5GSEC · anurag-rajawat · Feb 18, 2025 · Feb 18, 2025
diff --git a/deployments/sentryflow.yaml b/deployments/sentryflow.yaml
diff --git a/deployments/sentryflow/Readme.md b/deployments/sentryflow/Readme.md
@@ -20,7 +20,7 @@ Configure SentryFlow receiver by following [this](../../docs/receivers.md).
 ### Deploy SentryFlow
 
 ```shell
-helm install --values values.yaml sentryflow 5gsec/sentryflow-n sentryflow --create-namespace 
+helm install --values values.yaml sentryflow 5gsec/sentryflow -n sentryflow --create-namespace 
 ```
 
 Install SentryFlow using Helm charts locally (for testing)

diff --git a/deployments/sentryflow/templates/clusterrole.yaml b/deployments/sentryflow/templates/clusterrole.yaml
@@ -29,11 +29,19 @@ rules:
       - ""
     verbs:
       - get
+      - update
     resources:
       - configmaps
+  - apiGroups:
+      - ""
+    verbs:
+      - list
+    resources:
+      - services
   - apiGroups:
       - apps
     verbs:
       - get
+      - update
     resources:
       - deployments
diff --git a/deployments/sentryflow/templates/sentryflow-configmap-for-nginx-inc.yaml b/deployments/sentryflow/templates/sentryflow-configmap-for-nginx-inc.yaml
@@ -0,0 +1,118 @@
+{{- range .Values.config.receivers.others}}
+{{- if eq .name "nginx-inc-ingress-controller" }}
+{{- if .autoConfigure }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $.Values.config.filters.nginxIngress.sentryFlowNjsConfigMapName }}
+  namespace: {{ .namespace }}
+  labels:
+     {{- with $.Values.genericLabels }}
+         {{- toYaml . | nindent 4 }}
+     {{- end }}
+data:
+  sentryflow.js: |
+    const DEFAULT_KEY = "sentryFlow";
+    const ResStatusKey = ":status"
+    const MAX_BODY_SIZE = 1_000_000; // 1 MB
+
+    function requestHandler(r, data, flags) {
+        // https://nginx.org/en/docs/njs/reference.html#r_sendbuffer
+        r.sendBuffer(data, flags);
+
+        // https://nginx.org/en/docs/njs/reference.html#r_done
+        r.done();
+
+        let responseBody = ""
+        try {
+            responseBody = new TextDecoder("utf-8")
+                .decode(new Uint8Array(data));
+        } catch (error) {
+            r.error(`failed to decode data, error: ${error}`)
+            // Do not return, process other info even without body.
+        }
+
+        if (responseBody.length > MAX_BODY_SIZE) {
+            responseBody = ""
+        }
+
+        let apiEvent = {
+            "metadata": {
+                // Divide by 1000 converts the timestamp from milliseconds to seconds.
+                "timestamp": Date.parse(r.variables.time_iso8601.split("+")[0]) / 1000,
+                "receiver_name": "nginx",
+                "receiver_version": ngx.version,
+            },
+            "source": {
+                "ip": r.remoteAddress,
+                "port": r.variables.remote_port,
+            },
+            "destination": {
+                "ip": r.variables.server_addr,
+                "port": r.variables.server_port,
+            },
+            "request": {
+                "headers": {},
+                "body": r.requestText || "",
+            },
+            "response": {
+                "headers": {},
+                "body": responseBody,
+            },
+            "protocol": r.variables.server_protocol,
+        };
+
+        for (const header in r.headersIn) {
+            apiEvent.request.headers[header] = r.headersIn[header];
+        }
+
+        // https://nginx.org/en/docs/http/ngx_http_core_module.html#variables
+        apiEvent.request.headers[":scheme"] = r.variables.scheme
+        apiEvent.request.headers[":path"] = r.uri
+        apiEvent.request.headers[":method"] = r.variables.request_method
+
+        // Number of bytes sent to a client, not counting the response header; this
+        // variable is compatible with the “%B” parameter of the mod_log_config Apache module.
+        apiEvent.request.headers["body_bytes_sent"] = r.variables.body_bytes_sent
+
+        // Request length including request line, header, and request body.
+        apiEvent.request.headers["request_length"] = r.variables.request_length
+
+        // Request processing time in seconds with a milliseconds resolution;
+        // Time elapsed since the first bytes were read from the client.
+        apiEvent.request.headers["request_time"] = r.variables.request_time
+
+        // Query (args) in the request line.
+        apiEvent.request.headers["query"] = r.variables.query_string
+
+        for (const header in r.headersOut) {
+            apiEvent.response.headers[header] = r.headersOut[header];
+        }
+        apiEvent.response.headers[ResStatusKey] = r.variables.status
+
+        // https://nginx.org/en/docs/njs/reference.html#ngx_shared
+        ngx.shared.apievents.set(DEFAULT_KEY, JSON.stringify(apiEvent));
+    }
+
+    async function dispatchHttpCall(r) {
+        try {
+            let apiEvent = ngx.shared.apievents.get(DEFAULT_KEY);
+            await r.subrequest("/sentryflow", {
+                method: "POST", body: apiEvent, detached: true
+            })
+        } catch (error) {
+            r.error(`failed to dispatch HTTP call to SentryFlow, error: ${error}`)
+            return;
+        } finally {
+            ngx.shared.apievents.clear();
+        }
+
+        r.return(200, "OK");
+    }
+
+    export default {
+        requestHandler, dispatchHttpCall
+    };
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/deployments/sentryflow/values.yaml b/deployments/sentryflow/values.yaml
@@ -89,30 +89,32 @@ config:
   filters:
     server:
       port: 9999
-      # Envoy filter is required for `istio-sidecar` service-mesh receiver.
-      # Uncomment the following if you want to use `istio-sidecar` traffic source
-  #    envoy:
-  #      uri: 5gsec/sentryflow-httpfilter:latest
+    # Envoy filter is required for `istio-sidecar` service-mesh receiver.
+    envoy:
+      uri: 5gsec/sentryflow-httpfilter:latest
 
-  #  Following is required for `nginx-inc-ingress-controller` receiver.
-  # Uncomment the following if you want to use `nginx-inc-ingress-controller` traffic source
-  #  nginxIngress:
-  #    deploymentName: nginx-ingress-controller
-  #    configMapName: nginx-ingress
-  #    sentryFlowNjsConfigMapName: sentryflow-njs
+    #  Following is required for `nginx-inc-ingress-controller` receiver.
+    # Uncomment the following if you want to use `nginx-inc-ingress-controller` traffic source
+    nginxIngress:
+      deploymentName: nginx-ingress-controller
+      configMapName: nginx-ingress
+      sentryFlowNjsConfigMapName: sentryflow-nginx-inc
   receivers: # aka sources
-  # Uncomment the following receivers according to your requirement.
-  #    serviceMeshes:
-  # To get API observability from Istio service mesh uncomment the following
-  #      - name: istio-sidecar
-  #        namespace: istio-system
+    # Uncomment the following receivers according to your requirement.
+#    serviceMeshes:
+      # To get API observability from Istio service mesh uncomment the following
+#      - name: istio-sidecar
+#        namespace: istio-system
 
-  #  others:
-  # To get API observability from F5 nginx ingress controller uncomment the following
-  #    - name: nginx-inc-ingress-controller
-  #      namespace: default
+#    others:
+      #  # To get API observability from F5 nginx ingress controller uncomment the following
+#      - name: nginx-inc-ingress-controller
+#        namespace: nginx-ingress
+        # Set to `true` to automatically configure the Nginx Inc. Ingress Controller deployment
+        # to enable HTTP access log observability.
+#        autoConfigure: true
 
-  #    - name: nginx-webserver
+#      - name: nginx-webserver
   exporter:
     grpc:
       port: 8888