I'm trying to automatically download a release asset using ansible, but I receive a 400 "Invalid Argument error":
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>InvalidArgument</Code>
<Message>
Only one auth mechanism allowed;
only the X-Amz-Algorithm query parameter, Signature query string parameter
or the Authorization header should be specified
</Message>
<ArgumentName>Authorization</ArgumentName>
<ArgumentValue>Basic XXX</ArgumentValue>
<RequestId>XXXX</RequestId>
<HostId>XXXX</HostId>
</Error>
I have found a corresponding issue on GitHub, but I can't implement the solution using ansible without writing a custom script. My curremt code is:
- name: Download build asset
uri:
url: "{{ asset_url }}"
user: "{{ github_username }}"
password: "{{ github_token }}"
force_basic_auth: yes
headers:
Accept: application/octet-stream
I have also tried passing no headers and using the token in the url
- name: Download build asset
uri:
url: "https://{{ TOKEN }}:#api.github.com/repos/<ORG>/<REPO>/releases/assets/{{ ASSET_ID }}"
headers:
Accept: application/octet-stream
But then I receive an error 404 "Not found" Error (presumably because the authentication did not work (private URL parameters replaced as ):
fatal: [XXX]: FAILED! => changed=false
access_control_allow_origin: '*'
access_control_expose_headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset
connection: close
content: '{"message":"Not Found","documentation_url":"https://docs.github.com/rest/reference/repos#get-a-release-asset"}'
content_length: '110'
content_security_policy: default-src 'none'
content_type: application/json; charset=utf-8
date: Wed, 18 Nov 2020 15:45:42 GMT
elapsed: 0
json:
documentation_url: https://docs.github.com/rest/reference/repos#get-a-release-asset
message: Not Found
msg: 'Status code was 404 and not [200]: HTTP Error 404: Not Found'
redirected: false
referrer_policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
status: 404
strict_transport_security: max-age=31536000; includeSubdomains; preload
url: https://<TOKEN>#api.github.com/repos/<ORG>/<REPO>/releases/assets/28089234
vary: Accept-Encoding, Accept, X-Requested-With
x_content_type_options: nosniff
x_frame_options: deny
x_github_media_type: unknown
x_github_request_id: CC26:2942:15E1154:1948AE9:5FB541A6
x_ratelimit_limit: '60'
x_ratelimit_remaining: '58'
x_ratelimit_reset: '1605717756'
x_ratelimit_used: '2'
x_xss_protection: 1; mode=block
This only happens for release assets, other api calls work just fine using the basic auth method. It also works fine with the same request using curl or postman. Scopes for the Personal Access Token I use are:
repo (full access)
workflow
write:packages
read:packages
Update
For now sending the request using curl works, but I would prefer using the uri module:
name: Download build asset
shell: >
curl -J -L -H "Accept: application/octet-stream"
"https://{{ TOKEN }}#api.github.com/repos/<ORG>/<REPO>/releases/assets/{{ ASSET_ID }}"
--output "/tmp/asset.tar.gz"
Related
I need to set cookies for redirected request (they are sent from initial request) in RestAssured.
When I’m sending GET for my url - it responds with 302 status code and Set-Cookie header that needs to be set for redirected request. But these cookies are missed from redirected request and I’m getting an auth error.
It successfully works in Postman, but not in REST Assured. Here’s code sample:
given()
.spec(requestSpecWithToken)
.redirects().follow(true)
.config(RestAssured.config().httpClient(httpClientConfig().reuseHttpClientInstance()))
.when()
.get(myEndpoint)
.then()
.statusCode(200); // <— error 400 as no cookies
Also I’ve tried without reuseHttpClientInstance - cookies still not set for redirected request.
Here’s example from http perspective:
Source Request: GET https://example1.com/url-with-redirect
Source Response: 302
Set-Cookie: CookieName1=CookieValue1; Path=/; SameSite=None; Secure
Set-Cookie: CookieName2=CookieValue2; Path=/
location: https://example2.org/target
Redirected Request: GET https://example2.org/target
Redirected Request Cookies: -
Redirected Response: 400
So how can I set cookies for redirected request inside?
