I would like to use the Nexus 3 api to change the admin default password as well as the email address using groovy. But I don't understand how to set the password using the groovy api. Can someone provide an example of how to do this?
Summary
You can use the REST API to both update user information and change their password. This includes the admin user.
Nexus REST API: Update user information
The default admin user-data.json in my instance is the following:
{
"userId": "admin",
"firstName": "Administrator",
"lastName": "User",
"emailAddress": "admin#example.org",
"source": "default",
"status": "active",
"readOnly": false,
"roles": [
"nx-admin"
],
"externalRoles": []
}
Update the user-data.json to your desired values and use curl with the REST API.
NX_PASSWORD="admin user password"
curl -ifu admin:"${NX_PASSWORD}" \
-XPUT -H 'Content-Type: application/json' \
--data "$(< user-data.json)" \
<nexus base URL>/service/rest/v1/security/users/admin
Nexus REST API: Change password
You'll want to use the Security Management API.
See Nexus 3 backend source code.
OLD_PASSWORD="nexus admin password"
NEW_PASSWORD="your new password"
curl -ifu admin:"${OLD_PASSWORD}" \
-XPUT -H 'Content-Type: text/plain' \
--data "${NEW_PASSWORD}" \
<nexus base URL>/service/rest/v1/security/users/admin/change-password
Screenshot of Nexus documentation
This documentation is only available on a running Nexus instance. You can view this API on your own running Nexus instance by visiting:
Menu: System configuration > System > API.
Old way: Change password during initial onboarding
This only works during initial onboarding. You should definitely not use this method. Just documenting for completeness.
This section is for changing the initial password during onboarding.
Referencing Nexus source
Frontend code
Backend code
You can change the admin user password with a single curl command.
OLD_PASSWORD="initial nexus password"
NEW_PASSWORD="somepass"
curl -ifu admin:"${OLD_PASSWORD}" \
-XPUT -H 'Content-Type: text/plain' \
--data "${NEW_PASSWORD}" \
<nexus base URL>/service/rest/internal/ui/onboarding/change-admin-password
I originally thought changePassword was deprecated, but I was mistaken. Here is an example of updating admin email address and changing the password:
def user = security.securitySystem.getUser('admin')
user.setEmailAddress('admin#mycompany.com')
security.securitySystem.updateUser(user)
security.securitySystem.changePassword('admin','admin456')
Sonatype Nexus has change-admin-password internal api to update the admin password, but its not straight forward to use, it's using the session id that's created with the /service/rapture/session endpoint.
curl -v 'https://<hostname>/service/rapture/session' --data 'username=<base64 username>&password=<base64 password>'
curl -v -X PUT 'https://<hostname>/service/rest/internal/ui/onboarding/change-admin-password' -H 'cookie: <NXSESSIONID form the above response>' --data '<plain text password>'
Reference:
https://github.com/sonatype/nexus-public/blob/9b177ab50bd7f8470b08247b146da459170ecc8f/plugins/nexus-onboarding-plugin/src/main/resources/static/rapture/NX/onboarding/step/ChangeAdminPasswordStep.js#L50
Install the nexus3 cli:
pip install nexus3-cli
Get the first initial password (Assuming Nexus is running in docker):
docker exec nexus cat /nexus-data/admin.password
Set environment variables:
export NEXUS3_PASSWORD=<PASSWORD FROM PREVIOUS STEP>
export NEXUS3_USERNAME=<USERNAME>
export NEXUS3_URL=<URL>
Allow remote script execution by updating /nexus-data/etc/nexus.properties and appending the below line:
nexus.scripts.allowCreation=true
Restart nexus service to reload the last change:
docker container restart <nexus>
Create a file reset-password.groovy with the following contents (Thanks to #Dennis Hoer) :
def user = security.securitySystem.getUser('admin')
user.setEmailAddress('admin#mycompany.com')
security.securitySystem.updateUser(user)
security.securitySystem.changePassword('admin','admin456')
From command line create the script and run the script to reset the password of admin:
nexus3 script create --script-type groovy passreset reset-password.groovy
nexus3 script run passreset
The password is now reset
Related
I'm facing a very odd problem that I can't use any user inside (_users) database to create a session through the route (/_session). It's always giving me error (bad credentials). It used to work fine in couchdb 1.6.1
For normal couchdb adminstrators, it works fine :
$ curl -X POST http://localhost:5984/_session -d 'name=my_main_admin&password=******'
{"ok":true,"name":"my_main_admin","roles":["_admin"]}
However for couchdb users (stored in _users), it doesn't work. I don't think it's about the roles.
