From 3f7e887180990814d197cd5b06dea02ddca3e114 Mon Sep 17 00:00:00 2001 From: u5surf Date: Mon, 12 Jun 2023 23:02:00 +0900 Subject: [PATCH] Add vendor and tests (#229) --- .../nginx/agent/sdk/v2/config_apply.go | 6 ++++-- .../nginx/agent/sdk/v2/config_helpers.go | 11 ++++++++--- .../nginx/agent/sdk/v2/config_apply.go | 6 ++++-- .../nginx/agent/sdk/v2/config_helpers.go | 11 ++++++++--- .../nginx/agent/v2/src/core/config/config.go | 1 + .../agent/v2/src/core/config/defaults.go | 19 +++++++++++++------ .../nginx/agent/v2/src/core/config/types.go | 1 + .../nginx/agent/v2/src/core/nginx.go | 9 +++++---- .../nginx-app-protect/nap/nap_metadata.go | 3 ++- .../nginx/agent/v2/src/plugins/agent_api.go | 2 +- .../nginx/agent/v2/src/plugins/metrics.go | 2 +- .../nginx/agent/v2/src/plugins/nginx.go | 2 +- .../nginx/agent/sdk/v2/config_apply.go | 6 ++++-- .../nginx/agent/sdk/v2/config_helpers.go | 11 ++++++++--- 14 files changed, 61 insertions(+), 29 deletions(-) diff --git a/test/integration/vendor/github.com/nginx/agent/sdk/v2/config_apply.go b/test/integration/vendor/github.com/nginx/agent/sdk/v2/config_apply.go index 00660591b..3df4d29fb 100644 --- a/test/integration/vendor/github.com/nginx/agent/sdk/v2/config_apply.go +++ b/test/integration/vendor/github.com/nginx/agent/sdk/v2/config_apply.go @@ -35,6 +35,7 @@ type ConfigApply struct { func NewConfigApply( confFile string, allowedDirectories map[string]struct{}, + ignoreDirectives []string, ) (*ConfigApply, error) { w, err := zip.NewWriter("/") if err != nil { @@ -47,7 +48,7 @@ func NewConfigApply( notExistDirs: make(map[string]struct{}), } if confFile != "" { - return b, b.mapCurrentFiles(confFile, allowedDirectories) + return b, b.mapCurrentFiles(confFile, allowedDirectories, ignoreDirectives) } return b, nil } @@ -179,10 +180,11 @@ func (b *ConfigApply) RemoveFromNotExists(fullPath string) { // mapCurrentFiles parse the provided file via cross-plane, generate a list of files, which should be identical to the // DirectoryMap, will mark off the files as the config is being applied, any leftovers after complete should be deleted. -func (b *ConfigApply) mapCurrentFiles(confFile string, allowedDirectories map[string]struct{}) error { +func (b *ConfigApply) mapCurrentFiles(confFile string, allowedDirectories map[string]struct{}, ignoreDirectives []string) error { log.Debugf("parsing %s", confFile) payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, }, diff --git a/test/integration/vendor/github.com/nginx/agent/sdk/v2/config_helpers.go b/test/integration/vendor/github.com/nginx/agent/sdk/v2/config_helpers.go index fffddead7..64f26542c 100644 --- a/test/integration/vendor/github.com/nginx/agent/sdk/v2/config_helpers.go +++ b/test/integration/vendor/github.com/nginx/agent/sdk/v2/config_helpers.go @@ -100,9 +100,11 @@ func GetNginxConfig( nginxId, systemId string, allowedDirectories map[string]struct{}, + ignoreDirectives []string, ) (*proto.NginxConfig, error) { payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, }, @@ -728,9 +730,10 @@ func pingStatusAPIEndpoint(statusAPI string) bool { return true } -func GetStatusApiInfo(confFile string) (statusApi string, err error) { +func GetStatusApiInfo(confFile string, ignoreDirectives []string) (statusApi string, err error) { payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, CombineConfigs: true, @@ -749,7 +752,7 @@ func GetStatusApiInfo(confFile string) (statusApi string, err error) { return "", errors.New("no status api reachable from the agent found") } -func GetErrorAndAccessLogs(confFile string) (*proto.ErrorLogs, *proto.AccessLogs, error) { +func GetErrorAndAccessLogs(confFile string, ignoreDirectives []string) (*proto.ErrorLogs, *proto.AccessLogs, error) { nginxConfig := &proto.NginxConfig{ Action: proto.NginxConfigAction_RETURN, ConfigData: nil, @@ -763,6 +766,7 @@ func GetErrorAndAccessLogs(confFile string) (*proto.ErrorLogs, *proto.AccessLogs payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, }, @@ -828,7 +832,7 @@ func convertToHexFormat(hexString string) string { return formatted } -func GetAppProtectPolicyAndSecurityLogFiles(cfg *proto.NginxConfig) ([]string, []string) { +func GetAppProtectPolicyAndSecurityLogFiles(cfg *proto.NginxConfig, ignoreDirectives []string) ([]string, []string) { policyMap := make(map[string]bool) profileMap := make(map[string]bool) @@ -838,6 +842,7 @@ func GetAppProtectPolicyAndSecurityLogFiles(cfg *proto.NginxConfig) ([]string, [ payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, }, diff --git a/test/performance/vendor/github.com/nginx/agent/sdk/v2/config_apply.go b/test/performance/vendor/github.com/nginx/agent/sdk/v2/config_apply.go index 00660591b..3df4d29fb 100644 --- a/test/performance/vendor/github.com/nginx/agent/sdk/v2/config_apply.go +++ b/test/performance/vendor/github.com/nginx/agent/sdk/v2/config_apply.go @@ -35,6 +35,7 @@ type ConfigApply struct { func NewConfigApply( confFile string, allowedDirectories map[string]struct{}, + ignoreDirectives []string, ) (*ConfigApply, error) { w, err := zip.NewWriter("/") if err != nil { @@ -47,7 +48,7 @@ func NewConfigApply( notExistDirs: make(map[string]struct{}), } if confFile != "" { - return b, b.mapCurrentFiles(confFile, allowedDirectories) + return b, b.mapCurrentFiles(confFile, allowedDirectories, ignoreDirectives) } return b, nil } @@ -179,10 +180,11 @@ func (b *ConfigApply) RemoveFromNotExists(fullPath string) { // mapCurrentFiles parse the provided file via cross-plane, generate a list of files, which should be identical to the // DirectoryMap, will mark off the files as the config is being applied, any leftovers after complete should be deleted. -func (b *ConfigApply) mapCurrentFiles(confFile string, allowedDirectories map[string]struct{}) error { +func (b *ConfigApply) mapCurrentFiles(confFile string, allowedDirectories map[string]struct{}, ignoreDirectives []string) error { log.Debugf("parsing %s", confFile) payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, }, diff --git a/test/performance/vendor/github.com/nginx/agent/sdk/v2/config_helpers.go b/test/performance/vendor/github.com/nginx/agent/sdk/v2/config_helpers.go index fffddead7..64f26542c 100644 --- a/test/performance/vendor/github.com/nginx/agent/sdk/v2/config_helpers.go +++ b/test/performance/vendor/github.com/nginx/agent/sdk/v2/config_helpers.go @@ -100,9 +100,11 @@ func GetNginxConfig( nginxId, systemId string, allowedDirectories map[string]struct{}, + ignoreDirectives []string, ) (*proto.NginxConfig, error) { payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, }, @@ -728,9 +730,10 @@ func pingStatusAPIEndpoint(statusAPI string) bool { return true } -func GetStatusApiInfo(confFile string) (statusApi string, err error) { +func GetStatusApiInfo(confFile string, ignoreDirectives []string) (statusApi string, err error) { payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, CombineConfigs: true, @@ -749,7 +752,7 @@ func GetStatusApiInfo(confFile string) (statusApi string, err error) { return "", errors.New("no status api reachable from the agent found") } -func GetErrorAndAccessLogs(confFile string) (*proto.ErrorLogs, *proto.AccessLogs, error) { +func GetErrorAndAccessLogs(confFile string, ignoreDirectives []string) (*proto.ErrorLogs, *proto.AccessLogs, error) { nginxConfig := &proto.NginxConfig{ Action: proto.NginxConfigAction_RETURN, ConfigData: nil, @@ -763,6 +766,7 @@ func GetErrorAndAccessLogs(confFile string) (*proto.ErrorLogs, *proto.AccessLogs payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, }, @@ -828,7 +832,7 @@ func convertToHexFormat(hexString string) string { return formatted } -func GetAppProtectPolicyAndSecurityLogFiles(cfg *proto.NginxConfig) ([]string, []string) { +func GetAppProtectPolicyAndSecurityLogFiles(cfg *proto.NginxConfig, ignoreDirectives []string) ([]string, []string) { policyMap := make(map[string]bool) profileMap := make(map[string]bool) @@ -838,6 +842,7 @@ func GetAppProtectPolicyAndSecurityLogFiles(cfg *proto.NginxConfig) ([]string, [ payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, }, diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/config.go b/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/config.go index a5c5d5531..32b3187aa 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/config.