-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide a way to change the host used for endpoints #1785
Comments
- Update docker command to volume in keycloak_data.yaml. - Command fails to run if this file isn't present. - Update otdfctl client-credentials command. - Created issue opentdf#1785, that came up when testing this documentation. - Specifically, when the otdfctl command tries to run it fails due to it looking for the keycloak host instead of localhost.
- Update docker command to volume in keycloak_data.yaml. - Command fails to run if this file isn't present. - Update otdfctl client-credentials command. - Created issue opentdf#1785, that came up when testing this documentation. - Specifically, when the otdfctl command tries to run it fails due to it looking for the keycloak host instead of localhost.
- Update docker command to volume in keycloak_data.yaml. - Command fails to run if this file isn't present. - Update otdfctl client-credentials command. - Created issue opentdf#1785, that came up when testing this documentation. - Specifically, when the otdfctl command tries to run it fails due to it looking for the keycloak host instead of localhost.
I believe this would also be needed in the case of deploying the platform via a server in a cloud or on premise but trying to use the CLI or perhaps the SDK locally on a laptop. @dmihalcik-virtru @jakedoublev is this type of connection currently supported? Or is only using |
Hi @shanedell. Apologies, but I'm not totally sure I'm following. If you replace all references of The CLI ( |
@jakedoublev If I change the instances of time=2024-12-04T22:52:57.158Z level=ERROR msg="issue creating opentdf server" error="failed to create authentication interceptor: Get \"http://localhost:8888/auth/realms/opentdf/.well-known/openid-configuration\": dial tcp [::1]:8888: connect: connection refused"
Error: issue creating opentdf server: failed to create authentication interceptor: Get "http://localhost:8888/auth/realms/opentdf/.well-known/openid-configuration": dial tcp [::1]:8888: connect: connection refused
time=2024-12-04T22:52:57.158Z level=ERROR msg="issue starting opentdf" error="issue creating opentdf server: failed to create authentication interceptor: Get \"http://localhost:8888/auth/realms/opentdf/.well-known/openid-configuration\": dial tcp [::1]:8888: connect: connection refused" To try to work around this the Basically once everything is up and runnning it seems there is no way to connect with the CLI, the only way I can think of it working is running the CLI in a docker container that joins the docker network However, when running the platform via: The comment I left is about connecting a connect to a remote server instead of the same machine, for example: Mac (otdfctl/sdk) -> Linux VM in Digital Ocean (platform) Is that supported or not currently? |
- Update docker command to volume in keycloak_data.yaml. - Command fails to run if this file isn't present. - Update otdfctl client-credentials command. - Created issue opentdf#1785, that came up when testing this documentation. - Specifically, when the otdfctl command tries to run it fails due to it looking for the keycloak host instead of localhost. - Add --rm to bootstrap keycloak command so no hanging container is leftover.
@jakedoublev Pinging here in case there are some ideas on what I should try to fix my issue and/or info on remote connections. |
@shanedell I think the issue is that keycloak is setting the issuer to https://www.keycloak.org/server/hostname#_utilizing_an_internal_url_for_communication_among_clients |
@jakedoublev @strantalis I am still having trouble with this. @strantalis I am not sure how to use the link you provided to solve the issue I am facing. The error is also a bit different when running a different command on Linux, since you need to use otdfctl policy attributes list --host http://localhost:8080 --with-client-creds-file ./creds.json I get this error ERROR Failed to authenticate with flag-provided client credentials.: Get "http://keycloak:8888/auth/realms/opentdf/.well-known/openid-configuration": dial tcp: lookup keycloak on 127.0.0.53:53: server misbehaving |
Now if I add these to the
For keycloak I get further but then get this: ERROR Failed to authenticate with flag-provided client credentials.: invalid character '<' looking for beginning of value When running: otdfctl --host http://localhost:8080 --with-client-creds-file ./creds.json policy attributes list |
Issue
When running using
Contributing.md
, once you get to running the CLI issues come up. This is due to everything running in docker so it is trying to use thekeycloak
docker service as a host. However, if you don't have access to theopentdf_platform
and are running another docker container, the host cannot be accessed.Possible fix
To get around this error I believe the sdk could be updated to allow the overriding of the host if specified. Meaning for example the CLI can make a new flag
--endpoint-host
that is passed to theNew
function for the SDK. Then the host is replaced with that value, or if its the same do nothing.Steps to reproduce
Standup platform
Try testing with otdfctl
git clone https://github.com/opentdf/otdfctl.git cd otdfctl go run main.go auth client-credentials --host http://localhost:8080 opentdf secret
output received from
go
command:The text was updated successfully, but these errors were encountered: