I am trying to create a group using Gitlab CE 12.4.3
The api token is the one generated by the admin account in Gitlab. SO this account has the permission to create groups
curl --header "PRIVATE-TOKEN: 6czXYzu1j7dD16PqtiZw" -d
"name=TEST&path=test" -X POST https://mygitlabserver/api/v4/groups
{"message":"403 Forbidden"}
I get an error message saying that it is forbidden.
The token is correct as I manage to list the projects or groups if I do :
curl --header "PRIVATE-TOKEN: 6czXYzu1j7dD16PqtiZw" -X GET
https://mygitlabserver/api/v4/groups
or
curl --header "PRIVATE-TOKEN: 6czXYzu1j7dD16PqtiZw" -X GET
https://mygitlabserver/api/v4/projects
the root cause is that the gitlab_rails['gitlab_default_can_create_group'] was set to false and even if I was able to create a group via the web interface via the user "Administrator", the creation was forbidden via the API.
I had to change the settings for the account administrator and allow it to create a group
Related
I am looking at the Cloudflare API to grab a list of domains in our Cloudflare account.
Where do I grab the Cloudflare "X-Auth-Key" from so I can run the following command:
curl.exe -X GET "https://api.cloudflare.com/client/v4/zones" -H "X-Auth-Email: xx#xx.com" -H "X-Auth-Key: xxx" -H "Content-Type: application/json";
Thanks,
Steve
In order to get a key provided to X-Auth-Key you need to register here
Once registered, go to My profile -> API Tokens tab, there you will be able to generate a key using Create token button.
I am attempting to connect to the Rundeck API using CURL but I am getting a 401 Unauthorized error:
curl --insecure --location --request GET 'https://rundeck.example.com' --header 'Accept: application/json' --header 'X-Rundeck-Auth-Token: xyz'
401 Authorization Required
Authorization Required This server could not verify that
you are authorized to access the document requested. Either you
supplied the wrong credentials (e.g., bad password), or your browser
doesn't understand how to supply the credentials required.
Apache/2.2.15 (Oracle) Server at rundeck.example.com Port
80
If I try it using my username, it works.
curl --insecure --location -u 123456789 -p password --request GET 'https://rundeck.example.com' --header 'Accept: application/json' --header 'X-Rundeck-Auth-Token: xyz'
I created the auth token on Rundeck using my personal user that has admin privileges.
Please note that I have set up LDAP at web server level (httpd.conf) and control user access from there.
To access API you need to specify some action (for example: run a job, get metrics, etc.)
For example, get the instance metrics:
curl --location --request GET "http://yourhost:4440/api/34/metrics/metrics" --header "Accept: application/json" --header "X-Rundeck-Auth-Token: C8nVU5AhdzpQ8ucBeMG1ITFvSfaKCw6u"
Here you have a lot of examples.
I need to authenticate admin user via curl command so I can pragmatically add,delete, modify users in wso2
I can call the api end points for user add/mod/delete no problem. But without being able to first authenticate to wso2 it is all for naught. When I send the curl command I get no response back, and nothing shows in the logs.
This is my basic curl command, right out of the books:
curl -X POST "https://xxxxxxx.com:9443/login/portal" -H "Content-Type: application/x-form-urlencoded" -d "username=uid&password=foo&grantType=password"
You can use SCIM APIs with basic authentication to manage users.
If you want to use OAuth2 tokens, you can get them like this.
curl -k -d "grant_type=password&username=<username>&password=<password>"
-u <Consumer_key>:<Consumer_secret>
-H "Content-Type: application/x-www-form-urlencoded"
https://localhost:9443/oauth2/token
[1] https://docs.wso2.com/display/IS530/SCIM+1.1+APIs
I have been working on setting up authorization using keycloak, and have set up specific roles and permissions based on resources and but the JWT access token contains only the details about the roles and not the permission assigned to the user.
I want the access token to include permission details and have tried the methods on Keycloak documentation:
1) Using permission ticket cannot generate the ticket using
http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission
it shows:
{
"error": "invalid_bearer_token",
"error_description": "Could not obtain bearer access_token from request."
}
and thus cannot generate the RPT and get details of the permissions.
Also tried using the entitlement API.
