Re: [PR] Enabling Java security OIDC properties to all workflows [incubator-kie-tools]

Mon, 02 Jun 2025 07:51:05 -0700 


gabriel-farache commented on code in PR #3163:
URL: 
https://github.com/apache/incubator-kie-tools/pull/3163#discussion_r2121323088


##########
packages/sonataflow-operator/api/v1alpha08/sonataflowplatform_types.go:
##########
@@ -66,6 +67,9 @@ type SonataFlowPlatformSpec struct {
        // Settings for Prometheus monitoring
        // +optional
        Monitoring *PlatformMonitoringOptionsSpec `json:"monitoring,omitempty"`
+
+        // +optional
+       WorkflowDefaults *WorkflowDefaults `json:"workflowDefaults,omitempty"`

Review Comment:
   If I understand correctly: you add this new field to allow users to add 
anything in the podSpec template of all deployed workflow? It would act like a 
global configuration.
   
   But the Java security OIDC properties have to be set in the properties file, 
which maps to the `-managed-props` configmap generated and managed by the 
operator (and which the user cannot override).
   From my understanding we only need the following properties to be set
   ```
   # Properties to check for identity, needed to use $WORKFLOW.identity within 
the workflow
   quarkus.oidc.auth-server-url=${auth-server-url}
   quarkus.oidc.client-id=${client-id}
   quarkus.oidc.credentials.secret=${client-secret}
   quarkus.oidc.token.header=X-Authorization-<provider>
   quarkus.oidc.token.issuer=any # needed in case the auth server url is not 
the same as the one configured; e.g: localhost VS the k8S service
   ```
   and they should not be placed in the podSpec template from the best of my 
knowledge.
   
   I imagined more something similar to the `eventing` field which, apart from 
generating Knative resources, also configured the workflows properties to 
communicate using eventing with DataIndex and JobService;



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to