Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document how to set basic authentication #25

Open
strowk opened this issue Jul 27, 2020 · 4 comments
Open

Document how to set basic authentication #25

strowk opened this issue Jul 27, 2020 · 4 comments

Comments

@strowk
Copy link

strowk commented Jul 27, 2020

I started reading this
https://docs.confluent.io/current/security/basic-auth.html
and this
https://hub.docker.com/r/confluentinc/cp-schema-registry

I could not find there information how to configure basic auth for schema registry.
Then I looked at
https://github.com/confluentinc/cp-docker-images/blob/v5.2.1/debian/schema-registry/Dockerfile
https://github.com/confluentinc/cp-docker-images/blob/v5.2.1/debian/schema-registry/include/etc/confluent/docker/run
https://github.com/confluentinc/cp-docker-images/blob/v5.2.1/debian/schema-registry/include/etc/confluent/docker/launch
https://github.com/confluentinc/cp-docker-images/blob/v5.2.1/debian/schema-registry/include/etc/confluent/docker/configure

So far I understood that schema-registry.properties mentioned in https://docs.confluent.io/current/security/basic-auth.html comes from line
https://github.com/confluentinc/cp-docker-images/blob/v5.2.1/debian/schema-registry/include/etc/confluent/docker/configure#L37
But I don't understand where does template

/etc/confluent/docker/${COMPONENT}.properties.template"

comes from and what does it have in place of authentication.roles, authentication.method and authentication.realm. Could you please help me with it?

Ideally documentation of this docker image should have a section with that information. I think configuring basic authentication is a very important task and this image could not be used in production if that procedure is not explained in its documentation.
@fxn
Copy link

fxn commented Aug 11, 2020

Seconded.

@imran-els
Copy link

I've had the need for this (for our tests) as well, and got it running as a docker composition where I had to include jaas_config file along with a file that had users (I used PropertyFileLoginModule) into a volume which got attached to the container. With that and using a few environment variables I got basic auth configured for the container. This is far from ideal as I've had to create the files and do the volume mounting for it to work. I couldn't find a different way to get it working based on what is available now by this image.

Given that schema registry uses jaas perhaps it would be useful if at lease a built in PropertyFileLoginModule can be configured when using this image with the provision to include other types as well (i.e. ladap, jdbc)

@gmanolache
Copy link

@imran-els Hello, I'm struggling with the same issue, do you have an example on how you set up the jaas_config file ?

@NickLavrov
Copy link

See https://stackoverflow.com/questions/65931319/how-to-run-schema-registry-container-for-sasl-plain-kafka-cluster/65943146#65943146 I set SCHEMA_REGISTRY_KAFKASTORE_SASL_JAAS_CONFIG directly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@fxn @gmanolache @NickLavrov @strowk @imran-els