From b9f62dd9eedcf43538bc9e69dc207434f99c58e7 Mon Sep 17 00:00:00 2001 From: marc Date: Thu, 31 Oct 2024 15:59:33 +0000 Subject: [PATCH] Impart Security's WAF and API security plugin (#7672) * Impart Security's WAF and API security plugin. * Updated category to community per PR feedback * Fix lint and build errors * Update plugin name based on PR feedback * Update docs based on PR feedback * Update docs based on PR feedback * Update docs based on PR feedback * Update app/_hub/impart-security/kong-plugin-impart/_changelog.md Co-authored-by: lena-larionova <54370747+lena-larionova@users.noreply.github.com> * Update app/_hub/impart-security/kong-plugin-impart/_changelog.md Co-authored-by: lena-larionova <54370747+lena-larionova@users.noreply.github.com> * Update app/_hub/impart-security/kong-plugin-impart/_metadata/_index.yml Co-authored-by: lena-larionova <54370747+lena-larionova@users.noreply.github.com> * Update app/_hub/impart-security/kong-plugin-impart/overview/_index.md Co-authored-by: lena-larionova <54370747+lena-larionova@users.noreply.github.com> * Update app/_hub/impart-security/kong-plugin-impart/overview/_index.md Co-authored-by: lena-larionova <54370747+lena-larionova@users.noreply.github.com> * Update app/_hub/impart-security/kong-plugin-impart/overview/_index.md Co-authored-by: lena-larionova <54370747+lena-larionova@users.noreply.github.com> * Update app/_hub/impart-security/kong-plugin-impart/overview/_index.md Co-authored-by: lena-larionova <54370747+lena-larionova@users.noreply.github.com> * renamed image * bypass lint spelling * Added mailto: * Added . * Switch to URL instead of email * Rebuild * Added 3.8.x --------- Co-authored-by: lena-larionova <54370747+lena-larionova@users.noreply.github.com> --- .github/styles/kong/dictionary.txt | 1 + .../kong-plugin-impart/_changelog.md | 6 ++ .../kong-plugin-impart/_metadata/_index.yml | 43 ++++++++++ .../kong-plugin-impart/examples/_index.yml | 3 + .../kong-plugin-impart/overview/_index.md | 78 ++++++++++++++++++ .../kong-plugin-impart/schemas/_index.json | 42 ++++++++++ .../impart-security_kong-plugin-impart.png | Bin 0 -> 777 bytes .../config/ignored_targets.json | 4 +- 8 files changed, 176 insertions(+), 1 deletion(-) create mode 100644 app/_hub/impart-security/kong-plugin-impart/_changelog.md create mode 100644 app/_hub/impart-security/kong-plugin-impart/_metadata/_index.yml create mode 100644 app/_hub/impart-security/kong-plugin-impart/examples/_index.yml create mode 100644 app/_hub/impart-security/kong-plugin-impart/overview/_index.md create mode 100644 app/_hub/impart-security/kong-plugin-impart/schemas/_index.json create mode 100644 app/assets/images/icons/hub/impart-security_kong-plugin-impart.png diff --git a/.github/styles/kong/dictionary.txt b/.github/styles/kong/dictionary.txt index 9bf3ce88cdd1..19521c7ac5d1 100644 --- a/.github/styles/kong/dictionary.txt +++ b/.github/styles/kong/dictionary.txt @@ -377,6 +377,7 @@ mimetype minifier minikube minio +misconfigurations misconfigured Moesif MongoDB diff --git a/app/_hub/impart-security/kong-plugin-impart/_changelog.md b/app/_hub/impart-security/kong-plugin-impart/_changelog.md new file mode 100644 index 000000000000..4b4c65d3e666 --- /dev/null +++ b/app/_hub/impart-security/kong-plugin-impart/_changelog.md @@ -0,0 +1,6 @@ +## Changelog + +**kong-plugin-impart 0.2.3** + +* Official release of `kong-plugin-impart`. +This plugin is compatible with {{site.base_gateway}} 3.4.x, 3.5.x, 3.6.x, and 3.7.x at release time. \ No newline at end of file diff --git a/app/_hub/impart-security/kong-plugin-impart/_metadata/_index.yml b/app/_hub/impart-security/kong-plugin-impart/_metadata/_index.yml new file mode 100644 index 000000000000..2c49c020e152 --- /dev/null +++ b/app/_hub/impart-security/kong-plugin-impart/_metadata/_index.yml @@ -0,0 +1,43 @@ +name: Impart Security +publisher: Impart Security + +categories: + - community + +type: plugin + +desc: Integrate Impart Security's WAF and API security protection platform with Kong. + +support_url: https://www.impart.security/get-started + +dbless_compatible: yes + +free: false +enterprise: false +techpartner: false +konnect: true + +kong_version_compatibility: + community_edition: + compatible: + - 3.8.x + - 3.7.x + - 3.6.x + - 3.5.x + - 3.4.x + - 3.3.x + - 3.2.x + - 3.1.x + - 3.0.x + - 2.8.x + enterprise_edition: + compatible: + - 3.8.x + - 3.7.x + - 3.6.x + - 3.5.x + - 3.4.x + - 2.8.x + +search_aliases: + - kong-plugin-impart diff --git a/app/_hub/impart-security/kong-plugin-impart/examples/_index.yml b/app/_hub/impart-security/kong-plugin-impart/examples/_index.yml new file mode 100644 index 000000000000..6ac7522f3230 --- /dev/null +++ b/app/_hub/impart-security/kong-plugin-impart/examples/_index.yml @@ -0,0 +1,3 @@ +name: kong-plugin-impart +config: + inspector_rpc_addr: "/tmp/impart.sock" \ No newline at end of file diff --git a/app/_hub/impart-security/kong-plugin-impart/overview/_index.md b/app/_hub/impart-security/kong-plugin-impart/overview/_index.md new file mode 100644 