At the moment, we are trying to get CI working in our labs..
we have just followed the instructions on the concourse website.
We are able to login properly and have setup ~/.flyrc as recomended ion the concourse-ci.org and concoursetutorial.com websites.
We have noticed that most commands are returning with a 401 Unauthorized error.
We have gone ahead setup the audit logs https://concourse-ci.org/concourse-web.html#audit-logs
But it isn't clear where this writes to, help?
It is difficult at the moment to properly trace this. BTW this is our first exposure to concourse.
We would like to know why? and what we can do resolve this (to cross this huddle).
fly -t rdb-ci set-team --team-name a-team --local-user admin --github-org organization --verbose --print-table-headers --non-interactive
2019/07/10 22:02:37 GET /api/v1/info HTTP/1.1
Host: ci.example.org
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip
2019/07/10 22:02:37 HTTP/1.1 200 OK
Content-Length: 88
Connection: keep-alive
Content-Type: application/json
Date: Wed, 10 Jul 2019 21:02:37 GMT
Server: nginx/1.12.2
X-Concourse-Version: 5.3.0
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
{"version":"5.3.0","worker_version":"2.1","external_url":"https://ci.example.org"}
setting team: a-team
role owner:
users:
- local:admin
groups:
- github:organization
apply team configuration? [yN]: y
2019/07/10 22:02:53 PUT /api/v1/teams/a-team HTTP/1.1
Host: ci.example.org
User-Agent: Go-http-client/1.1
Content-Length: 71
Content-Type: application/json
Accept-Encoding: gzip
{"auth":{"owner":{"groups":["github:organization"],"users":["local:admin"]}}}
2019/07/10 22:02:53 HTTP/1.1 401 Unauthorized
Content-Length: 14
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Date: Wed, 10 Jul 2019 21:02:53 GMT
Server: nginx/1.12.2
X-Concourse-Version: 5.3.0
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
not authorized
could not find a valid token.
logging in to team 'main'
2019/07/10 22:02:53 GET /api/v1/info HTTP/1.1
Host: ci.example.org
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip
could not reach the Concourse server called rdb-ci:
Get https://ci.example.org/api/v1/info: x509: certificate is valid for www.example.org, not ci.example.org
is the targeted Concourse running? better go catch it lol
Related
I am using traefik in kubernetes and I have a service deployed that is returning 103 Early Hint. I can confirm that it is working by directly querying the service, e.g.
curl -D - http://contra-web-app
HTTP/1.1 103 Early Hints
Link: <https://builds.contra.com>; rel="preconnect"; crossorigin
Link: <https://fonts.googleapis.com/css2?family=Inter:wght#400;500;600;700;900&display=swap>; rel="preload"; as="font"
Link: <https://builds.contra.com/3f509d0cc/assets/entry-client-routing.4f895d55.js>; rel="modulepreload"; as="script"; crossorigin
Link: <https://www.googletagmanager.com/gtag/js?id=G-96H5NXQ2PR>; rel="preload"; as="script"
HTTP/1.1 200 OK
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
content-type: text/html
content-length: 9062
Date: Tue, 26 Jul 2022 20:34:19 GMT
Connection: keep-alive
Keep-Alive: timeout=72
However, requesting the same service through Traefik just returns 200 response:
curl -H 'host: contra.com' -D - http://contra-traefik.traefik/gajus
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 11441
Content-Type: text/html
Date: Tue, 26 Jul 2022 19:51:48 GMT
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: contra_web_app_service=394e7e912ad85b66; Path=/; Secure
Vary: Accept-Encoding
X-Frame-Options: sameorigi
At this point, I am unable to establish whether I am missing a configuration or if Traefik does not support it.
Why is readyAPI responding with a 404 error when the recourse path is set other than /test in a REST Virtual service.
