Grafana: Datasource (Prometheus ) query 403 - grafana

When querying Datasource from grafana getting 403 for a few of the metrics.
curl --location --request GET 'https://xxx.xxx.xxx/api/datasources/proxy/1/api/v1/query?query=sum(kube_pod_container_status_restarts_total%7Bnamespace%3D%22default%22%2C%20container%3D~%22al-agent-container%22%2C%20pod%3D%22al-agent-container-hlrz2%22%7D)&time=1607489911' \
> --header 'Accept: application/json' \
> --header 'Content-Type: application/json; charset=UTF-8' \
> --header 'Authorization: Bearer xxx' \
> --data-raw ''
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>
When Querying from the Prometheus server endpoint with same query it resolves with 200:
curl --location --request GET 'http://kube-system-prometheus-server.kube-system.svc.cluster.local/api/v1/query_range?query=sum(kube_pod_container_resource_requests_cpu_cores%7Bnamespace%3D%22default%22%2C%20pod%3D~%22al-agent-container-hlrz2%22%7D)&start=1607488035&end=1607489835&step=15' \
> --header 'Accept: application/json' \
> --header 'Content-Type: application/json; charset=UTF-8'
{"status":"success","data":{"resultType":"matrix","result":[]}}
Grafana Version: v6.6.2 (3fa63cfc34)
Prometheus does not have any authentication in place,
This issue is facing only for few metrics not for all.
When tested the data source from its configuration section. it shows it's all working.
does anyone have any idea on this?

I have found this issue,
I had WAF enabled in the entry LB, I have removed and checked that it does work.
WAF is considering this as SQL injection and hence blocking it.

From my view , you cant get the data from Grafana. Because Grafana doesn't have DB place to store the data . It will use the Existing database from any other source to plot the Time-based series.

Related

How to pass two authorization headers to curl POST request

I'm accessing a rest api.
I have to do POST. The webservice is hosted behind the basic authentication.
To access the given endpoint I have to also send an authorization header.
case 1:
curl GET http://username:password#example.com/endpoint1 => works
case 2:
curl GET http://#example.com/endpoint1 -H "Authorization: Basic base64_encode(username:password)" => works
case 3:
curl POST http://#example.com/endpoint2 -H "Authorization: Basic base64_encode(username:password), Basic another_auth_token" => does not work
case 4:
curl POST http://username:password#example.com/endpoint2 -H "Authorization: Basic another_auth_token" => does not work
Also tried using php curl curl_setopt($ch, CURLOPT_USERPWD, 'username:password') and it didn't work.
Tried adding headers, Content-Type: application/json and application/x-www-form-urlencoded and it didn't work.
I need curl POST with the two authorization headers to work.
Any pointers what could be missing?
Just pass '-H Authorization' twice:
curl -X POST http://example.com/endpoint2 \
-H "Authorization: Basic base64_encode_username_colo_password" \
-H "Authorization: Basic another_auth_token"
I get:
POST / HTTP/1.1
Host: localhost:10101
User-Agent: curl/7.47.0
Accept: */*
Authorization: Basic base64_encode_username_colo_password
Authorization: Basic another_auth_token
Keep in mind, though, that the server (and downstream servers as well) has to be able to deal with multiple authorization headers.
curl -X POST
'https://api.amazon / shopify or "your URL"/'
-H 'Authorization: Bearer {token}' // or/AND your USER KEY and PASS in Base 64
-H 'Accept: application/json'
-H 'Content-Type: application/json'
for body parameter in CURL You should use -d'{your body in json}after the last Header param.(-H)

"The revision must be specified." error with status 400 Bad Request when delete controller-services and connections

I try export and import nifi templates via nifi rest api; but when i tried to delete controller-services, connections or import a template i get the response message "The revision must be specified." with '400 bad request' status from nifi rest api. I didn't understand what i have to do.
This my request for delete a control-service,
request "/controller-services/{id}" (id is, The controller service id.)
curl -X DELETE \
http://localhost:8090/nifi-api/controller-services/015b1030-a099-13d3-812c-77772afcaeb0 \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
and the response is "The revision must be specified."
status : "400 Bad Request"
Any idea please?
I finally got some answers about my mistake after reading this article
It seems you have to add two information to request url; version and clientId.
After make a call and get a component form nifi instance, it sends a version number inside a DTO to you as explained here
like this:
and finally i made a call like below and it worked:
curl -X DELETE \
'http://localhost:8090/nifi-api/controller-services/015b1030-a099-13d3-812c-77772afcaeb0?version=0&clientId=5ed15669-015d-1000-99cf-bc9c6f378085' \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \

Use CloudHub API to restart an application via REST call

At the moment, in order to restart a Mule application, I need to:
Log into Mule via a browser
Navigate to the Runtime Manager
Select my environment
Locate my application
Navigate to Settings
Then restart
I know that MuleSoft have a Management API (CloudHub API), but I cannot find an example of how to restart an application via a REST call.
If anyone has a working example or can point me in the right direction I would appreciate it.
Thanks
Just in case if anyone wants to know how to restart a Mule application hosted on CloudHub via REST API.
Call this API
https://anypoint.mulesoft.com/cloudhub/api/applications/{domain}/status with payload "RESTART"
API Endpoint: /applications/{domain}/status
Method: POST
Example payload in request body:
{
"status": " 'RESTART' or 'stop' or 'start' ",
"staticIpAddress": "10.4.6.22"
}
Postman code snippet: update the bearer token, domain and environment id
curl --request POST \
--url https://anypoint.mulesoft.com/cloudhub/api/applications/{cloudhub-app-
domain}/status \
--header 'Authorization: Bearer token' \
--header 'Content-Type: application/json' \
--header 'Postman-Token: 42539dcd-1d33-4b66-80d9-6cfcc4ed8f77' \
--header 'X-ANYPNT-ENV-ID: environment ID' \
--header 'cache-control: no-cache' \
--data '{\n "status":"RESTART"\n}'
First, you need to install the runtime manager agent
https://docs.mulesoft.com/runtime-manager/installing-and-configuring-runtime-manager-agent
Second, you can find an example in below link:
https://docs.mulesoft.com/runtime-manager/managing-applications-and-domains
Operation: Restart an Application
PUT http://localhost:9999/mule/applications/myapp/restart HTTP/1.1
Content-Type: application/json
Further to developer9's answer, here's how to obtain the Bearer token:
https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/access-management-api/version/v1/pages/Authentication/
To access Platform APIs, you must obtain a token from either the login
endpoint or using the OAuth authorization process.
To authenticate using a username and password, you must invoke the /login API.
POST /accounts/login HTTP/1.1
Content-Type: application/json
{
"username" : "joe",
"password" : "password"
}
This returns the following response and token:
{
"access_token": "d127e2ec-a703-4e2a-8629-e9158804748b",
"token_type": "bearer"
}
You can then use that in the restart (or other API request). Eg (note, update the bearer token, domain and environment id)
curl --request POST \
--url https://anypoint.mulesoft.com/cloudhub/api/applications/{cloudhub-app-
domain}/status \
--header 'Authorization: Bearer d127e2ec-a703-4e2a-8629-e9158804748b' \
--header 'Content-Type: application/json' \
--header 'Postman-Token: 42539dcd-1d33-4b66-80d9-6cfcc4ed8f77' \
--header 'X-ANYPNT-ENV-ID: environment ID' \
--header 'cache-control: no-cache' \
--data '{\n "status":"RESTART"\n}'

kaa update configuration using REST API

I used kaa rest api for changing my configuration as follow:
curl -v -S -u devuser:devuser123 -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"applicationId": "2",
"schemaId": "65539",
"endpointGroupId": "32768",
"body": "{\"timeConfig\":{\"org.kaaproject.configuration.unchangedT\":\"unchanged\"},\"dailySchedules\":{\"org.kaaproject.configuration.unchangedT\":\"unchanged\"},\"enabled\":{\"boolean":false},\"relays\":{\"array\":[false,false,false,true,true,false,false,false]},\"samplePeriod\":{\"int\":9}}",
}' 'http://localhost:8080/kaaAdmin/rest/api/configuration' | python -mjson.tool
But I get HTTP/1.1 400 Bad Request. Does my post parameters seems OK? any suggestion will be appreciated.
Finally I found the problem. Kaa Rest API Works perfect. It was about mismatching schemaID and endpointgroupId. I got the correct values from kaa web interface:
http://localhost:8080/kaaAdmin/#config:appId=2&endGroupId=32768&create=false&active=true&random=0.19035219790078206&schemaId=65539
. since the 400 ERROR CODE is not present in Rest documentation, I had no clue that where was the problem.

Crowd Rest API usage

I am trying to add 100 of users to a group in crowd and I want to automate it using curl and crowd's rest api. At first I am just trying to add a singleuser to a group and then auotmate it using shell script. Following this document, I pass the command as
curl -X POST{"name":"groupname"} -ik -u application:password-H 'Content-Type: application/json' -H 'Accept: application/json' https://localhost/crowd/rest/usermanagement/1/user/group/direct?username=username.
I am getting the following error.
HTTP/1.1 405 Method Not Allowed
Server: Apache-Coyote/1.1
X-Embedded-Crowd-Version: Crowd/2.8.3
X-Crowd-User-Management-Version: 1.4
Set-Cookie: JSESSIONID=17490A660F9A2267B378CD767CEADDF8; Path=/crowd/; Secure; HttpOnly
Allow: HEAD,DELETE,POST,GET,OPTIONS
X-Content-Type-Options: nosniff
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1013
Date: Mon, 29 Jun 2015 02:56:15 GMT
FYI: I am using a application to authenticate against crowd via rest. Please suggest on what I need to do and how should I do.
P.S. I also need to figure out on adding hudreds of groups to crowd too.
You are missing a space between POST and your data.
To post data use:
-d, --data
(HTTP) Sends the specified data in a POST request to the HTTP server,
in the same way that a browser does when a user has filled in an HTML
form and presses the submit button. This will cause curl to pass the
data to the server using the content-type
application/x-www-form-urlencoded. Compare to -F, --form.
So the command should be:
curl -X POST -d {"name":"groupname"} -ik -u application:password -H 'Content-Type: application/json' -H 'Accept: application/json' https://localhost/crowd/rest/usermanagement/1/user/group/direct?username=username
From Crowds Docs,
Authentication Access to all resources (using any method) requires the
client to be authenticated via basic authentication. See RFC 2617.
Your environment must retain cookies set by the Crowd server and
retransmit them on subsequent calls, otherwise Crowd will have to
re-authenticate the application on every REST call.
So first authenticate your self and store the cookies, (make note of --cookie-jar parameter)
curl -i -u application_name:application_password --data '{"value": "my_password"}' http://localhost:8095/crowd/rest/usermanagement/1/authentication?username=my_username --header 'Content-Type: application/json' --header 'Accept: application/json' --cookie-jar cookies.txt
So as per docs on subsequent calls use the cookies (using --cookie parameter)
curl -X POST -d {"name":"groupname"} -ik -u application:password -H 'Content-Type: application/json' -H 'Accept: application/json' https://localhost/crowd/rest/usermanagement/1/user/group/direct?username=username --cookie cookies.txt