Skip to content

Commit 893dbf5

Browse files
megglosmegglos
authored
feat: add resource authorizations flag to identity migration (#4197)
1 parent f2993c7 commit 893dbf5

File tree

3 files changed

+4
-0
lines changed

3 files changed

+4
-0
lines changed

charts/camunda-platform-8.8/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1364,6 +1364,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out
13641364
| `orchestration.migration.data.tasks.retry.retryDelayMultiplier` | can be used to define the delay multiplier. | `2` |
13651365
| `orchestration.migration.identity.enabled` | if true, the migration of Management Identity data to the orchestration clusters Identity occurs | `false` |
13661366
| `orchestration.migration.identity.backoffLimit` | can be used to specify the backoffLimit for the job https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy | `6` |
1367+
| `orchestration.migration.identity.resourceAuthorizationsEnabled` | if true, the migration of Management Identity data to the orchestration cluster will not create wildcard resource access for roles, this is required to be true if Resource Based Access was used with 8.7 | `false` |
13671368
| `orchestration.importer` | configuration for the external tasklist and operate importer deployment for the orchestration cluster | |
13681369
| `orchestration.importer.enabled` | if true, the orchestration cluster deployment and its related resources are deployed via a helm release | `false` |
13691370
| `orchestration.importer.envFrom` | list of environment variables to import from configMapRef and secretRef | `[]` |

charts/camunda-platform-8.8/templates/orchestration/migration-identity-configmap.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ data:
99
migration:
1010
identity:
1111
mode: {{ .Values.global.identity.auth.type }}
12+
resource-authorizations-enabled: {{ .Values.orchestration.migration.identity.resourceAuthorizationsEnabled }}
1213
{{- if not ( eq .Values.global.identity.auth.type "KEYCLOAK" ) }}
1314
oidc:
1415
audiences:

charts/camunda-platform-8.8/values.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2525,6 +2525,8 @@ orchestration:
25252525
enabled: false
25262526
## @param orchestration.migration.identity.backoffLimit can be used to specify the backoffLimit for the job https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy
25272527
backoffLimit: 6
2528+
## @param orchestration.migration.identity.resourceAuthorizationsEnabled if true, the migration of Management Identity data to the orchestration cluster will not create wildcard resource access for roles, this is required to be true if Resource Based Access was used with 8.7
2529+
resourceAuthorizationsEnabled: false
25282530

25292531
## @extra orchestration.importer configuration for the external tasklist and operate importer deployment for the orchestration cluster
25302532
importer:

0 commit comments

Comments
 (0)