Skip to content

Commit

Permalink
docs(gh-page): add section for Jikkou Api Server
Browse files Browse the repository at this point in the history
  • Loading branch information
@fhussonnois
fhussonnois committed Nov 15, 2023
1 parent 1f27d34 commit fcdbcfb
Show file tree
Hide file tree
Showing 9 changed files with 430 additions and 1 deletion.
2 changes: 1 addition & 1 deletion docs/content/en/docs/Concepts/_index.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: "Concepts"
linkTitle: "Concepts"
weight: 4
weight: 5
description: >
Learn the differents concepts used within Jikkou
---
Expand Down
50 changes: 50 additions & 0 deletions docs/content/en/docs/Jikkou Api Server/Configuration/Authentication/_index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
---
title: "Authentication"
linkTitle: "Authentication"
weight: 3
description: >
Learn how to secure access to Jikkou API server.
---

## Enable Security

To enable secure access to the API Server:

### Configuration File

Update the configuration file (i.e., `application.yaml`) of the server with:

```yaml
micronaut:
security:
enabled: true
```
### Environment Variable
As an alternative, you can set the following environment variable `MICRONAUT_SECUTIRY_ENABLED=true`.


{{% alert title="Note" color="info" %}}
For more information about how Micronaut binds environment variables and configuration property: https://docs.micronaut.io/latest/guide/index.html#_property_value_binding).
{{% /alert %}}

## Unauthorized Access

When accessing a secured path, the server will return the following response if access is not authorized:

```json
{
"message": "Unauthorized",
"errors": [
{
"status": 401,
"error_code": "authentication_user_unauthorized",
"message": "Unauthorized"
}
]
}
```


78 changes: 78 additions & 0 deletions docs/content/en/docs/Jikkou Api Server/Configuration/Authentication/basic_auth.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
---
title: "Basic Auth"
linkTitle: "Basic Auth"
weight: 3
description: >
Learn how to secure Jikkou API Server using Basic HTTP Authentication Scheme.
---

Jikkou API Server can be secured using a **Basic HTTP Authentication Scheme**.

[RFC7617](https://datatracker.ietf.org/doc/html/rfc7617) defines the "Basic" Hypertext Transfer Protocol (HTTP)
authentication scheme, which transmits credentials as user-id/password pairs, encoded using Base64.

Basic Authentication should be used over a secured connection using HTTPS.

## Configure Basic HTTP Authentication

### Step1: Enable security

Add the following configuration to your server configuration.

```yaml
# ./etc/application.yaml
micronaut:
security:
enabled: true
```
### Step2: Configure the list of users
The list of `username/password` authorized to connect to the API server can be configured as follows:

```yaml
# ./etc/application.yaml
jikkou:
security:
basic-auth:
- username: "admin"
password: "{noop}password"
```

For production environment, *password* must not be configured in plaintext. *Password* can be passed encoded
in `bcrypt`, `scrypt`, `argon2`, and `sha256`.

#### Example

```bash
echo -n password | sha256sum
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
```

```yaml
# ./etc/application.yaml
jikkou:
security:
basic-auth:
- username: "admin"
password: "{sha256}5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
```

### Step3: Validate authentication

**Encode credentials**
```bash
echo -n "admin:password" | base64
YWRtaW46cGFzc3dvcmQ=
```
**Send
request**
```bash
curl -IX GET http://localhost:28082/apis/kafka.jikkou.io/v1beta2/kafkabrokers \
-H "Accept: application/json" \
-H "Authorization: Basic YWRtaW46cGFzc3dvcmQ"
HTTP/1.1 200 OK
Content-Type: application/hal+json
content-length: 576
```
55 changes: 55 additions & 0 deletions docs/content/en/docs/Jikkou Api Server/Configuration/Authentication/jwt.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
---
title: "JWT"
linkTitle: "JWT"
weight: 3
description: >
Learn how to secure Jikkou API Server using JWT (JSON Web Token) Authentication.
---

Jikkou API Server can be secured using **JWT (JSON Web Token) Authentication**.

## Configure JWT

### Step1: Set JWT signature secret

Add the following configuration to your server configuration.

```yaml
# ./etc/application.yaml
micronaut:
security:
enabled: true
authentication: bearer <1>
token:
enabled: true
jwt:
signatures:
secret:
generator:
secret: ${JWT_GENERATOR_SIGNATURE_SECRET:pleaseChangeThisSecretForANewOne} <2>
```
* **<1>** Set authentication to bearer to receive a JSON response from the login endpoint.
* **<2>** Change this to your own secret and keep it safe (do not store this in your VCS).
### Step2: Generate a Token
Generate a valid JSON Web Token on `https://jwt.io/` using your secret.

