Configuration
This section walks you through the configuration of ChaosGuard and how to enable it to mitigate potential security threats from chaos-enabled users with malicious intent.
Before you begin
Harness RBAC (role-based access control) serves as a prerequisite to understanding Chaosguard, which serves as an execution-time security evaluation.
Configuring conditions
Conditions describe a set of constraints that are applied to an execution context. To configure a condition,
- Click ChaosGuard on the left-hand side of the Chaos homepage.
- Click Conditions on the top right corner of the ChaosGuard page.
- Click New condition.
- Provide a name, a description (optional), and tags (optional).
- Click Save.
This creates a blank canvas, and you can define the constraints for the condition using a YAML manifest or using the visual editor.
Configuring rules
Rules consist of one or more conditions that are evaluated as a first step in the experiment run. To configure a rule,
- On the top right corner of the ChaosGuard page, click Rules.
- Click New rule.
- Specify parameters such as name, description (optional), tags (optional), user group to apply the rule (you can apply the rule to multiple user groups), and time window to apply the rule.
- Click Next.
- Select a condition (or multiple conditions) that you wish to apply. Click Done.
You can apply the rule to multiple user groups for a project, organization or account, or create a new user group if you have the necessary permissions.
Below is a snap that shows a successful evaluation of all the rules in a chaos experiment.
Below is a snap that shows a failed evaluation of some (or all) rules in a chaos experiment.
Enable and disable rules
The image below shows the two different states of a rule (enable and disable).
