I've got a local vault server in development mode so I can learn and understand how to use vault.
In this exercise my goal is to load/put a cert into the secrets engine using the API. I've been able to so with this curl command:
curl --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data #payload-cert.json \
http://127.0.0.1:8200/v1/kv-v1/prod/cert1/mysql
I can verify this cert exists by running the CLI command:
vault kv get kv-v1/prod/cert1/mysql
Example output shows its there:
==== Data ====
Key Value
--- -----
cert -----BEGIN CERTIFICATE-----
MIICyjCCAbICCQDrpZYh8et7yTANBgkqhkiG9w0BAQsFADAnMQswCQYDVQQGEwJV
UzELMAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNGMB4XDTE4MTExMjIwNDEwNVoXDTE4
MTIxMjIwNDEwNVowJzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQH
DAJTRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnIdgpml8+xk+Oj
1RGMCyJ1P15RiM6rdtszT+DFBg893Lqsjoyd5YgwELLz0Ux8nviG4L5OXOujEpAP
2cQBxTSLQjBELBZY9q0Qky3+2ewqV6lSfcXrcf/JuDJGR5K8HSqwNG35R3WGnZ+O
JhY0Dmx06IAs/FF8gP88zTQ8M7zuaThkF8MaF4sWPf6+texQwjzk4rewknGBFzar
9wFxVwNCyDD6ewIYPtgDxdJ1bwBVoX3KKKXm8GStl/Zva0aEtbSq/161J4VbTro2
dxArMPKzxjD6NLyF59UNs7vbzyfiw/Wq7BJzU7Kued5KdGt0bEiyWZYO+EvvxGmE
1pHfqysCAwEAATZNBgkqhkiG9w0BAQsFAAOCAQEAavj4CA+7XFVHbwYMbK3c9tN/
73hkMvkAZWix5bfmOo0cNRuCeJnRIX+o6DmusIc8eXJJJV/20+zoSvUwlsLDPXoN
+c41GfIiEUSaSdSBtETMy8oPga718nIwAvNgYiUHXnV3B0nLYBUpYSnsD00/6VXG
xZUIEVBd7Ib5aRwmK8U5drxoWaBoG5qdvH9iapwTrCcPsRjsLBq7Iza2oBORGlfF
CjqiW2+KJzwRiTQj70yceniGVHM+VSpFYCLJ0mXeyLfITy7joqxr4AGYz+EhpLuf
iDpYDNYlr0JDVQqogskWjrnWOh0YcIJKgVtiTh2HDM5TdQgeXg4wv5IqLok0Tw==
-----END CERTIFICATE-----
However, I need to verify this using the API. How do I do that? I'm using this command:
curl -s --header "X-Vault-Token:$VAULT_TOKEN" --request LIST http://127.0.0.1:8200/v1/kv-v1/prod/cert1/mysql | jq
Results show empty:
{
"errors": []
}
I just verified it exists using CLI. What am I missing or doing wrong with my curl statement?
You are trying to list a single item, when you need to be trying to list a folder. If you just drop the mysql from your URL it should show you the mysql item:
curl -s --header "X-Vault-Token:$VAULT_TOKEN" --request LIST http://127.0.0.1:8200/v1/kv-v1/prod/cert1/ | jq
See https://www.vaultproject.io/api-docs/secret/kv/kv-v1#list-secrets .
If you want to replicate the response you got from the CLI, you want to use a GET request:
curl -s --header "X-Vault-Token:$VAULT_TOKEN" --request GET http://127.0.0.1:8200/v1/kv-v1/prod/cert1/mysql | jq
Related
Is it possible to create a new environment for a repository https://github.com/org/repo/settings/environments using the gh cli?
The only mention of environment I can find in the manual is here https://cli.github.com/manual/gh_secret_set where it says you can assign a secret to an existing environment, but it seems the environment would have to be created manually.
From what I'm seeing here in the gh cli repo that's going to be a no at this time. The issue [linked] is an enhancement request for just that.
I too wanted to know if this could be done, as it's part of my workflow to inject environment secrets.
You can still use the API to create it though.
curl -X PUT \
-H 'Authorization: Bearer ghp_...' \
-H 'Accept: application/vnd.github.v3+json' \
https://api.github.com/repos/<org>/<repo>/environments/<env>
Basically you need to create the environment first, then you can set branch policies:
jq -n '{"deployment_branch_policy": {"protected_branches": false, "custom_branch_policies": true}}'|gh api -H "Accept: application/vnd.github+json" -X PUT /repos/:owner/:repo/environments/dev --input -
gh api --method POST -H "Accept: application/vnd.github+json" "/repos/Oceaneering/it_infra_base_application_bootstrapper/environments/dev/deployment-branch-policies" -f name=dev
I wrote a python script for my use case that uses the gh cli to create environments and can include a branch pattern.
https://gist.github.com/walkerk1980/8a6f6879b32260360854a89bb880a48d
I tried to use GitLab API to create a new project. This worked, but this is in my user space:
curl \
--header "Authorization: Bearer ${GITLAB_API_TOKEN}" \
--request POST \
"https://gitlab.com/api/v4/projects/?name=$test-proj"
But I wanted to do it under a specific group with group_id <group_id> (I blanked it here). The most sensible approach that occured to me was:
curl \
--header "Authorization: Bearer ${GITLAB_API_TOKEN}" \
--request POST \
"https://gitlab.com/api/v4/groups/<group_id>/projects/?name=test-proj
But this did not work. Are there any suggestions on how I could achieve this?
