Prepare 0.4.2 release

nginxinc · Oct 28, 2021 · ba55d43 · ba55d43
1 parent b862b71
commit ba55d43
Show file tree

Hide file tree

Showing 8 changed files with 207 additions and 243 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,6 @@
 # Changelog
 
-## 0.4.2 (Unreleased)
+## 0.4.2 (October 28, 2021)
 
 BUG FIXES:
 

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -51,7 +51,7 @@ To suggest an enhancement, please create an issue on GitHub with the label `enha
 * Fork the repo, create a branch, implement your changes, add any relevant Molecule tests, submit a PR when your changes are **tested** (using Molecule) and ready for review.
 * Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/.github/pull_request_template.md).
 
-Note: if you’d like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature.
+Note: if you'd like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature.
 
 ## Code Guidelines
 

diff --git a/defaults/main/template.yml b/defaults/main/template.yml
diff --git a/molecule/common/files/http/server_one.conf b/molecule/common/files/http/server_one.conf
diff --git a/molecule/common/files/nginx.conf b/molecule/common/files/nginx.conf
diff --git a/molecule/common/requirements/plus_requirements.yml b/molecule/common/requirements/plus_requirements.yml
@@ -3,4 +3,4 @@ roles:
   - name: nginxinc.nginx
     version: 0.21.3
   - name: nginxinc.nginx_app_protect
-    version: 0.6.2
+    version: 0.7.0
diff --git a/templates/http/app_protect.j2 b/templates/http/app_protect.j2
@@ -2,50 +2,50 @@
 
