https://www.gooddata.com/ logo
Join Slack
Powered by
I was taking a look at the Organization custom res...
# gooddata-cn
m
I was taking a look at the Organization custom resource definition that is bundled in the helm chart and saw that it has an 
oauthProvider
property . I tried to use it but it seems like the organization controller might not be consuming those values. Is this something that is planned for an upcoming release or am I missing something?
👍 1
Heres a redacted version of what I tried
Copy code
apiVersion: <http://controllers.gooddata.com/v1|controllers.gooddata.com/v1>
kind: Organization
metadata:
  name: org-name
  namespace: gooddata-cn
spec:
  id: org-name
  name: "Org Name"
  hostname: <http://org.domain.com|org.domain.com>
  adminGroup: adminGroup
  adminUser: admin
  adminUserToken: "REDACTED"
  oauthProvider:
    oauthClientId: "REDACTED"
    oauthIssuerId: "REDACTED"
    oauthIssuerLocation: "<https://org.okta.com>"
    oauthClientSecret:
      kubernetesSecret:
        key: "client-secret"
        name: "gooddata-cn-org-oidc"

---
kind: Secret
apiVersion: v1
metadata:
  name: gooddata-cn-org-oidc
  namespace: gooddata-cn
type: Opaque
stringData:
  client-secret: REDACTED
m
Hi @Manuel Cintron, do I understand correctly that you wish to set up external OIDC provider for an existing organization, or are you creating a new organization altogether? What exactly are you trying to achieve, please? New organizations are using the default (built-in) 
Dex
OIDC provider. You can set up an external OIDC provider later. More information is available in these help pages: https://www.gooddata.com/developers/cloud-native/doc/2.3/deploy-and-install/cloud-native/set-up-organizations/setup-organizations/#load-th[…]cluster
Once you have created the Organization, set up authentication.
Please let me know if this helps or if you have any further questions. Thank you!
r
The whole section 
oauthProvider
of Organization custom resource is reserved for internal use in GoodData Cloud service and is not used in GoodData.CN. In order to set up OIDC authentication, please use PUT request on organization API resource, as described in our documentation.
m
Thanks! I have been using the 
PUT
API call to configure the oauth provider and thats been working fine. I was mostly just curious because this seemed like a much cleaner way to handle this part of the bootstrapping process.
Open in Slack
PreviousNext
Powered by