Here is information about our technical environment:
Hasura GraphQL Current server version: v2.6.2-pro.1
Hasura CLI version 2.15.0
We log onto the Hasura GraphQL Web UI Console using our Windows Active Directory Login (essentially Single-SignOn SSO) (therefore,
we do not have an admin secret)
However, the official Hasura GraphQL Technical Tutorial Guide only gives examples showing the admin secret being supplied in the Hasura CLI command line console arguments (https://hasura.io/docs/latest/migrations-metadata-seeds/migrations-metadata-setup/)
hasura init demo-project --endpoint https://docs-demo.hasura.app --admin-secret mySecret
How can I go about using Hasura CLI to export metadata via Windows Active Directory Login? (I would be interested in Hasura CLI command line examples).
as of now you’ll have to set an admin secret via environment variables and use that via the CLI. Please file a feature request via Github if you need this so we can get it tracked and prioritized.
Related
Upgraded influxDb from v1.8.10 to v2.3.0+SNAPSHOT.090f681737 with below command
(https://docs.influxdata.com/influxdb/v2.3/upgrade/v1-to-v2/automatic-upgrade/)
influxd upgrade --username='admin' --password='adminpass1234' --org='test' --bucket='testbucket' --force
Now trying to get or create token of influxdb with CLI commands to process with other command(like creating buckets, users and etc). To create new token I need to pass token which is only available in Influx Dashboard right now, I would like to pass username and password but only token is option (https://docs.influxdata.com/influxdb/v2.3/security/tokens/create-token/)
influx v1 auth create -username admin
I don't want to go to influxdb dashboard page and get token from there because my script should work automatically without depending any manual actions in UI. It's ansible script.
Don't know if there is a any option which can help to solve this problem.
Client config should be created during upgrade, you can list it, the output contains the token
influx config ls --json
I got the following error when trying to use a Notary client to get the digest of a signed image in my IBM Container Registry. Can anyone advise how to solve it?
# notary -s https://us.icr.io:4443 lookup us.icr.io/securek8s/hello-world latest
* fatal: unauthorized: The login credentials are not valid, or your IBM Cloud account is not active.
BTW, I built the Notary client from https://github.com/theupdateframework/notary
Notary uses your credentials from your Docker login cache. The error message that you received suggests that your login to us.icr.io isn't valid. This usually means that your credentials have expired.
If you have the ibmcloud CLI and the container-registry plugin installed, you can refresh your login by making sure that you're targeting the US South registry (ibmcloud cr region-set us.icr.io) and then logging in with ibmcloud cr login.
If you don't have the CLI plugin installed, you can log in using Docker commands directly. For more information, see Automating access to IBM Cloud Container Registry
in the IBM Cloud docs.
I am configuring rundeck to issue api calls to the google cloud compute api
I have tried both basic and oath 2.0 for authentication
Has anyone gotten this to work
You have two options:
Configure the google cloud CLI tool for "rundeck" user, (home at /var/lib/rundeck) or:
Use local sudo rundeck plugin to call the command using the user profile which you have the google cloud CLI configured.
In the first option you can use command steps/script steps to call the Google Cloud CLI tool and in the second one using the Local Command Workflow Step and the Local Script Workflow Step.
I am using aws toolkit for eclipse 2.0. using the options ( window -> preference -> aws toolkit) I have configured IAM/login user api access key id and secret access key. According to our aws configuration, this IAM user has to assume role to view/access any resources in our environment.
I am able to access AWS CLI with different profiles. In a credentials file I define a [profile] section with the aws secret key and access key.
Then in the config file I define a [profile <profile_name>] section and reference it with source_profile=<profile_name>
This doesn't seem to be recognized in AWS Toolkit 2.0 for eclipse? I even tried copying and pasting the profile section from the config file to the credentials file and it still doesn't work?
Does awstk 2.0 not support switching / assuming roles for a login?
Looks like I figured it out with help from an AWS expert. Basically you do 2 things:
generate an AWS STS session token
use the "session token" values in your IDE.
Example:
aws sts assume-role --role-arn --role-session-name --duration-seconds
put in the values generated for these in your eclipse IDE AWS profile:
AccessKeyId
SecretAccessKey
SessionToken
You can also use a SAML assertion by using this command on the AWS CLI
aws sts assume-role-with-saml --role-arn <value> --principal-arn <value> --saml-assertion <value>
Note: the max session length is defined by the role you're using.
Bluemix provides a CF command line for download to manage applications.
We want to use CF (or any other command line tools ) to manage Organization and Space users. This will allow us to programmatically sync the user list.
Specifically I am looking for
cf enroll-user
cf add-user
cf remove-user
cf unenroll-use
the cf command already lists the users for a given ORG and SPACE.
The simple answer is to read the docs. See "Creating and Managing Users with the cf CLI." It documents commands like create-user, set-org-role, and set-space-role.
For example: Use cf create-user USERNAME PASSWORD to create a new user. The problem is, when you try to do this in Bluemix, you get an error:
>cf create-user jdoe password
Creating user jdoe as bwoolf...
FAILED
Error creating user jdoe.
Server error, status code: 403, error code: access_denied, message: Invalid token does not contain resource id (scim)
You get a similar error when you try to run set-org-role or set-space-role:
FAILED
Server error, status code: 403: Access is denied. You do not have privileges to execute this command.
Why did you get this error? Like #RandalAnders explained, Bluemix currently blocks users from using these user administration commands in the CF CLI. For the time being, you'll need to perform these actions using the Bluemix Dashboard.
Currently, it is not possible within Bluemix to use the CF CLI for certain management commands, as they require administrative privileges. We are exploring expanding the scope of the commands used in the CLI and would be interested in hearing any other use cases you may have.
you can not create a user on bluemix using cf cli since it needs admin privileges. To add a user, you will need to use bluemix cli 'bluemix iam account-user-invite' to invite a user to your account with a org/space role assigned. There are other account/org/space/role management commands under 'bluemix iam'.
Download bluemix CLI here: http://clis.ng.bluemix.net