From 83b837ddc66d08ad75252f7b1ba18be665ef152c Mon Sep 17 00:00:00 2001
From: Akash Jain <15995028+akash-jain-10@users.noreply.github.com>
Date: Mon, 8 Apr 2024 19:22:38 +0530
Subject: [PATCH] fix: #222 (#224)

* feat: Add Support for Azure as Secrets Manager

* chore: Bump Chart Versions

* fix: usage for `openmetadata-ops.sh` script for db-migrations

* fix: Lint issues

* fix: Lint issues

* chore: Bump AppVersions to `1.3.2`

* feat: Add provision for OIDC Confidential client configurations
---
 charts/deps/Chart.yaml                        |   4 +-
 charts/deps/values.yaml                       |   2 +-
 charts/openmetadata/Chart.yaml                |   4 +-
 charts/openmetadata/README.md                 |  33 ++++-
 charts/openmetadata/templates/_helpers.tpl    | 103 ++++++++++---
 charts/openmetadata/templates/deployment.yaml |   2 -
 charts/openmetadata/templates/secrets.yaml    |  16 ++
 charts/openmetadata/values.schema.json        | 139 +++++++++++++++++-
 charts/openmetadata/values.yaml               |  47 +++++-
 9 files changed, 314 insertions(+), 36 deletions(-)

diff --git a/charts/deps/Chart.yaml b/charts/deps/Chart.yaml
index dc6d476..bafb4cb 100644
--- a/charts/deps/Chart.yaml
+++ b/charts/deps/Chart.yaml
@@ -16,13 +16,13 @@ type: application
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 
-version: 1.3.1
+version: 1.3.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.3.1"
+appVersion: "1.3.2"
 
 home: https://open-metadata.org/
 
diff --git a/charts/deps/values.yaml b/charts/deps/values.yaml
index 8bb7e34..fae8aee 100644
--- a/charts/deps/values.yaml
+++ b/charts/deps/values.yaml
@@ -61,7 +61,7 @@ airflow:
   airflow:
     image:
       repository: docker.getcollate.io/openmetadata/ingestion
-      tag: 1.3.1
+      tag: 1.3.2
       pullPolicy: "IfNotPresent"
     executor: "KubernetesExecutor"
     config:
diff --git a/charts/openmetadata/Chart.yaml b/charts/openmetadata/Chart.yaml
index d4c1bf4..83e2119 100644
--- a/charts/openmetadata/Chart.yaml
+++ b/charts/openmetadata/Chart.yaml
@@ -16,13 +16,13 @@ type: application
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 
-version: 1.3.1
+version: 1.3.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.3.1"
+appVersion: "1.3.2"
 
 home: https://open-metadata.org/
 
diff --git a/charts/openmetadata/README.md b/charts/openmetadata/README.md
index aded4c6..40292d0 100644
--- a/charts/openmetadata/README.md
+++ b/charts/openmetadata/README.md
@@ -34,6 +34,7 @@ helm install openmetadata open-metadata/openmetadata --values <<path-to-values-f
 | Key | Type | Default | Conf/Openmetadata.yaml |
 |-----|------|---------| ---------------------- |
 | openmetadata.config.authentication.enabled | bool | `true` | |
+| openmetadata.config.authentication.clientType | string | `public` | AUTHENTICATION_CLIENT_TYPE |
 | openmetadata.config.authentication.provider | string | `basic` | AUTHENTICATION_PROVIDER |
 | openmetadata.config.authentication.publicKeys | list | `[http://openmetadata:8585/api/v1/system/config/jwks]` | AUTHENTICATION_PUBLIC_KEYS |
 | openmetadata.config.authentication.authority | string | `https://accounts.google.com` | AUTHENTICATION_AUTHORITY |
@@ -70,6 +71,24 @@ helm install openmetadata open-metadata/openmetadata --values <<path-to-values-f
 | openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.hostNameConfig.acceptableHostNames | string | `[Empty String]` | AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES |
 | openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.jvmDefaultConfig.verifyHostname | string | `Empty String` | AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST |
 | openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.trustAllConfig.examineValidityDates | bool | `true` | AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES |
+| openmetadata.config.authentication.oidcConfiguration.callbackUrl | string | `http://openmetadata:8585/callback` | OIDC_CALLBACK |
+| openmetadata.config.authentication.oidcConfiguration.clientAuthenticationMethod | string | `client_secret_post` | OIDC_CLIENT_AUTH_METHOD |
+| openmetadata.config.authentication.oidcConfiguration.clientId.secretKey | string | `openmetadata-oidc-client-id` | OIDC_CLIENT_ID |
+| openmetadata.config.authentication.oidcConfiguration.clientId.secretRef | string | `oidc-secrets` | OIDC_CLIENT_ID |
+| openmetadata.config.authentication.oidcConfiguration.clientSecret.secretKey | string | `openmetadata-oidc-client-secret` | OIDC_CLIENT_SECRET |
+| openmetadata.config.authentication.oidcConfiguration.clientSecret.secretRef | string | `oidc-secrets` | OIDC_CLIENT_SECRET |
+| openmetadata.config.authentication.oidcConfiguration.customParams | string | `Empty` | OIDC_CUSTOM_PARAMS |
+| openmetadata.config.authentication.oidcConfiguration.disablePkce | bool | true | OIDC_DISABLE_PKCE |
+| openmetadata.config.authentication.oidcConfiguration.discoveryUri | string | `Empty` | OIDC_DISCOVERY_URI |
+| openmetadata.config.authentication.oidcConfiguration.enabled | bool | false | |
+| openmetadata.config.authentication.oidcConfiguration.maxClockSkew | string | `Empty` | OIDC_MAX_CLOCK_SKEW |
+| openmetadata.config.authentication.oidcConfiguration.oidcType | string | `Empty` | OIDC_TYPE |
+| openmetadata.config.authentication.oidcConfiguration.preferredJwsAlgorithm | string | `RS256` | OIDC_PREFERRED_JWS |
+| openmetadata.config.authentication.oidcConfiguration.responseType | string | `code` | OIDC_RESPONSE_TYPE |
+| openmetadata.config.authentication.oidcConfiguration.scope | string | `openid email profile` | OIDC_SCOPE |
+| openmetadata.config.authentication.oidcConfiguration.serverUrl | string | `http://openmetadata:8585` | OIDC_SERVER_URL |
+| openmetadata.config.authentication.oidcConfiguration.tenant | string | `Empty` | OIDC_TENANT |
+| openmetadata.config.authentication.oidcConfiguration.useNonce | bool | `true` | OIDC_USE_NONCE |
 | openmetadata.config.authentication.saml.debugMode | bool | false | SAML_DEBUG_MODE |
 | openmetadata.config.authentication.saml.idp.entityId | string | `Empty` | SAML_IDP_ENTITY_ID |
