-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose OIDC configuration into values.yaml #463
Comments
Since we support configuring LDAP in NiFi through a similar manner, I think this is a reasonable request. And i agree that sensitive values should be pulled from secrets and not provided in raw text in the values.yaml. https://konpyutaika.github.io/nifikop/docs/5_references/1_nifi_cluster/#ldapconfiguration |
I was looking into the code. I think that the change can be done only into nifi-config-sc.yaml, using clear clientSecret. |
Yes, supporting a feature like this would require CRD changes and consequently code changes. |
That said, it's possible to configure OIDC right now through the following approach: https://konpyutaika.github.io/nifikop/docs/3_manage_nifi/1_manage_clusters/1_deploy_cluster/5_users_authentication/1_oidc |
yes I know, thanks. I'm already using this configuration. |
Is your feature request related to a problem?
I need to configure oidc for NiFi. In my case the nifikop helm char is a sub-chart so I need to manage oidc from external values in a more abstract way. In addition the clientSecret should be managed true secret
Describe the solution you'd like to see
Similar to singleUserConfiguration and ldapConfiguration I would like to have a section like this
oidcConfiguration:
discoveryUrl=
clientId=<oidc client's id>
clientSecret=<oidc client's secret>
patternDn=
valueDn=$1
transformDn=NONE
Describe alternatives you've considered
The idea can be to change nifi-config-sc.yaml
.....
nifi.properties: |-
{{ if .Values.cluster.oidcConfiguration }}
nifi.security.user.oidc.discovery.url={{ .Values.cluster.oidcConfiguration.discoveryUrl }}
nifi.security.user.oidc.client.id={{ .Values.cluster.oidcConfiguration.clientId }}
nifi.security.user.oidc.client.secret={{ .Values.cluster.oidcConfiguration.clientSecret }}
nifi.security.identity.mapping.pattern.dn={{ .Values.cluster.oidcConfiguration.patternDn | default('CN=([^,])(?:, (?:O|OU)=.)?') }}
nifi.security.identity.mapping.value.dn={{ .Values.cluster.oidcConfiguration.valueDn | default('$1') }}
nifi.security.identity.mapping.transform.dn={{ .Values.cluster.oidcConfiguration.transformDn | default('NONE') }}
{{ end }}
{{ .Values.cluster.nifiProperties.overrideConfigs | b64enc | indent 4 }}
Additional context
No response
The text was updated successfully, but these errors were encountered: