https://www.ory.sh/ logo
Join Slack
Powered by
Oathkeeper + Keto question here - I'm having an i...
# talk-oathkeeper
m
Oathkeeper + Keto question here - I'm having an invalid rule configuration when trying to use 
remote_json
Oathkeeper config:
Copy code
...
    authorizers:
      allow:
        enabled: true
      deny:
        enabled: true
      remote_json:
        enabled: true
        config:
          remote: <http://srv-access-control-keto-read.platform>-$ENV.svc.cluster.local:80/check
          # <https://github.com/ory/oathkeeper/issues/797>
          forward_response_headers_to_upstream: []
          payload: |
            {
              "subject": "{{ print .Subject }}",
              "resource": "{{ printIndex .MatchContext.RegexpCaptureGroups 0 }}"
            }
...
This renders correctly, pulled straight from an example on github Access Rule config:
Copy code
...
  authorizer:
    handler: remote_json
    config:
      payload: |
        {
          "namespace": "foo",
          "object": "bar",
          "relation": "admin"
        }
...
Yet the oathkeeper maester tells me the configuration for 
remote_json
is invalid and my access rule doesn't work. It works fine if I set the authorizer to 
allow
or 
deny
, etc
@User any ideas here? I'm using Oathkeeper 
0.38.25-beta.1
and following the rule examples from the documentation - I also tried what @User suggested below by changing the payload to a JSON string on one line but the rule is still invalid
Copy code
"invalid handlers: [authorizer/remote_json], please check the configuration"
I was under the impression 
remote_json
should be in favor of 
keto_engine_acp_ory
since it is more generic via @User here: https://community.ory.sh/t/problems-with-configuration-of-keto-engine-acp-ory-authorizer/2079/2
34 Views
Open in Slack
PreviousNext
Powered by