 | openmetadata.config.authentication.saml.idp.ssoLoginUrl |  string | `Empty` | SAML_IDP_SSO_LOGIN_URL |
@@ -178,6 +197,14 @@ helm install openmetadata open-metadata/openmetadata --values <<path-to-values-f
 | openmetadata.config.secretsManager.additionalParameters.enabled | bool | `false` | |
 | openmetadata.config.secretsManager.additionalParameters.accessKeyId.secretRef | string | `aws-access-key-secret` | OM_SM_ACCESS_KEY_ID |
 | openmetadata.config.secretsManager.additionalParameters.accessKeyId.secretKey | string | `aws-key-secret` | OM_SM_ACCESS_KEY_ID |
+| openmetadata.config.secretsManager.additionalParameters.clientId.secretRef | string | `azure-client-id-secret` | OM_SM_CLIENT_ID |
+| openmetadata.config.secretsManager.additionalParameters.clientId.secretKey | string | `azure-key-secret` | OM_SM_CLIENT_ID |
+| openmetadata.config.secretsManager.additionalParameters.clientSecret.secretRef | string | `azure-client-secret` | OM_SM_CLIENT_SECRET |
+| openmetadata.config.secretsManager.additionalParameters.clientSecret.secretKey | string | `azure-key-secret` | OM_SM_CLIENT_SECRET |
+| openmetadata.config.secretsManager.additionalParameters.tenantId.secretRef | string | `azure-tenant-id-secret` | OM_SM_TENANT_ID |
+| openmetadata.config.secretsManager.additionalParameters.tenantId.secretKey | string | `azure-key-secret` | OM_SM_TENANT_ID |
+| openmetadata.config.secretsManager.additionalParameters.vaultName.secretRef | string | `azure-vault-name-secret` | OM_SM_VAULT_NAME |
+| openmetadata.config.secretsManager.additionalParameters.vaultName.secretKey | string | `azure-key-secret` | OM_SM_VAULT_NAME |
 | openmetadata.config.secretsManager.additionalParameters.region | string | `Empty String` | OM_SM_REGION |
 | openmetadata.config.secretsManager.additionalParameters.secretAccessKey.secretRef | string | `aws-secret-access-key-secret` | OM_SM_ACCESS_KEY |
 | openmetadata.config.secretsManager.additionalParameters.secretAccessKey.secretKey | string | `aws-key-secret` | OM_SM_ACCESS_KEY |
@@ -191,8 +218,8 @@ helm install openmetadata open-metadata/openmetadata --values <<path-to-values-f
 | openmetadata.config.smtpConfig.supportUrl | string | `https://slack.open-metadata.org` | OM_SUPPORT_URL |
 | openmetadata.config.smtpConfig.transportationStrategy | string | `SMTP_TLS` | SMTP_SERVER_STRATEGY |
 | openmetadata.config.smtpConfig.username | string | `Empty String` | SMTP_SERVER_USERNAME |
-| openmetadata.config.upgradeMigrationConfigs.force | bool | `false` |  |
-| openmetadata.config.upgradeMigrationConfigs.migrationLimitParam | int | `1200` | MIGRATION_LIMIT_PARAM |
+| openmetadata.config.upgradeMigrationConfigs.debug | bool | `false` |  |
+| openmetadata.config.upgradeMigrationConfigs.additionalArgs | string | `Empty String` |  |
 | openmetadata.config.web.enabled | bool | `true` | |
 | openmetadata.config.web.contentTypeOptions.enabled | bool | `false` | WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED |
 | openmetadata.config.web.csp.enabled | bool | `false` | WEB_CONF_XSS_CSP_ENABLED |
@@ -227,7 +254,7 @@ helm install openmetadata open-metadata/openmetadata --values <<path-to-values-f
 | fullnameOverride | string | `"openmetadata"` |
 | image.pullPolicy | string | `"Always"` |
 | image.repository | string | `"docker.getcollate.io/openmetadata/server"` |
-| image.tag | string | `1.3.1` |
+| image.tag | string | `1.3.2` |
 | imagePullSecrets | list | `[]` |
 | ingress.annotations | object | `{}` |
 | ingress.className | string | `""` |
diff --git a/charts/openmetadata/templates/_helpers.tpl b/charts/openmetadata/templates/_helpers.tpl
index 4724b09..814b092 100644
--- a/charts/openmetadata/templates/_helpers.tpl
+++ b/charts/openmetadata/templates/_helpers.tpl
@@ -96,6 +96,7 @@ Warning to update openmetadata global keyword to openmetadata.config */}}
 {{- printf "Error: %s" . | fail }}
 {{- end }}
 
+
 {{/*
 Function to check if passed value is empty string or null value */}}
 {{- define "OpenMetadata.utils.checkEmptyString" -}}
@@ -106,6 +107,71 @@ Function to check if passed value is empty string or null value */}}
 {{- end -}}
 {{- end -}}
 
+{{/*
+OpenMetadata Configurations AWS Additional Parameters Environment Variables for Secret Manager*/}}
+{{- define "OpenMetadata.configs.secretManager.aws.additionalParameters" -}}
+{{- if .Values.openmetadata.config.secretsManager.additionalParameters.accessKeyId.secretRef }}
+{{- with .Values.openmetadata.config.secretsManager.additionalParameters.accessKeyId }}
+- name: OM_SM_ACCESS_KEY_ID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .secretRef }}
+      key: {{ .secretKey }}
+{{- end }}
+{{- end }}
+{{- if .Values.openmetadata.config.secretsManager.additionalParameters.secretAccessKey.secretRef }}
+{{- with .Values.openmetadata.config.secretsManager.additionalParameters.secretAccessKey }}
+- name: OM_SM_ACCESS_KEY
+  valueFrom:
+    secretKeyRef:
+      name: {{ .secretRef }}
+      key: {{ .secretKey }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+OpenMetadata Configurations Azure Additional Parameters Environment Variables for Secret Manager
+*/}}
+{{- define "OpenMetadata.configs.secretManager.azure.additionalParameters" -}}
+{{- if .Values.openmetadata.config.secretsManager.additionalParameters.clientId.secretRef }}
+{{- with .Values.openmetadata.config.secretsManager.additionalParameters.clientId }}
+- name: OM_SM_CLIENT_ID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .secretRef }}
+      key: {{ .secretKey }}
+{{- end }}
+{{- end }}
+{{- if .Values.openmetadata.config.secretsManager.additionalParameters.clientSecret.secretRef }}
+{{- with .Values.openmetadata.config.secretsManager.additionalParameters.clientSecret }}
+- name: OM_SM_CLIENT_SECRET
+  valueFrom:
+    secretKeyRef:
+      name: {{ .secretRef }}
+      key: {{ .secretKey }}
+{{- end }}
+{{- end }}
+{{- if .Values.openmetadata.config.secretsManager.additionalParameters.tenantId.secretRef }}
+{{- with .Values.openmetadata.config.secretsManager.additionalParameters.tenantId }}
+- name: OM_SM_TENANT_ID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .secretRef }}
+      key: {{ .secretKey }}
+{{- end }}
+{{- end }}
+{{- if .Values.openmetadata.config.secretsManager.additionalParameters.vaultName.secretRef }}
+{{- with .Values.openmetadata.config.secretsManager.additionalParameters.vaultName }}
+- name: OM_SM_VAULT_NAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ .secretRef }}
+      key: {{ .secretKey }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
 {{/*
 OpenMetadata Configurations Environment Variables*/}}
 {{- define "OpenMetadata.configs" -}}
@@ -118,6 +184,22 @@ OpenMetadata Configurations Environment Variables*/}}
       key: {{ .secretKey }}
 {{- end }}
 {{- end }}
+{{- if and (eq .Values.openmetadata.config.authentication.clientType "confidential") (.Values.openmetadata.config.authentication.oidcConfiguration.enabled) }}
+{{- with .Values.openmetadata.config.authentication.oidcConfiguration.clientId }}
+- name: OIDC_CLIENT_ID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .secretRef }}
+      key: {{ .secretKey }}
+{{- end }}
+{{- with .Values.openmetadata.config.authentication.oidcConfiguration.clientSecret }}
+- name: OIDC_CLIENT_SECRET
+  valueFrom:
+    secretKeyRef:
+      name: {{ .secretRef }}
+      key: {{ .secretKey }}
+{{- end }}
+{{- end }}
 {{- if eq .Values.openmetadata.config.authentication.provider "ldap" }}
 {{- if .Values.openmetadata.config.authentication.ldapConfiguration.dnAdminPassword.secretRef }}
 {{- with .Values.openmetadata.config.authentication.ldapConfiguration.dnAdminPassword }}
@@ -227,23 +309,11 @@ OpenMetadata Configurations Environment Variables*/}}
 {{- end }}
 {{- end }}
 {{- if .Values.openmetadata.config.secretsManager.additionalParameters.enabled }}
-{{- if .Values.openmetadata.config.secretsManager.additionalParameters.accessKeyId.secretRef }}
-{{- with .Values.openmetadata.config.secretsManager.additionalParameters.accessKeyId }}
-- name: OM_SM_ACCESS_KEY_ID
-  valueFrom:
-    secretKeyRef:
-      name: {{ .secretRef }}
-      key: {{ .secretKey }}
-{{- end }}
-{{- end }}
-{{- if .Values.openmetadata.config.secretsManager.additionalParameters.secretAccessKey.secretRef }}
-{{- with .Values.openmetadata.config.secretsManager.additionalParameters.secretAccessKey }}
-- name: OM_SM_ACCESS_KEY
-  valueFrom:
-    secretKeyRef:
-      name: {{ .secretRef }}
-      key: {{ .secretKey }}
+{{- if has .Values.openmetadata.config.secretsManager.provider (list "aws" "aws-ssm" "managed-aws" "managed-aws-ssm") }}
+{{ include "OpenMetadata.configs.secretManager.aws.additionalParameters" . }}
 {{- end }}
+{{- if has .Values.openmetadata.config.secretsManager.provider (list "managed-azure-kv" "azure-kv") }}
+{{ include "OpenMetadata.configs.secretManager.azure.additionalParameters" . }}
 {{- end }}
 {{- end }}
 {{- if and ( .Values.openmetadata.config.smtpConfig.enableSmtpServer ) ( .Values.openmetadata.config.smtpConfig.password.secretRef )}}
@@ -255,5 +325,4 @@ OpenMetadata Configurations Environment Variables*/}}
       key: {{ .secretKey }}
 {{- end }}
 {{- end }}
-
 {{- end }}
\ No newline at end of file
diff --git a/charts/openmetadata/templates/deployment.yaml b/charts/openmetadata/templates/deployment.yaml
index 70dab41..57facc8 100644
--- a/charts/openmetadata/templates/deployment.yaml
+++ b/charts/openmetadata/templates/deployment.yaml
@@ -99,8 +99,6 @@ spec:
             {{- toYaml . | nindent 10 }}
           {{- end }}
         env:
-        - name: MIGRATION_LIMIT_PARAM
-          value: "{{ .Values.openmetadata.config.upgradeMigrationConfigs.migrationLimitParam }}"
         {{- include "OpenMetadata.configs" . | nindent 8 }}
         {{- with .Values.extraEnvs }}
           {{- toYaml . | nindent 8 }}
diff --git a/charts/openmetadata/templates/secrets.yaml b/charts/openmetadata/templates/secrets.yaml
index f91a1e3..0d16586 100644
--- a/charts/openmetadata/templates/secrets.yaml
+++ b/charts/openmetadata/templates/secrets.yaml
@@ -217,8 +217,24 @@ data:
   AUTHENTICATION_RESPONSE_TYPE: {{ .responseType | quote | b64enc }}
   AUTHENTICATION_AUTHORITY: {{ .authority | quote | b64enc }}
   AUTHENTICATION_CLIENT_ID: {{ .clientId | quote | b64enc }}
+  AUTHENTICATION_CLIENT_TYPE: {{ .clientType | quote | b64enc }}
   AUTHENTICATION_CALLBACK_URL: {{ .callbackUrl | quote | b64enc }}
   AUTHENTICATION_ENABLE_SELF_SIGNUP: {{ .enableSelfSignup | quote | b64enc }}
+{{- if and (eq .clientType "confidential") (.oidcConfiguration.enabled) }}
+  OIDC_TYPE: {{ .oidcConfiguration.oidcType | quote | b64enc }}
+  OIDC_SCOPE: {{ .oidcConfiguration.scope | quote | b64enc }}
+  OIDC_DISCOVERY_URI: {{ .oidcConfiguration.discoveryUri | quote | b64enc }}
+  OIDC_USE_NONCE: {{  .oidcConfiguration.useNonce | quote | b64enc }}
+  OIDC_PREFERRED_JWS: {{ .oidcConfiguration.preferredJwsAlgorithm | quote | b64enc }}
+  OIDC_RESPONSE_TYPE: {{ .oidcConfiguration.responseType | quote | b64enc }}
+  OIDC_DISABLE_PKCE: {{ .oidcConfiguration.disablePkce | quote | b64enc }}
+  OIDC_CALLBACK: {{ .oidcConfiguration.callbackUrl | quote | b64enc }}
+  OIDC_SERVER_URL: {{ .oidcConfiguration.serverUrl | quote | b64enc }}
+  OIDC_CLIENT_AUTH_METHOD: {{ .oidcConfiguration.clientAuthenticationMethod | quote | b64enc }}
+  OIDC_TENANT: {{ .oidcConfiguration.tenant | quote | b64enc }}
+  OIDC_MAX_CLOCK_SKEW: {{ .oidcConfiguration.maxClockSkew | quote | b64enc }}
+  OIDC_CUSTOM_PARAMS: {{ .oidcConfiguration.customParams | quote | b64enc }}
+{{ end }}
 {{- if eq .provider "ldap" }}
   AUTHENTICATION_LDAP_HOST: {{ .ldapConfiguration.host | b64enc }}
   AUTHENTICATION_LDAP_PORT: {{ .ldapConfiguration.port | quote | b64enc }}
diff --git a/charts/openmetadata/values.schema.json b/charts/openmetadata/values.schema.json
index c48225b..732183b 100644
--- a/charts/openmetadata/values.schema.json
+++ b/charts/openmetadata/values.schema.json
@@ -153,11 +153,11 @@
                             "type": "object",
                             "additionalProperties": false,
                             "properties": {
-                                "force": {
-                                    "type": "boolean"
+                                "additionalArgs": {
+                                    "type": "string"
                                 },
-                                "migrationLimitParam": {
-                                    "type": "integer"
+                                "debug": {
+                                    "type": "boolean"
                                 }
                             }
                         },
@@ -246,6 +246,13 @@
                                 "clientId": {
                                     "type": "string"
                                 },
+                                "clientType": {
+                                    "type": "string",
+                                    "enum": [
+                                        "public",
+                                        "confidential"
+                                    ]
+                                },
                                 "enableSelfSignup": {
                                     "type": "boolean"
                                 },
@@ -284,6 +291,78 @@
                                 "responseType": {
                                     "type": "string"
                                 },
+                                "oidcConfiguration": {
+                                    "type": "object",
+                                    "additionalProperties": false,
+                                    "properties": {
+                                        "enabled": {
+                                            "type": "boolean"
+                                        },
+                                        "oidcType": {
+                                            "type": "string"
+                                        },
+                                        "clientId": {
+                                            "type": "object",
+                                            "additionalProperties": false,
+                                            "properties": {
+                                                "secretRef": {
+                                                    "type": "string"
+                                                },
+                                                "secretKey": {
