The documentation of the Bitbucket Cloud API specifies how to add an SSH key to a specific user.
However, the Bitbucket website also allows to add several SSH "Access keys" (a.k.a. Deployment keys) to a repository, enabling read-only access to the key holders.
Is it possible to add the access keys via the Bitbucket Cloud API?
Related
I need to create Firebase projects, get the Admin SDK private keys, and add resources programmatically.
I can create projects with CLI - firebase projects:create. But after that to use Admin SDK or REST API to add resources to the project, I need to get Admin SDK private key.
My plan is web scraping with direct HTTP requests. I know Fastlane use same logic to control Apple Developer Portal UI and fetch data from it programmatically.
First, I need to go: https://console.firebase.google.com/project/<project_id>/settings/serviceaccounts/adminsdk with required cookies, headers etc.
Then, I should mimic the Generate new Private Key button below and get the private key.
But I have never used this method, especially with a web page that contaions sessions, cookies etc. And, I want to build it as a microservice and deploy to a server. So, I believe 2FA might be a problem.
My questions:
Is there any more cost-effective way to get Admin SDK? Maybe, I am missing some feature in Firebase resources.
Can I mimic this button's behaviour without using any front-end scraping? Is there any precautions in Firebase servers to prevent this kind of solution.
If I do it in this way and deploy to a server, would 2FA be a problem? Can microservice work with 1-month valid sessions? Or, would it asks 2FA all the time that it works? (I have never used headless browsers etc. I just some basic web-scraping experience with Selenium.)
It looks like scraping is not necessary, gcloud CLI do the job. If you want to create Firebase projects and get service accounts programmatically do the steps below:
Create with firebase CLI: firebase projects:create --display-name "<project-name>" <project-id> (Or, probably you can create with gcloud CLI as well)
Change active project in gcloud CLI with gcloud config set project <project-id>
gcloud iam service-accounts list and store the EMAIL here. (There is just automatically created service account here, no private key created.)
Create and store the private key: gcloud iam service-accounts keys create key.json --iam-account= <EMAIL-you-stored>
according to Cloud Composer documentation here, Airflow RBAC functionality is not supported.
I'm wondering if there is another way to enable DAG Level Access Control for users visiting the Airflow UI in Cloud Composer.
Thanks!
Marco
I have unofficial way to enable it
1.goto composer bucket (GCS)
2.download and edit airflow.cfg
[webserver]
.
.
.
authenticate = True
auth_backend = airflow.contrib.auth.backends.password_auth
filter_by_owner = True
3.upload it back
*!!! Read me !!!
It'll restore when
1.change node number
2.overide configulution in GUI*
According to the documentation, you can use Cloud Identity and Access Management (Cloud IAM) for access control. Cloud IAM provides identity management for multiple Google cloud products and it operates at Google Cloud project.
You can manage roles in your project using Cloud console, gcloud command line, the REST API or the client libraries. Google provides a tutorial "Granting, changing, and revoking access to resources", where it describes how to grant specific roles to team members in Cloud IAM.
As an example below you can see how to grant a editor role to a user using gcloud:
$ gcloud projects add-iam-policy-binding example-project-id-1 \
--member='user:test-user#gmail.com' --role='roles/editor'
In case you have any doubts about the command line interface, you can also check the documentation for further clarification.
So I am fairly new to firebase and new to the more advanced concepts of gcloud and i'm setting up firebase with hosting and analytics and in the gcloud console it generated a Server key and a Browser key however they look like identical keys, both unrestricted, and when i copied the code for the fire base analytics google sent me an email warning me about the api key being public (public github repo) is it safe to publish the unrestricted browser key, if so why? If someone could explain how api keys work within google cloud that would be great.
The Google Cloud Platform has a number of API keys. These are generated for Android, iOS and web (Browser) applications and there is also a Server API key. Anyone with an API key can call the REST APIs on resources on the project it was generated for. This can incur major billing charges!
It is advisable to restrict API keys. Only give them access to the APIs they need to use. Android and iOS keys should be restricted to the applications the project support.
The browser key is the one to be careful with as the key is stored in a JavaScript object and easily obtainable. It should be restricted to the domain the web pages are served from. If email address and password authentication is enabled, an unrestricted API key can be used to create and modify users.
So no, it is not safe to publish an unrestricted browser API key.
During amplify init there is a question:
"Do you want to use AWS profile"
What is "AWS profile in this context"? When should i choose yes, and when no? What is the decision impact on the project?
After installation of AWS CLI, you can configure your CLI using aws configure command. You provide access key, secret access key and default region. Once you are done with this it creates a default profile for your CLI. All your aws commands use credentials from this default profile. Your amplify init command refers to this profile.
You can have multiple AWS profiles for your CLI to use.
Coming to your question.
1) If your aws default profile is configured for the same account where you want your amplify project to deploy you can say yes to that question.
2) If you are not sure what is there in your default profile you can opt for no and provide access key, secret key and other information by own.
Hope this will clear your doubt.
I am now hosting Pre-Packaged+Identity+Server+5.2.0+with+API+Manager+2.0.0 [https://docs.wso2.com/display/CLUSTER44x/Configuring+the+Pre-Packaged+Identity+Server+5.2.0+with+API+Manager+2.0.0] in my own AWS instance.
Planning to move on to managed Cloud solution by WSO2. But I can see independent installatiion of identity server and wso2 api manager. But is there a cloud alternative for idenitity server , api manager combo.
I am using WSO2 idenity server for user management only.keeping users in that. Can it be done in API manager as well?
What is the cloud alternative for this?
WSO2 Cloud uses Identity Server for providing Single Sign On. Cloud has its deployment architecture done in a way API Manager can also do the user management (thats comes with the power of WSO2 platform). You dont need to worry about cloud having the API Manager and Identity Server separately.
IF you are managing your subscribers and publishers, then its an out of the box scenario in the cloud. If you want to store end users of the APIs (i.e. if you are using the password grant type), then you can add a secondary userstore and store the end users in it.
I recommend you to raise these questions via the "Contact Support" option available in the Cloud UI.