Below is my understanding on talking to AWS API(REST) using SDK approach or CF template generation tools(like AWS_CDK or Troposphere)
Working with AWS certification manager, we would like to create private root CA using aws-cdk constructs.
But the cdk-documentation does not support any construct to create root CA
On troposphere side, it is the same story, no support for creating root CA
aws_sdk has support for creating root CA, but state maintenance is the issue.
My preference is to pick aws_cdk, but,
What is the current status on this api level support to create private root CA, using aws-cdk?
Cloudformation does not support private Root CA Resources (view the supported resources). Therefore cdk and troposphere can not provide support for it.
You can create a Lambda backed Custom Resource that adds support for the acm pca stuff (take a look at the docs). You could use cdk to create the CustomResource and a python lambda that wraps the acm pca API calls.
Related
I would like to know if MSAL can be used with Identity providers other than Microsoft products. If yes, how.
I checked the MSAL documentetion but it is not straightforward in this question.
What I would like to do is to authenticate to Google and OneLogin (and possibly others later) using MSAL, but I don't know how.
However, I successfully used MSAL with Azure AD.
MSAL seems to be a good library to use it generally with any IDPs.
According to the reply from the MSAL.NET GitHub discussion, MSAL.NET only supports Azure identity providers, so as of September of 2022, it would not work with third-party providers. The third-party support may be added later, but no timeline at this point.
PROVISO
I believe you're asking about MSAL.JS, as using MSAL.NET with a non-MS OpenID Connect provider is unnecessary, as Microsoft.AspNetCore.Identity provides sufficient support for social logins and vendors of custom OpenID Connect servers provide own extensions (see IdentityServer docs and OpenIdDict samples)
ANSWER
Yes, it's possible to use a non-MS OIDC provider with MSAL.JS since October 2020.
You'd have to specify extra auth properties: protocolMode: 'OIDC' and knownAuthorities: ["your-id-server.com"]. See the official docs on the parameters of #azure/msal-browser.
If you follow the official JavaScript examples then the config would look like:
auth: {
clientId: "YOUR-CLIENT-ID",
authority: "https://your-id-server.com",
knownAuthorities: ["https://your-id-server.com"],
redirectUri: "https://you-client-app.com",
protocolMode: "OIDC"
}
HISTORY
Till this PR was merged 16-Oct-2020, MSAL worked with MS end-points exclusively. So the #leastprivilege's answer of 2017 was correct back then.
Thankfully, issue requests 1555 and subsequently 2120 helped to change the tide.
I'm trying to implement a simple solution to send http request metrics to Stackdriver in GCP from my API hosted in a compute engine instance.
Using recent version of Spring Boot (2.1.5). I've also pulled in actuator and micrometer-registry-stackdriver packages, actuator works for health endpoint at the moment, but am unclear on how to implement metrics for this.
In the past (separate project, different stack), I mostly used the auto-configured elements with influx. Using management.metrics.export.influx.enabled=true, and some other properties in properties file, it was a pretty simple setup (though it is quite possible the lead on my team did some of the heavy lifting while I wasn't aware).
Despite pulling in the stackdriver dependency I don't see any type of properties for stackdriver. Documentation is all generalized, so I'm unclear on how to do this for my use case. I've searched for examples and can find none.
From the docs: Having a dependency on micrometer-registry-{system} in your runtime classpath is enough for Spring Boot to configure the registry.
I'm a bit of a noob, so I'm not sure what I need to do to get this to work. I don't need any custom metrics really, just trying to get some metrics data to show up.
Does anyone have or know of any examples in setting this up to work with Stackdriver?
It seems like the feature for enabling Stackdriver Monitoring for COS is currently in Alpha. If you are down to try GCE COS VM with the agent, you can request access via this form .Curiously, I was able to install monitoring agent during instance creation as a test. I used COS image : Container-Optimized OS 75-12105.97.0 stable.
Inspecting COS, collect d agent seems to be installed here :/etc/stackdriver/monitoring.config.d and
Inspecting my monitoring Agent dashboard, I can see activity from the VM (CPU usage, etc.). I'm not sure if this is what you're trying to achieve but hopefully it points you in the right direction.
From my understanding, you try to monitor a 3rd party software that you built and get the results in GCP Stackdriver? If that’s right, I would like to suggest you to implement the stackdriver monitoring agent [1] on your VM instance, including the Stackdriver API output plugin. This agent gathers system and 3rd party application metrics and pushes the information to a monitoring system like Stackdriver.
The Stackdriver Monitoring Agent is based on the open-source “collectd” daemon so let me share some more precious documentation from its website [2].
Prior to spring-boot 2.3 StackDriver is not supported out of the box, but it's not much configuration to make it work.
#Bean
StackdriverConfig stackdriverConfig() {
return new StackdriverConfig() {
#Override
public String projectId() {
return MY_PROJECT_ID;
}
#Override
public String get(String key) {
return null;
}
}
}
#Bean
StackdriverMeterRegistry meterRegistry(StackdriverConfig stackdriverConfig) {
return StackdriverMeterRegistry.builder(stackdriverConfig).build();
}
https://micrometer.io/docs/registry/stackdriver
org.jclouds.openstack.nova.v2_0.NovaApi provides direct access to ServerApi, FlavorApi and ImageApi. I was expecting VolumeApi also to be available from NovaApi but observe it is missing. Please let me know how to list all Volume details using JCloud
I think that's because all those APIs are exposed by OpenStack Nova itself. In jclouds, you can access the volume API by using the Cinder API.
The services deployed on Application Server (AS) are not being stored in the tool WSO2 Governance Registry with their real names.
What to do to come up with the same names that have been deployed in AS?
For example, the service implemented xxx appear on WSO2 Governance Registry named Discovered-2409424825
In ws-discovery, we keep service name to UUID mapping..ServiceID is the auto generated UUID.User could not change this.But he can define the valid URI for scopes.. In the scope you can keep the service name, so it is easy to identify..
Is there a way to access the JBoss JMX data via JSON?
I am trying to pull a management console together using data from a number of different servers. I can achieve this using screen scraping, but I would prefer to use a JSON object or XML response if one exists, but I have not been able to find one.
You should have a look at Jolokia, a full featured JSON/HTTP adapter for JMX.
It supports and has been tested on JBoss as well as on many other platforms. Jolokia
is an agent, which is deployed as a normal Java EE war, so you simply drop it into your
deploy directory within you JBoss installation. Also, there a some client libraries available, e.g. jmx4perl which allows for programatic access to the agent.
There is much more to discover and it is actively developed.
If you are using Java, then you can make small program that make JMX request to JBoss server and transform the response into XML/JSON.
Following is small code snippet. This may help you.
String strInitialProp = "javax.management.builder.initial";
System.setProperty(strInitialProp, "mx4j.server.MX4JMBeanServerBuilder");
String urlForJMX = "jnp://localhost:1099";//for jboss
ObjectName objAll = ObjectName.getInstance("*:*");
JMXServiceURL jmxUrl = new JMXServiceURL(urlForJMX);
MBeanServerConnection jmxServerConnection = JMXConnectorFactory.connect(jmxUrl).getMBeanServerConnection();
System.out.println("Total MBeans :: "+jmxServerConnection.getMBeanCount());
Set mBeanSet = jmxServerConnection.queryNames(objAll,null);
There are some jmx-rest bridges available, that internally talk JMX to MBeans and expose the result over REST calls (which can deliver JSON as data format).
See e.g. polarrose or jmx-rest-access. There are a few others out there.