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/config.go @@ -181,6 +181,7 @@ func GetConfig(clientId string) (*Config, error) { AllowedDirectoriesMap: map[string]struct{}{}, DisplayName: Viper.GetString(DisplayNameKey), InstanceGroup: Viper.GetString(InstanceGroupKey), + IgnoreDirectives: Viper.GetStringSlice(IgnoreDirectivesKey), } for _, dir := range strings.Split(config.ConfigDirs, ":") { diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/defaults.go b/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/defaults.go index 32104583d..c125709da 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/defaults.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/defaults.go @@ -65,6 +65,7 @@ var ( TreatWarningsAsErrors: false, }, ConfigDirs: "/etc/nginx:/usr/local/etc/nginx:/usr/share/nginx/modules:/etc/nms", + IgnoreDirectives: []string{}, AllowedDirectoriesMap: map[string]struct{}{}, TLS: TLSConfig{ Enable: false, @@ -100,12 +101,13 @@ const ( ConfigPathKey = "path" DynamicConfigPathKey = "dynamic-config-path" - CloudAccountIdKey = "cloudaccountid" - LocationKey = "location" - DisplayNameKey = "display_name" - InstanceGroupKey = "instance_group" - ConfigDirsKey = "config_dirs" - TagsKey = "tags" + CloudAccountIdKey = "cloudaccountid" + LocationKey = "location" + DisplayNameKey = "display_name" + InstanceGroupKey = "instance_group" + ConfigDirsKey = "config_dirs" + TagsKey = "tags" + IgnoreDirectivesKey = "ignore_directives" // viper keys used in config LogKey = "log" @@ -268,6 +270,11 @@ var ( DefaultValue: agent_config.GetDefaultFeatures(), }, // NGINX Config + &StringSliceFlag{ + Name: IgnoreDirectivesKey, + Usage: "A comma-separated list of ignoring directives which contain sensitive info.", + DefaultValue: Defaults.IgnoreDirectives, + }, &StringFlag{ Name: NginxExcludeLogs, Usage: "One or more NGINX access log paths that you want to exclude from metrics collection. This key is formatted as a string and multiple values should be provided as a comma-separated list.", diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/types.go b/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/types.go index 234a2b90c..363fac0aa 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/types.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/types.go @@ -31,6 +31,7 @@ type Config struct { AllowedDirectoriesMap map[string]struct{} `yaml:"-"` DisplayName string `mapstructure:"display_name" yaml:"display_name,omitempty"` InstanceGroup string `mapstructure:"instance_group" yaml:"instance_group,omitempty"` + IgnoreDirectives []string `mapstructure:"ignore_directives" yaml:"ignore_directives,omitempty"` } func (c *Config) IsGrpcServerConfigured() bool { diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/core/nginx.go b/test/performance/vendor/github.com/nginx/agent/v2/src/core/nginx.go index 0b8a67e4e..3e1904aa7 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/core/nginx.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/core/nginx.go @@ -203,7 +203,7 @@ func (n *NginxBinaryType) GetNginxDetailsFromProcess(nginxProcess Process) *prot nginxDetailsFacade.ConfPath = path } - url, err := sdk.GetStatusApiInfo(nginxDetailsFacade.ConfPath) + url, err := sdk.GetStatusApiInfo(nginxDetailsFacade.ConfPath, n.config.IgnoreDirectives) if err != nil { log.Tracef("Unable to get status api from the configuration: NGINX metrics will be unavailable for this system. please configure a status API to get NGINX metrics: %v", err) } @@ -352,6 +352,7 @@ func (n *NginxBinaryType) WriteConfig(config *proto.NginxConfig) (*sdk.ConfigApp config.ConfigData.NginxId, config.ConfigData.SystemId, n.config.AllowedDirectoriesMap, + n.config.IgnoreDirectives, ) if err != nil { return nil, err @@ -387,7 +388,7 @@ func (n *NginxBinaryType) WriteConfig(config *proto.NginxConfig) (*sdk.ConfigApp log.Info("Updating NGINX config") var configApply *sdk.ConfigApply - configApply, err = sdk.NewConfigApply(details.ConfPath, n.config.AllowedDirectoriesMap) + configApply, err = sdk.NewConfigApply(details.ConfPath, n.config.AllowedDirectoriesMap, n.config.IgnoreDirectives) if err != nil { log.Warnf("config_apply error: %s", err) return nil, err @@ -482,7 +483,7 @@ func generateDeleteFromDirectoryMap( } func (n *NginxBinaryType) ReadConfig(confFile, nginxId, systemId string) (*proto.NginxConfig, error) { - configPayload, err := sdk.GetNginxConfig(confFile, nginxId, systemId, n.config.AllowedDirectoriesMap) + configPayload, err := sdk.GetNginxConfig(confFile, nginxId, systemId, n.config.AllowedDirectoriesMap, n.config.IgnoreDirectives) if err != nil { return nil, err } @@ -534,7 +535,7 @@ func (n *NginxBinaryType) writeBackup(config *proto.NginxConfig, confFiles []*pr allowedDirs := map[string]struct{}{"/tmp": {}} path := filepath.Join("/tmp", strconv.FormatInt(time.Now().Unix(), 10)) - configApply, err := sdk.NewConfigApply("/tmp", n.config.AllowedDirectoriesMap) + configApply, err := sdk.NewConfigApply("/tmp", n.config.AllowedDirectoriesMap, n.config.IgnoreDirectives) if err != nil { log.Warnf("config_apply error: %s", err) return diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap_metadata.go b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap_metadata.go index e13d80563..57d54932f 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap_metadata.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap_metadata.go @@ -24,6 +24,7 @@ import ( func UpdateMetadata( cfg *proto.NginxConfig, appProtectWAFDetails *proto.AppProtectWAFDetails, + ignoreDirectives []string, ) error { previousPrecompiledPublication := false previousMeta := Metadata{} @@ -49,7 +50,7 @@ func UpdateMetadata( return nil } - policies, profiles := sdk.GetAppProtectPolicyAndSecurityLogFiles(cfg) + policies, profiles := sdk.GetAppProtectPolicyAndSecurityLogFiles(cfg, ignoreDirectives) policyBundles := []*BundleMetadata{} profileBundles := []*BundleMetadata{} diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/agent_api.go b/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/agent_api.go index 93dfefa95..6dd6c882b 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/agent_api.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/agent_api.go @@ -484,7 +484,7 @@ func (h *NginxHandler) applyNginxConfig(nginxDetail *proto.NginxDetails, buf *by Contents: buf.Bytes(), } - configApply, err := sdk.NewConfigApply(protoFile.GetName(), h.config.AllowedDirectoriesMap) + configApply, err := sdk.NewConfigApply(protoFile.GetName(), h.config.AllowedDirectoriesMap, h.config.IgnoreDirectives) if err != nil { return fmt.Errorf("unable to write config: %v", err) } diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/metrics.go b/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/metrics.go index 75663fe73..dad221b8e 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/metrics.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/metrics.go @@ -300,7 +300,7 @@ func createCollectorConfigsMap(config *config.Config, env core.Environment, bina stubStatusApi = detail.StatusUrl } - errorLogs, accessLogs, err := sdk.GetErrorAndAccessLogs(detail.ConfPath) + errorLogs, accessLogs, err := sdk.GetErrorAndAccessLogs(detail.ConfPath, config.IgnoreDirectives) if err != nil { log.Warnf("Error reading access and error logs from config %s %v", detail.ConfPath, err) } diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/nginx.go b/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/nginx.go index 5001f81b0..f24f2f51d 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/nginx.