia + - Maldives + - Mali + - Malta + - Marshall Islands + - Martinique + - Mauritania + - Mauritius + - Mayotte + - Mexico + - Micronesia, Federated States of + - Moldova, Republic of + - Monaco + - Mongolia + - Montenegro + - Montserrat + - Morocco + - Mozambique + - Myanmar + - N/A + - Namibia + - Nauru + - Nepal + - Netherlands + - Netherlands Antilles + - New Caledonia + - New Zealand + - Nicaragua + - Niger + - Nigeria + - Niue + - Norfolk Island + - Northern Mariana Islands + - Norway + - Oman + - Other + - Pakistan + - Palau + - Palestinian Territory + - Panama + - Papua New Guinea + - Paraguay + - Peru + - Philippines + - Pitcairn Islands + - Poland + - Portugal + - Puerto Rico + - Qatar + - Reunion + - Romania + - Russian Federation + - Rwanda + - Saint Barthelemy + - Saint Helena + - Saint Kitts and Nevis + - Saint Lucia + - Saint Martin + - Saint Pierre and Miquelon + - Saint Vincent and the Grenadines + - Samoa + - San Marino + - Sao Tome and Principe + - Satellite Provider + - Saudi Arabia + - Senegal + - Serbia + - Seychelles + - Sierra Leone + - Singapore + - Slovakia + - Slovenia + - Solomon Islands + - Somalia + - South Africa + - South Georgia and the South Sandwich Islands + - Spain + - Sri Lanka + - Sudan + - Suriname + - Svalbard and Jan Mayen + - Swaziland + - Sweden + - Switzerland + - Syrian Arab Republic + - Taiwan + - Tajikistan + - Tanzania, United Republic of + - Thailand + - Timor-Leste + - Togo + - Tokelau + - Tonga + - Trinidad and Tobago + - Tunisia + - Turkey + - Turkmenistan + - Turks and Caicos Islands + - Tuvalu + - Uganda + - Ukraine + - United Arab Emirates + - United Kingdom + - United States + - United States Minor Outlying Islands + - Uruguay + - Uzbekistan + - Vanuatu + - Venezuela + - Vietnam + - Virgin Islands, British + - Virgin Islands, U.S. + - Wallis and Futuna + - Western Sahara + - Yemen + - Zambia + - Zimbabwe + type: string + type: object + type: array + disallowedGeolocationReference: + properties: + link: + pattern: ^http + type: string + type: object enablePassiveMode: type: boolean enforcementMode: diff --git a/deploy/crds-nap-waf.yaml b/deploy/crds-nap-waf.yaml index 2548a69ce4..32f09b7de2 100644 --- a/deploy/crds-nap-waf.yaml +++ b/deploy/crds-nap-waf.yaml @@ -279,6 +279,7 @@ spec: - VIOL_FILE_UPLOAD - VIOL_FILE_UPLOAD_IN_BODY - VIOL_FILETYPE + - VIOL_GEOLOCATION - VIOL_GRAPHQL_ERROR_RESPONSE - VIOL_GRAPHQL_FORMAT - VIOL_GRAPHQL_INTROSPECTION_QUERY @@ -636,6 +637,529 @@ spec: type: object description: type: string + disallowed-geolocations: + items: + properties: + $action: + enum: + - delete + type: string + countryCode: + enum: + - AF + - AX + - AL + - DZ + - AS + - AD + - AO + - AI + - A1 + - AQ + - AG + - AR + - AM + - AW + - AU + - AT + - AZ + - BS + - BH + - BD + - BB + - BY + - BE + - BZ + - BJ + - BM + - BT + - BO + - BA + - BW + - BV + - BR + - IO + - BN + - BG + - BF + - BI + - KH + - CM + - CA + - CV + - KY + - CF + - TD + - CL + - CN + - CX + - CC + - CO + - KM + - CG + - CD + - CK + - CR + - CI + - HR + - CU + - CY + - CZ + - DK + - DJ + - DM + - DO + - EC + - EG + - SV + - GQ + - ER + - EE + - ET + - FK + - FO + - FJ + - FI + - FR + - FX + - GF + - PF + - TF + - GA + - GM + - GE + - DE + - GH + - GI + - GR + - GL + - GD + - GP + - GU + - GT + - GG + - GN + - GW + - GY + - HT + - HM + - VA + - HN + - HK + - HU + - IS + - IN + - ID + - IR + - IQ + - IE + - IM + - IL + - IT + - JM + - JP + - JE + - JO + - KZ + - KE + - KI + - KP + - KR + - KW + - KG + - LA + - LV + - LB + - LS + - LR + - LY + - LI + - LT + - LU + - MO + - MK + - MG + - MW + - MY + - MV + - ML + - MT + - MH + - MQ + - MR + - MU + - YT + - MX + - FM + - MD + - MC + - MN + - ME + - MS + - MA + - MZ + - MM + - ZZ + - NA + - NR + - NP + - NL + - AN + - NC + - NZ + - NI + - NE + - NG + - NU + - NF + - MP + - "NO" + - OM + - ZZ + - PK + - PW + - PS + - PA + - PG + - PY + - PE + - PH + - PN + - PL + - PT + - PR + - QA + - RE + - RO + - RU + - RW + - BL + - SH + - KN + - LC + - MF + - PM + - VC + - WS + - SM + - ST + - A2 + - SA + - SN + - RS + - SC + - SL + - SG + - SK + - SI + - SB + - SO + - ZA + - GS + - ES + - LK + - SD + - SR + - SJ + - SZ + - SE + - CH + - SY + - TW + - TJ + - TZ + - TH + - TL + - TG + - TK + - TO + - TT + - TN + - TR + - TM + - TC + - TV + - UG + - UA + - AE + - GB + - US + - UM + - UY + - UZ + - VU + - VE + - VN + - VG + - VI + - WF + - EH + - YE + - ZM + - ZW + type: string + countryName: + enum: + - Afghanistan + - Aland Islands + - Albania + - Algeria + - American Samoa + - Andorra + - Angola + - Anguilla + - Anonymous Proxy + - Antarctica + - Antigua and Barbuda + - Argentina + - Armenia + - Aruba + - Australia + - Austria + - Azerbaijan + - Bahamas + - Bahrain + - Bangladesh + - Barbados + - Belarus + - Belgium + - Belize + - Benin + - Bermuda + - Bhutan + - Bolivia + - Bosnia and Herzegovina + - Botswana + - Bouvet Island + - Brazil + - British Indian Ocean Territory + - Brunei Darussalam + - Bulgaria + - Burkina Faso + - Burundi + - Cambodia + - Cameroon + - Canada + - Cape Verde + - Cayman Islands + - Central African Republic + - Chad + - Chile + - China + - Christmas Island + - Cocos (Keeling) Islands + - Colombia + - Comoros + - Congo + - Congo, The Democratic Republic of the + - Cook Islands + - Costa Rica + - Cote D'Ivoire + - Croatia + - Cuba + - Cyprus + - Czech Republic + - Denmark + - Djibouti + - Dominica + - Dominican Republic + - Ecuador + - Egypt + - El Salvador + - Equatorial Guinea + - Eritrea + - Estonia + - Ethiopia + - Falkland Islands (Malvinas) + - Faroe Islands + - Fiji + - Finland + - France + - France, Metropolitan + - French Guiana + - French Polynesia + - French Southern Territories + - Gabon + - Gambia + - Georgia + - Germany + - Ghana + - Gibraltar + - Greece + - Greenland + - Grenada + - Guadeloupe + - Guam + - Guatemala + - Guernsey + - Guinea + - Guinea-Bissau + - Guyana + - Haiti + - Heard Island and McDonald Islands + - Holy See (Vatican City State) + - Honduras + - Hong Kong + - Hungary + - Iceland + - India + - Indonesia + - Iran, Islamic Republic of + - Iraq + - Ireland + - Isle of Man + - Israel + - Italy + - Jamaica + - Japan + - Jersey + - Jordan + - Kazakhstan + - Kenya + - Kiribati + - Korea, Democratic People's Republic of + - Korea, Republic of + - Kuwait + - Kyrgyzstan + - Lao People's Democratic Republic + - Latvia + - Lebanon + - Lesotho + - Liberia + - Libyan Arab Jamahiriya + - Liechtenstein + - Lithuania + - Luxembourg + - Macau + - Macedonia + - Madagascar + - Malawi + - Malaysia + - Maldives + - Mali + - Malta + - Marshall Islands + - Martinique + - Mauritania + - Mauritius + - Mayotte + - Mexico + - Micronesia, Federated States of + - Moldova, Republic of + - Monaco + - Mongolia + - Montenegro + - Montserrat + - Morocco + - Mozambique + - Myanmar + - N/A + - Namibia + - Nauru + - Nepal + - Netherlands + - Netherlands Antilles + - New Caledonia + - New Zealand + - Nicaragua + - Niger + - Nigeria + - Niue + - Norfolk Island + - Northern Mariana Islands + - Norway + - Oman + - Other + - Pakistan + - Palau + - Palestinian Territory + - Panama + - Papua New Guinea + - Paraguay + - Peru + - Philippines + - Pitcairn Islands + - Poland + - Portugal + - Puerto Rico + - Qatar + - Reunion + - Romania + - Russian Federation + - Rwanda + - Saint Barthelemy + - Saint Helena + - Saint Kitts and Nevis + - Saint Lucia + - Saint Martin + - Saint Pierre and Miquelon + - Saint Vincent and the Grenadines + - Samoa + - San Marino + - Sao Tome and Principe + - Satellite Provider + - Saudi Arabia + - Senegal + - Serbia + - Seychelles + - Sierra Leone + - Singapore + - Slovakia + - Slovenia + - Solomon Islands + - Somalia + - South Africa + - South Georgia and the South Sandwich Islands + - Spain + - Sri Lanka + - Sudan + - Suriname + - Svalbard and Jan Mayen + - Swaziland + - Sweden + - Switzerland + - Syrian Arab Republic + - Taiwan + - Tajikistan + - Tanzania, United Republic of + - Thailand + - Timor-Leste + - Togo + - Tokelau + - Tonga + - Trinidad and Tobago + - Tunisia + - Turkey + - Turkmenistan + - Turks and Caicos Islands + - Tuvalu + - Uganda + - Ukraine + - United Arab Emirates + - United Kingdom + - United States + - United States Minor Outlying Islands + - Uruguay + - Uzbekistan + - Vanuatu + - Venezuela + - Vietnam + - Virgin Islands, British + - Virgin Islands, U.S. + - Wallis and Futuna + - Western Sahara + - Yemen + - Zambia + - Zimbabwe + type: string + type: object + type: array + disallowedGeolocationReference: + properties: + link: + pattern: ^http + type: string + type: object enablePassiveMode: type: boolean enforcementMode: diff --git a/pkg/apis/configuration/validation/appprotect.go b/pkg/apis/configuration/validation/appprotect.go index e908ccc15d..eb42693e3d 100644 --- a/pkg/apis/configuration/validation/appprotect.go +++ b/pkg/apis/configuration/validation/appprotect.go @@ -31,6 +31,7 @@ var appProtectPolicyExtRefs = [][]string{ {"spec", "policy", "headerReference"}, {"spec", "policy", "cookieReference"}, {"spec", "policy", "dataGuardReference"}, + {"spec", "policy", "disallowedGeolocationReference"}, {"spec", "policy", "filetypeReference"}, {"spec", "policy", "methodReference"}, {"spec", "policy", "generalReference"},