topic Re: Getting "Unauthorised" response from API - querying KV Store in Security

Getting "Unauthorised" response from API - querying KV Store

himynamesdave — Mon, 27 Apr 2015 11:51:47 GMT

Happy Monday everyone!

I am trying to query collections in my app using the API like so (note, I am using a different password for admin):

curl -k -u admin:changeme "https://0.0.0.0:8089/servicesNS/nobody/MYAPP/storage/collections/config"

I get the following response.

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="ERROR">Unauthorized</msg>
  </messages>
</response>

I am using admin account which has read and write permissions for MYAPP.

UPDATE: I think this may be an API permission issue to MYAPP. So, if I run the same query on the search app (without any collections created) I get a valid response, i.e:

curl -k -u admin:changeme "https://0.0.0.0:8089/servicesNS/nobody/search/storage/collections/config"

As soon as I create a collection in the search app, I then get the unauthorised response again. Argh!

Then I thought it my be an issue running it as nobody, or admin on the collections. So I explicitly set owner=nobody in MYAPP/metadata/local for each collection. Still fail.

UPDATE: my collections.conf is very basic

[myfirstcollection]

[mysecondcollection]

In transforms I use these for a lookup for searching:

[kvstore_myfirst_lookup]
external_type = kvstore
collection = myfirstcollection
fields_list = _key, firstKV

[kvstore_second_lookup]
external_type = kvstore
collection = mysecondcollection
fields_list = _key, secondKV

I cannot find what permissions I need to set in my app to make this work 😞

Any ideas?

Re: Getting "Unauthorised" response from API - querying KV Store

n00badmin — Mon, 27 Apr 2015 12:07:58 GMT

make sure you escape special chars in your password!!!

for example:

admin:P@ssword$

this password would need a backslash in front of the @ and $

Re: Getting "Unauthorised" response from API - querying KV Store

himynamesdave — Mon, 27 Apr 2015 16:25:24 GMT

Valid point - however can confirm this is not the issue here. The password has only alpha-numeric chars

Re: Getting "Unauthorised" response from API - querying KV Store

Damien_Dallimor — Tue, 28 Apr 2015 01:43:47 GMT

what does your collections.conf look like ?

Re: Getting "Unauthorised" response from API - querying KV Store

himynamesdave — Tue, 28 Apr 2015 07:38:37 GMT

I've added an update to the Q to include collections / transforms.conf info

Re: Getting "Unauthorised" response from API - querying KV Store

himynamesdave — Tue, 28 Apr 2015 19:57:45 GMT

I didn't manage to solve why that endpoint returned the "unauth" response, but for those who stumble upon this question with the same issue I did find a workaround that may be useful.

For my use-case I did not really need a list of all collections, as the endpoint (/servicesNS/nobody/MYAPP/storage/collections/config) gives.

What I needed was to print the contents of the collection. I could do this, by querying a different endpoint like so:

curl -k -u admin:changeme https://0.0.0.0:8089/servicesNS/nobody/MYAPP/storage/collections/data/MYCOLLECTION