I am unable to delete a rundeck job using API. The error message is below
{"error":true,"apiversion":38,"errorCode":"api.error.job.delete.failed","message":"Job could not be deleted: Cannot delete Job \"Junk_Extract\" [22d05f6a-c9e4-4388-863-668b7f8db411]: it may have been modified or executed by another user"}
The command I have used:
curl --location --request DELETE 'https://localhost:4443/api/38/job/22d05f6a-c9e4-4388-8a63-668b7f8db411' --header 'Accept: application/json' --header 'X-Rundeck-Auth-Token: 7kotazOO3xRr43qeZl3CQnYcKwzU6' -k
How can I delete a rundeck job?
You need to disable the execution/schedule first, under admin rights:
Disable executions for that jobs using this endpoint.
Disable the schedule for that job using this endpoint.
Then delete it using this endpoint.
The error says: it may have been modified or executed by another user.
Is the token used assigned to user with sufficient privileges for job deletion?
Related
I am wondering how do I create a kube config file for my Kubernetes cluster programatically so I can use it with kubectl in IBM Cloud.
To generate a Kube config file to use with kubectl you can do the following via curl to generate the file.
First you will need to get your bearer and refresh token. There are a couple ways to do this. If you have an API key you [can generate your tokens here.
Once you have your tokens you can call the following API.
POST https://containers.cloud.ibm.com/global/v1/clusters/clusterid/config.
That will give you a zipped file with the kube config and relevant certificates.
curl --location --request GET 'https://containers.cloud.ibm.com/global/v1/clusters/xxx/config' \
--header 'Authorization: mybearertoken' \
--header 'X-Auth-Refresh-Token: myrefreshtoken' >> kubeconfig.zip
Replace mybearertoken and myrefreshtoken with the correct values from here.
Trying to get kubernetes cluster linked to Gitlab to test CI.
Following the instructions here, but get the following:
There was a problem authenticating with your cluster. Please ensure your CA Certificate and Token are valid.
I've tried deleting the cluster and setting up again (suggested here) - but this hasn't made a difference.
Using the same $TOKEN, the following curl command works fine from another machine
curl -X GET $APISERVER/api --header "Authorization: Bearer $TOKEN" --insecure
Grateful for any help with sorting this.
I've been trying to use the Keycloak Impersonation API (semi-recent addition) to get an access token for another user. I have created a semi-successful CURL request based on the docs and another StackOverflow question. The CURL request (below) returns a 501 Not Implemented and I am trying to figure this out. If it would be another error I would assume I am doing something incorrectly, but this appears to be at least partially correct.
curl --verbose -X POST "http://localhost:8081/auth/realms/master/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
-d "client_id=admin-cli" \
-d "requested_subject={TARGET_USER_ID}" \
-d "subject_token={USER_MANAGER_TOKEN}"
My workflow so far has been to get the Keycloak master realm "admin" user's access token (successful) and use that in the impersonation request, along with the target user's Keycloak ID. Am I doing something wrong or missing a step?
I haven't changed any Keycloak permissions, is this required?
From my understanding and the documentation, impersonation is currently supported and enabled by default in Keycloak v5 - Sever Installation. However, another article (Keycloak v5 - Token Exchange) seems to indicate that the feature is disabled by default; could this be why I am getting the 501 Not Implemented?
EDIT: #qdivision mentioned that the Token Exchange needs to be enabled for this to work. However, we are using the jboss/keycloak Docker image and I am wondering where I should add the profile.properties file to enable this feature?
Impersonation is enabled by default, Token Exchange is not.
To enable start the server with -Dkeycloak.profile=preview or -Dkeycloak.profile.feature.token_exchange=enabled as mentioned in the docs
https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange
I would like to allow anyone to trigger a job I've created in Rundeck.
I can't understand from the API documentation how to do that.
Any one knows, and can give simple examples (my understanding of the subject is minimal to none)?
What I've found is of the sort:
POST /api/1/job/[ID]/run
In order to use the Rundeck API, you need to authenticate first.
Authentication can be done in two different ways:
Using a Token
Using a username and a password
Here is an example of running a Rundeck job using its API (Token based authentication)
curl -X POST http://rundeck_server:port/api/19/job/87bdc26ce-9893-49bd-ad7a-97f4c4a39196/run?authtoken=AVy8jZdcpTYOyPcOVbfcfOQmB6b92zRu --header "Content-Type:text/xml"
Explanation:
19: the API version or Rundeck installation version (19 matchs
Rundeck 2.8.2)
87bdc26ce-9893-49bd-ad7a-97f4c4a39196: Job UUID
run: Runs a job
PS: To obtain an API Token, you must first log in to the Rundeck GUI using a user account. Click on your username in the header of the page, and you will be shown your User Profile page. From this page you can manage your API Tokens.
To update the answer above, this is an example of running a job and feeding it arguments
You will need to replace hostname/API version/job UID/token
Also the current version can be used with JSON only
curl -X POST https://rundeck-hostname.com/api/41/job/7087d3b7-e454-4983-abd5-a211d21d6f27/run?authtoken=[redacted] -H "Accept: application/json" -H "Content-Type: application/json" -d '{
"options": {
"optionName":"optionValue",
}
}
'
And if you need additional arguments for running a job you can find the updated documentation at https://docs.rundeck.com/docs/api/rundeck-api.html#running-a-job
I am using the Presto REST api to query the database, but all my sessions appear to be ephemeral. For example, if I do something like
query_presto('set session columnar_processing = true')
query_presto('show session')
Despite setting the column_processing variable in the first query, the second query will show that column_processing is still the default value of false.
I read somewhere that
Presto maintains sessions for each authenticated user. This session
expires if no new requests are received within the timeout period
configured for Presto.
However, I can't find this configuration anywhere in the code nor documentation.
My question is how do I maintain a database session using the RESTful API?
After too much time digging around, I found that there is a header X-Presto-Session which you can set comma separated variables, ie
curl --data "show session" http://127.0.0.1:8889/v1/statement/ --header "X-Presto-User: myuser" --header "X-Presto-Schema: myschema" --header "X-Presto-Time-Zone: UTC" --header "X-Presto-Catalog: mycatalog" --header "User-Agent: myagent" --header "X-Presto-Session: session_variable_1=900,session_variable_2=true"
Despite what the doc says, I don't think there is a way for Presto to remember session variables set in previous executions. I have to locally cache them in my program and pass them all every execution.