Skip to content

Commit

Permalink
docs: add missing key in auth guide (#5169)
Browse files Browse the repository at this point in the history
* docs(flyte-core): add missing key `adminServer` in authentication guide

Signed-off-by: Julian Einhaus <[email protected]>

* docs(flyte-core): fix indentation for flyte-core with AzureAD authorization guide

Signed-off-by: Julian Einhaus <[email protected]>

---------

Signed-off-by: Julian Einhaus <[email protected]>
  • Loading branch information
Jeinhaus authored Apr 4, 2024
1 parent f8d4992 commit e8a44b4
Showing 1 changed file with 57 additions and 54 deletions.
111 changes: 57 additions & 54 deletions docs/deployment/configuration/auth_setup.rst
Original file line number Diff line number Diff line change
Expand Up @@ -558,42 +558,43 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
.. code-block:: yaml
configmap:
auth:
appAuth:
adminServer:
auth:
appAuth:
authServerType: External
authServerType: External
# 2. Optional: Set external auth server baseUrl if different from OpenId baseUrl.
externalAuthServer:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
# 2. Optional: Set external auth server baseUrl if different from OpenId baseUrl.
externalAuthServer:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
metadataUrl: .well-known/openid-configuration
metadataUrl: .well-known/openid-configuration
thirdPartyConfig:
flyteClient:
# 3. Replace with a new Native/Public Client ID provisioned in the custom authorization server.
clientId: flytectl
# This should not change
redirectUri: http://localhost:53593/callback
# 4. "all" is a required scope and must be configured in the custom authorization server.
scopes:
- offline
- all
thirdPartyConfig:
flyteClient:
# 3. Replace with a new Native/Public Client ID provisioned in the custom authorization server.
clientId: flytectl
# This should not change
redirectUri: http://localhost:53593/callback
# 4. "all" is a required scope and must be configured in the custom authorization server.
scopes:
- offline
- all
userAuth:
openId:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
scopes:
- profile
- openid
# - offline_access # Uncomment if OIdC supports issuing refresh tokens.
clientId: <client id>
userAuth:
openId:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
scopes:
- profile
- openid
# - offline_access # Uncomment if OIdC supports issuing refresh tokens.
clientId: <client id>
secrets:
Expand All @@ -616,14 +617,14 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
.. code-block:: yaml
secrets:
adminOauthClientCredentials:
enabled: true
clientSecret: <client secret>
clientId: <client id>
adminOauthClientCredentials:
enabled: true
clientSecret: <client secret>
clientId: <client id>
---
configmap:
admin:
admin:
admin:
admin:
endpoint: <admin endpoint>
insecure: true
clientId: <client id>
Expand All @@ -632,28 +633,30 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
- api://<client id>/.default
useAudienceFromAdmin: true
---
auth:
appAuth:
authServerType: External
externalAuthServer:
baseUrl: https://login.microsoftonline.com/<tenant id>/v2.0/
metadataUrl: .well-known/openid-configuration
AllowedAudience:
- api://<client id>
thirdPartyConfig:
flyteClient:
configmap:
adminServer:
auth:
appAuth:
authServerType: External
externalAuthServer:
baseUrl: https://login.microsoftonline.com/<tenant id>/v2.0/
metadataUrl: .well-known/openid-configuration
AllowedAudience:
- api://<client id>
thirdPartyConfig:
flyteClient:
clientId: <client id>
redirectUri: http://localhost:53593/callback
scopes:
- api://<client id>/<custom-scope>
userAuth:
openId:
baseUrl: https://login.microsoftonline.com/<tenant id>/v2.0
scopes:
- openid
- profile
clientId: <client id>
userAuth:
openId:
baseUrl: https://login.microsoftonline.com/<tenant id>/v2.0
scopes:
- openid
- profile
clientId: <client id>
.. note::

Expand Down

0 comments on commit e8a44b4

Please sign in to comment.