The NiFiKop NiFi Kubernetes operator makes it easy to run Apache NiFi on Kubernetes. Apache NiFI is a free, open-source solution that support powerful and scalable directed graphs of data routing, transformation, and system mediation logic.
https://issues.apache.org/jira/browse/NIFI-11492 made it possible to configure OIDC-group based authorization in NiFi. In order to take advantage of this, the group name in NiFi must match a group in the OIDC groups claim.
Nifikop sets the group names to NifiuserGroup.metadata.namespace-NifiuserGroup.metadata.name, which makes it near impossible to match the two group names.
Create a NifiCluster and a NifiUserGroup and observe in NiFi that the group Identity is the concatenated namespace and name of the NifiUserGroup CRD.
What steps will reproduce the bug?
https://issues.apache.org/jira/browse/NIFI-11492 made it possible to configure OIDC-group based authorization in NiFi. In order to take advantage of this, the group name in NiFi must match a group in the OIDC
groupsclaim.Nifikop sets the group names to
NifiuserGroup.metadata.namespace-NifiuserGroup.metadata.name, which makes it near impossible to match the two group names.Create a
NifiClusterand aNifiUserGroupand observe in NiFi that the groupIdentityis the concatenated namespace and name of theNifiUserGroupCRD.What is the expected behavior?
It should be possible to explicitly set what the group identity, just as we can with
NifiUserCRDs: https://github.com/konpyutaika/nifikop/blob/master/api/v1/nifiuser_types.go#L12-L14What do you see instead?
N/A
Possible solution
No response
NiFiKop version
v1.7.0-release
Golang version
go version 1.21.6
Kubernetes version
1.27
NiFi version
1.24.0
Additional context
No response