How to pass argumets to RunDeck Run API - rundeck

I want to run a rundeck job using the run API. Would like to pass few parameters as well to the runDeck job during the run time.
Do I need to configure the job to accept parameters?
How to pass parameters to run API?
Thanks in advance
Regards
SJ

Option 1: In absence of tokens, first login to get cookie
curl \
-D - \
-X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Cache-Control: no-cache" \
-d "j_username=${RD_USER}&j_password=${RD_PASSWORD}" \
--cookie-jar rd_cookie \
"${RD_URL}/j_security_check"
Then, use the cookie received from successful login for subsequent transactions
curl \
-D - \
-X "POST" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d "{\"argString\":\"-arg1 val1 -arg2 val2 -arg3 val-3 -arg4 val4 \"}" \
--cookie "#rd_cookie" \
"${RD_URL}/api/16/job/${RD_JOB_ID}/executions"
Option 2: With a token, it's simpler
curl \
-D - \
-X "POST" -H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "X-Rundeck-Auth-Token: ${RD_TOKEN}" \
-d "{\"argString\":\"-arg1 val1 -arg2 val2 -arg3 val-3 -arg4 val4 \"}" \
"${RD_URL}/api/16/job/${RD_JOB_ID}/executions"

The API documentation for Rundeck describes how to run a job:
http://rundeck.org/docs/api/#running-a-job
Yes you need to create a parametrized job and pass in arguments as part of the API call. This could be considered a security measure only expected parameters can be accepted.

Related

Github REST Api get workflow runs for a specific date range with cURL

I am trying to query Github's REST API to list workflow runs for specific date ranges.
Here's an example curl call:
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/[OWNER]/[REPO]/actions/runs?created:2023-01-01..2023-01-02"
From what I understand from the documentation, this is how I should be able to retrieve only results from Jan 1st and 2nd of 2023. But it does not work, my result is always the latest runs.
What am I doing wrong?
you should use the = symbol instead of :, like:
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/[OWNER]/[REPO]/actions/runs?created=2023-01-01..2023-01-02"

Datadog keeps creating monitors when dynamic source id changes

I have a Datadog monitor generated by terraform.
The main query is as follows:
sum(last_1m):avg:app.application.health{application.health:healthy,cluster_name:${local.eks_cluster_name},!source:api-service-full} by {source}.as_count() < 60"
The issue is that after a system restart the {source} container changes it's name.
For example from app-tier-1-1abc-agent
to app-tier-1-def2-agent
The Datadog instead of updating, or removing the old monitors just creates new ones and leaves the old monitors in Alarm and N/A.
Is there anyway to improve this? All ideas appreciated, thanks!
Solved this by sending API calls to edit each monitor query on shutdown and startup.
I made a very clunky bash script, because I couldn't find a way to store -data for the curl in a variable in bash, but if using other scripting languages this could have been done in much less code, example is for 2 monitors
monitor_id=$(curl -L -X GET "https://api.datadoghq.com/api/v1/monitor" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DATADOG_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DATADOG_APP_KEY}" \
--data-raw '{"tags":["application_id:'$APP_ID_LOWERCASE'"]}'| jq -r ' .[] | select((.name |endswith("XXXXXXX Heartbeats") or endswith("XXXXX HeartBeat monitoring")) and (.tags[]=="application_id:'$APP_ID_LOWERCASE'")) | .id')
# curl gets cluster name used in queries
CLUSTER_NAME=$(curl -L -X GET "https://api.datadoghq.com/api/v1/monitor" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DATADOG_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DATADOG_APP_KEY}" \
--data-raw '{"tags":["application_id:'$APP_ID_LOWERCASE'"]}'| jq -r ' .[] | select((.name |endswith("XXXX HeartBeat monitoring")) and (.tags[]=="application_id:'$APP_ID_LOWERCASE'")) | .query' | awk -F',cluster_name:|,' '{print $2}')
# For each monitor id edit monitor query
while IFS= read -r monitors
do
# curl gets monitor name
monitor_name=$(curl -L -X GET "https://api.datadoghq.com/api/v1/monitor/"$monitors"" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DATADOG_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DATADOG_APP_KEY}" | jq -r .name)
# checking which monitor query to send based on name, the queries are hardcoded because I couldn't find a way to set the query as a variable in bash
if [[ $monitor_name == *"XXXXXX HeartBeat monitoring"* ]]; then
shutdown_query=$(curl -L -X PUT "https://api.datadoghq.com/api/v1/monitor/"$monitors"" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DATADOG_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DATADOG_APP_KEY}" \
--data-raw '{"query":"sum(last_1m):avg:health{application.health:healthy,cluster_name:'${CLUSTER_NAME}',!source:XXXXXX-full-1,source:DUMMY-VALUE-TO-RESEt-QUERY} by {source}.as_count() < 60"}')
elif
[[ $monitor_name == *"XXXXXX Instance Heartbeats"* ]]; then
shutdown_query=$(curl -L -X PUT "https://api.datadoghq.com/api/v1/monitor/"$monitors"" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DATADOG_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DATADOG_APP_KEY}" \
--data-raw '{"query":"sum(last_1m):avg:heartbeat{cluster_name:'${CLUSTER_NAME}',source:DUMMY-VALUE-TO-RESEt-QUERY} by {source}.as_count() < 3"}')
fi
done <<< "$monitor_id"
Then just remove the dummy query value on startup and it will pick up your new monitors while forgetting the non existing ones

Configuration of reCAPTCHA for Keycloak via CLI

Is there a way to configure reCAPTCHA via the CLI for a Keycloak standalone installation? To be more precise, is it possible to carry out all the steps described here in the Keycloak docs with the help of kcadm.sh?
You can achieve that by using Keycloak Admin REST API.
The first step is to get an admin token, so that one can call the Rest API:
curl -d "client_id=admin-cli" \
-d "username=$ADMIN_NAME" \
-d "password=$ADMIN_PASSWORD" \
-d "grant_type=password" \
https://$KEYCLOAK_IP/auth/realms/master/protocol/openid-connect/token
You will get a json response with the admin token. Extract the access token from that response (lets called $ACCESS_TOKEN).
Now, we need to get the list of all executions linked to the registration flow:
curl -X GET https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/authentication/flows/registration/executions \
-H "Content-Type: application/json" \
-H "Authorization: bearer $ACCESS_TOKEN"
From that json response, extract the id of the "providerId=registration-recaptcha-action". Lets call that id, $ID_RECAPTCHA.
Next make the reCaptcha required at the registration:
CAPTCHA_DATA='{"id":"$ID_RECAPTCHA","requirement":"REQUIRED","providerId":"registration-recaptcha-action"}'
curl -X PUT https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/authentication/flows/registration/executions \
-H "Content-Type: application/json" \
-H "Authorization: bearer $ACCESS_TOKEN"\
-d "$JSON_DATA"
Finally, to configure your own captcha:
CONFIG_DATA='{"config":{"site.key":"<YOUR SITE KEY>","secret":"<YOUR SECRET>","useRecaptchaNet":"<True or False>"},"alias":"<The CAPTCHA ALIAS>"}'
curl -X POST https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/authentication/executions/$ID_RECAPTCHA/config \
-H "Content-Type: application/json" \
-H "Authorization: bearer $ACCESS_TOKEN"\
Next, the best thing is to automatize this process with, for instance, some bash scripts.

Cloudflare DDNS repeat sh script using API v4, with multiple A record in a single sh script, but fail

