Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pp: test mTLS and Basic Auth together #6763

Closed
NyaliaLui opened this issue Oct 13, 2022 · 2 comments · Fixed by #7362
Closed

pp: test mTLS and Basic Auth together #6763

NyaliaLui opened this issue Oct 13, 2022 · 2 comments · Fixed by #7362
Assignees
@NyaliaLui
Labels
area/pandaproxy REST interface for Kafka API area/redpanda area/schema-registry Schema Registry service within Redpanda area/security kind/enhance New feature or request

Comments

@NyaliaLui
Copy link
Contributor

#6452 added HTTP Basic Auth support to the Pandaproxy and Schema Registry, however there are a few gaps in test coverage related to mTLS. We need tests for:

  1. When mTLS is the only authn method on the proxy and schema registry
  2. When mTLS + Basic Auth are enabled. This cluster setup implies that the kafka clients within our services are configured with TLS certs and a principal
@NyaliaLui NyaliaLui added kind/enhance New feature or request area/redpanda area/pandaproxy REST interface for Kafka API area/schema-registry Schema Registry service within Redpanda area/security labels Oct 13, 2022
@NyaliaLui NyaliaLui self-assigned this Oct 13, 2022
@NyaliaLui NyaliaLui mentioned this issue Oct 13, 2022
Merged
6 tasks
@NyaliaLui
Copy link
Contributor Author

2. When mTLS + Basic Auth are enabled. This cluster setup implies that the kafka clients within our services are configured with TLS certs and a principal

This test passes manually but getting it setup on ducktape is taking more time.

@NyaliaLui
Copy link
Contributor Author

NyaliaLui commented Nov 10, 2022
edited
Loading

  1. When mTLS is the only authn method on the proxy and schema registry

Got this passing manually but again getting ducktape working is taking more time. The main time suck is seeing if any errors are because of certs, ducktape itself, or our wrappers which also need the certs.

@NyaliaLui NyaliaLui mentioned this issue Nov 17, 2022
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NyaliaLui NyaliaLui

Labels
area/pandaproxy REST interface for Kafka API area/redpanda area/schema-registry Schema Registry service within Redpanda area/security kind/enhance New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

tests: add basic auth mtls tests NyaliaLui/redpanda
1 participant
@NyaliaLui