1. DAL(us-south)以外にアクセスするとCLIが404 Not Foundを返してしまう
以下のように、au-syd(Sydney), eu-de(Frankfurt), us-south(Dallas)にそれぞれIBM Cloud Event Notificationsのインスタンスが存在している。
[root@new-syasuda-tok1-vpc1 ~]# ibmcloud resources | grep -i "Event Notifications" -A 6
Name: Event Notifications-xxxxxxxxx
Location: au-syd
Family: resource_controller
Resource Type: resource-instance
Resource Group ID: d072b8a4c0a741ef999dd97caa434fc5
CRN: crn:v1:bluemix:public:event-notifications:au-syd:a/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:f886bfc0-939b-4712-8d11-0978cfff3c7c::
Tags: hkataoka
--
Name: Event Notifications-FRA
Location: eu-de
Family: resource_controller
Resource Type: resource-instance
Resource Group ID: d072b8a4c0a741ef999dd97caa434fc5
CRN: crn:v1:bluemix:public:event-notifications:eu-de:a/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:408a5041-2da5-4663-8b63-5539d9ffaa7c::
Tags: syasuda
--
Name: Event Notifications-xxxxx
Location: us-south
Family: resource_controller
Resource Type: resource-instance
Resource Group ID: d072b8a4c0a741ef999dd97caa434fc5
CRN: crn:v1:bluemix:public:event-notifications:us-south:a/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:05378942-9487-4afb-8d5f-a97e073ac837::
Tags: common
Instance IDは、CRN情報から判別可能であり、crn:v1:bluemix:public:event-notifications:au-syd:a/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:<Instance ID>::である。
しかし、以下のようにDAL以外のインスタンスでは404 Not Foundになってしまう。
au-syd(Sydney)
[root@new-syasuda-tok1-vpc1 ~]# ibmcloud target -r au-syd
[root@new-syasuda-tok1-vpc1 ~]# ibmcloud en destinations --instance-id f886bfc0-939b-4712-8d11-0978cfff3c7c
...
FAILED
Instance ID doesn't exist
Error response body
status_code trace code message more_info
404 05d1cada-5ee1-4a6b-b46a-2e7a14037235 wrong_instance_id Instance ID doesn't exist https://cloud.ibm.com/apidocs/event-notifications#event-notifications-api-authentication
eu-de(Frankfurt)
[root@new-syasuda-tok1-vpc1 ~]# ibmcloud target -r eu-de
[root@new-syasuda-tok1-vpc1 ~]# ibmcloud en destinations --instance-id 408a5041-2da5-4663-8b63-5539d9ffaa7c
...
FAILED
Instance ID doesn't exist
Error response body
status_code trace code message more_info
404 5d518e10-1584-454b-9f92-16e8a5bd375e wrong_instance_id Instance ID doesn't exist https://cloud.ibm.com/apidocs/event-notifications#event-notifications-api-authentication
us-south(Dallas)
[root@new-syasuda-tok1-vpc1 ~]# ibmcloud target -r us-south
[root@new-syasuda-tok1-vpc1 ~]# ibmcloud en destinations --instance-id 05378942-9487-4afb-8d5f-a97e073ac837
...
total_count offset limit description id name subscription_count subscription_names type updated_at
3 0 10 Out of the box email service to send emails. Works only with IBM Cloud sources. 18ac3173-ad37-4545-b947-437d1a5dd35f IBM Cloud Email service 4 <Array> smtp_ibm 2022-10-25T14:43:16.966Z
3 0 10 Out of the box SMS service to send text messages. Works only with IBM Cloud sources. 7410e3d1-91f2-4a25-b807-f9b135cba2e3 IBM Cloud SMS service 0 - sms_ibm 2022-10-25T14:43:16.970Z
3 0 10 function for forwarding to zabbix f6af1061-d016-4a51-af02-c2c540878126 cloud-function 2 <Array> ibmcf 2022-11-14T05:46:02.098Z
2. eu-de(Frankfurt)での原因調査
トレースを取ってみると、リージョンをibmcloud target -r eu-deで切り替えていても、us-south.event-notifications.cloud.ibm.comに接続しに行っている。
[root@new-syasuda-tok1-vpc1 ~]# ibmcloud target -r eu-de
[root@new-syasuda-tok1-vpc1 ~]# IBMCLOUD_TRACE=true ibmcloud en destinations --instance-id 408a5041-2da5-4663-8b63-5539d9ffaa7c
...
2023/10/16 12:35:02 [Debug] Request:
GET /event-notifications/v1/instances/408a5041-2da5-4663-8b63-5539d9ffaa7c/destinations HTTP/1.1
Host: us-south.event-notifications.cloud.ibm.com
User-Agent: ibm-event-notifications-go-admin-sdk/0.2.7 (lang=go; arch=amd64; os=linux; go.version=go1.20.8)
Accept: application/json
Authorization: [redacted]
X-Original-User-Agent: en-cli-plugin/1.2.0
Accept-Encoding: gzip
2023/10/16 12:35:03 [Debug] Response:
HTTP/2.0 404 Not Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
Access-Control-Allow-Origin: *
Cf-Cache-Status: DYNAMIC
Cf-Ray: 816d403b7c3caf42-NRT
Content-Security-Policy: script-src * 'unsafe-inline', frame-ancestors 'self'; form-action 'self'
Content-Type: application/json
Date: Mon, 16 Oct 2023 03:35:17 GMT
Server: cloudflare
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Envoy-Upstream-Service-Time: 102
X-Request-Id: 580f14d2-2b8a-455e-b723-04cc31527760
{"status_code":404,"trace":"c74d7fe3-9bfe-4a85-a6b8-f12db8499f0a","errors":[{"code":"wrong_instance_id","message":"Instance ID doesn't exist","more_info":"https://cloud.ibm.com/apidocs/event-notifications#event-notifications-api-authentication"}]}
FAILED
Instance ID doesn't exist
Error response body
status_code trace code message more_info
404 c74d7fe3-9bfe-4a85-a6b8-f12db8499f0a wrong_instance_id Instance ID doesn't exist https://cloud.ibm.com/apidocs/event-notifications#event-notifications-api-authentication
実際、curlを使ってアクセスしてみると、us-south.event-notifications.cloud.ibm.comにアクセスすると404 Not Foundが返ってきている。
[root@new-syasuda-tok1-vpc1 ~]# curl -v -X GET -L -H "Authorization: Bearer ${iam_token}" -H 'Content-type: application/json' https://us-south.event-notifications.cloud.ibm.com/event-notifications/v1/instances/408a5041-2da5-4663-8b63-5539d9ffaa7c/destinations
* About to connect() to us-south.event-notifications.cloud.ibm.com port 443 (#0)
* Trying 104.18.9.248...
* Connected to us-south.event-notifications.cloud.ibm.com (104.18.9.248) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=sni.cloudflaressl.com,O="Cloudflare, Inc.",L=San Francisco,ST=California,C=US
* start date: May 12 00:00:00 2023 GMT
* expire date: May 11 23:59:59 2024 GMT
* common name: sni.cloudflaressl.com
* issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
> GET /event-notifications/v1/instances/408a5041-2da5-4663-8b63-5539d9ffaa7c/destinations HTTP/1.1
> User-Agent: curl/7.29.0
> Host: us-south.event-notifications.cloud.ibm.com
> Accept: */*
> Authorization: Bearer xxxxxxxxx
> Content-type: application/json
>
< HTTP/1.1 404 Not Found
< Date: Mon, 16 Oct 2023 03:43:58 GMT
< Content-Type: application/json
< Content-Length: 247
< Connection: keep-alive
< x-request-id: 799b4a8d-e6b9-49a3-9bfc-712eeb0c8c1d
< access-control-allow-headers: *
< access-control-allow-credentials: true
< access-control-allow-origin: *
< access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
< content-security-policy: script-src * 'unsafe-inline', frame-ancestors 'self'; form-action 'self'
< x-envoy-upstream-service-time: 129
< strict-transport-security: max-age=31536000; includeSubDomains
< CF-Cache-Status: DYNAMIC
< Server: cloudflare
< CF-RAY: 816d4cf42e9aafe8-NRT
<
* Connection #0 to host us-south.event-notifications.cloud.ibm.com left intact
{"status_code":404,"trace":"9a66c5a8-1040-4915-90bf-f33ffc2f29ea","errors":[{"code":"wrong_instance_id","message":"Instance ID doesn't exist","more_info":"https://cloud.ibm.com/apidocs/event-notifications#event-notifications-api-authentication"}]}
実際、curlを使ってアクセスしてみると、eu-de.event-notifications.cloud.ibm.comにアクセスすると正しく結果が返ってくる。
[root@new-syasuda-tok1-vpc1 ~]# iam_token=`ibmcloud iam oauth-tokens | awk '{printf $4}'`
[root@new-syasuda-tok1-vpc1 ~]# curl -v -X GET -L -H "Authorization: Bearer ${iam_token}" -H 'Content-type: application/json' https://eu-de.event-notifications.cloud.ibm.com/event-notifications/v1/instances/408a5041-2da5-4663-8b63-5539d9ffaa7c/destinations
* About to connect() to eu-de.event-notifications.cloud.ibm.com port 443 (#0)
* Trying 104.18.8.248...
* Connected to eu-de.event-notifications.cloud.ibm.com (104.18.8.248) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=sni.cloudflaressl.com,O="Cloudflare, Inc.",L=San Francisco,ST=California,C=US
* start date: May 12 00:00:00 2023 GMT
* expire date: May 11 23:59:59 2024 GMT
* common name: sni.cloudflaressl.com
* issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
> GET /event-notifications/v1/instances/408a5041-2da5-4663-8b63-5539d9ffaa7c/destinations HTTP/1.1
> User-Agent: curl/7.29.0
> Host: eu-de.event-notifications.cloud.ibm.com
> Accept: */*
> Authorization: Bearer xxxxxxxxx
> Content-type: application/json
>
< HTTP/1.1 200 OK
< Date: Mon, 16 Oct 2023 03:43:26 GMT
< Content-Type: application/json
< Content-Length: 939
< Connection: keep-alive
< x-request-id: 3ac6d58c-5196-4415-965d-8e252c98380f
< access-control-allow-headers: *
< access-control-allow-credentials: true
< access-control-allow-origin: *
< access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
< content-security-policy: script-src * 'unsafe-inline', frame-ancestors 'self'; form-action 'self'
< x-envoy-upstream-service-time: 312
< strict-transport-security: max-age=31536000; includeSubDomains
< CF-Cache-Status: DYNAMIC
< Server: cloudflare
< CF-RAY: 816d4c2629e6afb2-NRT
<
* Connection #0 to host eu-de.event-notifications.cloud.ibm.com left intact
{"destinations":[{"collect_failed_events":false,"description":"Out of the box SMS service to send text messages. Works only with IBM Cloud sources.","id":"775d16e6-2c59-43c5-9b01-d15c75c9bd3d","name":"IBM Cloud SMS service","subscription_count":0,"subscription_names":[],"type":"sms_ibm","updated_at":"2023-10-12T02:53:23.893798Z"},{"collect_failed_events":true,"description":"","id":"84ddda96-3330-4683-8723-f949eb9609b3","name":"syasuda-sample-webhook","subscription_count":1,"subscription_names":["syasuda-sample-webhook"],"type":"webhook","updated_at":"2023-10-12T06:35:03.608606Z"},{"collect_failed_events":false,"description":"Out of the box email service to send emails. Works only with IBM Cloud sources.","id":"ac0a71a0-c45f-4bd4-85ad-a14ce3f71e11","name":"IBM Cloud Email
3. 解決方法
ここに書かれてあった。DAL(us-south)以外で利用する際には、IBMCLOUD_EN_ENDPOINTという環境変数を利用する必要がある。ibmcloud target -r xxxxxxは効いていない。
[root@new-syasuda-tok1-vpc1 ~]# export IBMCLOUD_EN_ENDPOINT=https://eu-de.event-notifications.cloud.ibm.com/event-notifications
[root@new-syasuda-tok1-vpc1 ~]# ibmcloud en destinations --instance-id 408a5041-2da5-4663-8b63-5539d9ffaa7c
...
total_count offset limit description id name subscription_count subscription_names type updated_at
3 0 10 Out of the box SMS service to send text messages. Works only with IBM Cloud sources. 775d16e6-2c59-43c5-9b01-d15c75c9bd3d IBM Cloud SMS service 0 - sms_ibm 2023-10-12T02:53:23.893Z
3 0 10 84ddda96-3330-4683-8723-f949eb9609b3 syasuda-sample-webhook 1 <Array> webhook 2023-10-12T06:35:03.608Z
3 0 10 Out of the box email service to send emails. Works only with IBM Cloud sources. ac0a71a0-c45f-4bd4-85ad-a14ce3f71e11 IBM Cloud Email service 0 - smtp_ibm 2023-10-12T02:53:23.812Z
4. より詳細な情報を出力するために
CLIを実行してもNested Objectの設定情報は確認できない。実際はAPIを呼び出すか、ibmcloudコマンド実行時にIBMCLOUD_TRACE=trueオプションをつけてREST APIの実行結果を出力させ、それを処理すると良い。
destination
ibmcloud CLIでの destination 詳細情報
[root@new-syasuda-tok1-vpc1 ~]# ibmcloud en destination --instance-id 408a5041-2da5-4663-8b63-5539d9ffaa7c --id 84ddda96-3330-4683-8723-f949eb9609b3
...
id name description type config updated_at subscription_count subscription_names
84ddda96-3330-4683-8723-f949eb9609b3 syasuda-sample-webhook webhook <Nested Object> 2023-10-12T06:35:03.608Z 1 syasuda-sample-webhook
[root@new-syasuda-tok1-vpc1 ~]# IBMCLOUD_TRACE=true ibmcloud en destination --instance-id 408a5041-2da5-4663-8b63-5539d9ffaa7c --id 84ddda96-3330-4683-8723-f949eb9609b3 2>&1 |grep '{' | jq
{
"collect_failed_events": true,
"config": {
"params": {
"custom_headers": {},
"sensitive_headers": [],
"url": "http://xxx.xxx.xxx.xxx:8084/fb4c682b-fcd3-4ff0-9133-464e003a32c4",
"verb": "POST"
}
},
"description": "",
"id": "84ddda96-3330-4683-8723-f949eb9609b3",
"name": "syasuda-sample-webhook",
"subscription_count": 0,
"subscription_names": [],
"type": "webhook",
"updated_at": "2023-10-12T06:35:03.608606Z"
}
curlでの destination 詳細情報
[root@new-syasuda-tok1-vpc1 ~]# iam_token=`ibmcloud iam oauth-tokens | awk '{printf $4}'`
[root@new-syasuda-tok1-vpc1 ~]# curl -s -X GET -H "Authorization: Bearer ${iam_token}" -H 'Content-type: application/json' https://eu-de.event-notifications.cloud.ibm.com/event-notifications/v1/instances/408a5041-2da5-4663-8b63-5539d9ffaa7c/destinations/84ddda96-3330-4683-8723-f949eb9609b3 | jq
{
"collect_failed_events": true,
"config": {
"params": {
"custom_headers": {},
"sensitive_headers": [],
"url": "http://xxx.xxxx.xxxx.xxx:8084/fb4c682b-fcd3-4ff0-9133-464e003a32c4",
"verb": "POST"
}
},
"description": "",
"id": "84ddda96-3330-4683-8723-f949eb9609b3",
"name": "syasuda-sample-webhook",
"subscription_count": 0,
"subscription_names": [],
"type": "webhook",
"updated_at": "2023-10-12T06:35:03.608606Z"
}
source
ibmcloud CLIでの source 詳細情報
[root@new-syasuda-tok1-vpc1 ~]# ibmcloud en source --instance-id 408a5041-2da5-4663-8b63-5539d9ffaa7c --id 58eb15f2-0acf-44b2-88ba-e9d893e6c2a2:api
...
id name description enabled type updated_at topic_count topic_names
58eb15f2-0acf-44b2-88ba-e9d893e6c2a2:api syasuda-sample-webhook true api 2023-10-12T06:45:33.759Z 1 syasuda-sample-webhook
[root@new-syasuda-tok1-vpc1 ~]# IBMCLOUD_TRACE=true ibmcloud en source --instance-id 408a5041-2da5-4663-8b63-5539d9ffaa7c --id 58eb15f2-0acf-44b2-88ba-e9d893e6c2a2:api 2>&1 |grep '{' | jq
{
"description": "",
"enabled": true,
"id": "58eb15f2-0acf-44b2-88ba-e9d893e6c2a2:api",
"name": "syasuda-sample-webhook",
"topic_count": 1,
"topic_names": [
"syasuda-sample-webhook"
],
"type": "api",
"updated_at": "2023-10-12T06:45:33.759475Z"
}
curlでの source 詳細情報
[root@new-syasuda-tok1-vpc1 ~]# iam_token=`ibmcloud iam oauth-tokens | awk '{printf $4}'`
[root@new-syasuda-tok1-vpc1 ~]# curl -s -X GET -H "Authorization: Bearer ${iam_token}" -H 'Content-type: application/json' https://eu-de.event-notifications.cloud.ibm.com/event-notifications/v1/instances/408a5041-2da5-4663-8b63-5539d9ffaa7c/sources/58eb15f2-0acf-44b2-88ba-e9d893e6c2a2:api | jq
{
"description": "",
"enabled": true,
"id": "58eb15f2-0acf-44b2-88ba-e9d893e6c2a2:api",
"name": "syasuda-sample-webhook",
"topic_count": 1,
"topic_names": [
"syasuda-sample-webhook"
],
"type": "api",
"updated_at": "2023-10-12T06:45:33.759475Z"
}
topic
ibmcloud CLIでの topic 詳細情報
[root@new-syasuda-tok1-vpc1 ~]# ibmcloud en topic --instance-id 408a5041-2da5-4663-8b63-5539d9ffaa7c --id 965a6f33-8c63-4787-9529-16a7513668c6
...
id 965a6f33-8c63-4787-9529-16a7513668c6
description test1
name syasuda-sample-webhook
updated_at 2023-10-16T02:48:22.264631Z
source_count 1
sources <Array>
subscription_count 1
subscriptions -
[root@new-syasuda-tok1-vpc1 ~]# IBMCLOUD_TRACE=true ibmcloud en topic --instance-id 408a5041-2da5-4663-8b63-5539d9ffaa7c --id 965a6f33-8c63-4787-9529-16a7513668c6 2>&1 |grep '{' | jq
{
"description": "test1",
"id": "965a6f33-8c63-4787-9529-16a7513668c6",
"name": "syasuda-sample-webhook",
"source_count": 1,
"sources": [
{
"id": "58eb15f2-0acf-44b2-88ba-e9d893e6c2a2:api",
"name": "syasuda-sample-webhook",
"rules": [
{
"enabled": true,
"event_type_filter": "$.*",
"id": "71589489-4c07-4641-bad8-5ba4a6e6fdf6",
"notification_filter": "",
"updated_at": "2023-10-16T02:48:22.269078Z"
}
]
}
],
"subscription_count": 1,
"subscriptions": [],
"updated_at": "2023-10-16T02:48:22.264631Z"
}
curlでの topic 詳細情報
[root@new-syasuda-tok1-vpc1 ~]# iam_token=`ibmcloud iam oauth-tokens | awk '{printf $4}'`
[root@new-syasuda-tok1-vpc1 ~]# curl -s -X GET -H "Authorization: Bearer ${iam_token}" -H 'Content-type: application/json' https://eu-de.event-notifications.cloud.ibm.com/event-notifications/v1/instances/408a5041-2da5-4663-8b63-5539d9ffaa7c/topics/965a6f33-8c63-4787-9529-16a7513668c6 | jq
