I am having trouble configuring my microgateway instance to proxy requests on to a simple api co-located on my machine.
I am using the tutorials as a starting point, however, I am encountering the following in my attempts to get the setup working:
-
The gateway reports ‘warning: no products found in org’ when started but the proxies are downloaded correctly. Should the product names be also prefixed with edgemicro_ (even then they are not downloaded) See attached file for output.
-
I am forced to present an API key even after explicitly disabling security as per guides. The metrics are submitted to Edge and I can see that edgemicro-oauth is being invoked. Should this be the case?
-
Is functionality restricted based on the type of Apigee account?
I am hoping someone can point me in the right direction.
The attached file has a log of the output from several commands run during my experimentation.
David
output-messages.txt
@David Silcott
From the text file everything appears to be fine. The default configuration contains:
oauth:
allowNoAuthorization: false
allowInvalidAuthorization: false
I see from the text file you have:
{"error":"missing_authorization","error_description":"Missing Authorization header"}
Since the default is to require OAuth, your calls are failing. To get an OAuth token, you need to create an API Product and a Developer App. The API Product need not follow any naming convention. If you want to test without API Products, then set the two values above to “true”.
@Srinandan Sridhar
Thank you. Your suggestion helped me verify I can call through to the backend service via the micro gateway.
However, after resetting the two values to “false” and restarting my gateway I am still unable to use my apki key to hit the backend service.
I’ve created an API Product and Developer App. I’ve also associated both edgemicro-oauth and edgemicro_sample proxies with the product.
The following error with a 403 HTTP status code is returned when I attempt to hit the endpoint.
{"error":"access_denied"}
I followed instructions at:
http://docs.apigee.com/microgateway/latest/edge-microgateway-tutorial#part4secureedgemicrogateway-securingtheapiwithanapikey
David
1 Like
@David Silcott have you get any solution for above problem, as i also facing same issue
@bharat no I have not. I was unable to do much over the past 2 days. Hoping I’ll be more successful over the next few days.
Hey @David Silcott,
What resources are included in the API Product that you created? Did you explicit list all of your resources or did you use /? If you used / then microgateway should allow all of your requests to go through.
Hi @swilliams
I just had a look at my product configuration and I only have / listed. It seems as if I managed to omit /** when recreating the product after multiple failed attempts to get the gateway to download it
I’ll have a go at changing to /** and let you know if that did it.
@swilliams
Using /** does not change the behaviour of the gateway, I still get {“error”:“access_denied”} . The problem has to be with the fact that the micro gateway reports the following when the it starts up
info: products download from [https://mycompany-test.apigee.net/edgemicro-auth/products](https://mycompany-test.apigee.net/edgemicro-auth/products) returned 200 OK
info: jwt_public_key download from [https://mycompany-test.apigee.net/edgemicro-auth/publicKey](https://mycompany-test.apigee.net/edgemicro-auth/publicKey) returned 200 OK
info: config download from [https://edgemicroservices-us-east-1.apigee.net/edgemicro/bootstrap/organization/mycompany/environment/test](https://edgemicroservices-us-east-1.apigee.net/edgemicro/bootstrap/organization/mycompany/environment/test) returned 200 OK
downloaded proxies [ { apiProxyName: 'edgemicro_sample',
revision: '1',
proxyEndpoint: { name: 'default', basePath: '/sample-api' },
targetEndpoint: { name: 'default', url: 'http://172.20.0.156:5000' } } ]
warning: no products found in org
downloaded jwt_public_key '-----BEGIN CERTIFICATE-----***-----END CERTIFICATE-----'
Note the line, warning: no products found in org
Based on what I am being told it seems as if the gateway should simply download any product associated with proxies prefixed with edgemicro_?
Are my assumptions correct?
@David Silcott, EM should download all products (regardless of which the proxies contained within them are named). Since no products are being downloaded, I suspect perhaps you don’t have access to products.
What do you get when you try this?
curl -v -X GET [https://{org}-{env}.apigee.net/edgemicro-auth/products](https://{org}-{env}.apigee.net/edgemicro-auth/products)
@Srinandan Sridhar
The result of running curl -v -X GET https://{org}-{env}.apigee.net/edgemicro-auth/products is as follows
Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying 52.21.237.121...
* TCP_NODELAY set
* Connected to mycompany-test.apigee.net (52.21.237.121) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Unknown (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: OU=Domain Control Validated; CN=*.apigee.net
* start date: Jan 13 17:25:54 2016 GMT
* expire date: Apr 9 06:37:10 2019 GMT
* subjectAltName: host "mycompany-test.apigee.net" matched cert's "*.apigee.net"
* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
* SSL certificate verify ok.
> GET /edgemicro-auth/products HTTP/1.1
> Host: mycompany-test.apigee.net
> User-Agent: curl/7.50.3
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Mon, 03 Oct 2016 17:57:11 GMT
< Content-Type: text/html
< Content-Length: 2
< Connection: keep-alive
< X-Powered-By: Express
< Server: Apigee Router
<
* Curl_http_done: called premature == 0
* Connection #0 to host mycompany-test.apigee.net left intact
{}
Another question, does the fact I am using a free account matter? I am still evaluating Apigee
Actually all of your products should be downloaded. If you get the message that “no products are found,” then I wonder if something went wrong during the initialization.
Also, check to make sure that the product you created was defined in the same environment that you are using the start Edgemicro. When you create a product you have to select the environment.
So if you are trying to start edgemicro for the test environment
i.e.
edgemicro start -o orgname -e test -k key -s secret
Then view the product that you are using and make sure that test is selected as the environment.
You can use Edgemicro with a free account. I use it to connect successfully to my free cloud org.
@swilliams @Srinandan Sridhar
I have verified that both the proxy and the product are defined in the test environment. And all my attempts were with the edgemicro start -o orgname -e test -k key -s secret command.
I am using edgemicro 2.1.1 (installed from an npm package) and nodejs v6.6.0
What does your environment look like?
I’m using a Mac with Node.js v 6.1.0 with Edgemicro v2.1.1 installed via NPM.
I also have an Oracle Virtual Box VM with Centos 7 and Node LTS 4.x with Edgemicro v2.1.1 installed via NPM running it as well. (https://github.com/swilliams11/edgemicro)
It sounds like you have everything configured correctly. The other thing that I could recommend is deleting the Edgemicro OAuth proxy in your cloud org and deleting your ~/.edgemicro folder and running edgemicro init again and then try starting it again.
@swilliams
The same thing happens. I’ve also observed that after deleting the edgemicro-auth proxy and having the init process recreate it, the historical metrics gathered against the previous instance of the proxy still exist.
If you grant me access to your org, I can try to run it from my machine and I could also review your product/app.
@swilliams
How do I go about granting you access to my org? I’ve configured a second apigee account, this time for personal use and the same thing is happening. I guess I am missing something quite subtle.
Click the “Admin” menu at the top of the screen, then click “Organization Users”.
Click “+ User” and add my Apigee email address. I will receive a notification that I was added to a new org.
Done. Let me know if you have access
@David Silcott Thanks, but I need to be an org administrator to run Edgemicro against it. Can you change my role to Org Admin?