Turbinia API Server

Summary

Turbinia’s API server provides a RESTful interface to Turbinia’s functionality. It allows users to create and manage logical jobs, which are used to schedule forensic processing tasks. The API server also provides a way for users to monitor the status of their jobs and view the results of their processing tasks.

Getting started

The following sections describe how to get the Turbinia API server up and running. Please note that The API server is only compatible with Turbinia deployments that use Redis as a datastore and Celery workers. If your deployment uses the old GCP PubSub and/or GCP PSQ workers you will not be able to use the API server. It is recommended to redeploy Turbinia and use Redis and Celery.

Installation

To use the Turbinia API server you will need to deploy Turbinia in your environment with a configuration that uses Redis and Celery.

Please follow the instructions for deploying Turbinia to Kubernetes or Docker.

Note that the Turbinia API server requires access to the Turbinia output directory (OUTPUT_DIR)

Configuration and UI

If you plan on making the Turbinia API Server and Web UI externally accessible (e.g. internet access), follow the instructions for external access and authentication

Usage

You may access the API server at http://<API_SERVER_ADDRESS>:<API_SERVER_PORT>, or via https if you deployed Turbinia for external access using a domain and HTTPS certificate.

Because the Turbinia API Server is built using the FastAPI framework, it provides an interactive Swagger UI with a browser-based API client that is accessible at http://<API_SERVER_ADDRESS>:<API_SERVER_PORT>/docs

We also provide a command-line tool and a Python library to interact with the API server.

Authentication

Turbinia API Server uses OAuth2-proxy to provide OpenID Connect and OAuth2 authentication support. If you deployed Turbinia using GCP and GKE cluster instructions, follow the guide for external access and authentication to complete the authentication configuration.

For Turbinia deployments using the Docker Installation method, or a non-Google identity provider, make sure to edit the oauth2_proxy.cfg configuration file in docker/oauth2_proxy with the appropriate identity provider information such as client_id and client_secret prior to deploying the Docker containers in the local stack. If your deployment will use an identity provider other than Google, you will also need to change the provider and related settings. For more information and how to configure OAuth2-proxy for different providers, refer to the OAuth2-Proxy Documentation.