Add env vars to install/remove appsec-{configs,rules} in docker image (…

…#2664)
crowdsecurity · Dec 14, 2023 · bc3a179 · bc3a179
1 parent 9b07e1f
commit bc3a179
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/docker/README.md b/docker/README.md
@@ -321,11 +321,15 @@ config.yaml) each time the container is run.
 | `SCENARIOS`             | | Scenarios to install, separated by space |
 | `POSTOVERFLOWS`         | | Postoverflows to install, separated by space |
 | `CONTEXTS`              | | Context files to install, separated by space |
+| `APPSEC_CONFIGS`        | | Appsec configs files to install, separated by space |
+| `APPSEC_RULES`          | | Appsec rules files to install, separated by space |
 | `DISABLE_COLLECTIONS`   | | Collections to remove, separated by space: `-e DISABLE_COLLECTIONS="crowdsecurity/linux crowdsecurity/nginx"` |
 | `DISABLE_PARSERS`       | | Parsers to remove, separated by space |
 | `DISABLE_SCENARIOS`     | | Scenarios to remove, separated by space |
 | `DISABLE_POSTOVERFLOWS` | | Postoverflows to remove, separated by space |
-| `DISABLE_POSTOVERFLOWS` | | Context files to remove, separated by space |
+| `DISABLE_CONTEXTS`      | | Context files to remove, separated by space |
+| `DISABLE_APPSEC_CONFIGS`| | Appsec configs files to remove, separated by space |
+| `DISABLE_APPSEC_RULES`  | | Appsec rules files to remove, separated by space |
 |                         | | |
 | __Log verbosity__       | | |
 | `LEVEL_INFO`            | false | Force INFO level for the container log |

diff --git a/docker/docker_start.sh b/docker/docker_start.sh
@@ -333,6 +333,16 @@ if [ "$CONTEXTS" != "" ]; then
     cscli_if_clean contexts install "$(difference "$CONTEXTS" "$DISABLE_CONTEXTS")"
 fi
 
+if [ "$APPSEC_CONFIGS" != "" ]; then
+    # shellcheck disable=SC2086
+    cscli_if_clean appsec-configs install "$(difference "$APPSEC_CONFIGS" "$DISABLE_APPSEC_CONFIGS")"
+fi
+
+if [ "$APPSEC_RULES" != "" ]; then
+    # shellcheck disable=SC2086
+    cscli_if_clean appsec-rules install "$(difference "$APPSEC_RULES" "$DISABLE_APPSEC_RULES")"
+fi
+
 ## Remove collections, parsers, scenarios & postoverflows
 if [ "$DISABLE_COLLECTIONS" != "" ]; then
     # shellcheck disable=SC2086
@@ -359,6 +369,16 @@ if [ "$DISABLE_CONTEXTS" != "" ]; then
     cscli_if_clean contexts remove "$DISABLE_CONTEXTS" --force
 fi
 
+if [ "$DISABLE_APPSEC_CONFIGS" != "" ]; then
+    # shellcheck disable=SC2086
+    cscli_if_clean appsec-configs remove "$DISABLE_APPSEC_CONFIGS" --force
+fi
+
+if [ "$DISABLE_APPSEC_RULES" != "" ]; then
+    # shellcheck disable=SC2086
+    cscli_if_clean appsec-rules remove "$DISABLE_APPSEC_RULES" --force
+fi
+
 ## Register bouncers via env
 for BOUNCER in $(compgen -A variable | grep -i BOUNCER_KEY); do
     KEY=$(printf '%s' "${!BOUNCER}")