2) Using entitlement API:
curl -X GET \
-H "Authorization: Bearer ${access_token}" \
"http://localhost:8080/auth/realms/hello-world-authz/authz/entitlement/${resource_server_id}"
I tried using postman and it shows 404 Not Found..
Can anyone show me the correct procedure to include the permission in the access token or generate the RPT correctly.
Keycloak provides a discovering document for Authorization Services. You can obtain from following url.
curl -X GET http://localhost:8080/auth/realms/{realm}/.well-known/uma2-configuration -H "Authorization: Bearer ${access_token}"
here localhost and 8080 are for keycloak host and port
error says token you are using is not valid for the client.
I was able to get RPT using below command
curl -X POST http://localhost:8080/auth/realms/${realm}/protocol/openid-connect/token -H "Authorization: Bearer ${access_token}" --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" --data "audience={resource_server_client_id}" --data "permission=Resource#Scope"
Keycloak responds to the client with the RPT
I was reading at
https://anypoint.mulesoft.com/apiplatform/anypoint-platform/#/portals/organizations/ae639f94-da46-42bc-9d51-180ec25cf994/apis/38784/versions/127446/pages/182856
because I want to automate Anypoint Runtime Manager enablement on lots of servers.
My plan is to use REST to get the proper registration token to be used to register a server into AMC. There are directions on the page:
To register a server you must first authenticate against the Anypoint Platform Authentication Manager and get an authentication token, with this token you need to obtain a registration token to be used to register a server into AMC.
I understand the first part and can get the authentication token, but I can't find a reference to how to get the registration token.
How can I get this token?
Thanks!
have you seen the Obtain the Server Registration Token part in the documentation?
take a look here, if you want to obtain a registration token by calling the REST API. There is a API endpoint called /servers/registrationToken
You can also get a registration token with the new anypoint-cli v2.x. This will combine several REST API calls for you. The command is:
runtime-mgr server token
You can type this in the interactive shell, or add this to the end of a stand-alone call from your favorite scripting environment. For example, if you have created a profile with your ANYPOINT_USERNAME, ANYPOINT_PASSWORD, and ANYPOINT_ORG, and ANYPOINT_ENV, you can then call:
anypoint-cli runtime-mgr server token
You can find the docs and installation instructions here: docs.mulesoft.com/runtime-manager/anypoint-platform-cli#runtime-mgr-server-token.
If you want to do this directly with the REST API, you'll have to make several calls:
POST a core services access_token from
anypoint.mulesoft.com/accounts/login
with the username and password in the BODY as a JSON object.
curl -X POST \
anypoint.mulesoft.com/accounts/login \
-H 'content-type: application/json' \
-d '{
"username":"yourUserName",
"password":"yourPassword"
}'
Store the response as a variable (let's call it {{access_token}}.
Copy this access_token in the header for every other API call: Key: Authorization, Value: bearer {{access_token}}
Obtain or store the organization ID in which you want to register the server. There's several ways to do this. The value is available via a GET request to
anypoint.mulesoft.com/accounts/api/me
curl -X GET \
anypoint.mulesoft.com/accounts/api/me \
-H 'authorization: bearer aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa'
You might want to use the JQ libraries to parse the organizationID from this JSON response.
Get the environment ID for the environment in which you want to register the Mule runtime (server) from a GET request to:
anypoint.mulesoft.com/accounts/api/organizations/{{organizationId}}/environments
curl -X GET \
https://anypoint.mulesoft.com/accounts/api/organizations/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/environments \
-H 'authorization: bearer aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' \
-H 'content-type: application/json'
Make a GET request to
anypoint.mulesoft.com/hybrid/api/v1/servers/registrationToken
With the headers X-ANYPNT-ORG-ID and X-ANYPNT-ENV-ID set:
curl -X GET \
anypoint.mulesoft.com/hybrid/api/v1/servers/registrationToken \
-H 'authorization: bearer aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' \
-H 'x-anypnt-env-id: cccccccc-cccc-cccc-cccc-cccccccccccc' \
-H 'x-anypnt-org-id: bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb'
This will return a registration token.
Then use this registration token with the amc_setup -H command
amc_setup -H {{registration_token}} Server-Name