I have;
A master key.
A database scoped credential.
An external data source.
File format.
A user created managed identity for Azure SQL Server.
RBAC contributor permission for that managed identity on my ADLS storage account.
When I execute the code to create an external table this error is raised:
Failed to obtain the credential secret for the provided database and
credential. Database Name = DWShellDb, Credential Name =
devtechnicalpractice1_AdlsManagedIdentity, Exception =
System.Data.SqlClient.SqlException (0x80131904): Fail to obtain or
decrypt secret for credential
'devtechnicalpractice1_AdlsManagedIdentity'.
This is the code:
CREATE DATABASE SCOPED CREDENTIAL credname
WITH
IDENTITY = 'exact_mi_name'
;
CREATE EXTERNAL DATA SOURCE datasourcename
WITH
( LOCATION = 'abfss://containername#storageaccountname.dfs.core.windows.net' ,
CREDENTIAL = credname ,
TYPE = HADOOP
) ;
CREATE EXTERNAL FILE FORMAT Header_CSV1
WITH (FORMAT_TYPE = DELIMITEDTEXT,
FORMAT_OPTIONS(
FIELD_TERMINATOR = ',',
STRING_DELIMITER = '"',
FIRST_ROW = 1,
USE_TYPE_DEFAULT = True)
) ;
CREATE EXTERNAL TABLE [dbo].[tablename]
( [field1] VARCHAR(250) NULL,
[field2] VARCHAR(250) NULL,
[field3] VARCHAR(250) NULL )
WITH
(
LOCATION='/Countries/' ,
DATA_SOURCE = datasourcename,
FILE_FORMAT = Header_CSV1 ,
REJECT_TYPE = VALUE ,
REJECT_VALUE = 0
) ;
I do not think the error lies within the TSQL but is security permission.
I had same issue. Later I found out that I was missing secret while creating scoped credentials.
It should be something like this:
CREATE DATABASE SCOPED CREDENTIAL credname
WITH
IDENTITY = 'exact_mi_name',
SECRET = 'adfNSkGPaTuryRdqt9sPAnjPW8xEzM7kQIYt' // data lake key
;
Related
I am trying to use rtweet's search_fullarchive using my premium token registered at Twitter Developer. However, I got an error message of:
Warning: list(message = "Forbidden: Authentication succeeded but account is not authorized to access this resource.", sent = "2019-07-14T14:30:11+00:00", transactionId = "xxxxxxxxxx")
How do I get past this problem? Is there an error in the way i code?
I ensured my token is working well by testing it using httr's POST method and it worked completely fine.
I also tested my token using normal search_tweets, and also worked fine.
cons_key = "xxx"
cons_sec = "xxx"
acc_tok = "xxx"
acc_sec = "xxx"
app = "abc"
token = rtweet::create_token(app,cons_key,cons_sec,acc_tok,acc_sec)
manutd = search_fullarchive("manchester united",n=500,
fromDate = "201812010000",toDate = "201902010000",
env_name = app,token = token)
I expected a tibble dataframe as usually Rtweet's returns. However this is what i received:
"Warning: list(message = "Forbidden: Authentication succeeded but account is not authorized to access this resource.", sent = "2019-07-14T14:30:11+00:00", transactionId = "xxxxxxxxxx")"
data frame with 0 columns and 0 rows
To help anyone who might have trouble with the same thing, i'll write down a bit of explanation. Firstly, if you have registered a premium account, go to
To create the token, you need the App Name.
token = rtweet::create_token(app_name,cons_key,cons_sec,acc_tok,acc_sec)
To do query, you need the environment name.
search_fullarchive(q, n = 100, fromDate = NULL, toDate = NULL, env_name = "dev_name", safedir = NULL, parse = TRUE, token = token)
Hope it helps beginners or anyone who might have the same troubles.
I already have a resource created (DynamoDB table) using this
resource "aws_dynamodb_table" "my_dynamo_table" {
name = "my_table"
hash_key = "Id"
}
Now, I would like to enable streams on this table, if I do this by updating the above resource like this
resource "aws_dynamodb_table" "my_dynamo_table" {
name = "my_table"
hash_key = "Id"
stream_enable = true
stream_view_type = "NEW_IMAGE"
}
Terraform plans to delete the table and re-create it. Is there any other way, I can just update the table to enable the stream?
I have created two app maker apps for different purposes. However, there are some data which is common between two apps.
How can I access/connect data between those app maker apps?
You will need to setup a Custom Google Cloud SQL instance. Then you can point both apps at the instance in Settings > Database > Switch to a Custom Cloud SQL Database
EDIT:
The other option is setting up a calculated reference to a model in another app.
Grant access to App2 in App1's Google Cloud SQL Instance Authorization Settings (see above link).