Update:
Logs:
Request method: GET
Request URI: https://example1.com/url-with-redirect
Proxy: <none>
Request params: <none>
Query params: <none>
Form params: <none>
Path params: <none>
Headers: Authorization=Bearer [..]
Accept=*/*
Connection=keep-alive
Cookies: <none>
Multiparts: <none>
Body: <none>
[Fatal Error] :1:1: Content is not allowed in prolog.
[Fatal Error] :1:1: Content is not allowed in prolog.
HTTP/1.1 400 Authentication information is not given in the correct format.
Content-Length: 297
Content-Type: application/xml
Server: Microsoft-HTTPAPI/2.0
x-ms-request-id: [..]
Date: Tue, 20 Dec 2022 19:16:27 GMT
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidAuthenticationInfo</Code><Message>Authentication information is not given in the correct format.
RequestId:[..]
Time:2022-12-20T19:16:27.9906229Z</Message></Error>
I have successfully installed IBM Cloud Private 3.1.
All was working well. I could login to the ICP URL, but after rebooting, nothing works.
Now the URL says:
Unexpected response code 401 from request: GET
https://icp-management-ingress:8443/idmgmt/identity/api/v1/users/admin/getTeamResources?resourceType=namespace
HTTP/1.1 Accept: application/json Authorization: bearer *** HTTP/1.1
401 Server: openresty/1.11.2.4 Date: Wed, 07 Nov 2018 21:47:55 GMT
Content-Type: application/json; charset=utf-8 Transfer-Encoding:
chunked Connection: close Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true X-Xss-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN Strict-Transport-Security:
max-age=15552000; includeSubDomains X-Download-Options: noopen
X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off
{"error":{"statusCode":401,"name":"Error","message":"An error occurred
while accessing the kube services rest api"}}
When I try to login with cloudctl, I get this:
Cloudctl login
API endpoint: https://172.31.16.153:8443
Username> admin
Password>
Authenticating...
OK
Select an account:
1. Mycluster Account (id-mycluster-account)
Enter a number> 1
Targeted account mycluster Account (id-mycluster-account)
FAILED
Error response from server. Status code: 401; message: {"error":{"statusCode":401,"name":"Error","message":"An error occurred while accessing the kube services rest api"}}
And kubectl says there is no service for the common ones:
Kubectl get pods
Error: The server doesn't have a resource type "pods"
Kubectl get nodes
Error: The server doesn't have a resource type "nodes"
Kubectl get services
Error: The server doesn't have a resource type "services"
Kubectl get deployment
Error: The server doesn't have a resource type "deployment"
Any suggestions?
I have created AWS Machine Learning model with working real-time endpoint. I want to consume created service via HTTP request. For testing purpose I'm using Postman, I've created request according to Amazon's API documentation but every time I get the same exception: UnknownOperationException. While I'm using Python SDK the service is working fine. Below example that gets model info.
That's my request (fake credentials):
POST HTTP/1.1
Host: realtime.machinelearning.us-east-1.amazonaws.com
Content-Type: application/json
X-Amz-Target: AmazonML_20141212.GetMLModel
X-Amz-Date: 20170714T124250Z
Authorization: AWS4-HMAC-SHA256 Credential=JNALSFNLANFAFS/20170714/us-east-1/AmazonML/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-target, Signature=fiudsf9sdfh9sdhfsd9hfsdkfdsiufhdsfoidshfodsh
Cache-Control: no-cache
Postman-Token: hd9sfh9s-idsfuuf-a32c-31ca-dsufhdso
{
"MLModelId": "ml-Hfdlfjdof0807",
"Verbose": true
}
Exception I get:
{
"Output": {
"__type": "com.amazon.coral.service#UnknownOperationException",
"message": null
},
"Version": "1.0"
}
After doing research on AWS forum I've found some similar HTTP requests. Turns out I had 3 incorrect parameters.
Host address should be:
Host: machinelearning.us-east-1.amazonaws.com
Content type:
Content-Type: application/x-amz-json-1.1
In credentials parameters target service has to be specified as machinelearning
Short instruction how to setup Postman's request:
In Authorization tab choose AWS Signature and fill in AccessKey and SecrectKey. In Service Name field write machinelearning. Click Update Request, this will update your header.
In Headers tab add two headers:
Key: X-Amz-Target, Value: AmazonML_20141212.GetMLModel
Key: Content-Type, Value: application/x-amz-json-1.1
Add body:
{ "MLModelId": "YOUR_ML_MODEL_ID", "Verbose": true }
Correct HTTP request below:
POST HTTP/1.1
Host: machinelearning.us-east-1.amazonaws.com
X-Amz-Target: AmazonML_20141212.GetMLModel
Content-Type: application/x-amz-json-1.1
X-Amz-Date: 20170727T113217Z
Authorization: AWS4-HMAC-SHA256 Credential=JNALNFAFS/20170727/us-east-1/machinelearning/aws4_request,
SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-target,
Signature=fiudsf9sdfh9sdhfsd9hfsdkfdsiufhdsfoidshfodsh
Cache-Control: no-cache
Postman-Token: hd9sfh9s-idsfuuf-a32c-31ca-dsufhdso
{
"MLModelId": "ml-Hfdlfjdof0807",
"Verbose": true
}
Please check following link and validate your sigv4
http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
The server is responding with a less than helpful message.
Unable to get a request token: Request for https://etwssandbox.etrade.com/oauth/sandbox/request_token?oauth_callback=oob&oauth_consumer_key=aaf0812a4bcc6e4c21783af47cf88237&oauth_nonce=3495463522&oauth_signature=ykqRaZc18GwIoqHtYqtxzsMq4xs%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1371092839&oauth_version=1.0 failed,HTTP/1.1 400 Bad Request
Connection: close
Content-Length: 62
Client-Date: Thu, 13 Jun 2013 03:07:19 GMT
Client-Peer: 12.153.224.230:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
Client-SSL-Cert-Subject: /C=US/ST=New York/L=New York/O=ETRADE FINANCIAL CORPORATION/OU=Global Information Security/CN=etwssandbox.etrade.com
Client-SSL-Cipher: RC4-MD5
<html><body><b>Http/1.1 400 Bad Request</b></body> </html>
OK I will try with headers. All required parameters are present.
$ wget -d -O- --header='Authorization: OAuth realm="",oauth_callback="oob",oauth_consumer_key="aaf0812a4bcc6e4c21783af47cf88237",oauth_nonce="3495463522",oauth_signature="ykqRaZc18GwIoqHtYqtxzsMq4xs%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1371092839",oauth_version="1.0"' 'https://etwssandbox.etrade.com/oauth/sandbox/request_token'
Setting --output-document (outputdocument) to -
Setting --header (header) to Authorization: OAuth realm="",oauth_callback="oob",oauth_consumer_key="aaf0812a4bcc6e4c21783af47cf88237",oauth_nonce="3495463522",oauth_signature="ykqRaZc18GwIoqHtYqtxzsMq4xs%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1371092839"
DEBUG output created by Wget 1.13.4 on cygwin.
URI encoding = `UTF-8'
--2013-06-12 23:08:33-- https://etwssandbox.etrade.com/oauth/sandbox/request_token
Resolving etwssandbox.etrade.com (etwssandbox.etrade.com)... 12.153.224.230, 198.93.34.230
Caching etwssandbox.etrade.com => 12.153.224.230 198.93.34.230
Connecting to etwssandbox.etrade.com (etwssandbox.etrade.com)|12.153.224.230|:443... connected.
Created socket 3.
Releasing 0x80733128 (new refcount 1).
