KOGITO-4972: Enable security on infinispan container in process-usert… (

apache#654) * KOGITO-4972: Enable security on infinispan container in process-usertasks-with-security-oidc-quarkus-with-console example * set back kogito-data-index-infinispan to prod image
dupliaka · Apr 21, 2021 · 99169b4 · 99169b4
1 parent 66a182f
commit 99169b4
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 4 deletions.
diff --git a/process-usertasks-timer-quarkus-with-console/docker-compose/docker-compose.yml b/process-usertasks-timer-quarkus-with-console/docker-compose/docker-compose.yml
@@ -52,7 +52,7 @@ services:
 
   data-index:
     container_name: data-index
-    image: quay.io/kiegroup/kogito-data-index-infinispan-nightly:${KOGITO_VERSION}
+    image: quay.io/kiegroup/kogito-data-index-infinispan:${KOGITO_VERSION}
     ports:
       - "8180:8080"
     depends_on:

diff --git a/process-usertasks-with-security-oidc-quarkus-with-console/docker-compose/docker-compose.yml b/process-usertasks-with-security-oidc-quarkus-with-console/docker-compose/docker-compose.yml
@@ -10,6 +10,8 @@ services:
     command: "/opt/infinispan/bin/server.sh -c infinispan-demo.xml"
     volumes:
       - ./infinispan/infinispan.xml:/opt/infinispan/server/conf/infinispan-demo.xml:z
+      - ./infinispan/users.properties:/opt/infinispan/server/conf/users.properties
+      - ./infinispan/groups.properties:/opt/infinispan/server/conf/groups.properties
     healthcheck:
       test: [ "CMD", "curl", "-f", "http://localhost:11222/rest/v2/cache-managers/default/health/status" ]
       interval: 1s
@@ -81,6 +83,10 @@ services:
       - ./persistence/:/home/kogito/data/protobufs/
     environment:
       QUARKUS_INFINISPAN_CLIENT_SERVER_LIST: infinispan:11222
+      QUARKUS_INFINISPAN_CLIENT_USE_AUTH: "true"
+      QUARKUS_INFINISPAN_CLIENT_AUTH_USERNAME: admin
+      QUARKUS_INFINISPAN_CLIENT_AUTH_PASSWORD: admin
+      QUARKUS_INFINISPAN_CLIENT_SASL_MECHANISM: PLAIN
       KAFKA_BOOTSTRAP_SERVERS: kafka:29092
       KOGITO_DATA_INDEX_PROPS: -Dkogito.protobuf.folder=/home/kogito/data/protobufs/
 

diff --git a/...tasks-with-security-oidc-quarkus-with-console/docker-compose/infinispan/groups.properties b/...tasks-with-security-oidc-quarkus-with-console/docker-compose/infinispan/groups.properties
@@ -0,0 +1 @@
+admin=admin
diff --git a/...sertasks-with-security-oidc-quarkus-with-console/docker-compose/infinispan/infinispan.xml b/...sertasks-with-security-oidc-quarkus-with-console/docker-compose/infinispan/infinispan.xml
@@ -13,15 +13,19 @@
       <security-realms>
         <security-realm name='default'>
           <properties-realm groups-attribute='Roles'>
-            <user-properties path='users.properties' relative-to='infinispan.server.config.path'/>
+            <user-properties path='users.properties' relative-to='infinispan.server.config.path' plain-text='true'/>
             <group-properties path='groups.properties' relative-to='infinispan.server.config.path'/>
           </properties-realm>
         </security-realm>
       </security-realms>
     </security>
     <endpoints socket-binding='default' security-realm='default'>
-      <hotrod-connector name="hotrod"/>
+      <hotrod-connector name="hotrod">
+        <authentication>
+          <sasl mechanisms="PLAIN DIGEST-MD5 SCRAM-SHA-512" qop="auth" server-name="infinispan"/>
+        </authentication>
+      </hotrod-connector>
       <rest-connector name="rest"/>
     </endpoints>
   </server>
-</infinispan>
+</infinispan>
diff --git a/...rtasks-with-security-oidc-quarkus-with-console/docker-compose/infinispan/users.properties b/...rtasks-with-security-oidc-quarkus-with-console/docker-compose/infinispan/users.properties
@@ -0,0 +1 @@
+admin=admin