Is it possible to create protected rooms via the admin API?
The create_room command from the docs only takes 3 parameters: Name, service and host.
Yes this is possible!
POST /api/create_room_with_opts
{
"name": "room1",
"service": "muc.example.com",
"host": "localhost",
"options": [
{
"name": "members_only",
"value": "true"
}
]
}
From here: https://docs.ejabberd.im/developer/ejabberd-api/admin-api/#create-room-with-opts
Related
Please, forgive the confusing tittle, if it is, but it does describe the problem I am having
So, I have a linked service in my Azure Datafactory. It is used for Azure SQL Database connect.
The Database name and user name are being taken from the parameters set in linked service itself. Here is a snippet of json config
"typeProperties": {
"connectionString": "Integrated Security=False;Encrypt=True;Connection Timeout=30;Data Source=myserver.database.windows.net;Initial Catalog=#{linkedService().dbName};User ID=#{linkedService().dbUserName}",
"password": {
"type": "AzureKeyVaultSecret",
"store": {
"referenceName": "KeyVaultLink",
"type": "LinkedServiceReference"
},
"secretName": "DBPassword"
},
"alwaysEncryptedSettings": {
"alwaysEncryptedAkvAuthType": "ManagedIdentity"
}
}
This works fine when in debug in the Azure portal. However, when I get the ARM Template for the whole thing, during ARM Template deployment it asks for input Connection string for the linked service. If I go to the linked service definition, and look up its connection string it will come this way
"connectionString": "Integrated Security=False;Encrypt=True;Connection Timeout=30;Data Source=dmsql.database.windows.net;Initial Catalog=#{linkedService().dbName};User ID=#{linkedService().dbUserName}"
Then when I input it in the ARM Template deployment should I be replacing "#{linkedService().dbName}" and "#{linkedService().dbUserName}" with actual values at the spot when I am entring it ? I am confused because during the ARM Template deployment there are no separate fields for these parameters, and these (parameters specific to linked service itself) are not present as separate parameters in the ARM Template definition.
I created database in my azure portal
and enabled system assigned managed Identity for sql db.
Image for reference:
I created azure keywault and created secret.
Image for reference:
I have created new access policy for Azure data factory.
Image for reference:
I created Azure data factory and enabled system managed identity.
Image for reference:
I have created new parametrized linked service to connect with database with below parameters dbName and userName. I am taking database name and User name dynamically by using above parameters.
Image for reference:
Linked service is created successfully.
json format of my lined service:
{
"name": "SqlServer1",
"properties": {
"parameters": {
"dbName": {
"type": "String"
},
"userName": {
"type": "String"
}
},
"annotations": [],
"type": "SqlServer",
"typeProperties": {
"connectionString": "Integrated Security=False;Data Source=dbservere;Initial Catalog=#{linkedService().dbName};User ID=#{linkedService().userName}",
"password": {
"type": "AzureKeyVaultSecret",
"store": {
"referenceName": "AzureKeyVault1",
"type": "LinkedServiceReference"
},
"secretName": "DBPASSWORD"
},
"alwaysEncryptedSettings": {
"alwaysEncryptedAkvAuthType": "ManagedIdentity"
}
}
}
}
I exported the arm template of data factory.
This is my linked service in my ARM template:
"SqlServer1_connectionString": {
"type": "secureString",
"metadata": "Secure string for 'connectionString' of 'SqlServer1'",
"defaultValue": "Integrated Security=False;Data Source=dbservere;Initial Catalog=#{linkedService().dbName};User ID=#{linkedService().userName}"
},
"AzureKeyVault1_properties_typeProperties_baseUrl": {
"type": "string",
"defaultValue": "https://keysqlad.vault.azure.net/"
}
Image for reference:
I have got parameters dbName and userName in my ARM template description.
{
"name": "[concat(parameters('factoryName'), '/SqlServer1')]",
"type": "Microsoft.DataFactory/factories/linkedServices",
"apiVersion": "2018-06-01",
"properties": {
"parameters": {
"dbName": {
"type": "String"
},
"userName": {
"type": "String"
}
},
"annotations": [],
"type": "SqlServer",
"typeProperties": {
"connectionString": "[parameters('SqlServer1_connectionString')]",
"password": {
"type": "AzureKeyVaultSecret",
"store": {
"referenceName": "AzureKeyVault1",
"type": "LinkedServiceReference"
},
"secretName": "DBPASSWORD"
},
"alwaysEncryptedSettings": {
"alwaysEncryptedAkvAuthType": "ManagedIdentity"
}
}
},
"dependsOn": [
"[concat(variables('factoryId'), '/linkedServices/AzureKeyVault1')]"
]
}
Image for reference:
If you didn't get parameters in ARM template description copy the value of "connectionString" and modified what you needed to and left the parameters in place and added it to the "connectionString" override parameter in my Azure Release Pipeline, and it will work.
I can successfully create user by calling the following path in Postman software:
http://{KEYCLOAK_IP}/auth/admin/realms/{REALM_NAME}/users
The body content that I send is like following:
{
"enabled":true,
"username":"Reza",
"email":"reza#sampleMailServer1.com",
"firstName":"Reza",
"lastName":"Azad",
"credentials": [
{
"type":"password",
"value":"123",
"temporary":false
}
]
}
Now, let’s assume that we have a client, which is named browserApp and this client has a role, which is named borwserAppRoleUser. Also, the realm has a role, which is name realmRoleUser.
In order to include abovementioned roles in the body content of the HTTP request I tried the following structure:
{
"enabled":true,
"username":"Reza",
"email":"reza#sampleMailServer1.com",
"firstName":"Reza",
"lastName":"Azad",
"credentials": [
{
"type":"password",
"value":"123",
"temporary":false
}
],
"role": [
{
"id": "borwserAppRoleUser",
"name": "test",
"description": "${role_create-client}",
"composite": false,
"clientRole": true,
"containerId": "browserApp"
},
{
"id":"realmRoleUser",
"composite":false,
"clientRole":false
}
]
}
Sending the above body content results in 400 bad request response. The errors contains this message:
Unrecognized field "role" (class org.keycloak.representations.idm.UserRepresentation), not marked as ignorable
Also, I am sure that the rest of the role object is not correct.
I searched for examples online, but I could not find any sample regarding the role assignment. Can any body please help me to fix this problem?
REST API not supports realm & client roles by single JSON data.
It only support by Add Realm with JSON import
The simple JSON format is like this but it needs extra data.
This is working example for Import Realm JSON data
{
"id": "test",
"realm": "test",
"users": [
{
"enabled": true,
"username": "Reza",
"email": "reza#sampleMailServer1.com",
"firstName": "Reza",
"lastName": "Azad",
"credentials": [
{
"type": "password",
"value": "123",
"temporary": false
}
],
"realmRoles": [
"user"
],
"clientRoles": {
"borwserAppRoleUser": [
"test"
]
}
}
],
"scopeMappings": [
{
"client": "borwserAppRoleUser",
"roles": [
"test"
]
}
],
"client": {
"borwserAppRoleUser": [
{
"name": "test",
"description": "${role_create-client}"
}
]
},
"roles": {
"realm": [
{
"name": "user",
"description": "Have User privileges"
}
]
}
}
If you want to assign user's realm role and client role, use separate API call.
#1 Assign user's realm role
POST {KEYCLOAK-IP}/auth/admin/realms/{REALM-NAME}/users/{USER-UUID}/role-mappings/realm
In Body of POST
[
{
"id": {REALM ROLE UUID},
"name": {ROLE NAME},
"composite": false,
"clientRole": false,
"containerId": {REALM NAME}
}
]
1.1 Get master token - here
1.2 Get User UUID
1.3 Get Realm role UUID and name
1.4 POST realm role into user
#2 Assign user's client role
POST {KEYCLOAK-IP}/auth/admin/realms/{REALM-NAME}/users/{USER-UUID}/role-mappings/clients/{CLIENT-UUID}
In Body of POST
[
{
"id": {CLIENT ROLE ID},
"name": {ROLE NAME},
"description": "${role_create-client}",
"composite": false,
"clientRole": true,
"containerId": {CLIENT-UUID}
}
]
2.1 Get master token
2.2 Get user UUID - same 1.2
2.2 Get Client UUID
2.3 Get Client role UUID & name
2.4 POST client role into user
Finally confirm both assigned roles by this API
GET {KEYCLOAK-IP}/auth/admin/realms/{REALM-NAME}/users/{USER-UUID}/role-mappings
I need to know if there is a way to delete a user from databricks using email only using SCIM api? As of now I can see it can only delete user by ID which means I need to first retrive the ID of the user and then use it to delete.
