Create Nexus User Through REST API - nexus

I am working with Nexus OSS 2.11.x and would like to create new users through the REST API. The following command correctly retrieves the list of all users, thus confirming that I am able to call the API:
curl -u $NEXUS_USER:$NEXUS_PASS $NEXUS_LOCAL/service/local/users
Based on the API documentation, I've constructed a JSON user object:
export USER='{"data":{"email":"testing#example.com","firstName":"Test","lastName":"Ing","userId":"testing","status": "active","roles":["repository-any-read"],"password": "test123$"}}'
And then I submit a POST request:
curl -i -H "Accept: application/json" -H "ContentType: application/json; charset=UTF-8" -v -d "$USER" -u $NEXUS_USER:$NEXUS_PASS $NEXUS_LOCAL/service/local/users
The response comes back with HTTP 201 (created) - but GET /service/local/users only gives me back the original user list. The user is not in the list provided from the UI, and the log (available in the UI) does not even indicate that any activity took place. The $NEXUS_USER account is in the "Nexus Administrator" role.
Does anyone have a suggestion for what I'm overlooking here?

I used the above code and had the same problem:
HTTP/1.1 201 Created
and nothing happened.
After some debuging I noticed a simple typo above which was a problem.
Instead:
-H "ContentType: application/json; charset=UTF-8"
should be:
-H "Content-Type: application/json; charset=UTF-8"
(notice the dash in Content-Type) and it started working.

The code above is correct and executes just fine today. The server was rebooted overnight and somehow that fixed things.
To further clarify the environment variables
NEXUS_LOCAL is your nexus server. If you install on localhost with the default settings, then export NEXUS_LOCAL=http://localhost:8081/nexus (Bash) or SET NEXUS_LOCAL=http://localhost:8081/nexus (Windows).
NEXUS_USER and NEXUS_PASS are plaintext for an account with in the Administrator role, or presumably UI Administrator (have no tested the latter).

Related

Problems with redirecting to signed cloud storage URL (cURL?)

I am creating a Firebase HTTP function that uploads a file to Cloud Storage, creates a signed URL to the file, and then redirects the client to that URL. Using Postman with automatic redirect following turned on, the file is retrieved correctly. However, if I try to turn on redirects while using cURL (curl -L -H "Content-Type: application/json" "https://us-central1-example.cloudfunctions.net/exampleFunction" -d '{"example": true}'), the following error is returned by Cloud Storage:
<?xml version='1.0' encoding='UTF-8'?>
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.</Message>
<StringToSign>GET
application/json
1602245678
/example.appspot.com/exampleBucket/exampleFile.txt</StringToSign>
</Error>
If I make the request with form encoded data instead, it works in cURL as well: curl -L "https://us-central1-example.cloudfunctions.net/exampleFunction" -d "example=true"
If I try to manually make a GET request to the URL in Postman, I get an equivalent error:
<?xml version='1.0' encoding='UTF-8'?>
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.</Message>
<StringToSign>GET
1602246219
/www.google.com/example.appspot.com/exampleBucket/exampleFile.txt</StringToSign>
</Error>
If I paste the URL into a browser or use cURL to download the signed URL, the file is also downloaded correctly.
I am using the following function to get the signed url:
async getSignedUrl(file: File, expireAt: number): Promise<string> {
const [url] = await file
.getSignedUrl({
action: "read",
expires: expireAt
});
return url
}
which returns a signed URL in the following format:
https://storage.googleapis.com/example.appspot.com/exampleBucket/exampleFile.txt?GoogleAccessId=[Access ID]&Expires=1602246219&Signature=[Signature] (I've noted that the value of "Expires" is the same value returned in the tag).
My suspicion is that Postman and cURL adds something to the request which results in a different signature, but I am not sure exactly what is going on.
What is happening when letting cURL follow the redirect or when creating a GET request in Postman, that leads to this difference in signature?
If I understood correctly, the issue arises in two scenarios
When hitting your CF through curl with
curl -L -H "Content-Type: application/json" "https://us-central1-example.cloudfunctions.net/exampleFunction" -d '{"example": true}')
According to the example in github in the docs Signed URL v4, 'Content-Type: application/octet-stream' should be used:
curl -X PUT -H 'Content-Type: application/octet-stream' --upload-file my-file '${url}'
I tried with the following with successfully result:
curl -X PUT -H 'Content-Type: application/octet-stream' -d '{"example": true}' 'https://storage.googleapis.com/...'
If I try with the content-type you shared with failed results.
2.
If I try to manually make a GET request to the URL in Postman, I get an equivalent error:
I tried a simple GET in postman using a Signed URL and it worked just fine
Command used in gsutil to get the signed URL:
gsutil signurl -d 10m key.json gs://BUCKET/aa.png
Then I tried a GET on postman and worked just fine.
I also tried with a Signed URL to upload a File in Postman and worked just fine.
My thoughts are that, according to Common MIME types
application/octet-stream is the default value for all other cases (not textual files).
When you set the content type as application/json you specify a JSON format, but not an object or file. That's why it works with the following, since you are not specifying the header content-type, the default is taken application/octet-stream
curl -L "https://us-central1-example.cloudfunctions.net/exampleFunction" -d "example=true"
Joss Barons answer helped me in the right direction, but it is not true that the Content-Type has to be application/octet-stream. That is only used for creating a signed url that can be used for uploading a file. In my case, when creating the signed url using the Cloud Storage SDK for node, I didn't specify a Content-Type, so when sending a GET request to the signed url, it must not contain a Content-Type header.

How to update the properties of an item in the artifactory using REST API

I'm trying to update the property of an artifact(In my case sample text file)
I tried the API https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-UpdateItemProperties
this is what I tried:
curl -X PATCH -uadmin:password -H '"props":{"ccs_x1_version":
"7.7.7.7"}'
"http://XXXXXXXXX:8081/artifactory/maven-dev-local/com/test/sbom/2.0.0-SNAPSHOT/sbom-2.0.0-20180704.094719-1.txt"
but was not successful, as command returns nothing, can someone help me in figuring out the right usage.
Looks like you're missing the API endpoint for using the UpdateItemProperties. You're also sending the data as malformed JSON as a header rather than data.
You need to add the endpoint: /api/metadata/ and reformat your data to a proper JSON.
{
"props" : {
"ccs_x1_version": "7.7.7.7"
}
}
According the the link provided:
Since: 6.1.0
Security: Requires a privileged user (Annotate authorisation required)
Usage: PATCH /api/metadata/{repoKey}/{itemPath}?[&recursive=1]
Produces: application/json
Sample Usage:
PATCH /api/metadata/libs-release-local/org/acme?[recursive=1]
{
"props":{
"newKey": "newValue",
"existingKey": "modifiedValue",
"toBeRemovedKey": null
}
}
If you update your request to curl -X PATCH -uadmin:password -d '{"props":{"ccs_x1_version": "7.7.7.7"}}' "http://XXXXXXXXX:8081/artifactory/api/metadata/maven-dev-local/com/test/sbom/2.0.0-SNAPSHOT/sbom-2.0.0-20180704.094719-1.txt"
This is also a new rest endpoint which is only available with the latest version of artifactory 6.1.0. If you're running an older version you're going to have to use the previous endpoint (Set Item Properties) in the official JFrog Documentation.
This is formatted curl -X PUT -uadmin:password "http://XXXXXXXXX:8081/artifactory/api/storage/maven-dev-local/com/test/sbom/2.0.0-SNAPSHOT/sbom-2.0.0-20180704.094719-1.txt?properties=ccs_x1_version=7.7.7.7"

Artifactory access token works via Bearer, not user

Artifactory OSS
5.4.6 rev 50406900
Trying to get access token to work.
I created token...
e.g. curl -uadmin:adminpw -X POST "myserver:8081/artifactory/api/security/token" -d "username=moehoward"
Returned msg looks like success...
{
"scope" : "member-of-groups:readers api:*",
"access_token" : <very-long-string>
"expires_in" : 3600,
"token_type" : "Bearer"
}
I can see it in the gui (admin -> Security -> Access Tokens) with "Subject" = to the user ("moehoward" in the example above) and with a "Token ID" that's a lot shorter, something like...
f2eb693a-d4ff-4618-ba52-764dc975c497
To test, I tried to ping using example in the docs...
curl -umoehoward:<very-long-string> myserver:8081/artifactory/api/system/ping
Fails with a 401 (bad credentials).
I replace the token with the "token id" I see in the gui, same result.
I replace again with the hardcoded pw of the "moehoward" user and that works (responds with "OK").
I tried the "-H"Authentication: Bearer " approach using the long string and that worked. So I guess the very long string is the token and not the "Token ID" in the gui.
Q: Any idea why this works for Bearer" and not the user by name ?
So you are right that this is supposed to work for both standard authentication and the Authentication HTTP header.
I did the test on a server with the same version Artifactory OSS 5.4.6 and the following works fine here
Inject the proper variables
export SERVER=server-artifactory
export APIKEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Create and use an access token for user moehoward
curl -u "admin:$APIKEY" -X POST "http://$SERVER/artifactory/api/security/token" -d "username=moehoward" -d "scope=member-of-groups:readers" > token.log
export TOKEN=`cat token.log | jq -r '.access_token'`
curl -u "moehoward:$TOKEN" "http://$SERVER/artifactory/api/system/ping"
curl -H "Authorization: Bearer $TOKEN" "http://$SERVER/artifactory/api/system/ping"
I get "OK" from the last two commands. Can you run exactly these commands and report back?
I have personally experienced the same problem (Bearer header working, standard user credentials not working) with an old version of curl. The obvious workaround is to use Bearer, the more complex workaround is to upgrade curl (or use another tool).
What is the version of curl you use? Any curl from 2015 or more recent should work fine.

How to use openstack API v3 to list accessible volumes

I am learning OpenStack now and I want to list all accessible volumes on my OpenStack controller by HTTP get request with x_auth_token:
http://{OpenStack controller IP}:8776/v3/{project_id}/volumes
(Reference URL: https://developer.openstack.org/api-ref/block-storage/v3/index.html?expanded=#list-accessible-volumes)
But, the request body always as below:
{
"badRequest":{
"message": "Malformed request url",
"code": 400
}
}
I have try many times but they all didn't work.
So, I want to know, what the request url should be here?
Thanks in advance.....
One of the possible reasons is that your project_id is incorrect or doesn't match your credential, take a look at this link. In order to solve this problem you can:
1. Try openstack command with debug option.
openstack --debug volume list
#or
cinder --debug list
you could get the request and response details:
REQ: curl -g -i -X GET http://ip:port/v3/{project_id}/volumes/detail -H "User-Agent: python-cinderclient" -H "Accept: application/json" -H "X-Auth-Token: {token_value}"
Make sure you have input every required headers(context-type/x-auth-token/...).
Try to ask for help in irc channel #openstack-cinder

Microsoft cognitive API token doesn't work

I'm trying to use the Microsoft cognitive API for text analysis using the recommended curl method from their documentation:
curl -v -X POST "https://westus.api.cognitive.microsoft.com/text/analytics/v2.0/sentiment" -H "Content-Type: application/jscp-Apim-Subscription-Key: {bc94cba9b84748ebb2f2b79a28ee3450}" --data-ascii "{I had a wonderful experience! The rooms were wonderful and the staff were helpful.}"
But I get back:
{ "statusCode": 401, "message": "Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription." }
I also tried removing the {} surrounding token and text to be analyzed. What am I doing wrong here?
Note: yes I realize the security issue with showing key but I have re-generated thanks.
There are three issues with your request:
Content-Type header should be application/json. This is likely a copy-paste error.
Ocp-Apim-Subscription-Key header value must be the API without the curly braces. This is the cause for your 401 error.
The body must be JSON of a particular format. You can find the schema here.
Here's the rewritten request:
curl -v "https://westus.api.cognitive.microsoft.com/text/analytics/v2.0/sentiment" -H "Content-Type: application/json" -H "Ocp-Apim-Subscription-Key: $OXFORD_TEXT_KEY" --data-ascii '{"documents":[{"language":"en","id":"1234","text":"I had a wonderful experience! The rooms were wonderful and the staff were helpful."}]}'
Which should result in:
{"documents":[{"score":0.9750894,"id":"1234"}],"errors":[]}

Resources