I am attempting to enable HTTPS on a custom domain for Azure CDN, but both az PowerShell and the API fail when I try to do this programmatically.
{
"error": {
"code": "BadRequest",
"message": "That action isn’t allowed in this profile."
}
}
First I tried through PowerShell. Note: that this produces a rather useless error unless you use the -Debug switch -
Enable-AzCdnCustomDomainHttps -ResourceGroupName $resourceGroupName -ProfileName $profileName -EndpointName $endpointName -CustomDomainName $customDomainName -Debug
Noticing that the version of az PowerShell that I have installed was using API version 2019-04-15, I began to investigate whether or not there was a newer version of API available, and there is - 2019-12-21. Using this latest API, I ran the HTTP request outside of PowerShell, but this led to the exact same error.
curl --location --request POST 'https://management.azure.com/subscriptions/{{SubscriptionId}}/resourceGroups/{{ResourceGroup}}/providers/Microsoft.Cdn/profiles/{{CdnProfile}}/endpoints/{{CdnEndpoint}}/customDomains/{{CdnCustomDomain}}/enableCustomHttps?api-version=2019-12-31' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{BearerToken}}' \
--data-raw '{
"certificateSource": "Cdn",
"certificateSourceParameters": {
"certificateType": "Shared",
"#odata.type": "#Microsoft.Azure.Cdn.Models.CdnCertificateSourceParameters"
},
"protocolType": "IPBased"
}'
Digging further, it looks like Microsoft acknowledged the issue in August last year, but then swiftly closed the issue without actually fixing it or offering a workaround.
Has anyone been able to come up with a workaround for this? It seems unfathomable that Microsoft would just not bother to fix this, and it's unsustainable to rely on manual intervention every time we create a new CDN.
Take a look at this thread:
https://github.com/Azure/azure-powershell/issues/9654 , same issue appears on a UI, so it seems to be a bug in Azure Resource Manager.
On UI, the solution was to open in Incognito mode. Perhaps this is an issue with a session, so logging off an on again in CLI should help likewise.
Related
I've been trying to use the Keycloak Impersonation API (semi-recent addition) to get an access token for another user. I have created a semi-successful CURL request based on the docs and another StackOverflow question. The CURL request (below) returns a 501 Not Implemented and I am trying to figure this out. If it would be another error I would assume I am doing something incorrectly, but this appears to be at least partially correct.
curl --verbose -X POST "http://localhost:8081/auth/realms/master/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
-d "client_id=admin-cli" \
-d "requested_subject={TARGET_USER_ID}" \
-d "subject_token={USER_MANAGER_TOKEN}"
My workflow so far has been to get the Keycloak master realm "admin" user's access token (successful) and use that in the impersonation request, along with the target user's Keycloak ID. Am I doing something wrong or missing a step?
I haven't changed any Keycloak permissions, is this required?
From my understanding and the documentation, impersonation is currently supported and enabled by default in Keycloak v5 - Sever Installation. However, another article (Keycloak v5 - Token Exchange) seems to indicate that the feature is disabled by default; could this be why I am getting the 501 Not Implemented?
EDIT: #qdivision mentioned that the Token Exchange needs to be enabled for this to work. However, we are using the jboss/keycloak Docker image and I am wondering where I should add the profile.properties file to enable this feature?
Impersonation is enabled by default, Token Exchange is not.
To enable start the server with -Dkeycloak.profile=preview or -Dkeycloak.profile.feature.token_exchange=enabled as mentioned in the docs
https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange
I work with Delphi 10.2 and Rocket Chat. How can I set the User Presence from offline to online when the user logs in. The login via Delphi and Postman is success. The answer from docs is to make it via method call but I don't know how.
