[Feature]: Authentication with oidc

[whg517]

Duplicates

no check

Summary 💡

To enhance component security, you can quickly enable oidc authentication with the secret-operator when deploying a trino cluster using the operator.

Examples 🌈

After you add the following parameters in poc authentication mode, trino can use the keycloak cloak as an Idp in https mode to enable oidc authentication.

#single node install config
coordinator=true
node-scheduler.include-coordinator=true
http-server.http.port=8080
discovery.uri=http://localhost:8080
catalog.management=${ENV:CATALOG_MANAGEMENT}

## enabled https
# https://trino.io/docs/current/security/tls.html#configure-the-coordinator
http-server.https.enabled=true
http-server.https.port=8443
http-server.https.keystore.path=/etc/trino/server.crt

## internal communication
# https://trino.io/docs/current/security/internal-communication.html
http-server.authentication.allow-insecure-over-http=true
internal-communication.shared-secret=<openssl rand 512 | base64>

## enable oauth2, use keycloak oidc
# https://trino.io/docs/current/security/oauth2.html
http-server.authentication.type=oauth2
http-server.authentication.oauth2.issuer=http://mac.local:9080/realms/whg
http-server.authentication.oauth2.client-id=<CLIENT_ID>
http-server.authentication.oauth2.client-secret=<CLIENT_SECRET>

Motivation 🔦

No response