From 9a7a762daad6516792945b5ffe7cbca2e39c7334 Mon Sep 17 00:00:00 2001 From: Sonja Ericsson Date: Mon, 20 Sep 2021 13:15:38 +0200 Subject: [PATCH] fix --- flyteadmin_config.yaml | 45 +++++++++++++++++++++++++++++++++--------- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/flyteadmin_config.yaml b/flyteadmin_config.yaml index 3d2f82f80..fe5beae09 100644 --- a/flyteadmin_config.yaml +++ b/flyteadmin_config.yaml @@ -9,28 +9,55 @@ server: kube-config: /Users/haythamabuelfutuh/kubeconfig/k3s/k3s.yaml security: secure: false - useAuth: false + useAuth: true allowCors: true allowedOrigins: # Accepting all domains for Sandbox installation - "*" allowedHeaders: - "Content-Type" +secrets: + secrets-prefix: "/Users/sonjae/flyteadmin" # Okta OIdC only auth: + appAuth: + selfAuthServer: + claimSymmetricEncryptionKeySecretName: "claim_symmetric_key" + tokenSigningRSAKeySecretName: "token_rsa_key.pem" + staticClients: + - obol: + id: obol + # The secret is hashed, so we can store it in ghe + client_secret: + scopes: all + grant_types: client_credentials + - spotify-flytepropeller: + id: spotify-flytepropeller + # The secret is hashed, so we can store it in ghe + client_secret: + scopes: all + grant_types: client_credentials + #appAuth: + # authServerType: External + # externalAuthServer: + # metadataUrl: .well-known/openid-configuration + # allowedAudience: https://flyte.net authorizedUris: - - https://localhost:8088 - - http://flyteadmin:80 + # This should point at your public http Uri. + - http://localhost:8088 userAuth: openId: # Put the URL of the OpenID Connect provider. - baseUrl: https://dev-14186422.okta.com/oauth2/auskngnn7uBViQq6b5d6 - scopes: - - profile - - openid - - offline_access # Uncomment if OIdC supports issuing refresh tokens. + baseUrl: "https://accounts.google.com" + #scopes: + # - profile + # - openid # Replace with the client id created for Flyte. - clientId: 0oakkheteNjCMERst5d6 + cookieHashKeySecretName: "cookie_hash_key" + cookieBlockKeySecretName: "cookie_block_key" + clientSecretName: "oidc_client_secret" + + # Okta OIdC and OAuth2 #auth: