From 3c74b903989c4925ab734bf06720a13571ff6c79 Mon Sep 17 00:00:00 2001
From: Ming Meng <101287520+mingmcb@users.noreply.github.com>
Date: Sun, 17 Sep 2023 11:02:14 -0400
Subject: [PATCH] Added doc to use oauth for pulsar scaler (#1161)

Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com>
---
 content/docs/2.12/scalers/pulsar.md | 94 ++++++++++++++++++++++++++++-
 1 file changed, 93 insertions(+), 1 deletion(-)

diff --git a/content/docs/2.12/scalers/pulsar.md b/content/docs/2.12/scalers/pulsar.md
index b2c4f1e13..98f1eec07 100644
--- a/content/docs/2.12/scalers/pulsar.md
+++ b/content/docs/2.12/scalers/pulsar.md
@@ -32,7 +32,10 @@ triggers:
 - `subscription` - Name of the topic subscription
 - `msgBacklogThreshold` - Average target value to trigger scaling actions. (default: 10)
 - `activationMsgBacklogThreshold` - Target value for activating the scaler. Learn more about activation [here](./../concepts/scaling-deployments.md#activating-and-scaling-thresholds).(Default: `0`, Optional)
-- `authModes` - a comma separated list of authentication modes to use. (Values: `bearer`, `tls`,`basic`, Default: `""`, Optional, `tls,bearer` or `tls,basic` are valid combinations and would indicate mutual TLS to secure the connection and then `bearer` or `basic` headers should be added to the HTTP request)
+- `authModes` - a comma separated list of authentication modes to use. (Values: `bearer`, `tls`, `basic`, `oauth`, Default: `""`, Optional, `tls,bearer` or `tls,basic` are valid combinations and would indicate mutual TLS to secure the connection and then `bearer` or `basic` headers should be added to the HTTP request)
+- `oauthTokenURI` - The OAuth Access Token URI for the OAuth provider, used when `authModes` is set to `oauth`. Ignored if provided from `authenticationRef`. (Optional)
+- `scope` - A comma separated lists of OAuth scopes, used when `authModes` is set to `oauth`. Ignored if provided from `authenticationRef`. (Optional)
+- `clientID` - Client ID for the OAuth provider, used when `authModes` is set to `oauth`. Ignored if provided from `authenticationRef`. (Optional)
 
 ### Authentication Parameters
 
@@ -58,6 +61,15 @@ When configuring mutual TLS authentication, configure the following:
 - `cert`: Certificate for client authentication.
 - `key`: Key for client authentication. 
 
+**OAuth 2**
+
+When configuring OAuth Authentication, configure the following:
+- `oauthTokenURI` - The OAuth Access Token URI for the OAuth provider. (Optional)
+- `scope` -  A comma separated lists of OAuth scopes. (Optional)
+- `clientID`: Client ID for the OAuth provider. (Optional)
+- `clientSecret`: Client secret for the OAuth provider. (Optional)
+
+These can also be configured in the trigger metadata except the `clientSecret`
 
 ### TLS with custom CA Certificates
 
@@ -241,3 +253,83 @@ spec:
     authenticationRef:
       name:  keda-trigger-auth-pulsar-credential
 ```
+
+#### OAuth Authentication
+
+In order to enable Pulsar's OAuth Authentication feature, you can use the following example. Note that only client credentials flow is supported.
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: keda-pulsar-secrets
+  namespace: default
+data:
+  oauthTokenURI: <your OAuth URI>
+  scope: <your Scope>
+  clientID: <your clientID>
+  clientSecret: <your clientSecret>
+---
+apiVersion: keda.sh/v1alpha1
+kind: TriggerAuthentication
+metadata:
+  name: keda-trigger-auth-pulsar-credential
+  namespace: default
+spec:
+  secretTargetRef:
+  - parameter: oauthTokenURI
+    name: keda-pulsar-secrets
+    key: oauthTokenURI
+  - parameter: scope
+    name: keda-pulsar-secrets
+    key: scope
+  - parameter: clientID
+    name: keda-pulsar-secrets
+    key: clientID
+  - parameter: clientSecret
+    name: keda-pulsar-secrets
+    key: clientSecret
+---
+apiVersion: keda.sh/v1alpha1
+kind: ScaledObject
+metadata:
+  name: pulsar-scaledobject
+  namespace: default
+spec:
+  scaleTargetRef:
+    name: pulsar-consumer
+  pollingInterval: 30
+  triggers:
+  - type: pulsar
+    metadata:
+      authModes: "oauth"
+      adminURL: https://pulsar.com:8443
+      topic: persistent://public/default/my-topic
+      subscription: sub1
+      msgBacklogThreshold: '5'
+    authenticationRef:
+      name:  keda-trigger-auth-pulsar-credential
+```
+You can also use the following example without `authenticationRef` if your OAuth provider supports.
+
+```yaml
+apiVersion: keda.sh/v1alpha1
+kind: ScaledObject
+metadata:
+  name: pulsar-scaledobject
+  namespace: default
+spec:
+  scaleTargetRef:
+    name: pulsar-consumer
+  pollingInterval: 30
+  triggers:
+  - type: pulsar
+    metadata:
+      authModes: "oauth"
+      adminURL: https://pulsar.com:8443
+      topic: persistent://public/default/my-topic
+      subscription: sub1
+      msgBacklogThreshold: '5'
+      oauthTokenURI: http://oauth.com/oauth2/token
+      scope: <your scope>
+      clientID: <your clientID>
+```
\ No newline at end of file