In [8]:
# TP Kong

Pour ce TP, nous allons utiliser une API assez simple et ouverte du gouvernement qui permet de récupérer tous les jours feriés.

Pour les besoins du TP vous pourrez réaliser vos requêtes HTTP via Curl de la manière suivante:

In [1]:
!curl -X 'GET' \
  'https://calendrier.api.gouv.fr/jours-feries/metropole.json' \
  -H 'accept: application/json'

{"2025-01-01": "1er janvier", "2025-04-21": "Lundi de Pâques", "2025-05-01": "1er mai", "2025-05-08": "8 mai", "2025-05-29": "Ascension", "2025-06-09": "Lundi de Pentecôte", "2025-07-14": "14 juillet", "2025-08-15": "Assomption", "2025-11-01": "Toussaint", "2025-11-11": "11 novembre", "2025-12-25": "Jour de Noël", "2024-01-01": "1er janvier", "2024-04-01": "Lundi de Pâques", "2024-05-01": "1er mai", "2024-05-08": "8 mai", "2024-05-09": "Ascension", "2024-05-20": "Lundi de Pentecôte", "2024-07-14": "14 juillet", "2024-08-15": "Assomption", "2024-11-01": "Toussaint", "2024-11-11": "11 novembre", "2024-12-25": "Jour de Noël", "2023-01-01": "1er janvier", "2023-04-10": "Lundi de Pâques", "2023-05-01": "1er mai", "2023-05-08": "8 mai", "2023-05-18": "Ascension", "2023-05-29": "Lundi de Pentecôte", "2023-07-14": "14 juillet", "2023-08-15": "Assomption", "2023-11-01": "Toussaint", "2023-11-11": "11 novembre", "2023-12-25": "Jour de Noël", "2022-01-01": "1er janvier", "2022-04-18": "Lundi de P

ou via le package python requests comme ceci : 

In [None]:
import requests

headers = {
    'accept': 'application/json',
}

response = requests.get('https://calendrier.api.gouv.fr/jours-feries/metropole.json', headers=headers)
response.json()

## Configurer le service et la route 

### Le service 

#### Curl 

In [3]:
!curl -i -X POST \
  --url http://localhost:8001/services/ \
  --data 'name=jours-feries' \
  --data 'url=https://calendrier.api.gouv.fr'

curl: (7) Failed to connect to localhost port 8001: Connection refused


#### Requests 

In [84]:
import requests

data = {
  'name': 'jours-feries',
  'url': 'https://calendrier.api.gouv.fr'
}

response = requests.post('http://localhost:8001/services/', data=data)

### Une route

#### Curl 

In [85]:
!curl -i -X POST \
  --url http://localhost:8001/services/jours-feries/routes \
  --data 'hosts[]=calendrier.api.gouv.fr'

HTTP/1.1 201 Created

[1mDate[0m: Wed, 01 Sep 2021 09:57:14 GMT

[1mContent-Type[0m: application/json; charset=utf-8

[1mConnection[0m: keep-alive

[1mAccess-Control-Allow-Origin[0m: *

[1mContent-Length[0m: 491

[1mX-Kong-Admin-Latency[0m: 146

[1mServer[0m: kong/2.3.0



{"id":"13250fdf-d9d8-4a3e-bfcb-2eb046c507dd","tags":null,"paths":null,"destinations":null,"headers":null,"protocols":["http","https"],"strip_path":true,"created_at":1630490234,"request_buffering":true,"hosts":["calendrier.api.gouv.fr"],"name":null,"updated_at":1630490234,"snis":null,"preserve_host":false,"regex_priority":0,"methods":null,"sources":null,"response_buffering":true,"https_redirect_status_code":426,"path_handling":"v0","service":{"id":"ce6941e8-f461-4e3b-bdc3-843b5ab3030c"}}

#### Requests 

In [86]:
import requests

data = {
  'hosts[]': 'calendrier.api.gouv.fr'
}

response = requests.post('http://localhost:8001/services/jours-feries/routes', data=data)


### Récupérer les données via notre Interface Kong

#### Curl 

In [87]:
!curl -i -X GET \
  --url http://localhost:8000/jours-feries/metropole.json \
  --header 'Host: calendrier.api.gouv.fr'

HTTP/1.1 200 OK

[1mContent-Type[0m: application/json; charset=utf-8

[1mContent-Length[0m: 8243

[1mConnection[0m: keep-alive

[1mServer[0m: GitHub.com

[1mLast-Modified[0m: Thu, 12 Nov 2020 14:33:38 GMT

[1mAccess-Control-Allow-Origin[0m: *

[1mETag[0m: "5fad47c2-2033"

[1mexpires[0m: Wed, 01 Sep 2021 08:35:54 GMT

[1mCache-Control[0m: max-age=600

[1mx-proxy-cache[0m: MISS

[1mX-GitHub-Request-Id[0m: 7CEA:10E32:201CEE9:2141D19:612F3912

[1mAccept-Ranges[0m: bytes

[1mDate[0m: Wed, 01 Sep 2021 09:57:16 GMT

[1mVia[0m: kong/2.3.0

[1mAge[0m: 0

[1mX-Served-By[0m: cache-hhn4026-HHN

[1mX-Cache[0m: HIT

[1mX-Cache-Hits[0m: 1

[1mX-Timer[0m: S1630490236.460762,VS0,VE85

[1mVary[0m: Accept-Encoding

[1mX-Fastly-Request-ID[0m: 07e8d2b58532a95e035b48a78a5dd16bf166fe88

[1mX-Kong-Upstream-Latency[0m: 157

[1mX-Kong-Proxy-Latency[0m: 37



{"2025-01-01": "1er janvier", "2025-04-21": "Lundi de Pâque

#### Requests 

In [88]:
import requests

headers = {
    'Host': 'calendrier.api.gouv.fr',
}

response = requests.get('http://localhost:8000/jours-feries/metropole.json', headers=headers)


## Sécuriser via API Key 

https://docs.konghq.com/hub/kong-inc/key-auth/

### Créer un consumer

#### Curl 

In [89]:
!curl -XPOST  -d  "username=esieeparis" http://localhost:8001/consumers/


{"custom_id":null,"created_at":1630490238,"id":"2ede6746-ff1a-4f77-8e86-3d828e029128","tags":null,"username":"esieeparis"}

#### Requests 

In [90]:
import requests

data = {
  'username': 'esieeparis'
}

response = requests.post('http://localhost:8001/consumers/', data=data)

#### Curl 

In [92]:
!curl -X POST http://localhost:8001/consumers/esieeparis/key-auth

{"created_at":1630490246,"id":"5a044a45-8091-464b-b0e9-9e67a0d72b48","tags":null,"ttl":null,"key":"Ggp00VFzHIMccKdy58jiC8AjCswS807V","consumer":{"id":"2ede6746-ff1a-4f77-8e86-3d828e029128"}}

In [94]:
key = "Ggp00VFzHIMccKdy58jiC8AjCswS807V"

#### Requests 

In [96]:
import requests

response = requests.post('http://localhost:8001/consumers/esieeparis/key-auth')
json_data = response.json()
json_data

{'created_at': 1630490260,
 'id': '17be9921-6063-47b0-b752-9d5b247dd79c',
 'tags': None,
 'ttl': None,
 'key': 'erQAY3ytaNkcaApT20Wu4pithMYZXcyA',
 'consumer': {'id': '2ede6746-ff1a-4f77-8e86-3d828e029128'}}

In [97]:
key = json_data["key"]

In [98]:
key

'erQAY3ytaNkcaApT20Wu4pithMYZXcyA'

### Configurer l'API Key sur la route

In [99]:
!curl -X GET http://localhost:8001/services


{"next":null,"data":[{"host":"calendrier.api.gouv.fr","id":"ce6941e8-f461-4e3b-bdc3-843b5ab3030c","protocol":"https","read_timeout":60000,"tls_verify_depth":null,"port":443,"updated_at":1630490231,"ca_certificates":null,"created_at":1630490231,"connect_timeout":60000,"write_timeout":60000,"name":"jours-feries","retries":5,"path":null,"tls_verify":null,"tags":null,"client_certificate":null}]}

In [100]:
SERVICE_ID = "ce6941e8-f461-4e3b-bdc3-843b5ab3030c"

In [101]:
!curl -X POST http://localhost:8001/services/ce6941e8-f461-4e3b-bdc3-843b5ab3030c/plugins \
    --data "name=key-auth"  \
    --data "config.key_names=apikey"