So I first create the user :
$ curl -s -H "Content-Type: application/json" -X PUT "http://my_main_admin:*****#127.0.0.1:5984/_node/_local/_users/org.couchdb.user:my_new_user" --data '{"name": "my_new_user", "password": "my_new_user", "roles": [], "type": "user"}'
{"ok":true,"id":"org.couchdb.user:my_new_user","rev":"1-f1fa0870666d17d7324e54128dfbcacb"}
Then if I try to use this user to create a session, it never works :
$ curl -X POST http://localhost:5984/_session -d 'name=my_new_user&password=my_new_user'
{"error":"unauthorized","reason":"Name or password is incorrect."}
My CouchDB config looks fine :
"couch_httpd_auth": {
"allow_persistent_cookies": "true",
"auth_cache_size": "50",
"authentication_db": "_users",
"authentication_redirect": "/_utils/session.html",
"iterations": "10",
"require_valid_user": "false"
I used to create sessions with normal users on couchdb 1.6.1 , but it has never worked since I installed couchdb 3.1.1 . I can't find any relevant info in the documentation.
Am I missing something?
The problem is that you are creating the user through the _node/_local interface. The user should be created via the clustered API on the _users clustered database.
$ curl -s -H "Content-Type: application/json" -X PUT \
"http://my_main_admin:*****#127.0.0.1:5984/_users/org.couchdb.user:my_new_user" \
--data '{"name": "my_new_user", "password": "my_new_user", "roles": [], "type": "user"}' \
/
Now you should be able to log in with the new user using the _session endpoint.
I followed this page to practice GitHub API and try to edit my profile
https://docs.github.com/en/rest/reference/users
curl -X PATCH -H "Accept: application/vnd.github.v3+json" -H "Authorization: token MyToken" https://api.github.com/user -d '{"name":"myname"}'
But got the error message:
{
"message": "Not Found",
"documentation_url": "https://docs.github.com/rest/reference/users#update-the-authenticated-user"
}
I am very new to GitHub API, any help is appreciated!
As long as you have replaced MyToken by an actual PAT (Personal Access Token), registered to your account, this should work.
It should update the authenticate user.
Check first its old name (before renaming it) does exist with curl and its write outs:
curl -w '%{response_code}' 'https://api.github.com/users/<username>'
... Unless you are part of an organization that enforces SAML SSO for authentication, : see "Authenticating for SAML SSO".
But I suspect this is not your case.
The OP ITnewbie confirms in the comments it was a scope issue
Removed and regenerate the token which includes all permission, then it's work!
iqbal was, in the comments, following the "Get your own user profile" GitHub REST API tutorial.
When I changed the url from
curl -i -u your_username:your_token api.github.com/<<your user name>> to
curl -i -u your_username:your_token api.github.com/users/<<your user name>>, it worked.
I'm trying to use curl to log into an Okta-enabled site providing the user name & password using the parameter -u {username:password} and all I get back is the html content of the Okta redirect page.
How can I login into the app by providing my Okta credentials using curl?
You can use the following script, assuming you have installed jq (https://stedolan.github.io/jq/download):
sessionToken=$(curl -X POST -H "Accept: application/json" -H "Content-Type:
application/json" -d '{
"username": "[okta_username]",
"password": "[password]",
"options": {
"multiOptionalFactorEnroll": true,
"warnBeforePasswordExpired": true
}
}' "https://[yourorg].oktapreview.com/api/v1/authn" | jq '.sessionToken' -r)
curl -X GET "https://[yourorg].oktapreview.com/login/sessionCookieRedirect?token=${sessionToken}&redirectUrl=http://blah" -c "okta-cookie"
curl -X GET [OKTA_EMBED_LINK] -b "okta-cookie" -L -v
From the last line, you will need to grab the SAMLResponse form parameter and submit it to the action url of the same form.
I hope this helps!
I am new to openstack, trying to use Ceilometer python API to pull some data from a testbed server, I am accessing the server from a remote site
the problem is that I cannot figure out how get the an authorization token
I used the following command
curl -i 'http://HOST:8774/' -X POST -H "Content-Type: application/json" -H "Accept: application/json" -d/tokens auth": {"tenantName": "project", "passwordCredentials": {"username": "user", "password": "password"}}}'
But it does not give me anything,
curl -X GET -H "X-Auth-Token:$MY_TOKEN" http://HOST:8774/tokens
also does not give me any token
From your use of port 8774 I suspect you might be using DevStack. Try this
curl -s -X POST http://$OPENSTACK_KEYSTONE_HOST:5000/v2.0/tokens -d '{"auth": {"passwordCredentials": {"username":"my-username", "password":"my-password"}, "tenantName":"my-tenantName"}}
In DevStack Keystone (the auth service you get tokens from) is running on port 5000 by default. This may or may not be true in your case. Ask your friendly OpenStack operator what host (and port) Keystone is running on and put that in place of $OPENSTACK_KEYSTONE_HOST:5000
I am using mmc for deployment of mule based application. All deployed application through mmc goes to apps directory under mule server. If I put an application directly under mule-server/apps, launch the application, application runs successfully, but I am not able to view the deployment details in mmc. Where I need to make the changes in mule server to view the deployed application details in mmc?
