Do I need to provide stream enrich with read credentials on Iglu server?


#1

I’m running into a persistent Could not find schema with key $MY_SCHEMA_KEY in any repository; tried repositories Iglue Central [HTTP], $MY_RESPOSITORY [HTTP], Iglu Central - GCP Mirror [HTTP].

The thing is that the schema in question is indeed present in the repository (I’m running the Iglu Server as a Docker container, rather than the raw S3 bucket situation). So I guess the question that follows is, how do I provide my Stream Enrich service with a read-api key for my Iglu repository server?


#2

At a glance, it doesn’t look like the resolver config schema supports specifying API keys with repository listing, so I have a feeling that the answer here is gonna be “not supported” :frowning:

Anywhere else I should be looking?


#3

Hi @pearsonhenri there is indeed API Key support in the linked schema:

To specify an API Key for an Iglu Server repository your resolver should look like so:

{
  "schema": "iglu:com.snowplowanalytics.iglu/resolver-config/jsonschema/1-0-2",
  "data": {
    "cacheSize": 500,
    "cacheTtl": 600,
    "repositories": [
      {
        "name": "Iglu Central",
        "priority": 1,
        "vendorPrefixes": [
          "com.snowplowanalytics"
        ],
        "connection": {
          "http": {
            "uri": "http://iglucentral.com"
          }
        }
      },
      {
        "name": "Iglu Central - Mirror 01",
        "priority": 1,
        "vendorPrefixes": [
          "com.snowplowanalytics"
        ],
        "connection": {
          "http": {
            "uri": "http://mirror01.iglucentral.com"
          }
        }
      },
      {
        "name": "Iglu Server Schema Registry",
        "priority": 0,
        "vendorPrefixes": [],
        "connection": {
          "http": {
            "uri": "https://iglu-server-url/api",
            "apikey": "YOUR API KEY HERE"
          }
        }
      }
    ]
  }
}

As long as you have generated an API Key with sufficient read permissions on the vendor spaces in question it should work!


#4

D’oh! How did I miss that! Thanks @josh happy


#5

Ah one further question: is it possible to have a single API key that grants read access to multiple vendor namespaces? If not, is the preferred alternative to re-list the registry with a separate API key and indicate the specific vendor prefix that the key applies to?


#6

Hey @pearsonhenri it is indeed possible - you just need to generate a read key with the * vendor space - this should then be able to access any schema in your Iglu Server. Sort of like a super read key.

You can always assert if your key will work as expected by attempting to access schemas directly from the Iglu Server using the generated key before applying it to your Stream Enrich server.