Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Traffic Policy module docs #561

Merged
merged 67 commits into from
Feb 16, 2024
Merged

WIP: Traffic Policy module docs #561

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
b84142f
automated generation of docs from buildkite
Jan 31, 2024
cb56c04
starting to piece together some documentation scaffolding for http en…
rkolavo Jan 17, 2024
ebcf8b3
more examples, copypasta to tcp/tls
rkolavo Jan 17, 2024
614e4b8
prettier
rkolavo Jan 17, 2024
7c538e3
rename to traffic policy
rkolavo Jan 19, 2024
43819bd
more examples + rewording
rkolavo Jan 22, 2024
6711872
sidebar for api changes
rkolavo Jan 22, 2024
f051f28
prettier
rkolavo Jan 22, 2024
1b81a2b
Add log details
rkolavo Jan 22, 2024
56e6a84
feat: add expressions header and move macro examples out of the table
nijikokun Jan 22, 2024
a2a1e69
fix: prettier
nijikokun Jan 22, 2024
c57ad26
feat: clean up expressions docs for TLS/TCP/HTTP
nijikokun Jan 22, 2024
eb2752a
remove rate-limiting from tcp/tls
rkolavo Jan 22, 2024
2711657
prettier
rkolavo Jan 22, 2024
b1158b3
incorporate url-rewrite doc, cleanup/rename
rkolavo Jan 30, 2024
84c54b9
prettier
rkolavo Jan 31, 2024
4a2d565
fix sidebar for renamed pages
rkolavo Jan 31, 2024
1d4315e
more renames
rkolavo Jan 31, 2024
abcebef
formatting and adding rate limit details
rkolavo Jan 31, 2024
e4f12a7
rate limiting docs
natasha-jarus Jan 31, 2024
bd3f1f5
--policy-config is --policy-file
rkolavo Feb 1, 2024
cb4cc25
feat: add action config examples
nijikokun Feb 2, 2024
d04d36a
go sdk examples
rkolavo Feb 2, 2024
984c62d
tabify
rkolavo Feb 2, 2024
291bc3a
add python examples, prettierrrrr
rkolavo Feb 2, 2024
709ea6d
Add policy action doc (#582)
wdawson Feb 6, 2024
116e290
feat(traffic-policy): use configexample for expressions
nijikokun Feb 6, 2024
95c62e6
docs(jwt): add JWKS definition
nijikokun Feb 6, 2024
22c31dc
docs(jwt): teh -> the
nijikokun Feb 6, 2024
ebc138f
docs(traffic-policy): use configexample for expressions
nijikokun Feb 6, 2024
5200655
update macros examples
benjaminchan Feb 6, 2024
b7e4d59
update go-sdk examples, add javascript and k8s examples
rkolavo Feb 7, 2024
84da0ca
more k8s examples
rkolavo Feb 7, 2024
2578b1b
feat: adding jwt action guide for auth0
russorat Feb 9, 2024
525be48
fix: example typo
russorat Feb 9, 2024
8560c28
fix: addressing pr comments
russorat Feb 9, 2024
c883879
fix: addressing more pr comments
russorat Feb 9, 2024
43745b7
fix: use yaml for json
nijikokun Feb 13, 2024
dfa8fd1
feat: add rule gallery for http, various fixes
nijikokun Feb 13, 2024
7c5c412
custom-response: update configuration (#598)
TheConcierge Feb 14, 2024
d9200a6
chore: update docs for rate-limit action
nijikokun Feb 14, 2024
b762005
fix: check against nil
nijikokun Feb 15, 2024
c312334
fix: check len
nijikokun Feb 15, 2024
b9937cb
fix: use size
nijikokun Feb 15, 2024
d02a49b
fix: not in
nijikokun Feb 15, 2024
1733c7a
add documentation for cidr macros (#599)
benjaminchan Feb 16, 2024
8e8e69b
docs(agent): changelog for 3.6.0 (#581)
nijikokun Feb 7, 2024
214fecc
Adding 3.6 to version support policy
salilsub Feb 7, 2024
9691a2a
Fixing reversion on the docs
salilsub Feb 8, 2024
e8aca35
Create limits guide
samcrichard Feb 6, 2024
adbfa94
Update limits
samcrichard Feb 6, 2024
500b903
fix: clean up and adding to guide index
russorat Feb 8, 2024
b1f4d0a
fix: broken link
russorat Feb 8, 2024
68c6c2a
Update limits.md
samcrichard Feb 8, 2024
7680b9b
runs fmt
cody-dot-js Feb 8, 2024
b6da1b3
Adding links to the setup and installation pages in the dashboard
salilsub Feb 5, 2024
8f295f3
Add integration how-to guide: Ingress to apps deployed on Azure Kuber…
joelhans Feb 9, 2024
620472a
Update limits.md
samcrichard Feb 9, 2024
38a93dd
feat: initial traffic inspector docs
russorat Feb 9, 2024
ff99574
Fixing broken link
salilsub Feb 12, 2024
d0cb906
Remove JWT Validation Module entirely because docs pipeliene doesn't.…
wdawson Feb 13, 2024
b287444
feat: adding orb to webhook verification
russorat Feb 15, 2024
60aa101
feat: initial whats new
russorat Feb 3, 2024
7158ff3
feat: adding whats new page
russorat Feb 10, 2024
1983e49
fix: adding more stuff
russorat Feb 15, 2024
1b745cd
fix: fmt
russorat Feb 15, 2024
2ac863c
Merge branch 'main' into rk/policy-module-docs
nijikokun Feb 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
add documentation for cidr macros (#599) 
add docs and examples for cidr macros
  • Loading branch information
@benjaminchan
benjaminchan authored Feb 16, 2024
commit 1733c7a308cd05ff1b675716ce2babbdc55ba250
48 changes: 36 additions & 12 deletions docs/http/traffic-policy/expressions.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -357,18 +357,20 @@ The trailers of the response wherein a string key maps to a list of string value
CEL provides a set of [predefined macros](https://github.com/google/cel-spec/blob/master/doc/langdef.md#macros) that can
also be used in policy expressions. For convenience, the following custom macros are also supported:

