turbinia icon indicating copy to clipboard operation
turbinia copied to clipboard

Published 20 hours ago verified publisher icon google

Turbinia API Server

Open jleaniz opened this issue 2 years ago • 4 comments

First implementation draft of Turbinia's API server. This is a work in progress. Please review but do not merge.

Fixes #1069

Important notes

Authentication

User authentication and authorization is partly out of scope for this pull request. Enforcing authentication for the API server can be done via a reverse proxy (e.g. oauth2-proxy). I have included a couple things that are required (based on my testing):

  • An API_AUTHENTICATION_ENABLED configuration variable that will toggle a Starlette/FastAPI middleware module that enforces OAuth2 authentication (AuthorizationCode flow -> Bearer token in the Authorization header).
  • There is an example of how to enable authentication in turbinia/api/api_server.py:73

The main reason to have this module is because the latest version of oauth2-proxy does not have support for allowing multiple OAuth2 audiences/Client IDs which is a requirement for authenticating both the web UI and clients using a library SDK.

We may consider adding a future feature to implement the OAuth2 authorization code flow direclty within the API server.

Web UI integration

The FastAPI application for the API server is configured to serve the Web UI's static content. Presently, the Web UI javascript client makes API calls to 'localhost' by default. This will need to be adjusted as it may change for each Turbinia deployment.

Unit tests

Unit tests have been written using the fakeredis library and FastAPI's test client.

jleaniz avatar Jun 08 '22 15:06 jleaniz

Looks good, couple of small comments inline. Also:

  • regarding (unit) tests and using Reddis. You can use fakeredis for that or go the route of the current e2e local tests that spins up a local redis instance.
    • https://github.com/google/turbinia/blob/master/turbinia/e2e/e2e-local.sh

hacktobeer avatar Jul 06 '22 08:07 hacktobeer

@hacktobeer I wrote unit tests using fakeredis and FastAPI's test client. Have a look and let me know if you can think of additional tests to add. Thanks!

jleaniz avatar Jul 08 '22 02:07 jleaniz

Update: I decided to prefix all the API endpoints with /api to make it easier to differentiate with other paths that may be served by the uvicorn http server (eg. static files for the web UI)

jleaniz avatar Jul 08 '22 02:07 jleaniz

Staging e2e test fails due to plaso changes to command line option --vss_stores (tracked in #1080)

jleaniz avatar Jul 26 '22 15:07 jleaniz

@aarontp PTAL at latest updates to address previous comments.

jleaniz avatar Aug 25 '22 16:08 jleaniz