I consulted the following references
https://forum.gitlab.com/t/create-a-new-project-in-a-group-using-api/1552
https://docs.gitlab.com/ee/api/projects.html#create-project
The GitLab documentation mentions the path or namespace_id attribute (although I would actually be in search of a group_id attribute). I am not sure about path and how to specify that. I tried - without success - to retrieve the namespace_id via
curl --header "PRIVATE-TOKEN: ${GITLAB_API_TOKEN}" "https://gitlab.example.com/api/v4/namespaces"
It is well possible that I might not have the rights to do the required operation. Therefore a reference to an official (GitLab) documentation together with a test curl command that works would be very helpful to me - thank you!
For anyone looking for the direct command:
STEP 1:
Navigate as below and identify the group ID from GUI:
Admin Area -> Groups -> GroupName
STEP 2:
Construct the command with two parameters viz., name, namespace_id
curl --header "PRIVATE-TOKEN: <myprivatetoken>" -X POST "https://gitlab.com/api/v4/projects?name=myexpectedrepo&namespace_id=38"
Both users and groups are considered "namespaces" as far as the Gitlab API is concerned, so you can use either a group ID or a username in the namespace_id field. You can see this in use by getting a single namespace with either a Group ID (that you can see in the /groups API call, or from a Group's "profile" page) or a username:
# this will show the namespace details of the Group with ID 54
curl --header "PRIVATE-TOKEN: ${TOKEN}" "https://gitlab.com/api/v4/namespaces/54
# this will show the namespace details of the User with username my-username
curl --header "PRIVATE-TOKEN: ${TOKEN}" "https://gitlab.com/api/v4/namespace/my-username
If you have the appropriate access level, you can assign a git remote to your local repository that includes your group name. Then, the push event will trigger GitLab to create the remote repository.
$ mkdir project_name && cd $_
$ echo "# project_name" > README.md
$ git init; git add .; git commit -m initial
$ GITLAB_HOST="gitlab.com"
$ git remote add origin git#${GITLAB_HOST}:group_name/project_name.git
$ git push origin HEAD
Then, point your browser to ${GITLAB_HOST}/group_name/project_name
https://docs.gitlab.com/ee/user/group/#specify-who-can-add-projects-to-a-group
I'm trying out and exploring the plugins available in Rundeck. I'm trying to install Job List View plugin because I want to see the statistics of my jobs but after installing I still can't see the job list view. Then whenever I restart Rundeck service, then go to Plugin repositories, the plugin needs to be installed again even though I've clearly installed the job list view plugin before. I can't see any errors in service.log.
How can I fix this issue? Thanks!
My Rundeck version is 3.3.5
That's a bug reported here (by the question author). Anyway, you can get the job info via API, I leave some examples using jq to "beautify" the output:
To get All jobs from a project:
#!/bin/sh
# protocol
protocol="http"
# basic rundeck info
rdeck_host="your_rundeck_node"
rdeck_port="4440"
rdeck_api="36"
rdeck_token="cqgfZlrSF84oUoC2ZzRwiltiyefjZx9R"
# specific api call info
rdeck_job="5dc08e08-0e28-4a74-9ef0-4ec0c8e3f55e"
rdeck_project="YourProject"
# get the job list from a project
curl -s --location --request GET "$protocol://$rdeck_host:$rdeck_port/api/$rdeck_api/project/$rdeck_project/jobs" \
--header "Accept: application/json" \
--header "X-Rundeck-Auth-Token: $rdeck_token" | jq
Get all job metadata:
#!/bin/sh
# protocol
protocol="http"
# basic rundeck info
rdeck_host="your_rundeck_node"
rdeck_port="4440"
rdeck_api="36"
rdeck_token="cqgfZlrSF84oUoC2ZzRwiltiyefjZx9R"
# specific api call info
rdeck_job="5dc08e08-0e28-4a74-9ef0-4ec0c8e3f55e"
# get the job metadata
curl -s --location --request GET "$protocol://$rdeck_host:$rdeck_port/api/$rdeck_api/job/$rdeck_job/info" \
--header "Accept: application/json" \
--header "X-Rundeck-Auth-Token: $rdeck_token" | jq
Get job forecast information:
#!/bin/sh
# protocol
protocol="http"
# basic rundeck info
rdeck_host="your_rundeck_node"
rdeck_port="4440"
rdeck_api="36"
rdeck_token="cqgfZlrSF84oUoC2ZzRwiltiyefjZx9R"
# specific api call info
rdeck_job="5dc08e08-0e28-4a74-9ef0-4ec0c8e3f55e"
# get the job forecast
curl -s --location --request GET "$protocol://$rdeck_host:$rdeck_port/api/$rdeck_api/job/$rdeck_job/forecast" \
--header "Accept: application/json" \
--header "X-Rundeck-Auth-Token: $rdeck_token" | jq
More info about Rundeck API here, and here a lot of useful examples.
