I am trying to run sample code that uses an IBM Watson service. After setting my username / password or the IAM key as required, the code fails. In Python it is an error like this:
init() got an unexpected keyword argument 'iam_apikey'
What is the reason? What do I need to change?
It seems that you ran into an issue with the Watson SDK. Recently, with the Python SDK V4 and the Node SDK V5, they introduced a breaking change (Python, Node) which I found in their release notes. There is a new, more abstract authentication mechanism that caters to different authentication types. You would need to slightly change the code for how NLC is initialized.
This is from the Python migration instructions:
For example, to pass a IAM apikey:
Before
from ibm_watson import MyService
service = MyService(
iam_apikey='{apikey}',
url='{url}'
)
After(V4.0)
from ibm_watson import MyService
from ibm_cloud_sdk_core.authenticators import IAMAuthenticator
authenticator = IAMAuthenticator('{apikey}')
service = MyService(
authenticator=authenticator
)
service.set_service_url('{url}')
See some of the IBM Cloud core SDKs for more documentation, e.g., here is the Authentication doc for the core Node SDK.
Related
I am trying to change google identity platform configuration with cli using gcloud CLI SDK for linux.
to be specific I want to call these API getConfig and UpdateConfig
Is there a way to do this using gcloud cli? there seems to be a group called Identity as per the docs, but this does not seem to be doing what I want
I struggled using Google's Identity Toolkit/Platform and how these correspond with Firebase-Auth too.
The term is overloaded by Google and Cloud Identity, Identity Platform and Firebase Auth have overlapping sets of functionality.
Name
URL
Cloud Identity API
cloudidentity.googleapis.com
Identity Toolkit API
identitytoolkit.googleapis.com
NOTE Identity Toolkit is inaccessible through Google APIs Explorer
I wanted to be able to programmatically update Firebase Auth's authorized domains.
By observing the calls made by Firebase Console, I needed to use getConfig and updateConfig too.
These aren't surfaced through gcloud.
Essentially:
GET the response from getConfig
I used jq to transform it into my desired state
PATCH config1 using an updateMask
1 The endpoint for the updateConfig method is actually (just) config
This worked for me and hopefully helps you better understand how you can use these methods directly.
I blogged about it more comprehensively here
Trying to make use of the Server to Server OAuth flow defined here:
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
Since I'm running from a local dev environment, I've created a service account in GCP and downloaded the JSON file with the private key, but cannot find any Node.js code examples on how to:
1) load the json file
2) set delegated credentials (for G Suite domain-wide authorization)
Places I've looked (besides stackoverflow) are Google's git wiki for the node.js client library, which does talk about server to server auth, but seems to assume you're running from appengine or google cloud and don't need to load a key file:
https://github.com/googleapis/google-api-nodejs-client#service-to-service-authentication
The Admin SDK Activities Reports API has a Node example, but it's using the web-based flow assuming a user is present:
https://developers.google.com/admin-sdk/reports/v1/quickstart/nodejs
Buried deep in the Node.js samples is use of the Directory API, which does seem to take a keyfile as input, but when I try running locally it says getClient is not a constructor, and still this example doesn't show how to set the G Suite admin user for context (which is generally when a refresh token and access token are loaded into the app):
https://github.com/googleapis/google-api-nodejs-client/blob/master/samples/directory_v1/group-delete.js
So... does anybody have an example of this? I really don't want to switch to a Python runtime but Google seems to have left out important examples on this topic.
We developed a web application using SAP Web-IDE Full Stack; we need to retrieve the details of the user logged into application (as defined in SAP Cloud Platform Identity Authentication Administration), for example display name and assigned groups.
We tried the userapi/currentUser API, but it seems to work only on NEO environment, for this reason is working fine while debugging in Web-IDE, but we get a 404 error when deploying the app on Cloud Foundry.
Do we need to add a new destination to make userapi work also on CF? Or is there some kind of similar solution available on Cloud Foundry?
I highly suggest using the SAP S/4HANA Cloud SDK for such tasks. It is an SDK developed to make building applications for SAP Cloud Platform easy, by providing easy to use mechanisms for all the Cloud Platform mechanisms.
