DOCSP-47923 Kubernetes for OIDC

[lindseymoore]

Pull Request Info

PR Reviewing Guidelines

JIRA - https://jira.mongodb.org/browse/DOCSP-47923

Staging Links

security/auth/oidc

Self-Review Checklist

• Is this free of any warnings or errors in the RST?
• Did you run a spell-check?
• Did you run a grammar-check?
• Are all the links working?
• Are the facets and meta keywords accurate?

[netlify]

✅ Deploy Preview for docs-java ready!

Name	Link
🔨 Latest commit	75f86de
🔍 Latest deploy log	https://app.netlify.com/sites/docs-java/deploys/67cf38ec514c0e0008734b13
😎 Deploy Preview	https://deploy-preview-640--docs-java.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[mongoKart]

Content looks good, but it should be moved to the OIDC section

[mongoKart]

lgtm!

[lindseymoore]

Thanks @katcharov, I added the MongoCredential section. Can you please verify whether a username is required for the createOidcCredential() method for Kubernetes? Is it ok to leave the method without any input rather than putting null? Thanks!

[katcharov]

Looks like we have the following tests:

    {
      "description": "should throw an error for a username and password with gcp provider (MONGODB-OIDC)",
      "uri": "mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:foo",
      "valid": false,
      "credential": null
    },
    {
      "description": "should throw an error for a username and password with k8s provider (MONGODB-OIDC)",
      "uri": "mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:k8s",
      "valid": false,
      "credential": null
    }

Only azure supports username.

(Password is not accepted for any OIDC.)