In [8]:
# TP Kong

Pour ce TP, nous allons utiliser une API assez simple et ouverte du gouvernement qui permet de récupérer tous les jours feriés.

Pour les besoins du TP vous pourrez réaliser vos requêtes HTTP via Curl de la manière suivante:

In [6]:
!curl -X 'GET' \
  'https://calendrier.api.gouv.fr/jours-feries/metropole.json' \
  -H 'accept: application/json'

curl: (3) URL using bad/illegal format or missing URL
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0curl: (6) Could not resolve host: application


ou via le package python requests comme ceci : 

In [7]:
import requests

headers = {
    'accept': 'application/json',
}

response = requests.get('https://calendrier.api.gouv.fr/jours-feries/metropole.json', headers=headers)
response.json()

{'2028-01-01': '1er janvier',
 '2028-04-17': 'Lundi de Pâques',
 '2028-05-01': '1er mai',
 '2028-05-08': '8 mai',
 '2028-05-25': 'Ascension',
 '2028-06-05': 'Lundi de Pentecôte',
 '2028-07-14': '14 juillet',
 '2028-08-15': 'Assomption',
 '2028-11-01': 'Toussaint',
 '2028-11-11': '11 novembre',
 '2028-12-25': 'Jour de Noël',
 '2027-01-01': '1er janvier',
 '2027-03-29': 'Lundi de Pâques',
 '2027-05-01': '1er mai',
 '2027-05-06': 'Ascension',
 '2027-05-08': '8 mai',
 '2027-05-17': 'Lundi de Pentecôte',
 '2027-07-14': '14 juillet',
 '2027-08-15': 'Assomption',
 '2027-11-01': 'Toussaint',
 '2027-11-11': '11 novembre',
 '2027-12-25': 'Jour de Noël',
 '2026-01-01': '1er janvier',
 '2026-04-06': 'Lundi de Pâques',
 '2026-05-01': '1er mai',
 '2026-05-08': '8 mai',
 '2026-05-14': 'Ascension',
 '2026-05-25': 'Lundi de Pentecôte',
 '2026-07-14': '14 juillet',
 '2026-08-15': 'Assomption',
 '2026-11-01': 'Toussaint',
 '2026-11-11': '11 novembre',
 '2026-12-25': 'Jour de Noël',
 '2025-01-01': '1er ja

## Configurer le service et la route 

### Le service 

#### Curl 

In [8]:
!curl -i -X POST \
  --url http://localhost:8001/services/ \
  --data 'name=jours-feries' \
  --data 'url=https://calendrier.api.gouv.fr'

HTTP/1.1 400 Bad Request
Date: Fri, 20 Oct 2023 12:23:01 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Length: 232
X-Kong-Admin-Latency: 8
Server: kong/3.4.2

{"code":2,"message":"3 schema violations ('name: unknown field; 'url: unknown field; host: required field missing)","fields":{"'name":"unknown field","host":"required field missing","'url":"unknown field"},"name":"schema violation"}


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   288  100   232  100    56  14916   3600 --:--:-- --:--:-- --:--:-- 19200


#### Requests 

In [9]:
import requests

data = {
  'name': 'jours-feries',
  'url': 'https://calendrier.api.gouv.fr'
}

response = requests.post('http://localhost:8001/services/', data=data)

### Une route

#### Curl 

In [10]:
!curl -i -X POST \
  --url http://localhost:8001/services/jours-feries/routes \
  --data 'hosts[]=calendrier.api.gouv.fr'

HTTP/1.1 400 Bad Request
Date: Fri, 20 Oct 2023 12:23:06 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Length: 325
X-Kong-Admin-Latency: 19
Server: kong/3.4.2

{"code":2,"message":"2 schema violations (must set one of 'methods', 'hosts', 'headers', 'paths', 'snis' when 'protocols' is 'https'; 'hosts: unknown field)","fields":{"'hosts":"unknown field","@entity":["must set one of 'methods', 'hosts', 'headers', 'paths', 'snis' when 'protocols' is 'https'"]},"name":"schema violation"}


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   357  100   325  100    32  11647   1146 --:--:-- --:--:-- --:--:-- 13222


