[GitHub] [solr-operator] thelabdude commented on issue #331: Support JWT authentication

[GitBox <gi...@apache.org>]

thelabdude commented on issue #331:
URL: https://github.com/apache/solr-operator/issues/331#issuecomment-931416876


   Rather than polluting the SolrCloud & Prometheus Exporter CRDs with OIDC config settings, the operator could parse out the `wellKnownUrl` and other config from a `security.json` provided by the user in a ConfigMap? So then the CRD structure could look like:
   ```
   spec:
     ...
     solrSecurity:
       authenticationType: OIDC
       configMap: <user-supplied config map here with a security.json key>
       oidc:
         clientId: <operator client-id as registered with OIDC>
         clientSecretName: <name of k8s secret where operator's client secret for OIDC is stored>
   ```
   _note: calling it JWT is confusing, this is OIDC, JWT's are more general purpose and don't require OIDC_
   That way, users have full control over the `security.json` and the operator only needs to add it to ZK. This approach does require users to understand how to structure the `security.json` for OIDC, but personally, I'd rather not put that on the operator and having the operator support a user-supplied security json is a good feature to have anyway.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org