What is the correct configuration of OpenGrok REST API authentication?

Question

What is the correct configuration of OpenGrok REST API authentication?

741 Views Asked by JohnXF At 08 December 2021 at 16:50

According to the documentation, the REST API of OpenGrok is unauthenticated on localhost, but requires authentication from any other application.

In my K8S setup I want to run OpenGrok (the standard opengrok/docker:1.7 one) as a container, but to do the source update/checkout myself and also re-index after source updates. I have an opengrok container running and a src-update container. They share 3 volumes (/opengrok/src,/opengrok/etc,/opengrok/data).

The opengrok container is configured with a REST_TOKEN value and a SYNC_PERIOD_MINUTES value of 0 to disable the indexing. The src-update container runs and refreshes the codebases, and then runs the opengrok-indexer to re-index the data and notify (via the -U option) the opengrok container that the index has changed. When the opengrok-indexer runs it indexes OK, but fails with a HTTP 401 error when trying to PUT the updated configuration on the opengrok server:

2021-12-08 16:01:03.980+0000 SEVERE t1 Indexer.sendToConfigHost: Failed to send configuration to http://opengrok-service:8080 (is web application server running with opengrok deployed?)
java.io.IOException: InboundJaxrsResponse{context=ClientResponse{method=PUT, uri=http://opengrok-service:8080/api/v1/configuration?reindex=true, status=401, reason=Unauthorized}}
at org.opengrok.indexer.configuration.RuntimeEnvironment.writeConfiguration(RuntimeEnvironment.java:1462)
at org.opengrok.indexer.index.Indexer.sendToConfigHost(Indexer.java:1157)
at org.opengrok.indexer.index.Indexer.main(Indexer.java:383)

This is the command I am running on the source-updating container. The environment value OPENGROK_REST_TOKEN is the same value passed to the opengrok container as REST_TOKEN.

opengrok-indexer \
    -J=-Djava.util.logging.config.file=/opt/opengrok/repo-mgmt/config/opengrok-logging.properties \
    -a /opengrok/lib/opengrok.jar -- \
    --progress -c /usr/local/bin/ctags \
    -s /opengrok/src -d /opengrok/data -H -S -G \
    --token $OPENGROK_REST_TOKEN \
    -W /opengrok/etc/configuration.xml -U http://opengrok-service:8080

I looked at the /usr/local/tomcat/webapps/ROOT/WEB-INF/web.xml file on the opengrok container and I do not see any security configuration in there.

What am I doing wrong or missing in my configuration? What is the best way to provide the authentication required for the REST API from the source-update container?

Original Q&A

There are 1 best solutions below

**Marcelo Ávila de Oliveira** · Answer 1 · 2021-12-09T00:05:14.940000

Marcelo Ávila de Oliveira On 09 December 2021 at 00:05

You need to set the Token in the configuration.xml file (-W parameter), with the following:

<void property="authenticationTokens">
    <void method="add">
        <string>TOKEN</string>
    </void>
</void>

What is the correct configuration of OpenGrok REST API authentication?

There are 1 best solutions below

Related Questions in OPENGROK

Trending Questions

Popular # Hahtags

Popular Questions