Oracle Cloud Infrastructure Authentication Error - oracle-cloud-infrastructure

I am trying to execute the Oracle cloud infrastructure rest API's from the postman application I have followed their document and made the setup but I am getting authentication errors. I need some information regarding the OCI herders.

You can go quickly to https://www.postman.com/oracledevs/workspace/oracle-cloud-infrastructure-rest-apis/overview, fork the API you want, and start using it.
No need for complex manual steps.
For the credentials, Fork the "OCI Credentials" and input your data, as shown here:
Oracle Cloud Infrastructure credentials for Postman

Please refer to below post for details.
https://redthunder.blog/2019/07/10/calling-oci-apis-from-postman/
In short, you need to create public/private key pair and upload public key to OCI via console. and use private key on your client (Postman) to authenticate your requests.

Related

Azure APIM Policy to authenticate App Configuration service using access keys

I'm trying to authenticate Azure App Configuration Service with access keys in APIM policies.
Can someone help how we can authenticate Azure App Configuration Service using Access keys in APIM policies.
You will need to implement the HMAC authentication as explained in the document below. There are code samples in a variety of languages in that doc too.
https://learn.microsoft.com/en-us/azure/azure-app-configuration/rest-api-authentication-hmac

API Base URL for Google Cloud SQL

I am trying to integrate Google Cloud SQL for Mysql into another application. The other application wants the "api base url". Does anyone know how to get the "api base url" of Google Cloud SQL for Mysql?
If you are using Google Cloud SQL and you are trying to connect your external application this documentation is the best for your case. In that document discuss the summary of connection options, authorization options and code samples also the tools for connecting that will help you to connect in Cloud SQL Mysql instance.
If you are referring to the reference of REST APIs of Cloud SQL and its service-endpoint(https://www.googleapis.com), these are some examples:
Method
Format
Description
delete
DELETE /sql/v1beta4/projects/{project}/instances/{instance}/databases/{database}
Deletes a database from a Cloud SQL instance.
get
GET /sql/v1beta4/projects/{project}/instances/{instance}/databases/{database}
Retrieves a resource containing information about a database inside a Cloud SQL instance.
insert
POST /sql/v1beta4/projects/{project}/instances/{instance}/databases
Inserts a resource containing information about a database inside a Cloud SQL instance.
update
PUT /sql/v1beta4/projects/{project}/instances/{instance}/databases/{database}
Updates a resource containing information about a database inside a Cloud SQL instance.
NOTE: You need to enable the Cloud SQL Admin API before using it.

Cloud SQL Admin Api Warning in GCF

I have a function deployed in GCF which is executed in node js. And it works with Cloud SQL instance of MySQL.
And I receive this warning from time to time.
CloudSQL warning: your action is needed to update your function and avoid potential disruptions. Please see https://cloud.google.com/functions/docs/sql#troubleshooting for additional details: ensure that the account has access to "-mysql-dev7" (and make sure there's no typo in that name). Error during createEphemeral for -mysql-dev7: googleapi: Error 403: Cloud SQL Admin API has not been used in project 319049 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/sqladmin.googleapis.com/overview?project=319049* then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured
And after this warning function continues to execute. What does it mean? Why function is not halted. If it is not important what does it mean and what if I don't enable this admin API?
BTW function only does selects and updates, it doesn't change table structure so theoretically why would it need Admin API?
I understand the confusion that warning messages may bring, especially if they have no noticeable effects on your function’s workflow.
To the best of my knowledge, the warning identifies that through not enabling this API, there will be potential for further issues when in need of performing certain tasks which require the Cloud SQL Admin API. Potential uses for the Cloud SQL Admin API can be found under public documentation. If you would ever need to list the Cloud SQL instances in a project, get the database of a particular instance, create a new Cloud SQL instance, or perform any other operation listed, please enable the API.
To avoid seeing these warnings all together, I would recommend enabling the API.
EDIT:
Cloud Functions utilizes a mechanism to connect to Cloud SQL instances via the Cloud SQL proxy, the Cloud SQL proxy in turn utilizes the Cloud SQL Admin API.
Therefore when connecting to a Cloud SQL instance without the Cloud SQL Admin API enabled, the error message is thrown.
Cloud Functions is still able to connect to the Cloud SQL instance as it utilizes a legacy connection mechanism when it is unable to do so via the Cloud SQL proxy.
This is why the function does not halt and can still perform the operations on the instance as expected.
Enabling Cloud SQL Admin API will solve the warning:

Integrating KeyVault access into VSTS Release task

I am trying to figure out what is involved to write a console application that will run as part of a VSTS Release task and that program will read a connection string (secret) from a preconfigured keyvault and then connect to an Azure SQL db using that connection string and apply some changes.
Currently I have my Web Apps connecting to KeyVault and the Azure SQL Server
using Azure AD Application Token authentication so I know what is involved on that front.
When you check "Allow scripts to access OAuth token" on agent settings page,
can this token be used (using ADAL) to connect to KeyVault and SQL Server.
(Assuming the VisualStudioSPNxxx has the appropriate access to the above resources).
If not what should I be looking for?
The vsts token (Allow scripts to access OAuth token) can’t be used to connect to KeyVault.
You need to register app with Azure Active Directory and enable to communicate with Azure Active Directory and Key Vault, then get the connectionstring dynamically.
More information, you can refer to: Protecting Secrets using VSTS and Azure Key Vault
This is made relatively very easy now with Variable Groups - https://learn.microsoft.com/en-us/vsts/pipelines/library/variable-groups?view=vsts
You can link a secret by connecting your Azure KV to a variable and then use this variable as you would normally use it in any script/task.

AWS SQS to receive message from outside of AWS

my company has a messaging system which sends real-time messages in JSON format, and it's not built on AWS, and will not have any VPN connection with AWS.
our team is trying to use AWS SQS to receive these messages, which will then have DynamoDB process JSON messages to TSV, then load into RDS.
however, as per the FAQ, SQS can only receive message from within AWS.
https://aws.amazon.com/sqs/faqs/
Q: Who can perform operations on a message queue?
Only an AWS account owner (or an AWS account that the account owner has delegated rights to can perform operations on an Amazon SQS message queue.
In order to use SQS, one way I can think of is to create a public-facing EC2 instance, which receives messages and passes over to SQS.
My questions here are:
is my idea correct?
if it's correct, can you share any details on how to build any applications on this EC2 instance to achieve the functionality (I have no experience on application development, your insights are really appreciated!)
is there any easier/better options in AWS that can achieve the goal to receive message in my use case?
is my idea correct?
No, it isn't.
You're misinterpreting the (admittedly somewhat unclear) information in the FAQ.
SQS is accessible and usable from anywhere on the Internet. Its only exposed interface is HTTP(S). In fact, from inside EC2, SQS is not accessible unless the EC2 instance actually has outbound access to the Internet.
The point being made in the documentation is not that you need to be "inside" AWS to use queues, but rather that you need to be in possession of an authorized set of AWS credentials in order to work with queues.¹
If you have an AWS account, you have credentials, and you can use SQS. There is no requirement that you access the queue from "inside" AWS.
Choose the endpoint closest to your servers (for lowest latency) and you should find it open and accessible, from anywhere.
¹Queues can be configured to allow anonymous acccess after they are created. (Don't do it, I'm just saying it is possible.) This section of the FAQ seems to be referring to a subset of operations, such as creating queues.
I was not able to write to SQS from an external service. I found some partial explanations but got stuck at the role creation.
The alternative I found is using AWS services Lambda + API Gateway to write to SQS.
This tutorial was extremely helpful, explaining all the steps in great details:
https://startupnextdoor.com/adding-to-sqs-queue-using-aws-lambda-and-a-serverless-api-endpoint/
You can access sqs from anywhere once you have proper permission through accesskey&secret key or IAM role.
SQS is not specific to vpc
It is clear that you try to do this :
Take message from your company messaging system, send it to SQS.
It is not wrong using your method (using EC2 as a bridge). However, you don't need EC2 to connect to SQS.
All AWS services can be access using AWS API(e.g. Python boto3, etc) from internet, as long as you provide the correct credential. So you can put your "middleware" in anywhere as long as you are able establish connection to the said services.
So there is lots of more options available to you. e.g. trigger from your messaging system; use AWS Lambda, etc.
Thanks for sharing the information and your insights with me!
I have tested below solution, which works for my use case:
created an endpoint in AWS API Gateway, which is able to receive messages from company messaging system, a system that does not carry AWS credentials
created a Lambda function triggered by API Gateway, so once a message arrives, Lambda will digest the JSON message and convert it to TSV, and then load into RDS