github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-09-14 13:49:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

renamed traffic-validation to traffic-validation-file (#296)

Browse Source
This commit is contained in:
RoyUP9
2021-09-22 11:21:43 +03:00
committed by GitHub
parent 7f837fe947
commit 5dacd41ba9
4 changed files with 13 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -152,12 +152,12 @@ Web interface is now available at http://localhost:8899
``` ```
Any request that contains `User-Agent` header with one of the specified values (`kube-probe` or `prometheus`) will not be captured Any request that contains `User-Agent` header with one of the specified values (`kube-probe` or `prometheus`) will not be captured
### API Rules validation ### Traffic validation rules
This feature allows you to define set of simple rules, and test the API against them. This feature allows you to define set of simple rules, and test the traffic against them.
Such validation may test response for specific JSON fields, headers, etc. Such validation may test response for specific JSON fields, headers, etc.
Please see [API RULES](docs/POLICY_RULES.md) page for more details and syntax. Please see [TRAFFIC RULES](docs/POLICY_RULES.md) page for more details and syntax.
## How to Run local UI ## How to Run local UI

2
cli/cmd/tap.go
View File

@@ -67,7 +67,7 @@ func init() {
tapCmd.Flags().Bool(configStructs.DisableRedactionTapName, defaultTapConfig.DisableRedaction, "Disables redaction of potentially sensitive request/response headers and body values") tapCmd.Flags().Bool(configStructs.DisableRedactionTapName, defaultTapConfig.DisableRedaction, "Disables redaction of potentially sensitive request/response headers and body values")
tapCmd.Flags().String(configStructs.HumanMaxEntriesDBSizeTapName, defaultTapConfig.HumanMaxEntriesDBSize, "Override the default max entries db size") tapCmd.Flags().String(configStructs.HumanMaxEntriesDBSizeTapName, defaultTapConfig.HumanMaxEntriesDBSize, "Override the default max entries db size")
tapCmd.Flags().Bool(configStructs.DryRunTapName, defaultTapConfig.DryRun, "Preview of all pods matching the regex, without tapping them") tapCmd.Flags().Bool(configStructs.DryRunTapName, defaultTapConfig.DryRun, "Preview of all pods matching the regex, without tapping them")
tapCmd.Flags().String(configStructs.EnforcePolicyFile, defaultTapConfig.EnforcePolicyFile, "Yaml file with policy rules") tapCmd.Flags().String(configStructs.EnforcePolicyFile, defaultTapConfig.EnforcePolicyFile, "Yaml file path with policy rules")
tapCmd.Flags().String(configStructs.EnforcePolicyFileDeprecated, defaultTapConfig.EnforcePolicyFileDeprecated, "Yaml file with policy rules") tapCmd.Flags().String(configStructs.EnforcePolicyFileDeprecated, defaultTapConfig.EnforcePolicyFileDeprecated, "Yaml file with policy rules")
tapCmd.Flags().MarkDeprecated(configStructs.EnforcePolicyFileDeprecated, fmt.Sprintf("Use --%s instead", configStructs.EnforcePolicyFile)) tapCmd.Flags().MarkDeprecated(configStructs.EnforcePolicyFileDeprecated, fmt.Sprintf("Use --%s instead", configStructs.EnforcePolicyFile))

4
cli/config/configStructs/tapConfig.go
View File

@@ -16,7 +16,7 @@ const (
DisableRedactionTapName = "no-redact" DisableRedactionTapName = "no-redact"
HumanMaxEntriesDBSizeTapName = "max-entries-db-size" HumanMaxEntriesDBSizeTapName = "max-entries-db-size"
DryRunTapName = "dry-run" DryRunTapName = "dry-run"
EnforcePolicyFile = "traffic-validation" EnforcePolicyFile = "traffic-validation-file"
EnforcePolicyFileDeprecated = "test-rules" EnforcePolicyFileDeprecated = "test-rules"
) )
@@ -33,7 +33,7 @@ type TapConfig struct {
DisableRedaction bool `yaml:"no-redact" default:"false"` DisableRedaction bool `yaml:"no-redact" default:"false"`
HumanMaxEntriesDBSize string `yaml:"max-entries-db-size" default:"200MB"` HumanMaxEntriesDBSize string `yaml:"max-entries-db-size" default:"200MB"`
DryRun bool `yaml:"dry-run" default:"false"` DryRun bool `yaml:"dry-run" default:"false"`
EnforcePolicyFile string `yaml:"traffic-validation"` EnforcePolicyFile string `yaml:"traffic-validation-file"`
EnforcePolicyFileDeprecated string `yaml:"test-rules"` EnforcePolicyFileDeprecated string `yaml:"test-rules"`
ApiServerResources Resources `yaml:"api-server-resources"` ApiServerResources Resources `yaml:"api-server-resources"`
TapperResources Resources `yaml:"tapper-resources"` TapperResources Resources `yaml:"tapper-resources"`

17
docs/POLICY_RULES.md
View File

@@ -1,34 +1,31 @@
# API rules validation # Traffic validation rules
This feature allows you to define set of simple rules, and test the API against them. This feature allows you to define set of simple rules, and test the traffic against them.
Such validation may test response for specific JSON fields, headers, etc. Such validation may test response for specific JSON fields, headers, etc.
## Examples ## Examples
Example 1: HTTP request (REST API call) that didn't pass validation is highlighted in red
Example 1: HTTP request (REST API call) that didnt pass validation is highlighted in red
![Simple UI](../assets/validation-example1.png) ![Simple UI](../assets/validation-example1.png)
- - - - - -
Example 2: Details pane shows the validation rule details and whether it passed or failed Example 2: Details pane shows the validation rule details and whether it passed or failed
![Simple UI](../assets/validation-example2.png) ![Simple UI](../assets/validation-example2.png)
## How to use ## How to use
To use this feature - create simple rules file (see details below) and pass this file as parameter to `mizu tap` command. For example, if rules are stored in file named `rules.yaml` — run the following command: To use this feature - create simple rules file (see details below) and pass this file as parameter to `mizu tap` command. For example, if rules are stored in file named `rules.yaml` — run the following command:
```shell ```shell
mizu tap --traffic-validation rules.yaml PODNAME mizu tap --traffic-validation-file rules.yaml
``` ```
## Rules file structure ## Rules file structure
The structure of the traffic-validation-file is: The structure of the traffic-validation-file is:
@@ -62,6 +59,7 @@ rules:
service: "carts.*" service: "carts.*"
``` ```
### Explanation: ### Explanation:
* First rule `holy-in-name-property`: * First rule `holy-in-name-property`:
@@ -74,5 +72,4 @@ rules:
* Third rule `latency-test`: * Third rule `latency-test`:
> This rule will be applied to all request made to `carts.*` services. If the latency of the response is greater than `1` will be marked as failure, marked as success otherwise. > This rule will be applied to all request made to `carts.*` services. If the latency of the response is greater than `1ms` will be marked as failure, marked as success otherwise.