🔨 Add ApprovedTenants field to AuthConfig and enable auth by default

2025-07-16 17:31:58 +00:00 · 2023-10-26 20:27:34 +03:00 · 2023-10-26 20:27:34 +03:00 · 62d4c3a86e
commit 62d4c3a86e
parent 2757b7419f
7 changed files with 10 additions and 3 deletions
--- a/cmd/tapRunner.go
+++ b/cmd/tapRunner.go
@ -457,4 +457,5 @@ func updateConfig(kubernetesProvider *kubernetes.Provider) {
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_ENABLED, authEnabled)
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_EMAILS, strings.Join(config.Config.Tap.Auth.ApprovedEmails, ","))
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_DOMAINS, strings.Join(config.Config.Tap.Auth.ApprovedDomains, ","))
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_TENANT_IDS, strings.Join(config.Config.Tap.Auth.ApprovedTenants, ","))
 }
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@ -81,9 +81,10 @@ type ResourcesConfig struct {
 }
 type AuthConfig struct {
-	Enabled         bool     `yaml:"enabled" json:"enabled" default:"false"`
+	Enabled         bool     `yaml:"enabled" json:"enabled" default:"true"`
 	ApprovedEmails  []string `yaml:"approvedEmails" json:"approvedEmails"  default:"[]"`
 	ApprovedDomains []string `yaml:"approvedDomains" json:"approvedDomains"  default:"[]"`
 	ApprovedTenants []string `yaml:"approvedTenants" json:"approvedTenants"  default:"[]"`
 }
 type IngressConfig struct {
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@ -65,6 +65,7 @@ tap:
    approvedEmails:
    - john.doe@example.com
    approvedDomains: []
    approvedTenants: []
  ingress:
    enabled: true
    className: "alb"
--- a/helm-chart/templates/12-config-map.yaml
+++ b/helm-chart/templates/12-config-map.yaml
@ -14,4 +14,5 @@ data:
    AUTH_ENABLED: '{{ .Values.tap.auth.enabled | ternary "true" "" }}'
    AUTH_APPROVED_EMAILS: '{{ gt (len .Values.tap.auth.approvedEmails) 0 | ternary (join "," .Values.tap.auth.approvedEmails) "" }}'
    AUTH_APPROVED_DOMAINS: '{{ gt (len .Values.tap.auth.approvedDomains) 0 | ternary (join "," .Values.tap.auth.approvedDomains) "" }}'
    AUTH_APPROVED_TENANTS: '{{ gt (len .Values.tap.auth.approvedTenants) 0 | ternary (join "," .Values.tap.auth.approvedTenants) "" }}'
    TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}'
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@ -51,9 +51,10 @@ tap:
      values:
      - linux
  auth:
-    enabled: false
+    enabled: true
    approvedEmails: []
    approvedDomains: []
    approvedTenants: []
  ingress:
    enabled: false
    className: ""
--- a/kubernetes/config.go
+++ b/kubernetes/config.go
@ -19,6 +19,7 @@ const (
 	CONFIG_AUTH_ENABLED          = "AUTH_ENABLED"
 	CONFIG_AUTH_APPROVED_EMAILS  = "AUTH_APPROVED_EMAILS"
 	CONFIG_AUTH_APPROVED_DOMAINS = "AUTH_APPROVED_DOMAINS"
 	CONFIG_AUTH_TENANT_IDS       = "AUTH_TENANT_IDS"
 )
 func SetSecret(provider *Provider, key string, value string) (updated bool, err error) {
--- a/manifests/complete.yaml
+++ b/manifests/complete.yaml
@ -95,9 +95,10 @@ data:
    NAMESPACES: ''
    SCRIPTING_ENV: '{}'
    SCRIPTING_SCRIPTS: '{}'
-    AUTH_ENABLED: ''
+    AUTH_ENABLED: 'true'
    AUTH_APPROVED_EMAILS: ''
    AUTH_APPROVED_DOMAINS: ''
    AUTH_APPROVED_TENANTS: ''
    TELEMETRY_DISABLED: ''
 ---
 # Source: kubeshark/templates/02-cluster-role.yaml