From 9783c25cf59478eb3a3343fc4886bb5a9ea8fec2 Mon Sep 17 00:00:00 2001 From: Julian Einhaus Date: Wed, 3 Apr 2024 11:18:18 +0200 Subject: [PATCH 1/2] docs(flyte-core): add missing key `adminServer` in authentication guide Signed-off-by: Julian Einhaus --- docs/deployment/configuration/auth_setup.rst | 63 ++++++++++---------- 1 file changed, 32 insertions(+), 31 deletions(-) diff --git a/docs/deployment/configuration/auth_setup.rst b/docs/deployment/configuration/auth_setup.rst index 1131c30e98..af47b6063e 100644 --- a/docs/deployment/configuration/auth_setup.rst +++ b/docs/deployment/configuration/auth_setup.rst @@ -558,42 +558,43 @@ Follow the steps in this section to configure `flyteadmin` to use an external au .. code-block:: yaml configmap: - auth: - appAuth: + adminServer: + auth: + appAuth: - authServerType: External + authServerType: External - # 2. Optional: Set external auth server baseUrl if different from OpenId baseUrl. - externalAuthServer: - # baseUrl: https:///auth/realms/ # Uncomment for Keycloak and update with your installation host and realm name - # baseUrl: https://login.microsoftonline.com//oauth2/v2.0/authorize # Uncomment for Azure AD - # For Okta, use the Issuer URI of the custom auth server: - baseUrl: https://dev-.okta.com/oauth2/ + # 2. Optional: Set external auth server baseUrl if different from OpenId baseUrl. + externalAuthServer: + # baseUrl: https:///auth/realms/ # Uncomment for Keycloak and update with your installation host and realm name + # baseUrl: https://login.microsoftonline.com//oauth2/v2.0/authorize # Uncomment for Azure AD + # For Okta, use the Issuer URI of the custom auth server: + baseUrl: https://dev-.okta.com/oauth2/ - metadataUrl: .well-known/openid-configuration + metadataUrl: .well-known/openid-configuration - thirdPartyConfig: - flyteClient: - # 3. Replace with a new Native/Public Client ID provisioned in the custom authorization server. - clientId: flytectl - # This should not change - redirectUri: http://localhost:53593/callback - # 4. "all" is a required scope and must be configured in the custom authorization server. - scopes: - - offline - - all + thirdPartyConfig: + flyteClient: + # 3. Replace with a new Native/Public Client ID provisioned in the custom authorization server. + clientId: flytectl + # This should not change + redirectUri: http://localhost:53593/callback + # 4. "all" is a required scope and must be configured in the custom authorization server. + scopes: + - offline + - all - userAuth: - openId: - # baseUrl: https:///auth/realms/ # Uncomment for Keycloak and update with your installation host and realm name - # baseUrl: https://login.microsoftonline.com//oauth2/v2.0/authorize # Uncomment for Azure AD - # For Okta, use the Issuer URI of the custom auth server: - baseUrl: https://dev-.okta.com/oauth2/ - scopes: - - profile - - openid - # - offline_access # Uncomment if OIdC supports issuing refresh tokens. - clientId: + userAuth: + openId: + # baseUrl: https:///auth/realms/ # Uncomment for Keycloak and update with your installation host and realm name + # baseUrl: https://login.microsoftonline.com//oauth2/v2.0/authorize # Uncomment for Azure AD + # For Okta, use the Issuer URI of the custom auth server: + baseUrl: https://dev-.okta.com/oauth2/ + scopes: + - profile + - openid + # - offline_access # Uncomment if OIdC supports issuing refresh tokens. + clientId: secrets: From d353c6435687543c7b444a50d7da4d799aff37db Mon Sep 17 00:00:00 2001 From: Julian Einhaus Date: Wed, 3 Apr 2024 11:21:48 +0200 Subject: [PATCH 2/2] docs(flyte-core): fix indentation for flyte-core with AzureAD authorization guide Signed-off-by: Julian Einhaus --- docs/deployment/configuration/auth_setup.rst | 48 ++++++++++---------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/docs/deployment/configuration/auth_setup.rst b/docs/deployment/configuration/auth_setup.rst index af47b6063e..d9a7f2c7eb 100644 --- a/docs/deployment/configuration/auth_setup.rst +++ b/docs/deployment/configuration/auth_setup.rst @@ -617,14 +617,14 @@ Follow the steps in this section to configure `flyteadmin` to use an external au .. code-block:: yaml secrets: - adminOauthClientCredentials: - enabled: true - clientSecret: - clientId: + adminOauthClientCredentials: + enabled: true + clientSecret: + clientId: --- configmap: - admin: - admin: + admin: + admin: endpoint: insecure: true clientId: @@ -633,28 +633,30 @@ Follow the steps in this section to configure `flyteadmin` to use an external au - api:///.default useAudienceFromAdmin: true --- - auth: - appAuth: - authServerType: External - externalAuthServer: - baseUrl: https://login.microsoftonline.com//v2.0/ - metadataUrl: .well-known/openid-configuration - AllowedAudience: - - api:// - thirdPartyConfig: - flyteClient: + configmap: + adminServer: + auth: + appAuth: + authServerType: External + externalAuthServer: + baseUrl: https://login.microsoftonline.com//v2.0/ + metadataUrl: .well-known/openid-configuration + AllowedAudience: + - api:// + thirdPartyConfig: + flyteClient: clientId: redirectUri: http://localhost:53593/callback scopes: - api:/// - userAuth: - openId: - baseUrl: https://login.microsoftonline.com//v2.0 - scopes: - - openid - - profile - clientId: + userAuth: + openId: + baseUrl: https://login.microsoftonline.com//v2.0 + scopes: + - openid + - profile + clientId: .. note::