I am using this api from powershell to delete users by email.
https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/scim/scim-users
If you look into the documentation for Get Users command of SCIM Users REST API, you can see that you can specify the filtering condition for it. For example, to find specific user, you can filter on the userName attribute, like this:
GET /api/2.0/preview/scim/v2/Users?filter=userName+eq+example#databricks.com HTTP/1.1
Host: <databricks-instance>
Accept: application/scim+json
Authorization: Bearer dapi48…a6138b
it will return a list of items in the Resources section, from which you can extract user ID that you can use for delete operation:
{
"totalResults": 1,
"startIndex": 1,
"itemsPerPage": 1,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"id": "8679504224234906",
"userName": "example#databricks.com",
"emails": [
{
"type": "work",
"value": "example#databricks.com",
"primary": true
}
],
"entitlements": [
{
"value": "allow-cluster-create"
},
{
"value": "databricks-sql-access"
},
{
"value": "workspace-access"
}
],
"displayName": "User 1",
"name": {
"familyName": "User",
"givenName": "1"
},
"externalId": "12413",
"active": true,
"groups": [
{
"display": "123",
"type": "direct",
"value": "13223",
"$ref": "Groups/13223"
}
]
}
]
}
Database URL:
https://$USERNAME:$PASSWORD#$REMOTE_USERNAME.Cloudant.com/$DATABASE_NAME
What is the value of $USERNAME、$PASSWORD、$REMOTE_USERNAME?
The current Cloudant account:
VCAP_SERVICES
{
"cloudantNoSQLDB": [
{
"credentials": {
"username": "c39cexxx-bluemix",
"password": "xxxxxxx",
"host": "c39cexxx-bluemix.cloudant.com",
"port": 443,
"url": "https://c39cexxx-bluemix:xxxxxxx#c39cexxx-bluemix.cloudant.com"
},
}
]
}
The other Cloudant accounts in a database
VCAP_SERVICES
{
"cloudantNoSQLDB": [
{
"credentials": {
"username": "f39c4xxx-bluemix",
"password": "xxxxxxx",
"host": "f39c4xxx-bluemix.cloudant.com",
"port": 443,
"url": "https://f39c4xxx-bluemix:xxxxxxx#f39c4xxx- bluemix.cloudant.com"
},
}
]
}
Please give an example of replicating a remote database from Bluemix.
If you want to replicate from a remote target into a local database, your Database URL will be:
https://$remote_username:$remote_password#$remote_username.cloudant.com/$remote_database
E.g.
https://f39c45g0-bluemix:0ebdc6c7#f39c45g0-bluemix.cloudant.com/the_remote_database
You can find more information here: https://developer.ibm.com/clouddataservices/cloudant-replication/
NOTE: I'm assuming you didn't post your actual credentials, if you did you should at least change your passwords.
I am not sure what is going wrong with the create user api with roles.
Observations:
When fired without the roles it works fine, the payload is given below
{
"fullName": "unittestuser",
"emailAddress": null,
"enabled": true,
"password": "39HN=K?E",
"roles": null
}
when same endpoint is invoked with the addition of roles then it fails giving the http error code 400 (bad request)
{
"fullName": "unittestuser",
"emailAddress": null,
"enabled": true,
"password": "39HN=K?E",
"roles": [
{ "name": "unittest" },
{ "name": "UsernamePasswordAuthentication" },
{ "name": "Platform_NamedUser" },
{ "name": "Platform_Anyone" },
{ "name": "Platform_Metadata_MetadataInitializeUser" }
]
}
The roles part works when the default roles shipped with JasperReports Server installation are sent.
{
"fullName": "unittestuser3",
"emailAddress": null,
"externallyDefined": false,
"enabled": true,
"password": "39HN=K?E",
"roles": [
{ "name": "ROLE_USER" },
{ "name": "ROLE_ADMINISTRATOR" }
]
}
I have checked the the new roles which I have created are present on the JR Server before the create user is hit, so I am not sure what is going wrong with the newly created roles. I am using REST api v2 for role creation as well as user creation.
I have also tried creation the user first with empty roles and then adding roles the update call still fails with the same error.
Let me know if anyone has a clue.
Fixed...the new 6.0 on wards requires tenantid to be passed with the name of the role.
So instead of:
{ "name": "unittest" }
I passed: { "name": "unittest", "tenantId": "myorg" }