I am using the Presto REST api to query the database, but all my sessions appear to be ephemeral. For example, if I do something like
query_presto('set session columnar_processing = true')
query_presto('show session')
Despite setting the column_processing variable in the first query, the second query will show that column_processing is still the default value of false.
I read somewhere that
Presto maintains sessions for each authenticated user. This session
expires if no new requests are received within the timeout period
configured for Presto.
However, I can't find this configuration anywhere in the code nor documentation.
My question is how do I maintain a database session using the RESTful API?
After too much time digging around, I found that there is a header X-Presto-Session which you can set comma separated variables, ie
curl --data "show session" http://127.0.0.1:8889/v1/statement/ --header "X-Presto-User: myuser" --header "X-Presto-Schema: myschema" --header "X-Presto-Time-Zone: UTC" --header "X-Presto-Catalog: mycatalog" --header "User-Agent: myagent" --header "X-Presto-Session: session_variable_1=900,session_variable_2=true"
Despite what the doc says, I don't think there is a way for Presto to remember session variables set in previous executions. I have to locally cache them in my program and pass them all every execution.
Related
I have a web application secured by Keycloak. Now I want to read all the security groups and users from keycloak in my application. Is it possible?
Keycloak has a very good documentation around the APIs.
I believe you are looking to get all the groups and users from the Keycloak. It could be as straightforward as calling any REST APIs.
You can follow this link to get all the groups from the Keycloak.
And this link to get the users based on the given search criteria.
But I would be wary of the performance implication it might have calling these APIs. Make sure to use pagination and appropriate filters for getting users.
Also, if you want, you can write a custom extension in Keycloak to serve your purpose. You can follow this link for it.
I could get the access token using the client secret key using the curl command from command line.
$curl -X POST -d "client_id=my_client" -d "username=username" -d "client_secret=c957b0ba-c421-4021-8433-764aa2fwes72" -d "grant_type=client_credentials" HOST/auth/realms/my_realm/protocol/openid-connect/token
I could also get the list of users after getting the access token
$curl -X GET HOST/auth/admin/realms/my_realm/users -H "Authorization: Bearer access-token" -H 'cache-control: no-cache'
Now, I'm thinking how can I do this from my web application.
How to add custom attributes in Keycloak via REST API?
I guess you mean adding user attributes to the admin console by extending the theme - https://www.keycloak.org/docs/3.1/server_development/topics/custom-attributes.html Since that configures the admin console itself it does involve some configuration of files loaded by the keycloak app for a custom theme so I don't think the REST API alone will be enough.
As #Xtreme Biker points out, anything you can do via clicks in the admin console you can do via the REST API as the console uses that API. You can perform the relevant actions in the admin console and check the network tab in the browser console to see what the REST calls are (note you may need to tell your browser not to clear the log between page loads). So if you can do it just with clicks in the browser then the REST API is enough. If you also need to modify configuration files then you'll need to do that part outside of the REST API.
Here is an example
curl --location --request POST 'http://yourKeyclaokSSO.com/auth/admin/realms/YOUR-REALM/users' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <INSERT TOKEN HERE>' \
--data-raw '{"firstName":"James","lastName":"West", "email":"jw#test.com", "username":"james.west", "attributes": {"SomeId":"123"}}'
More documentation:
https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_userrepresentation
Context: We are using Keycloak to secure our APIs by usually passing tokens through Authorization Headers. However, these APIs also allow users to download files (for instance: https://api.service.io/users.xlsx).
To use these "download endpoints", our web client applications pass users' token via query strings. (e.g. https://api.service.io/users.xlsx?accessToken=${bearerToken})).
Problem: Passing tokens via query string has several security flaws (browser history, ...). Therefore we would like to pass a very short-lived token (e.g. lifespan of 15sec) instead of the normal one (lifespan of 300sec by default).
Question: How could we request a different token from Keycloak API (for instance, /realms/#{realm_id}/protocol/openid-connect/token) by:
providing the normal access token (not credentials);
and specifying a different lifespan ?
After reading Keycloak's source code, it appears this is not possible (version 3.4.2.Final) to ask for a specific lifespan at runtime.
However, I developed a Keycloak Custom REST endpoint to do that. https://github.com/looorent/keycloak-configurable-token-api
When this JAR file is deployed in Keycloak, you can ask for a given lifespan at runtime. For example:
$ curl -X POST -d '{ "tokenLifespanInSeconds": 20}' -H "Content-Type: application/json" -H "Authorization: Bearer <user-access-token>" http://auth.service.io/auth/realms/a-realm/configurable-token
I would like to allow anyone to trigger a job I've created in Rundeck.
I can't understand from the API documentation how to do that.
Any one knows, and can give simple examples (my understanding of the subject is minimal to none)?
What I've found is of the sort:
POST /api/1/job/[ID]/run
In order to use the Rundeck API, you need to authenticate first.
Authentication can be done in two different ways:
Using a Token
Using a username and a password
Here is an example of running a Rundeck job using its API (Token based authentication)
curl -X POST http://rundeck_server:port/api/19/job/87bdc26ce-9893-49bd-ad7a-97f4c4a39196/run?authtoken=AVy8jZdcpTYOyPcOVbfcfOQmB6b92zRu --header "Content-Type:text/xml"
Explanation:
19: the API version or Rundeck installation version (19 matchs
Rundeck 2.8.2)
87bdc26ce-9893-49bd-ad7a-97f4c4a39196: Job UUID
run: Runs a job
PS: To obtain an API Token, you must first log in to the Rundeck GUI using a user account. Click on your username in the header of the page, and you will be shown your User Profile page. From this page you can manage your API Tokens.
To update the answer above, this is an example of running a job and feeding it arguments
You will need to replace hostname/API version/job UID/token
Also the current version can be used with JSON only
curl -X POST https://rundeck-hostname.com/api/41/job/7087d3b7-e454-4983-abd5-a211d21d6f27/run?authtoken=[redacted] -H "Accept: application/json" -H "Content-Type: application/json" -d '{
"options": {
"optionName":"optionValue",
}
}
'
And if you need additional arguments for running a job you can find the updated documentation at https://docs.rundeck.com/docs/api/rundeck-api.html#running-a-job
I have several Google Compute Engine instances, and have set instance metadata on each, under the assumption these are available on the instance itself as an environment variable, but they don't show up. I then read here that I need to query the metadata server for this data, but that just returns a 403 unauthorized when run from the instance itself. Is there a way to access metadata as environment variables?
It may be worth studying Metadata querying a bit more, but my guess is that you are attempting to get custom metadata, which is resulting in it not being found. Make sure you are using the attributes directory to access any custom metadata.
For example, this will get the built-in tags metadata:
curl "http://metadata.google.internal/computeMetadata/v1/instance/tags" \
-H "Metadata-Flavor: Google"
while this will get your custom metadata for attribute foo:
curl "http://metadata.google.internal/computeMetadata/v1/<instance|project>/attributes/foo" \
-H "Metadata-Flavor: Google"