{"created_at":1630490288,"id":"ba29cfbc-5f22-4549-8d2b-0ee4864f43e1","tags":null,"enabled":true,"protocols":["grpc","grpcs","http","https"],"name":"key-auth","consumer":null,"service":{"id":"ce6941e8-f461-4e3b-bdc3-843b5ab3030c"},"route":null,"config":{"key_in_query":true,"key_names":["apikey"],"key_in_header":true,"run_on_preflight":true,"anonymous":null,"hide_credentials":false,"key_in_body":false}}

#### Réaliser la requête avec l'apiKey

In [102]:
import requests

headers = {
    'Host': 'calendrier.api.gouv.fr',
    'apiKey' : "a false api key"
}

response = requests.get('http://localhost:8000/jours-feries/metropole.json', headers=headers)
response.json()

{'message': 'Invalid authentication credentials'}

In [103]:
import requests

headers = {
    'Host': 'calendrier.api.gouv.fr',
    'apiKey' : key
}

response = requests.get('http://localhost:8000/jours-feries/metropole.json', headers=headers)
response.json()

{'2025-01-01': '1er janvier',
 '2025-04-21': 'Lundi de Pâques',
 '2025-05-01': '1er mai',
 '2025-05-08': '8 mai',
 '2025-05-29': 'Ascension',
 '2025-06-09': 'Lundi de Pentecôte',
 '2025-07-14': '14 juillet',
 '2025-08-15': 'Assomption',
 '2025-11-01': 'Toussaint',
 '2025-11-11': '11 novembre',
 '2025-12-25': 'Jour de Noël',
 '2024-01-01': '1er janvier',
 '2024-04-01': 'Lundi de Pâques',
 '2024-05-01': '1er mai',
 '2024-05-08': '8 mai',
 '2024-05-09': 'Ascension',
 '2024-05-20': 'Lundi de Pentecôte',
 '2024-07-14': '14 juillet',
 '2024-08-15': 'Assomption',
 '2024-11-01': 'Toussaint',
 '2024-11-11': '11 novembre',
 '2024-12-25': 'Jour de Noël',
 '2023-01-01': '1er janvier',
 '2023-04-10': 'Lundi de Pâques',
 '2023-05-01': '1er mai',
 '2023-05-08': '8 mai',
 '2023-05-18': 'Ascension',
 '2023-05-29': 'Lundi de Pentecôte',
 '2023-07-14': '14 juillet',
 '2023-08-15': 'Assomption',
 '2023-11-01': 'Toussaint',
 '2023-11-11': '11 novembre',
 '2023-12-25': 'Jour de Noël',
 '2022-01-01': '1er ja

## Securiser via OIDC 

Créer un client dans Keycloak
1. Récupérer le nom du client
2. Settings/AccessType = bearer only
3. Onglet crédentials => Récupérer Secret

In [114]:
CLIENT_SECRETS = "7c9fce0f-66d1-4eee-8dcf-3711cd5c5043"

In [115]:
KEYCLOAK_HOST_IP="keycloak"
KEYCLOAK_PORT=8080
AUTH_URI = f"http://{KEYCLOAK_HOST_IP}:{KEYCLOAK_PORT}"

introspection_url = f'{AUTH_URI}/auth/realms/master/protocol/openid-connect/token/introspect'
discovery_url = f'{AUTH_URI}/auth/realms/master/.well-known/openid-configuration'


In [116]:
data = {
    'name': 'oidc',
    'config.client_id': 'kong',
    'config.client_secret': f'{CLIENT_SECRETS}',
    'config.realm': 'master',
    'config.bearer_only': 'true',
    'config.introspection_endpoint': introspection_url,
    'config.discovery': discovery_url
}

response = requests.post(f'http://localhost:8001/services/{SERVICE_ID}/plugins', data=data)

In [117]:
response.json()

