How to configure reCAPTCHA in 3scale on-premises

Diagnostic steps.md

The error logs in the system-developer container on the system-app pod show the following error:

ActionView::Template::Error (No site key specified.):

Issue.md

• I am getting an Internal Server Error when trying to visit the /signup page in the developer portal after enabling Spam Protection in the developer portal settings
• THREESCALE-908

Resolution.md

There are two workarounds for the issue:

1. Disable Spam Protection on the developer portal

2. Patch the settings file using the steps described below. Note: you need to have the site key and the secret key for reCAPTCHA v2, and have the developer portal domain domain whitelisted if you want to use domain name validation.

1. Export the default settings.yml file:

oc rsh -c system-developer system-app-1-xyz cat /opt/system/config/settings.yml > settings.yml

(where system-app-1-xyz is the system-app pod)

2. Add the configuration for reCAPTCHA keys to the settings file:

cat >> settings.yml << EOF
     recaptcha_public_key: <%= ENV['RECAPTCHA_PUBLIC_KEY'] %>
     recaptcha_private_key: <%= ENV['RECAPTCHA_PRIVATE_KEY'] %>
EOF

3. Create a new ConfigMap for the patched settings file:

oc create configmap settings-yml --from-file=settings.yml

4. Mount the ConfigMap as a volume at the original path of settings.yml:

oc set volume dc/system-app --add --name=settings-yml --mount-path /opt/system/config/settings.yml --sub-path settings.yml --source='{"configMap":{"name":"settings-yml","items":[{"key":"settings.yml","path":"settings.yml"}]}}'

5. Update the environment variables in the system-app deployment configuration:

oc env dc/system-app RECAPTCHA_PUBLIC_KEY={YOUR_SITE_KEY} RECAPTCHA_PRIVATE_KEY={YOUR_SECRET_KEY}

After system-app is redeployed, the pages that use spam protection on the developer portal should show the reCAPTCHA "I'm not a robot" checkbox.

Root Cause.md

The spam protection feature uses Google reCAPTCHA service that needs to be configured with the correct site key and secret key. They cannot be configured easily in 3scale on-premises due to the bug reported in THREESCALE-1108.

Well I do not think your patch will work. Yo will need to update the dc/system-app volume system-config https://github.com/3scale/3scale-amp-openshift-templates/blob/master/amp/amp.yml#L1453-L1460

Work around to use it by patching the deployment config

Creating a configMap for settings.yml

Download the settings.yml file from any container in system-app pod

oc cp system-app:/opt/system/config/settings.yml settings.yml -c system-app-1-xyz

Patch the settings.yml locally

cat >> settings.yml <<EOF
  recaptcha_public_key: <%= ENV.fetch('RECAPTCHA_PUBLIC_KEY', 'YOUR_RECAPTCHA_PUBLIC_KEY') %>
  recaptcha_private_key: <%= ENV['RECAPTCHA_PRIVATE_KEY'] %>
EOF

Create a config map from the local patched file

oc create configmap settings.yml --from-file=settings.yml

oc patch dc/system-app -p '[{"op": "add", "path": "/spec/template/spec/volumes/1/configMap/items/-", "value": {"key": "settings.yml", "path": "settings.yml"}}]' --type=json

@hallelujah You are right, this would not work, because I missed an important step :)

Added it now as Step 4. (oc set volume)

This should be pretty much the same as your suggestion, no? Just that if you add it to the system-config, it will be then linked to the same path here https://github.com/3scale/system/blob/master/openshift/system/entrypoint.sh#L8

I've just tried the updated instructions and they work fine.

This seems to be outdated now original issue is fixed and one can specify these settings when creating the API Manager. Just for the record in case somebody uses this nice gist as an examle, on step 5 one should use oc set env --from=secret/mysecret ... instead of setting the secret values directly in the DC.