This is the multi-page printable view of this section. Click here to print.
Jikkou API Server is built with Micronaut Framework.
The default configuration file is located in the installation directory of you server under the
path /etc/application.yaml.
You can either modify this configuration file directly or create a new one.
Then, your configuration file path can be targeted through the MICRONAUT_CONFIG_FILES environment variable.
A YAML Configuration file example can be found here: application.yaml
By default, the server runs on port 28082. However, you can set the server to run on a specific port:
# ./etc/application.yaml
micronaut:
server:
port: 80 # Port used to access APIs
endpoints:
all:
port: 80 # Port used to access Health endpoints
By default, the server is configured to run only with the core and kafka extension providers.
However, you can enable (or disable) additional providers:
jikkou:
extensions.provider:
# By default, disable all extension providers.
default.enabled: false
# Explicitly enabled/disable an extension provider
#<provider_name>.enabled: <boolean>
core.enabled: true
kafka.enabled: true
# schemaregistry.enabled: true
# aiven.enabled: true
# kafkaconnect.enabled: true
To enable secure access to the API Server:
Update the configuration file (i.e., application.yaml) of the server with:
micronaut:
security:
enabled: true
As an alternative, you can set the following environment variable MICRONAUT_SECUTIRY_ENABLED=true.
When accessing a secured path, the server will return the following response if access is not authorized:
{
"message": "Unauthorized",
"errors": [
{
"status": 401,
"error_code": "authentication_user_unauthorized",
"message": "Unauthorized"
}
]
}
Jikkou API Server can be secured using a Basic HTTP Authentication Scheme.
RFC7617 defines the “Basic” Hypertext Transfer Protocol (HTTP) authentication scheme, which transmits credentials as user-id/password pairs, encoded using Base64.
Basic Authentication should be used over a secured connection using HTTPS.
Add the following configuration to your server configuration.
# ./etc/application.yaml
micronaut:
security:
enabled: true
The list of username/password authorized to connect to the API server can be configured as follows:
# ./etc/application.yaml
jikkou:
security:
basic-auth:
- username: "admin"
password: "{noop}password"
For production environment, password must not be configured in plaintext. Password can be passed encoded
in bcrypt, scrypt, argon2, and sha256.
echo -n password | sha256sum
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
# ./etc/application.yaml
jikkou:
security:
basic-auth:
- username: "admin"
password: "{sha256}5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
Encode credentials
echo -n "admin:password" | base64
YWRtaW46cGFzc3dvcmQ=
Send request
curl -IX GET http://localhost:28082/apis/kafka.jikkou.io/v1beta2/kafkabrokers \
-H "Accept: application/json" \
-H "Authorization: Basic YWRtaW46cGFzc3dvcmQ"
HTTP/1.1 200 OK
Content-Type: application/hal+json
content-length: 576
Jikkou API Server can be secured using JWT (JSON Web Token) Authentication.
Add the following configuration to your server configuration.
# ./etc/application.yaml
micronaut:
security:
enabled: true
authentication: bearer <1>
token:
enabled: true
jwt:
signatures:
secret:
generator:
secret: ${JWT_GENERATOR_SIGNATURE_SECRET:pleaseChangeThisSecretForANewOne} <2>
Generate a valid JSON Web Token on https://jwt.io/ using your secret.
Example with pleaseChangeThisSecretForANewOne as signature secret.
TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.6cD3MnZmX2xyEAWyh-GgGD11TX8SmvmHVLknuAIJ8yE
$ curl -I -X GET http://localhost:28082/apis/kafka.jikkou.io/v1beta2/kafkabrokers \
-H "Accept: application/json" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.6cD3MnZmX2xyEAWyh-GgGD11TX8SmvmHVLknuAIJ8yE"
HTTP/1.1 200 OK
Content-Type: application/hal+json
content-length: 576
To enable proxy mode so that the CLI communicates directly with your API Server, add the following parameters to your configuration:
jikkou {
# Proxy Configuration
proxy {
# Specify whether proxy mode is enabled (default: false).
enabled = true
# URL of the API Server
url = "http://localhost:28082"
# Specifcy whether HTTP request debugging should be enabled (default: false)
debugging = false
# The connect timeout in millisecond (if not configured used ` default-timeout` ).
connect-timeout = 10000
# The read timeout in millisecond (if not configured used ` default-timeout` ).
read-timeout = 10000
# The write timeout in millisecond (if not configured used ` default-timeout` ).
write-timeout = 10000
# The default timeout (i.e., for read/connect) in millisecond (default: 10000)
default-timeout = 10000
# Security settings to authenticate to the API Server.
security = {
# For Token based Authentication.
# access-token = ""
# For Username/Password Basic-Authentication.
# basic-auth = {
# username = ""
# password = ""
# }
}
}
}
When enabling Proxy Mode, Jikkou CLI provides the additional command server-info. You can use it to verify the
connectivity with teh server.
$ jikkou server-info -o JSON | jq
{
"version": "0.31.0",
"build_time": "2023-11-15T10:35:22+0100",
"commit_id": "f3384d38e606fb32599c175895d0cbef28258540"
}