✨ License via authentication (#1526)

* 🔨 Add `cloudLicenseEnabled` helm value * 🔨 Add `CLOUD_LICENSE_ENABLED` key to `ConfigMap` * 🔨 Add `REACT_APP_CLOUD_LICENSE_ENABLED` `front` env * 🎨 Reformat `ConfigStruct` * 🔧 Set `cloudLicenseEnabled: true` by default * 🔧 Override auth enabled/type if `cloudLicenseEnabled: true` --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
2025-08-10 21:02:21 +00:00 · 2024-04-22 01:04:08 +03:00 · 2024-04-22 01:04:08 +03:00 · 5a4901f7bd
commit 5a4901f7bd
parent 5a322fc58a
4 changed files with 19 additions and 14 deletions
--- a/config/configStruct.go
+++ b/config/configStruct.go
@ -87,16 +87,17 @@ type ManifestsConfig struct {
 }
 type ConfigStruct struct {
-	Tap          configStructs.TapConfig       `yaml:"tap" json:"tap"`
+	Tap                 configStructs.TapConfig       `yaml:"tap" json:"tap"`
-	Logs         configStructs.LogsConfig      `yaml:"logs" json:"logs"`
+	Logs                configStructs.LogsConfig      `yaml:"logs" json:"logs"`
-	Config       configStructs.ConfigConfig    `yaml:"config,omitempty" json:"config,omitempty"`
+	Config              configStructs.ConfigConfig    `yaml:"config,omitempty" json:"config,omitempty"`
-	Kube         KubeConfig                    `yaml:"kube" json:"kube"`
+	Kube                KubeConfig                    `yaml:"kube" json:"kube"`
-	DumpLogs     bool                          `yaml:"dumpLogs" json:"dumpLogs" default:"false"`
+	DumpLogs            bool                          `yaml:"dumpLogs" json:"dumpLogs" default:"false"`
-	HeadlessMode bool                          `yaml:"headless" json:"headless" default:"false"`
+	HeadlessMode        bool                          `yaml:"headless" json:"headless" default:"false"`
-	License      string                        `yaml:"license" json:"license" default:""`
+	License             string                        `yaml:"license" json:"license" default:""`
-	Scripting    configStructs.ScriptingConfig `yaml:"scripting" json:"scripting"`
+	CloudLicenseEnabled bool                          `yaml:"cloudLicenseEnabled" json:"cloudLicenseEnabled" default:"true"`
-	Manifests    ManifestsConfig               `yaml:"manifests,omitempty" json:"manifests,omitempty"`
+	Scripting           configStructs.ScriptingConfig `yaml:"scripting" json:"scripting"`
-	Timezone     string                        `yaml:"timezone" json:"timezone"`
+	Manifests           ManifestsConfig               `yaml:"manifests,omitempty" json:"manifests,omitempty"`
 	Timezone            string                        `yaml:"timezone" json:"timezone"`
 }
 func (config *ConfigStruct) ImagePullPolicy() v1.PullPolicy {
--- a/helm-chart/templates/06-front-deployment.yaml
+++ b/helm-chart/templates/06-front-deployment.yaml
@ -27,9 +27,9 @@ spec:
            - name: REACT_APP_DEFAULT_FILTER
              value: '{{ not (eq .Values.tap.defaultFilter "") | ternary .Values.tap.defaultFilter " " }}'
            - name: REACT_APP_AUTH_ENABLED
-              value: '{{ .Values.tap.auth.enabled }}'
+              value: '{{ .Values.cloudLicenseEnabled | ternary true .Values.tap.auth.enabled }}'
            - name: REACT_APP_AUTH_TYPE
-              value: '{{ not (eq .Values.tap.auth.type "") | ternary .Values.tap.auth.type " " }}'
+              value: '{{ not (eq .Values.tap.auth.type "") | ternary (.Values.cloudLicenseEnabled | ternary "oidc" .Values.tap.auth.type) " " }}'
            - name: REACT_APP_AUTH_SAML_IDP_METADATA_URL
              value: '{{ not (eq .Values.tap.auth.saml.idpMetadataUrl "") | ternary .Values.tap.auth.saml.idpMetadataUrl " " }}'
            - name: REACT_APP_TIMEZONE
@ -42,6 +42,8 @@ spec:
              value: '{{ .Values.tap.targetedPodsUpdateDisabled }}'
            - name: REACT_APP_RECORDING_DISABLED
              value: '{{ .Values.tap.recordingDisabled }}'
            - name: 'REACT_APP_CLOUD_LICENSE_ENABLED'
              value: '{{ .Values.cloudLicenseEnabled }}'
          image: '{{ .Values.tap.docker.registry }}/front:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
          imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
          name: kubeshark-front
--- a/helm-chart/templates/12-config-map.yaml
+++ b/helm-chart/templates/12-config-map.yaml
@ -13,8 +13,8 @@ data:
    INGRESS_ENABLED: '{{ .Values.tap.ingress.enabled }}'
    INGRESS_HOST: '{{ .Values.tap.ingress.host }}'
    PROXY_FRONT_PORT: '{{ .Values.tap.proxy.front.port }}'
-    AUTH_ENABLED: '{{ .Values.tap.auth.enabled | ternary "true" "" }}'
+    AUTH_ENABLED: '{{ .Values.cloudLicenseEnabled | ternary "true" (.Values.tap.auth.enabled | ternary "true" "") }}'
-    AUTH_TYPE: '{{ .Values.tap.auth.type }}'
+    AUTH_TYPE: '{{ .Values.cloudLicenseEnabled | ternary "oidc" (.Values.tap.auth.type) }}'
    AUTH_SAML_IDP_METADATA_URL: '{{ .Values.tap.auth.saml.idpMetadataUrl }}'
    AUTH_SAML_ROLE_ATTRIBUTE: '{{ .Values.tap.auth.saml.roleAttribute }}'
    AUTH_SAML_ROLES: '{{ .Values.tap.auth.saml.roles | toJson }}'
@ -29,3 +29,4 @@ data:
    PCAP_TTL: '{{ .Values.tap.misc.pcapTTL }}'
    PCAP_ERROR_TTL: '{{ .Values.tap.misc.pcapErrorTTL }}'
    TIMEZONE: '{{ not (eq .Values.timezone "") | ternary .Values.timezone " " }}'
    CLOUD_LICENSE_ENABLED: '{{ .Values.cloudLicenseEnabled }}'
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@ -126,6 +126,7 @@ kube:
 dumpLogs: false
 headless: false
 license: ""
 cloudLicenseEnabled: true
 scripting:
  env: {}
  source: ""