Im trying to make a Subscription on an Apache Pulsar (2.10.1) Topic using the Admin Rest API and I would like to create it as the Type: Key_Shared or Shared.
Making an subscription to an existing topic can be done like below. But it doesn't seem to get the correct subscriptionType. Is it, and how, possible to create an subscription on a pre-exsiting topic with an subscriptionType using Admin Rest API?
I've tried to send this request and would've expected the subscription to become Shared/Key_Shared but it becomes None.
curl -L -X PUT "http://localhost:8080/admin/v2/persistent/public/default/test-topic/subscription/shared-test-subscription"
-H "Content-Type: application/json"
-H "Authorization: Bearer token"
--data-raw "{
"batchIndex": 0,
"entryId": 0,
"excluded": true,
"ledgerId": 0,
"partitionIndex": 0,
"properties": {
"subscriptionType": "Key_Shared"
}
}"
The subscription type is determined when the first consumer connects. Pulsar will not persist the subscription type to the metadata store, so Pulsar doesn't have APIs to create a subscription with the subscription type (The created subscription is maintained in the metadata store).
And if the subsequent consumers are using different subscription types, they will fail when they subscribe to the topic. After all consumers disconnect, the subscription will change to "No subscription type" state, so the subscription gets a chance to switch to a different subscription type as before.
Related
Design
Goal
Get calendar events for a given user.
Requirements
Application should have access to the MS Graph API.
Application should act like a daemon/background process and not depend on user's login.
Application should have access to the minimal number of users' data in the Azure Active Directory (AAD).
Application should be able to fetch user's calendar events and create them.
Implementation / Setup
to fulfill (1) Azure (Enterprise) App was created as described here.
to enable (2) client credentials flow was used with the setup of application permissions
to meet (3) a security group - as described here - was created with a limited number of users with the related policy that included related permissions (see here). The group was later connected to the app following this instruction.
to implement (4) the Calendar.Read and Calendar.ReadWrite as required by the actions here and here were added to the policy mentioned in the previous setup step.
Testing
Two HTTP requests were used: one to get the token and another to read events.
token request from the Identity Platform
curl --location --request POST 'https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token' \
--data-raw 'client_id=<APPLICATION_TOKEN>&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=<APPLICATION_SECRET>&grant_type=client_credentials'
Upon inspection of the token here I see that it contains required permissions:
"roles": [
"Calendars.Read",
"Calendars.ReadWrite"
]
fetch request of the calendar events from Graph API
curl --location --request GET 'https://graph.microsoft.com/v1.0/users/<USER_ID>/calendar/events' \
--header 'Authorization: Bearer <TOKEN>'
results in the following error:
{
"error": {
"code": "ResourceNotFound",
"message": "User not found",
"innerError": {
"date": "2022-02-08T08:25:39",
"request-id": "bfaca1f9-e79b-491c-8d75-5a62317e299b",
"client-request-id": "bfaca1f9-e79b-491c-8d75-5a62317e299b"
}
}
}
The user id is from my account that I found in the Azure Active Directory details of the Azure Tenant. I double-checked that after adding other users.
Before-asking investigation
This issue looks closest to my case as it uses the client credentials auth flow. But it uses global permissions for all users in the AAD, while we use more fine-grained approach with a security group. It also shows a different error "Resource could not be discovered." versus "User not found" in my case.
In order to call /{user-id}/calendar/events to work the user must have mailbox on Exchange Online if you are using client credentials for Daemon applications.
Also, It seems assigning license to a guest account (Personal account in this case) is not possible and hence the user account never gets access to the calendar service (part of o365 exchange online) due to which it cannot retrieve the calendar information of personal account.
Please refer my answer similar to this in Q&A for detailed description.
Short Version
I was missing the application permissions and assumed that they are assigned on the level of security group. Only restriction happen on that level.
Long Version
The updated mental model looks like this:
It means that the application permissions for MS Graph API are required.
The security group is only restricting / limiting the access to the users mentioned in the policy.
