I want to use username and password in Rundeck to run jobs on node instead of public / private keys. How do I do it?
Rundeck CLI always asks for the user and password by default, also, you can define environments vars RD_USER and RD_PASSWORD in your .bashrc file. Take a look at this (Credentials section).
Example:
export RD_USER=username
export RD_PASSWORD=password
Using API you can use use the "cookie way" to access an endpoint, take a look at this.
And check the following example:
#!/bin/sh
curl -v -c cookie -b cookie -d j_username=admin -d j_password=admin http://localhost:4440/j_security_check \
-H "Accept: application/json" \
http://hyperion:4440/api/31/system/info/
Related
I am trying to trigger the workflow_dispatch action for a GitHub workflow via REST but I am getting a "not found" error.
My question is similar to this one but the difference is that I am still getting the "not found" error even though the header indicates I am authenticated (the rate limit has increased to 5,000).
Here's my script:
#!/bin/bash
# https://docs.github.com/en/rest/reference/actions#create-a-workflow-dispatch-event
OWNER='myGithubOrganization'
REPO='myRepo'
WORKFLOW_ID='main.yml'
POST_URL="https://api.github.com/repos/$OWNER/$REPO/actions/workflows/$WORKFLOW_ID/dispatches"
echo "Calling $POST_URL"
GITHUB_PERSONAL_ACCESS_TOKEN=$(echo "$PLATFORM_VARIABLES" | base64 --decode | jq '.GITHUB_PERSONAL_ACCESS_TOKEN' --raw-output)
# -i to include headers.
curl \
-i \
-X POST \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token $GITHUB_PERSONAL_ACCESS_TOKEN" \
$POST_URL \
-d '{"ref":"ref"}'
In the headers, I see the rate limit has increased to 5,000, so I know I am logged in.
The personal access token has the following permissions:
repo
workflow
admin:org_hook
The personal access token is for a machine user.
In the repo settings, under "Collaborators and teams", the machine user account has the "Read" role.
What more do I need to do to trigger the workflow?
The machine user needs to have write access, not read access.
This is true even if the workflow does something like run CI tests and does not write any code.
I have a shell script in a container, that needs to access the ArgoCD API.
The script asks the API for a token, and then uses this token to restart a deployment.
JSON=$(jq -c -n --arg username "$USER_NAME" --arg password "$PASSWORD" '$ARGS.named')
TOKEN=$(curl -k $ARGOCD_SERVER/api/v1/session -d "$JSON" | jq -r ".token")
PARAMETERS="namespace=$NAMESPACE&resourceName=$RESOURCE_NAME&kind=Deployment&group=apps&version=v1"
curl -k -H "Authorization: Bearer $TOKEN" \
-d "\"restart\"" \
"$ARGOCD_SERVER/api/v1/applications/argocd/resource/actions?$PARAMETERS"
This only seems to work when I have the login option enabled in my argo-cd-cm.yaml enabled.
...
data:
admin.enabled: "false"
accounts.<service-user>: apiKey, login
accounts.<service-user>.enabled: "true"
...
As I am using OIDC for regular users, I would not like this login option to be disabled.
Is there a way to specify an apiKey for a given user in the one of the configmaps?
Yep! This was our configuration (helm values) since 2 years.. Just to confirm
However, make sure to authorize him as well using rbacConfig as below:
server:
config:
accounts.cibotuser: apiKey, login
accounts.cibotuser.enabled: "true"
rbacConfig:
policy.csv: |
p, cibotuser, applications, get, */*,allow
p, cibotuser, applications, sync, */*,allow
I'm using this script:
wget -O C:\FlairnetLab\output\x.csv --http-user='[My User]' --http-password='[Password]' --no-check-certificate https://ca-test.adyen.com/reports/download/MerchantAccount/FlairnetECOM/payments_accounting_report_2021_06_10.csv
But i get no file found response. But if i type the url in the browser using the same credential i can download the file.
Can some help me?
The problem is likely to be the encoding of the credentials (both Adyen-generated username and password include several special characters).
An option is to generate the base64-encoded string username: password with a command line (or with an online generator)
# example on Mac
$ echo -n '<username>:<password>' | openssl base64
cmVwb3J0.......5LX4=
then pass it in the Authorization header
# example with wget
wget --header "Authorization: Basic cmVwb3J0.......5LX4=" https://ca-test.adyen.com/reports/download/MerchantAccount/MyMerchantAccount/payments_accounting_report_2021_01_01.csv
# example with curl
curl -H "Authorization: Basic cmVwb3J0.......5LX4=" -X GET https://ca-test.adyen.com/reports/download/MerchantAccount/MyMerchantAccount/payments_accounting_report_2021_01_01.csv
How can I create a Jenkins Credential via REST API or Jenkins CLI? The credential should be of type "secret file", instead of a username / password combination.
The question is similar to this question, but not the same or a duplicate.
You can do it as follows:
curl -X POST \
https://jenkins.local/job/TEAM-FOLDER/credentials/store/folder/domain/_/createCredentials \
-F secret=#/Users/maksym/secret \
-F 'json={"": "4", "credentials": {"file": "secret", "id": "test",
"description": "HELLO-curl", "stapler-class":
"org.jenkinsci.plugins.plaincredentials.impl.FileCredentialsImpl",
"$class":
"org.jenkinsci.plugins.plaincredentials.impl.FileCredentialsImpl"}}'
just finished with it today https://www.linkedin.com/pulse/upload-jenkins-secret-file-credential-via-api-maksym-lushpenko/?trackingId=RDcgSk0KyvW5RxrBD2t1RA%3D%3D
To create Jenkins credentials via the CLI you can use the create-credentials-by-xml command:
java -jar jenkins-cli.jar -s <JENKINS_URL> create-credentials-by-xml system::system::jenkins _ < credential-name.xml
The best way to know the syntax of this is to create a credential manually, and then dump it:
java -jar jenkins-cli.jar -s <JENKINS_URL> get-credentials-as-xml system::system::jenkins _ credential-name > credential-name.xml
Then you can use this XML example as a template, it should be self-explanatory.
If you want to update an existing secret file, the simplest way I found was to delete and re-create.
A delete request, to extend #lumaks answer (i.e. with the same hostname, folder name and credentials id), looks like:
curl -v -X POST \
-u "user:password" \
https://jenkins.local/job/TEAM-FOLDER/credentials/store/folder/domain/_/credential/test/doDelete
This will return either HTTP status code 302 Found or 404 Not Found for existing and non-existing creds file respectively.
I would like to use the opportunity of passwordless access which is provided by ssh keys to create new repositories, instead of opening the browser and logging in git hosting provider by entering username and password each time. How to create new repository via ssh?
The GitHub API does provide a mechanaism for project creation, currently in alpha status. See https://developer.github.com/v3/projects/#create-a-repository-project
I use this /usr/local/bin/github
#!/bin/dash
# Create a personal access token here
#
# https://github.com/settings/tokens
#
# and make sure it has the 'repo' scope.
TOKEN=`cat /home/user/github_token`
REPO=$2
curl -s -XPOST -H 'Authorization: token '$TOKEN https://api.github.com/user/repos -d '{"name":"'$REPO'"}'|egrep -w 'already|"name":'|grep -o '.*[^,]'|cut -d: -f2|perl -pe 's/^ "(.*)"/$1/;s/name already exists on this account/already exists/'|perl -pe "s/$REPO/successfully created/"
It is run as github init myrepo. It is useful to create and fork projects from CLI.