[Bugfix] [Platform] Fix NoAuth Mode (#1943)

Author: ajanikow

CHANGELOG.md

@@ -13,6 +13,7 @@
 - (DebugPackage) Fetch All logs
 - (Feature) (Platform) MetaV1 List Operation
 - (Feature) (Platform) Enable HTTP to HTTPS Redirect
+- (Bugfix) (Platform) Fix NoAuth Mode
 
 ## [1.2.50](https://github.com/arangodb/kube-arangodb/tree/1.2.50) (2025-07-04)
 - (Feature) (Platform) MetaV1 Integration Service

docs/cli/arangodb_operator_integration.md

@@ -49,9 +49,10 @@ Flags:
       --integration.config.v1.internal                              Defines if Internal access to service config.v1 is enabled (Env: INTEGRATION_CONFIG_V1_INTERNAL) (default true)
       --integration.config.v1.module strings                        Module in the reference <name>=<abs path> (Env: INTEGRATION_CONFIG_V1_MODULE)
       --integration.envoy.auth.v3                                   Enable EnvoyAuthV3 Integration Service (Env: INTEGRATION_ENVOY_AUTH_V3)
-      --integration.envoy.auth.v3.auth.enabled                      Defines if Auth extension is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_AUTH_ENABLED)
+      --integration.envoy.auth.v3.auth.enabled                      Defines if SSO Auth extension is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_AUTH_ENABLED)
       --integration.envoy.auth.v3.auth.path string                  Path of the config file (Env: INTEGRATION_ENVOY_AUTH_V3_AUTH_PATH)
       --integration.envoy.auth.v3.auth.type string                  Defines type of the authentication (Env: INTEGRATION_ENVOY_AUTH_V3_AUTH_TYPE) (default "OpenID")
+      --integration.envoy.auth.v3.enabled                           Defines if Auth extension is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_ENABLED) (default true)
       --integration.envoy.auth.v3.extensions.cookie.jwt             Defines if Cookie JWT extension is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_EXTENSIONS_COOKIE_JWT) (default true)
       --integration.envoy.auth.v3.extensions.jwt                    Defines if JWT extension is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_EXTENSIONS_JWT) (default true)
       --integration.envoy.auth.v3.extensions.users.create           Defines if UserCreation extension is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_EXTENSIONS_USERS_CREATE)

integrations/envoy/auth/v3/impl/auth_bearer/impl.go

@@ -35,6 +35,10 @@ import (
 )
 
 func New(ctx context.Context, configuration pbImplEnvoyAuthV3Shared.Configuration) (pbImplEnvoyAuthV3Shared.AuthHandler, bool) {
+	if !configuration.Enabled {
+		return nil, false
+	}
+
 	if !configuration.Extensions.JWT {
 		return nil, false
 	}

integrations/envoy/auth/v3/impl/auth_cookie/impl.go

@@ -40,6 +40,10 @@ import (
 const JWTAuthorizationCookieName = "X-ArangoDB-Token-JWT"
 
 func New(ctx context.Context, configuration pbImplEnvoyAuthV3Shared.Configuration) (pbImplEnvoyAuthV3Shared.AuthHandler, bool) {
+	if !configuration.Enabled {
+		return nil, false
+	}
+
 	if !configuration.Extensions.CookieJWT {
 		logger.Info("Gateway CookieAuth Disabled")
 		return nil, false

integrations/envoy/auth/v3/impl/auth_custom/impl.go

@@ -28,6 +28,10 @@ import (
 )
 
 func New(ctx context.Context, configuration pbImplEnvoyAuthV3Shared.Configuration) (pbImplEnvoyAuthV3Shared.AuthHandler, bool) {
+	if !configuration.Enabled {
+		return nil, false
+	}
+
 	if !configuration.Auth.Enabled {
 		return nil, false
 	}

integrations/envoy/auth/v3/impl/auth_required/impl.go

@@ -31,6 +31,10 @@ import (
 )
 
 func New(ctx context.Context, configuration pbImplEnvoyAuthV3Shared.Configuration) (pbImplEnvoyAuthV3Shared.AuthHandler, bool) {
+	if !configuration.Enabled {
+		return nil, false
+	}
+
 	return impl{}, true
 }
 

integrations/envoy/auth/v3/impl/pass_mode/impl.go

@@ -40,6 +40,10 @@ import (
 )
 
 func New(ctx context.Context, configuration pbImplEnvoyAuthV3Shared.Configuration) (pbImplEnvoyAuthV3Shared.AuthHandler, bool) {
+	if !configuration.Enabled {
+		return nil, false
+	}
+
 	var z impl
 
 	z.configuration = configuration

integrations/envoy/auth/v3/impl/users/impl.go

@@ -36,6 +36,10 @@ import (
 )
 
 func New(ctx context.Context, configuration pbImplEnvoyAuthV3Shared.Configuration) (pbImplEnvoyAuthV3Shared.AuthHandler, bool) {
+	if !configuration.Enabled {
+		return nil, false
+	}
+
 	if !configuration.Extensions.UsersCreate {
 		return nil, false
 	}

integrations/envoy/auth/v3/shared/configuration.go

@@ -25,6 +25,8 @@ import (
 )
 
 type Configuration struct {
+	Enabled bool
+
 	integrationsShared.Endpoint
 	integrationsShared.Database
 

pkg/integrations/envoy_auth_v3.go

@@ -52,10 +52,11 @@ func (a *envoyAuthV3) Description() string {
 
 func (a *envoyAuthV3) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
 	return errors.Errors(
+		fs.BoolVar(&a.config.Enabled, "enabled", true, "Defines if Auth extension is enabled"),
 		fs.BoolVar(&a.config.Extensions.JWT, "extensions.jwt", true, "Defines if JWT extension is enabled"),
 		fs.BoolVar(&a.config.Extensions.CookieJWT, "extensions.cookie.jwt", true, "Defines if Cookie JWT extension is enabled"),
 		fs.BoolVar(&a.config.Extensions.UsersCreate, "extensions.users.create", false, "Defines if UserCreation extension is enabled"),
-		fs.BoolVar(&a.config.Auth.Enabled, "auth.enabled", false, "Defines if Auth extension is enabled"),
+		fs.BoolVar(&a.config.Auth.Enabled, "auth.enabled", false, "Defines if SSO Auth extension is enabled"),
 		fs.StringVar(&a.config.Auth.Type, "auth.type", "OpenID", "Defines type of the authentication"),
 		fs.StringVar(&a.config.Auth.Path, "auth.path", "", "Path of the config file"),
 	)