 {# NGINX HTTP App Protect WAF template -- ngx_http_app_protect_module #}
 {% macro app_protect_waf(app_protect_waf) %}
-{% if app_protect_waf['enable'] is defined and app_protect_waf['enable'] is boolean %}
-app_protect_enable {{ app_protect_waf['enable'] | ternary('on', 'off') }};
-{% endif %}
-{% if app_protect_waf['policy_file'] is defined %}
-app_protect_policy_file {{ app_protect_waf['policy_file'] }};
-{% endif %}
-{% if app_protect_waf['security_log_enable'] is defined and app_protect_waf['security_log_enable'] is boolean %}
-app_protect_security_log_enable {{ app_protect_waf['security_log_enable'] | ternary('on', 'off') }};
-{% endif %}
-{% if app_protect_waf['security_log'] is defined and app_protect_waf['security_log'] is not string %}
-{% for security_log in app_protect_waf['security_log'] if app_protect_waf['security_log'] is not mapping %}
-app_protect_security_log {{ security_log['path'] }} {{ security_log['dest'] }};
-{% else %}
-app_protect_security_log {{ app_protect_waf['security_log']['path'] }} {{ app_protect_waf['security_log']['dest'] }};
-{% endfor %}
-{% endif %}
-{% if app_protect_waf['physical_memory_util_thresholds']['high'] is defined and app_protect_waf['physical_memory_util_thresholds']['low'] is defined %}{# Available only in 'http' context #}
+{% if app_protect_waf['physical_memory_util_thresholds']['high'] is defined and app_protect_waf['physical_memory_util_thresholds']['low'] is defined %}{# 'app_protect_physical_memory_util_thresholds' directive is only available in the 'http' context #}
 app_protect_physical_memory_util_thresholds high={{ app_protect_waf['physical_memory_util_thresholds']['high'] }} low={{ app_protect_waf['physical_memory_util_thresholds']['low'] }};
 {% endif %}
-{% if app_protect_waf['cpu_thresholds']['high'] is defined and app_protect_waf['cpu_thresholds']['low'] is defined %}{# Available only in 'http' context #}
+{% if app_protect_waf['cpu_thresholds']['high'] is defined and app_protect_waf['cpu_thresholds']['low'] is defined %}{# 'app_protect_cpu_thresholds' directive is only available in the 'http' context #}
 app_protect_cpu_thresholds high={{ app_protect_waf['cpu_thresholds']['high'] }} low={{ app_protect_waf['cpu_thresholds']['low'] }};
 {% endif %}
-{% if app_protect_waf['failure_mode_action'] is defined and app_protect_waf['failure_mode_action'] in ['pass', 'drop'] %}{# Available only in 'http' context #}
+{% if app_protect_waf['failure_mode_action'] is defined and app_protect_waf['failure_mode_action'] in ['pass', 'drop'] %}{# 'app_protect_failure_mode_action' directive is only available in the 'http' context #}
 app_protect_failure_mode_action {{ app_protect_waf['failure_mode_action'] }};
 {% endif %}
-{% if app_protect_waf['cookie_seed'] is defined %}{# Available only in 'http' context #}
+{% if app_protect_waf['cookie_seed'] is defined %}{# 'app_protect_cookie_seed' directive is only available in the 'http' context #}
 app_protect_cookie_seed {{ app_protect_waf['cookie_seed'] }};
 {% endif %}
-{% if app_protect_waf['compressed_requests_action'] is defined and app_protect_waf['compressed_requests_action'] in ['pass', 'drop'] %}{# Available only in 'http' context #}
+{% if app_protect_waf['compressed_requests_action'] is defined and app_protect_waf['compressed_requests_action'] in ['pass', 'drop'] %}{# 'app_protect_compressed_requests_action' directive is only available in the 'http' context #}
 app_protect_compressed_requests_action {{ app_protect_waf['compressed_requests_action'] }};
 {% endif %}
-{% if app_protect_waf['reconnect_period_seconds'] is defined and app_protect_waf['reconnect_period_seconds'] is number %}{# Available only in 'http' context #}
+{% if app_protect_waf['reconnect_period_seconds'] is defined and app_protect_waf['reconnect_period_seconds'] is number %}{# 'app_protect_reconnect_period_seconds' directive is only available in the 'http' context #}
 app_protect_reconnect_period_seconds {{ app_protect_waf['reconnect_period_seconds'] }};
 {% endif %}
-{% if app_protect_waf['request_buffer_overflow_action'] is defined and app_protect_waf['request_buffer_overflow_action'] in ['pass', 'drop'] %}{# Available only in 'http' context #}
+{% if app_protect_waf['request_buffer_overflow_action'] is defined and app_protect_waf['request_buffer_overflow_action'] in ['pass', 'drop'] %}{# 'app_protect_request_buffer_overflow_action' directive is only available in the 'http' context #}
 app_protect_request_buffer_overflow_action {{ app_protect_waf['request_buffer_overflow_action'] }};
 {% endif %}
-{% if app_protect_waf['user_defined_signatures'] is defined and app_protect_waf['user_defined_signatures'] is not mapping %}{# Available only in 'http' context #}
+{% if app_protect_waf['user_defined_signatures'] is defined and app_protect_waf['user_defined_signatures'] is not mapping %}{# 'app_protect_user_defined_signatures' directive is only available in the 'http' context #}
 {% for signature in app_protect_waf['user_defined_signatures'] if app_protect_waf['user_defined_signatures'] is not string %}
 app_protect_user_defined_signatures {{ signature }};
 {% else %}
 app_protect_user_defined_signatures {{ app_protect_waf['user_defined_signatures'] }};
 {% endfor %}
 {% endif %}
+{% if app_protect_waf['enable'] is defined and app_protect_waf['enable'] is boolean %}
+app_protect_enable {{ app_protect_waf['enable'] | ternary('on', 'off') }};
+{% endif %}
+{% if app_protect_waf['policy_file'] is defined %}
+app_protect_policy_file {{ app_protect_waf['policy_file'] }};
+{% endif %}
+{% if app_protect_waf['security_log_enable'] is defined and app_protect_waf['security_log_enable'] is boolean %}
+app_protect_security_log_enable {{ app_protect_waf['security_log_enable'] | ternary('on', 'off') }};
+{% endif %}
+{% if app_protect_waf['security_log'] is defined and app_protect_waf['security_log'] is not string %}
+{% for security_log in app_protect_waf['security_log'] if app_protect_waf['security_log'] is not mapping %}
+app_protect_security_log {{ security_log['path'] }} {{ security_log['dest'] }};
+{% else %}
+app_protect_security_log {{ app_protect_waf['security_log']['path'] }} {{ app_protect_waf['security_log']['dest'] }};
+{% endfor %}
+{% endif %}
 
