I followed this tutorial:
https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-install-hashicorp-vault-on-linux/
$ vault auth enable approle
Error enabling approle auth: Error making API request.
URL: POST http://localhost:8200/v1/sys/auth/approle
Code: 400. Errors:
* missing client token
my vault is running in a container and I have exposed it by 8200 port do I need to mount volumes ?
Use VAULT_TOKEN env while interacting with the vault server via vault CLI:
$ export VAULT_TOKEN="....."
That guide is missing the authentication step.
You will need to to provide a header in your curl request, for example
curl --header 'X-Vault-Token: s.5iSwFPh0XQa96MSrBHquCFlH' https://vault.blah/v1/...
Related
I am trying to follow the istio gateway and Virtual Service guide at - https://istio.io/docs/tasks/traffic-management/ingress/ingress-control/#determining-the-ingress-ip-and-ports
I can see that these resources (Gateway & VS) are created from Kiali and also from command line. When I try to access my endpoint at curl -I -HHost:httpbin.example.com http://$INGRESS_HOST:$INGRESS_PORT/status/200 I get a 403 Forbidden error.
I am looking at the istio-proxy logs at
k logs httpbin-pod -c istio-proxy -n my-bookinfo
and dont see much there. I am trying to figure out where I can start to debug the issue. Any ideas? (edited)
I guess the HTTP 403 issue might be connected with Istio Authorization or Authentication mesh configurations, assuming that you've successfully injected Envoy sidecar into the particular Pod or widely across related namespaces.
The logs inspection might be most issue explainable task, confirming that Envoy's Access Logs are already enabled, you can look through relevant istio-proxy sidecar and istio-ingressgateway Pod logs; whereas you can fetch Envoy proxy response flags and traffic path workflow:
$ kubectl logs -l app=httpbin -c istio-proxy
[2019-03-06T09:31:27.360Z] "GET /status/418 HTTP/1.1" 418 - "-" 0 135
5 2 "-" "curl/7.60.0" "d209e46f-9ed5-9b61-bbdd-43e22662702a"
"httpbin:8000" "127.0.0.1:80"
inbound|8000|http|httpbin.default.svc.cluster.local - 172.30.146.73:80
172.30.146.82:38618 outbound_.8000_._.httpbin.default.svc.cluster.local
Check Authentication Policies within a mesh, that can affect sidecars proxy behavior and revise a global mesh policy in terms of mTLS authentication, Permissive mode is enabled by default:
$ kubectl get policies.authentication.istio.io --all-namespaces
$ kubectl get meshpolicy.authentication.istio.io default -oyaml
If you launched Authorization rules within a mesh, verify all the corresponded RBAC policies:
$ kubectl get clusterrbacconfigs.rbac.istio.io --all-namespaces
$ kubectl get authorizationpolicies.rbac.istio.io,rbacconfigs.rbac.istio.io,servicerolebindings.rbac.istio.io,serviceroles.rbac.istio.io --all-namespaces
Find more related information about troubleshooting steps in the official Istio documentation.
I'm trying to connect to ActiveCollab API trial account with Postman.
I'm stuck at the beginning, because I can't get the required token.
I tried unsuccessfully (got an error) to run the below command in CMD and Powershell:
curl -XPOST -d 'email=mymail#gmail.com&password=myPassword' https://activecollab.com/api/v1/external/login
Error:
curl: no URL specified!
curl: try 'curl --help' for more information
'password' is not recognized as an internal or external command,
operable program or batch file.
then I tried to make the call with postman GET and POST method
url: https://activecollab.com/api/v1/external/login?email=mymail#gmail.com&password=myPassword
with and without parameters, with basic authentication, no authentication and APIkey authentication.....
Also tryed with https://app.activecollab.com/205491/issue-token
with body type json:
{
"username": "mymail#gmail.com",
"password": "maypassword",
}
and with username and password in headers, with no success
Can anybody make or describe how to make a postman call to get the token and an simple example how to get/add project.
Does anybody know if this documentation is up to date?
It's described at this page:
https://developers.activecollab.com/api-documentation/v1/authentication.html
Your correct endpoint would be: https://app.activecollab.com/205491/api/v1/issue-token
I want to start a notebook server as described here. I learnt that I need to get an auth token from this and so wanted to get the same, I have to use the api as described here. It always states "Method not allowed, 405". I am unable to figure out what is the right way to do this.
I tried the following post requests:
http://MY_JHUB_ON_K8S_SERVER.com/authorizations/token
with the body of JSON/Application:
{
"username": "aviral",
"password": "aviral",
}
The headers are:
[{"key":"Content-Type","name":"Content-Type","value":"application/json","description":"","type":"text"}]
In Postman, I had tried basic auth as well as no auth. In the basic auth, I pasted the username and password, while when there was no auth, I put the same in the json body
I expect to get the token so that I can start a server. Right now, regardless of the permutation and combination, I am getting 405.
This seems to be possible using the oath api endpoint but I wasn't successful.
Instead I run this command on the jupyterhub server to generate a token
jupyterhub token myusername
and then calls should work properly using the rest api:
curl --insecure 'https://myjupyterhubserver:8443/hub/api/users' \
-H 'Authorization: Token mygeneratedtoken'
How can I update rpccorsdomain value with my private node already mining?
Note
I have already setup it before to point to a url --rpccorsdomain "http://mywebsite.com" and need to update it to different value
You can restart the RPC API using either the console or through a curl command.
In the console, you can issue an admin.stopRPC() and then restart it passing in the new cors value with admin.startRPC(host, port, newCorsList, apis).
If you prefer using curl:
curl -X POST --data '{"method": "admin_stopWS"}' nodeHostName:nodePortNumber
curl -X POST --data '{"method": "admin_startWS", "params": [host, port, cors, apis]}' nodeHostName:nodePortNumber
The full list of available management APIs can be found here.
Alternatively, you can just stop the node and restart it passing in the new cors list via command line options.
I am getting 400 bad request error while calling "/api/get_roster" endpoint of ejabberd. I had kept "get_roster" in the scope while requesting the oauth token.
400 bad request error in ejabberd
I guess there is some issue with the permissions. Here is my configuration file:
https://www.dropbox.com/s/his89bx39qhvr1h/ejabberd2.yml?dl=0
I have tried to follow the official documentation. As per the API permission guide, I have also tried adding following properties:
api_permissions:
- "Admin access":
- who:
- admin
- what
- "\*"
- "!stop"
But there was no change. I have following questions:
What am I doing wrong here?
What are possible scopes?
Your request should contain Authorization header as below:
curl -v -X POST -H "Authorization: Bearer <Oauth_token>" http://localhost:5280/api/get_roster -d '[]'
You can refer to this link for more details. If you are accessing as admin you can use commands_admin_access rule to provide access to api commands and specify the commands you want to access as follows:
commands:
- add_commands:
- get_roster
commands_admin_access: configure
You are using very old version of Ejabberd. Latest is 17.04 which has lots of changes in API permission framework from 16.01 . api_permission related configuration came in 16.12 version. Please refer this for more detail.