Difference with auth token and whitelist between v20.x and 21.x

Hi there,

Wonder if someone can help me get to the bottom of this. We use DGraph in our product and have just bumped up from version v20.11.0 to v21.03.0. We have a test that ensures the if the wrong auth token is sent, a schema update cannot be performed - this test has now started failing - ie the schema update seems to go through even if the token is wrong. We are using DGraph running in docker for testing.

The start up command we use in the docker compose is:
command: dgraph alpha --security token=${DGRAPH_AUTH_TOKEN} --security whitelist= --my=server:7080 --zero=zero:5080

(note this is just for testing purposes)

Whereas on v20.11.x, making a request to update the schema with the wrong auth token failed, that same request now passes.

What has changed between these versions to allow for this? Is it just that the whitelisting has taken a priority over auth tokens now?

Thanks for any help

I think since you are specifying --security twice, it is taking only one of those as the security flag. v21.03 implemented superflags of the form --security "token=${DGRAPH_AUTH_TOKEN}; whitelist=" Note it is one string value to one security flag, just with semicolon delimited sub-options. See if that solves your issue.

Awesome, that’s it! Thanks so much