[ISSUE] Connectors-Bundle Authentication doesn't work with demo/demo (credentials) since Operate 8.5.1 #2278
Labels
good first issue
Good for newcomers
kind/issue
Unidentified issue, it could be a bug, misconfig, or anything in between
platform/aws
Issues related to AWS
platform/gcp
Issues related to GCP
Describe the issue:
We have a small test environment where we have changed the authentication to “credentials” and we therefore only log in to Operate with demo/demo as access data (as in the KIND setup). These credentials are also used by the connectors-bundle so that it can communicate with operate accordingly.
After we rolled out the latest Helm Chart version and Operate was updated to the latest version, we noticed that the connectors-bundle and our custom connectors could no longer authenticate to operate and were rejected by Operate with a 403 response.
Since all environment variables and parameters in the ConfigMaps were correct and we did not change anything in this regard, I came across a new feature in Operate 8.5.1:
https://github.com/camunda/camunda/releases/tag/operate-8.5.1
I did some searching in the source code and came across the corresponding property with which you can temporarily deactivate CSRF protection and after I had set it, it worked again:
CAMUNDA_OPERATE_CSRF_PREVENTION_ENABLED: false
I don't know whether this should also be used by default for the KIND environment or whether there would have been another solution. And whether this is the right repo to communicate this.
Actual behavior:
After we updated the Helm Charts to the latest version 8.3.2 and set
inbound.mode
tocredentials
, the authentication on the operate no longer worked. Althoughdemo/demo
is correctly specified as the environment variable for the access data.Expected behavior:
The components can successfully log on to Operate.
How to reproduce:
It should be enough to set up the KIND setup to find the error. In addition, the
inbound.mode
must be set tocredentials
and must not be deactivated.Logs:
{"timestampSeconds":1724996383,"timestampNanos":362572504,"severity":"ERROR","thread":"scheduling-1","logger":"io.camunda.connector.runtime.inbound.importer.ProcessDefinitionImporter","message":"Failed to import process definitions\nio.camunda.common.exception.SdkException: io.camunda.common.exception.SdkException: Response not successful: 403\n\tat io.camunda.common.http.DefaultHttpClient.post(DefaultHttpClient.java:162)\n\tat io.camunda.operate.CamundaOperateClient.searchProcessDefinitionResults(CamundaOperateClient.java:46)\n\tat io.camunda.connector.runtime.inbound.importer.ProcessDefinitionSearch.query(ProcessDefinitionSearch.java:72)\n\tat io.camunda.connector.runtime.inbound.importer.ProcessDefinitionImporter.scheduleImport(ProcessDefinitionImporter.java:55)\n\tat java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(Unknown Source)\n\tat java.base/java.lang.reflect.Method.invoke(Unknown Source)\n\tat org.springframework.scheduling.support.ScheduledMethodRunnable.runInternal(ScheduledMethodRunnable.java:130)\n\tat org.springframework.scheduling.support.ScheduledMethodRunnable.lambda$run$2(ScheduledMethodRunnable.java:124)\n\tat io.micrometer.observation.Observation.observe(Observation.java:499)\n\tat org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:124)\n\tat org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)\n\tat java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)\n\tat java.base/java.util.concurrent.FutureTask.runAndReset(Unknown Source)\n\tat java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)\n\tat java.base/java.lang.Thread.run(Unknown Source)\nCaused by: io.camunda.common.exception.SdkException: Response not successful: 403\n\tat io.camunda.common.http.DefaultHttpClient.parseAndRetry(DefaultHttpClient.java:295)\n\tat io.camunda.common.http.DefaultHttpClient.post(DefaultHttpClient.java:153)\n\t... 16 common frames omitted\n","context":"default","serviceContext":{"service":"connectors","version":"unknown"}}
Environment:
Platform: GCP
Helm CLI version: v3.15.4
Chart version: 10.3.2
The text was updated successfully, but these errors were encountered: