Tykdash 0.9.7.0: /admin routes in rest api are all not found

Imported Google Group message. Original thread at: Redirecting to Google Groups Import Date: 2016-01-19 21:40:16 +0000.
Sender:Russ Egan.
Date:Monday, 4 January 2016 18:31:18 UTC.

I’m running tyk 1.9 alongside tykdash 0.9.7.0, and was playing with the various REST APIs. In particular, I was trying to use tykdash’s “advanced management APIs”. I’m able to use all the APIs with the prefix “/api/”, but the “/admin/” ones all return not found.

I’ve tried setting the “admin-auth” header to the “admin_secret” in the conf file (not sure what this does). I also tried creating a super user with no org, and using that user’s API access key in the admin-auth header, but still get not found. I trying to hit GET /admin/users, /admin/users/, /admin/organizations, and /admin/origanizations/. All not found.

Interesting, /admin/system/reload does work (when I use the admin_secret for the admin-auth header).

Is there some undocumented .conf file setting to turn on that API? Or was it removed in 1.9?

Imported Google Group message.
Sender:Martin Buhr.
Date:Monday, 4 January 2016 23:14:49 UTC.

Hi Russ,

[I’ve copied this message thread back to the user group so it’s available for the whole community.]

You can get a list of orgs, that endpoint supports the GET method.

If you create a super user, that user can list all users (as its unbounded). The create call returns the users API token.

If you create a random super user, use it’s token for the bootstrap tasks needed, then delete it, then you have indempotence and can still guarantee a single admin user so long as you clean up after yourself.

Take a look at our setup script for docker instances, it would need extending, but you can do something similar to check for an existing admin user: https://github.com/lonelycode/tyk_quickstart/blob/master/setup.sh

It’s not ideal and we’re constantly adding to the admin API (it used to only allow creates for orgs and users to facilitate bootstrapping), so this is on the roadmap.

Cheers,
Martin


From: Russ Egan [email protected]
Sent: Monday, January 4, 2016 22:52
Subject: Re: tykdash 0.9.7.0: /admin routes in rest api are all not found
To: Martin Buhr [email protected]

I see. I guess the same is true for the organizations. This makes the api fairly difficult to use. You need the user uid to get or update an existing user, and the create call doesn’t return that. And you can call create over and over again with the same body, and it will create duplicate users instead of returning an error. I’m trying to write an idempotent deployment script that checks whether an admin user is created yet and creates it if necessary, but it doesn’t look like it possible to implement this with the current API.

On Mon, Jan 4, 2016 at 2:41 PM -0800, “Russ Egan” [email protected] wrote:

curl -X “GET” " http://192.168.157.151:3000/admin/users/"
-H "admin-auth: 12345”

is also not found (that ip is my docker-machine). But this works:

curl -X “GET” " http://192.168.157.151:3000/admin/system/reload"
-H “admin-auth: 12345”

On Mon, Jan 4, 2016 at 5:38 PM Martin Buhr < [email protected]> wrote:
Ah, just checked out the code again - the endpoints need a trailing slash on the admin APIs, our muxer is quite strict.

Cheers,
Martin

Imported Google Group message.
Sender:Russ Egan.
Date:Monday, 4 January 2016 18:46:57 UTC.

Hi Russ,

The advanced API runs on the same process as the dashboard, so you’ll need to target the dashboard port for those admin endpoints, not the gateway.

For admin endpoints, you’ll need to use the admin secret that is in the tyk_analytics.conf file and set the appropriate auth header.

Hope that helps :slight_smile:

Cheers,
Martin


From: Russ Egan [email protected]
Sent: Monday, January 4, 2016 18:31
Subject: tykdash 0.9.7.0: /admin routes in rest api are all not found
To: Tyk Community Support [email protected]

  • show quoted text -


You received this message because you are subscribed to the Google Groups “Tyk Community Support” group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion on the web, visit https://groups.google.com/d/msgid/tyk-community-support/9c6a31f0-7fd4-46fe-8413-314c6c4d940c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Imported Google Group message.
Sender:Martin Buhr.
Date:Monday, 4 January 2016 21:07:33 UTC.

Thanks. I am targeting the dashboard part, and using the admin secret from tyk_analytics.conf. That allows to hit GET http://localhost:3000/admin/system/reload. But http://localhost:3000/admin/users is still not found.

Imported Google Group message.
Sender:Russ Egan.
Date:Monday, 4 January 2016 22:38:03 UTC.

Ah, just checked out the code again - the endpoints need a trailing slash on the admin APIs, our muxer is quite strict.

Cheers,
Martin

On Mon, Jan 4, 2016 at 1:07 PM -0800, “Russ Egan” [email protected] wrote:

Thanks. I am targeting the dashboard part, and using the admin secret from tyk_analytics.conf. That allows to hit GET http://localhost:3000/admin/system/reload. But http://localhost:3000/admin/users is still not found.


You received this message because you are subscribed to the Google Groups “Tyk Community Support” group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion on the web, visit https://groups.google.com/d/msgid/tyk-community-support/aeb4caca-397f-47ac-a84c-6b3137b37a80%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Imported Google Group message.
Sender:Martin Buhr.
Date:Monday, 4 January 2016 22:46:03 UTC.

Ah, that’s an error on our part.

The admin endpoint for users does not support a GET only POST. (Get works on individual ids though).

I just noticed that it’s right there in the docs when it shouldn’t be, we never enabled that method for the admin API.

Will fix the docs tomorrow :-/

Apologies for the confusion,

Martin

  • show quoted text -

Imported Google Group message.
Sender:Martin Buhr.
Date:Tuesday, 5 January 2016 18:59:09 UTC.

Thanks, that helps a lot.

  • show quoted text -