I’ve successfully installed TYK Gateway and Dashboard with SSL, everything is working fine. Now, my goal is to implement my own custom middleware handler, this is in C# and I started looking at GitHub - TykTechnologies/tyk-plugin-demo-dotnet: Tyk rich plugin demo, using a gRPC backend written in C# / .NET.. One of the prerequisites is to have tyk-cli installed and working. In the TYK gateway folder I do see the tyk-cli there but I’m not able to run any commands against it. Ubuntu responds with “Command not found”. I also tried installing tyk-cli using go get, but doing a get for tyk-cli results in multiple errors like “root/go/src/golang.org/x/sys/unix/syscall_solaris.go:147: too many errors”. Am i missing something here?
You might need to chmod the binary we ship with +x, also since it is not installed, you must run it from the path it is in, or add it to your /usr/bin folder.
I am trying to run it from the installation path /opt/tyk-gateway/utils itself. The go version is
“go version go1.2.1 linux/amd64” and the ubuntu version is 14.04.5 LTS. I did chmod -x tyk-cli, but even that had the same results, command not found.
I apologize in advance if I’m asking very basic Ubuntu related questions. I’m very new to this environment.
This is correct for gRPC plugins, we keep this for compatibility with our plugin architecture and only the manifest is used from this file. The rest occurs on your side, because you need to deploy the gRPC server separately, Tyk will just connect with it, so:
The bundle defines the hook types and function names.
You need to deploy the gRPC server on your own and modify tyk.conf to use its URL (this is in the docs, here).
When Tyk starts, it will connect to your gRPC server.
When you configure an API to use your plugin bundle, Tyk will call the functions that are specified in your bundle, using the gRPC connection that was established before.
I’ve now setup gRPC, i’m running it from console as of now, and it is indeed working fine and listening to port 5555. However, I have another issue now, I have setup everything and added a test API as well. I’ve added correct settings to tyk.conf and added bundle name to the API configuration. with authentication set to Plugin. However, any request to this API now results in “Session state is missing or unset! Please make sure that auth headers are properly applied” .I tried accessing this using POSTMAN. Any specific key value pair or other info I need to add to the header for this to work. I expected it to return “Unauthorized” or “Forbidden” via 403 or 401 response if no Token is provided.
Actually, I did shut down the gRPC server and still had the same result, so it appears like TYK is expecting some information in a particular format.
The only output from gRPC server is, “Listening on Port 5555”, as I mentioned in my previous post, i started receiving this message the moment I set the Authentication for my API to “Plugin”, if i set it back to “Open (Keyless)”, it works fine. This behavior is irrespective of the gRPC server turned ON or OFF. Hence, I feel this is something to do with some setting in the API Config or TYK.conf.
One interesting note, if I set the authentication to Plugin and gRPC server is off, I immediately receive an error in the Gateway log, about unable to connect to gRPC server, when the server is turned ON I don’t see this error, proving that it is indeed able to connect to the gRPC server. But always throws the error about session state when the API is hit.
Yes, I’m running it without any modification. The only change I did was to Auth.cs to skip connection checking and returning true for every request without validation. The bundle zip file is being hosted on a separate IIS server and the settings have been updated in TYK.conf as bundle base url, this is all setup and correctly working. The grpc server is running on port 5555 and the gateway logs show this error
“e[90m[Aug 28 11:45:27]e[0m e[31mERRORe[0m e[36mjsvm:e[0m Failed to decode middleware request data on return from VM: invalid character ‘u’ looking for beginning of value
e[90m[Aug 28 11:45:27]e[0m e[31mERRORe[0m e[36mgateway:e[0m request error: Session state is missing or unset! Please make sure that auth headers are properly applied. e[31mapi_ide[0m=5c375555a7f44d717df9a8caf1137394 e[31morg_ide[0m=5991fe917d56342516bcb731 e[31mpathe[0m=/ip e[31mserver_namee[0m=http://httpbin.org/ e[31muser_ide[0m= e[31muser_ipe[0m=10.201.11.35”
Following is the code.
public static void Init() {
Console.WriteLine(“Initializing AuthLayer. Setting to True”);
try {
var builder = new ConfigurationBuilder().AddJsonFile("settings.json");
var config = builder.Build();
connectionString = config["connection_string"];
} catch {
Console.WriteLine("No settings.json file exists, check settings.sample.json! Auth middleware will be disabled.");
return;
}
// try {
// connection = new SqlConnection(connectionString);
// connection.Open();
// active = true;
// } catch {
// Console.WriteLine("Couldn't establish a database connection! Authentication middleware will reject all the requests.");
// }
}
public static Dictionary<string, string> Authenticate(string token) {
// var query = “SELECT id, username FROM users WHERE token = @TOKEN”;
// SqlCommand cmd = new SqlCommand(query, connection);
// cmd.Parameters.Add("@TOKEN", SqlDbType.VarChar);
// cmd.Parameters["@TOKEN"].Value = token;
// var found = false;
// var userData = new Dictionary<string,string>();
// using (SqlDataReader reader = cmd.ExecuteReader())
// {
// while (reader.Read())
// {
// userData.Add("id", reader.GetInt32(0).ToString());
// userData.Add("username", reader.GetString(1));
// found = true;
// }
// }
// if (!found) {
// return null;
// }
Console.WriteLine("Returning True for all authentication requests");
var userData = new Dictionary<string,string>();
return userData;
Thanks @matiasb, that would be very helpful. Also, FYI, we are doing a technical POC for API Gateway Management, and TYK stood at top of our list. We have a custom authentication in our system and your plugin model allows us to accommodate this requirement seamlessly. Hence, it is of utmost importance that when we present this POC to our client we have it working. Just this feature alone would become the deciding factor for our client.
I just Exported my API and see the following section, the auth_check section is null. Is it that when Bundle.zip is provided, these settings are overridden, or is there a way to change these to point to actual function names?