https://www.ory.sh/ logo
#talk-oathkeeper
Title
# talk-oathkeeper
m

microscopic-piano-51504

04/22/2022, 6:29 PM
Oathkeeper + Keto question here - I'm having an invalid rule configuration when trying to use
remote_json
Oathkeeper config:
Copy code
...
    authorizers:
      allow:
        enabled: true
      deny:
        enabled: true
      remote_json:
        enabled: true
        config:
          remote: <http://srv-access-control-keto-read.platform>-$ENV.svc.cluster.local:80/check
          # <https://github.com/ory/oathkeeper/issues/797>
          forward_response_headers_to_upstream: []
          payload: |
            {
              "subject": "{{ print .Subject }}",
              "resource": "{{ printIndex .MatchContext.RegexpCaptureGroups 0 }}"
            }
...
This renders correctly, pulled straight from an example on github Access Rule config:
Copy code
...
  authorizer:
    handler: remote_json
    config:
      payload: |
        {
          "namespace": "foo",
          "object": "bar",
          "relation": "admin"
        }
...
Yet the oathkeeper maester tells me the configuration for
remote_json
is invalid and my access rule doesn't work. It works fine if I set the authorizer to
allow
or
deny
, etc
@User any ideas here? I'm using Oathkeeper
0.38.25-beta.1
and following the rule examples from the documentation - I also tried what @User suggested below by changing the payload to a JSON string on one line but the rule is still invalid
Copy code
"invalid handlers: [authorizer/remote_json], please check the configuration"
I was under the impression
remote_json
should be in favor of
keto_engine_acp_ory
since it is more generic via @User here: https://community.ory.sh/t/problems-with-configuration-of-keto-engine-acp-ory-authorizer/2079/2
31 Views