Skip to content

[Bug]: ApPolicy CRD missing violations #7721

New issue
New issue
Open
#7723
Open
[Bug]: ApPolicy CRD missing violations#7721
#7723
Labels
backlogPull requests/issues that are backlog itemsbugAn issue reporting a potential bug
@aknot242

Description

@aknot242
aknot242
opened on Apr 29, 2025

Version

edge

What Kubernetes platforms are you running on?

Other

Steps to reproduce

  1. Create the following ApPolicy, and apply it to the cluster using kubectl
apiVersion: appprotect.f5.com/v1beta1
kind: APPolicy
metadata:
  name: blizzard-bot-exception-policy
spec:
  policy:
    name: blizzard-bot-exception-policy
    applicationLanguage: utf-8
    enforcementMode: blocking
    template:
      name: POLICY_TEMPLATE_NGINX_BASE
    blocking-settings:
      violations:
        - name: VIOL_BOT_CLIENT
          alarm: true
          block: true
        - name: VIOL_DATA_GUARD
          alarm: true
          block: false
  1. Note the following error in the NIC pod log:
2025-04-28 20:37:12.515036: Error: UPGRADE FAILED: failed to create resource: APPolicy.appprotect.f5.com "blizzard-bot-exception-policy" is invalid: spec.policy.blocking-settings.violations[0].name: Unsupported value: "VIOL_BOT_CLIENT": supported values: "VIOL_ACCESS_INVALID", "VIOL_ACCESS_MALFORMED", "VIOL_ACCESS_MISSING", "VIOL_ACCESS_UNAUTHORIZED", "VIOL_ASM_COOKIE_HIJACKING", "VIOL_ASM_COOKIE_MODIFIED", "VIOL_BLACKLISTED_IP", "VIOL_COOKIE_EXPIRED", "VIOL_COOKIE_LENGTH", "VIOL_COOKIE_MALFORMED", "VIOL_COOKIE_MODIFIED", "VIOL_CSRF", "VIOL_DATA_GUARD", "VIOL_ENCODING", "VIOL_EVASION", "VIOL_FILE_UPLOAD", "VIOL_FILE_UPLOAD_IN_BODY", "VIOL_FILETYPE", "VIOL_GRAPHQL_ERROR_RESPONSE", "VIOL_GRAPHQL_FORMAT", "VIOL_GRAPHQL_INTROSPECTION_QUERY", "VIOL_GRAPHQL_MALFORMED", "VIOL_GRPC_FORMAT", "VIOL_GRPC_MALFORMED", "VIOL_GRPC_METHOD", "VIOL_HEADER_LENGTH", "VIOL_HEADER_METACHAR", "VIOL_HEADER_REPEATED", "VIOL_HTTP_PROTOCOL", "VIOL_HTTP_RESPONSE_STATUS", "VIOL_JSON_FORMAT", "VIOL_JSON_MALFORMED", "VIOL_JSON_SCHEMA", "VIOL_MANDATORY_HEADER", "VIOL_MANDATORY_PARAMETER", "VIOL_MANDATORY_REQUEST_BODY", "VIOL_METHOD", "VIOL_PARAMETER", "VIOL_PARAMETER_ARRAY_VALUE", "VIOL_PARAMETER_DATA_TYPE", "VIOL_PARAMETER_EMPTY_VALUE", "VIOL_PARAMETER_LOCATION", "VIOL_PARAMETER_MULTIPART_NULL_VALUE", "VIOL_PARAMETER_NAME_METACHAR", "VIOL_PARAMETER_NUMERIC_VALUE", "VIOL_PARAMETER_REPEATED", "VIOL_PARAMETER_STATIC_VALUE", "VIOL_PARAMETER_VALUE_BASE64", "VIOL_PARAMETER_VALUE_LENGTH", "VIOL_PARAMETER_VALUE_METACHAR", "VIOL_PARAMETER_VALUE_REGEXP", "VIOL_POST_DATA_LENGTH", "VIOL_QUERY_STRING_LENGTH", "VIOL_RATING_NEED_EXAMINATION", "VIOL_RATING_THREAT", "VIOL_REQUEST_LENGTH", "VIOL_REQUEST_MAX_LENGTH", "VIOL_THREAT_CAMPAIGN", "VIOL_URL", "VIOL_URL_CONTENT_TYPE", "VIOL_URL_LENGTH", "VIOL_URL_METACHAR", "VIOL_XML_FORMAT", "VIOL_XML_MALFORMED"
2025-04-28 20:37:12.524045: [33;1mWARNING: Command failed. Retrying in 5 seconds.[0m

Metadata

Metadata

Assignees

No one assigned

    Labels

    backlogPull requests/issues that are backlog itemsbugAn issue reporting a potential bug

    Type

    No type

    Projects

    NGINX Ingress Controller

    Status

    Prioritized backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions