Heartbeats fail with basic auth enabled

[mikebin]

Describe the bug Internal heartbeats (/heartbeat) between ksqlDB servers fail when basic authentication is enabled.

To Reproduce Version: 0.21.0

ksqldb-basic-auth-example.zip

Start attached test environment with:

docker-compose -f docker-compose-basicauth.yml up -d

Create a stream from the CLI so that heartbeating will start:

 docker-compose -f docker-compose-basicauth.yml exec ksqldb-cli ksql -u ksql -p ksql http://ksqldb-server1:8088 -e 'crea
te stream s as select * from ksql_processing_log'

Observe the ksqlDB server log:

docker-compose -f docker-compose-basicauth.yml logs -f ksqldb-server1

Expected behavior Successful heartbeats between servers

Actual behaviour Continuous authorization failures on heartbeat requests on both servers:

ksqldb-server1     | [2021-10-13 23:04:10,957] WARN 172.20.0.5 - - [Wed, 13 Oct 2021 23:04:10 GMT] "POST /heartbeat HTTP/1.1" 401
69 "-" "-" 0 (io.confluent.ksql.api.server.LoggingHandler:111)
ksqldb-server1     | [2021-10-13 23:04:11,058] ERROR Failed to handle request 401 /heartbeat (io.confluent.ksql.api.server.Failure
Handler:38)
ksqldb-server1     | io.confluent.ksql.api.server.KsqlApiException: Unauthorized

Repeating the above steps with KSQL_KSQL_HEARTBEAT_ENABLE: 'false' results in no exceptions.

Additional context Problem occurs with or without a separate ksql.internal.listener.

[sjabber]

Are there any other solutions currently? Is there any other way to turn off the heartbeat to prevent a lot of logging?

[BeatrizVelho]

Hello,

Is there any update on this?

[IvanVas]

+1 That's seems to be a blocker for prod deployments with auth and HA.