I get "The Create Profile Operation under Speaker Verification API is not supported with the current subscription key and pricing tier CognitiveServices.S0."
Note it recognizes operation, API and my pricing tier (which marketing page says should work).
Trying to create a profile:
curl -X POST -H 'Content-Type: application/json' -H "Ocp-Apim-Subscription-Key: xxxxxxxxxxxxxxxxx" -d '{"locale":"en-us"}' https://westus.api.cognitive.microsoft.com/speaker/verification/v2.0/text-independent/profiles
Result body:
{"error":{"code":"401","message": "The Create Profile Operation under Speaker Verification API is not supported with the current subscription key and pricing tier CognitiveServices.S0."}}
Expected: something like this:
{
"profileId": "49a36324-fc4b-4387-aa06-090cfbf0064f",
"locale": "en-US",
"enrollmentStatus": "Enrolling",
"createdDateTime": "2015-04-23T18:25:43.41Z",
"lastUpdatedDateTime": "2015-04-23T18:25:43.41Z",
"enrollmentsCount": 0,
"enrollmentsLength": 0,
"enrollmentsSpeechLength": 0,
"remainingEnrollmentsSpeechLength": 20,
"modelVersion": "2019-12-05"
}
According to MS Support, to make it work I need to use a key from Speech Service.
So, create a Speech Service and use its key with the Cognitive Service URL above. It works.
Hello i am trying to fetch devices present/registered at IOTHUB via RESTAPI. But i am confused how to fetch all devices.
I have read the documentation here : IoT Hub Service - Get Devices
But When i send a request i am getting an error
"Message": "ErrorCode:IotHubUnauthorizedAccess;Unauthorized",
"ExceptionMessage": "Tracking ID:a795ee1f7ae04adfa600333e45e9aa09-G:5-TimeStamp:06/29/2020 14:32:56"
Is there any auth token to provide in order to get devices?
So for a quick start on this we can use Postman with Azure IoT Hub Query language..+ SAS token for authorization.
Step 1: Generate the SAS token as said by Matthijs, Also we can quickly make use of Device Explorer tool Or Use this link to find the SetupDeviceExplorer.msi. Copy the generated SAS token fully.
Step 2: Construct the Query body.
the POST query looks like this sample. See Registry Manager - Query Iot Hub
POST
https://IOTHUB.azure-devices.net/devices/query?api-version=2020-03-13
{
"query": "SELECT deviceId FROM devices"
}
Step 3: Authorization use SAS token, and send the request to test it out.
A similar thread answered by RomanKiss can be read from Get all devices from IoT Azure Hub.
Please let us know if you know further help!
You can call the rest API using the Shared Access Signature. To get a valid token, you can use the Azure CLI like so:
az iot hub generate-sas-token -n <IoT hub name> --policy registryRead
This will produce an output like:
{
"sas": "SharedAccessSignature sr=iothubname.azure-devices.net&sig=kPszxZZZZZZZZZZZZZZZZZAhLTILsVpT0tp5sRSWiDZ0%3D&se=1593446477&skn=registryRead"
}
Then you need to use the value of "sas" as your Authorization header when you do your GET request. Curl example:
curl --location --request GET 'https://iothubname.azure-devices.net/devices?api-version=2019-07-01-preview' \
--header 'Authorization: SharedAccessSignature sr=iothubname.azure-devices.net&sig=kPszxZZZZZZZZZZZZZZZZZAhLTILsVpT0tp5sRSWiDZ0%3D&se=1593446477&skn=registryRead'
I'm trying to subscribe an application to a Sharepoint list. The notifications will be sent to the app via webhooks. To do this, you have to make an HTTP POST request to:
https://{your-account}.sharepoint.com/_api/web/lists('{list-guid}')/subscriptions
Body:
{
"resource": "{{ URL of the resource Id }}",
"notificationUrl" : "{{ URL of the endpoint that will process the webhooks }}",
"expirationDateTime" : "2017-09-27T00:00:00+00"
}
The call requires an access token. I obtained the token with curl this way:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "client_id={{ Id of the application registered on Azure Active Directory }}&client_secret={{ Key added on Azure for the app }}&grant_type=client_credentials&resource=https%3A%2F%2F{{ My account }}.sharepoint.com" "https://login.microsoftonline.com/{{ Azure account tenant id}}/oauth2/token"
This returns a token that is included as a header in the POST request. Unfortunately, this request failed with error code 401. Body:
{
"error_description" : "The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs."
