Spring cloud gateway accepts id in route builder. I am not able to figure it out what is the use of id in route builder.
spring:
cloud:
gateway:
routes:
- id: my_route
uri: http://localhost:8081
predicates:
- Cookie=mycookie,mycookievalue
- id: my_route
uri: http://localhost:8081
predicates:
- Cookie=mycookie,mycookievalue1
both of the above routes work properly. I am not sure what`s the use of id then? my assumption was id should be unique across routes.
Related
I am trying to use wso2 as an authorization server with ouath2. I referred to the below links
Link
As mentioned in the link Google authenticator is used but can I use wso2 instead of google?
I have created a service provider in wso2 -> then select oauth/opendID connect configuration -> used the client ID and secret to create oauth2 image. But I am not sure what provider name I have to give.
spec:
containers:
- args:
- --provider=wso2
- --email-domain=*
- --upstream=file:///dev/null
- --http-address=0.0.0.0:4180
env:
- name: OAUTH2_PROXY_CLIENT_ID
value: 0UnfZFZDb
- name: OAUTH2_PROXY_CLIENT_SECRET
value: rZroDX6uOsySSt4eN
# docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));'
- name: OAUTH2_PROXY_COOKIE_SECRET
value: b'cFF0enRMdEJrUGlaU3NSTlkyVkxuQT09'
image: quay.io/pusher/oauth2_proxy:v4.1.0-amd64
and in the ingress, I have added the following annotations
nginx.ingress.kubernetes.io/auth-url: "http://oauth2-proxy.auth.svc.cluster.local:4180/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://identity.wso2.com:443/commonauth?rd=/"
but I am getting an authentication error.
Can use I wso2 as a authorization server similar the github or google?
for wso2, do I need to create an oauth2 image?
my k8s ingress annotations are correct (tried multiple values like start?rd=$escaped_request_uri etc)?
I'm currently getting a 413 Request Entity Too Large when posting something routing through a Spring Cloud Gateway. It works when the request body isn't larger than around 3MB.
Here is my application.yml (Scrubbed)
spring:
profiles:
active: prod
main:
allow-bean-definition-overriding: true
application:
name: my-awesome-gateway
cloud:
gateway:
default-filters:
- DedupeResponseHeader=Access-Control-Allow-Origin Access-Control-Allow-Credentials, RETAIN_UNIQUE
routes:
- id: my-service
uri: https://myservicesdomainname
predicates:
- Path=/service/**
filters:
- StripPrefix=1
- UserInfoFilter
- name: Hystrix
args:
name: fallbackCommand
fallbackUri: forward:/fallback/first
- name: RequestSize
args:
maxSize: 500000000 #***** Here is my attempt to increase the size
httpclient:
connect-timeout: 10000
response-timeout: 20000
This is the link I got RequestSize/args/maxSize from
https://cloud.spring.io/spring-cloud-static/spring-cloud-gateway/2.1.0.RELEASE/multi/multi__gatewayfilter_factories.html#_requestsize_gatewayfilter_factory
Edit:
The issue was with a Kubernetes Ingress Controller. I fixed the issue there and it's now working
it only compares Content-Length request header with specified limit, and rejects right away, i.e. it's not counting uploaded bytes
I am using Cloudformation to deploy resources. This includes a Cloudfront CDN and a RecordSet. I want this to create a new record set for a custom domain test.example.com, that will point to my Cloudfront CDN, which points to an S3 bucket. After successful deployment, I get the following error:
403 ERROR
The request could not be satisfied.
Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Testing using the Cloudfront Domain is successful. When I check the AWS console, the only thing I notice is that the Alternate Domain Names (CNAMEs) is empty:
When I populate that with the expected value test.example.com, the page loads just fine.
I have tried adding Aliases: test.example.com to the Cloudfront DistributionConfig but then I get a circular error with the RecordSet.
How can I have both the CDN and the RecordSet in Cloudformation, with the Alternate Domain Names (CNAMEs) populated?
