Authentication of Karapace Schema Registry

[mnithaworn]

I am trying to enable authentication and user authorization for the registry schema. I'm a little lost on how to get this working.

I am building the source into a Docker image and then running the container. This works fine but now I want to enable authentication for registry schema.

• I've created authfile.json with sample JSON similar to what is on the github README but with actual hash and salt values of course.
• I also edited the karapace.conf.json and set the value registry_authfile to the intended location of authfile.json which is /opt/karapace/authfile.json for the container and then build.
• I make sure that authfile.json is at /opt/karapace/authfile.json in the container before container start and verify it is present
• I assume that this is all that is needed to work

Are these steps correct or is there something missing? Just using and going by the example, seems like every time I do a curl post to subject "general.xxxx" it goes through regardless even without a user and password or a wrong user and password (i.e curl command with -u user:password).

curl -X POST -H "Content-Type: application/vnd.schemaregistry.v1+json" \
  --data '{"schemaType": "JSON", "schema": "{\"type\": \"object\",\"properties\":{\"age\":{\"type\": \"number\"}},\"additionalProperties\":true}"}' \
  http://localhost:8081/subjects/general.xxx/versions

The above always works but I expected to get rejected since I did not have a -u user:password