-
Bug
-
Resolution: Done
-
Major
-
RHDG Operator CSV 8.3.7 GA
-
None
-
False
-
None
-
False
-
-
-
-
-
-
-
-
Important
Steps
1. Create a new project: oc new-project dgtest
2. Create a secret with a valid certificate:
apiVersion: v1 kind: Secret metadata: name: tls-secret namespace: dgtest type: Opaque stringData: alias: '1' password: pass1 data: cert1.p12: >- MIIJYQIBAzCCCScGCSqGSIb3DQEHAaCCCRgEggkUMIIJEDCCA8cGCSqGSIb3DQEHBqCCA7gwggO0AgEAMIIDrQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIngTjm5HRBqQCAggAgIIDgHwoxUlXTGaF6xYSj++SPg1r+l/eRJ8emjcslh/blGfiDgZ285X80cJy1SKQZzVra110vDa8ojfJHojhHfuVZ5qAqFBHzyOoBWthSDkgH7oa66wNOgpn597UH9nWY59XT/lJoyx5xhczvMqhuP/6B5CnPQ/DJb2tV89V/nj2bnVmkaprdwRaqynAC+En6Y2pLAEnLpj4r42w4MicPl9jNpX0nVXVIjXCQGjdjCKsZfs7zax2ZzRZw2mXxmSb8He4Hz1vLQ4OJxS3YlrNwhOcAWUFsZGW+gSVYJt5rVaQyX1J3nus0OdhmGAIJ3BKsNXZyPakl17aNePvkINmEwd32nM2htc6hAEpfdtKJRc+MLsjJigNu/1TzidvJMUEDLqOShNBjoUGLCcTnwg4bAXKtgmE7Pb54sHW9sjZA4lqI+cO0QQWXCLZSQA0d8ge+oR5Qlxpx4NHTw+MusHEETxbE7Q6sq5wn4N7CV95FNoA+O7qfGrXwFNWLD8VyleWuXA26smxvHtO4ZIgEJ8zHI+nTXwtJzBzUWWyTWNMLUraWkDa5vf5ykeczupfJAkQWFGepCyVmzpeae/F/djXi52dBschwvHU1AHhKNF6MH/QgRivlSb48Qwf1pbglhf+9tlD9agF27lV9peaMBW7yBs/WMxduQnwf31f2Hgsrr/SwmqJ4EV2dds1nTHxo/C5JiHuLOjr9nNJgzdNqXwSkvBGthLEyTUpahSNbjPj+FsF8TYHhqHDDjLcE3mLDQZA04JMVrznxbKncLuaZ2nKSYV+4EnAdPbTSREl0wdekQgpSxvrxf5U2xJXp8F3LctBD/eT580hSULd1uFzFTFY9TwfrhONq1qtQHIHRgJ8r6ubMYdI1OmLtU9Wj0VFCMbtxgyL3gZOilUapcK84GigY9SewKzn2hFWxEiK2Z3Jmk0yOtPnBdL84ltcW1UCQMZaOFaZgVRbQojXNdnXKVw+AYkXzyF/wPw+w42uABc3tKHbxyGONGuQIEFJZ+XGtzHIVCDMX/Wrx0Mr6nsPZIkBxkrKxLZ0lr6dKoJ2oTr2CZmOiu5r1ICYA4iMM+krX1I6zWs2hrfS1Ro1PeBUecKgpIKL8lWR9o1dxwWK/xbuwlsO///JW6iyKRQE3fa/kX+YChKKMPOBKqUL6U1ekpeuIMu1MmUXePq2TzDEa5V5xaDYOvwbMIIFQQYJKoZIhvcNAQcBoIIFMgSCBS4wggUqMIIFJgYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG9w0BDAEDMA4ECCkFaGt1Oqq7AgIIAASCBMj0xF4oXnkC2g6NVrBxoC5bcOBerbdwmI0WldXO6UWg63NMAcYflf4lCMS7uF7OV9h4wfv+J/YpGACKBzOUeH8b0WHQW5JYRTHbZgLkT9EPSSGjUNhnfRiTforru87MAFFkd8ZnSLCyhFNbH1tR3gW54TNsZ5VIm3lfu2YjU0iquDdoHpDNh2fFzMpcfMdRUy294lNSDu4l44qkdugC5CYYhYWrw6uY5MENMreKwwUXBb3oP6W16fewjNwJcXW/gn+YEB5k42yTP0LSd91bdjmDcli7JUWp6iCRQzsrCpddRWCdEMa/6OD+Un0GiufM9FxZY7yCUdg+klco6jGhMQpKp1A1P+dJ9yeIg8cBbvVHOAumgesxfodAHDeb+qVwTA8tZfPX8awSUPI0cgRzZ8i2TnNN22p/PaJpLovn9rk+kqsw3JvzvinxzH0gZ84fqR5R8ip9FwZ/3lbdnEovduKeJxRM4nfShMzl5rpU35R7pn5jBZYrvdR3YOJnWgx1m7UtTEiTq6cxaVuvF6q8HOSLBrLMw5xuYoxjAzlGy92Bh7ttPFMx6T28QCMm/NTaph3E9RbBadpXokhUZ+8L+cBjpqBRbo073vXuG4HFSQtSdw33X3k2TJG+UeBiV0xrkikFy9XlK3YpEAWiw18nJyjabyYx/owgHwTRqloYm3FIbN0XdkYHOtVOH2IDUNG1Z4jKr20laQi4Dqhib1kSwUcBpGi8MZ3iNZJ+Xv8G4b8UD5alJB+mYQvfVyYaORRLW1ol50oX9V1H8cRAMFum/XYFocsCConm2Km46z1pktRUKH5hJfpTqCQ/WDPRkgar+85zUVX6SMRSQ0zhABgOixkYb3CIPnzpn7xvg8lhoeZxwfs89W4M3Gel/r0nEqMPBzbS7VVjhIsg028Uz+rYz5xun2IPZV/iQdHVvQ23LkBLgjLqzDWznczWawtWJ/jSmZhtf/A/V955pBMSGaBqEgpK08n9jtiHtwHvM69o3DIZxfaU6e3D6XIMUIGvcbSzGYvlMJZIF2A58nl/M9Xz2zKw20w+3ltUEVQlI4VO7X97jVqiDQcQoD392wTEQ03BUG/pKv73ruJAAZIVATxBmq2xchhRG2/3HCsdswGsJ37SlbdkvvX0/mQPhYnUW5VlDXoy0XuTrrFfmJ/BG2Y/RqGtNV8gVf7IMhrG2mTgC7+CGbFTgJdtgLGVoSnr0lCMNVUBUpUV64MbjJtLNQjHE0dFp+632f0HXNqjf8FmyeZ+0NTIdiuurxwSQhLgl45vN1RSKmJ0owU9DT7M9yAcfwBsdFwtUjGTWNrykGJJ2lInvuzzveOPnKp7nff2P99l8JBybQOSWjO/uakY00ED50Xw9wtWP5+OTHB3+7N2Ke15uIRI/ST6gPQ4u0OE2bSp70EDTDpAON8huJNZhS/KKAlzEvcBbHAzAVB79nAS/+2zSOqqN4xlOI4OjEIBoZVi6NV6IleEsMZX1cOPiFGRZ0SkA151wvLzVpBrSyUqp5umbIFrJQD+4N5GT44W/zqm6N4lvmepEy0fFiYPxjzJG+67vOZODt4VU0fUpyEAm/LQe9m4msZGoY0j2/XgxN4UFO4lTrADKOD+Otq4KEKbetgyuxxsp7FsA/gxJTAjBgkqhkiG9w0BCRUxFgQUmZs+88tiKa8zbQU22UALOUV4py4wMTAhMAkGBSsOAwIaBQAEFLdgxIF+JlX4754umnGcOCGVex3gBAi7fLTtJb4t9gICCAA=
3. Create an Infinispan CR referencing the previous cert:
apiVersion: infinispan.org/v1
kind: Infinispan
metadata:
name: custom-infinispan
namespace: dgtest
spec:
security:
endpointAuthentication: true
endpointEncryption:
clientCert: None
type: Secret
certSecretName: tls-secret
expose:
type: Route
service:
type: DataGrid
replicas: 1
logging:
categories:
org.infinispan.SERVER: debug
org.wildfly.security: trace
Comparing working - Encryption service type vs Encryption Secret type
Working DG default cert:
<security>
<security-realms>
<security-realm name="default">
<server-identities>
<ssl>
<keystore path="/etc/security/conf/operator-security/keystore.pem" password="***"/>
</ssl>
</server-identities>
<properties-realm groups-attribute="Roles">
<user-properties digest-realm-name="default" path="cli-users.properties"/>
<group-properties path="cli-groups.properties"/>
</properties-realm>
</security-realm>
<security-realm name="admin">
<properties-realm groups-attribute="Roles">
<user-properties digest-realm-name="admin" path="cli-admin-users.properties"/>
<group-properties path="cli-admin-groups.properties"/>
</properties-realm>
</security-realm>
</security-realms>
</security>
Non-Working DG (custom cert - missing server-identities section):
<security>
<security-realms>
<security-realm name="default">
<properties-realm groups-attribute="Roles">
<user-properties digest-realm-name="default" path="cli-users.properties"/>
<group-properties path="cli-groups.properties"/>
</properties-realm>
</security-realm>
<security-realm name="admin">
<properties-realm groups-attribute="Roles">
<user-properties digest-realm-name="admin" path="cli-admin-users.properties"/>
<group-properties path="cli-admin-groups.properties"/>
</properties-realm>
</security-realm>
</security-realms>
</security>
- links to
