fixes for sso users listing, sso users kubectl issue, removed commented code

go.mod

@@ -6,9 +6,9 @@ require github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.3
 
 require (
 	github.com/DATA-DOG/go-sqlmock v1.5.0
-	github.com/Shopify/sarama v1.32.0
 	github.com/casbin/casbin/v2 v2.40.6
 	github.com/casbin/gorm-adapter/v3 v3.4.6
+	github.com/cloudflare/cfssl v0.0.0-20190726000631-633726f6bcb7
 	github.com/crewjam/saml v0.4.6
 	github.com/dgraph-io/ristretto v0.1.0
 	github.com/elastic/go-elasticsearch v0.0.0
@@ -28,8 +28,6 @@ require (
 	github.com/segmentio/encoding v0.3.4
 	github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749
 	github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546
-	github.com/spacemonkeygo/httpsig v0.0.0-20181218213338-2605ae379e47
-	github.com/speps/go-hashids v2.0.0+incompatible
 	github.com/spf13/viper v1.10.1
 	github.com/uptrace/bun v1.0.20
 	github.com/uptrace/bun/dialect/pgdialect v1.0.20
@@ -41,6 +39,8 @@ require (
 	google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5
 	google.golang.org/grpc v1.44.0
 	google.golang.org/protobuf v1.27.1
+	gopkg.in/natefinch/lumberjack.v2 v2.0.0
+	gopkg.in/yaml.v2 v2.4.0
 	gorm.io/driver/postgres v1.2.2
 	gorm.io/gorm v1.22.5
 	k8s.io/api v0.23.4
@@ -54,43 +54,19 @@ require (
 )
 