I am using AppVeyor to set up the CI for a GitHub repository and upload the build artifacts to a draft named CI builds. The file is e.g. located under
https://github.com/an_organisation/a_project/releases/tag/untagged-1111aaaacccc0000dddd/filename.tar.gz
and can be accessed and downloaded from a browser.
Now I would like to access those uploaded artifact from another AppVeyor project (i.e. an appveyor.yml script). I tried without success to download with AppVeyor DownloadFile command, curl, and wget using the following commands
set DOWNLOAD_FILENAME=filename.tar.gz
set DOWNLOAD_ADDRESS=https://github.com/an_organisation/a_project/releases/download/untagged-1111aaaacccc0000dddd/$DOWNLOAD_FILENAME
wget --header "Authorization: token $GH_AUTH_TOKEN" --output-document=$DOWNLOAD_FILENAME $DOWNLOAD_ADDRESS
wget --auth-no-challenge --header "Accept:application/octet-stream" --output-document=$DOWNLOAD_FILENAME "$DOWNLOAD_ADDRESS?access_token:$GH_AUTH_TOKEN"
curl -fsSL -G --user "$APPVEYOR_ACCOUNT_NAME:$GH_AUTH_TOKEN" -o $DOWNLOAD_FILENAME $DOWNLOAD_ADDRESS
curl -fsSL -G -H "Authorization: token $GH_AUTH_TOKEN" -H "Accept: application/octet-stream" -o $DOWNLOAD_FILENAME $DOWNLOAD_ADDRESS
curl -fsSL -G -H "Authorization: token $GH_AUTH_TOKEN" -H "Accept: application/octet-stream" -o $DOWNLOAD_FILENAME https://api.github.com/repos/an_organisation/a_project/releases/download/untagged-1111aaaacccc0000dddd/
Slowly I get a feeling that a file download from a draft via GitHub API or download link is not possible.
What is the correct command to download such a file?
TLDR Use the Get Release asset API with header Accept: application/octet-stream :
curl -OJ -L -H "Accept: application/octet-stream" \
-H "Authorization: Token $YOUR_TOKEN" \
"https://api.github.com/repos/$REPO/releases/assets/$ASSET_ID"
You need to have the assetID. In order to have it you need the releaseID if you have not already this information use GET /repos/:user/:repo/releases :
curl -s -H "Authorization: Token $YOUR_TOKEN" \
"https://api.github.com/repos/$REPO/releases" | jq '.[] | {(.name): .id}'
Then get the assets IDs use GET /repos/:user/:repo/releases/:release_id :
curl -s -H "Authorization: Token $YOUR_TOKEN" \
"https://api.github.com/repos/$REPO/releases/$RELEASE_ID" | \
jq -r '.assets[] | {(.id |tostring): .name}'
Then once you have assetID (maybe you already had it btw) you can finally use GET /repos/:user/:repo/releases/assets/:asset_id with header Accept: application/octet-stream. From the documentation :
To download the asset's binary content, set the Accept header of the
request to application/octet-stream. The API will either redirect the
client to the location, or stream it directly if possible. API clients
should handle both a 200 or 302 response.
The following download the file locally :
curl -OJ -L -H "Accept: application/octet-stream" \
-H "Authorization: Token $YOUR_TOKEN" \
"https://api.github.com/repos/$REPO/releases/assets/$ASSET_ID"
I was trying to import dashboard using exported json file from one server to another server of grafana, but getting bellow error;
{"message":"Dashboard not found","status":"not-found"}
My curl command:
curl -X POST --insecure -H "Authorization: Bearer {API KEY}" -H "Content-Type: application/json" --data-binary #'{JSON file name}' http://{Host ip}:3000/api/dashboards/db
To export dashboard, I am using following curl command;
curl -f -k -H "Authorization: Bearer {API key}" "http://{Host IP}:3000/api/dashboards/db/mydashboard" | jq 'del(.overwrite,.dashboard.version,.meta.created,.meta.createdBy,.meta.updated,.meta.updatedBy,.meta.expires,.meta.version)' > {JSON file name}"
I am unable to find exact missing field OR value which is missing OR incorrectly passed through JSON file while importing. Is there any way to debug?
Is there any issue with my Export and import command.
As mentioned in this issue,
you must replace the "id": num field of the dashboard with null.
so you can change it for all of your dashboards (.json files) by command below: (works with GNU sed only)
sed -i '0,/"id": .*/{s/"id": .*/"id": null,/}' *.json
The simplest solution is to set the 'id' from root of the json to null.
"id": null,
Be aware, it's not the same field as uid in the end of the json (also root). That one must be unique, but not null.