| Name | Return Type | Description |
| ----------------------------------------------- | ----------- | ----------------------------------------------------------------------------------------------------------------------------- |
| [`hasReqHeader(string)`](#hasreqheaderstring) | bool | Returns true or false if the provided header key is present on the request. Header keys must be written in canonical format. |
| [`getReqHeader(string)`](#getreqheaderstring) | list | Returns a list of header values for the provided key on the request. Header keys must be written in canonical format. |
| [`hasQueryParam(string)`](#hasqueryparamstring) | bool | Returns true or false if the specified query parameter key is part of the request URL. |
| [`getQueryParam(string)`](#getqueryparamstring) | list | Returns a list of the query parameter values from the request URL for the specified key. |
| [`hasReqCookie(string)`](#hasreqcookiestring) | bool | Returns true or false if a cookie exists on the request with the specified name. |
| [`getReqCookie(string)`](#getreqcookiestring) | bool | Returns the cookie struct for the specified cookie name, if it exists on the request. |
| [`hasResHeader(string)`](#hasresheaderstring) | bool | Returns true or false if the provided header key is present on the response. Header keys must be written in canonical format. |
| [`getResHeader(string)`](#getresheaderstring) | list | Returns a list of header values for the provided key on the response. Header keys must be written in canonical format. |
| [`hasResCookie(string)`](#hasrescookiestring) | bool | Returns true or false if a cookie exists on the response with the specified name. |
| [`getResCookie(string)`](#getrescookiestring) | bool | Returns the cookie struct for the specified cookie name, if it exists on the response. |
| Name | Return Type | Description |
| -------------------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| [`hasReqHeader(string)`](#hasreqheaderstring) | bool | Returns true or false if the provided header key is present on the request. Header keys must be written in canonical format. |
| [`getReqHeader(string)`](#getreqheaderstring) | list | Returns a list of header values for the provided key on the request. Header keys must be written in canonical format. |
| [`hasQueryParam(string)`](#hasqueryparamstring) | bool | Returns true or false if the specified query parameter key is part of the request URL. |
| [`getQueryParam(string)`](#getqueryparamstring) | list | Returns a list of the query parameter values from the request URL for the specified key. |
| [`hasReqCookie(string)`](#hasreqcookiestring) | bool | Returns true or false if a cookie exists on the request with the specified name. |
| [`getReqCookie(string)`](#getreqcookiestring) | bool | Returns the cookie struct for the specified cookie name, if it exists on the request. |
| [`hasResHeader(string)`](#hasresheaderstring) | bool | Returns true or false if the provided header key is present on the response. Header keys must be written in canonical format. |
| [`getResHeader(string)`](#getresheaderstring) | list | Returns a list of header values for the provided key on the response. Header keys must be written in canonical format. |
| [`hasResCookie(string)`](#hasrescookiestring) | bool | Returns true or false if a cookie exists on the response with the specified name. |
| [`getResCookie(string)`](#getrescookiestring) | bool | Returns the cookie struct for the specified cookie name, if it exists on the response. |
| [`inCidrRange(ip string, cidr string)`](#incidrrangeip-string-cidr-string) | bool | Returns true or false if the provided IP address falls within the provided CIDR range. Returns false if the provided CIDR range is invalid. |
| [`inCidrRanges(ip string, cidrs list)`](#incidrrangesip-string-cidrs-list) | bool | Returns true or false if the provided IP address falls within any of the provided CIDR ranges. Ignores any provided CIDR ranges that are invalid. |

### `hasReqHeader(string)`

Expand Down Expand Up @@ -473,3 +475,25 @@ Returns the cookie struct for the specified cookie name, if it exists on the res
expressions: ["getResCookie('_device_id').Value == 'mobile-phone-14'"],
}}
/>

### `inCidrRange(ip string, cidr string)`

Returns true or false if the provided IP address falls within the provided CIDR range. Returns false if the provided CIDR range is invalid.

<ConfigExample
config={{
expressions: ["inCidrRange(conn.ClientIP, '66.249.66.1/24')"],
}}
/>

### `inCidrRanges(ip string, cidrs list)`

Returns true or false if the provided IP address falls within any of the provided CIDR ranges. Ignores any provided CIDR ranges that are invalid.

<ConfigExample
config={{
expressions: [
"inCidrRanges(conn.ClientIP, ['66.249.66.1/24', '2001:4860::/32'])",
],
}}
/>
36 changes: 35 additions & 1 deletion docs/tcp/traffic-policy/expressions.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import ConfigExample from "/src/components/ConfigExample.tsx";
# Expressions

Traffic Policy module enables you to filter inbound and outbound traffic with [Common Expression Language (CEL)](https://github.com/google/cel-spec) expressions. Each policy rule expression must evaluate to true in order for
the rule's actions to take effect against traffic. In addition to CEL's [built-in functions and macros](https://github.com/google/cel-spec/blob/master/doc/langdef.md#macros) we provide additional variables for the [connection](#connection-variables).
the rule's actions to take effect against traffic. In addition to CEL's [built-in functions and macros](https://github.com/google/cel-spec/blob/master/doc/langdef.md#macros) we provide additional variables for the [connection](#connection-variables) along with [custom macros](#macros).

## Connection Variables

Expand Down Expand Up @@ -66,3 +66,37 @@ The approximate longitude based on the client IP.
expressions: ["double(conn.Geo.Longitude) <= -93.0"],
}}
/>

---

## Macros

CEL provides a set of [predefined macros](https://github.com/google/cel-spec/blob/master/doc/langdef.md#macros) that can
also be used in policy expressions. For convenience, the following custom macros are also supported:

| Name | Return Type | Description |
| -------------------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| [`inCidrRange(ip string, cidr string)`](#incidrrangeip-string-cidr-string) | bool | Returns true or false if the provided IP address falls within the provided CIDR range. Returns false if the provided CIDR range is invalid. |
| [`inCidrRanges(ip string, cidrs list)`](#incidrrangesip-string-cidrs-list) | bool | Returns true or false if the provided IP address falls within any of the provided CIDR ranges. Ignores any provided CIDR ranges that are invalid. |

### `inCidrRange(ip string, cidr string)`

Returns true or false if the provided IP address falls within the provided CIDR range. Returns false if the provided CIDR range is invalid.

<ConfigExample
config={{
expressions: ["inCidrRange(conn.ClientIP, '66.249.66.1/24')"],
}}
/>

### `inCidrRanges(ip string, cidrs list)`

Returns true or false if the provided IP address falls within any of the provided CIDR ranges. Ignores any provided CIDR ranges that are invalid.

<ConfigExample
config={{
expressions: [
"inCidrRanges(conn.ClientIP, ['66.249.66.1/24', '2001:4860::/32'])",
],
}}
/>
36 changes: 35 additions & 1 deletion docs/tls/traffic-policy/expressions.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import ConfigExample from "/src/components/ConfigExample.tsx";
# Expressions

Traffic Policy module enables you to filter inbound and outbound traffic with [Common Expression Language (CEL)](https://github.com/google/cel-spec) expressions. Each policy rule expression must evaluate to true in order for
the rule's actions to take effect against traffic. In addition to CEL's [built-in functions and macros](https://github.com/google/cel-spec/blob/master/doc/langdef.md#macros) we provide additional variables for the [connection](#connection-variables).
the rule's actions to take effect against traffic. In addition to CEL's [built-in functions and macros](https://github.com/google/cel-spec/blob/master/doc/langdef.md#macros) we provide additional variables for the [connection](#connection-variables) along with [custom macros](#macros).

## Connection Variables

Expand Down Expand Up @@ -110,3 +110,37 @@ The TLS Version used on the connection.
expressions: ["conn.TLS.Version.contains('1.3')"],
}}
/>

---

## Macros

CEL provides a set of [predefined macros](https://github.com/google/cel-spec/blob/master/doc/langdef.md#macros) that can
also be used in policy expressions. For convenience, the following custom macros are also supported:

| Name | Return Type | Description |
| -------------------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| [`inCidrRange(ip string, cidr string)`](#incidrrangeip-string-cidr-string) | bool | Returns true or false if the provided IP address falls within the provided CIDR range. Returns false if the provided CIDR range is invalid. |
| [`inCidrRanges(ip string, cidrs list)`](#incidrrangesip-string-cidrs-list) | bool | Returns true or false if the provided IP address falls within any of the provided CIDR ranges. Ignores any provided CIDR ranges that are invalid. |

### `inCidrRange(ip string, cidr string)`

Returns true or false if the provided IP address falls within the provided CIDR range. Returns false if the provided CIDR range is invalid.

<ConfigExample
config={{
expressions: ["inCidrRange(conn.ClientIP, '66.249.66.1/24')"],
}}
/>

### `inCidrRanges(ip string, cidrs list)`

Returns true or false if the provided IP address falls within any of the provided CIDR ranges. Ignores any provided CIDR ranges that are invalid.

<ConfigExample
config={{
expressions: [
"inCidrRanges(conn.ClientIP, ['66.249.66.1/24', '2001:4860::/32'])",
],
}}
/>