diff --git a/README.md b/README.md index e20af037a6..d7f50fba90 100644 --- a/README.md +++ b/README.md @@ -187,7 +187,7 @@ services: ## Security You can enable authentication for both the application REST APIs and the user interface using a server based -on OpenID Connect (OIDC). The same server realm and users are federated across the user interface and the +on OpenID Connect (OIDC). The same server and users are federated across the user interface and the REST APIs using Open ID Connect so that you only require one set of credentials. In order no enable this integration, you will need to set the following environment variables. @@ -196,10 +196,9 @@ In order no enable this integration, you will need to set the following environm |Option|Env. variable| |---|---| -|`AUTH_ENABLED`|Set to `true` to enable (default is `false`)| -|`KEYCLOAK_URL`|OIDC Server URL| -|`KEYCLOAK_REALM`|OIDC Security realm| -|`KEYCLOAK_API_CLIENT_ID`|The client for the API| +|`QUARKUS_OIDC_TENANT_ENABLED`|Set to `true` to enable (default is `false`)| +|`QUARKUS_OIDC_AUTH_SERVER_URL`|OIDC Server URL| +|`QUARKUS_OIDC_CLIENT_ID`|The client for the API| ### User Interface Environment Variables @@ -210,8 +209,7 @@ In order no enable this integration, you will need to set the following environm |`APICURIO_AUTH_REDIRECT_URL`|OIDC redirect URL| |`APICURIO_AUTH_CLIENT_ID`|The client for the UI| -Note that you will need to have everything configured in your OIDC provider, before starting the application -(the realm and the two clients). +Note that you will need to have everything configured in your OIDC provider, before starting the application. Please note that Registry supports a wide range of authentication and authorization options. These options are too extensive to document in this README. Consider the above to be just a starting point. diff --git a/docs/modules/ROOT/partials/getting-started/proc-configuring-kafka-oauth.adoc b/docs/modules/ROOT/partials/getting-started/proc-configuring-kafka-oauth.adoc index 6054a6d7c4..2c493b81e7 100644 --- a/docs/modules/ROOT/partials/getting-started/proc-configuring-kafka-oauth.adoc +++ b/docs/modules/ROOT/partials/getting-started/proc-configuring-kafka-oauth.adoc @@ -25,16 +25,16 @@ When you set these environment variables, the Kafka producer and consumer applic |Environment variable |Description |Default value -| `ENABLE_KAFKA_SASL` +| `APICURIO_KAFKASQL_SECURITY_SASL_ENABLED` | Enables SASL OAuth authentication for {registry} storage in Kafka. You must set this variable to `true` for the other variables to have effect. | `false` -| `CLIENT_ID` +| `APICURIO_KAFKASQL_SECURITY_SASL_CLIENT_IDapicurio.kafkasql.security.sasl.client-id` | The client ID used to authenticate to Kafka. | `-` -| `CLIENT_SECRET` +| `APICURIO_KAFKASQL_SECURITY_SASL_CLIENT_SECRET` | The client secret used to authenticate to Kafka. | `-` -| `OAUTH_TOKEN_ENDPOINT_URI` +| `APICURIO_KAFKASQL_SECURITY_SASL_TOKEN_ENDPOINT` | The URL of the OAuth identity server. | `\http://localhost:8090` |=== diff --git a/docs/modules/ROOT/partials/getting-started/proc-configuring-registry-security-azure.adoc b/docs/modules/ROOT/partials/getting-started/proc-configuring-registry-security-azure.adoc index df04a13006..56f02854b2 100644 --- a/docs/modules/ROOT/partials/getting-started/proc-configuring-registry-security-azure.adoc +++ b/docs/modules/ROOT/partials/getting-started/proc-configuring-registry-security-azure.adoc @@ -45,13 +45,13 @@ IMPORTANT: You must register your {registry} application host as a *Redirect URI |Environment variable |Description |Setting -|`KEYCLOAK_API_CLIENT_ID` +|`QUARKUS_OIDC_CLIENT_ID` |The client application ID for the {registry} REST API |Your Azure AD Application (client) ID obtained in step 5. For example: `123456a7-b8c9-012d-e3f4-5fg67h8i901` |`APICURIO_OIDC_UI_CLIENT_ID` |The