[ https://jira.fiware.org/browse/HELP-22025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Fernando Lopez reassigned HELP-22025:
-------------------------------------
Assignee: Alvaro Alonso
> [fiware-stackoverflow] Kong-keyrock Authorize issue with Query parameter (type)
> -------------------------------------------------------------------------------
>
> Key: HELP-22025
> URL: https://jira.fiware.org/browse/HELP-22025
> Project: Help-Desk
> Issue Type: Monitor
> Components: FIWARE-TECH-HELP
> Reporter: Backlog Manager
> Assignee: Alvaro Alonso
> Labels: fiware, fiware-keyrock, kong-plugin
>
> Created question in FIWARE Q/A platform on 16-08-2023 at 12:08
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/76913712/kong-keyrock-authorize-issue-with-query-parameter-type
> +Question:+
> Kong-keyrock Authorize issue with Query parameter (type)
> +Description:+
> I tried to use the Kong image (0.5.3) and install kong successfully and was able to connect with Keyrock
> Why am i not able to give Query paramter : type as a filter in keyrock permission so that user with specific permission entity type can only get the data of of that entity type and get denied for rest of the entity types
> my kong congif
> #####orion
> - host: "orion.fiware.svc.cluster.local"
> name: "orion"
> port: 1026
> protocol: http
> routes:
> - name: orion
> paths:
> - /kong_prefix
> strip_path: true
>
> plugins:
> - name: rate-limiting
> config:
> minute: 5
>
> - name: pep-plugin
> config:
> authorizationendpointtype: Keyrock
> authorizationendpointaddress: http://keyrock.fiware.svc.cluster.local:3005/user
> keyrockappid: 8216*********************************
> pathprefix: /kong_prefix
>
> - name: request-transformer
> config:
> remove:
> headers:
> - Authorization
> - authorization
>
> how can i give permission based on Query paramter : type .
> I have a issue with keyrock permission :
> **Without using Query parameters**
> I have set the keyrock permission method: GET, resource : **/ngsi-ld/v1/entities**
> when i try to get the entities using postman it works with out issues
>
> **With using Query parameters**
> But when i set the keyrock permission method: GET, resource: **/ngsi-ld/v1/entities?type=city**
> This fails to authorize gives error:
> [pep-plugin:1121] time="2023-08-10T06:16:21Z" level=debug msg="Delegate decision to Keyrock.", context: ngx.timer
> [pep-plugin:1121] time="2023-08-10T06:16:21Z" level=info msg="[Keyrock] Request was not allowed. Response was &
> {0xc00020ed00 {0 0} false 0xc000022080 <nil> 0x6a1100}.", context: ngx.timer
> [pep-plugin:1121] time="2023-08-10T06:16:21Z" level=info msg="Request was not allowed.", context: ngx.timer
>
> Same situation when i try to POST the data
> **Without using Query parameters**
> I have set the keyrock permission method: GET, resource : **/ngsi-ld/v1/entityOperations/upsert**
> when i try to get the entities using postman it works with out issues
>
> **With using Query parameters**
> But when i set the keyrock permission method: GET, resource: **/ngsi-ld/v1/entityOperations/upsert?type=city**
> This fails to authorize gives error:
> [pep-plugin:1121] time="2023-08-10T06:16:21Z" level=debug msg="Delegate decision to Keyrock.", context: ngx.timer
> [pep-plugin:1121] time="2023-08-10T06:16:21Z" level=info msg="[Keyrock] Request was not allowed. Response was &
> {0xc00020ed00 {0 0} false 0xc000022080 <nil> 0x6a1100}.", context: ngx.timer
> [pep-plugin:1121] time="2023-08-10T06:16:21Z" level=info msg="Request was not allowed.", context: ngx.timer
>
--
This message was sent by Atlassian JIRA
(v6.4.1#64016)
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy