I am using IBM COS for various bucket operations. While I could find various ways of programmatically performing various bucket operations, I was wondering if there are any ways of programmatically(any sdk or rest apis) creating Service credentials as well as editing the policy for a service id?
Yes, there are APIs available to access and manage Cloud IAM
Go to the following API docs to review the available APIs:
IAM Identity Services API
IAM Access Groups API
IAM Policy Management API
Gaurav,
See this doc page to provision an instance of IBM Cloud Object Storage
https://cloud.ibm.com/docs/services/cloud-object-storage/basics/developers.html#provision-an-instance-of-ibm-cloud-object-storage
Related
Using gcloud command line I can do the following operation
gcloud builds describe 74f859e9-d621-4632-b6dd-XXXXXXXX
However I wish to use the Google Cloud API from Java, now as I understand the GCloud CLI is not using a service account, it is using a user account. How can I use the same authentication from Google Cloud Java API to do this same operation to describe a build?
Google provides decent documentation that explains how to use its SDKs (Client Libraries) with all of its services.
Here's the Cloud Build client libraries documentation. Pick your preferred language and go.
If you can't use one of Google's SDKs, then you can write code directly against the underlying API. Google's APIs Explorer is an excellent tool for navigating all Google's services. Here's Cloud Build and projects.builds.get which I think (!?) maps to gcloud build describe. You can confirm that by running gcloud builds describe --log-http to see which underlying calls are made.
Code that doesn't access user data (data owned by a user account), should run as a Service Account. Code that accesses user data or operates on behalf of a user, should use the OAuth flow for the user and use an OAuth Client ID. This is what gcloud does. As a program operating on behalf of users, it authenticates you the user using a regular OAuth flow but it operates using an OAuth Client ID against a hidden backing project. Your code should probably just run as a service account.
Is it possible to get access to events generated by User Account and Authentication (UAA) server in the context of Swisscom Application Cloud?
It is essential for me, to be able to have an audit trail of actions executed by authorised operators through the API (that would include cli and portal).
What I am looking for is an alternative of AWS CloudTrail for IAM module, that you can turn on for specific VPCs / regions there.
I have found this in the CF documentation (https://docs.cloudfoundry.org/loggregator/cc-uaa-logging.html) but that (as far as I understand it) requires infrastructure level access.
Thanks a lot for any hints.
We can't expose UAA logs to individual customers since it contains probably sensitive information about other users or the platform.
You should be able to retrieve the logs of your application in the application logs (which you can send to a syslog drain, i.e. the ELK/Elasticsearch service).
All API interactions should be covered by this log stream, according to the documentation:
Users make API calls to request changes in app state. Cloud Controller, the Cloud Foundry component responsible for the API, logs the actions that Cloud Controller takes in response.
For example:
2016-06-14T14:10:05.36-0700 [API/0] OUT Updated app with guid cdabc600-0b73-48e1-b7d2-26af2c63f933 ({"name"=>"spring-music", "instances"=>1, "memory"=>512, "environment_json"=>"PRIVATE DATA HIDDEN"})
From https://docs.cloudfoundry.org/devguide/deploy-apps/streaming-logs.html
I'm having trouble connecting to the Bluemix Object Store using the instructions presented by this link: https://knowledgelayer.softlayer.com/procedure/connect-object-storage-using-sftp
It's unclear to me what the username and account ID are so I would appreciate it if someone can clarify
The instructions are valid
Where I can find the values for SLOS/IBMOS etc?
I do not have access to the Softlayer customer portal as this service as created in Bluemix.
I can confirm that an sftp server is listening at the appropriate region endpoint.
Brien, it is not possible to use SFTP to access the Bluemix Object Storage if you create it from the Services catalog area of the Bluemix UI:
https://console.ng.bluemix.net/catalog/services/object-storage
This one can be accessed via swift cli or REST API.
To use SFTP to access your Object Storage you need to create it from the Infrastructure are of the Bluemix UI - that is the legacy Softayer that is now integrated with Bluemix.
https://console.ng.bluemix.net/catalog/infrastructure/object_storage/
Also, to create the Object Storage from the Infrastructure catalog you need to first link your Bluemix and Softlayer accounts:
https://console.ng.bluemix.net/docs/admin/softlayerlink.html
I want to write a Java program running externally to Bluemix that interacts with the instance of the Bluemix Object Store I have provisioned.
The program will use the Swift REST APIs to interact with the service.
The documentation for how to use the REST API is mainly missing in the service documentation and the OpenStack documentation is not helpful with specifics on how to reach the Bluemix service.
Can someone tell me what headers to set and what URL to use to authenticate with the service, and then what headers to set and what URL to use to further interact with the service ? Where do I find this information for my instance of the service ? It doesn't seem to all be available in the service credentials that are displayed.
Also, do I need to do basic authentication every time a REST call is made, or is there a way to get a token ? Where is that explained ?
The Bluemix Object Storage uses the OpenStack Identity (Keystone) v3 API for authentication. For complete documentation on the REST API, see: http://developer.openstack.org/api-ref-identity-v3.html
Since your application will be developed in Java, I'd suggest you use the openstack4j SDK. For example of using openstack4j with Bluemix object storage service, see: https://developer.ibm.com/recipes/tutorials/connecting-to-ibm-object-storage-for-bluemix-with-java/
In Amazon cloud API there is the possibility to get identity data, meaning data from the running instance - on which region it is, dns ....
is there the same option in Azure? as I am creating management system in which the server is installed on a virtual machine and I need to know to which region it is related, all this using REST API
In Azure you can use Azure API Management REST API to get all sort of information for Azure:
ex:
Lists all of the resources in a subscription:
https://management.azure.com/subscriptions/{subscription-id}/resources?$top={top}$skiptoken={skiptoken}&$filter={filter}&api-version={api-version}
For the complete documentation look at this page here:
https://msdn.microsoft.com/en-us/library/azure/dn776326.aspx
You can do similar things using Powershell scripts as well.