Closed gabriel-farache closed 9 months ago
It is happening with whatever container that contains a quarkus application. The thing is that properties are processed in buildtime see https://quarkus.io/guides/all-config#quarkus-vertx-http_quarkus.http.auth.policy.-role-policy-.roles-allowed Those policies added in runtime are not being considered. If it's needed some kind security configuration, you will need to set that at container level. (https://kubernetes.io/docs/concepts/security/)
Describe the bug
With the following properties are added to in the
application.properties
of the data index instance (running on local minikube) to only allow some users to access the graphql endpoint:But I get the following error:
It's like the 1st property is ignored...
When setting those properties in a brand new quarkus project (https://quarkus.io/guides/security-oidc-bearer-token-authentication-tutorial) or inside a workflow project, there is no such error
Expected behavior
No Error should be thrown and only user associated with the role
user
shall be able to access/graphql
endpointActual behavior
An error is thrown so the DataIndex is not starting
How to Reproduce?
Steps to reproduce:
Output of
uname -a
orver
No response
Output of
java -version
No response
GraalVM version (if different from Java)
No response
Kogito version or git rev (or at least Quarkus version if you are using Kogito via Quarkus platform BOM)
No response
Build tool (ie. output of
mvnw --version
orgradlew --version
)No response
Additional information
Here is the manifest I use to deploy the DataIndex service in minikue:
And here is my application.properties files (that is in the configmap
data-index-properties
):