Ansible AVI networks integration - ssl

Using avi_pool module, can we authenticate with the AVI vantage controller using SSL? 'avi_pool' module doesn't accept cert/key as parameter. Dont want to re-invent the wheel using URI module. Is there any way we can pass SSL cert and key to the api server that would not otherwise authenticate?
This is regarding one of avi modules avi_pool. I assume all other avi module would return same auth error.
Works with uri module because it clearly accepts cert/key path as parameter.

Related

swagger API documentation with my own yaml file

I have my API documented with Swagger. For developer convenience I would like to provide the swagger GUI on my website as well. However, my provider has not installed the php yaml extension. It implies that I can't use the GUI on my own website.
So, I would like to use a third party GUI. I know that I can use https://petstore.swagger.io/ and enter the link to my yaml file in the text box. This is also not really user friendly. I prefer to open the GUI and specify the yaml when calling the url. For the user the GUI opens with my API definition.
Any thoughts?
If for some reason you cannot host Swagger UI youself, here are some alternatives you can try:
Use SwaggerHub to host your API definition and docs.
Disclosure: I work for the company that makes SwaggerHub.
Use GitLab to host your OpenAPI YAML/JSON file. GitLab uses Swagger UI to render OpenAPI files. Example:
https://gitlab.com/gofus/gofus-api/blob/dev/swagger.yaml
Use https://petstore.swagger.io with the url query parameter to automatically load your API definition:
https://petstore.swagger.io?url=https://yoursite.com/api.yaml
For this to work, the server where your OpenAPI file is hosted must use HTTPS and support CORS.

How can I whitelist onedrive using the "quintolabs qlproxy" for web filtering

I am useing quintolabs qlproxy for web filtering. How can I whitelist onedrive so it stays syncronized? What are the URLs and IPs to Whitelist?
Seems the issue is that OneDrive application uses SSL Pinning and thus does not accept mimicked SSL certificate from your Squid proxy. A similar issue for Dropbox is explained at http://docs.diladele.com/faq/squid/dropbox.html.
This same error will be present in all SSL inspecting web filters. For example from the message at Sophos (astaro) UTM support forum it seems the list of domain names to exclude is quite large (see https://www.astaro.org/gateway-products/network-protection-firewall-nat-qos-ips/56579-microsoft-onedrive.html):
skyapi.live.net
storage.live.com
skydrive.live.com
shared.live.com
onedrive.live.com
Please note the list may not be complete. The best is to fire up the WireShark or (better) Microsoft Message Analyzer on the machine where OneDrive is installed and try to see what domain names are sent to the proxy upon start of OneDrive application. Then exclude these from ssl bump.

Can I use a custom domain name for API in Parse.com?

I’ve read the Parse documentation regarding custom domain names, and I understand that I can host web content at a custom domain name.
Is it also possible to use the Parse REST API, or Cloud Functions, via a custom domain name?
Example:
https://api.myshoewarehouse.com/v1/shoes/
instead of…
https://api.parse.com/1/shoes/
Looks like it is not allowed by parse.com directly. The only way to do it is to configure proxy server somewhere on your machine, like here.
Another way is to set api.myshoewarehouse.com domain record to CNAME pointing at api.parse.com. But then you need to:
ignore certificate check, e.g. with curl -k option, which obviously isn't safe thing
forget about changing URL path (e.g. /1/shoes/ can't be changed to /v1/shoes/)

How do I get placemark icons to load over ssl?

I'm working on a web application that uses the google earth plugin. Recently, a new requirement to have non-public users logon was added, which meant that some users were now using the site over https. Among the things that broke in testing were the custom placemark icons (They were working using http).
The icons are hosted on the same server which servers the page.
Here are the urls for each of the protocols.
http - http://localhost/Images/yellow.png
https - https://localhost/Images/yellow.png
I can follow that link and the image will appear as you would expect.
The images hrefs are declared as icon styles in dynamically generated kml.
I want to avoid loading the images over http because I think that will cause internet explorer to present the user with a mixed content warning.
How do I get the images to load properly while using https?
I have been wrestling with this myself -- the short answer is that this won't work. If the content is served off of an HTTPS site that generates any kind of error/prompt (authentication, invalid certificate, etc.) the plugin will simply not load the content.
Interestingly, the desktop client works fine and prompts the user for credentials if necessary. However, neither client will allow content to be served off of site with an untrusted certificate.
The only workaround that I have found is:
Use a trusted HTTPS certificate on the server hosting the content (either trust the certificate on the client systems or just use a real certificate.)
Do not use HTTPS basic auth as that will always generate 401/Challenge responses which the web browser client will simply ignore
If authentication is a requirement, use NTLM authentication and common (e.g., domain) logins. If you load the plugin in Interent Explorer (or in a .NET WebBrowserControl) the authentication will be handled properly and the images will show up.
I was at a Google Earth administrator's training last week and the trainer confirmed this "bug". It is supposed to be fixed in the next version of the plugin (it may actually be fixed already -- what version of the plugin are you using?)

Using Oauth with YouTube api

I am trying to add OAuth athentication with to access YouTube, but how do I add localhost as domain?
For example on domain registration page here, I want to use localhost, since I am developing this application locally.
Please help me or suggest me alternative ways
Thank you
P.S. I also added this question on https://webapps.stackexchange.com/, but not sure about community activity there so please ignore
Obviously you can't register 'localhost' for authentication since it is merely an alias. If you want to use OAuth with any Google service, you'll have to have a domain. If you're developing a desktop app, there is a workaround (this may actually work for all but I didn't try):
You can actually sign your OAuth requests without registering your domain with Google by creating a signature using HMAC-SHA1, a consumer key of "anonymous" and a consumer secret of "anonymous". Just make sure you have the appropriate signature base string for your requests.
http://code.google.com/apis/accounts/docs/OAuth_ref.html#SigningOAuth
On the page in Google's APIs console where you provide redirect URIs for your app, you can use localhost. Or you can give another name to localhost in your /etc/hosts file like this:
127.0.0.1 localhost myname.madeupdomain.net