 require (
-	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/DataDog/datadog-go v4.8.2+incompatible // indirect
-	github.com/DataDog/sketches-go v1.2.1 // indirect
 	github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible // indirect
-	github.com/Microsoft/go-winio v0.5.1 // indirect
-	github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
-	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/beevik/etree v1.1.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
-	github.com/cenkalti/backoff/v4 v4.1.2 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/cloudflare/cfssl v0.0.0-20190726000631-633726f6bcb7 // indirect
-	github.com/containerd/continuity v0.2.1 // indirect
 	github.com/crewjam/httperr v0.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/denisenkom/go-mssqldb v0.11.0 // indirect
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect
-	github.com/docker/cli v20.10.11+incompatible // indirect
-	github.com/docker/docker v20.10.9+incompatible // indirect
-	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/docker/go-units v0.4.0 // indirect
-	github.com/duo-labs/webauthn v0.0.0-20210727191636-9f1b88ef44cc // indirect
 	github.com/dustin/go-humanize v1.0.0 // indirect
-	github.com/eapache/go-resiliency v1.2.0 // indirect
-	github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21 // indirect
-	github.com/eapache/queue v1.1.0 // indirect
-	github.com/elastic/go-licenser v0.3.1 // indirect
-	github.com/elastic/go-sysinfo v1.7.1 // indirect
-	github.com/elastic/go-windows v1.0.1 // indirect
 	github.com/fatih/color v1.13.0 // indirect
-	github.com/fatih/structs v1.1.0 // indirect
 	github.com/fsnotify/fsnotify v1.5.1 // indirect
-	github.com/fxamacker/cbor/v2 v2.2.0 // indirect
 	github.com/go-logr/logr v1.2.0 // indirect
 	github.com/go-openapi/analysis v0.21.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
@@ -99,31 +75,19 @@ require (
 	github.com/go-openapi/spec v0.20.4 // indirect
 	github.com/go-sql-driver/mysql v1.6.0 // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
-	github.com/gobuffalo/pop/v5 v5.3.4 // indirect
 	github.com/gofrs/uuid v4.1.0+incompatible // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.1.0 // indirect
 	github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect
-	github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2 // indirect
 	github.com/golang/glog v1.0.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/mock v1.6.0 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/certificate-transparency-go v1.0.21 // indirect
 	github.com/google/go-cmp v0.5.7 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/gnostic v0.5.5 // indirect
-	github.com/gorilla/securecookie v1.1.1 // indirect
-	github.com/gorilla/sessions v1.2.1 // indirect
-	github.com/gorilla/websocket v1.4.2 // indirect
-	github.com/hashicorp/go-uuid v1.0.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
-	github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743 // indirect
-	github.com/instana/go-sensor v1.34.0 // indirect
 	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
 	github.com/jackc/pgconn v1.10.1-0.20211002123621-290ee79d1e8d // indirect
 	github.com/jackc/pgio v1.0.0 // indirect
@@ -132,125 +96,57 @@ require (
 	github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
 	github.com/jackc/pgtype v1.8.1 // indirect
 	github.com/jackc/pgx/v4 v4.13.0 // indirect
-	github.com/jandelgado/gcov2lcov v1.0.5 // indirect
-	github.com/jcchavezs/porto v0.3.0 // indirect
-	github.com/jcmturner/aescts/v2 v2.0.0 // indirect
-	github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect
-	github.com/jcmturner/gofork v1.0.0 // indirect
-	github.com/jcmturner/gokrb5/v8 v8.4.2 // indirect
-	github.com/jcmturner/rpc/v2 v2.0.3 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.4 // indirect
-	github.com/jmoiron/sqlx v1.3.4 // indirect
-	github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 // indirect
 	github.com/jonboulle/clockwork v0.2.2 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/julienschmidt/httprouter v1.3.0 // indirect
-	github.com/klauspost/compress v1.14.4 // indirect
-	github.com/knadh/koanf v1.3.0 // indirect
 	github.com/lib/pq v1.10.3 // indirect
-	github.com/looplab/fsm v0.3.0 // indirect
 	github.com/magiconair/properties v1.8.5 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
-	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
-	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/mapstructure v1.4.3 // indirect
-	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
-	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.0.2 // indirect
-	github.com/opencontainers/runc v1.0.2 // indirect
-	github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
-	github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5 // indirect
-	github.com/openzipkin/zipkin-go v0.2.5 // indirect
-	github.com/ory/dockertest/v3 v3.8.1 // indirect
-	github.com/ory/go-acc v0.2.6 // indirect
-	github.com/ory/herodot v0.9.12 // indirect
-	github.com/ory/jsonschema/v3 v3.0.4 // indirect
-	github.com/ory/kratos v0.8.2-alpha.1 // indirect
-	github.com/ory/nosurf v1.2.6 // indirect
-	github.com/ory/viper v1.7.5 // indirect
-	github.com/ory/x v0.0.310 // indirect
-	github.com/pborman/uuid v1.2.1 // indirect
 	github.com/pelletier/go-toml v1.9.4 // indirect
-	github.com/philhofer/fwd v1.1.1 // indirect
-	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.11.0 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.32.1 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
-	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
-	github.com/rs/cors v1.8.0 // indirect
 	github.com/russellhaering/goxmldsig v1.1.1 // indirect
-	github.com/santhosh-tekuri/jsonschema v1.2.4 // indirect
-	github.com/satori/go.uuid v1.2.0 // indirect
-	github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 // indirect
 	github.com/segmentio/asm v1.1.3 // indirect
-	github.com/sirupsen/logrus v1.8.1 // indirect
 	github.com/spf13/afero v1.6.0 // indirect
 	github.com/spf13/cast v1.4.1 // indirect
-	github.com/spf13/cobra v1.2.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518 // indirect
-	github.com/stretchr/testify v1.7.0 // indirect
 	github.com/subosito/gotenv v1.2.0 // indirect
-	github.com/tidwall/gjson v1.9.4 // indirect
-	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
-	github.com/tinylib/msgp v1.1.6 // indirect
 	github.com/tmthrgd/go-hex v0.0.0-20190904060850-447a3041c3bc // indirect
-	github.com/uber/jaeger-client-go v2.29.1+incompatible // indirect
-	github.com/uber/jaeger-lib v2.4.1+incompatible // indirect
 	github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
-	github.com/x448/float16 v0.8.4 // indirect
-	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
-	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
-	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
-	go.elastic.co/apm v1.14.0 // indirect
-	go.elastic.co/apm/module/apmhttp v1.14.0 // indirect
-	go.elastic.co/apm/module/apmot v1.14.0 // indirect
-	go.elastic.co/fastjson v1.1.0 // indirect
 	go.mongodb.org/mongo-driver v1.8.3 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.25.0 // indirect
-	go.opentelemetry.io/otel v1.0.1 // indirect
-	go.opentelemetry.io/otel/trace v1.0.1 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	golang.org/x/crypto v0.0.0-20220214200702-86341886e292 // indirect
-	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
-	golang.org/x/mod v0.5.1 // indirect
 	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
 	golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
 	golang.org/x/tools v0.1.7 // indirect
-	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	gopkg.in/DataDog/dd-trace-go.v1 v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.66.2 // indirect
-	gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 	gorm.io/driver/mysql v1.1.2 // indirect
 	gorm.io/driver/sqlserver v1.2.1 // indirect
 	gorm.io/plugin/dbresolver v1.1.0 // indirect
-	howett.net/plist v0.0.0-20201203080718-1454fab16a06 // indirect
 	k8s.io/component-base v0.23.4 // indirect
 	k8s.io/klog v1.0.0 // indirect
 	k8s.io/klog/v2 v2.30.0 // indirect

internal/dao/common.go

@@ -8,6 +8,11 @@ import (
 	bun "github.com/uptrace/bun"
 )
 