I am trying to use Cloudflare API v4 to setup DDNS on my server. But I am new in scripting .sh file. I hope to update multiple DNS records in a single .sh file.
I got a script from the internet (script1.sh):
NEW_IP=`curl -s http://ipv4.icanhazip.com`
CURRENT_IP=`cat /Users/foo/Desktop/cloudflare/current_ip.txt`
if [ "$NEW_IP" = "$CURRENT_IP" ]
then
echo "No Change in IP Adddress"
else
curl -X PUT "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records/{dns_record_id}" \
-H "X-Auth-Email: {my_email}" \
-H "X-Auth-Key: {global_api_key}" \
-H "Content-Type: application/json" \
--data '{"type":"A","name":"{domain_name}","content":"'$NEW_IP'","ttl":1,"proxied":true}'
echo $NEW_IP > /Users/foo/Desktop/cloudflare/current_ip.txt
fi
The above script is work fine for single DNS record update instead of multiple record update like below (script2.sh):
NEW_IP=`curl -s http://ipv4.icanhazip.com`
CURRENT_IP=`cat /Users/foo/Desktop/cloudflare/current_ip.txt`
if [ "$NEW_IP" = "$CURRENT_IP" ]
then
echo "No Change in IP Adddress"
else
#domain-one
curl -X PUT "https://api.cloudflare.com/client/v4/zones/{zone_id_for_domain_one}/dns_records/{dns_record_id_for_domain_one_record_one}" \
-H "X-Auth-Email: {my_email}" \
-H "X-Auth-Key: {global_api_key}" \
-H "Content-Type: application/json" \
--data '{"type":"A","name":"domain-one.com","content":"'$NEW_IP'","ttl":1,"proxied":true}'
curl -X PUT "https://api.cloudflare.com/client/v4/zones/{zone_id_for_domain_one}/dns_records/{dns_record_id_for_domain_one_record_two}" \
-H "X-Auth-Email: {my_email}" \
-H "X-Auth-Key: {global_api_key}" \
-H "Content-Type: application/json" \
--data '{"type":"A","name":"subdomain.domain-one.com","content":"'$NEW_IP'","ttl":1,"proxied":true}'
#domain-two
curl -X PUT "https://api.cloudflare.com/client/v4/zones/{zone_id_for_domain_two}/dns_records/{dns_record_id_for_domain_two_record}" \
-H "X-Auth-Email: {my_email}" \
-H "X-Auth-Key: {global_api_key}" \
-H "Content-Type: application/json" \
--data '{"type":"A","name":"domain-two.com","content":"'$NEW_IP'","ttl":1,"proxied":true}'
echo $NEW_IP > /Users/foo/Desktop/cloudflare/current_ip.txt
fi
Can you please help to explain and solve the problem? Please tell me what's wrong in the script. Thanks!
[edit] I run it once by sh /Users/foo/Desktop/script-name.sh, for the first example (script1.sh), it is ok; for second example (script2.sh), return -bash: fork: Resource temporarily unavailable. As I use automatic run script like cron, it is same result.
Every curl request done, needed to add & or && to continue the following function.
More explanation here.
NEW_IP=`curl -s http://ipv4.icanhazip.com`
CURRENT_IP=`cat /Users/foo/Desktop/cloudflare/current_ip.txt`
if [ "$NEW_IP" = "$CURRENT_IP" ]
then
echo "No Change in IP Adddress"
else
#domain-one
curl -X PUT "https://api.cloudflare.com/client/v4/zones/{zone_id_for_domain_one}/dns_records/{dns_record_id_for_domain_one_record_one}" \
-H "X-Auth-Email: {my_email}" \
-H "X-Auth-Key: {global_api_key}" \
-H "Content-Type: application/json" \
--data '{"type":"A","name":"domain-one.com","content":"'$NEW_IP'","ttl":1,"proxied":true}' &
curl -X PUT "https://api.cloudflare.com/client/v4/zones/{zone_id_for_domain_one}/dns_records/{dns_record_id_for_domain_one_record_two}" \
-H "X-Auth-Email: {my_email}" \
-H "X-Auth-Key: {global_api_key}" \
-H "Content-Type: application/json" \
--data '{"type":"A","name":"subdomain.domain-one.com","content":"'$NEW_IP'","ttl":1,"proxied":true}' &
#domain-two
curl -X PUT "https://api.cloudflare.com/client/v4/zones/{zone_id_for_domain_two}/dns_records/{dns_record_id_for_domain_two_record}" \
-H "X-Auth-Email: {my_email}" \
-H "X-Auth-Key: {global_api_key}" \
-H "Content-Type: application/json" \
--data '{"type":"A","name":"domain-two.com","content":"'$NEW_IP'","ttl":1,"proxied":true}'
echo $NEW_IP > /Users/foo/Desktop/cloudflare/current_ip.txt
fi
After going through many posts on this topic I've ended up taking parts from a number posts and settled for the below.
The below will loop through the entries in the array "dnsrecords" and update each with the machines current external address.
Have had a little more time to look into this, I wanted it to run it on my NGINX server as a cronjob and update multiple records, some to be proxied and others not.
Still want to make some of the below into functions, but for now it is working as I need it to.
And it also logs onto a "log.log" file on every run.
#!/usr/bin/bash
## Cloudflare authentication details
## Keep these private
cloudflare_auth_email=Your_Email
cloudflare_auth_key="Your_API_Key"
zoneid="Your_Zone_ID"
## Cloudflare Proxied DNS Records as Array
dnsrecords_proxied=(
"domain.com"
"www.domain.com"
"sub1.domain.com"
"sub2.domain.com"
"sub3.domain.com"
"sub3.domain.com"
)
## Cloudflare Non-Proxied DNS Records as Array
dnsrecords_not_proxied=(
"vpn01.domain.com"
"vpn02.domain.com"
)
## Files to log to (replace "path/to/" with script path)
log=path/to/log.log
log_ip=path/to/previous_ip
## Getting Date/Time
dt=$(date '+%d/%m/%Y %H:%M:%S')
## Get old IP from file
old_ip=$(cat $log_ip)
## Get the current external IP address
ip=$(curl -s -X GET https://api.ipify.org)
#echo "Current IP is $ip"
## Checking if IP changed since last update
if [ $ip = $old_ip ]; then
echo -en "$dt - Previous IP:$old_ip\n$dt - Current IP:$ip\n$dt - No Changes Required....\n" >> $log
echo "$(tail -n 1000 $log)" > $log
exit
## Exit if IP has not changed
else
## If the IP changed, not match the one on file "previous_ip"
echo -en "$dt - Previous IP:$old_ip\n$dt - Current IP:$ip\n$dt - Starting Updates....\n" >> $log
## Processing Proxied DNS Records
for dnsrecord in "${dnsrecords_proxied[#]}"
do
## For each DNS Record in Array "dnsrecords"
# Getting the DNS Record ID
dnsrecordid=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records?type=A&name=$dnsrecord" \
-H "X-Auth-Email: $cloudflare_auth_email" \
-H "Authorization: Bearer $cloudflare_auth_key" \
-H "Content-Type: application/json" | jq -r '{"result"}[] | .[0] | .id') &&
# Updating the DNS Record
curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/$dnsrecordid" \
-H "X-Auth-Email: $cloudflare_auth_email" \
-H "Authorization: Bearer $cloudflare_auth_key" \
-H "Content-Type: application/json" \
--data "{\"type\":\"A\",\"name\":\"$dnsrecord\",\"content\":\"$ip\",\"ttl\":1,\"proxied\":true}" | jq
echo -en "$dt - Updated - $dnsrecord \n" >> $log
done
## Processing Non Proxied DNS Records
for dnsrecord in "${dnsrecords_not_proxied[#]}"
do
## For each DNS Record in Array "dnsrecords"
# Getting the DNS Record ID
dnsrecordid=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records?type=A&name=$dnsrecord" \
-H "X-Auth-Email: $cloudflare_auth_email" \
-H "Authorization: Bearer $cloudflare_auth_key" \
-H "Content-Type: application/json" | jq -r '{"result"}[] | .[0] | .id') &&
# Updating the DNS Record
curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/$dnsrecordid" \
-H "X-Auth-Email: $cloudflare_auth_email" \
-H "Authorization: Bearer $cloudflare_auth_key" \
-H "Content-Type: application/json" \
--data "{\"type\":\"A\",\"name\":\"$dnsrecord\",\"content\":\"$ip\",\"ttl\":1,\"proxied\":false}" | jq
echo -en "$dt - Updated - $dnsrecord \n" >> $log
done
echo $ip > $log_ip
echo -en "$dt - Updates Completed.... \n" >> $log
echo "$(tail -n 1000 $log)" > $log
fi