Create a Calculated model in App2.
In the Datasource query:
var conn = Jdbc.getCloudSqlConnection('jdbc:google:mysql://INSTANCE_CONNECTION_NAME/DATABASE_NAME', 'USERNAME', 'PASSWORD');
var stmt = conn.prepareStatement("SELECT * from TABLE_NAME");
var res = stmt.executeQuery();
var records = [];
while(res.next()) {
var record = app.models.MODEL_NAME.newRecord();
record.FIELD_1 = res.getString(1);
record.FIELD_2 = res.getString(2);
record.FIELD_3 = res.getString(3);
records.push(record);
}
res.close();
stmt.close();
conn.close();
return records;
Where is the user's password is store ?
I can not find in the keystone's user table:
But I can find in the keystone's password table:
does the password is map the user's password?
My question is :
Whether the password stores in the keystone's password table? and if is, how does the password maps the user's password?
and does the password's encrypted? I never see this type password.
I never see this type password. because I use the openstacksdk register a project and user, I can not login. I don't know why. So, I want to get some idea about it here.
My project's django code is bellow, use openstacksdk to register:
def register(request):
if request.method == 'GET':
return render(request, 'frontend/register.html')
elif request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
phone = request.POST.get('phone')
email = request.POST.get('email')
usertype = 1
app_user_params = {
"username":username,
"password":hashlib.sha1(password).hexdigest(), # sha1加密
"phone":phone,
"email":email,
"usertype":usertype
}
user_form = UserMF(app_user_params)
if user_form.is_valid():
obj_user = models.User.objects.filter(username=username)
obj_phone = models.User.objects.filter(phone=phone)
obj_email = models.User.objects.filter(email=email)
# 使用admin用户创建project和user
from openstack import connection
connection = connection.Connection(**settings.ADMIN_OPENRC)
admin_conn = OpenstackConn.OpenstackAdminConn()
admin_conn.admin_conn = connection
# 创建项目(先创建项目,再创建用户)
project_params = {
"description":username+"'s project",
"is_domain":False,
"enable":False, # I set True still has this issue.
"name":username, # 给的是用户名,也是唯一的
}
try:
new_project = admin_conn.admin_conn.identity.create_project(**project_params) # create_project
print (new_project, new_project.id, "new project created")
except Exception as e:
print (e.message)
return HttpResponse(json.dumps({'status_code':0,'info':e.message.encode('utf-8')}))
# 创建 openstack_cloud user
user_params = {
"default_project_id":new_project.id,
"email":email,
"enabled":False,
"name":username,
"password":password
}
try:
new_user = admin_conn.admin_conn.identity.create_user(**user_params)
print (new_user, new_user.id, "new user created")
except Exception as e:
admin_conn.admin_conn.identity.delete_project(new_project)
print (e.message)
return HttpResponse(json.dumps({'status_code': 0, 'info': e.message.encode('utf-8')}))
I don't know whether I write wrong, or password will encrypt.
EDIT-1
I print the new created user, and user.id:
(openstack.identity.v3.user.User(name=liaodalin15, links={u'self': u'http://controller:5000/v3/users/66c60156d0f24a118df54f19e2705aaf'}, enabled=False, domain_id=default, email=xxxxxxxxx#126.com, default_project_id=a829eda8c4de479d8ca5c3a4335c793a, password=liaodalin15, id=66c60156d0f24a118df54f19e2705aaf, password_expires_at=None), u'66c60156d0f24a118df54f19e2705aaf')
Seems the password did now encrypt. Does this should encrypt by ourself?
In the end, I figured out the issue:
Because use openstacksdk create user default is disabled, so I should eable it.
We have an existing user database with SHA1-encoded passwords. We upload them to the Google Federated Database (through the GitKitClient java lib), but then these uploaded users can't log in The verifyPassword always returns "Incorrect password" ! The call to the uploadUsers looks like gitkitClient.uploadUsers('SHA1', new byte[0], gitkitUsers)
(We must provide an empty byte array as second param (hash key), since we get NPEs if we provide a null value)
The method that creates the GitkitUsers that are in the list is as follows:
private GitkitUser createGitkitUserFromUser(User user) {
GitkitUser gitkitUser = new GitkitUser()
gitkitUser.email = user.email
gitkitUser.localId = getLocalId(user)
gitkitUser.name = user.displayName
gitkitUser.hash = user.password?.bytes
if (user.pictureFileName) {
gitkitUser.photoUrl = user.getPictureUrl()
}
return gitkitUser
}
We see no way to further investigate. Did someone successfully use it ?
Make sure that the hashKey you use in setPassword() is the same one used in uploadUsers().
I am using the php SDK so I can't share code for you, but when I did NOT use the same hashKey for both places, I had the same problem.