I have setup my riak-cs storage. Everything is working well. I have also use erlcloud in creating and retrieving objects stored in riak-cs. However, I also want my riak objects to be accessible from the browser. I have tried bucket-name.localhost:8080/key and localhost:8080/bucket-name/key but no luck. Both returns
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<Resource>bucket-name/key</Resource>
<RequestId/>
</Error>
The bucket do has public access control level so that it can be access without
authentication. Something is wrong.
Can someone help me how to archive this?
I solved it by setting the public access control level of the object to public_read in erlcloud when storing it. At first I thought, all objects has the same acl level of their bucket.
erlcloud_s3:put_object(Bucket, Key, Data, [{acl, public_read}], Headers, Config)
Related
https://graph.microsoft.com/v1.0/users/userID/
And I get the correct response
https://graph.microsoft.com/v1.0/usersuserid/photo/$value/
And I get user resource can't be discovered
I have added Directory.Read.All, Group.Read.All, User.Read, User.ReadBasic.All permissions to the application.
Am I missing something? thx
I'm trying to set up a cloudfront for my s3 bucket that will only allow users to read or write with the signed URLs.(read the file, upload, and download)
The S3 doesn't have public read/write permissions.
CloudFront is:
Http and HTTPS.
It has Trusted Signer as self.
It has Restricted View access.
It has a origin domain name as origin-domain-name/public.
Lastly, it has a origin access identity as origin-access-identity/cloudfront/XXXXXXX.
I have my cloudfront pem file and aws private key id.
My c# code to generate signed url is:
StreamReader sr = new StreamReader("../../keys/CloudFront-PrivateKey.pem");
var url = AmazonCloudFrontUrlSigner.GetCannedSignedURL(
AmazonCloudFrontUrlSigner.Protocol.http,
"http://xxxxxxxxxx.cloudfront.net",
sr,
"public/AddinJudgeIssue.png",
"<AWS Private Key ID>",
DateTime.Now.AddDays(2));
Each time when I execute the code, it generates the URL. However, when I copy and paste it to URL, it says "access denied".
First of all, does anyone have any idea about why this happening?
Secondly, this works somehow, can I use this same technique to upload assets to the bucket?
Thank you and apologize for my ignorance. I digged the aws whitepapers, but failed to find a straightforward guidance.
A look at the documentation suggests two problems:
"http://xxxxxxxxxx.cloudfront.net" should not include http:// because the field is distributionDomain and expects the domain name, not the base URL.
"public/AddinJudgeIssue.png" should have a leading / because this field is resourcePath. Paths begin with a / even though object keys don't.
After doing some experiment, I got it working. Although I used root credentials and pem keys to generate the signed URL, I still had to give public read/write access to my S3 bucket. That was the reason why I was getting access denied error. On Cloudfront setup, "restrict bucket access" option gives restriction to my bucket anyway.
How can I remotely trigger a Jenkins job with the help of an R code?
When I post this URL in my browser it works-
https://JENKINSURL/job/PROJECT/buildWithParameters?token=TOKEN&day=20171001
Not sure how to replicate this with my R code. I used the POST function in HTTR call but I always get an HTTP 403 error.
res <- POST("https://JENKINSURL/job/PROJECT/buildWithParameters?token=TOKEN&day=20171001",verbose())
Authentication required
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
...
Any thoughts on what I may be doing wrong?
You aren't specifying a user ID in your request, so it is going to be using the anonymous user. Your anonymous user has to have read access to the job (or job->read in global perms) you are trying to trigger, or it won't be authorized to access the job/PROJECT uri to trigger the build.
So you have to either specify a user ID with the proper read access in the url, give the anonymous user read access, use project-based matrix auth, or you can use the Build Token Root plugin to provide a different URL that doesn't require read access to the job. Then you only need the token.
I can get notes(real contents, not just metadata) from the evernote API. However, calling notestore->update() always gives me a EDAMUserException.
My php code is below, the arguments are self-explanatory:
//add text to note
//if append=true then the text will be appended to the end, else it will be appended to the start
public function addToNote($new_content, $access_token, $note_store, $note_guid, $append = true){
$note = $note_store->getNote($access_token, $note_guid, true, false, false, false);
$note->content +="<en-note>Note updated</en-note>";
$note_store->updateNote($access_token, $note);
}
I've already did a lot of searching before I asked here, and here are the things I know:
According to: https://dev.evernote.com/doc/articles/permissions.php it says that there are two types of api keys, one is the basic access and one is for full access, I have full access, this is proved by no exception was thrown during $note_store->getNote() call, and I did output the data from that call, I can actually get the contents of the note.
In the same page as 1: "Certain API functions are only available to official Evernote applications and services. These functions are described as such in the API Reference and will throw an EDAMUserException with the error code PERMISSION_DENIED if called by a third-party application." I read the API documentation here: https://dev.evernote.com/doc/reference/NoteStore.html#Fn_NoteStore_updateNote
It does not mention that it is blocked by default.
I think I figured out what was wrong. Evernote actually has its own DTD document format, if the "content" section of the note is not a valid document, then the request is denied. In my case it was not denied because my API key's access level, but because the "content" I gave was not a proper evernote format.
if I set:
$note->content='<!DOCTYPE en-note SYSTEM "http://xml.evernote.com/pub/enml2.dtd"><en-note><div>testing complete!!!</div></en-note>';
Then the note will be successfully updated.
However, for other users that are getting this exception and using the right format, it is most likely:
1.your api key does not have full access, choose the full access option while you request an api key.
2.usually you would start testing on the "sandboxed"(https://sandbox.evernote.com) version of their site, you need to register another account on the sandboxed site(you real evernote account doesn't carry over) and test with that account. If you do not do this, your account will not exist on the sandboxed account and anything you do will not work.
I have been reading about creating an API which can be used to upload objects directly to S3. I have followed the guides from Amazon with little success.
I am currently getting the following error:
{"message":"Missing Authentication Token"}
My API call configuration:
The role ARN assigned is not in the image, but has been set up and assigned.
The "Missing Authentication Token" error can be interpreted as either
Enabling AWS_IAM authentication for your method and making a request to it without signing it with SigV4, or
Hitting a non-existent path in your API.
For 1, if you use the generated SDK the signing is done for you.
For 2, if you're making raw http requests make sure you're making requests to /<stage>/s3/{key}
BTW, the path override for s3 puts needs to be {bucket}/{key}, not just {key}. You may need to create a two-level hierarchy with bucket as the parent, or just hardcode the bucket name in the path override if it will always be the same. See: http://docs.aws.amazon.com/apigateway/latest/developerguide/integrating-api-with-aws-services-s3.html