#### Requests 

In [11]:
import requests

data = {
  'hosts[]': 'calendrier.api.gouv.fr'
}

response = requests.post('http://localhost:8001/services/jours-feries/routes', data=data)


### Récupérer les données via notre Interface Kong

#### Curl 

In [12]:
!curl -i -X GET \
  --url http://localhost:8000/jours-feries/metropole.json \
  --header 'Host: calendrier.api.gouv.fr'

HTTP/1.1 404 Not Found
Date: Fri, 20 Oct 2023 12:23:17 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Content-Length: 52
X-Kong-Response-Latency: 1
Server: kong/3.4.2

{
  "message":"no Route matched with those values"
}


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100    52  100    52    0     0   5894      0 --:--:-- --:--:-- --:--:--  6500
curl: (3) URL using bad/illegal format or missing URL


#### Requests 

In [13]:
import requests

headers = {
    'Host': 'calendrier.api.gouv.fr',
}

response = requests.get('http://localhost:8000/jours-feries/metropole.json', headers=headers)


## Sécuriser via API Key 

https://docs.konghq.com/hub/kong-inc/key-auth/

### Créer un consumer

#### Curl 

In [14]:
!curl -XPOST  -d  "username=esieeparis" http://localhost:8001/consumers/


{"custom_id":null,"tags":null,"id":"831f49a5-f8cb-400e-8792-a8145066259b","username":"esieeparis","created_at":1697804676,"updated_at":1697804676}


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   165  100   146  100    19   5273    686 --:--:-- --:--:-- --:--:--  6111


#### Requests 

In [15]:
import requests

data = {
  'username': 'esieeparis'
}

response = requests.post('http://localhost:8001/consumers/', data=data)

#### Curl 

In [18]:
!curl -X POST http://localhost:8001/consumers/esieeparis/key-auth

{"key":"L7g3XYuqxuoREUYZi5f0i17XYC12P1RT","consumer":{"id":"831f49a5-f8cb-400e-8792-a8145066259b"},"id":"e46661e3-2d74-4174-aed1-f764393489b2","tags":null,"created_at":1697804802,"ttl":null}


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   190  100   190    0     0   5695      0 --:--:-- --:--:-- --:--:--  5757


#### Requests 

In [20]:
import requests

response = requests.post('http://localhost:8001/consumers/esieeparis/key-auth')
json_data = response.json()
json_data

{'key': 'nXIOINs89pdIsfWZq7XESccjjkwhZPsg',
 'consumer': {'id': '831f49a5-f8cb-400e-8792-a8145066259b'},
 'id': '239d92ea-60de-40e2-b787-37eb2031fb12',
 'tags': None,
 'created_at': 1697805171,
 'ttl': None}

In [21]:
key = json_data["key"]

In [22]:
key

'nXIOINs89pdIsfWZq7XESccjjkwhZPsg'

### Configurer l'API Key sur la route

In [26]:
!curl -X GET http://localhost:8001/services

{"next":null,"data":[{"port":443,"client_certificate":null,"path":null,"connect_timeout":60000,"read_timeout":60000,"name":"jours-feries","host":"calendrier.api.gouv.fr","id":"e8e5fdd8-e041-46af-948a-4077090d519d","enabled":true,"retries":5,"tls_verify":null,"write_timeout":60000,"tls_verify_depth":null,"tags":null,"ca_certificates":null,"protocol":"https","created_at":1697804390,"updated_at":1697804390}]}


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   409  100   409    0     0  18012      0 --:--:-- --:--:-- --:--:-- 18590


In [27]:
SERVICE_ID = "e8e5fdd8-e041-46af-948a-4077090d519d"

In [28]:
!curl -X POST http://localhost:8001/services/e8e5fdd8-e041-46af-948a-4077090d519d/plugins \
    --data "name=key-auth"  \
    --data "config.key_names=apikey"

{"name":"key-auth","instance_name":null,"id":"7efb4d73-10d2-4566-93be-8abd22228a33","route":null,"service":{"id":"e8e5fdd8-e041-46af-948a-4077090d519d"},"enabled":true,"tags":null,"consumer":null,"config":{"key_in_query":true,"key_in_body":false,"anonymous":null,"run_on_preflight":true,"key_names":["apikey"],"hide_credentials":false,"key_in_header":true},"protocols":["grpc","grpcs","http","https"],"created_at":1697805616,"updated_at":1697805616}


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   486  100   449  100    37  16423   1353 --:--:-- --:--:-- --:--:-- 18000


#### Réaliser la requête avec l'apiKey

In [102]:
import requests

headers = {
    'Host': 'calendrier.api.gouv.fr',
    'apiKey' : "a false api key"
}

response = requests.get('http://localhost:8000/jours-feries/metropole.json', headers=headers)
response.json()

{'message': 'Invalid authentication credentials'}

In [29]:
import requests

headers = {
    'Host': 'calendrier.api.gouv.fr',
    'apiKey' : key
}

response = requests.get('http://localhost:8000/jours-feries/metropole.json', headers=headers)
response.json()

{'2028-01-01': '1er janvier',
 '2028-04-17': 'Lundi de Pâques',
 '2028-05-01': '1er mai',
 '2028-05-08': '8 mai',
 '2028-05-25': 'Ascension',
 '2028-06-05': 'Lundi de Pentecôte',
 '2028-07-14': '14 juillet',
 '2028-08-15': 'Assomption',
 '2028-11-01': 'Toussaint',
 '2028-11-11': '11 novembre',
 '2028-12-25': 'Jour de Noël',
 '2027-01-01': '1er janvier',
 '2027-03-29': 'Lundi de Pâques',
 '2027-05-01': '1er mai',
 '2027-05-06': 'Ascension',
 '2027-05-08': '8 mai',
 '2027-05-17': 'Lundi de Pentecôte',
 '2027-07-14': '14 juillet',
 '2027-08-15': 'Assomption',
 '2027-11-01': 'Toussaint',
 '2027-11-11': '11 novembre',
 '2027-12-25': 'Jour de Noël',
 '2026-01-01': '1er janvier',
 '2026-04-06': 'Lundi de Pâques',
 '2026-05-01': '1er mai',
 '2026-05-08': '8 mai',
 '2026-05-14': 'Ascension',
 '2026-05-25': 'Lundi de Pentecôte',
 '2026-07-14': '14 juillet',
 '2026-08-15': 'Assomption',
 '2026-11-01': 'Toussaint',
 '2026-11-11': '11 novembre',
 '2026-12-25': 'Jour de Noël',
 '2025-01-01': '1er ja

## Securiser via OIDC 

Créer un client dans Keycloak
1. Récupérer le nom du client
2. Settings/AccessType = bearer only
3. Onglet crédentials => Récupérer Secret

In [30]:
CLIENT_SECRETS = "831f49a5-f8cb-400e-8792-a8145066259b"

In [31]:
KEYCLOAK_HOST_IP="keycloak"
KEYCLOAK_PORT=8080
AUTH_URI = f"http://{KEYCLOAK_HOST_IP}:{KEYCLOAK_PORT}"

introspection_url = f'{AUTH_URI}/auth/realms/master/protocol/openid-connect/token/introspect'
discovery_url = f'{AUTH_URI}/auth/realms/master/.well-known/openid-configuration'


In [116]:
data = {
    'name': 'oidc',
    'config.client_id': 'kong',
    'config.client_secret': f'{CLIENT_SECRETS}',
    'config.realm': 'master',
    'config.bearer_only': 'true',
    'config.introspection_endpoint': introspection_url,
    'config.discovery': discovery_url
}

response = requests.post(f'http://localhost:8001/services/{SERVICE_ID}/plugins', data=data)

In [117]:
response.json()

