Add admin user into authorized list without restart

Support
1

Description

Hi Team,
I am using oidc for authentication which works perfect.
One thing i noted:

apiVersion: v1
data:
  conf.yaml: |-
    ---
    authentication:
      anonymous_access:
        enabled: false
      oidc:
        enabled: true
        client_id: <client_id>
        groups_claim: groups
        issuer: https://<myiad>
        username_claim: login_name
    authorization:
      admin_list:
        enabled: true
        users:
        - P123
        - P456

    query_defaults:
      limit: 100
    debug: false
kind: ConfigMap

If i add another user P789, the configure map updated afterwards, the pods must be restarted to take effect.
Is this possible to load without restart?

Server Setup Information

Weaviate Server Version: 1.25.0
Deployment Method: k8s
Multi Node? Number of Running Nodes: 3
Client Language and Version: Python weaviate-client==4.5.5
Multitenancy?: no

Any additional Information

2

Hi!

Unfortunately, AFAIK, that change needs a restart :grimacing:

Hope that helps.

THanks!

3

Hi, I saw your website saying RBAC is on the way.

May i know when will it happen?

1 Like
4

Hi!

It is quite high on the roadmp list:

Please, give it a thumbs up :+1: So we can push it up the list!

Thanks!

5

Thanks for the update.
We found a way by using istio service mesh, we can control the auth in istio service mesh but authentication by oidc.
All good.

6

Aha! That’s very smart! :slight_smile:

Glad it worked out, and thanks for sharing as other users can benefit from this! :heart_eyes: