I am trying to use CloudFOundry REST calls to create app, bind service etc instead of using vmc or eclipse plugin. I know we can use vcap-java-client for this but I also wanted to test calling the REST services directly such as by using cUrl utility. Where do I find the REST urls and json structs corresponding to each vmc command ?
The best way for you to see the actual rest calls to the Cloud Controller is executing the vmc commands and add the -t. So for example:
vmc apps -t
So this vmc command will show you a list of your apps and so what you get out of the additional -t is a more verbose information which shows the Cloud Controller service you are calling. In this case it would be /apps
The same command on the bottom will give you the exact output you would get from the above vmc command:
curl -H "Authorization: <Your-Oauth-token>" https://api.cloudfoundry.com/apps
The Authorization token can also be found in the -t generated output. you need to copy the entire Authorization "bearer"
Sudipta,
When you login and run vmc apps -t, you should see the following output:
Getting applications. >>>
REQUEST: GET /apps
REQUEST_HEADERS:
accept : application/json
user-agent : Ruby
authorization : bearer <token>
content-length : 0
The authorization in REQUEST_HEADERS is what you would need to use.
Related
I am trying to get the REST API of keycloak to work.
Thanks to this post I was able to get the token. But when trying the example for the list of users in the first answer, I get the error:
"error": "RESTEASY003210: Could not find resource for full path: http://PATHTOCEAKLOAK:81/auth/user/realms/master/users"
Here my request with Postman:
As I am using a Bitnami-container the admin is called user that's why I am using /auth/user/ instead of /auth/admin/
For those who are still facing this error and using 17.0+ version of Keycloak, there's a change in endpoints as per the official documentation. I resolved this issue by just using {realm}/user and omitting /auth in between.
In addition to #Akanksha_p's answer, here is a command to get the token using curl:
curl -k -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=your-client" -d "username=some-user" -d "password=hardpassword" -d "grant_type=password" -X POST https://your.fqdn.server:8443/realms/yourrealm/protocol/openid-connect/token
I was actually working on the same and using docker image of bitnami/keycloak:latest
it worked with just removing /auth from base path and keeping it as /admin
something like this (GET http://localhost:8085/admin/realms/test-realm/users)
enter image description here
If you want to know wich url are available on your current realm you can go in Realm -> Settings and click on "Ednpoints" link.
Or directly go to the following url : http://{host}:{port}/realms/{your_realm}/.well-known/openid-configuration.
#Kostanos - I will try to get the /auth/ Path back with a reverseproxy in front of the keycloak. Like nginx and make a rewrite
I am trying to write a custom Concourse resource (in Python) that accesses the Concourse instance's REST API for information. I'm stuck at obtaining the bearer token at login. The issue is that when I follow the gist of this shell script
#!/bin/bash
## Variables required #need to update these to take inputs for getting token per team and target.
CONCOURSE_URL="http://localhost:8080"
CONCOURSE_USER="test"
CONCOURSE_PASSWORD="test"
CONCOURSE_TEAM="test"
CONCOURSE_TARGET="my-concourse"
function get_token() {
## Create a file named token that will be used to read and write tokens
touch token
## extract the LDAP authentication url and write to token file
LOCAL_AUTH_URL=$CONCOURSE_URL$(curl -b token -c token -L "$CONCOURSE_URL/sky/login" -s | grep "/sky/issuer/auth/local" | awk -F'"' '{print $4}')
echo "url is $LOCAL_AUTH_URL"
# login using username and password while writing to the token file
curl -s -o /dev/null -b token -c token -L --data-urlencode "login=$CONCOURSE_USER" --data-urlencode "password=$CONCOURSE_PASSWORD" "$LOCAL_AUTH_URL"
ATC_BEARER_TOKEN=`grep 'Bearer' token | cut -d\ -f2 | sed 's/"$//'`
echo $ATC_BEARER_TOKEN
}
there are many redirects involved, and at least some of them refer to the concourse instance as being at http://localhost:8080, which does not work from inside the docker container of the resource.
So I wanted to parametrize the external base url and explicitly give it in resource config. Manually handling the redirects and rewriting the local IP into the URL fails at the last "approval" step with a code 400, probably because it looks like some kind of a cross-domain attack.
The environment variable ATC_EXTERNAL_URL is always localhost:8080 and I suspect that this is also used when forming out the redirect urls. Can this be set somewhere?
I'm bad at golang, but it seems to me that https://github.com/concourse/concourse-pipeline-resource calls the fly binary to achieve some kind of login from inside a resource. Can't say I can get what it does and how.
All help appreciated...
The env var $ATC_EXTERNAL_URL most likely corresponds to the external url specified when you start Concourse, so yes, it can (and if you're using external auth like Github or OAuth, must) be changed. You're correct in assuming that it's used to construct callback URLs.
Also, I don't want to be That Guy(TM), but the Concourse REST API is not public and is subject to change at any time. What are you trying to do that you can't get from the fly CLI? Your resource could call the ATC_EXTERNAL_URL to get the fly CLI when it's needed then execute commands that way.
I am using Curl to make requests to the Jenkins API - which is being done over https.
Jenkins is setup in IIS using a reverse proxy as advised by Jenkins.
The Jenkins site has windows authentication.
I need to pass a Crumb with my request - 403 error.
However, when I request for the Crumb, it states that I need to provide a Crumb?
I need this to work via the command prompt/batch file.
Thanks
To be able to do API calls to Jenkins, you need to generate a token for a given user in Jenkins. For example, let's do it with user Foo. You'll need to sign in with Foo user and then in the web UI: Foo (right upper corner) > Configure > API token > Add new token.
When you have your token saved somewhere, you can retrieve the breadcrumb with this command:
curl --user Foo:<token> 'https://www.mysuperduperjenkins.com/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'
What this is doing basically is fetching the XML from Jenkins that contains the breadcrumb and getting the specific element where the breadcrumb is. The result of the command should be something similar to:
Jenkins-Crumb:<someLongLongLongToken>
You can save the breadcrumb into a variable, for example name it breadcrumb and then:
curl -u 'Foo:<token>' -X POST --data '<parameters>' -H '$breadcrumb' www.mysuperduperjenkins.com
In this curl we're using the breadcrumb as a header, obtained in previous step. If the crumb is valid you should be able to perform the request without 403/401 errors.
I am using JuPyter hub on K8s. I went through the documentation and had a look at the APIs. Now, I want to use one to start a pod. However, I am unable to start one using this post.
What would be the curl request for this POST request?
I have tried with the given command and it does not work:
curl -XPOST http://some_ip.ap-south-1.elb.amazonaws.com/users/adwait/server
405 : Method Not Allowed
I would like to allow anyone to trigger a job I've created in Rundeck.
I can't understand from the API documentation how to do that.
Any one knows, and can give simple examples (my understanding of the subject is minimal to none)?
What I've found is of the sort:
POST /api/1/job/[ID]/run
In order to use the Rundeck API, you need to authenticate first.
Authentication can be done in two different ways:
Using a Token
Using a username and a password
Here is an example of running a Rundeck job using its API (Token based authentication)
curl -X POST http://rundeck_server:port/api/19/job/87bdc26ce-9893-49bd-ad7a-97f4c4a39196/run?authtoken=AVy8jZdcpTYOyPcOVbfcfOQmB6b92zRu --header "Content-Type:text/xml"
Explanation:
19: the API version or Rundeck installation version (19 matchs
Rundeck 2.8.2)
87bdc26ce-9893-49bd-ad7a-97f4c4a39196: Job UUID
run: Runs a job
PS: To obtain an API Token, you must first log in to the Rundeck GUI using a user account. Click on your username in the header of the page, and you will be shown your User Profile page. From this page you can manage your API Tokens.
To update the answer above, this is an example of running a job and feeding it arguments
You will need to replace hostname/API version/job UID/token
Also the current version can be used with JSON only
curl -X POST https://rundeck-hostname.com/api/41/job/7087d3b7-e454-4983-abd5-a211d21d6f27/run?authtoken=[redacted] -H "Accept: application/json" -H "Content-Type: application/json" -d '{
"options": {
"optionName":"optionValue",
}
}
'
And if you need additional arguments for running a job you can find the updated documentation at https://docs.rundeck.com/docs/api/rundeck-api.html#running-a-job