Skip to content

[v18] Add full configuration file for Event Handler helm chart #62280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kshi36 merged 5 commits into from
Dec 16, 2025
Merged

[v18] Add full configuration file for Event Handler helm chart #62280

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a35f077
Added full configuration file for Event Handler helm chart
kshi36 Dec 6, 2025
47194af
Fix snapshot
kshi36 Dec 8, 2025
69c7a5d
Fix test
kshi36 Dec 8, 2025
b373d04
Remove exitOnLastEvent, refresh options; refactoring
kshi36 Dec 8, 2025
da0dd4c
Refactor, fix test
kshi36 Dec 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 26 additions & 2 deletions examples/chart/event-handler/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,34 @@ data:
types = "{{ join "," .Values.eventHandler.types }}"
{{- end }}
{{- if .Values.eventHandler.skipEventTypes }}
skip-event-types = "{{ join "," .Values.eventHandler.skipEventTypes }}"
skip-event-types = "{{ join "," .Values.eventHandler.skipEventTypes }}"
{{- end }}
{{- if .Values.eventHandler.skipSessionTypes }}
{{- if .Values.eventHandler.skipSessionTypes }}
skip-session-types = "{{ join "," .Values.eventHandler.skipSessionTypes }}"
{{- end }}
{{- if .Values.eventHandler.startTime }}
start-time = {{ .Values.eventHandler.startTime | quote }}
{{- end }}
{{- if .Values.eventHandler.dryRun }}
dry-run = {{ .Values.eventHandler.dryRun }}
{{- end }}
{{- if .Values.eventHandler.concurrency }}
concurrency = {{ .Values.eventHandler.concurrency }}
{{- end }}
{{- if .Values.eventHandler.lock }}
{{- if .Values.eventHandler.lock.enabled }}
lock-enabled = {{ .Values.eventHandler.lock.enabled }}
{{- end }}
{{- if .Values.eventHandler.lock.failedAttemptsCount }}
lock-failed-attempts-count = {{ .Values.eventHandler.lock.failedAttemptsCount }}
{{- end }}
{{- if .Values.eventHandler.lock.period }}
lock-period = {{ .Values.eventHandler.lock.period | quote }}
{{- end }}
{{- if .Values.eventHandler.lock.for }}
lock-for = {{ .Values.eventHandler.lock.for | quote }}
{{- end }}
{{- end }}

[teleport]
addr = {{ coalesce .Values.teleport.address .Values.tbot.teleportProxyAddress .Values.tbot.teleportAuthAddress | quote }}
Expand All @@ -36,3 +59,4 @@ data:
ca = "/var/lib/teleport/plugins/event-handler/ca.crt"
cert = "/var/lib/teleport/plugins/event-handler/client.crt"
key = "/var/lib/teleport/plugins/event-handler/client.key"
max-connections = {{ default (mul .Values.eventHandler.concurrency 2) .Values.fluentd.maxConnections }}
9 changes: 8 additions & 1 deletion examples/chart/event-handler/tests/__snapshot__/configmap_test.yaml.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,13 @@ should match the snapshot:
timeout = "10s"
batch = 20
window-size = "24h"
debug = false
debug = true
start-time = "2025-01-01T00:00:00.000Z"
dry-run = true
concurrency = 2
lock-enabled = true
lock-failed-attempts-count = 3
lock-period = "1m"