---request begin---
GET /oauth/sandbox/request_token HTTP/1.1
User-Agent: Wget/1.13.4 (cygwin)
Accept: */*
Host: etwssandbox.etrade.com
Connection: Keep-Alive
Authorization: OAuth realm="",oauth_callback="oob",oauth_consumer_key="aaf0812a4bcc6e4c21783af47cf88237",oauth_nonce="3495463522",oauth_signature="ykqRaZc18GwIoqHtYqtxzsMq4xs%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1371092839"
---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 400 Bad Request
Content-Length:62
Connection: close
---response end---
400 Bad Request
2013-06-12 23:08:34 ERROR 400: Bad Request.
That still did not work. Let me verify the signature. Notice my key and secret are correct.
First URL encode all the parameters to form a base string for signing.
$ perl -MURI::Escape -e "print uri_escape('oauth_callback=oob&oauth_consumer_key=aaf0812a4bcc6e4c21783af47cf88237&oauth_nonce=3495463522&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1371092839&oauth_version=1.0')"
oauth_callback%3Doob%26oauth_consumer_key%3Daaf0812a4bcc6e4c21783af47cf88237%26oauth_nonce%3D3495463522%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1371092839%26oauth_version%3D1.0
Now hash with HMAC-SHA1, encode with Base64 (no newline at end), and URL encode the resulting signature.
There is an ampersand at the end of the consumer secret because we don't have a token secret yet (it is empty).
$ perl -MDigest::HMAC_SHA1=hmac_sha1 -MMIME::Base64 -MURI::Escape -e "print uri_escape(encode_base64(hmac_sha1('GET&https%3A%2F%2Fetwssandbox.etrade.com%2Foauth%2Fsandbox%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3Daaf0812a4bcc6e4c21783af47cf88237%26oauth_nonce%3D3495463522%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1371092839%26oauth_version%3D1.0', 'xxxxxxxxxxxxxxxxxxxx&'), ''))"
ykqRaZc18GwIoqHtYqtxzsMq4xs%3D
This signature matches the above.
The specs are here: http://oauth.net/core/1.0a/#signing_process
ETrade specs are here: https://us.etrade.com/ctnt/dev-portal/getDetail?contentUri=V0_Documentation-AuthorizationAPI-GetRequestToken
ETrade's documentation is broken. They specify in the Sandbox environment uses different hosts and URLs
https://us.etrade.com/ctnt/dev-portal/getContent?contentUri=V0_Documentation-DeveloperGuides-Sandbox
but for OAuth they do not. That part is never mentioned and I had to look in the source code for one of their SDKs to find out.
|Environment| URL |
|Production |https://etws.etrade.com/{module}/rest/{API} |
|Sandbox |https://etwssandbox.etrade.com/{module}/sandbox/rest/{API} |
When trying to POST data to my tastypie api, I always get error code 401, even when using the Django admin account for authentication and authorization. My Django server is running as development server through "python manage.py runserver IP"
I'm using the latest master-branch of tastypie and Django 1.4.3
here are parts of my api.py
class QueueResource(ModelResource):
class Meta:
queryset = Queue.objects.all()
resource_name = 'queue'
]
my curl command:
curl --dump-header -H "Content-Type: application/json" -X POST --data '{"qid": "4", "msg": "An error occured!"}' http://IP/api/fail/
the corresponding error message:
HTTP/1.0 401 UNAUTHORIZED
Date: Wed, 13 Feb 2013 19:16:00 GMT
Server: WSGIServer/0.1 Python/2.7.3
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Does anyone of you has an idea why I'm getting this error code?
You should define authorization that you will use in the meta class of the resource.
Default one is ReadOnlyAuthorization.
More info you can find Here
Like what UnLiMiTeD said, you need to define Authorization.
from tastypie.authorization import Authorization
class QueueResource(ModelResource):
class Meta:
authorization = Authorization()
queryset = Queue.objects.all()
resource_name = 'queue'
This will make the QueueResource have no authorization restrictions. You can post to it without verifying any credentials.
The default authorization method is a ReadOnlyAuthorization.