brunodomenici opened a new pull request, #509:
URL: https://github.com/apache/pulsar-helm-chart/pull/509
BREAKING CHANGE: provider configuration changed from
auth.authentication.provider to auth.authentication.jwt.enabled
### Motivation
Allow the configuration of the OpenID authentication provider along side
with JWT.
### Modifications
Provider configuration `auth.authentication.provider` (only 'jwt' value was
accepted) was decommissioned in favor of `auth.authentication.jwt.enabled`:
From:
```yaml
auth:
authentication:
enabled: false
provider: "jwt"
```
To:
```yaml
# Enable or disable broker authentication and authorization.
auth:
authentication:
enabled: false
jwt:
enabled: false
# Enable JWT authentication
# If the token is generated by a secret key, set the usingSecretKey as
true.
# If the token is generated by a private key, set the usingSecretKey
as false.
usingSecretKey: false
openid:
enabled: false
# #
https://pulsar.apache.org/docs/next/security-openid-connect/#enable-openid-connect-authentication-in-the-broker-and-proxy
openIDAllowedTokenIssuers: []
openIDAllowedAudiences: []
openIDTokenIssuerTrustCertsFilePath:
openIDRoleClaim:
openIDAcceptedTimeLeewaySeconds: "0"
openIDCacheSize: "5"
openIDCacheRefreshAfterWriteSeconds: "64800"
openIDCacheExpirationSeconds: "86400"
openIDHttpConnectionTimeoutMillis: "10000"
openIDHttpReadTimeoutMillis: "10000"
openIDKeyIdCacheMissRefreshSeconds: "300"
openIDRequireIssuersUseHttps: "true"
openIDFallbackDiscoveryMode: "DISABLED"
```
### Verifying this change
- [ ] Make sure that the change passes the CI checks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
