Closed jcrossley3 closed 3 months ago
I don't know why you get a blank screen at http://localhost:8080/
, that works for me.
For the API, you'll need to provide an OIDC access token. OpenAPI has a login button which works for me.
On the command line I use:
# once
oidc create confidential --issuer http://localhost:8090/realms/trustify --client-id walker --client-secret R8A6KFeyxJsMDBhjfHbpZTIF0GWt43HP trusty
# with every request
http POST localhost:8080/api/v1/importer/cve/force Authorization:$(oidc token trusty -bf)
The so called "PM mode" where we execute cargo run --bin trustd
is actually Dev Mode
(meant for developers), this command is executed on a daily basis (I do, at least). Personally, when I want to play with the REST API, I always execute export AUTH_DISABLED=true
and then cargo run --bin trustd
So, maybe we should have "pm mode" and "dev mode". I think that makes sense. And I would argue we had that with the (now removed) pm
feature gate.
I run
cargo run --bin trustd
I get a blank screen at http://localhost:8080
I get 401 errors executing anything via http://localhost:8080/openapi/
I get 401 errors using curl or httpie.