Example with `pleaseChangeThisSecretForANewOne` as signature secret.

```bash
TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.6cD3MnZmX2xyEAWyh-GgGD11TX8SmvmHVLknuAIJ8yE
```

### Step3: Validate authentication

```bash
$ curl -I -X GET http://localhost:28082/apis/kafka.jikkou.io/v1beta2/kafkabrokers \
-H "Accept: application/json" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.6cD3MnZmX2xyEAWyh-GgGD11TX8SmvmHVLknuAIJ8yE"
HTTP/1.1 200 OK
Content-Type: application/hal+json
content-length: 576
```
22 changes: 22 additions & 0 deletions docs/content/en/docs/Jikkou Api Server/Configuration/_index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
title: "Configurations"
linkTitle: "Configurations"
weight: 2
description: >
Learn how to configure Jikkou API Server.
---

Jikkou API Server is built with [Micronaut Framework](https://micronaut.io/).

The default configuration file is located in the installation directory of you server under the
path `/etc/application.yaml`.

You can either modify this configuration file directly or create a new one.
Then, your configuration file path can be targeted through the `MICRONAUT_CONFIG_FILES` environment variable.

A YAML Configuration file example can be found
here: [application.yaml](https://github.com/streamthoughts/jikkou/blob/main/jikkou-rest-api/jikkou-api-server/src/main/resources/application.yaml)

{{% alert title="Note" color="info" %}}
For more information about how to configure the application, we recommend you to read the official Micronaut documentation (see: [Application Configuration](https://docs.micronaut.io/latest/guide/#config)).
{{% /alert %}}
62 changes: 62 additions & 0 deletions docs/content/en/docs/Jikkou Api Server/Configuration/cli_proxy_mode.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
---
title: "CLI Proxy Mode"
linkTitle: "CLI Proxy Mode"
weight: 4
description: >
Learn how to configure Jikkou CLI in proxy mode.
---

## Configuration

### Step 1: Enable Proxy Mode

To enable proxy mode so that the CLI communicates directly with your API Server, add the following parameters to your
configuration:

```hocon
jikkou {
# Proxy Configuration
proxy {
# Specify whether proxy mode is enabled (default: false).
enabled = true
# URL of the API Server
url = "http://localhost:28082"
# Specifcy whether HTTP request debugging should be enabled (default: false)
debugging = false
# The connect timeout in millisecond (if not configured used ` default-timeout` ).
connect-timeout = 10000
# The read timeout in millisecond (if not configured used ` default-timeout` ).
read-timeout = 10000
# The write timeout in millisecond (if not configured used ` default-timeout` ).
write-timeout = 10000
# The default timeout (i.e., for read/connect) in millisecond (default: 10000)
default-timeout = 10000
# Security settings to authenticate to the API Server.
security = {
# For Token based Authentication.
# access-token = ""
# For Username/Password Basic-Authentication.
# basic-auth = {
# username = ""
# password = ""
# }
}
}
}
```

### Step 2: Check connection

When enabling Proxy Mode, Jikkou CLI provides the additional command `server-info`. You can use it to verify the
connectivity with teh server.

```bash
$ jikkou server-info -o JSON | jq

{
"version": "0.31.0",
"build_time": "2023-11-15T10:35:22+0100",
"commit_id": "f3384d38e606fb32599c175895d0cbef28258540"
}
```

43 changes: 43 additions & 0 deletions docs/content/en/docs/Jikkou Api Server/Configuration/server_configuration.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
---
title: "API Server"
linkTitle: "API Server"
weight: 1
description: >
Learn how to configure the Jikkou API server.
---


## Running Server on a Specific Port

By default, the server runs on port `28082`. However, you can set the server to run on a specific port:

```yaml
# ./etc/application.yaml
micronaut:
server:
port: 80 # Port used to access APIs

endpoints:
all:
port: 80 # Port used to access Health endpoints
```
## Enabling Specific Extension Providers
By default, the server is configured to run only with the `core` and `kafka` extension providers.
However, you can enable (or disable) additional providers:

```yaml
jikkou:
extensions.provider:
# By default, disable all extension providers.
default.enabled: false
# Explicitly enabled/disable an extension provider
#<provider_name>.enabled: <boolean>
core.enabled: true
kafka.enabled: true
# schemaregistry.enabled: true
# aiven.enabled: true
# kafkaconnect.enabled: true
```
Loading

0 comments on commit fcdbcfb

Please sign in to comment.