}
I think the problem is not the token, we tried too many times before it stopped throwing errors related to invalid token data.
Is there a way to debug this error? Any suggestions?
Finally, the problem was the access token, and we were able to get a correct access token. There are two ways to do it, and these methods work for single-tenant application.
Method 1: Two steps without sending the Azure credentials (only app credentials)
Step 1: Request a verification code.
Access this URL. It will redirect you to the redirect_uri passed in the query string, and the query string of the redirect will include a code that will be used to request the token.
https://login.microsoftonline.com/{{ Tenant id }}/oauth2/authorize?client_id={{ Application id }}&response_type=code&redirect_uri={{ URI of the application }}&response_mode=query&resource={{ Resource that you want to access}}&state=12345
Resource example: https%3A%2F%2Fyouraccount.sharepoint.com
Step 2: Request a token
curl -X POST -H "content-type: application/x-www-form-urlencoded" -d "grant_type=authorization_code&client_id={{ Application code }}&code={{ The code received in the last request }}&redirect_uri={{ Same redirect URI }}&resource={{ Same resource}}&client_secret={{ Application key }}" https://login.microsoftonline.com/{{ Tenant id }}/oauth2/token
Method 2: One step, sending the Azure credentials
curl -i -X POST -d "grant_type=password&resource={{ Resource id }}&client_id={{ App id }}&username={{ Azure username }}&password={{ Azure password }}" "https://login.windows.net/{{ Tenant id }}/oauth2/token"
I am trying to collect an application fee using the Stripe API. I am sure I am missing something in the request.
Stripe complaints that it needs either of these: OAuth key, the Stripe-Account header, or the destination parameter.
I am passing in the Stripe-Account header.
Here is my curl request:
curl https://api.stripe.com/v1/charges \
-u sk_test_<key>: \
-H "Stripe-Account: acct_<key>" \
-d amount=2000 -d currency=usd -d capture=true \
-d card=tok_<key> -d description="curl" -d application_fee=48
Here is the response I get:
{
"error": {
"type": "invalid_request_error",
"message": "Can only apply an application_fee when the request is made on behalf of another account (using an OAuth key, the Stripe-Account header, or the destination parameter).",
"param": "application_fee"
}
}
What can I try next?
To add my experience of this issue to the comments above – when you include an application fee in the request, Stripe expects that you will be charging a customer on behalf of a connected account. The application fee is the amount that should go to your platform account, as your fee for the service you provide.
Stripe throws this error if it believes that the account being paid is the platform account, and therefore it makes no sense to process a separate application fee to the same account. Ways this can happen include passing in your platform account number instead of a connected account number in the request, or a destination parameter that is set to null.
The solution is to double check the account you are making payment to is not your platform account, or not include the application fee if the charge is going to your platform. I would add a link to the relevant part of the documentation, but I'm not aware of this being covered anywhere.
This happened to me when I accidentally had a nil value for the recipient's stripe account number.
The solution was to make sure destination was a valid stripe account code: e.g. "acct_1HtSHv7fgYVxT5fZ"
Stripe.api_key = 'sk_test_4eC39kjhkhgkhlhj1zdp7dc'
payment_intent = Stripe::PaymentIntent.create({
payment_method_types: ['card'],
amount: #amount_minor_unit,
currency: #currency,
application_fee_amount: 123,
transfer_data: {
destination: #stripe_account,
},
})
Stripe::InvalidRequestError (Can only apply an application_fee_amount when the
PaymentIntent is attempting a direct payment (using an OAuth key or Stripe-Account header)
or destination payment (using `transfer_data[destination]`).)
Once I had the correct value for #stripe_account (instead of nil), the above code worked