Paypal Preapproval invalid request

I'm trying to play with the PreApproval from Adaptive Payments. Specifically, to go through the four steps from the documentation on Preapproval.
I'm stuck at the Step 1: Set Up the Preapproval with a curl command:
$ curl -s --insecure \
-H "X-PAYPAL-SECURITY-USERID: myuserid.gmail.com" \
-H "X-PAYPAL-SECURITY-PASSWORD: mypass" \
-H "X-PAYPAL-SECURITY-SIGNATURE: mysignaturestring" \
-H "X-PAYPAL-REQUEST-DATA-FORMAT: NV" \
-H "X-PAYPAL-RESPONSE-DATA-FORMAT: NV" \
-H "X-PAYPAL-APPLICATION-ID: APP-80W284485P519543T" \
https://svcs.sandbox.paypal.com/AdaptivePayments/Preapproval -d \
"cancelUrl=http://www.yourdomain.com/cancel.html
&currencyCode=USD
&endingDate=2014-09-10T22:00:00Z
&maxAmountPerPayment=200.00
&maxNumberOfPayments=30
&maxTotalAmountOfAllPayments=1500.00
&pinType=NOT_REQUIRED
&requestEnvelope.errorLanguage=en_US
&returnUrl=http://www.yourdomain.com/success.html
&startingDate=2014-08-10T22:00:00Z"
Instead of a preapprovalKey, I receive an error. I know it's something wrong with the data I send, but I can't figure out what:
esponseEnvelope.timestamp=2014-08-05T01:24:55.289-07:00
&responseEnvelope.ack=Failure
&responseEnvelope.correlationId=7c6db7beda57a
&responseEnvelope.build=11853342
&error(0).errorId=580001
&error(0).domain=PLATFORM
&error(0).subdomain=Application
&error(0).severity=Error
&error(0).category=Application
&error(0).message=Invalid request: Data validation warning(line -1, col 0): 2014-09-10T22:00:00Z
&error(0).parameter(0)=Data validation warning(line -1, col 0): 2014-09-10T22:00:00Z
Please note that:
my API credentials are OK, I've successfully tested them on Express Checkout from the documentation
some fields are according to documentation while others are exactly like in the docs copy pasted:
startingDate is in the future, the docs say to not be today's date (the date of the post) or after end date.
endingDate - startingDate is one month, less than a year as they say in the docs.
I also tried using https://apigee.com/console/paypal in case I was doing sth wrong with curl
Damn, I figured it out due to my indentation on SO to have it look pretty for you guys. It's because of the whitespace enters (\n's) in the -d \ "cancelUrl=... &currencyCode=USD & ...".
Thanks, so the correct one for reference here is:
$ curl -s --insecure \
-H "X-PAYPAL-SECURITY-USERID: myuserid.gmail.com" \
-H "X-PAYPAL-SECURITY-PASSWORD: mypass" \
-H "X-PAYPAL-SECURITY-SIGNATURE: mysignaturestring" \
-H "X-PAYPAL-REQUEST-DATA-FORMAT: NV" \
-H "X-PAYPAL-RESPONSE-DATA-FORMAT: NV" \
-H "X-PAYPAL-APPLICATION-ID: APP-80W284485P519543T" \
https://svcs.sandbox.paypal.com/AdaptivePayments/Preapproval -d \
"cancelUrl=http://www.yourdomain.com/cancel.html&currencyCode=USD&endingDate=2014-09-10T22:00:00Z&maxAmountPerPayment=200.00&maxNumberOfPayments=30&maxTotalAmountOfAllPayments=1500.00&pinType=NOT_REQUIRED&requestEnvelope.errorLanguage=en_US&returnUrl=http://www.yourdomain.com/success.html&startingDate=2014-08-10T22:00:00Z"