+                                                    "type": "string"
+                                                }
+                                            }
+                                        },
+                                        "clientSecret": {
+                                            "type": "object",
+                                            "additionalProperties": false,
+                                            "properties": {
+                                                "secretRef": {
+                                                    "type": "string"
+                                                },
+                                                "secretKey": {
+                                                    "type": "string"
+                                                }
+                                            }
+                                        },
+                                        "scope": {
+                                            "type": "string"
+                                        },
+                                        "discoveryUri": {
+                                            "type": "string"
+                                        },
+                                        "useNonce": {
+                                            "type": "boolean"
+                                        },
+                                        "preferredJwsAlgorithm": {
+                                            "type": "string"
+                                        },
+                                        "responseType": {
+                                            "type": "string"
+                                        },
+                                        "disablePkce": {
+                                            "type": "boolean"
+                                        },
+                                        "callbackUrl": {
+                                            "type": "string"
+                                        },
+                                        "serverUrl": {
+                                            "type": "string"
+                                        },
+                                        "clientAuthenticationMethod": {
+                                            "type": "string"
+                                        },
+                                        "tenant": {
+                                            "type": "string"
+                                        },
+                                        "maxClockSkew": {
+                                            "type": "string"
+                                        },
+                                        "customParams": {
+                                            "type": "string"
+                                        }
+                                    }
+                                },
                                 "ldapConfiguration": {
                                     "type": "object",
                                     "additionalProperties": false,
@@ -843,6 +922,30 @@
                                                 }
                                             }
                                         },
+                                        "clientId": {
+                                            "type": "object",
+                                            "additionalProperties": false,
+                                            "properties": {
+                                                "secretKey": {
+                                                    "type": "string"
+                                                },
+                                                "secretRef": {
+                                                    "type": "string"
+                                                }
+                                            }
+                                        },
+                                        "clientSecret": {
+                                            "type": "object",
+                                            "additionalProperties": false,
+                                            "properties": {
+                                                "secretKey": {
+                                                    "type": "string"
+                                                },
+                                                "secretRef": {
+                                                    "type": "string"
+                                                }
+                                            }
+                                        },
                                         "enabled": {
                                             "type": "boolean"
                                         },
@@ -860,6 +963,30 @@
                                                     "type": "string"
                                                 }
                                             }
+                                        },
+                                        "tenantId": {
+                                            "type": "object",
+                                            "additionalProperties": false,