/test
Sun May 29 16:42:53 BST 2022: DEBUG: http-outgoing >>
POST /test HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/json
Content-Length: 0
Host: localhost:9019
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.2 (Java/16.0.1)
Sun May 29 16:42:53 BST 2022: DEBUG: http-incoming <<
HTTP/1.1 200 OK
Date: Sun, 29 May 2022 15:42:53 GMT
Content-Type: application/xml
Content-Encoding: gzip
Content-Length: 1249
Server: Jetty(9.4.40.v20210413)
[0x1f][0x8b][0x8][0x0][0x0][0x0][0x0][0x0][0x0][0xff][0xcd]W[0xdb]r[0xe2]F[0x10][0xfd][0x15][0xad][0x9e][0xb9]H[0x2]q+[0xca][0x15][0x8c]|[0x8b][0x8d][0xa1][0x0]o[0x92]J[0xb9][0xa8]A[0x1a]`6[0x92]F;3[0xda]][0xd6][0xcb][0xd7][0xe4]G[0xd3][0xad][0x1b][0x17][0xcb]v[0xaa][0xe2][0xad]
O[0xe2]tk[0xa6][0xa7][0xfb][0x9c]#[0xa9]?[0xe7]gZ[0xe0]y[0x82]Jy[0xe6][0x91]/[0xcc][0xab][0x11][0x97]KE~Y[0x7][0x84][0xf9]5[0x97][0x7][0xfd]z[0x1e][0xd7][0xfa][0xb3]x)][0xc1][0x96]T[0xdc][0xd2][0xed][0x19][0x17][0x1e][0x15][0xb][0x97][0x87]+&[0x2][0xa2][0x18][0xf][0x17]4[0xec][0xd7][0x8f][0x93][0xb4][0xfe][0x90][0x87][0x8a][0xb8]j[0xa0][0x14][0x80][0xb1][0xa2][0xc7][0xb][0x1d][0xc1][0x14]7u[0x88]"gO[0xfa][0x9c][0xeb][0xbd]'=[0xdb][[0xef][0xe9][0xe5][0xd5][0xe9][0x15][0xfd]h?H,-[0xeb][0x87][0xd9]h7[0x8c]v[0xab]i[0xfe]xq[0xa1]g[0x85]b[0x1]e[0x95]"^[0x94]
;f[0xff][0xe6][0xdb][0x88][0xbe][0xb4]?,[0xef][0x93]p[0x1d][0x93]5[0xa6]$[0xff][0x3][0xea][0x11][0xdf]g[0xa4]X[0x17][0x2][0x0]K[0xe2]S[0xb9][0xe2][0xc2][0xa5][0xf][0x92][0x8a][0x1b][0xf][0xd0][0x90]$~L1[0x18][0x91]k[0xa8][0x1b]0iXK[0xaa]HMR%[0x98][0xb7][0xa6]2;[0x85][0xa0].[0x8b][0x18][0x15]V[0x19][0xc3][0x12]YYS[0x88]ETH[0x1e][0xce][0x99][0xf2][0x11][0x19]1hlE[0x87]2[0xa5][0xba]'[0x1]B[0xe][0xf6]&[0xa9][0xb5][0x80][0x6]I[0xa3][0x0]K[0xce][0xf8][0xda] [0x2][0xbe]d>[0xbd][0x8f][0x3]h[0x16][0xe4]5[0xec]n[0xd5]0[0x1b][0xd5]N[0xab]e[0xeb][0xbb]J[0xda][0x17],*[0xb9][0xc0][0x83][0x15]3[0xa9][0xe8][0x8a]+[0xe2]O[0x4][0xf7]bWM[0x4]sag[0xab]]3[0xf0]W[0x12][0xbc][0xf8][0xe6][0xfa]Wl[0xa5][0xce][0xf9][0xb7]gy3[0xec][0xdf][0x9c]#[0xc0][0xa8][0xed][0xc1][0x8b]"[0x16][0xae][0x87][0x1b]"p[0x2][0xa6]qt[0xcf][0xc0][0xfb][0x14]K[0x15]$M+"kABo[0x8e]a[0xbd][0xd7]8[0xd9]C[0x91][0xd5][0xca]a[0xd2][0xe5]qrK[0x6];[0x14]+[0xa4][0xde][0xc7][0xc1]<[0x1]e[0xca][0x9d][0x8]90[0x88]"[0x9f]Q8[0xf4][0x8a][0xf8][0x92]Vt7[0x16][0x82][0x86].[0x12][0xf6][0xea]|[0xa2][0xef][0x81][0xd9]6Xr[0xec][0xf3][0xdf]80[0x9f][0xb8][0xd4][0x3][0x9a][0xe1]$,[0xa3]j4[0xab][0x96]aY[0x9a]a[0xf7][0xec].T[0x5])[0xd0]s[0x1f]NV[0x8][0xe5]IW[0xd9]|[0x1d]q2[0xdd][0xb1][0xcf][0xbe]0r<[0xde][0x19][0x9][0xdd][0xfd][0xe] IW[0xb8]c!5!`[0x9a]mm[0xc4]<[0xcf][0xa7]_[0x99][0xbb][0xd1][0xa6]H[0xb][0x97][0xa9]mz[0x8f][0xb7]$[0xee][0x6][0xb][0x4][0x16][0xb8][0xdc][0xc3][0x95][0x86][0xbf][0x99][0xa6]f^^c[0x1e][0xf6]E[0xa4]g[0xc3][0xd1][0xcb][0xac][0xfd][0xff][0xeb]"=
;S[0xb1][0xbd][0x12]<[0x8e][0xa0][0xc6]?_`*[0xa3][0xc3]d-[0xb8][0xfe][0xac][0xb6][0xe3][0x15][0xd6][0x2][0xe9][0xd6][0xc9]
Y[0xe9]{}^[0xc6][0xfe]
fE[0xb1][0xc6][0xbc]![0xe3][0x84][0x1b][0xd8][0xf]DFi[0x8d][0xf][0xb7][0xf7]#[0xe7][0x8f][0xc1][0xe5][0xfc] 1[0xd3][0xc4][0x9e][0xb7]y[0xbe]C[0xb][0x8a][0xc1][0xad][0xf7]<`![0xb0][0xc5][0xd3][0x6]+EE[0xc8]9:M^[0x17]H[0x8][0xa4][0x9b][0x88][0xd3][0x99]8[0xda]5[0xf][0xa8][0xe6]d[0xb1][0xa3][0x1b][0x14][0xb][0xa8][0xf4][0xb9][0x2][0x9e][0xb]4[0x1b][0xd3][0xea][0x19][0xc6][0x1]~[0x11][0xa2]-[0x99][0x9d][0x14]E[0x93][0x99]Q[0x9f]"[0xf5]s[0xaa][0xb6]r[0xaa][0xa2]q[0x10][0x1][0xd4][0x97]*[0xdf][0xaa],[0xc7][0x7][0xec][0xb5][0x8c][0xdc]?[0xb2]f[0x17][0xb3]Q4[0xc0][0xf9][0xb4][[0x96]e5[0x9b][0x15][0x9d]![0x10][0xae][0xf8][0xde]gJ3p[0xa4]F[0xd7]nt[0xd2][0xff][0x13]8[0xe6][0xde][0xb7][0xc][0xbb][0xd5]l[0xb5]P[,[0x0][0xbf]~[0x98][0xde][0x1][0xba]Q*[0x92][0xbd]z=[0x81][0xe4][0x89][0xed][0xd6][0x99]L[0x3][0xf5]=^[0x9f]&[0x93]2L{1[0xbd]p[0x16]#X[0xee]sLB[0x95][0xb0][0xd3][0xac][0xc1][0x8][0xa3][0xcc][0xe7][0xac][0xc2][r[0xd7]:t[0xbd][0xd3][0x9c][0x17][0xfd]J[0xc6][0x89][0xc5][0x88]![0xf7]y,2[0xfa][0xc1][0xd6]([0x0][0x2][0xd6][0xa2]2[0x7][0xc5][0xd6]D[0xe9]e[0xd6][0x7][0xc3][0xe8]Vr[0xe8][0xa8][0x15][0xc5][0x11][0xf4]"[0x9e]+2$[0x91][0xdc]p[0xa5][0xb9][0x82]KY]ro[0xab]-[0xc9][0xfa][0xfd]{[0xb6]D[0x17][0xce]6[0x1d][0xa6]C[0xed][0xd7][0xc1]p|>[0x83][0xc8]W[0x1e][0xc2]|[0xa7][0x9c][0x7][0x97]>[0xec][0x9c][0x1a]+[0xf0][0x84][0xc9][0xd9][0x81][0xef][0x16][0x86][0xcb][0xe4][0xe4]{[0x98][0xfa][0xff][0xec][0xf6][0xe1][0x0][0xce][0x1e]$[0xa5] [0x1a][0xb6][0x12]1[0xcd]h[0x92]<>[0x89][0xcf]$[0xc9]d[0xbb]K[0x3][0x98]=![0xee]_dR[0xc5][0xfe][0xae]Wj %w[0xc7]9[0x5]S[0xce]>[0x83][0xf7][0xcc][0xb4]w[0x8f]h[0x94][0x94][0xa7]/1[0x1][0x11]n[0xf5][0x13]<d[0x97][0xd0]\[0xb2][0xae][0x9a]UA[0xbd][0xc5][0xe1]<[0xe4][0xc9]s[0xee][0xdf]=P[0xe0][0x99][0xad]b|[0x9d][0x1a][0xea][0xbb]][0xa5]T#[0xf6][0x9b]*[0xb2][0xf]T[0xd4]4m[0xc3],QQ[0xdb][0xee]t;[0xcd][0xb6][0xf5]_[0x19][0xd1]5;U[0x13][0xce]\[0x9d][0xdd]]^[0xdd]\[0xce][0xcf][0xc7][0xbf][0xdf][0xdc]_[0xbd]"'[0xfb]m5[0xd9]o[0x8b][0xe9]U[0xc5]4[0xa1] [0xb3]\1[0xe5][0xe5]>[0x97]Oq#[0xb9][0xa3][0xe1][0x8b][0xcc][0xcf]k[0xd4][0xcf]PJ[0xa6][0x8a]C[0xa1][0xe4]y[0xef][0xa1][0x94]|[0xb6][0xfb]|[0xdc][0x1][0x9a][0xfe][0x8a][0x84][0x9a][0xbb][0xc7]$>[0x82][0x17][0x84][0xf4]=[0xfb][0x9a]D[0x11][0xf8][0x12][0x13]j[0xe3][0x91][0xed][0x87][0xf][0xfa][0xa1][0xc4][0xaa][0x8b][0x17][0x87][0xf5][0xe][0xda]z[0xc4]b[0x12]~[0xcd][0x9f][0xf3][0xf0]&[0x88][0xb8]PN[0xc][0xef][0x12][0x90]o[0xec]vp[0xc3]n[0xd7][0xaf][0xef][0xbf][0xb4][0xc3][0xef][0xa8][0xa3]o[0xa4]z[0xd9][0xf7]T[0x1d]>[0xe4][0xfe][0x1][0xe1][0x96]s{[0xcd][0x0][0x0]
/sendEmail
Sun May 29 16:47:12 BST 2022: DEBUG: http-outgoing >>
POST /sendEmail HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/json
Content-Length: 0
Host: localhost:9019
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.2 (Java/16.0.1)
Sun May 29 16:47:12 BST 2022: DEBUG: http-incoming <<
HTTP/1.1 404 Not Found
Date: Sun, 29 May 2022 15:47:12 GMT
Transfer-Encoding: chunked
Server: Jetty(9.4.40.v20210413)
0
Are there any specific rules to set the resource paths?
I intend to set the resource path as /messaging/v1/messageDefinitionSends/ for the first action(SendEmail) but it's failing.
second action SendToken is behaving the same, if the path is set as /test it response with a 200 ok status but returns a 404 error on setting the path to /v2/token.
Groovy scripts are used for creating the response.
any explanation for this behavior in ReadyAPI?
I think you might not be setting up your operations correctly. It seems like you're reusing the same endpoint but giving them different names and that is likely the reason why you're getting behavior like this.
What I'd recommend is taking a look at ReadyAPI's documentation on how to add in new operations. I think that once you set up the operations correctly you should be able to access them properly.
https://support.smartbear.com/readyapi/docs/virtualization/configure/create-operations.html
The issue was with the resource path, it was missing.
I assumed it was automatically added. after updating it started working.
Background:
I have set up an IPFS server behind an HAProxy server.
I have written a Flutter client to connect to this IPFS server through the proxy and add a file.
Problem:
Everything works as expected when I run the Flutter client as a desktop app (on Macos), but I get a 403 error when I run the Flutter client as a web app.
Details:
The headers for the successful call (captured via tcpdump) are as follows:
REQUEST:
POST /api/v0/add HTTP/1.1
Host: po.segito.net
User-Agent: Dart/2.11 (dart:io)
Accept-Encoding: gzip
Content-Type: multipart/form-data; boundary=dart-http-boundary-fmjPP-TIwnDcY7pJGniid4grt9mdDADtazmb7Pm8sP_PRJkV1oY
Content-Length: 39611
--dart-http-boundary-fmjPP-TIwnDcY7pJGniid4grt9mdDADtazmb7Pm8sP_PRJkV1oY
content-type: application/octet-stream
content-disposition: form-data; name="asset"
RESPONSE:
HTTP/1.1 200 OK
Access-Control-Allow-Headers: X-Stream-Output, X-Chunked-Output, X-Content-Length
Access-Control-Expose-Headers: X-Stream-Output, X-Chunked-Output, X-Content-Length
Content-Type: application/json
Server: go-ipfs/0.6.0
Trailer: X-Stream-Error
Vary: Origin
X-Chunked-Output: 1
Date: Sat, 07 Nov 2020 09:48:28 GMT
Transfer-Encoding: chunked
The headers for the unsuccessful call is as follows:
REQUEST:
POST /api/v0/add HTTP/1.1
Host: po.segito.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:82.0) Gecko/20100101 Firefox/82.0
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=dart-http-boundary-HvcRoK0lGd4+oahuNaOejbIBd-cID5+0n3GFvwwOY4ZqfitRP1s
Content-Length: 39611
--dart-http-boundary-HvcRoK0lGd4+oahuNaOejbIBd-cID5+0n3GFvwwOY4ZqfitRP1s
content-type: application/octet-stream
content-disposition: form-data; name="asset"
RESPONSE:
HTTP/1.1 403 Forbidden
Content-Type: text/plain; charset=utf-8
Vary: Origin
X-Content-Type-Options: nosniff
Date: Sat, 07 Nov 2020 09:38:55 GMT
Content-Length: 16
403 - Forbidden
Notes:
There is no CORS issue because all files and REST calls (including
the Flutter HTML files) are all served via the same HAProxy server.
The HAProxy is an SSL terminator.
A CURL request works as expected.
All other REST calls through the HAProxy works as expected.
I was auditing my spring web app's security and found a strange thing. Whenever I try to hit the address https://xxxxxxxxx.xxx/app then browser captures a document for downloading. But there is no API named "/app" is listed on my REST controller. Moreover, the document is blank.
Here is my request info:
GET /app HTTP/1.1
Host: xxxxxxxx.xxx
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: NG_TRANSLATE_LANG_KEY=%22en%22; count=0
Connection: close
Upgrade-Insecure-Requests: 1
Here is response sent from the server:
HTTP/1.1 200 OK
Server: nginx/1.13.12
Date: Tue, 05 Jun 2018 11:19:01 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: close
Expires: Sun, 05 Jun 2022 11:19:01 GMT
Cache-Control: max-age=126230400000, public
X-XSS-Protection: 1; mode=block
Pragma: cache
Accept-Ranges: bytes
Last-Modified: Fri, 01 Jun 2018 08:50:14 GMT
X-Content-Type-Options: nosniff
X-Application-Context: some-app
Whenever I try it from my local system then there is no issue like this. I've already disabled the directory listing for my application but the problem is still there. Please let me know if any other information is required.
My NGINX conf is as follows:
server {
listen 443 ssl http2;
server_name xxxxxxxx.xxx;
# Configure SSL
ssl_certificate /etc/ssl/certs/nginx/xxxxxx.xxx.chained.crt;
ssl_certificate_key /etc/ssl/certs/nginx/xxxxxxx.key;
include /etc/nginx/includes/ssl.conf;
location / {
include /etc/nginx/includes/proxy.conf;
proxy_pass http://10.210.xx.xx:8080;
}
access_log off;
error_log /var/log/nginx/error.log error;
}
Used google oauth2 playground: https://developers.google.com/oauthplayground/
Followed: https://developers.google.com/accounts/docs/OAuth2WebServer#offline
Anyone why I am getting invalid request?
POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-length: 209
Content-type: application/x-www-form-urlencoded
Authorization: OAuth ya29.XXXXXXXX
client_id=XXXXXXXXX&
client_secret=XXXXXXXXX&
refresh_token=1/0ffkj5lggn8XXXXXXXXX&
grant_type=refresh_token
HTTP/1.1 400 Bad Request
Content-length: 33
X-xss-protection: 1; mode=block
X-content-type-options: nosniff
X-google-cache-control: remote-fetch
-content-encoding: gzip
Server: GSE
Reason: Bad Request
Via: HTTP/1.1 GWA
Pragma: no-cache
Cache-control: no-cache, no-store, max-age=0, must-revalidate
Date: Thu, 11 Oct 2012 21:29:55 GMT
X-frame-options: SAMEORIGIN
Content-type: application/json
Expires: Fri, 01 Jan 1990 00:00:00 GMT
{
"error" : "invalid_request"
}
If you're getting 400 is because you are adding an invalid parameter or missing one.
edit:
i believe from the given data there is an extra header Authorization. This is used in oauth2 only when access_token is passed in header, to make authenticated calls
Authorization : Bearer XXXXXXXXXXXXXXXX
while refreshing access_token there is no need to provide the same in header.
https://developers.google.com/accounts/docs/OAuth2InstalledApp#refresh