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/nginx.go @@ -250,7 +250,7 @@ func (n *Nginx) uploadConfig(config *proto.ConfigDescriptor, messageId string) e } if n.isNginxAppProtectEnabled { - err = nap.UpdateMetadata(cfg, n.nginxAppProtectSoftwareDetails) + err = nap.UpdateMetadata(cfg, n.nginxAppProtectSoftwareDetails, n.config.IgnoreDirectives) if err != nil { log.Errorf("Unable to update NAP metadata: %v", err) } diff --git a/vendor/github.com/nginx/agent/sdk/v2/config_apply.go b/vendor/github.com/nginx/agent/sdk/v2/config_apply.go index 00660591b..3df4d29fb 100644 --- a/vendor/github.com/nginx/agent/sdk/v2/config_apply.go +++ b/vendor/github.com/nginx/agent/sdk/v2/config_apply.go @@ -35,6 +35,7 @@ type ConfigApply struct { func NewConfigApply( confFile string, allowedDirectories map[string]struct{}, + ignoreDirectives []string, ) (*ConfigApply, error) { w, err := zip.NewWriter("/") if err != nil { @@ -47,7 +48,7 @@ func NewConfigApply( notExistDirs: make(map[string]struct{}), } if confFile != "" { - return b, b.mapCurrentFiles(confFile, allowedDirectories) + return b, b.mapCurrentFiles(confFile, allowedDirectories, ignoreDirectives) } return b, nil } @@ -179,10 +180,11 @@ func (b *ConfigApply) RemoveFromNotExists(fullPath string) { // mapCurrentFiles parse the provided file via cross-plane, generate a list of files, which should be identical to the // DirectoryMap, will mark off the files as the config is being applied, any leftovers after complete should be deleted. -func (b *ConfigApply) mapCurrentFiles(confFile string, allowedDirectories map[string]struct{}) error { +func (b *ConfigApply) mapCurrentFiles(confFile string, allowedDirectories map[string]struct{}, ignoreDirectives []string) error { log.Debugf("parsing %s", confFile) payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, }, diff --git a/vendor/github.com/nginx/agent/sdk/v2/config_helpers.go b/vendor/github.com/nginx/agent/sdk/v2/config_helpers.go index fffddead7..64f26542c 100644 --- a/vendor/github.com/nginx/agent/sdk/v2/config_helpers.go +++ b/vendor/github.com/nginx/agent/sdk/v2/config_helpers.go @@ -100,9 +100,11 @@ func GetNginxConfig( nginxId, systemId string, allowedDirectories map[string]struct{}, + ignoreDirectives []string, ) (*proto.NginxConfig, error) { payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, }, @@ -728,9 +730,10 @@ func pingStatusAPIEndpoint(statusAPI string) bool { return true } -func GetStatusApiInfo(confFile string) (statusApi string, err error) { +func GetStatusApiInfo(confFile string, ignoreDirectives []string) (statusApi string, err error) { payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, CombineConfigs: true, @@ -749,7 +752,7 @@ func GetStatusApiInfo(confFile string) (statusApi string, err error) { return "", errors.New("no status api reachable from the agent found") } -func GetErrorAndAccessLogs(confFile string) (*proto.ErrorLogs, *proto.AccessLogs, error) { +func GetErrorAndAccessLogs(confFile string, ignoreDirectives []string) (*proto.ErrorLogs, *proto.AccessLogs, error) { nginxConfig := &proto.NginxConfig{ Action: proto.NginxConfigAction_RETURN, ConfigData: nil, @@ -763,6 +766,7 @@ func GetErrorAndAccessLogs(confFile string) (*proto.ErrorLogs, *proto.AccessLogs payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, }, @@ -828,7 +832,7 @@ func convertToHexFormat(hexString string) string { return formatted } -func GetAppProtectPolicyAndSecurityLogFiles(cfg *proto.NginxConfig) ([]string, []string) { +func GetAppProtectPolicyAndSecurityLogFiles(cfg *proto.NginxConfig, ignoreDirectives []string) ([]string, []string) { policyMap := make(map[string]bool) profileMap := make(map[string]bool) @@ -838,6 +842,7 @@ func GetAppProtectPolicyAndSecurityLogFiles(cfg *proto.NginxConfig) ([]string, [ payload, err := crossplane.Parse(confFile, &crossplane.ParseOptions{ + IgnoreDirectives: ignoreDirectives, SingleFile: false, StopParsingOnError: true, },