Merge branch 'dev' of ssh://github.com/armosec/kubescape into dev

.github/workflows/build.yaml

@@ -40,7 +40,13 @@ jobs:
       - name: Build
         env:
           RELEASE: v1.0.${{ github.run_number }} 
-        run: mkdir -p build/${{ matrix.os }}  && go mod tidy && go build -ldflags "-w -s -X github.com/armosec/kubescape/cmd.BuildNumber=$RELEASE" -o build/${{ matrix.os }}/kubescape # && md5sum build/${{ matrix.os }}/kubescape > build/${{ matrix.os }}/kubescape.md5
+          ArmoBEServer: api.armo.cloud
+          ArmoERServer: report.euprod1.cyberarmorsoft.com
+          ArmoWebsite: portal.armo.cloud
+          BEServerConst: github.com/armosec/kubescape/cautils/getter.ArmoBEURL
+          ERServerConst: github.com/armosec/kubescape/cautils/getter.ArmoERURL
+          WebsiteConst: github.com/armosec/kubescape/cautils/getter.ArmoFEURL
+        run: mkdir -p build/${{ matrix.os }}  && go mod tidy && go build -ldflags "-w -s -X github.com/armosec/kubescape/cmd.BuildNumber=$RELEASE -X $BEServerConst=$ArmoBEServer -X $ERServerConst=$ArmoERServer -X $WebsiteConst=$ArmoWebsite" -o build/${{ matrix.os }}/kubescape # && md5sum build/${{ matrix.os }}/kubescape > build/${{ matrix.os }}/kubescape.md5
       
       - name: Upload Release binaries
         id: upload-release-asset

cautils/customerloader.go

@@ -7,6 +7,7 @@ import (
 	"io/ioutil"
 	"net/url"
 	"os"
+	"strings"
 
 	"github.com/armosec/kubescape/cautils/getter"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -21,8 +22,9 @@ const (
 )
 
 type ConfigObj struct {
-	CustomerGUID string `json:"customerGUID"`
-	Token        string `json:"token"`
+	CustomerGUID       string `json:"customerGUID"`
+	Token              string `json:"token"`
+	CustomerAdminEMail string `json:"adminMail"`
 }
 
 func (co *ConfigObj) Json() []byte {
@@ -79,6 +81,11 @@ func (c *ClusterConfig) GenerateURL() {
 	u := url.URL{}
 	u.Scheme = "https"
 	u.Host = getter.ArmoFEURL
+	if c.configObj.CustomerAdminEMail != "" {
+		msgStr := fmt.Sprintf("To view all controls and get remediations ask access permissions to %s from %s", u.String(), c.configObj.CustomerAdminEMail)
+		InfoTextDisplay(os.Stdout, msgStr+"\n")
+		return
+	}
 	u.Path = "account/sign-up"
 	q := u.Query()
 	q.Add("invitationToken", c.configObj.Token)
@@ -91,30 +98,40 @@ func (c *ClusterConfig) GenerateURL() {
 }
 
 func (c *ClusterConfig) GetCustomerGUID() string {
-	return c.configObj.CustomerGUID
+	if c.configObj != nil {
+		return c.configObj.CustomerGUID
+	}
+	return ""
 }
 func (c *ClusterConfig) SetCustomerGUID() error {
 
 	// get from configMap
 	if configObj, _ := c.loadConfigFromConfigMap(); configObj != nil {
 		c.update(configObj)
-		return nil
 	}
 
 	// get from file
 	if configObj, _ := c.loadConfigFromFile(); configObj != nil {
 		c.update(configObj)
 		c.updateConfigMap()
-		return nil
 	}
-
+	customerGUID := c.GetCustomerGUID()
 	// get from armoBE
-	if tenantResponse, err := c.armoAPI.GetCustomerGUID(); tenantResponse != nil {
-		c.update(&ConfigObj{CustomerGUID: tenantResponse.TenantID, Token: tenantResponse.Token})
-		return c.updateConfigMap()
+	tenantResponse, err := c.armoAPI.GetCustomerGUID(customerGUID)
+	if err == nil && tenantResponse != nil {
+		if tenantResponse.AdminMail != "" { // this customer already belongs to some user
+			c.update(&ConfigObj{CustomerGUID: customerGUID, CustomerAdminEMail: tenantResponse.AdminMail})
+		} else {
+			c.update(&ConfigObj{CustomerGUID: tenantResponse.TenantID, Token: tenantResponse.Token})
+			return c.updateConfigMap()
+		}
 	} else {
+		if err != nil && strings.Contains(err.Error(), "Invitation for tenant already exists") {
+			return nil
+		}
 		return err
 	}
+	return nil
 }
 
 func (c *ClusterConfig) loadConfigFromConfigMap() (*ConfigObj, error) {

cautils/getter/armoapi.go

@@ -1,6 +1,7 @@
 package getter
 
 import (
+	"fmt"
 	"net/http"
 
 	"github.com/armosec/kubescape/cautils/armotypes"
@@ -11,7 +12,7 @@ import (
 // =============================================== ArmoAPI ===============================================================
 // =======================================================================================================================
 
-const (
+var (
 	ArmoBEURL = "eggdashbe.eudev3.cyberarmorsoft.com"
 	ArmoERURL = "report.eudev3.cyberarmorsoft.com"
 	ArmoFEURL = "armoui.eudev3.cyberarmorsoft.com"
@@ -60,8 +61,12 @@ func (armoAPI *ArmoAPI) GetExceptions(customerGUID, clusterName string) ([]armot
 	return exceptions, nil
 }
 
-func (armoAPI *ArmoAPI) GetCustomerGUID() (*TenantResponse, error) {
-	respStr, err := HttpGetter(armoAPI.httpClient, armoAPI.getCustomerURL())
+func (armoAPI *ArmoAPI) GetCustomerGUID(customerGUID string) (*TenantResponse, error) {
+	url := armoAPI.getCustomerURL()
+	if customerGUID != "" {
+		url = fmt.Sprintf("%s?customerGUID=%s", url, customerGUID)
+	}
+	respStr, err := HttpGetter(armoAPI.httpClient, url)
 	if err != nil {
 		return nil, err
 	}
@@ -74,7 +79,8 @@ func (armoAPI *ArmoAPI) GetCustomerGUID() (*TenantResponse, error) {
 }
 
 type TenantResponse struct {
-	TenantID string `json:"tenantId"`
-	Token    string `json:"token"`
-	Expires  string `json:"expires"`
+	TenantID  string `json:"tenantId"`
+	Token     string `json:"token"`
+	Expires   string `json:"expires"`
+	AdminMail string `json:"adminMail,omitempty"`
 }