Tyk crash while creating a new key via gw API

Etheraap · May 26, 2016, 8:33pm

Hello,

I’m setting up tyk in a gateway-only fashion. When I try to add a key the tyk-gateway crashes completely.

The gateway seems to work at first, creating new API’s work.
But when try to add a key as described in $link1 the whole gateway goes down.

link1: https://tyk.io/docs/tyk-api-gateway-v-2-0/tutorials/set-up-your-first-api/

version: tyk-gateway-2.0.0.0-1

log:
May 26 22:23:04 my_server tyk[50582]: 2016/05/26 22:23:04 http: panic serving 127.0.0.1:52390: runtime error: invalid memory address or nil pointer dereference
May 26 22:23:04 my_server tyk[50582]: goroutine 23 [running]:
May 26 22:23:04 my_server tyk[50582]: net/http.(*conn).serve.func1(0xc82033f400)
May 26 22:23:04 my_server tyk[50582]: /usr/local/go/src/net/http/server.go:1389 +0xc1
May 26 22:23:04 my_server tyk[50582]: panic(0xc55920, 0xc82000e0b0)
May 26 22:23:04 my_server tyk[50582]: /usr/local/go/src/runtime/panic.go:426 +0x4e9
May 26 22:23:04 my_server tyk[50582]: main.createKeyHandler(0x7f2cb36314e8, 0xc82011a820, 0xc82007a540)
May 26 22:23:04 my_server tyk[50582]: /home/tyk/go/src/github.com/lonelycode/tyk/api.go:1316 +0x141b
May 26 22:23:04 my_server tyk[50582]: main.CheckIsAPIOwner.func1(0x7f2cb36314e8, 0xc82011a820, 0xc82007a540)
May 26 22:23:04 my_server tyk[50582]: /home/tyk/go/src/github.com/lonelycode/tyk/middleware_api_security_handler.go:24 +0xe1
May 26 22:23:04 my_server tyk[50582]: net/http.HandlerFunc.ServeHTTP(0xc8202bcc50, 0x7f2cb36314e8, 0xc82011a820, 0xc82007a540)
May 26 22:23:04 my_server tyk[50582]: /usr/local/go/src/net/http/server.go:1618 +0x3a
May 26 22:23:04 my_server tyk[50582]: github.com/gorilla/mux.(*Router).ServeHTTP(0xc820240b40, 0x7f2cb36314e8, 0xc82011a820, 0xc82007a540)
May 26 22:23:04 my_server tyk[50582]: /home/tyk/go/src/github.com/gorilla/mux/mux.go:98 +0x29e
May 26 22:23:04 my_server tyk[50582]: net/http.(*ServeMux).ServeHTTP(0xc820054ba0, 0x7f2cb36314e8, 0xc82011a820, 0xc82007a540)
May 26 22:23:04 my_server tyk[50582]: /usr/local/go/src/net/http/server.go:1910 +0x17d
May 26 22:23:04 my_server tyk[50582]: net/http.serverHandler.ServeHTTP(0xc8204b5200, 0x7f2cb36314e8, 0xc82011a820, 0xc82007a540)
May 26 22:23:04 my_server tyk[50582]: /usr/local/go/src/net/http/server.go:2081 +0x19e
May 26 22:23:04 my_server tyk[50582]: net/http.(*conn).serve(0xc82033f400)
May 26 22:23:04 my_server tyk[50582]: /usr/local/go/src/net/http/server.go:1472 +0xf2e
May 26 22:23:04 my_server tyk[50582]: created by net/http.(*Server).Serve
May 26 22:23:04 my_server tyk[50582]: /usr/local/go/src/net/http/server.go:2137 +0x44e
May 26 22:23:11 my_server tyk[50582]: time=“May 26 22:23:11” level=info msg=“Starting Poller”

The logs don’t seem to produce more useful information, please let me know if i can do anything to make my information more complete.

Many thanks!

