microscopic-piano-51504
04/22/2022, 6:29 PMremote_json
Oathkeeper config:
...
authorizers:
allow:
enabled: true
deny:
enabled: true
remote_json:
enabled: true
config:
remote: <http://srv-access-control-keto-read.platform>-$ENV.svc.cluster.local:80/check
# <https://github.com/ory/oathkeeper/issues/797>
forward_response_headers_to_upstream: []
payload: |
{
"subject": "{{ print .Subject }}",
"resource": "{{ printIndex .MatchContext.RegexpCaptureGroups 0 }}"
}
...
This renders correctly, pulled straight from an example on github
Access Rule config:
...
authorizer:
handler: remote_json
config:
payload: |
{
"namespace": "foo",
"object": "bar",
"relation": "admin"
}
...
Yet the oathkeeper maester tells me the configuration for remote_json
is invalid and my access rule doesn't work. It works fine if I set the authorizer to allow
or deny
, etcmicroscopic-piano-51504
04/25/2022, 6:34 PM0.38.25-beta.1
and following the rule examples from the documentation - I also tried what @User suggested below by changing the payload to a JSON string on one line but the rule is still invalidmicroscopic-piano-51504
04/25/2022, 8:46 PM"invalid handlers: [authorizer/remote_json], please check the configuration"
microscopic-piano-51504
04/25/2022, 10:07 PMmicroscopic-piano-51504
04/25/2022, 10:07 PMremote_json
should be in favor of keto_engine_acp_ory
since it is more generic via @User here:
https://community.ory.sh/t/problems-with-configuration-of-keto-engine-acp-ory-authorizer/2079/2