Bootstrap FreeKB - Kong Enterprise Edition (KongEE) - List RBAC Users using REST API
Kong Enterprise Edition (KongEE) - List RBAC Users using REST API
Updated:   |  Kong Enterprise Edition (KongEE) articles

This assumes Kong has been secured with Role Based Access Control (RBAC) and you have created your Kong-Admin-Token. The following curl command can be used to list the endpoints that can be used with the API.

curl --header "Kong-Admin-Token: abc123" --request GET "https://kong.example.com/endpoints"

 

Something like this should be returned. Notice that the /rbac/users endpoint can be used.

{       
    "data": [
        "/",
        "/acls",
        "/acls/{acls}",
        "/acls/{acls}/consumer",
        "/rbac/roles",
        "/rbac/roles/{rbac_roles}",
        "/rbac/roles/{rbac_roles}/endpoints",
        "/rbac/roles/{rbac_roles}/endpoints/permissions",
        "/rbac/roles/{rbac_roles}/endpoints/{workspace}/*",
        "/rbac/roles/{rbac_roles}/entities",
        "/rbac/roles/{rbac_roles}/entities/permissions",
        "/rbac/roles/{rbac_roles}/entities/{entity_id}",
        "/rbac/roles/{rbac_roles}/permissions",
        "/rbac/users",
        "/rbac/users/{rbac_users}",
        "/rbac/users/{rbac_users}/admins",
        "/rbac/users/{rbac_users}/admins/{admins}",
        "/rbac/users/{rbac_users}/developers",
        "/rbac/users/{rbac_users}/developers/{developers}",
        "/rbac/users/{rbac_users}/permissions",
        "/rbac/users/{rbac_users}/roles"
    ]
}

 

The following curl command can be used to list every RBAC user.

curl --header "Kong-Admin-Token: abc123" --request GET "https://kong.example.com/rbac/users"

 

Something like this should be returned.

{
    "data": [
        {
            "comment": "User generated on creation of Admin.",
            "created_at": 1602764784,
            "enabled": true,
            "id": "9a7cf8c3-01a9-4c1b-afde-677c76256f14",
            "name": "c056101-170d554d-90bc-4e1a-84d5-2cd4d7af61a0",
            "user_token": "$2b$09$fpTLdp0VbqFJDNBAS7CEje.K0QVHN3S9pb7duMMDDJus.0JD87fnF",
            "user_token_ident": "88056"
        },
        {
            "comment": null,
            "created_at": 1628796761,
            "enabled": true,
            "id": "9b3c96eb-5f61-4ea3-bba8-c83ef22b02f9",
            "name": "admin-api",
            "user_token": "$2b$09$EMABDCD1owQP/e3hZsf/2.8jE0jCwH/gcNYCnuJdb6OIlH/NkABDC",
            "user_token_ident": "71b46"
        }
    ],
    "next": null
}

 

Or, a specific user can be listed.

curl --header "Kong-Admin-Token: abc123" --request GET "https://kong.example.com/rbac/users/john.doe"

 

100+ results

If you have more than 100 RBAC users, the REST API will only return the first 100 RBAC users and the output will include offset, like this.

"offset":"WyI2MTQ4ZDU5MC0zNzdhLTQ5MWItYjMxYS1lMTYwYzYwNDgwYTYiXQ"

 

You would then use the offset to return the next 100 RBAC users.

curl --header "Kong-Admin-Token: abc123" --request GET "https://kong.example.com/rbac/users?offset=WyI2MTQ4ZDU5MC0zNzdhLTQ5MWItYjMxYS1lMTYwYzYwNDgwYTYiXQ"

 

Postgres

Undeneath the hood, the RBAC users are stored in the rbac_users table in the Kong Postgres database.

~]# psql --username postgres --dbname kong --command "select * from rbac_users" --expanded
-[ RECORD 1 ]-
id               | f3e21828-e790-41ee-ab6a-ca76cfa1abe4
name             | c047370-cec4475c-9a37-4005-b980-075175c33ed9
user_token       | $2b$09$IUF5GPbihnUsSLgGc4ktf.4E2xPoUus5IfFc5Ds0VA/Lc4wsJ0tBC
comment          | User generated on creation of Admin.
enabled          | t
created_at       | 2020-02-14 18:54:03
user_token_ident | c1849
ws_id            | 23dcd187-1f7a-463c-8565-8f6e5bfbb430

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter a54f81 in the box below so that we can be sure you are a human.