{'created_at': 1630491017,
 'id': 'e5f75078-3822-4252-b1f3-0fdb60f4cb09',
 'tags': None,
 'enabled': True,
 'protocols': ['grpc', 'grpcs', 'http', 'https'],
 'name': 'oidc',
 'consumer': None,
 'service': {'id': 'ce6941e8-f461-4e3b-bdc3-843b5ab3030c'},
 'route': None,
 'config': {'response_type': 'code',
  'introspection_endpoint': 'http://keycloak:8080/auth/realms/master/protocol/openid-connect/token/introspect',
  'filters': None,
  'bearer_only': 'true',
  'ssl_verify': 'no',
  'session_secret': None,
  'introspection_endpoint_auth_method': None,
  'realm': 'master',
  'redirect_after_logout_uri': '/',
  'scope': 'openid',
  'token_endpoint_auth_method': 'client_secret_post',
  'logout_path': '/logout',
  'client_id': 'kong',
  'client_secret': '7c9fce0f-66d1-4eee-8dcf-3711cd5c5043',
  'discovery': 'http://keycloak:8080/auth/realms/master/.well-known/openid-configuration',
  'recovery_page_path': None,
  'redirect_uri_path': None}}

## Ajouter Rate limiting

https://docs.konghq.com/hub/kong-inc/rate-limiting/

In [32]:
!curl -X POST http://localhost:8001/services/e8e5fdd8-e041-46af-948a-4077090d519d/plugins \
    --data "name=rate-limiting"  \
    --data "config.second=5" \
    --data "config.hour=10000" \
    --data "config.policy=local"

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   832  100   760  100    72  22112   2094 --:--:-- --:--:-- --:--:-- 24470


{"name":"rate-limiting","instance_name":null,"id":"da9b04f3-bf18-461b-8696-1bb255421311","route":null,"service":{"id":"e8e5fdd8-e041-46af-948a-4077090d519d"},"enabled":true,"tags":null,"consumer":null,"config":{"second":5,"redis_ssl":false,"hour":10000,"day":null,"path":null,"redis_port":6379,"policy":"local","redis_username":null,"redis_ssl_verify":false,"fault_tolerant":true,"redis_server_name":null,"hide_client_headers":false,"redis_password":null,"redis_database":0,"redis_timeout":2000,"redis_host":null,"month":null,"limit_by":"consumer","error_code":429,"error_message":"API rate limit exceeded","header_name":null,"sync_rate":-1,"year":null,"minute":null},"protocols":["grpc","grpcs","http","https"],"created_at":1697806439,"updated_at":1697806439}


In [None]:
# Tests 

In [33]:
headers = {
    'Host': 'calendrier.api.gouv.fr',
    'apiKey' : key
}
for i in range(10):
    response = requests.get('http://localhost:8000/jours-feries/metropole.json', headers=headers)
    print(response.status_code)

200
200
200
200
200
200
200
429
429
429


## Ajouter une restriction d'IP 

https://docs.konghq.com/hub/kong-inc/ip-restriction/

#### Curl 

In [34]:
!curl -X POST http://localhost:8001/services/e8e5fdd8-e041-46af-948a-4077090d519d/plugins \
    --data "name=ip-restriction"  \
    --data "config.allow=82.210.36.251"

{"name":"ip-restriction","instance_name":null,"id":"2b2608e3-0149-4d43-ad85-cfbfcbfb053a","route":null,"service":{"id":"e8e5fdd8-e041-46af-948a-4077090d519d"},"enabled":true,"tags":null,"consumer":null,"config":{"allow":["82.210.36.251"],"message":null,"deny":null,"status":null},"protocols":["http","https","tcp","tls","grpc","grpcs"],"created_at":1697806527,"updated_at":1697806527}


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   430  100   384  100    46   9023   1080 --:--:-- --:--:-- --:--:-- 10238


#### Requests

In [35]:
import requests

data = {
  'name': 'ip-restriction',
  'config.allow': '82.210.36.251'
}

response = requests.post(f'http://localhost:8001/services/{SERVICE_ID}/plugins', data=data)


#### Tester

In [36]:
import requests

headers = {
    'Host': 'calendrier.api.gouv.fr',
    'apiKey' : key
}

response = requests.get('http://localhost:8000/jours-feries/metropole.json', headers=headers)
response.json()

{'message': 'IP address not allowed: 172.22.0.1'}

## Ajouter une gestion des CORS

In [37]:
!curl -X POST http://{HOST}:8001/services/61c5a40a-b533-412f-801d-6a964175f9f0/plugins \
    --data "name=cors"  \
    --data "config.origins=http://localhost:4200" \
    --data "config.methods=GET" \
    --data "config.methods=POST" \
    --data "config.headers=Accept" \
    --data "config.headers=Accept-Version" \
    --data "config.headers=Content-Length" \
    --data "config.headers=Content-MD5" \
    --data "config.headers=Content-Type" \
    --data "config.headers=Date" \
    --data "config.headers=X-Auth-Token" \
    --data "config.exposed_headers=X-Auth-Token" \7BHOST
    --data "config.credentials=true" \
    --data "config.max_age=3600" \
    --data "config.preflight_continue=false"

IndentationError: unexpected indent (522621646.py, line 2)

#### Requests 

In [76]:
import requests

data = [
  ('name', 'cors'),
  ('config.origins', 'http://localhost:4200'),
  ('config.methods', 'GET'),
  ('config.methods', 'POST'),
  ('config.headers', 'Accept'),
  ('config.headers', 'Accept-Version'),
  ('config.headers', 'Content-Length'),
  ('config.headers', 'Content-MD5'),
  ('config.headers', 'Content-Type'),
  ('config.headers', 'Date'),
  ('config.headers', 'X-Auth-Token'),
  ('config.exposed_headers', 'X-Auth-Token'),
  ('config.credentials', 'true'),
  ('config.max_age', '3600'),
  ('config.preflight_continue', 'false'),
]

response = requests.post(f'http://localhost:8001/services/{SERVICE_ID}/plugins', data=data)
response.json()

{'created_at': 1630488696,
 'id': '8eb0c4fe-566b-419c-b25a-de658a14ba53',
 'tags': None,
 'enabled': True,
 'protocols': ['grpc', 'grpcs', 'http', 'https'],
 'name': 'cors',
 'consumer': None,
 'service': {'id': '61c5a40a-b533-412f-801d-6a964175f9f0'},
 'route': None,
 'config': {'methods': ['GET', 'POST'],
  'exposed_headers': ['X-Auth-Token'],
  'max_age': 3600,
  'headers': ['Accept',
   'Accept-Version',
   'Content-Length',
   'Content-MD5',
   'Content-Type',
   'Date',
   'X-Auth-Token'],
  'origins': ['http://localhost:4200'],
  'credentials': True,
  'preflight_continue': False}}

### Supprimer un plugin

#### Trouver son ID

In [72]:
response = requests.get('http://localhost:8001/plugins')
response.json()

{'next': None,
 'data': [{'created_at': 1630488090,
   'id': 'bbc7865c-f4a0-45c5-a7a3-5ecea128b6cd',
   'tags': None,
   'enabled': True,
   'protocols': ['grpc', 'grpcs', 'http', 'https'],
   'name': 'rate-limiting',
   'consumer': None,
   'service': {'id': '61c5a40a-b533-412f-801d-6a964175f9f0'},
   'route': None,
   'config': {'minute': None,
    'redis_host': None,
    'redis_timeout': 2000,
    'limit_by': 'consumer',
    'hour': 10000,
    'policy': 'local',
    'month': None,
    'redis_password': None,
    'second': 5,
    'day': None,
    'hide_client_headers': False,
    'path': None,
    'redis_database': 0,
    'year': None,
    'redis_port': 6379,
    'header_name': None,
    'fault_tolerant': True}},
  {'created_at': 1630487929,
   'id': 'f044f28e-09f3-4672-b74e-401b4258a113',
   'tags': None,
   'enabled': True,
   'protocols': ['grpc', 'grpcs', 'http', 'https'],
   'name': 'key-auth',
   'consumer': None,
   'service': {'id': '61c5a40a-b533-412f-801d-6a964175f9f0'},
  

In [71]:
response = requests.delete('http://localhost:8001/plugins/6aab662b-5c79-4dcc-8f75-b26425ca391e')
response

<Response [204]>

# A vous de jouer 

1. Réaliser les mêmes opérations pour votre API.
2. Créer un fichier de provision vous permettant d'exécuter ces commandes facilement pour la configuration de votre application.