Martin · May 27, 2016, 8:42am

What are you running in? that stack trace should have file references in it, without the full stack trace we’ll have a problem isolating the issue

Etheraap · May 27, 2016, 9:00am

My logs got shortened while pasting here somehow, here it looks better;

log: http://pastie.org/pastes/10854592/text
tyk.conf: http://pastie.org/pastes/10854597/text

based on other crash posts i can add to this that Redis runs and functions as expected, and no other process tries to claim port 8080

Martin · May 27, 2016, 9:46am

I think your problem is that your policies are not loading because it’s misconfigured, this is the relevant line:

level=error msg="Couldn't load policy file: open policies: no such file or directory"

When you created the token, did you try to add a policy?

Etheraap · May 27, 2016, 10:12am

While creating a token i did not refer to a policy. In my policy directory i have one default policy loaded:

{
        "default": {
                "rate": 1000,
                "per": 1,
                "quota_max": 100,
                "quota_renewal_rate": 60,
                "access_rights": {
                        "41433797848f41a558c1573d3e55a410": {
                                "api_name": "My API",
                                "api_id": "41433797848f41a558c1573d3e55a410",
                                "versions": [
                                        "Default"
                                ]
                        }
                },
                "org_id": "54de205930c55e15bd000001",
                "hmac_enabled": false
        }
}

In order to create a first token i used this exact example:


curl -H "x-tyk-authorization: 352d20ee67be67f6340b4c0605b044b7"\
 -s\
 -H "Content-Type: application/json"\
 -X POST\
 -d '{
    "name": "Test API",
    "slug": "test-api",
    "api_id": "1",
    "org_id": "53ac07777cbb8c2d53000002",
    "auth": {
        "auth_header_name": "Authorization"
    },
    "definition": {
        "location": "header",
        "key": "x-api-version"
    },
    "version_data": {
        "not_versioned": true,
        "versions": {
            "Default": {
                "name": "Default",
                "use_extended_paths": true
            }
        }
    },
    "proxy": {
        "listen_path": "/my-api/",
        "target_url": "http://httpbin.org/",
        "strip_listen_path": true
    },
    "active": true,
    "domain": ""
 }'\
 http://{my_server}:8080/tyk/apis/ | python -mjson.tool

Martin · May 27, 2016, 10:46am

Ok, you will need to put a fully qualified path in the tyk.conf to point at your policies.json file as it is not being loaded.

This API ID doesn’t exist? If you followed the example the API ID would be 1? In fact in your API creation call you specify the API ID to be 1, so your access rights need to match.

The example you quote creates an API, not a token - I’m assuming this is a typo and you meant:

curl -H "x-tyk-authorization: 352d20ee67be67f6340b4c0605b044b7"\
 -s\
 -H "Content-Type: application/json"\
 -X POST\
 -d '{
    "allowance": 1000,
    "rate": 1000,
    "per": 1,
    "expires": -1,
    "quota_max": -1,
    "quota_renews": 1449051461,
    "quota_remaining": -1,
    "quota_renewal_rate": 60,
    "access_rights": {
        "1": {
            "api_id": "1",
            "api_name": "Test API",
            "versions": ["Default"]
        }
    },
    "meta_data": {}
 }'\
 http://{YOUR-GATEWAY-HOSTNAME}:8080/tyk/keys/create | python -mjson.tool

Etheraap · May 27, 2016, 11:36am

According to step 5 from: https://tyk.io/docs/tyk-api-gateway-v-2-0/tutorials/set-up-your-first-api/ that is how i should create a key / token for my api.

In the example configs i see only how policies are defined in mongodb (“policy_source”: “mongo”, “policy_record_name”: “tyk_policies”) or the dashboard (policy_source: service, “policy_connection_string”: “http://localhost:3000”).

The policy section from the tyk.conf docs https://tyk.io/docs/tyk-api-gateway-v-2-0/configuration/gateway-configuration-options/ don’t mention any file-based policy path.

Is there another place where I should find that?

Just for my understanding a ‘key’ == ‘token’, correct?

Martin · May 28, 2016, 1:47pm

Step 5 is exactly what I quoted in my response. This is what you put:

They are clearly different. So I assume it was a typo

Either way, if you created an API using this call, then it’s ID is 1, and you must create the token (yes, key) with the same ID in the access rights section this is exactly like the tutorial, where access rights is clearly set to ID 1

As I said in the previous post, change policy_record_name from “policies” to “/path/to/your/policies.json”.

We’ll make that clearer in the docs.