MM2 spec can't get oauth client id and bootstrap server address from kubernetes/openshift secrets

[wcmitchell]

Not sure if this fits more for an issue, a bug, or a feature request, but we're using Strimzi through Red Hat AMQ Streams to deploy a MirrorMaker2 instance between a personal and an externally managed Kafka cluster. Throughout testing this has all worked perfectly, but on attempting to move to a prod environment we learned that the OAuth creds and bootstrap address to the managed Kafka cluster can presently only be provided via an OpenShift secret in the Strimzi Operator's namespace. We've tested a few mechanisms to attempt to shim in the credentials from the secret to the MM2 spec, but to no avail. It seems that the MM2 resource definition only expects a string for these entries, and cannot handle any other form of object. If we could have a secret reference for spec.clusters.auth.clientId and spec.clusters.bootstrapServers similar to what's currently used for the client_secret, we'd be set.

[scholzj]

The Client ID or the bootstrap address are not treated as sensitive information and are therefore directly part of the API instead of referencing a field inside a secret. This is by design and there is no plan to change that. If you have the information in the secret, you can read it and copy it into the custom resource. At least for the bootstrap, you can also use the Kubernetes config provider if you want: https://github.com/strimzi/kafka-kubernetes-config-provider ... not sure if it works also for the client ID or not.