Add env vars to install/remove appsec-{configs,rules} in docker image (#2664)
This commit is contained in:
parent
9b07e1f7ce
commit
bc3a179af9
2 changed files with 25 additions and 1 deletions
|
@ -321,11 +321,15 @@ config.yaml) each time the container is run.
|
||||||
| `SCENARIOS` | | Scenarios to install, separated by space |
|
| `SCENARIOS` | | Scenarios to install, separated by space |
|
||||||
| `POSTOVERFLOWS` | | Postoverflows to install, separated by space |
|
| `POSTOVERFLOWS` | | Postoverflows to install, separated by space |
|
||||||
| `CONTEXTS` | | Context files to install, separated by space |
|
| `CONTEXTS` | | Context files to install, separated by space |
|
||||||
|
| `APPSEC_CONFIGS` | | Appsec configs files to install, separated by space |
|
||||||
|
| `APPSEC_RULES` | | Appsec rules files to install, separated by space |
|
||||||
| `DISABLE_COLLECTIONS` | | Collections to remove, separated by space: `-e DISABLE_COLLECTIONS="crowdsecurity/linux crowdsecurity/nginx"` |
|
| `DISABLE_COLLECTIONS` | | Collections to remove, separated by space: `-e DISABLE_COLLECTIONS="crowdsecurity/linux crowdsecurity/nginx"` |
|
||||||
| `DISABLE_PARSERS` | | Parsers to remove, separated by space |
|
| `DISABLE_PARSERS` | | Parsers to remove, separated by space |
|
||||||
| `DISABLE_SCENARIOS` | | Scenarios to remove, separated by space |
|
| `DISABLE_SCENARIOS` | | Scenarios to remove, separated by space |
|
||||||
| `DISABLE_POSTOVERFLOWS` | | Postoverflows to remove, separated by space |
|
| `DISABLE_POSTOVERFLOWS` | | Postoverflows to remove, separated by space |
|
||||||
| `DISABLE_POSTOVERFLOWS` | | Context files to remove, separated by space |
|
| `DISABLE_CONTEXTS` | | Context files to remove, separated by space |
|
||||||
|
| `DISABLE_APPSEC_CONFIGS`| | Appsec configs files to remove, separated by space |
|
||||||
|
| `DISABLE_APPSEC_RULES` | | Appsec rules files to remove, separated by space |
|
||||||
| | | |
|
| | | |
|
||||||
| __Log verbosity__ | | |
|
| __Log verbosity__ | | |
|
||||||
| `LEVEL_INFO` | false | Force INFO level for the container log |
|
| `LEVEL_INFO` | false | Force INFO level for the container log |
|
||||||
|
|
|
@ -333,6 +333,16 @@ if [ "$CONTEXTS" != "" ]; then
|
||||||
cscli_if_clean contexts install "$(difference "$CONTEXTS" "$DISABLE_CONTEXTS")"
|
cscli_if_clean contexts install "$(difference "$CONTEXTS" "$DISABLE_CONTEXTS")"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$APPSEC_CONFIGS" != "" ]; then
|
||||||
|
# shellcheck disable=SC2086
|
||||||
|
cscli_if_clean appsec-configs install "$(difference "$APPSEC_CONFIGS" "$DISABLE_APPSEC_CONFIGS")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$APPSEC_RULES" != "" ]; then
|
||||||
|
# shellcheck disable=SC2086
|
||||||
|
cscli_if_clean appsec-rules install "$(difference "$APPSEC_RULES" "$DISABLE_APPSEC_RULES")"
|
||||||
|
fi
|
||||||
|
|
||||||
## Remove collections, parsers, scenarios & postoverflows
|
## Remove collections, parsers, scenarios & postoverflows
|
||||||
if [ "$DISABLE_COLLECTIONS" != "" ]; then
|
if [ "$DISABLE_COLLECTIONS" != "" ]; then
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
|
@ -359,6 +369,16 @@ if [ "$DISABLE_CONTEXTS" != "" ]; then
|
||||||
cscli_if_clean contexts remove "$DISABLE_CONTEXTS" --force
|
cscli_if_clean contexts remove "$DISABLE_CONTEXTS" --force
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$DISABLE_APPSEC_CONFIGS" != "" ]; then
|
||||||
|
# shellcheck disable=SC2086
|
||||||
|
cscli_if_clean appsec-configs remove "$DISABLE_APPSEC_CONFIGS" --force
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$DISABLE_APPSEC_RULES" != "" ]; then
|
||||||
|
# shellcheck disable=SC2086
|
||||||
|
cscli_if_clean appsec-rules remove "$DISABLE_APPSEC_RULES" --force
|
||||||
|
fi
|
||||||
|
|
||||||
## Register bouncers via env
|
## Register bouncers via env
|
||||||
for BOUNCER in $(compgen -A variable | grep -i BOUNCER_KEY); do
|
for BOUNCER in $(compgen -A variable | grep -i BOUNCER_KEY); do
|
||||||
KEY=$(printf '%s' "${!BOUNCER}")
|
KEY=$(printf '%s' "${!BOUNCER}")
|
||||||
|
|
Loading…
Reference in a new issue