From 6785f024e4e9c2bb59edeaf540b8dd94039ed0a8 Mon Sep 17 00:00:00 2001
From: Serhii Ponomarenko <116438358+tiptophelmet@users.noreply.github.com>
Date: Wed, 7 Feb 2024 05:36:32 +0800
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Feature-based=20SAML=20authorizatio?=
=?UTF-8?q?n=20(#49)=20(#1495)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* 🔨 Add `showAdminConsoleLink` to helm values
* 🔨 Add `ShowAdminConsoleLink` to `TapConfig`
* 🔨 Regenerate `complete.yaml` manifest
* 📝 Update helm-chart `README.md`
---------
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
---
config/configStruct.go | 1 +
config/configStructs/tapConfig.go | 1 +
helm-chart/README.md | 2 +-
helm-chart/values.yaml | 1 +
manifests/complete.yaml | 2 +-
5 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/config/configStruct.go b/config/configStruct.go
index b2ba0c861..73eceed32 100644
--- a/config/configStruct.go
+++ b/config/configStruct.go
@@ -69,6 +69,7 @@ func CreateDefaultConfig() ConfigStruct {
CanDownloadPCAP: true,
CanUseScripting: true,
CanUpdateTargetedPods: true,
+ ShowAdminConsoleLink: true,
},
},
},
diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go
index 54641e67e..70e6e7347 100644
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -88,6 +88,7 @@ type Role struct {
CanDownloadPCAP bool `yaml:"canDownloadPCAP" json:"canDownloadPCAP" default:"false"`
CanUseScripting bool `yaml:"canUseScripting" json:"canUseScripting" default:"false"`
CanUpdateTargetedPods bool `yaml:"canUpdateTargetedPods" json:"canUpdateTargetedPods" default:"false"`
+ ShowAdminConsoleLink bool `yaml:"showAdminConsoleLink" json:"showAdminConsoleLink" default:"false"`
}
type SamlConfig struct {
diff --git a/helm-chart/README.md b/helm-chart/README.md
index 7e086e295..47d0b7120 100644
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@@ -149,7 +149,7 @@ Please refer to [metrics](./metrics.md) documentation for details.
| `tap.auth.saml.x509crt` | A self-signed X.509 `.cert` contents
(effective, if `tap.auth.type = saml`) | `` |
| `tap.auth.saml.x509key` | A self-signed X.509 `.key` contents
(effective, if `tap.auth.type = saml`) | `` |
| `tap.auth.saml.roleAttribute` | A SAML attribute name corresponding to user's authorization role
(effective, if `tap.auth.type = saml`) | `role` |
-| `tap.auth.saml.roles` | A list of SAML authorization roles and their permissions
(effective, if `tap.auth.type = saml`) | `{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":""}}` |
+| `tap.auth.saml.roles` | A list of SAML authorization roles and their permissions
(effective, if `tap.auth.type = saml`) | `{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}` |
| `tap.ingress.enabled` | Enable `Ingress` | `false` |
| `tap.ingress.className` | Ingress class name | `""` |
| `tap.ingress.host` | Host of the `Ingress` | `ks.svc.cluster.local` |
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index ba19a8b98..c62d0cdfc 100644
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -72,6 +72,7 @@ tap:
canDownloadPCAP: true
canUseScripting: true
canUpdateTargetedPods: true
+ showAdminConsoleLink: true
ingress:
enabled: false
className: ""
diff --git a/manifests/complete.yaml b/manifests/complete.yaml
index 01ed344ad..286fefdb4 100644
--- a/manifests/complete.yaml
+++ b/manifests/complete.yaml
@@ -149,7 +149,7 @@ data:
AUTH_TYPE: 'saml'
AUTH_SAML_IDP_METADATA_URL: ''
AUTH_SAML_ROLE_ATTRIBUTE: 'role'
- AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":""}}'
+ AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}'
TELEMETRY_DISABLED: ''
REPLAY_DISABLED: ''
GLOBAL_FILTER: ""