I'm testing Elasticsearch in development mode with docker official image.
The basic install is based on X_pack and basic authentication.
Everything works fine by performing curl like:
curl -XPUT -u elastic:elasticpassword "http://localhost:9200/movies/movie/1" -d'
{
"title": "The Godfather",
"director": "Francis Ford Coppola",
"year": 1972, "user":"elastic", "password":"changeme"
}'
But is there a way to perform a token request (with user and password) and then query Elasticsearch with the token. Instead of having to specify user/password every time I perform a query?
The default X_Pack in docker image has Basic authentication enabled. Which is what your are using. The token for the same is base64(user:password). You can generate the same using http://base64encode.org and inputing :.
In curl there are two ways to call Basic auth URLs
curl -XPUT -u elastic:elasticpassword "http://localhost:9200/movies/movie/1" -d''
which you have already been using
curl -H "Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ==" -XPUT "http://localhost:9200/movies/movie/1" -d'....'
Now if your problem is putting in this again and again then you better create a alias in your bash profile like below
alias curles='curl -u elastic:elasticpassword'
After that you can call your commands as below
curles -XPUT "http://localhost:9200/movies/movie/1" -d''
Cutting out a lot of my original answer because you could argue it's all local, but leaving one major complaint about security here:
Definitely don't go to base64encode.org and enter your username:password. The very fact that it is suggested here on StackOverflow makes that site now (sadly for the owners) and incredibly juicy hacking target to compromise since they know people are going there.
curl -X GET --user myuser:mypassword "http://elasticsearch:9200/_cluster/health?pretty"
In my case above curl helped
{
"cluster_name" : "elasticsearch",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 16,
"active_shards" : 16,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
Further to Taran's answer, if you want to generate base64 token, you can do so by the following command:
echo -n 'username:pass' | openssl base64
Related
I use the GCP Text-to-Speech API to create greetings and interactive menus that are played to phone customers who call into businesses. I have successfully used the Text-to-Speech API in the past using this Google quick-start: Google Cloud Text-to-Speech
I used the same quick-start guide again for a new organization and project but I keep getting an invalid key error which I have been unable to debug.
Here are the commands I have used to invoke the service and the results:
# curl -X POST \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)”\
-H "Content-Type: application/json; charset=utf-8" \
-d #request.json \
https://texttospeech.googleapis.com/v1/text:synthesize > synthesize-output-base64.txt
{
"error": {
"code": 403,
"message": "The request is missing a valid API key.",
"status": "PERMISSION_DENIED"
}
}
I tried again with a different authentication header:
# curl -X POST \
-H "X-Goog-Api-Key:***my_API_key***.json" \
-H "Content-Type: application/json; charset=utf-8" \
-d #request.json \
https://texttospeech.googleapis.com/v1/text:synthesize > synthesize-output-base64.txt
{
"error": {
"code": 400,
"message": "API key not valid. Please pass a valid API key.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "API_KEY_INVALID",
"domain": "googleapis.com",
"metadata": {
"service": "texttospeech.googleapis.com"
}
}
]
}
}
I have re-verified the following configurations:
The Text-to-Speech API is enabled for my project.
The credential (service account) I am attempting to use is listed with the Text-to-Speech API as compatible. I verified that that service account key is the key that was used in the attempted authentications.
I compared my configuration on GCP with another working configuration I manage for a different company. There are no differences I can see.
I compared my key and the other company's working key and they are identical except for the specific user data.
The billing account for the project is active with valid payment card in place.
These two links were helpful but did not clear up the problem:
Google Cloud Text-to-Speech API - permission error
Google Cloud Text to Speech INVALID API KEY
Any help on this issue would be very appreciated!
The solution to this problem is to install the Google Cloud SDK.
The CLI was missing so the returned output from gcloud auth application-default print-access-token was an error.
I enabled the Cloud Text-to-Speech API
I created a service account with Editor role.
Note: Ensure you have set the GOOGLE_APPLICATION_CREDENTIALS environment variable to your service account private key file path.
Save the request body in a file called request.json,
Execute the following command:
curl -X POST \
-H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \
-H "Content-Type: application/json; charset=utf-8" \
-d #request.json \
https://texttospeech.googleapis.com/v1/text:synthesize
Response body
{
"audioContent": "//NExAARcrn0ABhEudAgAjuem7vohckY3IAFgWvxrBkAD//ARvqc/QhCZ/6EJO6E9Dvo2cjHPQhLfWQ/rTU7yEznsoGBn8hJz5xbQiOgEfwDzD1DVARLPlzGNXylbM8s//NExA0SCnoAAUIQAd8vlrM9DPR//6t5fpUpS
sk3MbzGUvMhqOpdSsjmcpeY2Zz ...................
}
Everything worked as expected
I am trying to enable kv secret engine at secret path in my vault setup..
I can easily do it using CLI
vault secrets enable -path=secret kv
But I have to make it work using Vault's HTTP APIs.
I have gone through documentation but could not find any endpoint for the above command.
Thanks in advance
This is covered under the System Backend/sys/mounts API reference page.
Issue a POST request to /v1/sys/mounts/<mountpoint> with a payload containing the type (kv) and various configuration options. For KV, you probably want to specify version: 2 (or type kv-v2) unless you want to stick to V1.
See the above link for details on the possible parameters.
Here is the example from the docs:
payload.json:
{
"type": "aws",
"config": {
"force_no_cache": true
}
}
Request:
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data #payload.json \
http://127.0.0.1:8200/v1/sys/mounts/my-mount
I need to generate a link from a C# backend and I am using the Rest API.
This works for the example provided here and it do create a link when I am using our own branch_key.
curl -X POST \
\
-H "Content-Type: application/json" \
\
-d '{"branch_key":"key_live_feebgAAhbH9Tv85H5wLQhpdaefiZv5Dv", "campaign":"new_product_annoucement", "channel":"email", "tags":["monday", "test123"], "data":"{\"name\": \"Alex\", \"email\": \"alex#branch.io\", \"user_id\": \"12346\", \"$deeplink_path\": \"article/jan/123\", \"$desktop_url\": \"https://branch.io\"}"}' \
\
https://api.branch.io/v1/url
Then I would like to see the status of the Deep Linking URL.
Then I use the following - and it works well for the example provided, but not for our own branch_key with the right campaign and channel.
GET https://api.branch.io/v1/url?url=https%3A%2F%2Fbnc.lt%2Fm%2F7IhbRIjjmp&branch_key=key_live_lceUuShIL0u4VHJv8BwEQmaitBfAXqCZ
I did change ":", "//" with %3A and %2F.
And Branch Key if for live and test, right?
It returns:
{
"error": {
"code": 404,
"message": "The resource you were looking for could not be found."
}
}
Live or test
Do you know why?
Thanks in advance
I'm trying to create container in bluemix with API as it in http://ccsapi-doc.mybluemix.net In the document it mentions:
When using the API with the new model, the following HTTP headers shall be provided:
X-Auth-Token = Bluemix JWT Token
X-Auth-Project-Id = Space GUID
But I have no idea how to get or generate the Bluemix JWT Token. Can someone help me ?
You can get X-Auth-Token by cf oauth-token command. Then copy and paste rest of the part after bearer. And you also can get X-Auth-Project-Id by cf space --guid <space Name>. Please see below commands;
$ cf login -a api.<region>.bluemix.net -u <space name> -o <org name> -s <space name>
$ cf ic login
$ cf oauth-token
$ cf space <space-name> --guid (space name where the container exists)
Try expanding the Authentication section on that page and the "Get TLS Certificate" to show more info
When you enter the values and click "try it out" you will see additional output generated with token info.
This is an alternative Method:
You can retrieve X-Auth-Token and X-Auth-Project-Id with this command:
cf login
CF_TRACE=true cf ic login
Copy all output in a .txt file and search for X-Auth-Token and X-Auth-Project-Id
here there is a simple example:
curl -X GET --header "Accept: application/json" --header "X-Auth-Token: asdlkfajdfdkaldkjfskl239049283049jsdfjksl29304" --header "X-Auth-Project-Id: sdfadf-0090-43ef-22932-23434234" "https://containers-api.ng.bluemix.net/v3/containers/quota"
Response:
The output of API is like this:
{
"account_type": "TRIAL",
"country_code": "ITA",
"org_quota": {
"floating_ips_max": "2",
"floating_ips_space_default": "2",
"floating_ips_usage": 2,
"ram_max": "2048",
"ram_space_default": "2048",
"ram_usage": 2048,
"subnet_usage": -1,
"subnets_default": "5",
"subnets_max": 0
},
"space_quota": {
"floating_ips_max": 2,
"ram_max": 2048,
"subnets_max": -1
}
I'm working on an app using Pushbullet's API, but I'm running into odd errors when running through the sample code at https://docs.pushbullet.com/v2/pushes/.
I'm executing the following cURL command (in Windows):
curl -k -u <MY_API_KEY>: -X POST https://api.pushbullet.com/v2/pushes --header 'Content-Type: application/json' --data-binary '{"type": "note", "title": "Note Title", "body": "Note Body"}'
...but it keeps generating the following error:
{"error": {"type":"invalid_request","message":"The param 'type' has an invalid value.","param":"type","cat":"\u003e:3"}}
It also produces this error:
The other commands for the other endpoints in the documentation work fine...it's just this one.
Got any suggestions? Thanks for the help! :)
It looks like windows doesn't support those kinds of quotes on the command line. Here's an example that works:
curl https://api.pushbullet.com/v2/pushes -X POST -u <access token>: --header "Content-Type: application/json" --data-binary "{\"type\": \"note\", \"title\":\"Note Title\", \"body\": \"Note Body\"}"
I think I'm going to try to replace the curl examples with something that has less confusing behavior.
I figured it out - I don't really know why, but the cURL command wasn't working through the DOS prompt, and also wasn't working using the Postman REST client for Chrome, but I got it working in the DHC extension for Chrome. The trick was setting the Authorization header to "Basic", which resolves the Pushbullet access token to some other form, and makes a successful the HTTP request.
Hope this helps someone down the road if they run into this on Windows!