github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-08-08 03:54:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔨 Add canStopTrafficCapturing SAML authz action (#1565)

Browse Source 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
This commit is contained in:
Serhii Ponomarenko 2024-07-18 18:18:03 +03:00 committed by GitHub
parent 50d29f1e93
commit 7168b5c515
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/configStruct.go
View File

@ -67,6 +67,7 @@ func CreateDefaultConfig() ConfigStruct {
CanDownloadPCAP: true, CanDownloadPCAP: true,
CanUseScripting: true, CanUseScripting: true,
CanUpdateTargetedPods: true, CanUpdateTargetedPods: true,
CanStopTrafficCapturing: true,
ShowAdminConsoleLink: true, ShowAdminConsoleLink: true,
}, },
}, },

1
config/configStructs/tapConfig.go
View File

@ -94,6 +94,7 @@ type Role struct {
CanDownloadPCAP bool `yaml:"canDownloadPCAP" json:"canDownloadPCAP" default:"false"` CanDownloadPCAP bool `yaml:"canDownloadPCAP" json:"canDownloadPCAP" default:"false"`
CanUseScripting bool `yaml:"canUseScripting" json:"canUseScripting" default:"false"` CanUseScripting bool `yaml:"canUseScripting" json:"canUseScripting" default:"false"`
CanUpdateTargetedPods bool `yaml:"canUpdateTargetedPods" json:"canUpdateTargetedPods" default:"false"` CanUpdateTargetedPods bool `yaml:"canUpdateTargetedPods" json:"canUpdateTargetedPods" default:"false"`
CanStopTrafficCapturing bool `yaml:"canStopTrafficCapturing" json:"canStopTrafficCapturing" default:"false"`
ShowAdminConsoleLink bool `yaml:"showAdminConsoleLink" json:"showAdminConsoleLink" default:"false"` ShowAdminConsoleLink bool `yaml:"showAdminConsoleLink" json:"showAdminConsoleLink" default:"false"`
} }

2
helm-chart/README.md
View File

@ -157,7 +157,7 @@ Please refer to [metrics](./metrics.md) documentation for details.
| `tap.auth.saml.x509crt` | A self-signed X.509 `.cert` contents <br/>(effective, if `tap.auth.type = saml`) | `` | | `tap.auth.saml.x509crt` | A self-signed X.509 `.cert` contents <br/>(effective, if `tap.auth.type = saml`) | `` |
| `tap.auth.saml.x509key` | A self-signed X.509 `.key` contents <br/>(effective, if `tap.auth.type = saml`) | `` | | `tap.auth.saml.x509key` | A self-signed X.509 `.key` contents <br/>(effective, if `tap.auth.type = saml`) | `` |
| `tap.auth.saml.roleAttribute` | A SAML attribute name corresponding to user's authorization role <br/>(effective, if `tap.auth.type = saml`) | `role` | | `tap.auth.saml.roleAttribute` | A SAML attribute name corresponding to user's authorization role <br/>(effective, if `tap.auth.type = saml`) | `role` |
| `tap.auth.saml.roles` | A list of SAML authorization roles and their permissions <br/>(effective, if `tap.auth.type = saml`) | `{"admin":{"canDownloadPCAP":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}` | | `tap.auth.saml.roles` | A list of SAML authorization roles and their permissions <br/>(effective, if `tap.auth.type = saml`) | `{"admin":{"canDownloadPCAP":true,"canUpdateTargetedPods":true,"canUseScripting":true, "canStopTrafficCapturing":true, "filter":"","showAdminConsoleLink":true}}` |
| `tap.ingress.enabled` | Enable `Ingress` | `false` | | `tap.ingress.enabled` | Enable `Ingress` | `false` |
| `tap.ingress.className` | Ingress class name | `""` | | `tap.ingress.className` | Ingress class name | `""` |
| `tap.ingress.host` | Host of the `Ingress` | `ks.svc.cluster.local` | | `tap.ingress.host` | Host of the `Ingress` | `ks.svc.cluster.local` |

1
helm-chart/values.yaml
View File

@ -78,6 +78,7 @@ tap:
canDownloadPCAP: true canDownloadPCAP: true
canUseScripting: true canUseScripting: true
canUpdateTargetedPods: true canUpdateTargetedPods: true
canStopTrafficCapturing: true
showAdminConsoleLink: true showAdminConsoleLink: true
ingress: ingress:
enabled: false enabled: false