What I want
I have a python backend application, using a service account, running in docker.
I have a cloud build trigger that is connected to a bitbucket repository. This trigger uses a webhook. For revision I use tags.
I want to trigger this webhook with my backend application. I want to provide a specific tag (using a placeholder variable).
I want the backend to give me a list of all available tags (like I get on the console.google.com frontend, see screenshot)
What I tried
I tried this API endpoint using a Bearer token (which works fine), but it doesn't provide me with a tag list: Source Repo API
curl https://sourcerepo.googleapis.com/v1/projects/<project>/repos/<repo>' --header "Authorization: Bearer $(gcloud auth print-access-token)" --header 'Accept: application/json'
Because it is possible to retrieve all tags in the cloud console, I used the developer tools to find the endpoint that provides me with all available tags:
https://console.cloud.google.com/m/source/repos/get?project=<project>&repo=<repo>
My issue here is that it takes cookies to authenticate, if I use the Bearer token it does not work.
Is it possible to authenticate my service account automatically against console.google.com to use this endpoint? Or is there another way to get a list of tags?
From what you have explained I understand that your concerns are:
1. If there is a way to get the list of tags from your repository that you are able to see in the GCP console using the endpoint that you have found.
The information that the console displays regarding tags do not come from any REST or gRPC API (the APIs provided by Google), but rather it comes directly from the git API. The console frontend runs a command similar to git tag in order to get the tags from your repository. The tags are not stored within the GCP system, the console only queries the git repo for the tags.
2. Can I authenticate with a service account on the console?
No. The APIs used by the web frontends (i.e. APIs starting with https://console.cloud.google.com) will only allow cookie authentication, which only user accounts can obtain. There is usually a way to translate a frontend API (https://console.cloud.google.com) to a GCP API (https://*.googleapis.com), where you can use regular authentication to retrieve the information. However,in this case, the tag information is not in a GCP API (but rather inside the git repo), so there is no translation available.
3. If there is another way to list the possible tags present in the repository?
I tried to reproduce your situation to find a way to be able to get the list of the tags present in one repository, in this case a Bitbucket repository, and I found that you will be able to get this data using the $ git tag command. In this documentation you will be able to find all the commands related to Repository tags.
Knowing this, after linking the Bitbucket Repository to my code, I was able to get the list of tags after using the $ git tag command.
Related
My server is a closed-network and i want to make a whitelist only for bigquery client and gsutil.
I have tried adding following url
https://cloud.google.com/bigquery
https://console.cloud.google.com/
But it turns out bigquery needs a little more url for authenticating purposes and many more. For example like the urls below
https://accounts.google.com/o/oauth2/auth
https://www.googleapis.com/oauth2/v1/certs
Does anyone know all the url that is used for bigquery-client and gsutil. Not only for authenticating but also for creating jobs and fetching data from storage
Per the official documentation you can see that the URL https://www.googleapis.com/auth/bigquery is the one used for BigQuery to authenticate:
#This is a Python example
appflow = flow.InstalledAppFlow.from_client_secrets_file(
"client_secrets.json", scopes=["https://www.googleapis.com/auth/bigquery"]
)
But, then you need to whitelist the URL for the API authorization of your project, for example:
curl -H "Authorization: Bearer $ACCESS_TOKEN" \
"https://www.googleapis.com/bigquery/v2/projects/$GOOGLE_CLOUD_PROJECT/datasets"
I recommend you to whitelist all of GCS/Google APIs or if you want to be more detailed deploy a firewall and see the traffic you are getting from GCS/BigQuery
I want to build a TTS application and I am using the Google TTS engine. However, when trying the examples such as
curl -H "Authorization: Bearer "$(gcloud auth print-access-token) -H "Content-Type: application/json; charset=utf-8" --data "{
'input':{
'text':'I\'ve added the event to your calendar.'
},
'voice':{
'languageCode':'en-gb',
'name':'en-GB-Standard-A',
'ssmlGender':'FEMALE'
},
'audioConfig':{
'audioEncoding':'MP3'
}
}" "https://texttospeech.googleapis.com/v1/text:synthesize"
I get Error code 403 telling me that Cloud Text-to-Speech API has not been used in project 32555940559 before or it is disabled. Now the problem is that it mentions the project number 32555... but I want to use another project which has the TTS API switched on. Now you might suggest that I switch to the correct project, but I have done that -- when I type gcloud config list, it tells me that I am using the correct project (with project number different from the 32555...).
Where is the problem? Why is it trying to use a different project from the one that I am currently using?
You need to use "gcloud auth app-default print-access-token" (and use a dedicated service account as specified in the docs).
32555940559 is a CLOUDSDK_CLIENT_ID that comes with gcloud. And app-default has its own client_id as well. It's still now clear how Google API distinguishes between the two, unless it checks for hard-coded app-default client ID (from gcloud SDK).
It's also not clear how gcloud command line still manages to use speech API without a dedicated service account.
On a related note, since I had this same issue (API has not been used in project before or it is disabled "32555940559") in a Python virtual environment using gcloud SDKs (not curl).
Solved by running:
gcloud auth application-default login
(using gcloud auth login did not solve it).
For gcloud, the root cause might also be related to missing:
GOOGLE_CLOUD_PROJECT or GOOGLE_APPLICATION_CREDENTIALS environment variables.
So, I'm build an API System. I want to use KeyCloak for authentication as well as user management because it has a nice access control. I'm integrating it with Ktor and I want my user to use their own UI. Or at least, I want to make the UI.
I've read about Theme Customization but that's not what I want. I also come to know that the KeyCloak UI is tightly integrated within their code. I was just hoping to know if at least when one of the client app is a mobile app, would I be able to use for example android UI for the whole login flow?
If it's not possible which I think it's unlikely to be possible, is there any other library or framework for access control, prefereably one that work with Ktor?
If you do not want to use Keycloak UI nor create your own custom themes, you can leverage the Resource Owner Password Credentials Grant flow.
For this create a new or use an existing confidential client. Make sure to toggle the Direct Access Grants Enabled switch to ON.
After this obtain a token from your client (web page, CLI, mobile). Here I'm using curl and jq for simplicity:
KCHOST=https://yourkeycloak.com
REALM=your-realm
CLIENT_ID=your-confidential-client
CLIENT_SECRET=xxxxxxx-yyyyyyyy-zzzzzzzzz
ACCESS_TOKEN=`curl \
-d "client_id=$CLIENT_ID" -d "client_secret=$CLIENT_SECRET" \
-d "grant_type=client_credentials" \
"$KCHOST/auth/realms/$REALM/protocol/openid-connect/token" | jq -r '.access_token'`
P.S. For debugging I have created a CLI tool called brauzie that
can help you fetch and analyse your JWT tokens (scopes, roles, etc.). It could
be used for both public and confidential clients. You could as well
use Postman and https://jwt.io
HTH :)
You can also use the Keycloak Admin Client as described here.
I put tag information in tags in provider of serverless.yml. After executing sls deploy, I checked lambda from console of AWS, tag setting was done. However, when we confirmed the apigateway from AWS' console, the tag information was empty.
How can I tag information to the API gateway resource?
Tags for API Gateway arrived after serverless' core functionality was developed.
There is an open issue on Github discussing the inclusion of this functionality.
Right now you'll have to use the serverless-tag-api-gateway plugin to manually add tags to these resources.
As all I want to do is connect to my own site, I should be able to ignore oAuth and do token-baseed authentication as per:
http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-token.html
My curl request looks exactly like:
curl -X POST "https://magento.host/index.php/rest/V1/integration/admin/token" \
-H "Content-Type:application/json" \
-d '{"username":"test#example.com", "password":"123123q"}'
The response I get is a HTML page from my own site that basically says 'page not found' I'm obviously going to the correct domain, but it seems something else in the URL is incorrect. Any ideas?
Am I using the wrong URL?
In version 1.9 you need to create a Guest endpoint. Then you don't need to use oAuth. You can see how to use it here: http://devdocs.magento.com/guides/m1x/api/rest/introduction.html
An authentication system that uses REST so that you do not need to actually track or manage the users in your system. This is done by using the HTTP methods POST, GET, PUT, DELETE. We take these 4 methods and think of them in terms of database interaction as CREATE, READ, UPDATE, DELETE.
There is no direct way to use REST token based authentication on the Magento 1.x version. You need to write this functionality to you for your own. I have write this functionality by using REST API and you can also follow this article for more details.
https://www.ipragmatech.com/magento-token-base-rest-api-for-authentication-and-authorization