Package io.fabric8.openshift.api.model.monitoring.v1

Class ArbitraryFSAccessThroughSMsConfig

  • All Implemented Interfaces:
    io.fabric8.kubernetes.api.builder.Editable<ArbitraryFSAccessThroughSMsConfigBuilder>, io.fabric8.kubernetes.api.model.KubernetesResource, Serializable
    @Generated("io.fabric8.kubernetes.schema.generator.model.ModelGenerator")
public class ArbitraryFSAccessThroughSMsConfig
extends Object
implements io.fabric8.kubernetes.api.builder.Editable<ArbitraryFSAccessThroughSMsConfigBuilder>, io.fabric8.kubernetes.api.model.KubernetesResource
    ArbitraryFSAccessThroughSMsConfig enables users to configure, whether a service monitor selected by the Prometheus instance is allowed to use arbitrary files on the file system of the Prometheus container. This is the case when e.g. a service monitor specifies a BearerTokenFile in an endpoint. A malicious user could create a service monitor selecting arbitrary secret files in the Prometheus container. Those secrets would then be sent with a scrape request by Prometheus to a malicious target. Denying the above would prevent the attack, users can instead use the BearerTokenSecret field.
    See Also:
    Serialized Form

    • Constructor Detail

      • ArbitraryFSAccessThroughSMsConfig

        public ArbitraryFSAccessThroughSMsConfig()
        No args constructor for use in serialization

      • ArbitraryFSAccessThroughSMsConfig

        public ArbitraryFSAccessThroughSMsConfig​(Boolean deny)

    • Method Detail

      • getDeny

        public Boolean getDeny()
        ArbitraryFSAccessThroughSMsConfig enables users to configure, whether a service monitor selected by the Prometheus instance is allowed to use arbitrary files on the file system of the Prometheus container. This is the case when e.g. a service monitor specifies a BearerTokenFile in an endpoint. A malicious user could create a service monitor selecting arbitrary secret files in the Prometheus container. Those secrets would then be sent with a scrape request by Prometheus to a malicious target. Denying the above would prevent the attack, users can instead use the BearerTokenSecret field.

      • setDeny

        public void setDeny​(Boolean deny)
        ArbitraryFSAccessThroughSMsConfig enables users to configure, whether a service monitor selected by the Prometheus instance is allowed to use arbitrary files on the file system of the Prometheus container. This is the case when e.g. a service monitor specifies a BearerTokenFile in an endpoint. A malicious user could create a service monitor selecting arbitrary secret files in the Prometheus container. Those secrets would then be sent with a scrape request by Prometheus to a malicious target. Denying the above would prevent the attack, users can instead use the BearerTokenSecret field.

      • getAdditionalProperties

        public Map<String,​Object> getAdditionalProperties()

      • setAdditionalProperty

        public void setAdditionalProperty​(String name,
                                  Object value)

      • setAdditionalProperties

        public void setAdditionalProperties​(Map<String,​Object> additionalProperties)