Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to skip basic authentication for specified paths in ksqldb-server #9206

Closed
mpistrang opened this issue Jun 16, 2022 · 10 comments · Fixed by #9224 or #9669
Closed

Unable to skip basic authentication for specified paths in ksqldb-server #9206

mpistrang opened this issue Jun 16, 2022 · 10 comments · Fixed by #9224 or #9669
Assignees
@lucasbru
Labels
bug P0 Denotes must-have for a given milestone streaming-engine Tickets owned by the ksqlDB Streaming Team

Comments

@mpistrang
Copy link

mpistrang commented Jun 16, 2022
edited
Loading

Describe the bug
Use of the config option authentication.skip.paths does not actually allow the specified paths to skip basic authentication for ksqldb-server.

To Reproduce
Steps to reproduce the behavior, include:

  1. Using this fork of confluentinc/cp-all-in-one
  2. In the cp-all-in-one-community directory un docker-compose -f docker-compose.yml -f docker-compose.ksqldb-server-basic-auth.yml up -d
  3. Note that in the docker-compose.ksqldb-server-basic-auth.yml override file basic auth is configured for ksqldb-server along with /healthcheck defined in the authentication.skip.paths option.

Expected behavior
The command curl localhost:8088/healthcheck with no basic auth provided returns the health check information

Actual behavior
The command curl localhost:8088/healthcheck returns an HTTP 401

Additional context
I expect there is additional configuration that I am missing here, but so far I have not found what it could be.
@mpistrang mpistrang changed the title Unable to skip basic authorization for specified paths in ksqldb-server Unable to skip basic authentication for specified paths in ksqldb-server Jun 16, 2022
@suhas-satish
Copy link
Member

@alapidas , this seems to be control plane stuff, can you take this?

@suhas-satish suhas-satish added the core-infra Issues owned by the ksqlDB Core Infra team label Jun 17, 2022
@agavra agavra self-assigned this Jun 24, 2022
@agavra
Copy link
Contributor

agavra commented Jun 24, 2022

I was able to confirm the bug, working on a patch now.

@agavra agavra mentioned this issue Jun 24, 2022
Merged
2 tasks
@agavra agavra closed this as completed Jun 29, 2022
@lucasprograms
Copy link

@agavra do you expect that this will be included in the ksqldb 0.28 release?

@agavra
Copy link
Contributor

agavra commented Aug 9, 2022

yes, this should be part of the 0.28 release :)

@nmckimm
Copy link

nmckimm commented Sep 20, 2022

Has anyone managed to get this working on version 0.28.2? The change has been merged but I still cant skip /heartbeat or /lag using authentication.skip.paths.

@lucasprograms
Copy link

Not working for me either - trying to use the same skip paths configuration as seen here:
https://github.com/mpistrang/cp-all-in-one/blob/ksqldb-server-basic-auth-example/cp-all-in-one-community/docker-compose.ksqldb-server-basic-auth.yml#L11

@eoc-ross
Copy link

Same here.

It appears that the config is loaded but ignored. Here's the relevant log snippet

authentication.method = BASIC
authentication.realm = KsqlServer-Props
authentication.roles = [admin]
authentication.skip.paths = [/healthcheck, /lag, /info]

Has this anything to do with the internal listener address?

@lucasprograms
Copy link

hey @agavra , possible to reopen this?

@agavra
Copy link
Contributor

agavra commented Oct 17, 2022

yeah I'll reopen this - cc @suhas-satish @alapidas

@agavra agavra reopened this Oct 17, 2022
@suhas-satish suhas-satish added streaming-engine Tickets owned by the ksqlDB Streaming Team P0 Denotes must-have for a given milestone and removed core-infra Issues owned by the ksqlDB Core Infra team labels Oct 24, 2022
@lucasbru lucasbru self-assigned this Oct 25, 2022
@lucasbru
Copy link
Member

I was able to reproduce the bug on master, and yes, the parameter is completely ignored for basic auth. I will implement a fix.

@lucasbru lucasbru mentioned this issue Oct 26, 2022
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lucasbru lucasbru

Labels
bug P0 Denotes must-have for a given milestone streaming-engine Tickets owned by the ksqlDB Streaming Team
Projects
None yet
Milestone
No milestone
7 participants
@mpistrang @lucasbru @agavra @lucasprograms @nmckimm @eoc-ross @suhas-satish