[teleport]
addr = "teleport.example.com:1234"
Expand All @@ -20,6 +26,7 @@ should match the snapshot:
ca = "/var/lib/teleport/plugins/event-handler/ca.crt"
cert = "/var/lib/teleport/plugins/event-handler/client.crt"
key = "/var/lib/teleport/plugins/event-handler/client.key"
max-connections = 4
kind: ConfigMap
metadata:
labels:
Expand Down
7 changes: 7 additions & 0 deletions examples/chart/event-handler/tests/configmap_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,13 @@ templates:
tests:
- it: should match the snapshot
set:
eventHandler:
debug: true
startTime: "2025-01-01T00:00:00.000Z"
dryRun: true
concurrency: 2
lock:
enabled: true
teleport:
address: teleport.example.com:1234
fluentd:
Expand Down
101 changes: 97 additions & 4 deletions examples/chart/event-handler/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -378,17 +378,26 @@
"timeout": {
"$id": "#/properties/eventHandler/properties/timeout",
"type": "string",
"default": "10s"
"default": "10s",
"examples": [
"10s"
]
},
"batch": {
"$id": "#/properties/eventHandler/properties/batch",
"type": "number",
"default": 20
"type": "integer",
"default": 20,
"examples": [
20
]
},
"window-size": {
"$id": "#/properties/eventHandler/properties/window-size",
"type": "string",
"default": "24h"
"default": "24h",
"examples": [
"24h"
]
},
"debug": {
"$id": "#/properties/eventHandler/properties/debug",
Expand Down Expand Up @@ -421,6 +430,82 @@
"examples": [
["print", "desktop.recording"]
]
},
"startTime": {
"$id": "#/properties/eventHandler/properties/startTime",
"type": "string",
"default": "",
"examples": [
"2025-01-01T00:00:00.000Z"
]
},
"dryRun": {
"$id": "#/properties/eventHandler/properties/dryRun",
"type": "boolean",
"default": false,
"examples": [
false
]
},
"concurrency": {
"$id": "#/properties/eventHandler/properties/concurrency",
"type": "integer",
"default": 5,
"examples": [
5
]
},
"lock": {
"$id": "#/properties/eventHandler/properties/lock",
"type": "object",
"default": {
"enabled": false
},
"examples": [
{
"enabled": true,
"failedAttemptsCount": 3,
"period": "1m",
"for": "5s"
}
],
"required": [
"enabled"
],
"properties": {
"enabled": {
"$id": "#/properties/eventHandler/properties/lock/enabled",
"type": "boolean",
"default": false,
"examples": [
true
]
},
"failedAttemptsCount": {
"$id": "#/properties/eventHandler/properties/lock/failedAttemptsCount",
"type": "integer",
"default": 3,
"examples": [
3
]
},
"period": {
"$id": "#/properties/eventHandler/properties/lock/period",
"type": "string",
"default": "1m",
"examples": [
"1m"
]
},
"for": {
"$id": "#/properties/eventHandler/properties/lock/for",
"type": "string",
"default": "5s",
"examples": [
"5s"
]
}
}
}
},
"additionalProperties": true
Expand Down Expand Up @@ -508,6 +593,14 @@
"default": "client.key"
}
}
},
"maxConnections": {
"$id": "#/properties/fluentd/properties/maxConnections",
"type": "integer",
"default": 0,
"examples": [
10
]
}
},
"additionalProperties": true
Expand Down
62 changes: 50 additions & 12 deletions examples/chart/event-handler/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,10 @@
#
# Plugin specific options
#

# teleport -- contains the configuration describing how the plugin connects to
# your Teleport cluster.
teleport:
# When the address is empty, `tbot.teleportProxyAddress`
# or `tbot.teleportAuthAddress` will be used if they are set.
# teleport.address(string) -- is the address of the Teleport cluster the plugin
# connects to. The address must contain both the domain name and the port of
# the Teleport cluster. It can be either the address of the auth servers or the
Expand Down Expand Up @@ -45,33 +46,70 @@ teleport:
# `"auth_id"`, you can omit this field.
identitySecretPath: "auth_id"

# eventHandler -- contains the configuration used by the plugin to forward Teleport events.
eventHandler:
# eventHandler.storagePath(string) -- is the storage directory for the event handler.
storagePath: "/var/lib/teleport/plugins/event-handler/storage"
# eventHandler.timeout(string) -- is the polling timeout.
timeout: "10s"
# eventHandler.batch(int) -- is the fetch batch size.
batch: 20
# The window size configures the duration of the time window for the event handler
# eventHandler.windowSize(string) -- configures the duration of the time window for the event handler
# to request events from Teleport. By default, this is set to 24 hours.
# Reduce the window size if the events backend cannot manage the event volume
# for the default window size.
# The window size should be specified as a duration string, parsed by Go's time.ParseDuration.
windowSize: "24h"
# Optional setting to enable debug logging
# debug: true
# Optional setting for event types to forward
# types: ["TYPE1", "TYPE2"]
# Optional setting for audit event types to skip
# skipEventTypes: ["TYPE1"]
# Optional setting for session recording event types to skip
# skipSessionTypes: ["TYPE1"]

# eventHandler.debug(bool) -- enables debug logging.
debug: false
# eventHandler.types(list) -- is the list of event types to forward.
# When unset, the event handler forwards all events.
types: []
# eventHandler.skipEventTypes(list) -- is the list of audit event types to skip.
skipEventTypes: []
# eventHandler.skipSessionTypes(list) -- is the list of session recording event types to skip.
# When unset, the event handler skips spammy and binary events.
#
# See the [Teleport-event-handler README](https://github.com/gravitational/teleport/blob/1d2bd5eb8fc3500deb7d7108f6835efde98b7b24/integrations/event-handler/README.md)
# for a list of default skipped events.
skipSessionTypes: []
# eventHandler.startTime(string) -- is the start time to start ingestion from (RFC3339 format).
startTime: ""
# eventHandler.dryRun(bool) -- enables dry run without sending events to fluentd.
dryRun: false
# eventHandler.concurrency(int) -- is the number of concurent sessions to process. By default, this is set to 5.
concurrency: 5
lock:
# eventHandler.lock.enabled(bool) -- controls whether user auto-locking is enabled.
enabled: false
# eventHandler.lock.failedAttemptsCount(int) -- is the number of failed attempts in the `lockPeriod` which
# triggers locking. By default, this is set to 3.
failedAttemptsCount: 3
# eventHandler.lock.period(string) -- is the time period where `lock-failed-attempts-count` failed attempts
# will trigger locking. By default, this is set to 1 minute.
period: "1m"
# eventHandler.lock.for(string) -- is the time period for which user gets lock.
for: ""

# fluentd -- contains the configuration for the fluentd forwarder.
fluentd:
# fluentd.url(string) -- is the Fluentd URL where the events will be sent.
url: ""
# fluentd.sessionUrl(string) -- is the Fluentd URL where the session logs will be sent.
sessionUrl: ""
certificate:
# fluentd.certificate.secretName(string) -- is the secret containing the credentials to connect to Fluentd.
# It must to contain the CA certificate, the client key and the client certificate.
secretName: ""
# fluentd.certificate.caPath(string) -- is the name of the key which contains the CA certificate inside the secret.
caPath: "ca.crt"
# fluentd.certificate.certPath(string) -- is the name of the key which contains the client's certificate inside the secret.
certPath: "client.crt"
# fluentd.certificate.keyPath(string) -- is the name of the key which contains the client's private key inside the secret.
keyPath: "client.key"
# fluentd.maxConnections(int) -- is the maximum number of connections to Fluentd. By default, or when set to 0,
# this becomes `eventHandler.concurrency` * 2.
maxConnections: 0

# tbot -- controls the optional tbot deployment that obtains and renews
# credentials for the plugin to connect to Teleport.
Expand Down
13 changes: 11 additions & 2 deletions integrations/event-handler/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ You may specify configuration options via command line arguments, environment va
|---------------------------|-------------------------------------------------------------------------------------------------------|---------------------------------|
| teleport-addr | Teleport host and port | FDFWD_TELEPORT_ADDR |
| teleport-ca | Teleport TLS CA file | FDFWD_TELEPORT_CA |
| teleport-cert | Teleport TLS certificate file | FDWRD_TELEPORT_CERT |
| teleport-cert | Teleport TLS certificate file | FDFWD_TELEPORT_CERT |
| teleport-key | Teleport TLS key file | FDFWD_TELEPORT_KEY |
| teleport-identity | Teleport identity file | FDFWD_TELEPORT_IDENTITY |
| teleport-refresh-enabled | Controls if the identity file should be reloaded from disk after the initial start on interval. | FDFWD_TELEPORT_REFRESH_ENABLED |
Expand All @@ -31,14 +31,23 @@ You may specify configuration options via command line arguments, environment va
| fluentd-ca | Fluentd TLS CA file | FDFWD_FLUENTD_CA |
| fluentd-cert | Fluentd TLS certificate file | FDFWD_FLUENTD_CERT |
| fluentd-key | Fluentd TLS key file | FDFWD_FLUENTD_KEY |
| fluentd-max-connections | Maximum number of connections to Fluentd | FDFWD_MAX_CONNECTIONS |
| storage | Storage directory | FDFWD_STORAGE |
| batch | Fetch batch size | FDFWD_BATCH |
| types | Comma-separated list of event types to forward | FDFWD_TYPES |
| skip-event-types | Comma-separated list of event types to skip | FDFWD_SKIP_EVENT_TYPES |
| skip-event-types | Comma-separated list of event types to skip | FDFWD_SKIP_EVENT_TYPES |
| skip-session-types | Comma-separated list of session event types to skip | FDFWD_SKIP_SESSION_TYPES |
| start-time | Minimum event time (RFC3339 format) | FDFWD_START_TIME |
| timeout | Polling timeout | FDFWD_TIMEOUT |
| debug | Debug logging | FDFWD_DEBUG |
| dry-run | Simulates execution without sending events to Fluentd | FDFWD_DRY_RUN |
| exit-on-last-event | Exit when last event is processed | FDFWD_EXIT_ON_LAST_EVENT |
| concurrency | Number of concurrent sessions | FDFWD_CONCURRENCY |
| window-size | Window size to process events | FDFWD_WINDOW_SIZE |
| lock-enabled | Enable user auto-locking | FDFWD_LOCKING_ENABLED |
| lock-failed-attempts-count| Number of failed attempts in lock-period which triggers locking | FDFWD_LOCKING_FAILED_ATTEMPTS |
| lock-period | Time period where lock-failed-attempts-count failed attempts will trigger locking | FDFWD_LOCKING_PERIOD |
| lock-for | Time period for which user gets lock | FDFWD_LOCKING_FOR |

TOML configuration keys are the same as CLI args. Teleport and Fluentd variables can be grouped into sections. See [example TOML](example/config.toml). You can specify TOML file location using `--config` CLI flag.

Expand Down
Loading
Loading