Kong to Kong Data Migration & Kong Consumer Credential Migration

To setup a new kong and migrate data from old kong to new kong.

  1. Setup new kong .
  2. Take Snapshot from konga from old kong
  3. import the konga snapshot to new kong for routes, service, consumer, plugins, upstreams and targets etc.,

Issue :

Since Consumer Password is encrypted by sha1 algorithm by customer id as salt, the konga snapshot will not be migrated properly the credentials of the consumer.

So in order to properly migrate the consumer, kindly follow the steps:

  1. Even though consumer password will be different between two kongs, the consumer id and username will be same in both.
  2. We need to login to cassandra db console using cqlsh on old kongโ€™s cassandra and get the encoded password and consumer id of all username from the basic_auth_credentails table in kong database.
  3. Now we need to get the id of all rows of the respective username in new kong cassandra db, as the update query only works with primary key which is id column, not consumer_id or any other columns
  4. Once we get the password of all username from basic_auth_credentails table along with username and consumer_id and id of new kong cassandra db of the all username, we form a query to update new password with id on where condition which is respective to the corresponding consumer_id and username.
  5. Once we formed all the queries, then we need to execute all the queries.

Queries :

To get the details from old Kong db.

select consumer_id, username, password from basicauth_credentials

To get the id of all corresponding usernames on the new Kong db.

select id from basicauth_credentials where consumer_id=โ€™consumer_idsโ€™ and username=โ€™usernamesโ€™

To update the correct credentials in the new Kong Cassandra DB.

update basicauth_credentials set password=โ€™fetched-password-respective of consumerโ€™ where id=โ€™idโ€™

Rest apiโ€™s for creating and updating consumers

for create consumer :
โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” -


curl -i -X POST โ€” url http://{kong_ip}:{kong_port}/consumers โ€” data โ€œusername={consumer-name}โ€ โ€” data โ€œcustom_id={some_id}โ€

for update consumer:
โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” -


curl -i -X POST โ€” url http://{kong_ip}:{kong_port}/consumers/{consumer_name or consumer_id} โ€” data โ€œusername={new consumer_name}โ€ โ€” data โ€œcustom_id={custom_id}โ€

for delete consumer :
โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” -


curl -i -X DELETE โ€” url http://{kong_ip}:{kong_port}/consumers/{consumer-name}

for create basic-auth for consumer:
โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” -


curl -i -X POST โ€” url http://{kong_ip}:{kong_port}/consumers/{consumer_name or consumer_id}/basic-auth/ โ€” data โ€œusername={username}โ€ โ€” data โ€œpassword={password}โ€

for update basic-auth for consumer:
โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” -


curl http://{kong_ip}:{kong_port}/consumers/{consumer-name}/basic-auth/ = get the plugin id
curl -i -X PUT โ€” url http://{kong_ip}:{kong_port}/consumers/{consumer-name}/basic-auth/{plugin_id} โ€” data โ€œusername={new username}โ€ โ€” data โ€œpassword={new password}โ€

for delete basic-auth for consumer:
โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” -


curl http://{kong_ip}:{kong_port}/consumers/{consumer-name}/basic-auth/ = get the plugin id
curl -i -X DELETE โ€” url http://{kong_ip}:{kong_port}/consumers/{consumer-name}/basic-auth/{plugin_id}

CREATE RATE LIMITING
โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€”


curl -X POST http://{kong_ip}:{kong_port}/consumers/${consumer_name}/plugins/ \
โ€” data โ€œname=rate-limitingโ€ \
โ€” data โ€œconfig.second={requst count limit per second}โ€ \
โ€” data โ€œconfig.minute={requst count limit per minute}โ€ \
โ€” data โ€œconfig.hour={requst count limit per hour}โ€ \
โ€” data โ€œconfig.day={requst count limit per day}โ€ \
โ€” data โ€œconfig.month={requst count limit per month}โ€ \
โ€” data โ€œconfig.year={requst count limit per year}โ€ \
โ€” data โ€œconfig.policy=clusterโ€ \
โ€” data โ€œconfig.hide_client_headers=falseโ€

GET RATE LIMITING DETAILS (plugin id)
โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” -


CURL http://{kong_ip}:{kong_port}/consumers/{consumer_name}/plugins = here we need to iterate the dictionary object to get ratelimit plugin and fetch plugin id

DELETE RATE LIMITING for consumer
โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” -


curl -X DELETE http://{kong_ip}:{kong_port}/consumers/{consumer_name}/plugins/{plugin_id}

UPDATE RATE LIMITING for consumer
โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€”


curl -X PATCH http://{kong_ip}:{kong_port}/consumers/{consumer_name}/plugins/{plugin_id} \
โ€” data โ€œname=rate-limitingโ€ \
โ€” data โ€œconfig.second=5โ€ \
โ€” data โ€œconfig.minute=10โ€ \
โ€” data โ€œconfig.hour=10โ€ \
โ€” data โ€œconfig.day=100โ€ \
โ€” data โ€œconfig.month=1000โ€ \
โ€” data โ€œconfig.year=10000โ€ \
โ€” data โ€œconfig.policy=clusterโ€ \
โ€” data โ€œconfig.hide_client_headers=falseโ€

--

--

๐’๐š๐ค๐ž๐ญ ๐‰๐š๐ข๐ง
๐’๐š๐ค๐ž๐ญ ๐‰๐š๐ข๐ง

Written by ๐’๐š๐ค๐ž๐ญ ๐‰๐š๐ข๐ง

๐ƒ๐ž๐ฏ๐Ž๐ฉ๐ฌ/๐’๐‘๐„/๐‚๐ฅ๐จ๐ฎ๐ /๐ˆ๐ง๐Ÿ๐ซ๐š๐ฌ๐ญ๐ซ๐ฎ๐œ๐ญ๐ฎ๐ซ๐ž /๐’๐ฒ๐ฌ๐ญ๐ž๐ฆ ๐„๐ง๐ ๐ข๐ง๐ž๐ž๐ซ

No responses yet