From 7168b5c515ebd1db1b58d45482e9209769343b40 Mon Sep 17 00:00:00 2001
From: Serhii Ponomarenko <116438358+tiptophelmet@users.noreply.github.com>
Date: Thu, 18 Jul 2024 18:18:03 +0300
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A8=20Add=20`canStopTrafficCapturing`?=
 =?UTF-8?q?=20SAML=20authz=20action=20(#1565)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
---
 config/configStruct.go            | 11 ++++++-----
 config/configStructs/tapConfig.go | 11 ++++++-----
 helm-chart/README.md              |  2 +-
 helm-chart/values.yaml            |  1 +
 4 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/config/configStruct.go b/config/configStruct.go
index 6b24bcbdd..1f0bc9211 100644
--- a/config/configStruct.go
+++ b/config/configStruct.go
@@ -63,11 +63,12 @@ func CreateDefaultConfig() ConfigStruct {
 					RoleAttribute: "role",
 					Roles: map[string]configStructs.Role{
 						"admin": {
-							Filter:                "",
-							CanDownloadPCAP:       true,
-							CanUseScripting:       true,
-							CanUpdateTargetedPods: true,
-							ShowAdminConsoleLink:  true,
+							Filter:                  "",
+							CanDownloadPCAP:         true,
+							CanUseScripting:         true,
+							CanUpdateTargetedPods:   true,
+							CanStopTrafficCapturing: true,
+							ShowAdminConsoleLink:    true,
 						},
 					},
 				},
diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go
index a9dcfad18..73dfb56bd 100644
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -90,11 +90,12 @@ type ResourcesConfig struct {
 }
 
 type Role struct {
-	Filter                string `yaml:"filter" json:"filter" default:""`
-	CanDownloadPCAP       bool   `yaml:"canDownloadPCAP" json:"canDownloadPCAP" default:"false"`
-	CanUseScripting       bool   `yaml:"canUseScripting" json:"canUseScripting" default:"false"`
-	CanUpdateTargetedPods bool   `yaml:"canUpdateTargetedPods" json:"canUpdateTargetedPods" default:"false"`
-	ShowAdminConsoleLink  bool   `yaml:"showAdminConsoleLink" json:"showAdminConsoleLink" default:"false"`
+	Filter                  string `yaml:"filter" json:"filter" default:""`
+	CanDownloadPCAP         bool   `yaml:"canDownloadPCAP" json:"canDownloadPCAP" default:"false"`
+	CanUseScripting         bool   `yaml:"canUseScripting" json:"canUseScripting" default:"false"`
+	CanUpdateTargetedPods   bool   `yaml:"canUpdateTargetedPods" json:"canUpdateTargetedPods" default:"false"`
+	CanStopTrafficCapturing bool   `yaml:"canStopTrafficCapturing" json:"canStopTrafficCapturing" default:"false"`
+	ShowAdminConsoleLink    bool   `yaml:"showAdminConsoleLink" json:"showAdminConsoleLink" default:"false"`
 }
 
 type SamlConfig struct {
diff --git a/helm-chart/README.md b/helm-chart/README.md
index fb203fe46..317483680 100644
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@@ -157,7 +157,7 @@ Please refer to [metrics](./metrics.md) documentation for details.
 | `tap.auth.saml.x509crt`                   | A self-signed X.509 `.cert` contents <br/>(effective, if `tap.auth.type = saml`)          | ``                                                      |
 | `tap.auth.saml.x509key`                   | A self-signed X.509 `.key` contents <br/>(effective, if `tap.auth.type = saml`)           | ``                                                      |
 | `tap.auth.saml.roleAttribute`             | A SAML attribute name corresponding to user's authorization role <br/>(effective, if `tap.auth.type = saml`)  | `role` |
-| `tap.auth.saml.roles`                     | A list of SAML authorization roles and their permissions <br/>(effective, if `tap.auth.type = saml`)  | `{"admin":{"canDownloadPCAP":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}` |
+| `tap.auth.saml.roles`                     | A list of SAML authorization roles and their permissions <br/>(effective, if `tap.auth.type = saml`)  | `{"admin":{"canDownloadPCAP":true,"canUpdateTargetedPods":true,"canUseScripting":true, "canStopTrafficCapturing":true, "filter":"","showAdminConsoleLink":true}}` |
 | `tap.ingress.enabled`                     | Enable `Ingress`                                | `false`                                                 |
 | `tap.ingress.className`                   | Ingress class name                            | `""`                                                    |
 | `tap.ingress.host`                        | Host of the `Ingress`                          | `ks.svc.cluster.local`                                  |
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 902c19a53..e2729993e 100644
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -78,6 +78,7 @@ tap:
           canDownloadPCAP: true
           canUseScripting: true
           canUpdateTargetedPods: true
+          canStopTrafficCapturing: true
           showAdminConsoleLink: true
   ingress:
     enabled: false