External Resource Client - CURL Conversion Issues

Hi all.

I have a working CURL request that calls an API for us and this works great. I have since been trying to convert it into ExternalResourceClient but am having problems with the main error being:

Request failed: file get contents([IPADDRESS]): Failed to open stream: Network is unreachable

I've checked with my server provider and they have made sure that allow_url_fopen is configured correctly and they say it is. Can anyone see any reason why I'd be getting the error?

Original Code is a standard CURL call with these options:
curl_setopt($ch, CURLOPT_URL, $endpoint);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

New Code:

use Sugarcrm\Sugarcrm\Security\HttpClient\ExternalResourceClient;
use Sugarcrm\Sugarcrm\Security\HttpClient\RequestException;

// Define the endpoint and authorization token
$url = "https://api.erpdev.accessacloud.com/financials-graphql";
$authToken = "";
// Define the GraphQL query
$query = '{"query":"query{debtors{lists{customers{items{name}}}}}"}'

// Create the ExternalResourceClient instance
$client = new ExternalResourceClient();

try {
    echo "Attempting to send request..." . "<br>" . PHP_EOL;

    // Send the request
    $response = $client->post($url, $query, [
        'Content-Type' => '',
        'X-api-token' => '',
        'Ocp-Apim-Subscription-Key' => '',
        'Authorization' => 'Bearer ' . $authToken,
    ]);

    echo "Request sent successfully." . "<br>" . PHP_EOL;
} catch (RequestException $e) {
    echo "Request failed: " . $e->getMessage() . "<br>" . PHP_EOL;
    throw new \SugarApiExceptionError($e->getMessage());
}

$parsed = !empty($response) ? json_decode($response->getBody()->getContents(), true) : null;

// Echo the raw response body and parsed response for debugging
if (!empty($response)) {
    echo "Raw Response: " . $response->getBody()->getContents() . "<br>" . PHP_EOL;
} else {
    echo "No response received." . "<br>" . PHP_EOL;
}

if ($parsed) {
    echo "Parsed Response: " . print_r($parsed, true) . "<br>" . PHP_EOL;
} else {
    echo "Failed to parse response." . "<br>" . PHP_EOL;
}

Any ideas? Our server provider said the following:
The certificate is invalid, you can't get a certificate for an IP address. If you're using the DNS name (which I think is ) you'll get a synthesized IPv6 address to allow you to connect (There's no direct IPv4 in our platform). Can you check with Sugar that they'll connect to the IPv6 address in preference to the IPv4 address that's returned on the DNS lookup

Thanks!

Parents
  •  are you running this code in SugarCloud or on-premise, also which version are you on?

    we use few "resolvers" to retrieve the IP address and use that to communicate, if you use GoogleResovler (see below), it is resolving to an IP ("data": "51.132.52.2"):

    curl --location 'https://8.8.4.4/resolve?name=api.erpdev.accessacloud.com&type=1'
    
    // result
    {
        "Status": 0,
        "TC": false,
        "RD": true,
        "RA": true,
        "AD": false,
        "CD": false,
        "Question": [
            {
                "name": "api.erpdev.accessacloud.com.",
                "type": 1
            }
        ],
        "Answer": [
            {
                "name": "api.erpdev.accessacloud.com.",
                "type": 5,
                "TTL": 300,
                "data": "erp-api-gateway.azure-api.net."
            },
            {
                "name": "erp-api-gateway.azure-api.net.",
                "type": 5,
                "TTL": 900,
                "data": "apimgmttm6bnhjrb9cq7nfq6huv9xvzszrjbu8q04amyk4fynw.trafficmanager.net."
            },
            {
                "name": "apimgmttm6bnhjrb9cq7nfq6huv9xvzszrjbu8q04amyk4fynw.trafficmanager.net.",
                "type": 5,
                "TTL": 300,
                "data": "erp-api-gateway-uksouth-01.regional.azure-api.net."
            },
            {
                "name": "erp-api-gateway-uksouth-01.regional.azure-api.net.",
                "type": 5,
                "TTL": 900,
                "data": "api765c9e1af9c3421fb80e9adca2f50990082otimvnffeyryb5l5nb.uksouth.cloudapp.azure.com."
            },
            {
                "name": "api765c9e1af9c3421fb80e9adca2f50990082otimvnffeyryb5l5nb.uksouth.cloudapp.azure.com.",
                "type": 1,
                "TTL": 10,
                "data": "51.132.52.2"
            }
        ],
        "Comment": "Response from 2620:1ec:bda:700::1."
    }

    I don't see any IPv6 coming up.. 

    SugarCRM | Principal Developer Advocate

  • Hello All, 


    Just for extra context I did investigate this issue with Daniel before, and using their code on a Sugar Cloud instance I can connect to their remote service successfully



    But when Daniel runs the same code on their servers, it returns an error: 

    Request failed: file get contents([IPADDRESS]): Failed to open stream: Network is unreachable


    As   already shared, we reviewed php.info() and things seem correctly set, namely the allow_url_fopen. 

    Any troubleshooting ideas would be welcomed. 

    Cheers

    André 







  • Hi   ,

    I'm assuming you're not on our cloud, which means that ExternalResourceClient is using a "NativeResolver" to resolve IP addresses. That resolver, uses PHP's own native gethostbyname which by definition only resovles to IPv4 addresses.

    Fortunetly, you can make use of an alternative Resolver, we call it GoogleResolver that will trigger an external call to google's own DNS server (8.8.4.4), see my curl example above, to resolve address on your behalf.

    We call that feature DNS over HTTPS and can be enabled simply configuring the sugar_config setting (see below), more details here.

    $sugar_config['security']['use_doh'] = true;
    

    Hope this helps,

    rafa

    SugarCRM | Principal Developer Advocate

Reply
  • Hi   ,

    I'm assuming you're not on our cloud, which means that ExternalResourceClient is using a "NativeResolver" to resolve IP addresses. That resolver, uses PHP's own native gethostbyname which by definition only resovles to IPv4 addresses.

    Fortunetly, you can make use of an alternative Resolver, we call it GoogleResolver that will trigger an external call to google's own DNS server (8.8.4.4), see my curl example above, to resolve address on your behalf.

    We call that feature DNS over HTTPS and can be enabled simply configuring the sugar_config setting (see below), more details here.

    $sugar_config['security']['use_doh'] = true;
    

    Hope this helps,

    rafa

    SugarCRM | Principal Developer Advocate

Children
No Data