Open carbonin opened 4 years ago
I think as of https://github.com/ManageIQ/manageiq-pods/pull/479 this is really focused on getting all the other auth methods working.
I think they will all use the httpd-init image except maybe SAML. @abellotti I think you mentioned something about that.
Correct, both SAML and OIDC should be able to run with the non-privileged httpd container. The operator for SAML would have to do a bit more work than just passing parameters, i.e. creating the service provider metadata in /etc/httpd/saml2/ (running mellon_create_mestadata.sh) and allowing importing the identity provider metadata there in one shot. Admins would need access to the sp-metadata.xml for configuring their SAML IDP for the CF pod. Logic in both config map generator as well as the appliance console cli, so doable, but we can do that at a later time.
How should we incorporate the auth config map generation into the operator?
I was thinking we could make a pre-deploy job to run the existing generator pod then create the config maps from that pod's output.
We would need to add the inputs for the generator to the CR in some way.