I need to make a auto deployment through shell script. For this, I am creating a sample project, create zip file, copy this zip file under mule server apps direction. Finally, once mmc is launched, I need to see the deployed application in mmc for viewing flows, running application, flow analyzer etc.
EDIT
Based on answer given below to deploy a new application, I have given my url as:
curl --basic -u admin:admin -F file=#C:/apps/testserver-1.0.0-SNAPSHOT.zip -F name=test-app -F version=2.0 --header 'Content-Type: multipart/form-data' http://almule1.ux.corp.local:8585/mmc/api/repository
Response I received:
curl: (6) Could not resolve host: multipart {"versionId":"local$5015b8d6-b149-4245-a218-55c12aecc8e7","applicationId":"local$74616cb9-9ecb-4fd6-b167-bf153c8e59fb"}
I am using windows env to deploy in unix server.
MMC retrieves information from Mule ESB, so you shouldn't make any changes. Anyway I think that deploying an application outside MMC is not a good idea. For scripting purposes I would prefer to use MMC Deployments REST API. You can deploy an application by simply running:
Upload zipped application
This uploads your application to MMC.
curl --basic -u admin:admin -F file=#my-zipped-app.zip -F name=test-app -F version=2.0 --header 'Content-Type: multipart/form-data' http://localhost:8080/mmc/api/repository
List available servers
curl --basic -u admin:admin http://localhost:8080/mmc-console-3.4.0/api/servers
There you should get the server Id (let's suppose it is local$26f2fea8-3b7c-45a7-84a8-d1509e73fca4), then use it in this command:
Create deployment
Before starting your application you need to create a deployment telling MMC to which server, and the id of the uploaded application.
curl --basic -u admin:admin -d '{"name" : "ExampleDeployment" , "servers": [ "local$26f2fea8-3b7c-45a7-84a8-d1509e73fca4" ], "applications": [ "local$32bb47d3-d180-4bb9-8906-2378dad9ae21" ]}' --header 'Content-Type: application/json' http://localhost:8080/mmc/api/deployments
Perform deploy
Once you have a server and a deployment you can finally start the application.
curl --basic -u admin:admin -X POST 'http://localhost:8080/mmc/api/deployments/local$97e3c184-09ed-423e-a5a5-9b94713a9e36/deploy'
Here is the auto deployment on windows environment which deploys in Unix server.
Application Name: testserver-1.0.zip
step1: Upload
curl --basic -u admin:admin -F file=#C:/apps/testserver-1.0.zip -F name=auto-deploy-server -F version=1.0 --header "Content-Type: multipart/form-data" http://allmule1.ux.corp.local:8585/mmc/api/repository
Response:
{"versionId":"local$fd507b45-25c2-4cc9-afe9-9f020f685867","applicationId":"local$47bcf1f3-72bc-4c08-ba50-4fe33422199c"}
step2: Get server details:
curl --basic -u admin:admin http://allmule1.ux.corp.local:8585/mmc/api/servers
Response:
{"total":1,"data":[{"agents":[{......,"agentUrl":"https://localhost:7777/mmc-support","version":"3.4.2","name":"Mule-3.4.2","id":"local$5a6c4f81-7b35-425d-95bd-200224f60a2b"}]}
Note: Here server id is: local$5a6c4f81-7b35-425d-95bd-200224f60a2b
Get the VERSION ID (not application id) from step 1
step3: deployments
curl --basic -u admin:admin -d "{\"name\" : \"Auto-Deployment\" , \"servers\": [ \"local$5a6c4f81-7b35-425d-95bd-200224f60a2b\" ], \"applications\": [ \"local$fd507b45-25c2-4cc9-afe9-9f020f685867\" ]}" --header "Content-Type: application/json" http://allmule1.ux.corp.local:8585/mmc/api/deployments
Response:
{"applications":["local$fd...,"name":"Auto-Deployment","id":"local$9062bbe7-75ab-4658-b021-8314b1681511","lastModified":"Wed, 18 Jun 2014 12:27:30.610 PDT"}
Note here Deployment Id: local$9062bbe7-75ab-4658-b021-8314b1681511
Step4: Deploy
curl --basic -u admin:admin -X POST http://allmule1.ux.corp.local:8585/mmc/api/deployments/local$9062bbe7-75ab-4658-b021-8314b1681511/deploy
Response: The deployments were deployed
verify your server console, application might have deployed.
Redeploy
curl --basic -u admin:admin -X POST http://allmule1.ux.corp.local:8585/mmc/api/deployments/local$9062bbe7-75ab-4658-b021-8314b1681511/redeploy
Undeploy:
curl --basic -u admin:admin -X POST http://allmule1.ux.corp.local:8585/mmc/api/deployments/local$9062bbe7-75ab-4658-b021-8314b1681511/undeploy
Automated Deployment with Mule Management Console and Maven
https://dzone.com/articles/automated-deployment-mule?mz=38541-devops