-
Notifications
You must be signed in to change notification settings - Fork 11
Configure Bindaas with Kong as Authentication Provider
You may disable the authentication of Bindaas in favor of leveraging an authentication mechanism provided by an external authentication provider such as an API gateway. Configure bin/bindaas.config.json as below:
"enableAuthentication": false,
When using an API gateway such as Kong, the apikey in the below query will rather be validated by the API gateway external to Bindaas, and not be Bindaas itself.
curl http://localhost:9099/services/test/mongo/query/find?apikey=4n6UBle6Jx5EpvvbqbASzD93pgjEZ6AM
Please note that kong uses the parameter "apikey" unlike Bindaas which uses "api_key". This parameter can differ between the different API gateways and authentication providers. Be aware.
Here we will look into configuring Kong using its Docker container as the authentication provider for Bindaas. This document uses Kong version 0.14.0-alpine, which is the current latest version of Kong.
You have 2 choices.
Download and install from the repository - https://docs.konghq.com/install/osx/?_ga=2.92884957.1927372678.1533053872-2008063826.1531747033
Configure with Postgres:
$ psql -U postgres
postgres=# CREATE USER kong; CREATE DATABASE kong OWNER kong;
Run the Kong migrations:
$ kong migrations up
Start Kong
$ kong start
You may choose to start with verbose logs:
$ kong start -vv
You may need to create a kong configuration file to load Kong with custom configurations:
$ sudo mkdir /etc/kong
$ sudo touch /etc/kong/kong.conf
Now your Kong is running. Confirm that by,
$ curl -i http://localhost:8001/
This will install and configure Kong with Postgres in a container.
$ git clone https://github.com/pradeeban/kong-ldap
$ cd kong-ldap
$ sh buildRun.sh
First, (optionally) start the Konga dashboard:
More information: https://github.com/pantsel/konga
$ curl http://localhost:9099/services/test/mongo/query/find
[{ "item" : "bulk" , "qty" : 1100.0},{ "item" : "bulk" , "qty" : 1100.0},{ "item" : "bulk" , "qty" : 1100.0 , "nu" : 1.0}]
Please note the Kong Admin API consist of the HTTP port of 8001 where the user API consists of the port 8000.
To create something using the Admin API, we will use the port 8001, whereas we use the port 8000 to use something already created.
Here we use the base configuration of TCIA services: http://172.20.11.223:9099/services/v4
$ curl -i -X POST --url http://localhost:8001/services/ --data 'name=contentsByName' --data 'url=http://172.20.11.223:9099/services/v4/SharedList/query/ContentsByName/'
$ curl -i -X POST --url http://localhost:8001/services/contentsByName/routes --data 'paths=/radiology/getSharedList'
$ curl -i -X POST --url http://localhost:8001/services/ --data 'name=radiology' --data 'url=http://172.20.11.223:9099/services/v4/TCIA/query/'
$ curl -i -X POST --url http://localhost:8001/services/radiology/routes --data 'paths=/radiology'
Now, access your TCIA services directly,
$ curl http://172.20.11.223:9099/services/v4/SharedList/query/ContentsByName?name=test
as well as via Kong,
$ curl http://172.20.11.222:8000/radiology/getSharedList/?name=test
[{"SERIES_INSTANCE_UID":"1.3.6.1.4.1.9328.50.50.131638054339500252579667761647125855321"},{"SERIES_INSTANCE_UID":"1.3.6.1.4.1.14519.5.2.1.5099.8010.309478555369641943686270918660"}]
http://172.20.11.222:8000/radiology/getImage ⟿ http://172.20.11.223:9099/services/v4/TCIA/query/getImage
The below approach is the default approach followed in the Kong documentation, although it is not straightforward as using the paths as shown above.
$ curl -i -X POST --url http://localhost:8001/services/ --data 'name=find-service' --data 'url=http://localhost:9099/services/test/mongo/query/find'
or if you are using Kong in a Docker container:
$ curl -i -X POST --url http://localhost:8001/services/ --data 'name=find-service' --data 'url=http://docker.for.mac.host.internal:9099/services/test/mongo/query/find'
HTTP/1.1 201 Created Date: Wed, 01 Aug 2018 16:04:04 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Access-Control-Allow-Origin: * Server: kong/0.14.0 Content-Length: 309
{"host":"docker.for.mac.host.internal","created_at":1533139444,"connect_timeout":60000,"id":"a2678cff-b63a-4416-a4e4-1a60b1084a4c","protocol":"http","name":"find-service","read_timeout":60000,"port":9099,"path":"/services/test/mongo/query/find","updated_at":1533139444,"retries":5,"write_timeout":60000}
Note that above we are using docker.for.mac.host.internal since we are accessing localhost in the host (we are in using Docker for Mac), from the docker container of Kong.
$ curl -i -X POST --url http://localhost:8001/services/find-service/routes --data 'hosts[]=find-service.com'
HTTP/1.1 201 Created Date: Wed, 01 Aug 2018 16:04:22 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Access-Control-Allow-Origin: * Server: kong/0.14.0 Content-Length: 295
{"created_at":1533139462,"strip_path":true,"hosts":["find-service.com"],"preserve_host":false,"regex_priority":0,"updated_at":1533139462,"paths":null,"service":{"id":"a2678cff-b63a-4416-a4e4-1a60b1084a4c"},"methods":null,"protocols":["http","https"],"id":"6fb0a141-5a99-4329-b600-f29d0635f706"}
$ curl -i -X GET --url http://localhost:8000/ --header 'Host: find-service.com'
HTTP/1.1 200 OK Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Bindaas-version: 3.0.6 Date: Tue, 31 Jul 2018 20:00:37 GMT metadata: {} responseTime: 1 tags: [] Vendor: CCI Emory University Server: Jetty(8.1.7.v20120910) X-Kong-Upstream-Latency: 6 X-Kong-Proxy-Latency: 52 Via: kong/0.14.0
[{ "item" : "bulk" , "qty" : 1100.0},{ "item" : "bulk" , "qty" : 1100.0},{ "item" : "bulk" , "qty" : 1100.0 , "nu" : 1.0}]
You have two options.