diff --git a/config/configStruct.go b/config/configStruct.go
index 6b24bcbdd..1f0bc9211 100644
--- a/config/configStruct.go
+++ b/config/configStruct.go
@@ -63,11 +63,12 @@ func CreateDefaultConfig() ConfigStruct {
RoleAttribute: "role",
Roles: map[string]configStructs.Role{
"admin": {
- Filter: "",
- CanDownloadPCAP: true,
- CanUseScripting: true,
- CanUpdateTargetedPods: true,
- ShowAdminConsoleLink: true,
+ Filter: "",
+ CanDownloadPCAP: true,
+ CanUseScripting: true,
+ CanUpdateTargetedPods: true,
+ CanStopTrafficCapturing: true,
+ ShowAdminConsoleLink: true,
},
},
},
diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go
index a9dcfad18..73dfb56bd 100644
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -90,11 +90,12 @@ type ResourcesConfig struct {
}
type Role struct {
- Filter string `yaml:"filter" json:"filter" default:""`
- CanDownloadPCAP bool `yaml:"canDownloadPCAP" json:"canDownloadPCAP" default:"false"`
- CanUseScripting bool `yaml:"canUseScripting" json:"canUseScripting" default:"false"`
- CanUpdateTargetedPods bool `yaml:"canUpdateTargetedPods" json:"canUpdateTargetedPods" default:"false"`
- ShowAdminConsoleLink bool `yaml:"showAdminConsoleLink" json:"showAdminConsoleLink" default:"false"`
+ Filter string `yaml:"filter" json:"filter" default:""`
+ CanDownloadPCAP bool `yaml:"canDownloadPCAP" json:"canDownloadPCAP" default:"false"`
+ CanUseScripting bool `yaml:"canUseScripting" json:"canUseScripting" default:"false"`
+ CanUpdateTargetedPods bool `yaml:"canUpdateTargetedPods" json:"canUpdateTargetedPods" default:"false"`
+ CanStopTrafficCapturing bool `yaml:"canStopTrafficCapturing" json:"canStopTrafficCapturing" default:"false"`
+ ShowAdminConsoleLink bool `yaml:"showAdminConsoleLink" json:"showAdminConsoleLink" default:"false"`
}
type SamlConfig struct {
diff --git a/helm-chart/README.md b/helm-chart/README.md
index fb203fe46..317483680 100644
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@@ -157,7 +157,7 @@ Please refer to [metrics](./metrics.md) documentation for details.
| `tap.auth.saml.x509crt` | A self-signed X.509 `.cert` contents
(effective, if `tap.auth.type = saml`) | `` |
| `tap.auth.saml.x509key` | A self-signed X.509 `.key` contents
(effective, if `tap.auth.type = saml`) | `` |
| `tap.auth.saml.roleAttribute` | A SAML attribute name corresponding to user's authorization role
(effective, if `tap.auth.type = saml`) | `role` |
-| `tap.auth.saml.roles` | A list of SAML authorization roles and their permissions
(effective, if `tap.auth.type = saml`) | `{"admin":{"canDownloadPCAP":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}` |
+| `tap.auth.saml.roles` | A list of SAML authorization roles and their permissions
(effective, if `tap.auth.type = saml`) | `{"admin":{"canDownloadPCAP":true,"canUpdateTargetedPods":true,"canUseScripting":true, "canStopTrafficCapturing":true, "filter":"","showAdminConsoleLink":true}}` |
| `tap.ingress.enabled` | Enable `Ingress` | `false` |
| `tap.ingress.className` | Ingress class name | `""` |
| `tap.ingress.host` | Host of the `Ingress` | `ks.svc.cluster.local` |
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 902c19a53..e2729993e 100644
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -78,6 +78,7 @@ tap:
canDownloadPCAP: true
canUseScripting: true
canUpdateTargetedPods: true
+ canStopTrafficCapturing: true
showAdminConsoleLink: true
ingress:
enabled: false