 {% endmacro %}
 
@@ -69,10 +69,10 @@ app_protect_dos_security_log_enable {{ app_protect_dos['security_log_enable'] |
 {% if app_protect_dos['security_log']['path'] is defined and app_protect_dos['security_log']['dest'] is defined %}
 app_protect_dos_security_log {{ app_protect_dos['security_log']['path'] }} {{ app_protect_dos['security_log']['dest'] }};
 {% endif %}
-{% if app_protect_dos['liveness']['enable'] is defined and app_protect_dos['liveness']['enable'] is boolean %}{# Available only in 'http' context #}
+{% if app_protect_dos['liveness']['enable'] is defined and app_protect_dos['liveness']['enable'] is boolean %}{# 'app_protect_dos_liveness' directive is only available in the 'http' context #}
 app_protect_dos_liveness {{ app_protect_dos['liveness']['enable'] | ternary('on', 'off') }}{{ (' uri:' + app_protect_dos['liveness']['uri'] | string) if app_protect_dos['liveness']['uri'] is defined }}{{ (' port:' + app_protect_dos['liveness']['port'] | string) if app_protect_dos['liveness']['port'] is defined }};
 {% endif %}
-{% if app_protect_dos['readiness']['enable'] is defined and app_protect_dos['readiness'] is boolean %}{# Available only in 'http' context #}
+{% if app_protect_dos['readiness']['enable'] is defined and app_protect_dos['readiness'] is boolean %}{# 'app_protect_dos_readiness' directive is only available in the 'http' context #}
 app_protect_dos_readiness {{ app_protect_dos['readiness'] | ternary('on', 'off') }}{{ (' uri:' + app_protect_dos['readiness']['uri'] | string) if app_protect_dos['readiness']['uri'] is defined }}{{ (' port:' + app_protect_dos['readiness']['port'] | string) if app_protect_dos['readiness']['port'] is defined }};
 {% endif %}
 

diff --git a/templates/http/auth.j2 b/templates/http/auth.j2
@@ -47,14 +47,14 @@ auth_request_set {{ auth_request['set']['variable'] }} {{ auth_request['set']['v
 {% if auth_jwt['enable'] is defined %}
 auth_jwt {{ 'off' if not auth_jwt['enable'] }}{{ auth_jwt['enable']['realm'] if auth_jwt['enable']['realm'] is defined }}{{ (' token=' + auth_jwt['enable']['token'] | string) if auth_jwt['enable']['token'] is defined }};
 {% endif %}
-{% if auth_jwt['claim_set'] is defined %}{# 'claim_set' is only available in the 'http' context #}
+{% if auth_jwt['claim_set'] is defined %}{# 'claim_set' directive is only available in the 'http' context #}
 {% for claim in auth_jwt['claim_set'] if auth_jwt['claim_set'] is not mapping %}
 auth_jwt_claim_set {{ claim['variable'] }} {{ (claim['name'] if claim['name'] is string else claim['name'] | join(' ')) }};
 {% else %}
 auth_jwt_claim_set {{ auth_jwt['claim_set']['variable'] }} {{ (auth_jwt['claim_set']['name'] if auth_jwt['claim_set']['name'] is string else auth_jwt['claim_set']['name'] | join(' ')) }};
 {% endfor %}
 {% endif %}
-{% if auth_jwt['header_set'] is defined %}{# 'header_set' is only available in the 'http' context #}
+{% if auth_jwt['header_set'] is defined %}{# 'header_set' directive is only available in the 'http' context #}
 {% for claim in auth_jwt['header_set'] if auth_jwt['header_set'] is not mapping %}
 auth_jwt_header_set {{ claim['variable'] }} {{ (claim['name'] if claim['name'] is string else claim['name'] | join(' ')) }};
 {% else %}