{
"description": "test1",
"id": "965a6f33-8c63-4787-9529-16a7513668c6",
"name": "syasuda-sample-webhook",
"source_count": 1,
"sources": [
{
"id": "58eb15f2-0acf-44b2-88ba-e9d893e6c2a2:api",
"name": "syasuda-sample-webhook",
"rules": [
{
"enabled": true,
"event_type_filter": "$.*",
"id": "71589489-4c07-4641-bad8-5ba4a6e6fdf6",
"notification_filter": "",
"updated_at": "2023-10-16T02:48:22.269078Z"
}
]
}
],
"subscription_count": 1,
"subscriptions": [],
"updated_at": "2023-10-16T02:48:22.264631Z"
}
subscription
ibmcloud CLIでの subscription 詳細情報
[root@new-syasuda-tok1-vpc1 ~]# ibmcloud en subscription --instance-id 408a5041-2da5-4663-8b63-5539d9ffaa7c --id 73f54340-17de-4151-b9bc-5c4777f66640
...
id 73f54340-17de-4151-b9bc-5c4777f66640
name syasuda-sample-webhook
description test1
updated_at 2023-10-16T02:48:09.603332Z
destination_type webhook
destination_id 84ddda96-3330-4683-8723-f949eb9609b3
destination_name syasuda-sample-webhook
topic_id 965a6f33-8c63-4787-9529-16a7513668c6
topic_name syasuda-sample-webhook
attributes <Nested Object>
[root@new-syasuda-tok1-vpc1 ~]# IBMCLOUD_TRACE=true ibmcloud en subscription --instance-id 408a5041-2da5-4663-8b63-5539d9ffaa7c --id 73f54340-17de-4151-b9bc-5c4777f66640 2>&1 |grep '{' | jq
{
"attributes": {
"add_notification_payload": true,
"signing_enabled": false
},
"description": "test1",
"destination_id": "84ddda96-3330-4683-8723-f949eb9609b3",
"destination_name": "syasuda-sample-webhook",
"destination_type": "webhook",
"id": "73f54340-17de-4151-b9bc-5c4777f66640",
"name": "syasuda-sample-webhook",
"topic_id": "965a6f33-8c63-4787-9529-16a7513668c6",
"topic_name": "syasuda-sample-webhook",
"updated_at": "2023-10-16T02:48:09.603332Z"
}
curlでの subscription 詳細情報
[root@new-syasuda-tok1-vpc1 ~]# iam_token=`ibmcloud iam oauth-tokens | awk '{printf $4}'`
[root@new-syasuda-tok1-vpc1 ~]# curl -s -X GET -H "Authorization: Bearer ${iam_token}" -H 'Content-type: application/json' https://eu-de.event-notifications.cloud.ibm.com/event-notifications/v1/instances/408a5041-2da5-4663-8b63-5539d9ffaa7c/subscriptions/73f54340-17de-4151-b9bc-5c4777f66640 | jq
{
"attributes": {
"add_notification_payload": true,
"signing_enabled": false
},
"description": "test1",
"destination_id": "84ddda96-3330-4683-8723-f949eb9609b3",
"destination_name": "syasuda-sample-webhook",
"destination_type": "webhook",
"id": "73f54340-17de-4151-b9bc-5c4777f66640",
"name": "syasuda-sample-webhook",
"topic_id": "965a6f33-8c63-4787-9529-16a7513668c6",
"topic_name": "syasuda-sample-webhook",
"updated_at": "2023-10-16T02:48:09.603332Z"
}