🔥 Remove old Descope auth (#1490)

* 🔥 Remove Descope-related config updates

* 🔥 Remove Descope-related helm values

* 🔥 Remove Descope-related k8s configs

* 🔥 Remove Descope-related fields from `tapConfig`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>

cmd/tapRunner.go

@@ -461,8 +461,5 @@ func updateConfig(kubernetesProvider *kubernetes.Provider) {
 
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_ENABLED, authEnabled)
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_TYPE, config.Config.Tap.Auth.Type)
-	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_EMAILS, strings.Join(config.Config.Tap.Auth.ApprovedEmails, ","))
-	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_DOMAINS, strings.Join(config.Config.Tap.Auth.ApprovedDomains, ","))
-	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_TENANTS, strings.Join(config.Config.Tap.Auth.ApprovedTenants, ","))
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_SAML_IDP_METADATA_URL, config.Config.Tap.Auth.Saml.IdpMetadataUrl)
 }

config/configStructs/tapConfig.go

@@ -101,9 +101,6 @@ type SamlConfig struct {
 type AuthConfig struct {
 	Enabled         bool       `yaml:"enabled" json:"enabled" default:"false"`
 	Type            string     `yaml:"type" json:"type" default:"saml"`
-	ApprovedEmails  []string   `yaml:"approvedEmails" json:"approvedEmails"  default:"[]"`
-	ApprovedDomains []string   `yaml:"approvedDomains" json:"approvedDomains"  default:"[]"`
-	ApprovedTenants []string   `yaml:"approvedTenants" json:"approvedTenants"  default:"[]"`
 	Saml            SamlConfig `yaml:"saml" json:"saml"`
 }
 

helm-chart/README.md

@@ -224,9 +224,6 @@ tap:
   auth:
     enabled: true
     type: saml
-    approvedEmails: []
-    approvedDomains: []
-    approvedTenants: []
     saml:
       idpMetadataUrl: "https://tiptophelmet.us.auth0.com/samlp/metadata/MpWiDCMMB5ShU1HRnhdb1sHM6VWqdnDG"
       x509crt: |

helm-chart/templates/12-config-map.yaml

@@ -15,9 +15,6 @@ data:
     PROXY_FRONT_PORT: '{{ .Values.tap.proxy.front.port }}'
     AUTH_ENABLED: '{{ .Values.tap.auth.enabled | ternary "true" "" }}'
     AUTH_TYPE: '{{ .Values.tap.auth.type }}'
-    AUTH_APPROVED_EMAILS: '{{ gt (len .Values.tap.auth.approvedEmails) 0 | ternary (join "," .Values.tap.auth.approvedEmails) "" }}'
-    AUTH_APPROVED_DOMAINS: '{{ gt (len .Values.tap.auth.approvedDomains) 0 | ternary (join "," .Values.tap.auth.approvedDomains) "" }}'
-    AUTH_APPROVED_TENANTS: '{{ gt (len .Values.tap.auth.approvedTenants) 0 | ternary (join "," .Values.tap.auth.approvedTenants) "" }}'
     AUTH_SAML_IDP_METADATA_URL: '{{ .Values.tap.auth.saml.idpMetadataUrl }}'
     AUTH_SAML_ROLE_ATTRIBUTE: '{{ .Values.tap.auth.saml.roleAttribute }}'
     AUTH_SAML_ROLES: '{{ .Values.tap.auth.saml.roles | toJson }}'

helm-chart/values.yaml

@@ -60,9 +60,6 @@ tap:
   auth:
     enabled: false
     type: saml
-    approvedEmails: []
-    approvedDomains: []
-    approvedTenants: []
     saml:
       idpMetadataUrl: ""
       x509crt: ""

kubernetes/config.go

@@ -21,9 +21,6 @@ const (
 	CONFIG_PROXY_FRONT_PORT           = "PROXY_FRONT_PORT"
 	CONFIG_AUTH_ENABLED               = "AUTH_ENABLED"
 	CONFIG_AUTH_TYPE                  = "AUTH_TYPE"
-	CONFIG_AUTH_APPROVED_EMAILS       = "AUTH_APPROVED_EMAILS"
-	CONFIG_AUTH_APPROVED_DOMAINS      = "AUTH_APPROVED_DOMAINS"
-	CONFIG_AUTH_APPROVED_TENANTS      = "AUTH_APPROVED_TENANTS"
 	CONFIG_AUTH_SAML_IDP_METADATA_URL = "AUTH_SAML_IDP_METADATA_URL"
 )
 

manifests/complete.yaml

@@ -147,9 +147,6 @@ data:
     PROXY_FRONT_PORT: '8899'
     AUTH_ENABLED: ''
     AUTH_TYPE: 'saml'
-    AUTH_APPROVED_EMAILS: ''
-    AUTH_APPROVED_DOMAINS: ''
-    AUTH_APPROVED_TENANTS: ''
     AUTH_SAML_IDP_METADATA_URL: ''
     AUTH_SAML_ROLE_ATTRIBUTE: 'role'
     AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":""}}'