TIB: unsupported protocol scheme

Michael_Kinsley · March 19, 2018, 7:42pm

Background

Working/running Tyk GW , Tyk Dashboard
We’ve stood up a TIB instance
Connectivity verified between dashboard and TIB via shell + curl
Config supplied via ENV vars: TYK_DB_TIB_ENABLED, TYK_DB_HOST_SECRET, TYK_DB_HOST_CONNECTIONSTRING per documentation (//tyk.io/docs/tyk-dashboard/configuration/)

Exptected

Dashboard should use TYK_DB_HOST_CONNECTIONSTRING env var for hitting tib api/profiles endpoint

Observed

Unsupported protocol scheme: “” (empty string) error
No logs in TIB indicate failed connections from the UI

Details / Debugging

# config dashboard via env vars... 
root@tyk-dashboard-6d88b6dcbb-q97rq:/opt/tyk-dashboard# env | grep TYK_DB
TYK_DB_TIB_ENABLED=true
TYK_DB_HOST_SECRET=352d20ee67be67f6340b4c0605b044b7
TYK_DB_HOST_CONNECTIONSTRING=http://tyk-tib:3010

# we can successfully curl using env vars running TIB instance
root@tyk-dashboard-6d88b6dcbb-q97rq:/opt/tyk-dashboard# curl -H "Authorization: ${TYK_DB_HOST_SECRET}" ${TYK_DB_HOST_CONNECTIONSTRING}/api/profiles
{"Status":"ok","ID":"","Data":[]}

# let's give it bad credentials now... 
root@team-apeng-tyk-tyk-dashboard-6d88b6dcbb-q97rq:/opt/tyk-dashboard# curl -H "Authorization: ${TYK_DB_HOST_SECRET}x" ${TYK_DB_HOST_CONNECTIONSTRING}/api/profiles
{"Status":"error","Error":"Authorization failed"}

# dashboard UI failures whebn interacting with TIB.... is there a mismatch between env vars? 
time="Mar 19 18:59:36" level=warning msg="Login opened from: 127.0.0.1:39550" 
time="Mar 19 18:59:48" level=warning msg="Successful login ([email protected]) from: 127.0.0.1:39554" 
time="Mar 19 19:02:23" level=error msg="TIB: Request failed: Get /api/profiles: unsupported protocol scheme \"\"" 
time="Mar 19 19:04:42" level=error msg="TIB: Request failed: Get /api/profiles: unsupported protocol scheme \"\"" 
time="Mar 19 19:05:01" level=error msg="TIB: Request failed: Post /api/profiles/NTVhOTdjZDgtZDM0Ni00OTJmLTc2ZWQtNGU2ZGU5MTlmZWI4: unsupported protocol scheme \"\""

# TIB logs... when we auth fail via curl we see it in the logs... 
time="2018-03-19T17:56:15Z" level=info msg="Tyk Identity Broker v0.3" 
time="2018-03-19T17:56:15Z" level=info msg="Copyright Martin Buhr 2016\n" 
time="2018-03-19T17:56:15Z" level=debug msg="[MAIN] Settings Struct: {{http://tyk-gateway 8181 352d20ee67be67f6340b4c0605b044b7} {http://tyk-dashboard 3000 12345}}" 
time="2018-03-19T17:56:15Z" level=info msg="[MAIN] Initialising Profile Configuration Store" 
time="2018-03-19T17:56:15Z" level=info msg="[IN-MEMORY STORE] Initialised" 
time="2018-03-19T17:56:15Z" level=info msg="[MAIN] Initialising Identity Cache" 
time="2018-03-19T17:58:26Z" level=info msg="[REDIS STORE] Initialised" 
time="2018-03-19T17:58:26Z" level=info msg="[FILE LOADER] Loaded: 0 profiles from /etc/tyk-profiles/profiles.json" 
time="2018-03-19T17:58:26Z" level=info msg="[MAIN] Broker Listening on :3010" 
time="2018-03-19T18:21:23Z" level=error msg="[API] Authorization failed: Header mismatch"

Martin · March 19, 2018, 9:17pm

The last two need a prefix as they aren’t setting the config variable:

TYK_DB_TIB_HOST_SECRET, TYK_DB_TIB_HOST_CONNECTIONSTRING

That might be where the issue is…

M.

Michael_Kinsley · March 20, 2018, 4:20am

Thanks Martin,

That works much better. I thought that naming seemed a bit suspicious. PR to fix the docs here:

Fix TIB env var refs by mkinsley · Pull Request #360 · TykTechnologies/tyk-docs · GitHub.

-M