Expired Certificate in Cosmos API - fiware

Using WebHDFS API of Cosmos generates an expired certificate response.
Using this url: https://cosmos.lab.fi-ware.org:13000/
we can see certificate seems expired
Do we need updated certificate or any way to go around this problem?

The certificate must be renewed, for sure. In the meantime, you can simply ignore the certificate. If you are using curl, use the -k option:
$ curl -k -X POST "https://cosmos.lab.fiware.org:13000/cosmos-auth/v1/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password&username=frb#tid.es&password=MY_PASSWORD_IS_PRIVATE"

Related

How to get ticket by api in Apereo CAS?

I am a beginner of CAS. I want to get ticket by OpenAPI, and I can provided the user name and password (which can be encrypted). but I don't know how to realize it? Thanks for your advice!
Welcome to CAS!
REST protocol support in Apereo CAS has been available since the early days of CAS 3.x. The REST protocol allows one to model applications as users, programmatically acquiring service tickets to authenticate to other applications. This is achieved by exposing a way to REST-fully obtain a Ticket Granting Ticket and then use that to obtain a Service Ticket.
You can invoke the REST API to authenticate a user and get back a ticket-granting ticket:
curl -k -X POST -H "Content-Type: Application/x-www-form-urlencoded" \
https://sso.example.org/cas/v1/tickets \
-d "username=casuser&password=Mellon"
The ticket-granting ticket that is produced can be used to obtain a service ticket:
curl -X POST -H "Content-Type: Application/x-www-form-urlencoded" \
-H "Accept: application/json" https://sso.example.org/cas/v1/tickets/ \
TGT-2-abcdefg?service=https://your.application.com
ST-1-VGF-yzB8
See this link for more details.

HTTP POST request and basic authentication

When I do:
curl https://example.com/my/ressource \
-H "Content-Type: application/json" \
--data '{"itemid":["123","456"]}' \
-u myuser
I get HTTP 403 Forbidden error code. If I use a get request it works, e.g.
curl https://example.com/my/ressource
Works fine. Also if I disable basic authentication at the server side the above post request works fine.
The server is an Apache 2.4 and it is acting as a reverse proxy.
What is wrong with the post request?
It turned out, that in the above case Apache is used as a reverse proxy and the server behind Apache could not handle Authorization, so the solution was to remove this header with:
RequestHeader unset Authorization

Export contents of the Openshift image to a file

I've been searching for this for a while. I don't have access to the binary items used to build the image because an artifactory migration ruined the repo. There is one particularly precious binary I would love to extract from the image. I know docker save would save me, but I don't have access to docker, only to the oc client.
EDIT:
After looking around a little, thought that docker-registry API should be the way to go. Debugging oc client and logs of the docker-registry pods, found that both v1 and v2 API versions seem to be used.
Somehow cannot get any further than the version check.
Getting the auth token and registry url from oc:
TOKEN=`oc whoami -t`
URL="https://"`oc -n default get route docker-registry -o jsonpath="{.status.ingress[0].host}"
Then getting a correct response to:
curl -k -X GET -H "Authorization: Bearer $TOKEN" "$URL/v2/"
...
HTTP/1.1 200 OK
but:
curl -k -X GET -H "Authorization: Bearer $TOKEN" "$URL/v2/_catalog"
...
HTTP/1.1 400 Bad Request
You can log in to the internal image registry if exposed and then pull the image back down to your local system and do what you want with it. Instructions for logging in can be found in:
http://cookbook.openshift.org/image-registry-and-image-streams/how-do-i-push-an-image-to-the-internal-image-registry.html
That talks about doing a push, but you want to do a pull.