{
"msg": "method",
"method": "UserPresence:setDefaultStatus",
"id": "42",
"params": ["online"]
}
Looks like you are looking at the docs for the real time api. If you aren’t familiar with it or only need a one off action I would suggest just using the REST API.
curl -H "X-Auth-Token: 9HqLlyZOugoStsXCUfD_0YdwnNnunAJF8V47U3QHXSq" \
-H "X-User-Id: aobEdbYhXfu5hkeqG" \
http://localhost:3000/api/v1/users.setStatus -d '{"status": "busy"}'
This end point is actually new I think added in Rocket.Chat 1.2
Of course make sure to authenticate before hand. More info about that can be found there in the docs as well.
I'm trying to use the relatively new PayPal Sync API to download my PayPal transactions. I'm following the Sync API guide. I started by logging into the PayPal Developer Dashboard My Apps & Credentials page, scrolling to the REST API apps section, creating an app, clicking on it, and enabling Transaction Search for both the Sandbox and Live accounts.
I then used the Sandbox account's Client ID and Secret to generate an Access Token. I confirmed that the Client ID and Secret are correct and active. My cURL command is below (note that I'm using cURL on Windows 10):
curl -v https://api.sandbox.paypal.com/v1/oauth2/token ^
-H "Accept: application/json" ^
-H "Accept-Language: en_US" ^
-u "<my-client-id>:<my-secret>" ^
-d "grant_type=client_credentials"
I received a response similar to the following (I added the formatting):
{
"scope":"https://uri.paypal.com/services/reporting/search/read
https://api.paypal.com/v1/payments/.*
https://uri.paypal.com/services/applications/webhooks
openid",
"nonce":"2018-04-04T02:20:02Z...",
"access_token":"<my-access-token>",
"token_type":"Bearer",
"app_id":"<my-app-id>",
"expires_in":32400
}
I then took the Access Token and copied it into the sample command on the Sync API guide page. Here is the command I ran:
curl -v -X GET https://api.sandbox.paypal.com/v1/reporting/transactions?transaction_id=5TY05013RG002845M&fields=all&page_size=100&page=1 ^
-H "Content-Type: application/json" ^
-H "Authorization: Bearer <my-access-token>"
I received the following error response:
< HTTP/1.1 401 Unauthorized
...
< Content-Length: 244
< Connection: close
< Content-Type: application/json
<
{
"name":"AUTHENTICATION_FAILURE",
"message":"Authentication failed due to invalid authentication credentials or a missing Authorization header.",
"links":[{
"href":"https://developer.paypal.com/docs/api/overview/#error",
"rel":"information_link"
}]
}
I tried many things to correct this error, including:
Adding a "Accept: application/json" and "Accept-Language: en_US" header to the command.
Creating a new Secret and generating a new Access Token.
Creating a new App with a new Client ID & Secret and generating a new Access Token.
Disabling Transaction Search, re-enabling it, and sending the command again.
Trying in the Live account.
Each of these attempts produced the same result. I noted that in the scope section of the access token response that it doesn't include a path similar to the stated path for the Sync API (/v1/reporting/transactions). However, that's just an observation, and I'm not sure if that is relevant.
I read through the entire Sync API guides and documentation about five times, and I searched Google and StackOverflow pretty thoroughly. I'm seeing evidence that some people are getting past the initial connection to Sync API, so I'm fairly certain this API works.
Can someone help me understand what I'm missing? Could it just be that I need to wait a day or two for their systems to catch up? PayPal's Developer documentation is not very user-friendly, and their Developer Dashboard is extremely glitchy.
I had this same issue. Putting double quotes around the URL solved it for me. The other API endpoints worked (authentication, authorizations/xyz) because they didn't have any special URL characters in them. In the transaction search, the query string delimiters were being parsed by Bash.
Your curl lines above become:
curl -v -X GET "https://api.sandbox.paypal.com/v1/reporting/transactions?transaction_id=5TY05013RG002845M&fields=all&page_size=100&page=1" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <my-access-token>"
Hope that helps someone.
It appears that this error may be caused by either cURL or the way I'm using it. On a hunch, I used Hurl.it to execute this sample request, and the request was successful (HTTP 200). I then tried another request where I searched for all transactions in a given date range, and that was also successful. I'm going to mark the question answered.
I would like to allow anyone to trigger a job I've created in Rundeck.
I can't understand from the API documentation how to do that.
Any one knows, and can give simple examples (my understanding of the subject is minimal to none)?
What I've found is of the sort:
POST /api/1/job/[ID]/run
In order to use the Rundeck API, you need to authenticate first.
Authentication can be done in two different ways:
Using a Token
Using a username and a password
Here is an example of running a Rundeck job using its API (Token based authentication)
curl -X POST http://rundeck_server:port/api/19/job/87bdc26ce-9893-49bd-ad7a-97f4c4a39196/run?authtoken=AVy8jZdcpTYOyPcOVbfcfOQmB6b92zRu --header "Content-Type:text/xml"
Explanation:
19: the API version or Rundeck installation version (19 matchs
Rundeck 2.8.2)
87bdc26ce-9893-49bd-ad7a-97f4c4a39196: Job UUID
run: Runs a job
PS: To obtain an API Token, you must first log in to the Rundeck GUI using a user account. Click on your username in the header of the page, and you will be shown your User Profile page. From this page you can manage your API Tokens.
To update the answer above, this is an example of running a job and feeding it arguments
You will need to replace hostname/API version/job UID/token
Also the current version can be used with JSON only
curl -X POST https://rundeck-hostname.com/api/41/job/7087d3b7-e454-4983-abd5-a211d21d6f27/run?authtoken=[redacted] -H "Accept: application/json" -H "Content-Type: application/json" -d '{
"options": {
"optionName":"optionValue",
}
}
'
And if you need additional arguments for running a job you can find the updated documentation at https://docs.rundeck.com/docs/api/rundeck-api.html#running-a-job
Please can anybody explain me how to create release using Octopus REST API.
I can create a release using octo.exe but have no idea how to do that using REST API.
I went through the http://localhost:8080/api, but cant figure it out how to create a release.
Is this REST api providing that feature??
I have not used Octopus myself, but as far as I understand you have to make an HTTP POST request to an URL like this:
http://localhost:8080/api/projects/1/releases
In your request body you specify the same parameters as you would do it using the command line tool but you have to encode them as JSON.
I had similar trouble with this myself.
In order to create a release, you must make a POST request to the Octo server.
https://myoctoserver:port/api/releases
Provide the following headers:
X-Octopus-ApiKey: API-XXXXXXXXXXXX
Content-Type: application/json
The body of the request must be JSON. Below is an example:
{
"Version": "2017.02.25.183053" ,
"ProjectId": "MyProject" ,
"ChannelId": "DefaultOrOtherChannelId
}
The Version and ProjectId properties are required. Channel ID is optional. However, if you have more than one channel or if no channel in your project is marked as default then you must include ChannelId as well.
I hope this helps!
Curl Example
The sample below has been successful.
BODY='{"ProjectId":"'$PROJECT_ID'","ChannelId":"Channels-1","Version":"'$VERSION'","SelectedPackages":[{"StepName":"$STEP_NAME1","Version":"'$VERSION'"},{"StepName":"$STEP_NAME2","Version":"'$VERSION'"}]}'
curl -X POST --write-out %{http_code} --silent --output /dev/null -H "X-Octopus-ApiKey:$API_KEY" -H "Content-Type:application/json" -d $BODY "https://octopus.example.com/api/releases"
Notes
In order to find the ChannelId and ProjectId I had to query the Octopus database. The IDs will look something like Projects-1 or Channel-1
Documentation for interfacing with the Octopus REST API leaves a lot to be desired:
https://github.com/OctopusDeploy/OctopusDeploy-Api/wiki/Releases
I could never get it working through this approach, instead, I use the octo.exe command line utility to create releases:
octo create-release --project HelloWorld --version 1.0.3 --server http://octopus/ --apiKey API-ABCDEF123456
Octo.exe included as part of tentacle or server installs, Octopus also provide it as a seperate utility:
http://octopusdeploy.com/downloads