client application ID for the {registry} web console. |Your Azure AD Application (client) ID obtained in step 5. For example: `123456a7-b8c9-012d-e3f4-5fg67h8i901` -|`APICURIO_AUTH_URL_CONFIGURED` +|`QUARKUS_OIDC_AUTH_SERVER_URL` |The URL for authentication in Azure AD. |Your Azure AD Application (tenant) ID obtained in step 6. For example: `\https://login.microsoftonline.com/1a2bc34d-567e-89f1-g0hi-1j2kl3m4no56/v2.0`. |=== @@ -64,13 +64,13 @@ IMPORTANT: You must register your {registry} application host as a *Redirect URI |Environment variable |Description |Setting -|`APICURIO_AUTH_ENABLED` +|`QUARKUS_OIDC_TENANT_ENABLED` |Enables authentication for {registry}. |`true` |`APICURIO_UI_AUTH_TYPE` |The {registry} authentication type. |`oidc` -|`CORS_ALLOWED_ORIGINS` +|`QUARKUS_HTTP_CORS_ORIGINS` |The host for your {registry} deployment for cross-origin resource sharing (CORS). |For example: `\https://test-registry.com` |`APICURIO_OIDC_UI_REDIRECT_URL` diff --git a/docs/modules/ROOT/partials/getting-started/proc-configuring-registry-security-keycloak.adoc b/docs/modules/ROOT/partials/getting-started/proc-configuring-registry-security-keycloak.adoc index 35eeb2b010..22484143f6 100644 --- a/docs/modules/ROOT/partials/getting-started/proc-configuring-registry-security-keycloak.adoc +++ b/docs/modules/ROOT/partials/getting-started/proc-configuring-registry-security-keycloak.adoc @@ -69,23 +69,19 @@ You can use the defaults for the other client settings. |Description |Type |Default -|`AUTH_ENABLED` +|`QUARKUS_OIDC_TENANT_ENABLED` |Enables authentication for {registry}. When set to `true`, the environment variables that follow are required for authentication using {keycloak}. |String |`false` -|`KEYCLOAK_URL` +|`QUARKUS_OIDC_AUTH_SERVER_URL` |The URL of the {keycloak} authentication server. For example, `\http://localhost:8080`. |String |- -|`KEYCLOAK_REALM` -|The {keycloak} realm for authentication. For example, `registry.` -|String -|- -|`KEYCLOAK_API_CLIENT_ID` +|`QUARKUS_OIDC_CLIENT_ID` |The client ID for the {registry} REST API. |String |`registry-api` -|`KEYCLOAK_UI_CLIENT_ID` +|`APICURIO_UI_AUTH_OIDC_CLIENT_ID` |The client ID for the {registry} web console. |String |`apicurio-registry` diff --git a/docs/modules/ROOT/partials/getting-started/proc-registry-serdes-register.adoc b/docs/modules/ROOT/partials/getting-started/proc-registry-serdes-register.adoc index 6d880f60ea..6a9a1af3ed 100644 --- a/docs/modules/ROOT/partials/getting-started/proc-registry-serdes-register.adoc +++ b/docs/modules/ROOT/partials/getting-started/proc-registry-serdes-register.adoc @@ -90,26 +90,3 @@ endif::[] <3> Specify the {registry} artifact group ID. <4> You can upload multiple artifacts using the specified group ID, artifact ID, and location. -[discrete] -== Configuration using a producer client example - -[source,java,subs="+quotes,attributes"] ----- -String registryUrl_node1 = PropertiesUtil.property(clientProperties, "apicurio.url.node1", - "https://my-cluster-service-registry-myproject.example.com/apis/registry/v3"); <1> -try (RegistryService service = RegistryClient.create(registryUrl_node1)) { - String artifactId = ApplicationImpl.INPUT_TOPIC + "-value"; - try { - service.getArtifactMetaData(artifactId); <2> - } catch (WebApplicationException e) { - CompletionStage csa = service.createArtifact( - "AVRO", - artifactId, - new ByteArrayInputStream(LogInput.SCHEMA$.toString().getBytes()) - ); - csa.toCompletableFuture().get(); - } -} ----- -<1> You can register properties against more than one URL node. -<2> Check to see if the schema already exists based on the artifact ID. diff --git a/docs/modules/ROOT/partials/getting-started/ref-registry-security-configuration.adoc b/docs/modules/ROOT/partials/getting-started/ref-registry-security-configuration.adoc