Regarding your task at hand, there is a UserAccessor class that you can use like this:
final Optional<User> user = UserAccessor.getCurrentUser();
This works on Neo as well as on Cloud Foundry, i.e. there is a single interface for both platforms, which allows you to develop your app in a platform agnostic way.
If this sounds like it could solve your problem, I recommend checking out this blog post series to get started.
Alternatively, you can also simply add the following dependency to your project to start testing the SDK:
<dependency>
<groupId>com.sap.cloud.s4hana.cloudplatform</groupId>
<artifactId>scp-neo</artifactId>
<version>2.7.0</version>
</dependency>
For Cloud Foundry use scp-cf instead of scp-neo.
Hope this helps!
P.S.: To answer your question also on a technical level, Cloud Foundry uses so-called JWTs for authentication and authorization. You can check whether a JWT is present by looking at the Authorization header of the request. The JWT should hold the information you're looking for.
In SAP Cloud Foundry if you develop a MTA using XSUAA service to manage User Authentication and Admistration, defined for example in the mta.yaml,
...
resources:
- name: uaa_myapp
parameters:
path: ./xs-security.json
service-plan: application
service: xsuaa
type: org.cloudfoundry.managed-service
...
you can use the UAA API published from XSUAA service self to manage user authentication and authorization (e.g.: retrieve user info, groups assigned, password management etc..). also in the case the application is federated with another IDP.
To consume this API for example to retrieve user info you need to:
Determine the XSUAA endpoint bound to your app (SCP Cockpit > XSUAA service detail > take the value url)
Create a destination (xsuaa_api_destination) of type OAuth2TokenExchange bound to your app with url url took before, and fill OAuth2 authentication parameters with the data contained in XSUAA service detail (step 1).
From your app execute the call xsuaa_api_destination/userinfo, for example using an ajax if you are using JS.
You can find other info in Account and Authentication Service of the Cloud Foundry Environment SAP doc.
I'm able to use the node-red-node-watson library to call an instance of Watson Conversation hosted in the US-South region of IBM Cloud. If I try it in the Germany region, it does not work.
In github I spotted the following line
ConversationV1.URL = 'https://gateway.watsonplatform.net/conversation/api';
which is the URL for Conversation in US-South. The URL shown in Bluemix VCAP_SERVICES for the Frankfurt instance is different:
"https://gateway-fra.watsonplatform.net/conversation/api"
I'm not sure if the hard-coded URL is just a default and I just missed the code reading the actual URL from VCAP_SERVICES or if this is actually a bug.
Has somebody successfully used the Node-RED node for Watson Conversation within a region other than US-South?
When you initialize the Conversation object it should be possible to set the correct base URL. This is for Node SDK, not Node-RED:
// Create the service wrapper
var conversation = new Conversation({
username: '<username>',
password: '<password>',
url: 'https://gateway-fra.watsonplatform.net/conversation/api',
version_date: Conversation.VERSION_DATE_2017_04_21
});
I more familiar with the Python SDK and there the same (only in Python :) is working successfully for me.
For Node-RED there are two scenarios. When the Conversation service is bound to the Node-RED app, then the credentials including URL are taken from the VCAP environment. This works for me and should for you. If the service is not bound then there is a "feature gap" based on the Conversation Node source code.
I want to write a Java program running externally to Bluemix that interacts with the instance of the Bluemix Object Store I have provisioned.
The program will use the Swift REST APIs to interact with the service.
The documentation for how to use the REST API is mainly missing in the service documentation and the OpenStack documentation is not helpful with specifics on how to reach the Bluemix service.
Can someone tell me what headers to set and what URL to use to authenticate with the service, and then what headers to set and what URL to use to further interact with the service ? Where do I find this information for my instance of the service ? It doesn't seem to all be available in the service credentials that are displayed.
Also, do I need to do basic authentication every time a REST call is made, or is there a way to get a token ? Where is that explained ?
The Bluemix Object Storage uses the OpenStack Identity (Keystone) v3 API for authentication. For complete documentation on the REST API, see: http://developer.openstack.org/api-ref-identity-v3.html
Since your application will be developed in Java, I'd suggest you use the openstack4j SDK. For example of using openstack4j with Bluemix object storage service, see: https://developer.ibm.com/recipes/tutorials/connecting-to-ibm-object-storage-for-bluemix-with-java/