Kong load balance where upstream has different root paths? - load-balancing

I'm using Kong OSS (not container or k8s deployed) trying to load balance a backend two backend services for testing. My challenge is one requires authentication and different backend path port, whereas the other does not.
Frontend 1 - Kong API Gateway frontend
Host: localhost
Port: 8000
Authentication: none
Root Path: /
Example Request: POST http://localhost:8000/ {JSON Data}
I'm expecting this front-end to have following backend
Backend A - local API service for testing
Host: localhost
Port: 80
Authentication: none
Root Path: /
Example Request: POST http://localhost:80/ {JSON Data}
Backend B - hosted SaaS API service
Host: s1.example.com
Port: 443
Authentication: API Key
Root Path: /v7/guid/
Example Request: POST https://s1.example.com/v7/guid/ {JSON Data}
Following the documentation, it seems I need to create 1 service to 2 upstream/targets, but not sure how to handle different upstream root paths?
Can the upstream config dynamically change the backend path based on selected upstream/target? Or maybe instead create a single route that load-balances between two services?
I'm trying to create 1 route with 1 service that has 2 upstream targets with different root paths and request-transformers for specific upstream targets

You can create two services, each service with one route. Both routes uses the same path,
Service 1: http://httpbin.org
curl --location --request POST 'http://localhost:8001/services/' \
--form 'name="httpbin"' \
--form 'url="http://httpbin.org"'
Route 1: /path
curl --location --request POST 'http://localhost:8001/services/httpbin/routes/' \
--form 'paths[]="/testPath"' \
--form 'name="httpbinget"' \
--form 'hosts[]="httpbin.org"'
Service 2: http://mockbin.org
curl --location --request POST 'http://localhost:8001/services/' \
--form 'name="mockbin-secure"' \
--form 'url="https://mockbin.org"'
Route 2: /testpath
curl --location --request POST 'http://localhost:8001/services/mockbin-secure/routes/' \
--form 'paths[]="/testPath"' \
--form 'name="mockbin-get"' \
--form 'hosts[]="mockbin.org"'
Test the API Gateway proxy /testPath
curl --location --request GET 'http://localhost:8000/testPath/' \
--header 'Accept: application/vnd.yang.data+json' \
--header 'Host: httpbin.org'
curl --location --request GET 'http://localhost:8000/testPath/' \
--header 'Accept: application/vnd.yang.data+json' \
--header 'Host: mockbin.org'
The 2nd request is expected to fail if it requires authentication, the last step will be to enable authentication plugin on this particular service
curl -X POST http://localhost:8001/services/mockbin-secure/plugins \
--data "name=key-auth" \
--data "config.key_names=apikey" \
--data "config.key_in_body=false" \
--data "config.key_in_header=true" \
--data "config.key_in_query=true" \
--data "config.hide_credentials=false" \
--data "config.run_on_preflight=true"
the apikey needs to be provided when testing the proxy
curl --location --request GET 'http://localhost:8000/testPath/' \
--header 'Accept: application/vnd.yang.data+json' \
--header 'Host: httpbin.org' \
--header 'api-key: somekey'
I don't have a secure service to test with now, I hope that might help.

Related

Auth0: Unauthorized - 401 error, when I connect to a guarded endpoint with a deployed API

I have created a GraphQL API with NestJS. Some endpoints are guarded by an access token. I use Auth0 to authenticate the user and get the access token.
I get the access token by running this command:
curl --request POST \
--url 'https://dev-9fo2g1ve.us.auth0.com/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=password \
--data username=test2#test.com \
--data password=123456789Test \
--data audience=MY_AUDIENCE \
--data scope=read:sample \
--data 'client_id=MY_CLIENT_ID' \
--data client_secret=MY_CLIENT_SECRET-
When I pass the bearer token's access_token value in the HTTP header, and call a guarded endpoint, it works fine when the API is running on localhost. However, when I deploy the API, it returns an Unauthorized 401 error.
Thanks for your help!

Rundeck API with LDAP Auth - 401 Authorization Required

I am attempting to connect to the Rundeck API using CURL but I am getting a 401 Unauthorized error:
curl --insecure --location --request GET 'https://rundeck.example.com' --header 'Accept: application/json' --header 'X-Rundeck-Auth-Token: xyz'
401 Authorization Required
Authorization Required This server could not verify that
you are authorized to access the document requested. Either you
supplied the wrong credentials (e.g., bad password), or your browser
doesn't understand how to supply the credentials required.
Apache/2.2.15 (Oracle) Server at rundeck.example.com Port
80
If I try it using my username, it works.
curl --insecure --location -u 123456789 -p password --request GET 'https://rundeck.example.com' --header 'Accept: application/json' --header 'X-Rundeck-Auth-Token: xyz'
I created the auth token on Rundeck using my personal user that has admin privileges.
Please note that I have set up LDAP at web server level (httpd.conf) and control user access from there.
To access API you need to specify some action (for example: run a job, get metrics, etc.)
For example, get the instance metrics:
curl --location --request GET "http://yourhost:4440/api/34/metrics/metrics" --header "Accept: application/json" --header "X-Rundeck-Auth-Token: C8nVU5AhdzpQ8ucBeMG1ITFvSfaKCw6u"
Here you have a lot of examples.

Php script for google firewall API

I am trying to do a simple script to change firewall rules on my VM hosting. I used the google API explorer, and the script generated is as follows
curl --request PUT \ 'https://www.googleapis.com/compute/v1/projects/learnstoresg/global/firewalls/intranet2?requestId=00000000-0000-0000-0000-000000000033' \
--header 'Authorization: Bearer [YOUR_BEARER_TOKEN]' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"allowed":[{"IPProtocol":"TCP","ports":["4033","4016"]}],"sourceRanges":["101.127.7.227"]}' \
--compressed
Anyone has an example of php script for google firewall or can help me convert this CURL statement into a php script?

GoCD POST requests return "The resource you requested was not found!"

I have GoCD instance and want to automate regular actions like scheduling pipelines and checking pipelines statuses using GoCD API.
When I do GET request it works:
curl 'https://gocd.demo.kagarlickij.com/go/api/pipelines/frankenstein/status' \
-u 'kagarlickij:Pa$$w0rd' | jq
..but when I do POST request it returns "The resource you requested was not found!":
curl 'https://gocd.demo.kagarlickij.com/go/api/pipelines/frankenstein/pause' \
-u 'kagarlickij:Pa$$w0rd' \
-H 'Accept: application/vnd.go.cd.v1+json' -H 'Content-Type: application/json' \
-X POST -d '{"pause_cause": "Investigating build failures"}' | jq
..another POST example:
curl 'https://gocd.demo.kagarlickij.com/go/api/pipelines/frankenstein/schedule' \
-u 'kagarlickij:P#$$w0rd' \
-H 'Accept: application/vnd.go.cd.v1+json' -H 'Content-Type: application/json' \
-X POST -d #gocd.json | jq
json content:
{
"environment_variables": {},
"materials": {},
"update_materials_before_scheduling": false
}
Any ideas how pipelines could be started using API?
Some GoCD API calls require 'Confirm': 'true' header.
In you case, you can try running curl like this:
curl 'https://gocd.demo.kagarlickij.com/go/api/pipelines/frankenstein/pause' \
-u 'kagarlickij:Pa$$w0rd' \
-H 'Accept: application/vnd.go.cd.v1+json' \
-H 'Content-Type: application/json' \
-H 'Confirm: true' \
-X POST -d '{"pause_cause": "Investigating build failures"}' | jq
I can recommend my lib yagocd for GoCD, which takes cares about version incompatibilities and makes working with GoCD API much easier.
The answer turned out to be very simple - that API actions require GoCD v18.2.0 but I had v18.0.0
After upgrade API calls work as expected

Get image list using Orange Cloud API

Using the endpoint /folders of the Orange Cloud API, I can only get the listing of the files in the main directory:
curl -X GET -H "X-Orange-CA-ESID: OFR-2588c...2e64f249ab" -H \
"Authorization: Bearer OFR-2588c...2e64f249ab" \
https://api.orange.com/cloud/v1/folders/Lw
How could I get photos entries only, including the ones in subdirectories?
You can get all photos this way:
curl -X GET \ -H \
-H "Authorization: Bearer OFR-948ef5..." \
"https://api.orange.com/cloud/v1/folders?filter=image&flat=true"
By the way, the session header is no more necessary
https://developer.orange.com/apis/cloud-france/getting-started#filtering-on-photos,-videos,-audio-files