index 3fb33467c0..55e82848f0 100644 --- a/docs/modules/ROOT/partials/getting-started/ref-registry-security-configuration.adoc +++ b/docs/modules/ROOT/partials/getting-started/ref-registry-security-configuration.adoc @@ -12,7 +12,7 @@ * Role-based authorization for default admin, write, and read-only user roles. * Content-based authorization for schema or API artifacts, where only the owner of the artifacts or artifact group can update or delete artifacts. -IMPORTANT: All authentication and authorization options in {registry} are disabled by default. Before enabling any of these options, you must first set the `AUTH_ENABLED` option to `true`. +IMPORTANT: All authentication and authorization options in {registry} are disabled by default. Before enabling any of these options, you must first set the `QUARKUS_OIDC_TENANT_ENABLED` option to `true`. This chapter provides details on the following configuration options: @@ -36,11 +36,11 @@ You can set the following environment variables to configure authentication for |Description |Type |Default -|`AUTH_ENABLED` +|`QUARKUS_OIDC_TENANT_ENABLED` |Enables authentication for {registry}. When set to `true`, the environment variables that follow are required for authentication using {keycloak}. |String |`false` -|`KEYCLOAK_URL` +|`QUARKUS_OIDC_AUTH_SERVER_URL` |The URL of the {keycloak} authentication server. For example, `\http://localhost:8080`. |String |- @@ -48,11 +48,11 @@ You can set the following environment variables to configure authentication for |The {keycloak} realm for authentication. For example, `registry.` |String |- -|`KEYCLOAK_API_CLIENT_ID` +|`QUARKUS_OIDC_CLIENT_ID` |The client ID for the {registry} REST API. |String |`registry-api` -|`KEYCLOAK_UI_CLIENT_ID` +|`APICURIO_UI_AUTH_OIDC_CLIENT_ID` |The client ID for the {registry} web console. |String |`apicurio-registry` @@ -71,11 +71,11 @@ By default, {registry} supports authentication by using OpenID Connect. Users or |Java system property |Type |Default value -|`AUTH_ENABLED` +|`QUARKUS_OIDC_TENANT_ENABLED` |`registry.auth.enabled` |Boolean |`false` -|`CLIENT_CREDENTIALS_BASIC_AUTH_ENABLED` +|`CLIENT_CREDENTIALS_BASIC_QUARKUS_OIDC_TENANT_ENABLED` |`registry.auth.basic-auth-client-credentials.enabled` |Boolean |`false` @@ -115,7 +115,7 @@ You can set the following options to `true` to enable role-based authorization i |Java system property |Type |Default value -|`AUTH_ENABLED` +|`QUARKUS_OIDC_TENANT_ENABLED` |`registry.auth.enabled` |Boolean |`false` @@ -267,7 +267,7 @@ You can set the following options to `true` to enable owner-only authorization f |Type |Default value -|`AUTH_ENABLED` +|`QUARKUS_OIDC_TENANT_ENABLED` |`registry.auth.enabled` |Boolean |`false` @@ -302,7 +302,7 @@ To enable authenticated read access, you must first enable role-based authorizat |Java system property |Type |Default value -|`AUTH_ENABLED` +|`QUARKUS_OIDC_TENANT_ENABLED` |`registry.auth.enabled` |Boolean |`false` @@ -331,7 +331,7 @@ calls to the REST API, set the following options to `true`: |Java system property |Type |Default value -|`AUTH_ENABLED` +|`QUARKUS_OIDC_TENANT_ENABLED` |`registry.auth.enabled` |Boolean |`false` diff --git a/docs/modules/ROOT/partials/getting-started/ref-registry-serdes-config-props.adoc b/docs/modules/ROOT/partials/getting-started/ref-registry-serdes-config-props.adoc index a229b1a090..933bd74fad 100644 --- a/docs/modules/ROOT/partials/getting-started/ref-registry-serdes-config-props.adoc +++ b/docs/modules/ROOT/partials/getting-started/ref-registry-serdes-config-props.adoc @@ -59,27 +59,27 @@ The `DefaultSchemaResolver` provides the following properties to configure acces |`String` |None |`AUTH_TOKEN_ENDPOINT` -|`apicurio.auth.service.token.endpoint` +|`apicurio.registry.auth.service.token.endpoint` |Used