search

canonical / openfga-operator

Charmed OpenFGA
https://charmhub.io/openfga-k8s
Apache License 2.0
1 stars 5 forks source link

TLS support #109

Open alesstimec opened 2 days ago

alesstimec commented 2 days ago

Enhancement Proposal

Please implement the TLS support in the charm.

The OpenFGA documentation says:

If you are going to use this setup in production, you should enable HTTP TLS in your OpenFGA server. You will need to configure the TLS certificate and key.

And their config page suggests:

1. Configure the authentication method to preshared: export OPENFGA_AUTHN_METHOD=preshared.
2. Configure the authentication keys: export OPENFGA_AUTHN_PRESHARED_KEYS=key1,key2
3. Enable the HTTP TLS configuration: export OPENFGA_HTTP_TLS_ENABLED=true
4. Configure the HTTP TLS certificate location: export OPENFGA_HTTP_TLS_CERT=/Users/myuser/key/server.crt
5. Configure the HTTP TLS key location: export OPENFGA_HTTP_TLS_KEY=/Users/myuser/key/server.key

I think it would suffice if you implemented the cerficiates relation (tls-certificates interface) allowing us to relate the httprequest-lego-k8s charm to it to obtain the certificate and then set the corresponding environment variables.

syncronize-issues-to-jira[bot] commented 2 days ago

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/IAM-1111.

This message was autogenerated