diff --git a/cmd/tapRunner.go b/cmd/tapRunner.go index 61f4ed238..fb1e4ae52 100644 --- a/cmd/tapRunner.go +++ b/cmd/tapRunner.go @@ -457,4 +457,5 @@ func updateConfig(kubernetesProvider *kubernetes.Provider) { _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_ENABLED, authEnabled) _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_EMAILS, strings.Join(config.Config.Tap.Auth.ApprovedEmails, ",")) _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_DOMAINS, strings.Join(config.Config.Tap.Auth.ApprovedDomains, ",")) + _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_TENANT_IDS, strings.Join(config.Config.Tap.Auth.ApprovedTenants, ",")) } diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 520ef32d3..d51149fda 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -81,9 +81,10 @@ type ResourcesConfig struct { } type AuthConfig struct { - Enabled bool `yaml:"enabled" json:"enabled" default:"false"` + Enabled bool `yaml:"enabled" json:"enabled" default:"true"` ApprovedEmails []string `yaml:"approvedEmails" json:"approvedEmails" default:"[]"` ApprovedDomains []string `yaml:"approvedDomains" json:"approvedDomains" default:"[]"` + ApprovedTenants []string `yaml:"approvedTenants" json:"approvedTenants" default:"[]"` } type IngressConfig struct { diff --git a/helm-chart/README.md b/helm-chart/README.md index 9352678e1..2af240562 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -65,6 +65,7 @@ tap: approvedEmails: - john.doe@example.com approvedDomains: [] + approvedTenants: [] ingress: enabled: true className: "alb" diff --git a/helm-chart/templates/12-config-map.yaml b/helm-chart/templates/12-config-map.yaml index 789f12d2a..a9af5cf4e 100644 --- a/helm-chart/templates/12-config-map.yaml +++ b/helm-chart/templates/12-config-map.yaml @@ -14,4 +14,5 @@ data: AUTH_ENABLED: '{{ .Values.tap.auth.enabled | ternary "true" "" }}' AUTH_APPROVED_EMAILS: '{{ gt (len .Values.tap.auth.approvedEmails) 0 | ternary (join "," .Values.tap.auth.approvedEmails) "" }}' AUTH_APPROVED_DOMAINS: '{{ gt (len .Values.tap.auth.approvedDomains) 0 | ternary (join "," .Values.tap.auth.approvedDomains) "" }}' + AUTH_APPROVED_TENANTS: '{{ gt (len .Values.tap.auth.approvedTenants) 0 | ternary (join "," .Values.tap.auth.approvedTenants) "" }}' TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}' diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 8f06d925b..13fecf6c2 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -51,9 +51,10 @@ tap: values: - linux auth: - enabled: false + enabled: true approvedEmails: [] approvedDomains: [] + approvedTenants: [] ingress: enabled: false className: "" diff --git a/kubernetes/config.go b/kubernetes/config.go index d123cebc2..c1159185f 100644 --- a/kubernetes/config.go +++ b/kubernetes/config.go @@ -19,6 +19,7 @@ const ( CONFIG_AUTH_ENABLED = "AUTH_ENABLED" CONFIG_AUTH_APPROVED_EMAILS = "AUTH_APPROVED_EMAILS" CONFIG_AUTH_APPROVED_DOMAINS = "AUTH_APPROVED_DOMAINS" + CONFIG_AUTH_TENANT_IDS = "AUTH_TENANT_IDS" ) func SetSecret(provider *Provider, key string, value string) (updated bool, err error) { diff --git a/manifests/complete.yaml b/manifests/complete.yaml index da507644f..eff767852 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -95,9 +95,10 @@ data: NAMESPACES: '' SCRIPTING_ENV: '{}' SCRIPTING_SCRIPTS: '{}' - AUTH_ENABLED: '' + AUTH_ENABLED: 'true' AUTH_APPROVED_EMAILS: '' AUTH_APPROVED_DOMAINS: '' + AUTH_APPROVED_TENANTS: '' TELEMETRY_DISABLED: '' --- # Source: kubeshark/templates/02-cluster-role.yaml