Organisation key quota is full or exceeded


#1

Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/BQ0viSA_mHI Import Date: 2016-01-19 21:11:25 +0000.
Sender:Jayadatta Vallabhaneni.
Date:Thursday, 7 May 2015 05:57:29 UTC+1.

Hi Martin,

I am getting the below error when trying to create any key. Attached are the gateway and portal configs that i am using. Could you please check if there is anything that i am missing? I am using v0.9.4.3 version of dashboard.

"Organisation key quota is full or exceeded "

Error from log:
[2 ms] 200 ‘/api/apis’
time=“2015-05-07T04:52:18Z” level=error msg=“API Request failed!”
404 page not found

Thanks,
~Jay


#2

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 7 May 2015 10:05:31 UTC+1.

Hi Jay,

So we thought this through some more, and it looks like this was part of a feature that wasn’t cleaned up when we introduced hashed keys, and therefore completely useless in it’s context.

I’ve pushed a hotfix - dashboard v0.9.4.4, the docker hub image is currently building and you can d/l it from our github repo.

This version removes the organisation level key limit, and replaces it with an organisation-level developer limit and has nothing to do with how APIs are configured or what keys are in Redis, this means if you are managing an organisations portal, you can set a limit on the number of devs they can sign up (but not how many keys they can issue).

This should sort out the issue for you :slight_smile:

Let me know if anything else goes awry…

Cheers,
Martin

  • show quoted text -

#3

Imported Google Group message.
Sender:Jayadatta Vallabhaneni.
Date:Thursday, 7 May 2015 06:26:33 UTC+1.

Hi Jay,

This error is within the dashboard, I have a feeling that you may have run into a quite obscure bug.

Are any of your API definitions marked as keyless?

Would suggest to view the log output of the dashboard container, if you see “failed to get user keys” then Tyk Is trying to enforce a key quota on the organisation but using an keyless API to do so, there is a workaround, but we’d need to confirm it first.

Thanks,
Martin


#4

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 7 May 2015 06:40:46 UTC+1.

Hi Martin,

I only have one API created and it has Auth Token as authentication mode. I tried to create the key for this API and this error came up. Below is log snippet of the error.

time=“2015-05-07T05:38:32Z” level=error msg=“API Request failed!”
404 page not found

time=“2015-05-07T05:38:32Z” level=error msg="20 "
time=“2015-05-07T05:38:32Z” level=error msg=“Key request failed”
time=“2015-05-07T05:38:32Z” level=error msg=“Failed to get user keys”
[4 ms] 400 ‘/api/keys’

Thanks,
Jay

  • show quoted text -

#5

Imported Google Group message.
Sender:Jayadatta Vallabhaneni.
Date:Thursday, 7 May 2015 06:49:36 UTC+1.

Hi Jay,

Hmm, I see - are you creating the key with a super user (no org)?

Thanks,
Martin


#6

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 7 May 2015 06:53:45 UTC+1.

nope. User is assigned to an org.

Trying to do the clean-up by deleting the keys from Mongo & Redis. Will let you know.

~Jay

  • show quoted text -

#7

Imported Google Group message.
Sender:Jayadatta Vallabhaneni.
Date:Thursday, 7 May 2015 07:16:28 UTC+1.

Odd.

This error occurs because Tyk is trying to check if the users organisation has oversubscribed - it is possible to set key quotas by organisation.

It does this by counting the keys that it can access from the first API in the organisations list of API’s (the tyk_organisations collection in Mongo).

If this API is open then there is no auth handler associated, which can break some key lookups - we spent a whil trying to find them all.
You could re-order that API list for the orgs and see if it fixes the error…

Will investigate on this end, looks like it may need a patch.
Thanks,
Martin


#8

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 7 May 2015 15:08:59 UTC+1.

Thanks Martin for the quick fix.

Yes, i tried to create the keys by disabling hash_keys value in the config file.

Deploying the new version. Will let you know how it goes.

~Jay

  • show quoted text -