[ISSUE] Connectors-Bundle Authentication doesn't work with demo/demo (credentials) since Operate 8.5.1 #2278
Labels
good first issue
Good for newcomers
kind/issue
Unidentified issue, it could be a bug, misconfig, or anything in between
platform/aws
Issues related to AWS
platform/gcp
Issues related to GCP
Comments
lukas-beumer
added
the
kind/issue
github-actions
bot
added
platform/aws
|
@lukas-beumer We have raised https://jira.camunda.com/browse/SUPPORT-23428 for this issue. Will continue discussion in https://jira.camunda.com/browse/SUPPORT-23428 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the issue:
We have a small test environment where we have changed the authentication to “credentials” and we therefore only log in to Operate with demo/demo as access data (as in the KIND setup). These credentials are also used by the connectors-bundle so that it can communicate with operate accordingly.
After we rolled out the latest Helm Chart version and Operate was updated to the latest version, we noticed that the connectors-bundle and our custom connectors could no longer authenticate to operate and were rejected by Operate with a 403 response.
Since all environment variables and parameters in the ConfigMaps were correct and we did not change anything in this regard, I came across a new feature in Operate 8.5.1:
https://github.com/camunda/camunda/releases/tag/operate-8.5.1
I did some searching in the source code and came across the corresponding property with which you can temporarily deactivate CSRF protection and after I had set it, it worked again:
CAMUNDA_OPERATE_CSRF_PREVENTION_ENABLED: falseI don't know whether this should also be used by default for the KIND environment or whether there would have been another solution. And whether this is the right repo to communicate this.
Actual behavior:
After we updated the Helm Charts to the latest version 8.3.2 and set
inbound.modetocredentials, the authentication on the operate no longer worked. Althoughdemo/demois correctly specified as the environment variable for the access data.Expected behavior:
The components can successfully log on to Operate.
How to reproduce:
It should be enough to set up the KIND setup to find the error. In addition, the
inbound.modemust be set tocredentialsand must not be deactivated.Logs:
{"timestampSeconds":1724996383,"timestampNanos":362572504,"severity":"ERROR","thread":"scheduling-1","logger":"io.camunda.connector.runtime.inbound.importer.ProcessDefinitionImporter","message":"Failed to import process definitions\nio.camunda.common.exception.SdkException: io.camunda.common.exception.SdkException: Response not successful: 403\n\tat io.camunda.common.http.DefaultHttpClient.post(DefaultHttpClient.java:162)\n\tat io.camunda.operate.CamundaOperateClient.searchProcessDefinitionResults(CamundaOperateClient.java:46)\n\tat io.camunda.connector.runtime.inbound.importer.ProcessDefinitionSearch.query(ProcessDefinitionSearch.java:72)\n\tat io.camunda.connector.runtime.inbound.importer.ProcessDefinitionImporter.scheduleImport(ProcessDefinitionImporter.java:55)\n\tat java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(Unknown Source)\n\tat java.base/java.lang.reflect.Method.invoke(Unknown Source)\n\tat org.springframework.scheduling.support.ScheduledMethodRunnable.runInternal(ScheduledMethodRunnable.java:130)\n\tat org.springframework.scheduling.support.ScheduledMethodRunnable.lambda$run$2(ScheduledMethodRunnable.java:124)\n\tat io.micrometer.observation.Observation.observe(Observation.java:499)\n\tat org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:124)\n\tat org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)\n\tat java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)\n\tat java.base/java.util.concurrent.FutureTask.runAndReset(Unknown Source)\n\tat java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)\n\tat java.base/java.lang.Thread.run(Unknown Source)\nCaused by: io.camunda.common.exception.SdkException: Response not successful: 403\n\tat io.camunda.common.http.DefaultHttpClient.parseAndRetry(DefaultHttpClient.java:295)\n\tat io.camunda.common.http.DefaultHttpClient.post(DefaultHttpClient.java:153)\n\t... 16 common frames omitted\n","context":"default","serviceContext":{"service":"connectors","version":"unknown"}}Environment:
Platform: GCP
Helm CLI version: v3.15.4
Chart version: 10.3.2
The text was updated successfully, but these errors were encountered: