thelabdude commented on issue #331: URL: https://github.com/apache/solr-operator/issues/331#issuecomment-931416876
Rather than polluting the SolrCloud & Prometheus Exporter CRDs with OIDC config settings, the operator could parse out the `wellKnownUrl` and other config from a `security.json` provided by the user in a ConfigMap? So then the CRD structure could look like: ``` spec: ... solrSecurity: authenticationType: OIDC configMap: <user-supplied config map here with a security.json key> oidc: clientId: <operator client-id as registered with OIDC> clientSecretName: <name of k8s secret where operator's client secret for OIDC is stored> ``` _note: calling it JWT is confusing, this is OIDC, JWT's are more general purpose and don't require OIDC_ That way, users have full control over the `security.json` and the operator only needs to add it to ZK. This approach does require users to understand how to structure the `security.json` for OIDC, but personally, I'd rather not put that on the operator and having the operator support a user-supplied security json is a good feature to have anyway. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org