The NiFiKop NiFi Kubernetes operator makes it easy to run Apache NiFi on Kubernetes. Apache NiFI is a free, open-source solution that support powerful and scalable directed graphs of data routing, transformation, and system mediation logic.
https://issues.apache.org/jira/browse/NIFI-11492 made it possible to configure OIDC-group based authorization in NiFi. In order to take advantage of this, the group name in NiFi must match a group in the OIDC groups claim.
Nifikop sets the group names to NifiuserGroup.metadata.namespace-NifiuserGroup.metadata.name, which makes it near impossible to match the two group names.
Create a NifiCluster and a NifiUserGroup and observe in NiFi that the group Identity is the concatenated namespace and name of the NifiUserGroup CRD.
What steps will reproduce the bug?
https://issues.apache.org/jira/browse/NIFI-11492 made it possible to configure OIDC-group based authorization in NiFi. In order to take advantage of this, the group name in NiFi must match a group in the OIDC
groups
claim.Nifikop sets the group names to
NifiuserGroup.metadata.namespace-NifiuserGroup.metadata.name
, which makes it near impossible to match the two group names.Create a
NifiCluster
and aNifiUserGroup
and observe in NiFi that the groupIdentity
is the concatenated namespace and name of theNifiUserGroup
CRD.What is the expected behavior?
It should be possible to explicitly set what the group identity, just as we can with
NifiUser
CRDs: https://github.com/konpyutaika/nifikop/blob/master/api/v1/nifiuser_types.go#L12-L14What do you see instead?
N/A
Possible solution
No response
NiFiKop version
v1.7.0-release
Golang version
go version 1.21.6
Kubernetes version
1.27
NiFi version
1.24.0
Additional context
No response