I am writing an application to fetch query logs from google cloud sql using stack driver monitoring. I am able to retrieve the logs using API explorer. I will be using a curl call to download the logs.
curl --header "Authorization: Bearer ACCESS_TOKEN" --header
'Content-Type: application/json' --header 'x-referer:
https://developers.google.com' -X POST --data
'{"resourceNames":["projectname"],"filter":"logName=logname"}'
"https://content-logging.googleapis.com/v2/entries:list?fields=entries(jsonPayload%2ClogName%2Coperation%2CreceiveTimestamp%2CtextPayload%2Ctimestamp)&key=APIkey"
API key is available in the interface. I have downloaded the json with client details. But I am not able to find any documentation on how to generate ACCESS_TOKEN in this case. Can someone please help me on this?
You can try:
curl -H "Authorization: Bearer "$(gcloud auth application-default
print-access-token) ...
or set:
ACCESS_TOKEN="$(gcloud auth application-default print-access-token)"
and then:
curl --header "Authorization: Bearer ${ACCESS_TOKEN}" ...
Related
While trying to use encryption/decryption feature of spring cloud config server with Pivotal Cloud Foundry's p-config-server service which is configured with a symmetric key for encryption, I am getting a 403 forbidden response which calling /decrypt on config server .
I am able to call the /encrypt endpoint successfully for encrypting values using below sample curl -
curl --location --request POST 'https://config-xxxx.apps.xxx.com/encrypt' \
--header 'Authorization: bearer <cf oauth_token here>' \
--header 'Content-Type: text/plain' \
--data-raw 'sample data'
But when trying to decrypt those values using /decrypt, I am getting 403 Forbidden error -
{
"error": "access_denied",
"error_description": "invalid issuer"
}
Sample curl for decryption -
curl --location --request POST 'https://config-xxxx.apps.xxx.com/decrypt' \
--header 'Authorization: bearer <cf oauth_token here>' \
--header 'Content-Type: text/plain' \
--data-raw '<encrypted value from previous step>'
In pivotal's config server documentation though there are reference to /encrypt but nothing related to /decrypt pivotal config server
Any pointers ?
In the Pivotal/Tanzu Spring Cloud Services (commercial product), the /encrypt API is exposed to anyone with the admin scope or to anyone that is a Space Developer in the space of the service.
The /decrypt endpoint is not exposed specifically, so you're not allowed to access with the same credentials, hence why you're seeing a 403.
My quick read of the code is that you'd need a token with scope config_server_<guide>.read to access that endpoint. Where <guid> is the config server's service guide (run cf service --guid <name> to obtain the guide).
To make that work, you'd need to get a token from the bound service or a service key, the latter is easier:
Run cf create-service-key <service_instance> decrypt-key
Run cf service-key <service_instance> decrypt-key
Run export TOKEN=$(curl -vv <access_token_uri> -d 'grant_type=client_credentials' -d 'client_id=<client_id>' -d 'client_secret=<client_secret>' | jq -r .access_token) where the values in <...> are from the output of #2.
Run curl -vv '<uri>/decrypt' -H "Authorization: bearer $TOKEN" -H 'Content-type: text/plain' -d '<encrypted-value>'
These depend on a Bash shell. You can do them on Windows, but the commands will vary. It also uses jq to make extracting the token easier. You could split the command in step #3 into two steps, fetching with curl and manually exporting TOKEN.
I have to use thingsboard by rest API as it is showed on the guide https://thingsboard.io/docs/reference/rest-api/
In particular, I have a live-demo server and a custom user with administration permission.
I can authenticate it with the username/password on the thingsboard interface
Unfortunately, when I try the following command
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{"username":, "password":}' 'https://THINGSBOARD_URL/api/auth/login'
I receive the following output:
{"status":401,"message":"Authentication failed","errorCode":10,"timestamp":"..."}
Anybody can help me?
I will glad,
Gianluca
Solved
It was certifciate problem,
I bypass it by the following command:
tokenAuthResp = requests.post(url, headers=headers, json=loginJSON, verify=False).json()
I have been trying to generate an IBM Cloud IAM token using the following command:
curl -ik -X POST --header "Content-Type: application/x-www-form-urlencoded" --header "Accept: application/json" --data-urlencod
e "grant_type=urn:ibm:params:oauth:grant-type:apikey" --data-urlencode "apikey=rzQV6ahSbPLzXjzhzuAEtbXXXXXXXXXXXXXXXX" --data-urlencode "response_type=cloud_iam,uaa&uaa_client_id=cf&uaa_client_secret=" "https://iam.ng.bluemix.net/oidc/passcode"
But it keeps giving me 405 method not allowed. What is the right way to generate the token? Is there any documentation which could be followed?
The problem is with the endpoint you are using. Here's the working curl command to generate an IBM Cloud IAM token
curl -ik -X POST \
--header "Content-Type: application/x-www-form-urlencoded" \
--header "Accept: application/json" \
--data-urlencode "grant_type=urn:ibm:params:oauth:grant-type:apikey" \
--data-urlencode "apikey=<APIKEY>" \
"https://iam.cloud.ibm.com/identity/token"
You can generate an IAM token by using either your IBM Cloud API key or a service ID's API key.
Here's the link to the documentation
How can I set AutoResizeLimit when creating a Cloud SQL MySQL instance?
The GCP API defines it here: https://cloud.google.com/sql/docs/mysql/admin-api/v1beta4/instances
The terraform provider has disk_autoresize, which is a boolean:
https://www.terraform.io/docs/providers/google/r/sql_database_instance.html#disk_autoresize
But, there is no attribute to set the auto_resize_limit.
A way to create a Cloud SQL instance with auto_resize_limit is to create it directly with querying an API e.g. with cURL and setting storageAutoResizeLimit.
The query should look like this:
ACCESS_TOKEN="$(gcloud auth application-default print-access-token)"
curl --header "Authorization: Bearer ${ACCESS_TOKEN}" \
--header 'Content-Type: application/json' \
--data '{"name":"[INSTANCE_NAME]", "region":"[REGION]",
"settings": {"tier":"[MACHINE_TYPE]",
"storageAutoResizeLimit":[SIZE],
"backupConfiguration": {"binaryLogEnabled":true, "enabled":true}}}' \
-X POST \
https://www.googleapis.com/sql/v1beta4/projects/[PROJECT-ID]/instances
Note that storageAutoResize is set to True by default.
How can we access the Box API using the refresh token that is generated? I have followed all the steps to generate the access token and refresh token but I cannot find it anywhere how can I access the API using refresh token.
This is what I have right now:
curl -X GET -H "Authorization: Bearer <Access-Token>" "https://api.box.com/2.0/folders/0"
I am not able to do this :
curl -X GET -H "Authorization: <Refresh-Token>" "https://api.box.com/2.0/folders/0"
or
curl -X GET -H "Authorization: Bearer <Refresh-Token>" "https://api.box.com/2.0/folders/0"
Any idea how we can use the Refresh token in an API call?
The access_token is used to make Box Content API calls.
The refresh_token is used to obtain a new access_token & refresh_token pair since access_tokens expire in around 60 minutes.
curl https://api.box.com/oauth2/token
-d 'grant_type=refresh_token' \
-d 'refresh_token=<MY_REFRESH_TOKEN>' \
-d 'client_id=<MY_CLIENT_ID>' \
-d 'client_secret=<MY_CLIENT_SECRET>' \
-X POST