Authentication of Karapace Schema Registry

[mnithaworn]

I am trying to enable authentication and user authorization for the registry schema. I'm a little lost on how to get this working.

I am building the source into a Docker image and then running the container. This works fine but now I want to enable authentication for registry schema.

• I've created authfile.json with sample JSON similar to what is on the github README but with actual hash and salt values of course.
• I also edited the karapace.conf.json and set the value registry_authfile to the intended location of authfile.json which is /opt/karapace/authfile.json for the container and then build.
• I make sure that authfile.json is at /opt/karapace/authfile.json in the container before container start and verify it is present
• I assume that this is all that is needed to work

Are these steps correct or is there something missing? Just using and going by the example, seems like every time I do a curl post to subject "general.xxxx" it goes through regardless even without a user and password or a wrong user and password (i.e curl command with -u user:password).

curl -X POST -H "Content-Type: application/vnd.schemaregistry.v1+json" \
  --data '{"schemaType": "JSON", "schema": "{\"type\": \"object\",\"properties\":{\"age\":{\"type\": \"number\"}},\"additionalProperties\":true}"}' \
  http://localhost:8081/subjects/general.xxx/versions

The above always works but I expected to get rejected since I did not have a -u user:password

[muralibasani]

@mnithaworn Below here I have a working example.

registry_authfile : "path/authfile.json"

authfile.json

{
        "users": [
            {
                "username": "user",
                "algorithm": "sha512",
                "salt": "*******",
                "password_hash": "*******"
            },
            {
                "username": "admin",
                "algorithm": "sha512",
                "salt": "*****",
                "password_hash": "*****"
            }
        ],
        "permissions": [
            {
                "username": "admin",
                "operation": "Write",
                "resource": ".*"
            },
            {
                "username": "user",
                "operation": "Read",
                "resource": ".*"
            }
        ]
}

If I try to get subjects,
curl http://localhost:8081/subjects
{"message":"Unauthorized"}%

curl -X GET -u "user:password" http://localhost:8081/subjects
["testtopic-value"]%