I am trying to use OpenSearch Dashboards API (Amazon Kibana fork) to add a search index. I am using version 1.0 and have also setup the security plugin. I have no issues using TLS PKI for interacting with OpenSearch (Elasticsearch). However, whenever I try to interact with the OpenSearch Dashboard API with TLS PKI authentication, I get an error. I am able to setup PKI within Dashboards to authenticate to OpenSearch without any issues. Here is effectively the command on the shell using curl, but I am looking to use python when finished:
curl -X POST --cert MYCERT.crt --key MYKEY.key --cacert MY-CA-BUNDLE.crt https://HOSTNAME:5601/api/saved_objects/index-pattern/test-index -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "attributes": { "title": "test-index-*","timeFieldName": "#timestamp" } }'
I get the following JSON message error back:
{"statusCode":401,"error":"Unauthorized","message":"Authentication required"}
If I instead use the API with 'simple' username/password, the same command works:
curl -X POST -u USERNAME:PASSWORD https://HOSTNAME:5601/api/saved_objects/index-pattern/test-index -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "attributes": { "title": "test-index-*","timeFieldName": "#timestamp" } }'
However, I can't seem to find a way to allow my ansible to issue a command to the API using PKI certificates, which I am looking to do so I can disable simple authentication. Does anyone know what setting I am missing or if I am misusing the API? I have studied the plugin documentation, but I can't find any item that I am missing.
Did you try a simple query to Opensearch service like:
curl -XGET -k https://$(hostname):9200/ --key MYKEY.key --cert MYCERT.crt
If this one is not working, probably you need to check the certificates that are configured in opensearch.yml file.
Related
I'm running my local emulator suite and I'm constantly getting error messages for my curl requests. The following command:
curl -X POST http://localhost:5001/my-project/us-central1/myFunction \
-H "Content-Type: application/json" \
-d '{"productId": 123456, "quantity": 100}'
Is always showing this in the emulator CLI:
> {"productId":123456,"quantity":100,"severity":"WARNING","message":"Request body is missing data."}
> {"severity":"ERROR","message":"Invalid request, unable to process."}
None of the code was executed in the function as it starts with a console log which is never printed here. Any thoughts?
That error occurs when you use the onCall method. So, I would assume that you are using functions.https.onCall. As explained in this documentation:
It's important to keep in mind that HTTPS callable functions are similar but not identical to HTTP functions. To use HTTPS callable functions you must use the client SDK for your platform together with the functions.https backend API (or implement the protocol).
If you want to directly call the function via its endpoint then you should follow the protocol specification for https.onCall. One of its requirements is the request body should be a JSON object with data as its main key.
An example request JSON object should be like this instead:
{
"data": {
"productId": 123456,
"quantity": 100
}
}
For reference, here's the full curl request:
curl -X POST http://localhost:5001/my-project/us-central1/myFunction \
-H "Content-Type: application/json" \
-d '{ "data": { "productId": 123456, "quantity": 100 } }'
For more information, you may check out this documentation:
Protocol specification for https.onCall
I am trying to access my Firestore database using cURL from a terminal session. I have read through the REST API documentation for Firestore and the Authentication documentation for authenticating Oauth and services accounts. I have set up a services accounts and IAM roles in API dashboard. I cannot determine from the documentation what the correct path and syntax and what do use for the API Key and the BEARER token. For example, I am trying to receive a json response for the USER xyz, document field FNAME that is stored in a Firestore DATABASE (note - where do i find the the databaseID?) that is in PROJECT testproject.
Here is the CURL command lists in the documentation -
curl \
'https://firestore.googleapis.com/v1beta1/%5BNAME%5D?key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--compressed
curl --request POST \
'https://firestore.googleapis.com/v1beta2/%5BNAME%5D:exportDocuments?key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{}' \
--compressed
Questions are - what do I use for the [YOUR_API_KEY] ?
What do I use for the [YOUR ACCESS TOKEN] -
I have tried the following from credentials for a Service account that I set up
Service account - Key - 3......................e76
Unique ID - 1............39
for the API KEY and the ACCESS TOKEN and get a 403 error back
I also have a Oauth credentials -
Client ID - 2.....113-95.......cpqrarqb.....qnrpc.apps.googleusercontent.com
Client Secret - L......lq
PATH
https://firestore.googleapis.com/v1/projects/{project_id}/databases/{database_id}/collectionGroups/{collectionId}/fields/{field_id}
Which didn't work either...
Again, I am trying to access and read and write data to my Firestore database using CURL - as a proxy for what will be my REST API's. Any help and assistance much appreciated.
From the curl commands you have pasted I understand that you want to export your firestore collections to a Cloud Storage bucket. Furthermore I understand you obtained the curl commands from the api explorer of the exports method.
To provide an api key value to [YOUR_API_KEY], you first need to create an api key in your GCP project; here is the process:
Go to the credentials section.
Click on the option at the top called 'Create Credentials'.
Select API key.
Copy and keep safe the value thrown by the Cloud Console (this is your api key).
If you want to know more about API keys, you can visit this.
To provide an oauth token value, you can do the following:
You can open Cloud Shell.
Run command gcloud auth application-default print-access-token.
Copy and keep safe the value thrown by Cloud Shell (this is your oauth token).
Please note that there are several ways to create an oauth token but the one I specified is the fastest one. You may also use the oauth playground to generate your token; keep in mind that the token is valid for 60 minutes.
As per the database id I have used (default) and here I include my curl statement:
curl --request POST \
'https://firestore.googleapis.com/v1/projects/[PROJECT_ID]/databases/(default):exportDocuments?key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"collectionIds":["users"],"outputUriPrefix":"gs://[BUCKET_PATH]"}' \
--compressed
1. What I'm trying
I'm trying to POST to my Wordpress website with (bash) cURL but what seems to be not working is the user authorization.
So far, what I've been attempting is
curl \
-u ${USERNAME}:${PASSWORD} \
-X POST \
-H "Content-Type: application/json" \
-d '{"title": "this is a test"}' \
--url http://mywebsite.com.br/wp-json/wp/v2/posts/
2. What I get
{
"code": "rest_cannot_create",
"message": "Sorry, you are not allowed to create posts as this user.",
"data": {"status": 401}
}
What am I doing wrong? Maybe the -u flag is not the one I'm looking for? That's what I usually try when using BasicAuth; is it not the case here? Is the wp-json specification correct?
In the question, I'm using Basic Authentication, which actually needs to be enabled.
You can do it by downloading the WP Basic Auth Plugin from Github and then uploading, installing and activating it within your Wordpress website.
Once that's done, the question's code should work fine.
I have obtained API keys for the Cognitive Services Labs by Microsoft here, but when I try using the example provided in the API "Try me" page for the graphSearch method, I get a 500 server error after about 20 seconds. Other API endpoints (interpret, evaluate) seem to be working well. Here's my query (also tried via the "Try me" page):
export SERVER=api.labs.cognitive.microsoft.com
curl "https://${SERVER}/academic/v1.0/graph/search?mode=json" \
-H "Host: ${SERVER}" \
-H 'Content-Type: application/json' \
-H "Ocp-Apim-Subscription-Key: ${API_KEY}" \
--data '{"path":"/paper/AuthorIDs/author","paper":{"type":"Paper","NormalizedTitle":"graph engine","select":["OriginalTitle"]},"author":{"return":{"type":"Author","Name":"bin shao"}}}'
I've written an inquiry via the Cognitive Services UserVoice portal but with no answer so far. The service is not listed in the Azure Status page.
I want to know whether my query or account registration is faulty, or is this a temporary problem. Should be easy to answer.
We are trying to create users in Fiware IDM using Keystone Identity API.
We are sending the following curl command
curl -s \
-H "X-Auth-Token: e746971040657101bb1e" \
-H "Content-Type: application/json" \
-d '{"user": {"name": "newuser", "password": "changeme"}}' \
http://localhost:35357/v3/users | python -mjson.tool
The token we have used is the one configured in keystone.conf
admin_token=e746971040657101bb1e
But the result we are getting is the following
{
"error": {
"code": 401,
"message": "The request you have made requires authentication.",
"title": "Unauthorized"
}
}
Does anyone have an idea about what can happen?
A couple of ideas for you.
One is that the port value 35357 is not for the admin API calls, it's intended for user calls.
Also since you are using the v3 API I believe that the token can't be used when creating a user unless you are indicating a domain.
However I can't tell from your curl command what action you are trying to do.