index 000000000000..de5648e696e9 --- /dev/null +++ b/app/_hub/impart-security/kong-plugin-impart/overview/_index.md @@ -0,0 +1,78 @@ +--- +nav_title: Overview +title: Overview +--- + +Impart's API Protection and WAF platform delivers comprehensive protection for APIs, microservices, and serverless applications in cloud-native environments. + +Use the Impart plugin to: +* Discover and catalog your API and web application Attack Surface. +* Protect your APIs and web applications from injection, enumeration, automated threats, and other attacks. +* Find and help you fix your API and web application vulnerabilities and misconfigurations with built in API testing. +* Reduce your API and web application risk profile. + + +## How it works + +The Impart Kong plugin allows Impart to inspect your HTTP traffic within your own environment to detect threats, anomalies, and other interesting insights. These insights are used to protect your APIs in real time through an integration with Kong that introduces minimal additional latency, fails open to ensure reliability, and keeps sensitive data within your own environment to protect your privacy. + + +## How to install + +Custom plugins can be installed via LuaRocks. A Lua plugin is distributed in `.rock` format, which is +a self-contained package that can be installed locally or from a remote server. + +If you used one of the official {{site.base_gateway}} installation packages, the LuaRocks utility +should already be installed in your system. +Install the `.rock` in your LuaRocks tree, that is, the directory in which LuaRocks +installs Lua modules. + +1. Install the Impart plugin: + + ```sh + luarocks install kong-plugin-impart + ``` + +2. Update your loaded plugins list in {{site.base_gateway}}. + + In your `kong.conf`, append `impart` to the `plugins` field. Make sure the field is not commented out. + + ```yaml + plugins = bundled,impart # Comma-separated list of plugins this node + # should load. By default, only plugins + # bundled in official distributions are + # loaded via the `bundled` keyword. + ``` + +3. Restart {{site.base_gateway}}: + + ```sh + kong restart + ``` + +## Using the plugin + +This plugin requires having installed an Impart Inspector. Navigate to the Impart console for step-by-step [instructions](https://console.impartsecurity.net/orgs/_/integrations?q=kong). + +### {{site.base_gateway}} + +If you already configured an API, execute the command below after replacing `` with the name of your API and `` if different than the default. + +```shell +curl -i -X POST http://localhost:8001/services//plugins \ + -F "name=impart" \ + -F "config.inspector_rpc_addr=" +``` + +### {{site.konnect_product_name}} + +If you are a {{site.konnect_short_name}} administrator, install the Impart plugin as a [custom plugin](/konnect/gateway-manager/plugins/add-custom-plugin/). + +If the plugin has already been installed by an administrator, you can enable it through {{site.konnect_short_name}}: +1. Depending on where you want to enable Impart, select **Plugins**. +2. Click on **+ New Plugin** +3. On **Custom Plugins**, select **Kong Plugin Impart**. +4. Fill in the **`Inspector Rpc Addr`** field. +5. Click **Save**. + +For further information, please check our [Impart Kong documentation page](https://docs.impartsecurity.net/docs/Quickstart/Integrations/Kong_lua). \ No newline at end of file diff --git a/app/_hub/impart-security/kong-plugin-impart/schemas/_index.json b/app/_hub/impart-security/kong-plugin-impart/schemas/_index.json new file mode 100644 index 000000000000..b93e95d50960 --- /dev/null +++ b/app/_hub/impart-security/kong-plugin-impart/schemas/_index.json @@ -0,0 +1,42 @@ +{ + "fields": [ + { + "consumer": { + "eq": null, + "type": "foreign", + "reference": "consumers" + } + }, + { + "protocols": { + "elements": { + "one_of": [ + "http", + "https" + ], + "type": "string" + }, + "required": true, + "type": "set", + "default": [ + "http", + "https" + ] + } + }, + { + "config": { + "fields": [ + { + "inspector_rpc_addr": { + "type": "string", + "required": true, + "default": "/tmp/impart.sock", + "description": "Socket to communicate with the Impart inspector." + } + } + ] + } + } + ] +} diff --git a/app/assets/images/icons/hub/impart-security_kong-plugin-impart.png b/app/assets/images/icons/hub/impart-security_kong-plugin-impart.png new file mode 100644 index 0000000000000000000000000000000000000000..d0663d6cd19a0f48e372efc17ff99b7f1085880f GIT binary patch literal 777 zcmeAS@N?(olHy`uVBq!ia0vp^0U*r51|<6gKdl8)oCO|{#S9GG!XV7ZFl&wkP>``W z$lZxy-8q?;Kn_c~qpu?a!^VE@KZ&di3{3MpT^vIy7~js>sILjXlhr0(fpGv(l_^huSqLT|MYiK zW}2Vb&G>hFtIy4x{8l=;s?zY`vvy7{PL+ucLa4-~`OhBISZm!mHhuT;kf+ACFLI%% znH0snX9r*Z-hGDRU&U^4_20EO6W=Pvp;`X@?qh-Cl03aE-473M=2WiU>|*2GBOb09 zuBwnxc6W_so|%2JnaPCv$A5O{?yH~FS!ZOvRXn0W_to8Ha|5KDl^RuqJP^dBo&z&d zzJ0toNpYsjuQyuj#hfhmZqfMn@7$^hnVT=VmGM6P9u@gL_5BS0b(13-4dYXuYuJ4I zZ@>Aj>E@%)cH3My;kD~4>*m9~Hpje;m;z_FbvXKXv@cDlUbxOFX>9$6JqA^U>h8Wb8V-q|SI$0(`3D5ce jj!t*hM)f7s(@#XJZ>`QUuj7;krd$S3S3j3^P6