Skip to content

Add status to WAF Policy #3612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: feat/nap-waf
Choose a base branch
from
Open

Add status to WAF Policy #3612

wants to merge 3 commits into from

Conversation

salonichf5
Copy link
Contributor

@salonichf5 salonichf5 commented Jul 9, 2025
edited
Loading

Proposed changes

Write a clear and concise description that helps reviewers understand the purpose and impact of your changes. Use the
following format:

Problem: As a user I want apply status to my WAF Policy

Solution: Adds status to WAF Policy for fetch error or policy source errors. It also adds PolicyAffected status for resources affected by the WAFPolicy

Testing: Manual testing

  1. Invalid path fetch error

    Conditions:
      Last Transition Time:  2025-07-09T21:46:43Z
      Message:               Policy is accepted
      Observed Generation:   4
      Reason:                Accepted
      Status:                True
      Type:                  Accepted
      Last Transition Time:  2025-07-09T21:46:43Z
      Message:               Failed to fetch the policy bundle due to: HTTP error for http://waf-policy-server.nginx-gateway/policies/policy-v123.tgz: unexpected status code: 404
      Observed Generation:   4
      Reason:                FetchError
      Status:                False
      Type:                  FetchError
      Last Transition Time:  2025-07-09T21:46:43Z
      Message:               The policy source is invalid or incomplete.
      Observed Generation:   4
      Reason:                SourceInvalid
      Status:                False
      Type:                  SourceInvalid
    Controller Name:         gateway.nginx.org/nginx-gateway-controller
Events:                      <none>
  1. PolicyAffected status
k describe httproutes.gateway.networking.k8s.io admin
Name:         admin
Namespace:    default
Labels:       <none>
Annotations:  <none>
API Version:  gateway.networking.k8s.io/v1
Kind:         HTTPRoute
Metadata:
  Creation Timestamp:  2025-07-09T21:18:48Z
  Generation:          1
  Resource Version:    1752095935752575024
  UID:                 cd62382a-ac03-4191-9345-586b0dae2726
Spec:
  Hostnames:
    cafe.example.com
  Parent Refs:
    Group:         gateway.networking.k8s.io
    Kind:          Gateway
    Name:          secure-gateway
    Section Name:  http
  Rules:
    Backend Refs:
      Group:
      Kind:    Service
      Name:    admin
      Port:    80
      Weight:  1
    Matches:
      Path:
        Type:   PathPrefix
        Value:  /admin
Status:
  Parents:
    Conditions:
      Last Transition Time:  2025-07-09T21:18:55Z
      Message:               The route is accepted
      Observed Generation:   1
      Reason:                Accepted
      Status:                True
      Type:                  Accepted
      Last Transition Time:  2025-07-09T21:18:55Z
      Message:               All references are resolved
      Observed Generation:   1
      Reason:                ResolvedRefs
      Status:                True
      Type:                  ResolvedRefs
      Last Transition Time:  2025-07-09T21:18:55Z
      Message:               WAFPolicy is applied to the resource
      Observed Generation:   1
      Reason:                PolicyAffected
      Status:                True
      Type:                  WAFPolicyAffected
    Controller Name:         gateway.nginx.org/nginx-gateway-controller
    Parent Ref:
  1. Checksum verification failure status

    Conditions:
      Last Transition Time:  2025-07-09T21:24:54Z
      Message:               Policy is accepted
      Observed Generation:   3
      Reason:                Accepted
      Status:                True
      Type:                  Accepted
      Last Transition Time:  2025-07-09T21:24:54Z
      Message:               Failed to fetch the policy bundle due to: checksum validation failed: checksum mismatch: expected d0d21ed071e6755ad61cc6b67fc4f711807eb7a3dd2b2540a6b47cd7a99dd585, got 10aae2167d5f8e01e327a4d41f0f5e5d4d8c08f102fa22c00f86eda91effec65
      Observed Generation:   3
      Reason:                FetchError
      Status:                False
      Type:                  FetchError
      Last Transition Time:  2025-07-09T21:24:54Z
      Message:               The policy source is invalid or incomplete.
      Observed Generation:   3
      Reason:                SourceInvalid
      Status:                False
      Type:                  SourceInvalid
    Controller Name:         gateway.nginx.org/nginx-gateway-controller
Events:                      <none>

Please focus on (optional): If you any specific areas where you would like reviewers to focus their attention or provide
specific feedback, add them here.

Closes #3455

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

Release notes

If this PR introduces a change that affects users and needs to be mentioned in the release notes,
please add a brief note that summarizes the change.

NONE

@github-actions github-actions bot added the enhancement New feature or request label Jul 9, 2025
@salonichf5 salonichf5 marked this pull request as ready for review July 10, 2025 13:38
@salonichf5 salonichf5 requested a review from a team as a code owner July 10, 2025 13:38
ciarams87
ciarams87 reviewed Jul 10, 2025
View reviewed changes
sjberman
sjberman reviewed Jul 10, 2025
View reviewed changes
@salonichf5 salonichf5 force-pushed the feat/waf-status-apply branch from 898d4e3 to d00d1a5 Compare July 10, 2025 20:59
@salonichf5 salonichf5 requested review from sjberman and ciarams87 July 10, 2025 21:00
sjberman
sjberman reviewed Jul 10, 2025
View reviewed changes
@salonichf5 salonichf5 force-pushed the feat/waf-status-apply branch from d00d1a5 to 76454cf Compare July 10, 2025 21:26
@salonichf5 salonichf5 requested a review from sjberman July 10, 2025 21:27
@salonichf5 salonichf5 force-pushed the feat/waf-status-apply branch from 76454cf to 49caf8c Compare July 10, 2025 21:50
sjberman
sjberman reviewed Jul 11, 2025
View reviewed changes
@salonichf5 salonichf5 requested a review from sjberman July 11, 2025 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sjberman sjberman sjberman approved these changes

@ciarams87 ciarams87 Awaiting requested review from ciarams87

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
NGINX Gateway Fabric
Status: 🆕 New
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@salonichf5 @sjberman @ciarams87