{'created_at': 1630491017,
 'id': 'e5f75078-3822-4252-b1f3-0fdb60f4cb09',
 'tags': None,
 'enabled': True,
 'protocols': ['grpc', 'grpcs', 'http', 'https'],
 'name': 'oidc',
 'consumer': None,
 'service': {'id': 'ce6941e8-f461-4e3b-bdc3-843b5ab3030c'},
 'route': None,
 'config': {'response_type': 'code',
  'introspection_endpoint': 'http://keycloak:8080/auth/realms/master/protocol/openid-connect/token/introspect',
  'filters': None,
  'bearer_only': 'true',
  'ssl_verify': 'no',
  'session_secret': None,
  'introspection_endpoint_auth_method': None,
  'realm': 'master',
  'redirect_after_logout_uri': '/',
  'scope': 'openid',
  'token_endpoint_auth_method': 'client_secret_post',
  'logout_path': '/logout',
  'client_id': 'kong',
  'client_secret': '7c9fce0f-66d1-4eee-8dcf-3711cd5c5043',
  'discovery': 'http://keycloak:8080/auth/realms/master/.well-known/openid-configuration',
  'recovery_page_path': None,
  'redirect_uri_path': None}}

## Ajouter Rate limiting

https://docs.konghq.com/hub/kong-inc/rate-limiting/

In [58]:
!curl -X POST http://localhost:8001/services/61c5a40a-b533-412f-801d-6a964175f9f0/plugins \
    --data "name=rate-limiting"  \
    --data "config.second=5" \
    --data "config.hour=10000" \
    --data "config.policy=local"

{"message":"UNIQUE violation detected on '{consumer=null,name=\"rate-limiting\",route=null,service={id=\"61c5a40a-b533-412f-801d-6a964175f9f0\"}}'","name":"unique constraint violation","fields":{"service":{"id":"61c5a40a-b533-412f-801d-6a964175f9f0"},"name":"rate-limiting","route":null,"consumer":null},"code":5}

In [None]:
# Tests 

In [60]:
headers = {
    'Host': 'calendrier.api.gouv.fr',
    'apiKey' : key
}
for i in range(10):
    response = requests.get('http://localhost:8000/jours-feries/metropole.json', headers=headers)
    print(response.status_code)

200
200
200
200
200
429
429
429
429
429


## Ajouter une restriction d'IP 

https://docs.konghq.com/hub/kong-inc/ip-restriction/

#### Curl 

In [63]:
!curl -X POST http://localhost:8001/services/61c5a40a-b533-412f-801d-6a964175f9f0/plugins \
    --data "name=ip-restriction"  \
    --data "config.allow=82.210.36.251"

{"created_at":1630488374,"id":"6aab662b-5c79-4dcc-8f75-b26425ca391e","tags":null,"enabled":true,"protocols":["grpc","grpcs","http","https"],"name":"ip-restriction","consumer":null,"service":{"id":"61c5a40a-b533-412f-801d-6a964175f9f0"},"route":null,"config":{"allow":["82.210.36.251"],"deny":null}}

#### Requests

In [None]:
import requests

data = {
  'name': 'ip-restriction',
  'config.allow': '82.210.36.251'
}

response = requests.post(f'http://localhost:8001/services/{SERVICE_ID}/plugins', data=data)


#### Tester

In [73]:
import requests

headers = {
    'Host': 'calendrier.api.gouv.fr',
    'apiKey' : key
}

response = requests.get('http://localhost:8000/jours-feries/metropole.json', headers=headers)
response.json()

{'2025-01-01': '1er janvier',
 '2025-04-21': 'Lundi de Pâques',
 '2025-05-01': '1er mai',
 '2025-05-08': '8 mai',
 '2025-05-29': 'Ascension',
 '2025-06-09': 'Lundi de Pentecôte',
 '2025-07-14': '14 juillet',
 '2025-08-15': 'Assomption',
 '2025-11-01': 'Toussaint',
 '2025-11-11': '11 novembre',
 '2025-12-25': 'Jour de Noël',
 '2024-01-01': '1er janvier',
 '2024-04-01': 'Lundi de Pâques',
 '2024-05-01': '1er mai',
 '2024-05-08': '8 mai',
 '2024-05-09': 'Ascension',
 '2024-05-20': 'Lundi de Pentecôte',
 '2024-07-14': '14 juillet',
 '2024-08-15': 'Assomption',
 '2024-11-01': 'Toussaint',
 '2024-11-11': '11 novembre',
 '2024-12-25': 'Jour de Noël',
 '2023-01-01': '1er janvier',
 '2023-04-10': 'Lundi de Pâques',
 '2023-05-01': '1er mai',
 '2023-05-08': '8 mai',
 '2023-05-18': 'Ascension',
 '2023-05-29': 'Lundi de Pentecôte',
 '2023-07-14': '14 juillet',
 '2023-08-15': 'Assomption',
 '2023-11-01': 'Toussaint',
 '2023-11-11': '11 novembre',
 '2023-12-25': 'Jour de Noël',
 '2022-01-01': '1er ja

