Error in ziti-cli

Support
1

Hi OpenZiti-team :slight_smile:
thanks for the great effort you are putting in OpenZiti it is an awesome piece code! :smiley:

It seems like I have stumbled over another issue which is related to the ziti-cli :confused:
When I run:

 ziti edge list identities

I get this error in terminal:

error: error listing https://xxx//identities in Ziti Edge Controller. Status code: 404 Not Found, Server returned: {
    "error": {
        "cause": {
            "code": "UNHANDLED",
            "message": "path /edge/client/v1//identities was not found"
        },
        "code": "NOT_FOUND",
        "message": "The resource requested was not found or is no longer available",
        "requestId": "kYT2lU0nG"
    },
    "meta": {
        "apiEnrollmentVersion": "0.0.1",
        "apiVersion": "0.0.1"
    }
}

My used versions are V1.5.4 on the server-side (ziti-controller) and also the ziti-cli binary.
btw. do you guys by any chance have somewhere an information, how filtering works when using these ziti-cli commands ? :slight_smile: => found it Shared API Capabilities | OpenZiti

Best Regards
Jan

2

Hey mate, that's typical of not authenticating the cli itself. Have you logged in?

Iโ€™ll post an example when I get to pc shortly, unless someone beats me to it :wink:

Update
I do apologise, I didnโ€™t see you were hitting 404, assumed it was 401 as the rest of the message was very similar.

image
image1647ร—405 52.9 KB

Try re-logging in anyway, your CLI might be authenticated to somewhere that isn't reachable?

Have a look at your persistent config; mine is in /root/.config/ziti/ziti-cli.json, yours is likely different, as that should give you a clue where your cli calls are trying to reach

3

Hi @strongwazz,

thanks for the hint, but I doubt that this is the issue, I have logged in again now and when running

ziti edge list auth-policies

it gives me the policies immediately, for the command

ziti edge list identities

I still get the 404 error :confused:

4

Looks to me like your controller is not available or is misconfigured maybe? If this were a cli problem i would expect numerous reports of the problem since it's such a common command to run.

My guess would be something strange with the controller or a change in the actual underlay/firewall? Can you restart the controller just to see if that matters?

Also try ziti edge quickstart and then list identities from that and see if that works. I expect it will.

Also you could try deleting the ziti-cli.json file too as well as trying to login from the controller locally as well.

If the quickstart works or the restart we would at least know it was isolated to your controller not the cli

5

@TheLumberjack it seems like you must have hidden a crystal ball hidden somewhere :wink:

The problem was in-fact my login command, I logged in using:

ziti edge login https://mgmt-api.network.xxx/ --username Jan --ext-jwt ...

The trailing slash at the end of my controller URL seems to have been concatenated with the related URL path needed for the request, this ended-up in the controller responding with 404 as the request was actually sent to

https://mgmt-api.network.xxx/edge/client/v1//identities

instead of

https://mgmt-api.network.xxx/edge/client/v1/identities

Absolutely my fault here :sweat_smile:

Anyway I think it could be a nice feature for convenience, to just strip a trailing slash automatically in the code, so that this kind of issue cannot arise :slight_smile:

Best Regards
Jan

6

Bug filed. it was easy to reproduce using ziti edge quickstart. See trailing slash when logging in causes odd problems ยท Issue #3217 ยท openziti/ziti ยท GitHub

1 Like