Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Schema registry authentication #28431

Closed
stefannmih opened this issue Jul 24, 2024 · 6 comments
Closed

Schema registry authentication #28431

stefannmih opened this issue Jul 24, 2024 · 6 comments
Assignees
@dgomezleon
Labels
schema-registry solved stale 15 days without activity tech-issues The user has a technical issue about an application

Comments

@stefannmih
Copy link

stefannmih commented Jul 24, 2024
edited by carrodher
Loading

Name and Version

bitnami/schema-registry:7.3/debian-12

What architecture are you using?

amd64

What steps will reproduce the bug?

Hello,

I am trying to follow the confluent documentation to enable the HTTP basic authentication. As presented here, I need to configure the following settings:

authentication.method=BASIC
authentication.roles=<user-role1>,<user-role2>,...
authentication.realm=<section-in-jaas_config.conf>

Following also this documentation, should let me add the above settings as:

extraEnvVars:
  - name: SCHEMA_REGISTRY_AUTHENTICATION_ROLES
    value: <value>
  - name: SCHEMA_REGISTRY_AUTHENTICATION_METHOD
    value: 'BASIC'
  - name: SCHEMA_REGISTRY_AUTHENTICATION_REALM
    value: <value>

The thing that I noticed is that the bitnami helm chart for the Confluent Schema registry does not add these parameters with my values in the schema-registry.properties. Going further I found that the image for the schema registry uses this script to write the environment variables.

It seems like the docker image does not know what to do with other environment variables than the ones in the schema-registry-env.sh

My questions are:

  1. Am I doing something wrong in setting the basic auth to the schema registry?
  2. Is there any other way to set up basic auth for the schema registry? I was able to set the authentication using:
 configuration: |-
   authentication.method = BASIC
   authentication.realm = KafkaClient
   authentication.roles = admin
   ...

However, this is not the best approach due to the fact that I am also using SASL and the credentials for the schema registry to authenticate to kafka will be visible

What is the expected behavior?

Set up basic HTTP authentication with users taken from a secret

What do you see instead?

The extra environment variables declared by me appear in the pod configuration, however, they have no impact.
@stefannmih stefannmih added the tech-issues The user has a technical issue about an application label Jul 24, 2024
@github-actions github-actions bot added the triage Triage is needed label Jul 24, 2024
@carrodher carrodher transferred this issue from bitnami/containers Jul 25, 2024
@carrodher
Copy link
Member

Did you take a look at those parameters to configure Kafka auth in Schema Registry? https://github.com/bitnami/charts/tree/main/bitnami/schema-registry#enable-authentication-for-kafka

@stefannmih
Copy link
Author

Yes. That describes the authentication from schema registry to kafka. I'm looking for a way to authenticate from client to schema registry.

@github-actions github-actions bot removed the triage Triage is needed label Jul 25, 2024
@github-actions github-actions bot assigned alemorcuq and unassigned carrodher Jul 25, 2024
@stefannmih
Copy link
Author

Did you get the chance to look into it?

@carrodher carrodher assigned dgomezleon and unassigned alemorcuq Jul 31, 2024
@dgomezleon
Copy link
Member

dgomezleon commented Aug 6, 2024
edited
Loading

Hi @stefannmih ,

Thank you for bringing this issue to our attention and sorry for the delay, we have a lot of cases to check these days.

As you mentioned, we did not add those variables to our container, so you need to use the configuration value.

Since you know the env vars that are missing, would you like to contribute by creating a PR for the Schema Registry container? The Bitnami team will be excited to review your submission and offer feedback. You can find the contributing guidelines here.

Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.

@github-actions GitHub Actions
Copy link

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

@github-actions github-actions bot added the stale 15 days without activity label Aug 22, 2024
@github-actions GitHub Actions
Copy link

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

@bitnami-bot bitnami-bot closed this as not planned Won't fix, can't repro, duplicate, stale Aug 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dgomezleon dgomezleon

Labels
schema-registry solved stale 15 days without activity tech-issues The user has a technical issue about an application
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@javsalgar @dgomezleon @bitnami-bot @carrodher @alemorcuq @stefannmih