## Ajouter une gestion des CORS

In [None]:
!curl -X POST http://{HOST}:8001/services/61c5a40a-b533-412f-801d-6a964175f9f0/plugins \
    --data "name=cors"  \
    --data "config.origins=http://localhost:4200" \
    --data "config.methods=GET" \
    --data "config.methods=POST" \
    --data "config.headers=Accept" \
    --data "config.headers=Accept-Version" \
    --data "config.headers=Content-Length" \
    --data "config.headers=Content-MD5" \
    --data "config.headers=Content-Type" \
    --data "config.headers=Date" \
    --data "config.headers=X-Auth-Token" \
    --data "config.exposed_headers=X-Auth-Token" \7BHOST
    --data "config.credentials=true" \
    --data "config.max_age=3600" \
    --data "config.preflight_continue=false"

#### Requests 

In [76]:
import requests

data = [
  ('name', 'cors'),
  ('config.origins', 'http://localhost:4200'),
  ('config.methods', 'GET'),
  ('config.methods', 'POST'),
  ('config.headers', 'Accept'),
  ('config.headers', 'Accept-Version'),
  ('config.headers', 'Content-Length'),
  ('config.headers', 'Content-MD5'),
  ('config.headers', 'Content-Type'),
  ('config.headers', 'Date'),
  ('config.headers', 'X-Auth-Token'),
  ('config.exposed_headers', 'X-Auth-Token'),
  ('config.credentials', 'true'),
  ('config.max_age', '3600'),
  ('config.preflight_continue', 'false'),
]

response = requests.post(f'http://localhost:8001/services/{SERVICE_ID}/plugins', data=data)
response.json()

{'created_at': 1630488696,
 'id': '8eb0c4fe-566b-419c-b25a-de658a14ba53',
 'tags': None,
 'enabled': True,
 'protocols': ['grpc', 'grpcs', 'http', 'https'],
 'name': 'cors',
 'consumer': None,
 'service': {'id': '61c5a40a-b533-412f-801d-6a964175f9f0'},
 'route': None,
 'config': {'methods': ['GET', 'POST'],
  'exposed_headers': ['X-Auth-Token'],
  'max_age': 3600,
  'headers': ['Accept',
   'Accept-Version',
   'Content-Length',
   'Content-MD5',
   'Content-Type',
   'Date',
   'X-Auth-Token'],
  'origins': ['http://localhost:4200'],
  'credentials': True,
  'preflight_continue': False}}

### Supprimer un plugin

#### Trouver son ID

In [72]:
response = requests.get('http://localhost:8001/plugins')
response.json()

{'next': None,
 'data': [{'created_at': 1630488090,
   'id': 'bbc7865c-f4a0-45c5-a7a3-5ecea128b6cd',
   'tags': None,
   'enabled': True,
   'protocols': ['grpc', 'grpcs', 'http', 'https'],
   'name': 'rate-limiting',
   'consumer': None,
   'service': {'id': '61c5a40a-b533-412f-801d-6a964175f9f0'},
   'route': None,
   'config': {'minute': None,
    'redis_host': None,
    'redis_timeout': 2000,
    'limit_by': 'consumer',
    'hour': 10000,
    'policy': 'local',
    'month': None,
    'redis_password': None,
    'second': 5,
    'day': None,
    'hide_client_headers': False,
    'path': None,
    'redis_database': 0,
    'year': None,
    'redis_port': 6379,
    'header_name': None,
    'fault_tolerant': True}},
  {'created_at': 1630487929,
   'id': 'f044f28e-09f3-4672-b74e-401b4258a113',
   'tags': None,
   'enabled': True,
   'protocols': ['grpc', 'grpcs', 'http', 'https'],
   'name': 'key-auth',
   'consumer': None,
   'service': {'id': '61c5a40a-b533-412f-801d-6a964175f9f0'},
  

In [71]:
response = requests.delete('http://localhost:8001/plugins/6aab662b-5c79-4dcc-8f75-b26425ca391e')
response

<Response [204]>

# A vous de jouer 

1. Réaliser les mêmes opérations pour votre API.
2. Créer un fichier de provision vous permettant d'exécuter ces commandes facilement pour la configuration de votre application.