Accessing the REST API via curl

[Akshay Moghe]

My understanding is that the gerrit UI is also a client of the REST API that the gerrit server presents. If I'm wrong in my understanding, stop reading here and please correct me.

In my setup, I'm running gerrit behind a proxy server that does its own authentication (as an experiment). So I'm using

  auth.type = HTTP

  auth.httpHeader = X-Custom-User

... to propagate user information to gerrit. This works perfectly. I'm presented with a configuration page to setup my full name and SSH keys the first time I log in. Also, the first user is added to the Administrators group. I notice that the http password for any user created this way is not set. However the first user is able to create groups and projects via the UI. If the UI is a client of the REST APi, then how are those API requests going through? Initially I assumed that they were going through my proxy and the http header was being set, there was no further authentcation being performed. However I was proven wrong when I tried to take the same actions via the shell (using curl). I'm unable to do so since it always returns "Unauthorized" errors.

I believe I may have found an explanation in the docs about the auth.gitBasicAuth confg parameter: " ...This parameter affects git over HTTP traffic and access to the REST API. If set to false then Gerrit will authenticate through DIGEST authentication and the randomly generated HTTP password in the Gerrit database."

Can someone help me understand what is going on? What is the interaction between the UI and the API? And how can I mimic it from the command line?

[Sven Selberg]

The documentation is rather clear on how to access Gerrit’s REST API:

 

https://gerrit-review.googlesource.com/Documentation/rest-api.html#authentication

 

/Sven

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Luca Milanesio]

... BUT ... what the documentation does not say is how the GUI uses the REST API :-)

So, in a nutshell the GUI uses a X-Gerrit-Auth special header with an authentication code that identify a running session.

That's why the REST API from the GUI do not have to obey to the HTTP authentication, as you described in your case.

Having said that ... to obtain a X-Gerrit-Auth *you have* to go through Gerrit authentication first, using the one configured in gerrit.config.

Luca.

[Akshay Moghe]

Thanks for the explanation Luca! This is exactly the information I was looking for.

On Friday, October 7, 2016 at 12:01:29 AM UTC-7, lucamilanesio wrote:

... BUT ... what the documentation does not say is how the GUI uses the REST API :-)

So, in a nutshell the GUI uses a X-Gerrit-Auth special header with an authentication code that identify a running session.

That's why the REST API from the GUI do not have to obey to the HTTP authentication, as you described in your case.

Having said that ... to obtain a X-Gerrit-Auth *you have* to go through Gerrit authentication first, using the one configured in gerrit.config.

Luca.

On 7 Oct 2016, at 07:27, Sven Selberg <sven.s...@axis.com> wrote:

The documentation is rather clear on how to access Gerrit’s REST API:

 

https://gerrit-review.googlesource.com/Documentation/rest-api.html#authentication

 

/Sven

 

From: repo-d...@googlegroups.com [mailto:re...@googlegroups.com] On Behalf Of Akshay Moghe
Sent: den 7 oktober 2016 01:02
To: Repo and Gerrit Discussion <repo-d...@googlegroups.com>
Subject: Accessing the REST API via curl

 

My understanding is that the gerrit UI is also a client of the REST API that the gerrit server presents. If I'm wrong in my understanding, stop reading here and please correct me.

 

In my setup, I'm running gerrit behind a proxy server that does its own authentication (as an experiment). So I'm using

  auth.type = HTTP

  auth.httpHeader = X-Custom-User

 

... to propagate user information to gerrit. This works perfectly. I'm presented with a configuration page to setup my full name and SSH keys the first time I log in. Also, the first user is added to the Administrators group. I notice that the http password for any user created this way is not set. However the first user is able to create groups and projects via the UI. If the UI is a client of the REST APi, then how are those API requests going through? Initially I assumed that they were going through my proxy and the http header was being set, there was no further authentcation being performed. However I was proven wrong when I tried to take the same actions via the shell (using curl). I'm unable to do so since it always returns "Unauthorized" errors.

 

I believe I may have found an explanation in the docs about the auth.gitBasicAuth confg parameter: " ...This parameter affects git over HTTP traffic and access to the REST API. If set to false then Gerrit will authenticate through DIGEST authentication and the randomly generated HTTP password in the Gerrit database."

 

Can someone help me understand what is going on? What is the interaction between the UI and the API? And how can I mimic it from the command line?

-- 
-- 
To unsubscribe, email repo-discuss+unsub...@googlegroups.com

More info at http://groups.google.com/group/repo-discuss?hl=en

--- 
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
-- 
To unsubscribe, email repo-discuss+unsub...@googlegroups.com

[Sven Selberg]

Sorry, I misunderstood your question.

Sven Selberg

---- Akshay Moghe skrev ----