Spring Cloud Data Flow Basic Authentication

Question

Spring Cloud Data Flow Server (Local) does not have any dynamic way to set up users and roles either through dashboard UI or shell, ie. there is no way to add or delete users with roles while the server is running.

I have been able to get both single user or file based authentication and authorization working but both of them I had to set up the docker-compose.yml file like so:

• spring.cloud.dataflow.security.authentication.file.enabled=true
  • spring.cloud.dataflow.security.authentication.file.users.bob=bobpass, ROLE_MANAGE
  • spring.cloud.dataflow.security.authentication.file.users.alice=alicepass, ROLE_VIEW, ROLE_CREATE
  • spring.cloud.dataflow.security.authentication.file.users.hare=harepass, ROLE_VIEW

However, if I have to add new users with roles, I will have to docker-compose down, edit the docker-compose.yml and then do docker-compose up, for the new user authentication authorization to work.

Is there any work around this?

Answer 1

There isn't any other approach to dynamically add/update users and then have it reflect at runtime in SCDF.

However, in SCDF 2.0, we have redesigned/rewritten the security architecture. In this baseline, we rely on Cloud Foundry's UAA component, which is a standalone application that can work in Local, CF or K8s.

Here, you can directly interact with UAA outside of SCDF. You can add, update, and delete users, too. Of course, you can centrally manage the OAuth token-credentials such as remote renewals and revocations. Check out the end-to-end sample demonstration of the new design with SCDF + OAuth + LDAP, all in action.

The recent 2.0 M1 release already include this improvement - see blog. Try it out and let us know if you have any questions/feedback.

UPDATE:

I recently also bumped into a UAA Web-UI from the community. Perhaps UAA team could consider adding it to the official stack eventually.