From 18d051af281522c3818c835c1b1721f01e15d158 Mon Sep 17 00:00:00 2001 From: Serhii Ponomarenko <116438358+tiptophelmet@users.noreply.github.com> Date: Thu, 1 Feb 2024 06:49:55 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A5=20Remove=20old=20`Descope`=20auth?= =?UTF-8?q?=20(#1490)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 🔥 Remove Descope-related config updates * 🔥 Remove Descope-related helm values * 🔥 Remove Descope-related k8s configs * 🔥 Remove Descope-related fields from `tapConfig` --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com> --- cmd/tapRunner.go | 3 --- config/configStructs/tapConfig.go | 3 --- helm-chart/README.md | 3 --- helm-chart/templates/12-config-map.yaml | 3 --- helm-chart/values.yaml | 3 --- kubernetes/config.go | 3 --- manifests/complete.yaml | 3 --- 7 files changed, 21 deletions(-) diff --git a/cmd/tapRunner.go b/cmd/tapRunner.go index 19fbd91a3..441028d0b 100644 --- a/cmd/tapRunner.go +++ b/cmd/tapRunner.go @@ -461,8 +461,5 @@ func updateConfig(kubernetesProvider *kubernetes.Provider) { _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_ENABLED, authEnabled) _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_TYPE, config.Config.Tap.Auth.Type) - _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_EMAILS, strings.Join(config.Config.Tap.Auth.ApprovedEmails, ",")) - _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_DOMAINS, strings.Join(config.Config.Tap.Auth.ApprovedDomains, ",")) - _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_TENANTS, strings.Join(config.Config.Tap.Auth.ApprovedTenants, ",")) _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_SAML_IDP_METADATA_URL, config.Config.Tap.Auth.Saml.IdpMetadataUrl) } diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index c58a8f08a..da71a1b74 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -101,9 +101,6 @@ type SamlConfig struct { type AuthConfig struct { Enabled bool `yaml:"enabled" json:"enabled" default:"false"` Type string `yaml:"type" json:"type" default:"saml"` - ApprovedEmails []string `yaml:"approvedEmails" json:"approvedEmails" default:"[]"` - ApprovedDomains []string `yaml:"approvedDomains" json:"approvedDomains" default:"[]"` - ApprovedTenants []string `yaml:"approvedTenants" json:"approvedTenants" default:"[]"` Saml SamlConfig `yaml:"saml" json:"saml"` } diff --git a/helm-chart/README.md b/helm-chart/README.md index a9a5bb452..7e086e295 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -224,9 +224,6 @@ tap: auth: enabled: true type: saml - approvedEmails: [] - approvedDomains: [] - approvedTenants: [] saml: idpMetadataUrl: "https://tiptophelmet.us.auth0.com/samlp/metadata/MpWiDCMMB5ShU1HRnhdb1sHM6VWqdnDG" x509crt: | diff --git a/helm-chart/templates/12-config-map.yaml b/helm-chart/templates/12-config-map.yaml index 9d13f28a0..9ef3268bf 100644 --- a/helm-chart/templates/12-config-map.yaml +++ b/helm-chart/templates/12-config-map.yaml @@ -15,9 +15,6 @@ data: PROXY_FRONT_PORT: '{{ .Values.tap.proxy.front.port }}' AUTH_ENABLED: '{{ .Values.tap.auth.enabled | ternary "true" "" }}' AUTH_TYPE: '{{ .Values.tap.auth.type }}' - AUTH_APPROVED_EMAILS: '{{ gt (len .Values.tap.auth.approvedEmails) 0 | ternary (join "," .Values.tap.auth.approvedEmails) "" }}' - AUTH_APPROVED_DOMAINS: '{{ gt (len .Values.tap.auth.approvedDomains) 0 | ternary (join "," .Values.tap.auth.approvedDomains) "" }}' - AUTH_APPROVED_TENANTS: '{{ gt (len .Values.tap.auth.approvedTenants) 0 | ternary (join "," .Values.tap.auth.approvedTenants) "" }}' AUTH_SAML_IDP_METADATA_URL: '{{ .Values.tap.auth.saml.idpMetadataUrl }}' AUTH_SAML_ROLE_ATTRIBUTE: '{{ .Values.tap.auth.saml.roleAttribute }}' AUTH_SAML_ROLES: '{{ .Values.tap.auth.saml.roles | toJson }}' diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index a85d1ae61..bd35669b8 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -60,9 +60,6 @@ tap: auth: enabled: false type: saml - approvedEmails: [] - approvedDomains: [] - approvedTenants: [] saml: idpMetadataUrl: "" x509crt: "" diff --git a/kubernetes/config.go b/kubernetes/config.go index 587f5e91a..f8a3ba017 100644 --- a/kubernetes/config.go +++ b/kubernetes/config.go @@ -21,9 +21,6 @@ const ( CONFIG_PROXY_FRONT_PORT = "PROXY_FRONT_PORT" CONFIG_AUTH_ENABLED = "AUTH_ENABLED" CONFIG_AUTH_TYPE = "AUTH_TYPE" - CONFIG_AUTH_APPROVED_EMAILS = "AUTH_APPROVED_EMAILS" - CONFIG_AUTH_APPROVED_DOMAINS = "AUTH_APPROVED_DOMAINS" - CONFIG_AUTH_APPROVED_TENANTS = "AUTH_APPROVED_TENANTS" CONFIG_AUTH_SAML_IDP_METADATA_URL = "AUTH_SAML_IDP_METADATA_URL" ) diff --git a/manifests/complete.yaml b/manifests/complete.yaml index 2506b5b4a..3eb70a245 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -147,9 +147,6 @@ data: PROXY_FRONT_PORT: '8899' AUTH_ENABLED: '' AUTH_TYPE: 'saml' - AUTH_APPROVED_EMAILS: '' - AUTH_APPROVED_DOMAINS: '' - AUTH_APPROVED_TENANTS: '' AUTH_SAML_IDP_METADATA_URL: '' AUTH_SAML_ROLE_ATTRIBUTE: 'role' AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":""}}'