Cloudfront:
Distribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
-
# Use the Website as the origin
DomainName: !GetAtt 'Website.DomainName'
Id: !Ref Website
S3OriginConfig:
OriginAccessIdentity: !Join [ '', [ 'origin-access-identity/cloudfront/', !Ref CloudFrontOriginAccessIdentity] ]
Enabled: true
HttpVersion: http2
DefaultRootObject: index.html
CustomErrorResponses:
- ErrorCode: 404
ResponseCode: 200
ResponsePagePath: /index.html
- ErrorCode: 403
ResponseCode: 200
ResponsePagePath: /index.html
DefaultCacheBehavior:
AllowedMethods:
- DELETE
- GET
- HEAD
- OPTIONS
- PATCH
- POST
- PUT
DefaultTTL: 60
ForwardedValues:
QueryString: true
Cookies:
Forward: none
# The origin id defined above
TargetOriginId: !Ref Website
ViewerProtocolPolicy: "redirect-to-https" # we want to force https
# The certificate to use when using https
ViewerCertificate:
AcmCertificateArn: arn:aws:acm:us-east-1:<id>:certificate/<certId>
MinimumProtocolVersion: TLSv1
SslSupportMethod: sni-only
DNS:
DNS:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: <<id>>
RecordSets:
- Name: test.example.com
Type: A
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt
- Distribution
- DomainName
Looks like it is successful when I add the following to the Cloudfront distribution:
Aliases:
- test.example.com
My mistake is I was previously referencing the DNS:
Aliases: !Ref DNS
which was incorrect and causing my circular dependency issue
I am trying to use serverless-offline to develop / simulate my API Gateway locally. My API gateway makes liberal use of the HTTP proxy integrations. The production Resource looks like this:
I have created a serverless-offline configuration based on a few documents and discussion which say that it is possible to define an HTTP Proxy integration using Cloud Formation configuration:
httpProxyWithApiGateway.md - Setting an HTTP Proxy on API Gateway by using Serverless framework.
Setting an HTTP Proxy on API Gateway (official Serverless docs: API Gateway)
I have adapted the above two configuration examples for my purposes, see below.
Have any tips, for what I might be doing wrong here?
plugins:
- serverless-offline
service: company-apig
provider:
name: aws
stage: dev
runtime: python2.7
resources:
Resources:
# Parent APIG RestApi
ApiGatewayRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Name: company-apig
Description: 'The main entry point of the APIG'
# Resource /endpoint
EndpointResource:
Type: AWS::ApiGateway::Resource
Properties:
ParentId:
Fn::GetAtt:
- ApiGatewayRestApi
- RootResourceId
PathPart: 'endpoint'
RestApiId:
Ref: ApiGatewayRestApi
# Resource /endpoint/{proxy+}
EndpointProxyPath:
Type: AWS::ApiGateway::Resource
Properties:
ParentId:
Ref: EndpointResource
PathPart: '{proxy+}'
RestApiId:
Ref: ApiGatewayRestApi
# Method ANY /endpoint/{proxy+}
EndpointProxyAnyMethod:
Type: AWS::ApiGateway::Method
Properties:
AuthorizationType: NONE
HttpMethod: ANY
Integration:
IntegrationHttpMethod: ANY
Type: HTTP_PROXY
Uri: http://endpoint.company.cool/{proxy}
PassthroughBehavior: WHEN_NO_MATCH
MethodResponses:
- StatusCode: 200
ResourceId:
Ref: EndpointProxyPath
RestApiId:
Ref: ApiGatewayRestApi
For the above configuration, I get this output. Apparently, the configuration registers no routes at all.
{
"statusCode":404,
"error":"Serverless-offline: route not found.",
"currentRoute":"get - /endpoint/ping",
"existingRoutes":[]
}
Related: I am also attempting to solve the same problem using aws-sam, at the following post - API Gateway HTTP Proxy integration with aws-sam (NOT Lambda Proxy)
By default serverless-offline doesn't parse your resources for endpoints, enable it via custom config.
custom:
serverless-offline:
resourceRoutes: true
Ends up serving:
Serverless: Routes defined in resources:
Serverless: ANY /endpoint/{proxy*} -> http://endpoint.company.cool/{proxy}
Serverless: Offline listening on http://localhost:3000
Documentation
How does one specify multiple schema with different ports? Specifically, I want to have HTTP on port 81 and HTTPS on port 444.
swagger: '2.0'
info:
version: 1.0.0
title: API for gateways
description: API for gateways to access server (port 81 for http and 444 for https)
schemes:
- http
- https
host: gateway.example.com:81
basePath: /1.0
paths:
This is possible in OpenAPI 3.0, but not in OpenAPI/Swagger 2.0.
openapi: 3.0.0
servers:
- url: 'http://gateway.example.com:81'
- url: 'https://gateway.example.com:444'