by serializers and deserializers. URL of the token endpoint. |`String` |None |`AUTH_CLIENT_ID` -|`apicurio.auth.client.id` +|`apicurio.registry.auth.client.id` |Used by serializers and deserializers. Client ID to access the authentication service. Required when accessing a secure registry using the OAuth client credentials flow. |`String` |None |`AUTH_CLIENT_SECRET` -|`apicurio.auth.client.secret` +|`apicurio.registry.auth.client.secret` |Used by serializers and deserializers. Client secret to access the authentication service. Required when accessing a secure registry using the OAuth client credentials flow. |`String` |None |`AUTH_USERNAME` -|`apicurio.auth.username` +|`apicurio.registry.auth.username` |Used by serializers and deserializers. Username to access the registry. Required when accessing a secure registry using HTTP basic authentication. |`String` |None |`AUTH_PASSWORD` -|`apicurio.auth.password` +|`apicurio.registy.auth.password` |Used by serializers and deserializers. Password to access the registry. Required when accessing a secure registry using HTTP basic authentication. |`String` |None diff --git a/examples/docker-compose/src/main/resources/compose-base-mssql.yml b/examples/docker-compose/src/main/resources/compose-base-mssql.yml index 912bcda0b9..278ad70a2b 100644 --- a/examples/docker-compose/src/main/resources/compose-base-mssql.yml +++ b/examples/docker-compose/src/main/resources/compose-base-mssql.yml @@ -7,12 +7,14 @@ services: ACCEPT_EULA: Y MSSQL_SA_PASSWORD: "Your_password123" app: - image: apicurio/apicurio-registry-mssql:latest + image: apicurio/apicurio-registry:latest-release ports: - 8080:8080 environment: - REGISTRY_DATASOURCE_URL: 'jdbc:sqlserver://mssql;' - REGISTRY_DATASOURCE_USERNAME: sa - REGISTRY_DATASOURCE_PASSWORD: "Your_password123" + APICURIO_DATASOURCE_URL: 'jdbc:sqlserver://mssql;' + APICURIO_DATASOURCE_USERNAME: sa + APICURIO_DATASOURCE_PASSWORD: "Your_password123" + APICURIO_STORAGE_KIND: "sql" + APICURIO_STORAGE_SQL_KIND: "mssql" depends_on: - mssql \ No newline at end of file diff --git a/examples/docker-compose/src/main/resources/compose-base-sql.yml b/examples/docker-compose/src/main/resources/compose-base-sql.yml index cceff30687..f64afc04f1 100644 --- a/examples/docker-compose/src/main/resources/compose-base-sql.yml +++ b/examples/docker-compose/src/main/resources/compose-base-sql.yml @@ -7,12 +7,14 @@ services: POSTGRES_USER: apicurio-registry POSTGRES_PASSWORD: password app: - image: apicurio/apicurio-registry-sql:latest + image: apicurio/apicurio-registry:latest-release ports: - 8080:8080 environment: - REGISTRY_DATASOURCE_URL: 'jdbc:postgresql://postgres/apicurio-registry' - REGISTRY_DATASOURCE_USERNAME: apicurio-registry - REGISTRY_DATASOURCE_PASSWORD: password + APICURIO_DATASOURCE_URL: 'jdbc:postgresql://postgres/apicurio-registry' + APICURIO_DATASOURCE_USERNAME: apicurio-registry + APICURIO_DATASOURCE_PASSWORD: password + APICURIO_STORAGE_KIND: "sql" + APICURIO_STORAGE_SQL_KIND: "postgresql" depends_on: - postgres \ No newline at end of file diff --git a/examples/docker-compose/src/main/resources/docker-compose.apicurio.yml b/examples/docker-compose/src/main/resources/docker-compose.apicurio.yml index 7e522d4035..3732838bc4 100644 --- a/examples/docker-compose/src/main/resources/docker-compose.apicurio.yml +++ b/examples/docker-compose/src/main/resources/docker-compose.apicurio.yml @@ -30,25 +30,21 @@ services: POSTGRES_PASSWORD: password backend: - image: quay.io/apicurio/apicurio-registry@sha256:3cf8b1a8b67ef1efff872556f642751f432eec8d1b704d45adececeff86a3222 + image: quay.io/apicurio/apicurio-registry:latest-release environment: - REGISTRY_DATASOURCE_URL: 'jdbc:postgresql://database-apicurio:5432/apicurio-registry' - REGISTRY_DATASOURCE_USERNAME: apicurio-registry - REGISTRY_DATASOURCE_PASSWORD: password - REGISTRY_STORAGE_KIND: "sql" - REGISTRY_STORAGE_DB_KIND: "postgresql" - AUTH_ENABLED: "true" - KEYCLOAK_REALM: registry + APICURIO_DATASOURCE_URL: 'jdbc:postgresql://database-apicurio:5432/apicurio-registry' + APICURIO_DATASOURCE_USERNAME: apicurio-registry + APICURIO_DATASOURCE_PASSWORD: password + APICURIO_STORAGE_KIND: "sql" + APICURIO_STORAGE_SQL_KIND: "postgresql" + QUARKUS_OIDC_TENANT_ENABLED: "true" QUARKUS_HTTP_PORT: 8081 - KEYCLOAK_URL: "http://localhost:8080" LOG_LEVEL: "DEBUG" - REGISTRY_UI_CONFIG_AUTH_KEYCLOAK_URL: "http://localhost:8080" QUARKUS_OIDC_AUTH_SERVER_URL: "http://keycloak-server:8080/realms/registry" - TOKEN_ENDPOINT: "http://keycloak-server:8080/realms/registry/protocol/openid-connect/token" - KEYCLOAK_API_CLIENT_ID: registry-api - REGISTRY_UI_AUTH_OIDC_CLIENTID: apicurio-registry + QUARKUS_OIDC_CLIENT_ID: registry-api + APICURIO_UI_AUTH_OIDC_CLIENT_ID: apicurio-registry QUARKUS_OIDC_TLS_VERIFICATION: "none" - CORS_ALLOWED_ORIGINS: '*' + QUARKUS_HTTP_CORS_ORIGINS: '*' QUARKUS_PROFILE: "prod" ports: - 8081:8081 @@ -57,7 +53,7 @@ services: - keycloak-server ui: - image: quay.io/apicurio/apicurio-registry-ui@sha256:ec60369e36cafd68e7af6f87df397c54975bbb71530744810822cf4aab2159d9 + image: quay.io/apicurio/apicurio-registry-ui:latest-release environment: REGISTRY_API_URL: "http://localhost:8081/apis/registry/v3" ports: diff --git a/examples/event-driven-architecture/docker-compose.yml b/examples/event-driven-architecture/docker-compose.yml index 0147f3c45c..392037c11d 100644 --- a/examples/event-driven-architecture/docker-compose.yml +++ b/examples/event-driven-architecture/docker-compose.yml @@ -68,9 +68,9 @@ services: ports: - "8080:8080" environment: - REGISTRY_DATASOURCE_URL: "jdbc:postgresql://apicurio-db/apicuriodb" - REGISTRY_DATASOURCE_USERNAME: "postgres" - REGISTRY_DATASOURCE_PASSWORD: "postgres" + APICURIO_DATASOURCE_URL: "jdbc:postgresql://apicurio-db/apicuriodb" + APICURIO_DATASOURCE_USERNAME: "postgres" + APICURIO_DATASOURCE_PASSWORD: "postgres" SCHEMA_REGISTRY_HOST_NAME: schema-registry SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL: divolte-kafka:2181 diff --git a/examples/openshift-template/apicurio-registry-template-sql.yml b/examples/openshift-template/apicurio-registry-template-sql.yml index 92c7b7d3c0..c60d993b53 100644 --- a/examples/openshift-template/apicurio-registry-template-sql.yml +++ b/examples/openshift-template/apicurio-registry-template-sql.yml @@ -82,12 +82,12 @@ objects: env: - name: QUARKUS_PROFILE value: prod - - name: REGISTRY_DATASOURCE_URL - value: ${REGISTRY_DATASOURCE_URL} - - name: REGISTRY_DATASOURCE_USERNAME - value: ${REGISTRY_DATASOURCE_USERNAME} - - name: REGISTRY_DATASOURCE_PASSWORD - value: ${REGISTRY_DATASOURCE_PASSWORD} + - name: APICURIO_DATASOURCE_URL + value: ${APICURIO_DATASOURCE_URL} + - name: APICURIO_DATASOURCE_USERNAME + value: ${APICURIO_DATASOURCE_USERNAME} + - name: APICURIO_DATASOURCE_PASSWORD + value: ${APICURIO_DATASOURCE_PASSWORD} resources: limits: cpu: ${REGISTRY_CPU_LIMIT} @@ -176,15 +176,15 @@ parameters: description: Registry Pods CPU Requests value: 100m required: true -- name: REGISTRY_DATASOURCE_URL +- name: APICURIO_DATASOURCE_URL displayName: Datasource URL description: Postgresql Datasource URL required: true -- name: REGISTRY_DATASOURCE_USERNAME +- name: APICURIO_DATASOURCE_USERNAME displayName: Datasource Username description: Datasource Username required: false -- name: REGISTRY_DATASOURCE_PASSWORD +- name: APICURIO_DATASOURCE_PASSWORD displayName: Datasource Password description: Datasource Password required: false diff --git a/schema-resolver/src/main/java/io/apicurio/registry/resolver/config/SchemaResolverConfig.java b/schema-resolver/src/main/java/io/apicurio/registry/resolver/config/SchemaResolverConfig.java index 37aad1eabd..f42916419b 100644 --- a/schema-resolver/src/main/java/io/apicurio/registry/resolver/config/SchemaResolverConfig.java +++ b/schema-resolver/src/main/java/io/apicurio/registry/resolver/config/SchemaResolverConfig.java @@ -115,32 +115,32 @@ public SchemaResolverConfig(Map originals) { /** * The URL of the Token Endpoint. */ - public static final String AUTH_TOKEN_ENDPOINT = "apicurio.auth.service.token.endpoint"; + public static final String AUTH_TOKEN_ENDPOINT = "apicurio.registry.auth.service.token.endpoint"; /** * The Client Id of the Auth Service. */ - public static final String AUTH_CLIENT_ID = "apicurio.auth.client.id"; + public static final String AUTH_CLIENT_ID = "apicurio.registry.auth.client.id"; /** * The Secret of the Auth Service. */ - public static final String AUTH_CLIENT_SECRET = "apicurio.auth.client.secret"; + public static final String AUTH_CLIENT_SECRET = "apicurio.registry.auth.client.secret"; /** * The Scope of the Auth Service. */ - public static final String AUTH_CLIENT_SCOPE = "apicurio.auth.client.scope"; + public static final String AUTH_CLIENT_SCOPE = "apicurio.registry.auth.client.scope"; /** * The Username of the Auth Service. */ - public static final String AUTH_USERNAME = "apicurio.auth.username"; + public static final String AUTH_USERNAME = "apicurio.registry.auth.username"; /** * The Password of the Auth Service. */ - public static final String AUTH_PASSWORD = "apicurio.auth.password"; + public static final String AUTH_PASSWORD = "apicurio.registry.auth.password"; /** * Indicates how long to cache artifacts before auto-eviction. If not included, the artifact will be diff --git a/schema-resolver/src/test/java/io/apicurio/registry/resolver/config/ConfigurationTest.java b/schema-resolver/src/test/java/io/apicurio/registry/resolver/config/ConfigurationTest.java index 2c35865859..0f22ae7c76 100644 --- a/schema-resolver/src/test/java/io/apicurio/registry/resolver/config/ConfigurationTest.java +++ b/schema-resolver/src/test/java/io/apicurio/registry/resolver/config/ConfigurationTest.java @@ -46,19 +46,19 @@ void testDefaultConfiguration() { } assertEquals(null, config.getAuthClientId()); - assertEquals(null, config.getObject("apicurio.auth.client.id")); + assertEquals(null, config.getObject("apicurio.registry.auth.client.id")); assertEquals(null, config.getAuthClientSecret()); - assertEquals(null, config.getObject("apicurio.auth.client.secret")); + assertEquals(null, config.getObject("apicurio.registry.auth.client.secret")); assertEquals(null, config.getAuthClientScope()); - assertEquals(null, config.getObject("apicurio.auth.client.scope")); + assertEquals(null, config.getObject("apicurio.registry.auth.client.scope")); assertEquals(null, config.getAuthPassword()); - assertEquals(null, config.getObject("apicurio.auth.password")); + assertEquals(null, config.getObject("apicurio.registry.auth.password")); assertEquals(null, config.getAuthUsername()); - assertEquals(null, config.getObject("apicurio.auth.username")); + assertEquals(null, config.getObject("apicurio.registry.auth.username")); assertEquals(null, config.getExplicitArtifactGroupId()); assertEquals(null, config.getObject("apicurio.registry.artifact.group-id")); @@ -73,8 +73,8 @@ void testDefaultConfiguration() { assertEquals(null, config.getObject("apicurio.registry.url")); assertEquals(null, config.getTokenEndpoint()); - assertEquals(null, config.getObject("apicurio.auth.service.token.endpoint")); - originals.put("apicurio.auth.service.token.endpoint", "foo"); + assertEquals(null, config.getObject("apicurio.registry.auth.service.token.endpoint")); + originals.put("apicurio.registry.auth.service.token.endpoint", "foo"); config = new SchemaResolverConfig(originals); assertEquals("foo", config.getTokenEndpoint());