+const (
+	KratosPasswordType = "password"
+	KratosOidcType     = "oidc"
+)
+
 func Create(ctx context.Context, db bun.IDB, entity interface{}) (interface{}, error) {
 	if _, err := db.NewInsert().Model(entity).Exec(ctx); err != nil {
 		return nil, err

internal/dao/user.go

@@ -2,6 +2,7 @@ package dao
 
 import (
 	"context"
+	"database/sql"
 
 	"github.com/RafayLabs/rcloud-base/internal/models"
 	userv3 "github.com/RafayLabs/rcloud-base/proto/types/userpb/v3"
@@ -134,9 +135,11 @@ func listFilteredUsersQuery(
 	offset int,
 ) *bun.SelectQuery {
 	if utype != "" {
-		q = q.Relation("IdentityCredential").
+		q = q.Relation("IdentityCredential", func(q *bun.SelectQuery) *bun.SelectQuery {
+			return q.ExcludeColumn("*")
+		}).
 			Relation("IdentityCredential.IdentityCredentialType", func(q *bun.SelectQuery) *bun.SelectQuery {
-				return q.Where("name = ?", utype)
+				return q.ExcludeColumn("*").Where("name = ?", utype)
 			})
 	}
 
@@ -179,6 +182,24 @@ func ListFilteredUsers(
 	var users []models.KratosIdentities
 	q := db.NewSelect().Model(&users)
 	listFilteredUsersQuery(q, fusers, query, utype, orderBy, order, limit, offset)
+
+	//restrict oidc users, this is required as kratos creates entry with credential type password for oidc users as well
+	if utype == KratosPasswordType {
+		var ssousers []models.KratosIdentities
+		oq := db.NewSelect().Model(&ssousers).
+			Relation("IdentityCredential", func(q *bun.SelectQuery) *bun.SelectQuery {
+				return q.ExcludeColumn("*")
+			}).
+			Relation("IdentityCredential.IdentityCredentialType", func(q *bun.SelectQuery) *bun.SelectQuery {
+				return q.ExcludeColumn("*").Where("name = ?", KratosOidcType)
+			})
+		if len(fusers) > 0 {
+			// filter with precomputed users if we have any
+			oq = oq.Where("identities.id IN (?)", bun.In(fusers))
+		}
+		q.Except(oq)
+	}
+
 	err := q.Scan(ctx)
 	if err != nil {
 		return nil, err
@@ -230,3 +251,20 @@ func GetUserNamesByIds(ctx context.Context, db bun.IDB, id []uuid.UUID, entity i
 	}
 	return names, nil
 }
+
+func IsSSOAccount(ctx context.Context, db bun.IDB, id uuid.UUID) (bool, error) {
+	var user models.KratosIdentities
+	q := db.NewSelect().Model(&user)
+	q = q.Relation("IdentityCredential").
+		Relation("IdentityCredential.IdentityCredentialType", func(q *bun.SelectQuery) *bun.SelectQuery {
+			return q.Where("name = ?", KratosOidcType)
+		})
+	q = q.Where("identities.id = ?", id)
+	err := q.Scan(ctx)
+	if err != nil && err == sql.ErrNoRows {
+		return false, nil
+	} else if err == nil && user.ID != uuid.Nil {
+		return true, nil
+	}
+	return false, err
+}

pkg/sentry/authz/authz.go

@@ -383,19 +383,11 @@ func GetAuthorization(ctx context.Context, req *sentryrpc.GetUserAuthorizationRe
 		if errUser == nil && ks != nil && ks.EnableSessionCheck {
 			// check the last login timestamp
 			var lastLogin time.Time
-			if cnAttr.IsSSO {
-				accountData, err := aps.GetAccount(ctx, accountID)
-				if err != nil {
-					return nil, err
-				}
-				lastLogin = accountData.LastLogin
-			} else {
-				accountData, err := aps.GetAccount(ctx, accountID)
-				if err != nil {
-					return nil, err
-				}
-				lastLogin = accountData.LastLogin
+			accountData, err := aps.GetAccount(ctx, accountID)
+			if err != nil {
+				return nil, err
 			}
+			lastLogin = accountData.LastLogin
 			t1 := time.Now()
 			if t1.Sub(lastLogin) > time.Hour*12 {
 				_log.Infow("get kubectl authorization block access. user did not login to portal in last 12 Hour")
@@ -403,8 +395,8 @@ func GetAuthorization(ctx context.Context, req *sentryrpc.GetUserAuthorizationRe
 			}
 		}
 
-		// is user active
-		if !cnAttr.IsSSO {
+		// is local user active
+		if ok, _ := aps.IsSSOAccount(ctx, accountID); !ok {
 			active, err := aps.IsAccountActive(ctx, accountID, orgID)
 			_log.Infow("accountID ", accountID, "orgID ", orgID, "active ", active)
 			if err != nil {

pkg/service/account_permission.go

@@ -24,6 +24,7 @@ type AccountPermissionService interface {
 	GetAccount(ctx context.Context, accountID string) (*models.Account, error)
 	GetAccountGroups(ctx context.Context, accountID string) ([]string, error)
 	IsAccountActive(ctx context.Context, accountID, orgID string) (bool, error)
+	IsSSOAccount(ctx context.Context, accountID string) (bool, error)
 }
 
 // accountPermissionService implements AccountPermissionService
@@ -166,25 +167,10 @@ func (a *accountPermissionService) IsAccountActive(ctx context.Context, accountI
 	return ga.Active, nil
 }
 
-/*
-func (a *accountPermissionService) GetSSOAccounts(ctx context.Context, orgID ctypesv2.RafayID) ([]typesv2.SSOAccountData, error) {
-	var ssoAccounts []ssoAccountData
-
-	err := a.db.WithContext(ctx).Model(&ssoAccounts).
-		Where("organization_id = ?", orgID).
-		Where("trash = ?", false).
-		Select()
-	if err != nil {
-		return nil, err
-	}
-	ssoAccountUsers := []typesv2.SSOAccountData{}
-	for _, sso := range ssoAccounts {
-		ssoAccountUsers = append(ssoAccountUsers, *sso.SSOAccountData)
-	}
-	return ssoAccountUsers, nil
-
+func (a *accountPermissionService) IsSSOAccount(ctx context.Context, accountID string) (bool, error) {
+	return dao.IsSSOAccount(ctx, a.db, uuid.MustParse(accountID))
 }
-*/
+
 func prepareAccountPermissionResponse(aps models.AccountPermission) sentry.AccountPermission {
 	var urls []*sentry.PermissionURL
 	if aps.Urls != nil {

server/kubeconfig.go

@@ -89,14 +89,6 @@ func (s *kubeConfigServer) RevokeKubeconfig(ctx context.Context, req *sentryrpc.
 		return nil, err
 	}
 
-	/*TODO: pending with events
-	revokeUser, err := kubeconfig.GetUserNameFromAccountID(ctx, accountID, opts.Organization, s.aps, opts.IsSSOUser)
-	acID := accountID
-	partnerID := opts.Partner
-	orgID := opts.Organization
-	kubeconfigRevokeEvent(ctx, "user.kubeconfig.revoke", orgID, partnerID, revokeUser, acID, opts.Username, opts.Account, opts.Groups)
-	*/
-
 	return &sentryrpc.RevokeKubeconfigResponse{}, nil
 }
 
@@ -178,12 +170,6 @@ func (s *kubeConfigServer) UpdateOrganizationSetting(ctx context.Context, req *s
 		return nil, err
 	}
 
-	/*TODO:pending with events
-	partnerID := opts.Partner
-	orgIDString := opts.Organization
-	kubeconfigSettingEvent(ctx, "user.kubeconfig.setting", orgIDString, partnerID, "", "", opts.Username, opts.Account, opts.Groups, req.ValiditySeconds, req.EnableSessionCheck)
-	*/
-
 	return &sentryrpc.UpdateKubeconfigSettingResponse{}, nil
 }
 
@@ -211,13 +197,6 @@ func (s *kubeConfigServer) UpdateUserSetting(ctx context.Context, req *sentryrpc
 		return nil, err
 	}
 
-	/*TODO: pending with events
-	forUser, err := kubeconfig.GetUserNameFromAccountID(ctx, accountID, opts.Organization, s.aps, opts.IsSSOUser)
-	acID := accountID
-	partnerID := opts.Partner
-	orgIDString := opts.Organization
-	kubeconfigSettingEvent(ctx, "user.kubeconfig.setting", orgIDString, partnerID, forUser, acID, opts.Username, opts.Account, opts.Groups, req.ValiditySeconds, req.EnableSessionCheck)
-	*/
 	return &sentryrpc.UpdateKubeconfigSettingResponse{}, nil
 }