Publish to Chrome Webstore using the items.Publish API and cURL

We are developing a Chrome Extension and, as part of the release build, we want to publish it to the Chrome Webstore for testing.
We are using cURL to send the http requests.
Using the information in :
https://developer.chrome.com/webstore/using_webstore_api
we have successfully updated the store, but I am seeing an odd error when trying to publish it using the information in
"Publishing an item to trusted testers" in the above link.
The command line looks like this as suggested in the link above:
curl -H "Authorization: Bearer %refresh_token%" -H "x-goog-api-version: 2" -H "Content-Length: 0" -H "publishTarget: trustedTesters" -X POST -v https://www.googleapis.com/chromewebstore/v1.1/items/%app_id%/publish
When I run this I get an error back stating that the publish condition is not met. The error message states that we should set publish_to_trusted_testers=true, but I can find no documentation suggesting how or where I should set this.
Note that access tokens are working OK, and the PUT command to upload the new extension is also successful.
Any advice would be gratefully accepted.
Jon
https://developer.chrome.com/webstore/webstore_api/items/publish#parameters
The docs on https://developer.chrome.com/webstore/using_webstore_api don't currently point to the correct use of the api, but the publish docs are correct.
I tried url query and it succeeded:
curl \
enter code here-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "x-goog-api-version: 2" \
-H "Content-Length: 0" \
-X POST \
-v \
https://www.googleapis.com/chromewebstore/v1.1/items/$APP_ID/publish?publishTarget=trustedTesters

OAuth2 access to Cosmos' WebHDFS in FIWARE Lab

I've recently seen the access to Cosmos' WebHDFS in FIWARE Lab has been protected with OAuth2. I know I have to add a OAuth2 token to the request in order to continue using WebHDFS, but:
How can I get the token?
How the token is added to the request?
Without the token, the API always returns:
$ curl -X GET "http://cosmos.lab.fi-ware.org:14000/webhdfs/v1/user/gtorodelvalle?op=liststatus&user.name=gtorodelvalle"
Auth-token not found in request header
Yes, now WebHDFS access is protected with OAuth2. This is part of the general mechanism for pretecting REST APIs in FIWARE, which performs authentication and authorization. You can find more details here.
First of all, you must request an OAuth2 token to the Cosmos tokens generator. This is a service running in cosmos.lab.fiware.org:13000. You can do this using any REST client, the easiest way is using the curl command:
$ curl -k -X POST "https://cosmos.lab.fiware.org:13000/cosmos-auth/v1/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password&username=frb#tid.es&password=xxxxxxxx"
{"access_token": "qjHPUcnW6leYAqr3Xw34DWLQlja0Ix", "token_type": "Bearer", "expires_in": 3600, "refresh_token": "V2Wlk7aFCnElKlW9BOmRzGhBtqgR2z"}
As you can see, your FIWARE Lab credentials are required in the payload, in the form of a password-based grant type.
Once the access token is got (in the example above, it is qjHPUcnW6leYAqr3Xw34DWLQlja0Ix), simply add it to the same WebHDFS request you were performing in the past. The token is added by using the X-Auth-Token header:
$ curl -X GET "http://cosmos.lab.fiware.org:14000/webhdfs/v1/user/frb/path/to/the/data?op=liststatus&user.name=frb" -H "X-Auth-Token: qjHPUcnW6leYAqr3Xw34DWLQlja0Ix"
{"FileStatuses":{"FileStatus":[...]}}
If you try the above request with a random token the server will return the token is not valid; that's because you have not authenticated properly:
$ curl -X GET "http://cosmos.lab.fiware.org:14000/webhdfs/v1/user/frb/path/tp/the/data?op=liststatus&user.name=frb" -H "X-Auth-Token: randomtoken93487345"
User token not authorized
The same way, if using a valid token but trying to access another HDFS userspace, you will get the same answer; that's because you are not authorized to access any HDFS userspace but the one owned by you:
$ curl -X GET "http://cosmos.lab.fiware.org:14000/webhdfs/v1/user/fgalan/path/tp/the/data?op=liststatus&user.name=fgalan" -H "X-Auth-Token: qjHPUcnW6leYAqr3Xw34DWLQlja0Ix"
User token not authorized
IMPORTANT UPDATE:
From summer 2016, cosmos.lab.fiware.org is not workin anymore. Instead, a pair of clusters, storage.cosmos.lab.fiware.org and computing.cosmos.lab.fiware.org have been setup. Regarding the auth server of Cosmos, it currently run in computing.cosmos.lab.fiware.org, port TCP/13000.
The right request must be:
curl -X POST "https://cosmos.lab.fi-ware.org:13000/cosmos-auth/v1/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password&username=user#domain.com&password=yourpassword" -k
The url was incorrect, the correct is https://cosmos.lab.fi-ware.org:13000
-k is for turn off certificate verification