+                                            "properties": {
+                                                "secretKey": {
+                                                    "type": "string"
+                                                },
+                                                "secretRef": {
+                                                    "type": "string"
+                                                }
+                                            }
+                                        },
+                                        "vaultName": {
+                                            "type": "object",
+                                            "additionalProperties": false,
+                                            "properties": {
+                                                "secretKey": {
+                                                    "type": "string"
+                                                },
+                                                "secretRef": {
+                                                    "type": "string"
+                                                }
+                                            }
                                         }
                                     }
                                 },
@@ -871,7 +998,9 @@
                                         "aws-ssm",
                                         "managed-aws",
                                         "managed-aws-ssm",
-                                        "in-memory"
+                                        "in-memory",
+                                        "managed-azure-kv",
+                                        "azure-kv"
                                     ]
                                 },
                                 "prefix": {
diff --git a/charts/openmetadata/values.yaml b/charts/openmetadata/values.yaml
index 32126fd..88f86aa 100644
--- a/charts/openmetadata/values.yaml
+++ b/charts/openmetadata/values.yaml
@@ -8,8 +8,10 @@ replicaCount: 1
 openmetadata:
   config:
     upgradeMigrationConfigs:
-      force: false
-      migrationLimitParam: 1200
+      debug: false
+      # You can pass the additional argument flags to the openmetadata-ops.sh migrate command
+      # Example if you want to force migration runs, use additionalArgs: "--force"
+      additionalArgs: ""
     # Values can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL
     logLevel: INFO
     clusterName: openmetadata
@@ -94,6 +96,7 @@ openmetadata:
       enableSecureSocketConnection: false
     authentication:
       enabled: true
+      clientType: public
       provider: "basic"
       publicKeys:
       - "http://openmetadata:8585/api/v1/system/config/jwks"
@@ -106,6 +109,27 @@ openmetadata:
       - "preferred_username"
       - "sub"
       enableSelfSignup: true
+      oidcConfiguration:
+        enabled: false
+        oidcType: ""
+        clientId:
+          secretRef: oidc-secrets
+          secretKey: openmetadata-oidc-client-id
+        clientSecret:
+          secretRef: oidc-secrets
+          secretKey: openmetadata-oidc-client-secret
+        scope: "openid email profile"
+        discoveryUri: ""
+        useNonce: true
+        preferredJwsAlgorithm: RS256
+        responseType: code
+        disablePkce: true
+        callbackUrl: http://openmetadata:8585/callback
+        serverUrl: http://openmetadata:8585
+        clientAuthenticationMethod: client_secret_post
+        tenant: ""
+        maxClockSkew: ""
+        customParams: ""
       ldapConfiguration:
         host: localhost
         port: 10636
@@ -219,21 +243,36 @@ openmetadata:
         secretKey: ""
     secretsManager:
       enabled: true
-      # Possible values are db, aws, aws-ssm, managed-aws, managed-aws-ssm, in-memory
+      # Possible values are db, aws, aws-ssm, managed-aws, managed-aws-ssm, in-memory, managed-azure-kv, azure-kv
       provider: db
-      # Define the secret key ID as /<prefix>/<clusterName>/<key>
+      # Define the secret key ID as /<prefix>/<clusterName>/<key> for AWS
+      # Define the secret key ID as <prefix>-<clusterName>-<key> for Azure
       prefix: ""
        # Add tags to the created resource, e.g., in AWS. Format is `[key1:value1,key2:value2,...]`
       tags: []
       additionalParameters:
         enabled: false
         region: ""
+        # For AWS
         accessKeyId:
           secretRef: aws-access-key-secret
           secretKey: aws-key-secret
         secretAccessKey:
           secretRef: aws-secret-access-key-secret
           secretKey: aws-key-secret
+        # For Azure
+        clientId:
+          secretRef: azure-client-id-secret
+          secretKey: azure-key-secret
+        clientSecret:
+          secretRef: azure-client-secret
+          secretKey: azure-key-secret
+        tenantId:
+          secretRef: azure-tenant-id-secret
+          secretKey: azure-key-secret
+        vaultName:
+          secretRef: azure-vault-name-secret
+          secretKey: azure-key-secret
       # You can create Kubernetes secrets from AWS Credentials with the below command
       # kubectl create secret generic aws-key-secret \
       # --from-literal=aws-access-key-secret=<access_key_id_value> \