HCD started by compose file does not enforce authentication username/password #2254
Description
Tested on latest main as of now, i.e. a7a4ff7 ;
local HCD +Data API started with ./start_hcd_podman.sh.
It seems that the HCD starting as part of the docker-compose-hcd.yaml does not enforce authentication despite the following cassandra-hcd.yaml setting:
# Authentication backend, implementing IAuthenticator; used to identify users
# Out of the box, Cassandra provides org.apache.cassandra.auth.{AllowAllAuthenticator,
# PasswordAuthenticator}.
#
# - AllowAllAuthenticator performs no checks - set it to disable authentication.
# - PasswordAuthenticator relies on username/password pairs to authenticate
# users. It keeps usernames and hashed passwords in system_auth.roles table.
# Please increase system_auth keyspace replication factor if you use this authenticator.
# If using PasswordAuthenticator, CassandraRoleManager must also be used (see below)
authenticator: PasswordAuthenticator
Yet, when launching ./start_dse_hcd.sh, one can log in with cqlsh providing no user/pwd, and create keyspaces, tables etc:
podman exec -it data-api_hcd-1_1 cqlsh -e "create KEYSPACE bbb WITH replication = {'class': 'SimpleStrategy', 'replication_factor': 1}; use bbb; create table mmm(ttt int primary key);"
Note: this may interplay with #2253 and is probably a crucial ingredient that makes the commands there succeed.
Edit. It is not ruled out that this is a byproduct of podman on Linux behavinf differently in some things -- here it may be that it does not mount the yaml at all (hence HCD starts with all defaults ?) Seeking independent confirmations (not from linux).