search

domnikl / schema-registry-gitops

Manage Confluent Schema Registry subjects through Infrastructure as code
Apache License 2.0
81 stars 11 forks source link

How to provide authentication information for schema registry? #22

Closed vitalvi closed 2 years ago

vitalvi commented 2 years ago

I have tried to use docker run -e SCHEMA_REGISTRY_GITOPS_SCHEMA_REGISTRY_URL=http://user:password@localhost:8085 .... but it returns Unauthorized exception

ERROR io.confluent.kafka.schemaregistry.client.rest.exceptions.RestClientException: 
Unauthorized; error code: 401

Should it be provided somehow differently or may be special options should be used?

vitalvi commented 2 years ago

After some investigation it seems to me there is an issue with schema-registry client which doesn't handle basic authentication properly. https://github.com/confluentinc/schema-registry/issues/1759

domnikl commented 2 years ago

Hi @vitalvi and thanks for using schema-registry-gitops!

I got it working with these environment variables:

SCHEMA_REGISTRY_GITOPS_SCHEMA_REGISTRY_URL=https://localhost:8085
SCHEMA_REGISTRY_GITOPS_SCHEMA_REGISTRY_BASIC_AUTH_CREDENTIALS_SOURCE=USER_INFO
SCHEMA_REGISTRY_GITOPS_SCHEMA_REGISTRY_BASIC_AUTH_USER_INFO=user:password # in plain text, no base64 used

Can you check if that works for you, too? If so I can also put that in the README, I remember I struggled with that for quite some time, too. This is what the last part of https://docs.confluent.io/platform/current/schema-registry/security/index.html#configuring-the-rest-api-for-basic-http-authentication suggests for the client and all variables beginning with SCHEMA_REGISTRY_GITOPS_SCHEMA_REGISTRY_ will be forwarded to the client.

vitalvi commented 2 years ago

Hey @domnikl, yeah, I confirm, these properties work for me too. Thanks a lot for your help.